Section-based security information

US 10,642,998 B2
Filed: 07/25/2018
Issued: 05/05/2020
Est. Priority Date: 07/26/2017
Status: Active Grant

First Claim

Patent Images

1. A computer-implementable method for generating session-based security information, comprising:

monitoring user behavior between an enactor and an entity;

detecting user behavior data associated with the user behavior;

generating a session using the user behavior data, the session relating to an entity discrete interaction of the enactor;

generating a fingerprint, the fingerprint comprising a collection of information providing a distinctive, characteristic indicator of an identify of the enactor;

generating a session-based fingerprint using the fingerprint, the session-based fingerprint comprising a unique identifier of the enactor associated with the session;

associating the session, the session-based security information and the session-based fingerprint with a user profile;

using the session-based security information to detect anomalous, abnormal, unexpected or malicious behavior; and

,mitigating a risk associated with the anomalous, abnormal, unexpected or malicious behavior, the mitigating being performed via an endpoint agent executing on a hardware processor of an information handling system.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method, system and computer-usable medium for generating session-based security information. Generating the session-based security information includes the steps of monitoring user behavior between an enactor and an entity; detecting user behavior data associated with the user behavior; generating a session using the user behavior data, the session relating to an entity discrete interaction of the enactor; and, associating the session and the session-based security information with the user profile.

Citations

17 Claims

1. A computer-implementable method for generating session-based security information, comprising:
- monitoring user behavior between an enactor and an entity;
  
  detecting user behavior data associated with the user behavior;
  
  generating a session using the user behavior data, the session relating to an entity discrete interaction of the enactor;
  
  generating a fingerprint, the fingerprint comprising a collection of information providing a distinctive, characteristic indicator of an identify of the enactor;
  
  generating a session-based fingerprint using the fingerprint, the session-based fingerprint comprising a unique identifier of the enactor associated with the session;
  
  associating the session, the session-based security information and the session-based fingerprint with a user profile;
  
  using the session-based security information to detect anomalous, abnormal, unexpected or malicious behavior; and
  
  ,mitigating a risk associated with the anomalous, abnormal, unexpected or malicious behavior, the mitigating being performed via an endpoint agent executing on a hardware processor of an information handling system.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, wherein:
    - the collection of information comprises a user profile element.
  - 3. The method of claim 1, wherein:
    - the session comprises at least one of a plurality of session characteristics, the session characteristics comprisingtwo sessions being contiguous;
      
      two sessions being associated but noncontiguous;
      
      the session being associated with other sessions;
      
      the session being a subset of another session; and
      
      ,the interval of time of the session overlapping with an interval of time of another session.
  - 4. The method of claim 1, wherein:
    - the user behavior enacted during the session is associated with an event.
  - 5. The method of claim 1, further comprising:
    - using the session-based fingerprint to perform security analytics operations.

6. A system comprising:
- a processor;
  
  a data bus coupled to the processor; and
  
  a non-transitory, computer-readable storage medium embodying computer program code, the non-transitory, computer-readable storage medium being coupled to the data bus, the computer program code interacting with a plurality of computer operations and comprising instructions executable by the processor and configured for;
  
  monitoring user behavior between an enactor and an entity;
  
  detecting user behavior data associated with the user behavior;
  
  generating a session using the user behavior data, the session relating to an entity discrete interaction of the enactor;
  
  generating a fingerprint, the fingerprint comprising a collection of information providing a distinctive, characteristic indicator of an identify of the enactor;
  
  generating a session-based fingerprint using the fingerprint, the session-based fingerprint comprising a unique identifier of the enactor associated with the session;
  
  associating the session, the session-based security information and the session-based fingerprint with a user profile;
  
  using the session-based security information to detect anomalous, abnormal, unexpected or malicious behavior; and
  
  ,mitigating a risk associated with the anomalous, abnormal, unexpected or malicious behavior, the mitigating being performed via an endpoint agent executing on a hardware processor of an information handling system.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The system of claim 6, wherein:
    - the collection of information comprises a user profile element.
  - 8. The system of claim 6, wherein:
    - the session comprises at least one of a plurality of session characteristics, the session characteristics comprisingtwo sessions being contiguous;
      
      two sessions being associated but noncontiguous;
      
      the session being associated with other sessions;
      
      the session being a subset of another session; and
      
      ,the interval of time of the session overlapping with an interval of time of another session.
  - 9. The system of claim 6, wherein:
    - the user behavior enacted during the session is associated with an event.
  - 10. The system of claim 6, wherein the instructions executable by the processor are further configured for:
    - using the session-based fingerprint to perform security analytics operations.

11. A non-transitory, computer-readable storage medium embodying computer program code, the computer program code comprising computer executable instructions configured for:
- monitoring user behavior between an enactor and an entity;
  
  detecting user behavior data associated with the user behavior;
  
  generating a session using the user behavior data, the session relating to an entity discrete interaction of the enactor;
  
  generating a fingerprint, the fingerprint comprising a collection of information providing a distinctive, characteristic indicator of an identify of the enactor;
  
  generating a session-based fingerprint using the fingerprint, the session-based fingerprint comprising a unique identifier of the enactor associated with the session;
  
  associating the session, the session-based security information and the session-based fingerprint with a user profile;
  
  using the session-based security information to detect anomalous, abnormal, unexpected or malicious behavior; and
  
  ,mitigating a risk associated with the anomalous, abnormal, unexpected or malicious behavior, the mitigating being performed via an endpoint agent executing on a hardware processor of an information handling system.
- View Dependent Claims (12, 13, 14, 15, 16, 17)
- - 12. The non-transitory, computer-readable storage medium of claim 11, wherein:
    - the collection of information comprises a user profile element.
  - 13. The non-transitory, computer-readable storage medium of claim 11, wherein:
    - the session comprises at least one of a plurality of session characteristics, the session characteristics comprisingtwo sessions being contiguous;
      
      two sessions being associated but noncontiguous;
      
      the session being associated with other sessions;
      
      the session being a subset of another session; and
      
      ,the interval of time of the session overlapping with an interval of time of another session.
  - 14. The non-transitory, computer-readable storage medium of claim 11, wherein:
    - the user behavior enacted during the session is associated with an event.
  - 15. The non-transitory, computer-readable storage medium of claim 11, wherein the computer executable instructions are further configured for:
    - using the session-based fingerprint to perform security analytics operations.
  - 16. The non-transitory, computer-readable storage medium of claim 11, wherein:
    - the computer executable instructions are deployable to a client system from a server system at a remote location.
  - 17. The non-transitory, computer-readable storage medium of claim 11, wherein:
    - the computer executable instructions are provided by a service provider to a user on an on-demand basis.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Forcepoint LLC (Francisco Partners Management LLC)
Original Assignee
Forcepoint LLC (Francisco Partners Management LLC)
Inventors
Ford, Richard A., Irvine, Ann, Snyder, Russell, Reeve, Adam
Primary Examiner(s)
Schwartz, Darren B

Application Number

US16/045,301
Publication Number

US 20190036959A1
Time in Patent Office

650 Days
Field of Search
US Class Current
CPC Class Codes

G06F 11/3072   where the reporting involve...

G06F 11/3438   monitoring of user actions ...

G06F 21/552   involving long-term monitor...

G06F 21/577   Assessing vulnerabilities a...

G06F 21/602   Providing cryptographic fac...

G06F 21/6245   Protecting personal data, e...

G06F 21/6254   by anonymising data, e.g. d...

G06F 21/84   output devices, e.g. displa...

G06F 2201/86   Event-based monitoring

G06F 2221/031   Protect user input by softw...

G06F 2221/032   Protect output to user by s...

G06F 2221/034   Test or assess a computer o...

H04L 2209/16   Obfuscation or hiding, e.g....

H04L 63/1408   by monitoring network traff...

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 63/1433   Vulnerability analysis

H04L 63/1441   Countermeasures against mal...

H04L 63/20   for managing network securi...

H04L 67/025   for remote control or remot...

H04L 67/141   Setup of application sessio...

H04L 67/146 : Markers for unambiguous ide...

H04L 67/289 : Intermediate processing fun...

H04L 67/306 : User profiles

H04L 67/535 : Tracking the activity of th...

View All

Section-based security information

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Section-based security information

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links