System and method for monitoring computing servers for possible unauthorized access

US 10,419,491 B1
Filed: 10/17/2017
Issued: 09/17/2019
Est. Priority Date: 12/16/2013
Status: Active Grant

First Claim

Patent Images

1. A system, comprising:

one or more Voice-over-Internet Protocol (VoIP) servers, each configured and arranged to provide respective VoIP services to remote users; and

a processing circuit communicatively-coupled to the one or more VoIP servers and configured and arranged to;

analyze data transactions of at least one VoIP sever, of the one or more VoIP servers, for one or more characteristics that are indicative of unauthorized access including data indicative of at least one possible call loop;

based on the data indicative of at least one possible call loop and other data indicative of frequency of data transactions, determine a threat level as function of the one or more characteristics of the data transactions and conditions of a security policy of a user account associated with the at least one VoIP server including whether the data indicative of at least one possible call loop corresponds to an actual call loop, the security policy including the one or more characteristics indicative of the unauthorized access and a threshold level that is based on the characteristics and the conditions; and

perform, in response to the threat level exceeding the threshold level, an action for the user account that is associated with the threshold level exceeded.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system is provided that includes one or more computing servers and a processing circuit for analyzing data transactions of the computing servers. Each of the computing servers is configured to provide respective services to remote users. The processing circuit is configured to analyze data transactions of at least one of the computing servers, which is associated with a user account. A security policy of the user account includes conditions that are indicative of unauthorized access when the conditions are satisfied by various characteristics of the analyzed data transactions. The processing circuit is configured to determine a threat level as function of the characteristics of the data transactions and the conditions of the security policy. In response to the threat level exceeding a first threshold level indicated in the security policy of the user account, the processing circuit performs an action for the user account that is associated with the first threshold level.

34 Citations

18 Claims

1. A system, comprising:
- one or more Voice-over-Internet Protocol (VoIP) servers, each configured and arranged to provide respective VoIP services to remote users; and
  
  a processing circuit communicatively-coupled to the one or more VoIP servers and configured and arranged to;
  
  analyze data transactions of at least one VoIP sever, of the one or more VoIP servers, for one or more characteristics that are indicative of unauthorized access including data indicative of at least one possible call loop;
  
  based on the data indicative of at least one possible call loop and other data indicative of frequency of data transactions, determine a threat level as function of the one or more characteristics of the data transactions and conditions of a security policy of a user account associated with the at least one VoIP server including whether the data indicative of at least one possible call loop corresponds to an actual call loop, the security policy including the one or more characteristics indicative of the unauthorized access and a threshold level that is based on the characteristics and the conditions; and
  
  perform, in response to the threat level exceeding the threshold level, an action for the user account that is associated with the threshold level exceeded.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The system of claim 1, wherein the action includes at least one of providing a notification to an authorized user of the user account, blocking one or more users from a VoIP service provided by the at least one VoIP server, and disabling the at least one VoIP server.
  - 3. The system of claim 1, wherein the security policy includes a plurality of threshold levels, including the threshold level, that are based on the characteristics and the conditions, wherein the processing circuit is further configured and arranged to perform another action for the user account in response to:
    - determining another threat level as function of characteristics of other data transactions and the one or more conditions of the security policy; and
      
      performing the other action for the user account in response to the other threat level exceeding an additional threshold level of the plurality.
  - 4. The system of claim 1, wherein the processing circuit is further configured and arranged to determine the threat level based upon a number of the conditions that are satisfied by the one or more characteristics of the data transactions.
  - 5. The system of claim 1, wherein the processing circuit is further configured and arranged to determine the threat level as a function of a frequency access to VoIP services provided by the at least one VoIP server on behalf of the user account relative to an average frequency of access for the VoIP services.
  - 6. The system of claim 1, wherein the processing circuit is further configured and arranged to determine the threat level as a function of conditions selected from the group consisting of:
    - a cost of the access to the VoIP services, whether the accesses to the VoIP services corresponds to inbound or outbound calls relative to the VoIP server, whether the accesses to the VoIP services include use of voicemail services, based upon an amount of VoIP content that is downloaded from the voicemail services, and combinations thereof.
  - 7. The system of claim 1, wherein the processing circuit is further configured and arranged to perform the action further includes generating a notification to a user indicated in the security policy.
  - 8. The system of claim 7, wherein the processing circuit is further configured and arranged to generate and send multiple notifications to multiple recipients.
  - 9. The system of claim 7, wherein the notification includes selectable options for a recipient of the notification.

10. A method for use with one or more Voice-over-Internet Protocol (VoIP) servers that are each configured and arranged to provide respective VoIP services to remote users, the method comprising:
- using a processing circuit communicatively-coupled to the one or more VoIP servers to monitor unauthorized access by;
  
  analyzing data transactions of at least one VoIP sever, of the one or more VoIP servers, for one or more characteristics that are indicative of unauthorized access including data indicative of at least one possible call loop, the at least one VoIP server being associated with a user account;
  
  based on the data indicative of at least one possible call loop and other data indicative of frequency of data transactions, determining a threat level as function of the one or more characteristics of the data transactions and conditions of a security policy of the user account including whether the data indicative of at least one possible call loop corresponds to an actual call loop, the security policy including the one or more characteristics indicative of the unauthorized access and a plurality of threshold levels that are based on the characteristics and the conditions; and
  
  performing, in response to the threat level exceeding a first threshold level of the plurality threshold levels, an action for the user account that is associated with the threshold level exceeded.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The method of claim 10, wherein performing the action includes:
    - providing a notification to an authorized user of the user account in response the threat level exceeding the first threshold level of the plurality; and
      
      blocking one or more users from a VoIP service provided by the at least one VoIP server or disabling the at least one VoIP server in response to the threat level exceeding a second threshold level of the plurality.
  - 12. The method of claim 10, wherein performing the action includes using the processing circuit to perform one or more automated tasks to prevent further unauthorized access to the at least one VoIP server.
  - 13. The method of claim 10, wherein performing the action includes using the processing circuit to generate and send a notification to a user indicated in the security policy.
  - 14. The method of claim 13, wherein the notification includes selectable options for a recipient of the notification.
  - 15. The method of claim 13, further including blocking one or more users from a VoIP service provided by the at least one VoIP server in response to the threat level exceeding a second threshold level of the plurality.
  - 16. The method of claim 15, further including disabling the at least one VoIP server for the user account in response to the threat level exceeding a third threshold level of the plurality.
  - 17. The method of claim 13, further including disabling the at least one VoIP server for the user account in response to the threat level exceeding a second threshold level of the plurality.
  - 18. The method of claim 10, further including monitoring, using the processing circuit, the data transactions of at least one VoIP sever for the one or more characteristics.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
8X8, Inc.
Original Assignee
8X8, Inc.
Inventors
Martin, Bryan, Liu, Zhishen, Zhao, Qing
Primary Examiner(s)
Thiaw, Catherine

Application Number

US15/785,697
Time in Patent Office

700 Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/102   Entity profiles

H04L 63/1408   by monitoring network traff...

H04L 63/1433   Vulnerability analysis

H04L 63/20   for managing network securi...

System and method for monitoring computing servers for possible unauthorized access

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

34 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for monitoring computing servers for possible unauthorized access

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

34 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links