Security system monitoring techniques by mapping received security score with newly identified security score

US 10,341,369 B2
Filed: 03/29/2016
Issued: 07/02/2019
Est. Priority Date: 03/29/2016
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

receiving, by executable instructions that execute on a hardware processor of a server from a non-transitory computer-readable storage medium over a network, a security score along with an alert rate for the security score, wherein receiving further includes identifying a particular security rule that relies on the security score and identifying an original scoring mechanism relied on by the particular security rule, wherein the alert rate is calculated as a total number of particular alerts generated for the particular security rule divided by a total number of transactions occurring over the network;

identifying, by the executable instructions, a new security score by matching the alert rate with the new security score;

mapping, by the executable instructions, the security score to the new security score in the original scoring mechanism;

triggering, by the executable instructions, over the network, a processing of an automated security action in response to the new security score;

processing, a transaction rule directed to a financial transaction with transaction information for the financial transaction and the new security rule as the automated security action; and

declining the financial transaction when the transaction rule evaluates to true.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Security rules of a security system include original security scores as conditions for raising alerts. The original security scores are dependent on the underlying scoring mechanism of the security system. When the scoring mechanism is updated to produce new security scores, the security rules are updated ensuring that the alert rates associated with the original security scores match the alert rates associated with the new security scores, which replace the original security scores in the security rules.

21 Citations

20 Claims

1. A method, comprising:
- receiving, by executable instructions that execute on a hardware processor of a server from a non-transitory computer-readable storage medium over a network, a security score along with an alert rate for the security score, wherein receiving further includes identifying a particular security rule that relies on the security score and identifying an original scoring mechanism relied on by the particular security rule, wherein the alert rate is calculated as a total number of particular alerts generated for the particular security rule divided by a total number of transactions occurring over the network;
  
  identifying, by the executable instructions, a new security score by matching the alert rate with the new security score;
  
  mapping, by the executable instructions, the security score to the new security score in the original scoring mechanism;
  
  triggering, by the executable instructions, over the network, a processing of an automated security action in response to the new security score;
  
  processing, a transaction rule directed to a financial transaction with transaction information for the financial transaction and the new security rule as the automated security action; and
  
  declining the financial transaction when the transaction rule evaluates to true.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein receiving further includes receiving the security score from the particular security rule that is being evaluated in a security system over the network, wherein the security score produced by the original scoring mechanism.
  - 3. The method of claim 1, wherein identifying further includes obtaining the new security score by searching a mapping table having the alert rate and other alert rates produced by an updated scoring mechanism that is replacing the original scoring mechanism, wherein an original scoring mechanism produced the security score.
  - 4. The method of claim 1, wherein mapping further includes updating an original security rule that utilizes the security score as a condition within the original security rule with the new security score.
  - 5. The method of claim 1 further comprising, maintaining, by the executable instructions, an original score mapping table that includes entries for the security score and other security scores produced by the original scoring mechanism of a security system, each entry includes a unique security score and particular alert rate combination.
  - 6. The method of claim 5 further comprising, maintaining, by the executable instructions, a new score mapping table that includes new entries for the new security score and other new security scores produced by an updated version of the original scoring mechanism, each new entry includes a unique new security score and a particular alert rate combination.
  - 7. The method of claim 6 further comprising, creating, by the executable instructions, a mapping transition table that includes mapping entries, each mapping entry including:
    - a unique security score, a unique new security score, and a particular alert rate.
  - 8. The method of claim 7 further comprising, processing, in real time within a context of a security system, by the executable instructions, the original score mapping table, the new score mapping table, and the mapping transition table to update security rules of the security system by replacing the security scores identified in the security rules with the new security scores.
  - 9. The method of claim 8, further comprising, logging, by the executable instructions, the original score mapping table, the new score mapping table, and the mapping transition table when each of the security rules have been successfully updated within the security system.

10. A method, comprising:
- maintaining, by executable instructions that execute on a hardware processor from a non-transitory computer-readable medium over a network, an original mapping between original security scores and alert rates produced by an original scoring mechanism of a risk management system, wherein each alert rate calculated as a total number of particular alerts generated for a particular security rule divided by a total number of transactions occurring over the network, wherein the particular security rule relies on a particular original score and the original scoring mechanism;
  
  creating, by the executable instructions, a new mapping between new security scores and the alert rates produced by a new scoring mechanism that is to update the original scoring mechanism within the risk management system;
  
  updating, by the executable instructions, security rules that include the original security scores with the new security scores and maintaining for each security rule update a proper alert rate that corresponds to both that security rule'"'"'s original security score and a replacement new security score for that security rule by utilizing the original mapping and the new mapping;
  
  automatically triggering, by the executable instructions, over the network, a processing of a security action in response to evaluation of the updated security rules having the new security scores;
  
  processing, a transaction rule directed to a financial transaction with transaction information for the financial transaction and a particular one of the new security rules as the automated security action; and
  
  declining the financial transaction when the transaction rule evaluates to true.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
- - 11. The method of claim 10, wherein maintaining further includes maintaining the original mapping as an original score-to-alert rate mapping table.
  - 12. The method of claim 10, wherein creating further includes dynamically building the new mapping as a new-score-to-alert rate mapping table for a configurable period of time as the new scoring mechanism processes within a non-production environment of the risk management system.
  - 13. The method of claim 12, wherein dynamically building further includes promoting the new scoring mechanism to a production environment of the risk management system to replace the original scoring mechanism after the configurable period of time.
  - 14. The method of claim 10, wherein updating further includes dynamically and in real time performing the updating of the security rules within the risk management system as each security rule is accessed for evaluation within the risk management system for a first time after the new scoring mechanism is active within a production environment of the risk management system and has replaced the original scoring mechanism.
  - 15. The method of claim 14 further comprising, retiring and logging, by the executable instructions, the original mapping as an archived original mapping once each security rule has been updated with that security rule'"'"'s new security score.
  - 16. The method of claim 15 further comprising, iterating processing of the method, by the executable instructions, by replacing the original mapping with the new mapping and creating a second mapping as the new mapping when a subsequent update is made to the new scoring mechanism within the risk management system.
  - 17. The method of claim 10 further comprising, managing, by the executable instructions, the alert rates as basis points within the risk management system.

18. A system, comprising:
- a processor configured to execute instructions representing a score mapper from memory or a non-transitory computer-readable storage medium, wherein the processor is part of a server accessible over a network; and
  
  the score mapper configured and adapted to;
  
  i) execute on the processor, ii) maintain a linkage between original security scores embedded in security rules of a security system and alert rates, wherein each alert rate calculated as a total number of particular alerts generated for a particular security rule divided by a total number of transactions, wherein the particular secure rule relies on a particular security score associated with a scoring mechanism of the security system, iii) update the security rules with new security scores when the scoring mechanism of the security system is updated by maintaining a same alert rate for each updated security rule that existed prior to update;
  
  iv) trigger over the network an automatic processing of a security action in response to evaluation of the updated security rules with the new security scores, v) process a transaction rule directed to a financial transaction with transaction information for the financial transaction and a particular one of the new security rules as the automated security action; and
  
  vi) decline the financial transaction when the transaction rule evaluates to true.
- View Dependent Claims (19, 20)
- - 19. The system of claim 18, wherein the security system is a risk management system.
  - 20. The system of claim 19, wherein the risk management system is part of a core banking system of a financial institution.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
NCR Corporation
Original Assignee
NCR Corporation
Inventors
Cifarelli, Claudio, Mastropietro, Massimo
Primary Examiner(s)
Patel, Haresh N

Application Number

US15/083,691
Publication Number

US 20170289182A1
Time in Patent Office

1,190 Days
Field of Search

726 1
US Class Current
CPC Class Codes

G06F 16/24578   using ranking

G06Q 20/1085   involving automatic teller ...

G06Q 20/4016   involving fraud or risk lev...

G06Q 40/02   Banking, e.g. interest calc...

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 63/20   for managing network securi...

Security system monitoring techniques by mapping received security score with newly identified security score

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

21 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Security system monitoring techniques by mapping received security score with newly identified security score

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

21 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links