|

JPMorgan’s Toxicity Purge

The bank’s latest cybersecurity tech looks to minimize toxic data.

Sign up to uncover the latest in emerging technology.

JPMorgan Chase is not a fan of Brittany Spears, apparently.

The financial institution is seeking to patent a system to automate detection, elimination and prevention of “toxic combinations for personal information data” — essentially two or more pieces of personal information that, when paired together, become highly confidential, such as a name and an account number. 

“When certain types of PI [personal information] are combined, the classification of that information may increase, even though the individual parts of the combination may be public by themselves,” the company noted in its filing. 

While this patent is fairly broad, JPMorgan describes a scanning tool that uses one or more “rulesets” configured to identify toxic combinations of personal information in a database or computer code, continuously scanning to flag anything that could be dangerous. If the system flags anything, it notifies the user who performed the scan via an email or other notification, and presents the results of the scan through a user interface. 

Because different personal information has different levels of risk (for example, personal information may be classified as “public, internal, confidential, and highly confidential), the user also gets a “degree of confidentiality” of the toxic combinations in the dataset. 

The company noted that this tool can perform scans on code or databases in both “development and deployment phases” of an application. The rulesets of this scanner are also continuously updated with the latest organizational or legal policies regarding different types of personal information, as “many applications and programs do not follow organization guidance on toxic combinations and unknowingly expose PI to the public through these toxic combinations.”  

Photo via the U.S. Patent and Trademark Office.

As a company that processes millions of transactions an hour and deals with millions of pieces of personal data, adding any new layer of cybersecurity isn’t a bad thing. Plus, if patented, JPMorgan could easily license this tech out to other financial institutions, adding financial cybersecurity to its software toolkit. 

The issue of “toxic twins” is a prevalent one in the data security tech field. The fact that a financial institution like JPMorgan is working on tackling this issue is itself a benefit, said Ari Weil, VP of marketing at data security firm Cyera.

“If (JPMorgan) can get the technology and approach right, It’s going to help them and probably other banks that they would license the software to become a lot more private and a lot more secure overall,” Weil said.

But the problem is that the technology JPMorgan lays out is, frankly, quite vague. One hitch: There are a lot of potential toxic combinations to identify. A ruleset-based scanner, as this patent suggests, tends to look for individual pieces of personal information. “Trying to figure out combinations requires a lot more logic, and also a lot more combinations,” said Weil. 

Because of this, a method that relies on simple rules and pattern matching may lead to a host of different problems, including user-end latency and false positives and negatives.

“People scrunch up their faces at AI and machine learning, but the fact of the matter is … a human defining all the rules is just not going to get all the combinations,” Weil said. 

The patent itself doesn’t go too in depth about how exactly JPMorgan’s scanner will work, said Weil. But if the company decides to implement AI that can rapidly identify toxic pairs, the scanner may have a chance of working correctly.

“The pro [case] is that something like this is really needed,” said Weil. “The way that they choose to implement it is to-be-determined. The question with a patent like this is ultimately going to be where does this evolve to?’” 

Have any comments, tips or suggestions? Drop us a line! Email at admin@patentdrop.xyz or shoot us a DM on Twitter @patentdrop. If you want to get Patent Drop in your inbox, click here to subscribe.