Browse Prior Art Database

Method, System, and Apparatus for protecting confidential information from being posted in a public forum / network

IP.com Disclosure Number: IPCOM000249133D
Publication Date: 2017-Feb-08
Document File: 2 page(s) / 34K

Publishing Venue

The IP.com Prior Art Database

Abstract

With the evolution of social media, the nature of communication between the brands and the customers has changed a lot. Brands now a days are serving the customers by taking their requests via social networks like Facebook and Twitter. One such example would be in the banking industry where-in banks provide an array of services by accepting requests over social channels. Examples of such services would be change of address of communication, change in contact number, etc. At times, users end-up in offering sensitive information over social channels in anticipation of a faster service, making his account vulnerable to hackers.

There exists an extreme need to control the sharing of sensitive and critical information by a user in public domain like social networks. One such solution can be to educate the user about the risk by various means. However, education of the user is not a sure-shot way to avoid the scenario. Another way could be to alert the user by using various means once the user is on his/her way to share such critical information. However, again such method may not be handy since a naive user may by-pass any such attempt and still share the sensitive information in public domain.

Proposed is a mechanism whereby users (especially naive users) could share sensitive information at a public forum (FB, Twitter etc.) without the sensitive information being compromised. This paper aims at providing a mechanism of using QR Codes in place of sensitive information whenever they are posted on public forums. These QR Codes can be deciphered ONLY by authorized personnel, be it in the bank OR the customer OR any other government body that is authorized to decrypt the information.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 40% of the total text.

1

Method, System, and Apparatus for protecting confidential information from being posted in a public forum / network

With the evolution of social media, the nature of communication between the brands and the customers has changed a lot. Brands now a days are serving the customers by taking their requests via social networks like Facebook and Twitter. One such example would be in the banking industry where-in banks provide an array of services by accepting requests over social channels. Examples of such services would be change of address of communication, change in contact number, etc. At times, users end-up in offering sensitive information over social channels in anticipation of a faster service, making his account vulnerable to hackers.

There exists an extreme need to control the sharing of sensitive and critical information by a user in public domain like social networks. One such solution can be to educate the user about the risk by various means. However, education of the user is not a sure-shot way to avoid the scenario. Another way could be to alert the user by using various means once the user is on his/her way to share such critical information. However, again such method may not be handy since a naive user may by-pass any such attempt and still share the sensitive information in public domain.

Proposed is a mechanism whereby users (especially naive users) could share sensitive information at a public forum (FB, Twitter etc.) without the sensitive information being compromised.

The paper provides a mechanism of using QR Codes in place of sensitive information whenever they are posted on public forums. These QR Codes can be deciphered ONLY by authorized personnel, be it in the bank OR the customer OR any other government body that is authorized to decrypt the information.

Below is the detailed algorithm explained in the paper - When a new user is registered with a bank (bank is just an example. It can be any domain hosting 1. sensitive information), any attributes / property that is classified as sensitive will be stored as a hash into the user's profile on the server. There are different ways of classifying a specific attribute as sensitive / normal. There can be a manual configuration around a fixed set of attributes being marked sensitive. Alternatively, the following approach could be adopted to isolate the sensitive attributes:

Assign weights (W1, W2, ... Wn) to different parameters (P1, P2, ..Pn) of the form fields pertaining  to a user. Here are some parameters that can be used to determine the sensitivity of the field:

P1 - Identification of sensitive in the domain specific schema:1. There are generic schema files available that are domain specific. For e.g. a  Banking Domain would have a specific schema file in which it calls out what are the sensitive vs. non-sensitive attributes. Likewise, there are other domains that would have standard Schemas Published, for e.g. LDAP v3 compliant schema. A given application typicall...