Security via adaptive threat modeling

US 10,547,642 B2
Filed: 01/27/2017
Issued: 01/28/2020
Est. Priority Date: 01/27/2017
Status: Active Grant

First Claim

Patent Images

1. A computing device comprising:

a processor;

a network interface coupled to the processor;

a storage device coupled to the processor; and

a security application stored in the storage device, wherein execution of the security application by the processor configures the computing device to perform acts comprising;

receiving behavioral data of a user, for a predetermined period;

analyzing the behavioral data for a pattern of online behavior of the user with one or more user equipment identified to be used by the user;

creating a susceptibility profile of the user based on the pattern of online behavior of the user with the one or more user equipment;

receiving one or more environment parameters;

creating an adaptive security threat model tailored for the user based on the susceptibility profile of the user and the one or more environment parameters;

iteratively, until the adaptive security threat model exceeds a first predetermined threshold;

monitoring the behavioral data;

adjusting the susceptibility profile of the user based on the monitoring of the behavioral data; and

adjusting the adaptive security threat model in accordance with the monitoring of the behavioral data;

in response to the adaptive security threat model exceeding the first predetermined threshold, creating an adaptive security solution tailored for the user equipment based on the adaptive security threat model; and

sending a report data packet that includes the adaptive security solution via the network interface to an account of the user.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A methods and systems of providing security based on an identified susceptibility profile of a user are provided. Behavioral data related to an account of a user is received for a predetermined period. The behavioral data is analyzed for a pattern of on-line behavior of the user. A susceptibility profile of the user is created based on the pattern of on-line behavior. Environment parameters are received from a database. A security threat model is created based on the susceptibility profile and the environment parameters. A report data packet based on the created threat model is sent to an account of the user.

Citations

20 Claims

1. A computing device comprising:
- a processor;
  
  a network interface coupled to the processor;
  
  a storage device coupled to the processor; and
  
  a security application stored in the storage device, wherein execution of the security application by the processor configures the computing device to perform acts comprising;
  
  receiving behavioral data of a user, for a predetermined period;
  
  analyzing the behavioral data for a pattern of online behavior of the user with one or more user equipment identified to be used by the user;
  
  creating a susceptibility profile of the user based on the pattern of online behavior of the user with the one or more user equipment;
  
  receiving one or more environment parameters;
  
  creating an adaptive security threat model tailored for the user based on the susceptibility profile of the user and the one or more environment parameters;
  
  iteratively, until the adaptive security threat model exceeds a first predetermined threshold;
  
  monitoring the behavioral data;
  
  adjusting the susceptibility profile of the user based on the monitoring of the behavioral data; and
  
  adjusting the adaptive security threat model in accordance with the monitoring of the behavioral data;
  
  in response to the adaptive security threat model exceeding the first predetermined threshold, creating an adaptive security solution tailored for the user equipment based on the adaptive security threat model; and
  
  sending a report data packet that includes the adaptive security solution via the network interface to an account of the user.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The computing device of claim 1, wherein:
    - the user is identified to use a plurality of user equipment; and
      
      each user equipment is of a different type.
  - 3. The computing device of claim 1, wherein execution of the security application by the processor further configures the computing device to perform acts comprising, sending the report data packet to a system administrator of a business enterprise to which the user belongs.
  - 4. The computing device of claim 1, wherein the report data packet is operative to adjust one or more access controls to the network for the user, based on the security threat model.
  - 5. The computing device of claim 1, wherein the environment parameters are received upon determining that the susceptibility profile of the user is above a second predetermined threshold.
  - 6. The computing device of claim 1, wherein execution of the security application by the processor further configures the computing device to perform acts comprising:
    - receiving device data comprising information as to each type of user equipment identified to be used by the user, wherein the report data packet comprises an adaptive security solution that is tailored for each type of user equipment based on the adaptive security threat model and the device data.
  - 7. The computing device of claim 1, wherein the behavioral data includes one or more ambient conditions under which the user is operating the one or more user equipment.
  - 8. The computing device of claim 1, wherein the behavioral data includes, for a predetermined period, a type and volume of information shared on a social networking site.
  - 9. The computing device of claim 6, wherein:
    - the report data packet is sent to a server of a business enterprise to which the user belongs; and
      
      the device data is operative to automatically adjust security parameters of the business enterprise from the server.
  - 10. The computing device of claim 1, wherein execution of the security application by the processor further configures the computing device to perform acts comprising:
    - upon determining that a threshold number of users in a same group as the user (i) have a same adaptive security threat model and (ii) the adaptive security threat model is above the first predetermined threshold, sending the report data packet to accounts of all users in the same group.
  - 11. The computing device of claim 1, wherein execution of the security application by the processor further configures the computing device to perform acts comprising:
    - upon determining that the adaptive security threat model is above the predetermined threshold, sending the report data packet to accounts of all users in a same group as the user.
  - 12. The computing device of claim 1, wherein the acts comprise:
    - requesting the environment parameters from a database;
      
      wherein the one or more environment parameters are received in response to the request.

13. A non-transitory computer-readable medium having stored thereon a plurality of sequences of instructions which, when executed by the processor, cause the processor to perform a method of providing security, the method comprising:
- receiving behavioral data of a user, for a predetermined period;
  
  analyzing the behavioral data for a pattern of online behavior of the user with one or more user equipment identified to be used by the user;
  
  creating a susceptibility profile of the user based on the pattern of online behavior of the user with the one or more user equipment;
  
  creating an adaptive security threat model tailored for the user based on the susceptibility profile of the user;
  
  iteratively, until the adaptive security threat model exceeds a first predetermined threshold;
  
  monitoring the behavioral data;
  
  adjusting the susceptibility profile of the user based on the monitoring of the behavioral data; and
  
  adjusting the adaptive security threat model in accordance with the monitoring of the behavioral data;
  
  in response to the adaptive security threat model exceeding the first predetermined threshold, creating an adaptive security solution tailored for the user equipment based on the adaptive security threat model;
  
  sending the adaptive security threat model to a policy database;
  
  receiving a policy from the policy database based on the adaptive security threat model; and
  
  sending a report data packet that includes the adaptive security solution based on the policy to an account of the user.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
- - 14. The non-transitory computer-readable medium of claim 13, wherein the method comprises:
    - receiving environment parameters from a database;
      
      wherein the adaptive security threat model is further based on the environment parameters.
  - 15. The non-transitory computer-readable medium of claim 14, further comprising, in addition to sending the adaptive security threat model to the policy database, sending the environment parameters together with the adaptive security threat model to the policy database, wherein the adaptive security threat model is based on the susceptibility profile and the environment parameters.
  - 16. The non-transitory computer-readable medium of claim 13, wherein the report data packet is operative to adjust one or more access controls to the network for the user.
  - 17. The non-transitory computer-readable medium of claim 13, wherein:
    - the behavioral data is sensed by one or more user behavior sensors of the one or more user equipment.
  - 18. The non-transitory computer-readable medium of claim 17, wherein:
    - the user is identified to use a plurality of user equipment; and
      
      each user equipment is of a different type.
  - 19. The non-transitory computer-readable medium of claim 13, further comprising, sending the report data packet to a system administrator of a business enterprise to which the user belongs.
  - 20. The non-transitory computer-readable medium of claim 19, wherein the report data packet is operative to adjust one or more access controls to a network for the user, based on the policy.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
T-Mobile USA, Inc. (Deutsche Telekom AG)
Original Assignee
T-Mobile USA, Inc. (Deutsche Telekom AG)
Inventors
Reith, Gregory, Peppe, Brett
Primary Examiner(s)
Gee, Jason K

Application Number

US15/417,548
Publication Number

US 20180219914A1
Time in Patent Office

1,096 Days
Field of Search
US Class Current
CPC Class Codes

G06N 20/00   Machine learning

G06N 7/01   Probabilistic graphical mod...

H04L 63/104   Grouping of entities

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 63/20   for managing network securi...

H04W 12/088   using filters or firewalls

H04W 12/68   Gesture-dependent or behavi...

Security via adaptive threat modeling

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Security via adaptive threat modeling

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links