Systems, methods, and computer-readable media for data security

US 10,484,409 B2
Filed: 05/01/2017
Issued: 11/19/2019
Est. Priority Date: 01/30/2014
Status: Active Grant

First Claim

Patent Images

1. A method performed at a data security computing system that includes one or more processor devices, one or more communication devices, and one or more memories, the method comprising:

monitoring, by the data security computing system, one or more requests or activities of a computing device;

comparing, by the data security computing system, the monitored one or more requests or activities with a database of predetermined characteristics to determine whether the monitored one or more requests or activities indicates that the computing device (i) accessed or attempted to access sequentially more than a number of data files or objects in less than a predetermined period of time, and (ii) downloaded more than X data files or objects;

determining, by the data security computing system, that the monitored one or more requests or activities is suspicious when the comparing determines that the monitored one or more requests or activities indicate that the computing device (i) accessed or attempted to access sequentially more than the number of data files or objects in less than a predetermined period of time, and (ii) downloaded more than X data files or objects; and

initiating, by the data security computing system, a response to hinder the monitored one or more requests or activities when the monitored one or more requests or activities is determined to be suspicious.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In a server system providing data security, a processor monitors requests or activities of a computing device and compares the monitored requests or activities with a database of predetermined characteristics to determine whether the monitored requests or activities indicates that the computing device (i) accessed or attempted to access sequentially more than a predetermined number of data files or objects in less than a predetermined period of time, and (ii) downloaded a predetermined number of data files or objects. The monitored requests or activities is determined suspicious when the comparing determines that (i) and (ii) are true, which causes a response to hinder the monitored requests or activities.

38 Citations

View as Search Results

21 Claims

1. A method performed at a data security computing system that includes one or more processor devices, one or more communication devices, and one or more memories, the method comprising:
- monitoring, by the data security computing system, one or more requests or activities of a computing device;
  
  comparing, by the data security computing system, the monitored one or more requests or activities with a database of predetermined characteristics to determine whether the monitored one or more requests or activities indicates that the computing device (i) accessed or attempted to access sequentially more than a number of data files or objects in less than a predetermined period of time, and (ii) downloaded more than X data files or objects;
  
  determining, by the data security computing system, that the monitored one or more requests or activities is suspicious when the comparing determines that the monitored one or more requests or activities indicate that the computing device (i) accessed or attempted to access sequentially more than the number of data files or objects in less than a predetermined period of time, and (ii) downloaded more than X data files or objects; and
  
  initiating, by the data security computing system, a response to hinder the monitored one or more requests or activities when the monitored one or more requests or activities is determined to be suspicious.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, further comprising:
    - associating a marker to marked monitored one or more requests or activities determined to be suspicious which indicates that a data security action for the marked one or more requests or activities should be taken.
  - 3. The method of claim 1, wherein X=B+(Y % of B) and X, B, and Y are adjustable parameters.
  - 4. The method of claim 1, further comprising comparing the monitored one or more requests or activities with the database of predetermined characteristics to determine that the monitored one or more requests or activities is suspicious when an IP address of the computing device matches a known suspicious IP address.
  - 5. The method of claim 1, further comprising comparing the monitored one or more requests or activities with the database of predetermined characteristics to determine that the monitored one or more requests or activities is suspicious when the monitored one or more requests or activities includes the computing device submitted at least a predetermined number of search terms within less than a predetermined period of time.
  - 6. The method of claim 1, further comprising comparing the monitored one or more requests or activities with the database of predetermined characteristics to determine that the request is suspicious when the computing device submits a search term that included more than at least one of a predetermined number of characters and a predetermined number of keywords.
  - 7. The method of claim 1, further comprising comparing the monitored one or more requests or activities with the database of predetermined characteristics to determine that the monitored one or more requests or activities is suspicious when the computing device makes more than a predetermined number of searches related to a same topic.
  - 8. The method of claim 1, further comprising comparing the monitored one or more requests or activities with the database of predetermined characteristics to determine that the monitored one or more requests or activities is suspicious when the computing device submits data in a format does not match an expected format.
  - 9. The method of claim 1, wherein the response includes terminating a communication channel with the computing device.
  - 10. The method of claim 1, wherein the response includes deleting the monitored one or more requests or activities from a first server, and storing a copy of the monitored one or more requests or activities in a secondary server.

11. A server system configured to provide data security, comprising:
- one or more processor devices,one or more communication interfaces;
  
  one or more memory devices including computer-executable instructions, which when executed by the one or more processor devices, cause the one or more processor devices to;
  
  monitor one or more requests or activities of a computing device;
  
  compare the monitored one or more requests or activities with a database of predetermined characteristics to determine whether the monitored one or more requests or activities indicates that the computing device (i) accessed or attempted to access sequentially more than a number of data files or objects in less than a predetermined period of time, and (ii) downloaded more than X data files or objects;
  
  determine that the monitored one or more requests or activities is suspicious when the comparing determines that the monitored one or more requests or activities indicate that the computing device (i) accessed or attempted to access sequentially more than the number of data files or objects in less than a predetermined period of time, and (ii) downloaded more than X data files or objects; and
  
  initiate a response to hinder the monitored one or more requests or activities when the monitored one or more requests or activities is determined to be suspicious.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The server system of claim 11, further comprising computer-executable instructions, which when executed by the one or more processor devices, cause the one or more processor devices to associate a marker to marked monitored one or more requests or activities determined to be suspicious which indicates that a data security action for the marked one or more requests or activities should be taken.
  - 13. The server system of claim 11, wherein X=B+(Y % of B) and X, B, and Y are adjustable parameters.
  - 14. The server system of claim 11, further comprising computer-executable instructions, which when executed by the one or more processor devices, cause the one or more processor devices to compare the monitored one or more requests or activities with the database of predetermined characteristics to determine that the monitored one or more requests or activities is suspicious when an IP address of the computing device matches a known suspicious IP address.
  - 15. The server system of claim 11, further comprising computer-executable instructions, which when executed by the one or more processor devices, cause the one or more processor devices to compare the monitored one or more requests or activities with the database of predetermined characteristics to determine that the monitored one or more requests or activities is suspicious when the monitored one or more requests or activities includes the computing device submitted at least a predetermined number of search terms within less than a predetermined period of time.
  - 16. The server system of claim 11, further comprising computer-executable instructions, which when executed by the one or more processor devices, cause the one or more processor devices to compare the monitored one or more requests or activities with the database of predetermined characteristics to determine that the request is suspicious when the computing device submits a search term that included more than at least one of a predetermined number of characters and a predetermined number of keywords.
  - 17. The server system of claim 11, further comprising computer-executable instructions, which when executed by the one or more processor devices, cause the one or more processor devices to compare the monitored one or more requests or activities with the database of predetermined characteristics to determine that the monitored one or more requests or activities is suspicious when the computing device makes more than a predetermined number of searches related to a same topic.
  - 18. The server system of claim 11, further comprising computer-executable instructions, which when executed by the one or more processor devices, cause the one or more processor devices to compare the monitored one or more requests or activities with the database of predetermined characteristics to determine that the monitored one or more requests or activities is suspicious when the computing device submits data in a format does not match an expected format.
  - 19. The server system of claim 11, wherein the response includes terminating a communication channel with the computing device.
  - 20. The server system of claim 11, wherein the response includes deleting the data from a first server and storing a copy of the data in a secondary server.

21. A non-transitory, computer-readable medium having instructions stored thereon which, when executed at a data security computing system that includes one or more processor devices, one or more communication devices, and one or more memories, cause the data security computing system to perform operations that include:
- receiving, at the data security computing system, a request for data from a computing device;
  
  determining, at the data security computing system, characteristics associated with the request for data;
  
  determining, at the data security computing system, whether the request for the data is suspicious, wherein the determining whether the request for the data is suspicious includes comparing the determined characteristics with a database of predetermined characteristics to determine whether the determined characteristics indicate that the computing device (i) accessed or attempted to access sequentially more than a number of data files or objects in less than a predetermined period of time, and (ii) downloaded more than X data files or objects; and
  
  initiating, at the data security computing system, a response to hinder the request for the data when the request is determined to be suspicious.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nasdaq, Inc.
Original Assignee
Nasdaq, Inc.
Inventors
Ogawa, Stuart
Primary Examiner(s)
Murphy, J. Brant

Application Number

US15/582,786
Publication Number

US 20170237762A1
Time in Patent Office

932 Days
Field of Search
US Class Current
CPC Class Codes

G06F 16/13   File access structures, e.g...

G06F 16/951   Indexing; Web crawling tech...

G06F 21/554   involving event detection a...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 63/1441   Countermeasures against mal...

Systems, methods, and computer-readable media for data security

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

38 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Systems, methods, and computer-readable media for data security

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

38 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links