Identifying security threats

US 20070222589A1
Filed: 06/27/2002
Published: 09/27/2007
Est. Priority Date: 06/27/2002
Status: Abandoned Application

First Claim

Patent Images

1. (canceled)

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method, system, and computer-readable medium is described for analyzing information to assist security personnel in identifying security threats. In some situations, various threat trend analyses are used to identify trends in various security-related information, and trend analysis information may then be presented to appropriate users (e.g., via displayed graphical charts). In a similar manner, in some situations various types of threat alerts are used to notify appropriate personnel when current conditions trigger the alert, such as in a real-time manner. In some situations, the trend analyses and alerts are selected for a user based on a current role of the user, and in some situations the information about a possible security threat is provided to various security personnel that are determined to be appropriate for the information, such as security personnel in affected geographical locations or that have capabilities related to preventing or addressing such threats.

49 Citations

View as Search Results

41 Claims

1. (canceled)

2. A method in a computing system for identifying future terrorism threats based on analysis of terrorist activity information, the method comprising:
- for each of multiple users, determining a current role of the user related to fighting terrorism;
  
  selecting one or more terrorism threat trend analysis (TTTA) definitions and one or more terrorism threat alert definitions for the user based at least in part on the determined current role, each TTTA definition specifying a measurement criteria for one of multiple types of terrorist activities and specifying a length of time, and each terrorism threat alert definition specifying a threshold related to one of the multiple types of terrorist activities; and
  
  repeatedly assisting the user in identifying future terrorism threats in an automated manner by, for each of the selected TTTA definitions, retrieving information about terrorist activities that occurred during a previous period of time of the length specified by the TTTA definition and that are of the type for the specified measurement criteria of the TTTA definition;
  
  analyzing the retrieved terrorist activity information based on the measurement criteria specified by the TTTA definition in order to calculate activity threat values during the previous period of time and to detect a trend in the calculated activity threat values over the previous period of time;
  
  generating a report that includes the calculated activity threat values in such a manner as to indicate the detected trend;
  
  presenting the generated report to the user to enable the user to identify the detected trend in the determined activity threat values;
  
  when the retrieved information is of the type for which one or more of the selected terrorism threat alert definitions has a specified threshold, determining for each of those selected terrorism threat alert definitions whether one or more of the calculated activity threat values exceed the threshold specified by the terrorism threat alert definition; and
  
  when a threshold specified by a terrorism threat alert definition is exceeded, immediately notifying the user of that terrorism threat alert; and
  
  after the detecting of a trend and/or the determining that a threshold of a terrorism threat alert definition is exceeded, determining appropriate security personnel to be notified of the detected trend and/or of the exceeded terrorism threat alert threshold and notifying those security personnel of the detected trend and/or of the exceeded terrorism threat alert threshold, so that users can identify future terrorism threats based on detected trends in terrorist activities and on thresholds for threat alerts that are exceeded;
  
  wherein the terrorism threat alert definitions are each associated with one of the TTTA definitions in such a manner that the specified threshold for a terrorism threat alert definition corresponds to an amount of change in a detected trend of multiple calculated activity threat values from an analysis of terrorist activity information for the associated TTTA definition.
- View Dependent Claims (5, 6, 7, 8, 9, 10, 11)
- - 5. The method of claim 2 including, after the presenting of a generated report to a user, receiving instructions from the user to modify the analyzing of the retrieved terrorist activity information used to generate that report and presenting a revised report to the user that is generated based on a modified analysis of the retrieved terrorist activity information as indicated.
  - 6. The method of claim 2 including selecting additional types of terrorist activity information analyses for at least one of the users and presenting reports to those users that are generated based on use of the selected additional types of analyses.
  - 7. The method of claim 2 wherein, for each of at least one of the users, the selecting of the TTTA definitions and the terrorism threat alert definitions for the user is further based on information specific to that user.
  - 8. The method of claim 2 wherein, for each of at least one of the users, the presenting of generated reports to the user and/or the notifying of the user of terrorism threat alerts is performed in a manner specific to that user.
  - 9. The method of claim 2 wherein each of at least one of the TTTA definitions further specifies one or more terrorist groups and/or one or more terrorist suspects, and wherein the terrorist activity information that is retrieved for those TTTA definitions is further for activities performed by the specified terrorist groups or specified terrorist suspects.
  - 10. The method of claim 2 wherein the current role of each of at least one of the users is an investigative counter-terrorism agent who is to prevent future terrorist threats and wherein the current role of each of at least one user other than the investigative counter-terrorism agent users is a health professional who is to address health problems caused by terrorist activities.
  - 11. The method of claim 2 wherein the users are part of an organization that provides an information portal from which each of the users can repeatedly receive a page of information with information specific to that user for presentation on a computing device, wherein the analyzing of retrieved terrorist information for a user is performed as part of each generation of the page of information specific to that user, and wherein the reports generated from the analyzing are included as part of each generated page of information so that the generated reports can be presented to the user as part of the presenting of that page of information.

3. (canceled)

4. (canceled)

12. A computer-implemented method for identifying possible terrorism threats, the method comprising:
- receiving information about terrorist activities that have occurred;
  
  receiving an indication of a current user who has a specified current role related to fighting terrorism, the current role being one of multiple distinct roles that are each associated with threat analyses having associated criteria for analyzing terrorist activity information;
  
  identifying based at least in part on the specified current role of the current user one or more threat analyses;
  
  for each of the identified threat analyses, automatically analyzing the received terrorist activity information based on associated criteria for that threat analysis in order to determine whether the terrorist activities indicate a possible terrorism threat, the analyzing using the associated criteria for the threat analysis to measure one or more aspects of the terrorist activity information for each of multiple units of time and determining a trend in one or more of the measured aspects over a period of time that includes multiple of the time units; and
  
  when the analyzing of the received terrorist activity information indicates a possible terrorism threat, providing to the current user information related to the possible terrorism threat;
  
  automatically determining an appropriate user to notify of the possible terrorism threat based at least in part on a type of the possible terrorism threat and on a current role of that user; and
  
  notifying the determined user of the possible terrorism threat.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 21, 22, 23, 24, 25, 26, 28, 29, 30, 31)
- - 13. The method of claim 12 wherein the automatic analysis of the received terrorist activity information is performed in response to the receiving of the terrorist activity information.
  - 14. The method of claim 12 wherein the identifying of the threat analyses is based on an indication of the identified threat analyses received from the current user, and wherein the automatic analysis of the received terrorist activity information is performed in response to the received indications.
  - 15. The method of claim 14 wherein the appropriate user is determined to be the user from which the indication of the threat analyses is received.
  - 16. The method of claim 12 wherein the automatic analysis of the received terrorist activity information is performed in response to an indication to provide information about terrorist activities to the determined appropriate user.
  - 17. The method of claim 16 wherein the notifying of the determined user includes presenting information to that user about the analyzing of the received terrorist activity information.
  - 18. The method of claim 17 wherein the presenting of the information to the user is performed as part of each load of an information page generated for that user.
  - 21. The method of claim 12 wherein a possible terrorism threat is indicated by the analyzing when a determined trend satisfies a condition, and wherein the notifying of the determined user of the possible terrorist threat includes providing information about the determined trend.
  - 22. The method of claim 12 wherein the analyzing further includes determining whether one or more of the measured aspects satisfies conditions for triggering an alert.
  - 23. The method of claim 12 wherein a possible terrorism threat is indicated by the analyzing when an alert is triggered, and wherein the notifying of the determined user of the possible terrorist threat includes providing information about the alert.
  - 24. The method of claim 12 wherein the notifying is performed in a real-time manner.
  - 25. The method of claim 12 wherein the analyzing further includes comparing the received terrorist activity information to another type of information.
  - 26. The method of claim 12 wherein the identifying of the threat analyses is based on a data mining analysis of information related to terrorist activities.
  - 28. The method of claim 12 wherein the identifying of the threat analyses and the automatic analyzing of the received terrorist activity information are performed for each of multiple users such that distinct threat analyses are identified and used for the users.
  - 29. The method of claim 12 wherein the determining of an appropriate user based on a type of a possible terrorism threat includes selecting a user whose current role includes addressing terrorism threats of that type.
  - 30. The method of claim 12 wherein the terrorist activity information that is received is for activities performed by one or more specified terrorist groups.
  - 31. The method of claim 12 wherein the terrorist activity information that is received is for activities performed by one or more specified terrorist suspects.

19. (canceled)

20. (canceled)

27. (canceled)

32. A computer-readable medium whose contents cause a computing device to assist in identifying security threats, by performing a method comprising:
- identifying one or more threat analyses for analyzing information about occurrences related to one or more security threats, the identified threat analyses selected based at least in part on a current role of a current user;
  
  for each of the identified threat analyses, attempting to identify a security threat by analyzing the security threat occurrence information, the analyzing including measuring one or more aspects of the security threat occurrence information for each of multiple units of time and determining a trend in one or more of the measured aspects over a period of time that includes multiple of the time units; and
  
  when the analyzing of the received security threat occurrence information identifies a security threat, notifying a user of the identified security threat who is selected as appropriate based at least in part on the identified security threat.
- View Dependent Claims (33, 34, 35, 36, 37)
- - 33. The computer-readable medium of claim 32 wherein the security threat occurrence information includes information about terrorist activities that have occurred.
  - 34. The computer-readable medium of claim 32 wherein the method includes determining the appropriate user for an identified security threat based on a type of the identified security threat.
  - 35. The computer-readable medium of claim 32 wherein the computer-readable medium is a memory of a computing device.
  - 36. The computer-readable medium of claim 32 wherein the computer-readable medium is a data transmission medium transmitting a generated data signal containing the contents.
  - 37. The computer-readable medium of claim 32 wherein the contents are instructions that when executed cause the computing device to perform the method.

38. A computing device for assisting in identifying possible security threats, comprising:
- a threat analyzer component that is capable of identifying a threat analysis that has an associated criteria for analyzing security threat occurrence information and of analyzing the security threat occurrence information based on the associated criteria in order to identify a possible security threat, the analyzing using the associated criteria for the threat analysis to determine a trend over a period of time in one or more aspects of the security threat occurrence information; and
  
  a threat notifier component that is capable of notifying a user of an identified possible security threat, the user selected as appropriate for the identified possible security threat based at least in part on a current role of the user.
- View Dependent Claims (39)
- - 39. The computing device of claim 38 wherein the threat analyzer component and the threat notifier component are executing in memory of the computing device.

40. A computer system for assisting in identifying possible security threats, comprising:
- means for identifying a threat analysis that has an associated criteria for analyzing security threat occurrence information and for analyzing the security threat occurrence information based on the associated criteria in order to identify a possible security threat, the analyzing using the associated criteria for the threat analysis to determine a trend over a period of time in one or more aspects of the security threat occurrence information; and
  
  means for notifying a user of an identified possible security threat after the user is identified as appropriate for the identified possible security threat based at least in part on a current role of the user.

41. A computer-implemented method for identifying potential terrorist acts, the method comprising:
- receiving information about terrorist activities that have occurred;
  
  identifying one or more threat analyses that each have an associated criterion for analyzing the received terrorist activity information;
  
  for each of the identified threat analyses, automatically analyzing the received terrorist activity information based on the associated criterion for that threat analysis in order to determine whether the terrorist activities indicate a potential terrorist act, the analyzing including determining a trend over a period of time in one or more aspects of the received terrorist activity information; and
  
  when the analyzing of the received terrorist activity information indicates a potential terrorist act, identifying one or more individuals who will perform the potential terrorist act;
  
  selecting one or more agents appropriate to directly prevent the potential terrorist act, the selecting based on a type of the potential terrorist act and on current roles of the agents that are related to preventing terrorist acts of that type; and
  
  notifying the selected agents of the potential terrorist act and the identified individuals in order to directly prevent the potential terrorist act.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Siebel Systems Inc. (Oracle Corporation)
Original Assignee
Siebel Systems Inc. (Oracle Corporation)
Inventors
Gorman, Richard, Butitta, Anthony, Abbo, Edward

Application Number

US10/185,871
Publication Number

US 20070222589A1
Time in Patent Office

Days
Field of Search
US Class Current

340/539.260
CPC Class Codes

G06Q 10/00 Administration; Management

G06Q 50/26 Government or public servic...

Identifying security threats

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

49 Citations

41 Claims

Specification

Solutions

Use Cases

Quick Links

Identifying security threats

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

49 Citations

41 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links