ARCHITECTURE FOR UNIFIED THREAT MANAGEMENT

US 20080091681A1
Filed: 10/12/2007
Published: 04/17/2008
Est. Priority Date: 10/12/2006
Status: Abandoned Application

First Claim

Patent Images

1. A method of securing an asset implemented by a security system comprising:

detecting a physical coordinate corresponding to an action relating to an attempt to access the asset;

detecting a logical coordinate corresponding to an action relating to an attempt to access the asset;

mapping the physical coordinate and the logical coordinate; and

, controlling access to the asset in response to the mapping.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A security architecture has an event analysis engine that acquires several tangible actions. The occur in an action space of an organization, and relate to unauthorized access to assets and reproduction of information. The event analysis engine evaluates the acquired actions based on the information stored in the database and in the context of past actions which have occurred, and determines a suitable response to the acquired action based on the evaluation.

166 Citations

23 Claims

1. A method of securing an asset implemented by a security system comprising:
- detecting a physical coordinate corresponding to an action relating to an attempt to access the asset;
  
  detecting a logical coordinate corresponding to an action relating to an attempt to access the asset;
  
  mapping the physical coordinate and the logical coordinate; and
  
  , controlling access to the asset in response to the mapping.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1 further comprising detecting an unauthorized transfer of a document from a first data carrying device to a second data carrying device.
  - 3. The method of claim 2 wherein the document contains a document identifier, wherein the document identifier identifies an allowable usage of the document, and wherein the detecting of an unauthorized transfer of a document comprises detecting a use of the document contrary to the allowable usage identified by the document identifier.
  - 4. The method of claim 1 further comprising detecting an unauthorized reproduction of information by monitoring actions involving the information.
  - 5. The method of claim 1 further comprising tracking actions with respect to a document from creation of the document to either destruction or archiving of the document.
  - 6. The method of claim 1 further comprising:
    - detecting a pattern from actions involving the asset based on policies governing the asset and based on a context of the actions;
      
      determining access to the asset in response to the pattern.
  - 7. The method of claim 1 further comprising continuously tracking a user as the user moves to and away from the asset.
  - 8. The method of claim 1 further comprising transmitting information in data packets including an action ID and a system ID, wherein the action ID identifies an action taken by a user with respect to the asset, and wherein the system ID identifies a system interacting with the asset with respect to the action.
  - 9. The method of claim 8 wherein the data packets further include the logical coordinate.

10. A security architecture comprising:
- a database that stores information about the systems to which users have access and the privileges Of the users with respect to those systems; and
  
  an event analysis engine, wherein the event analysis engine acquires several tangible actions occurring in an action space, wherein the actions relate to access to assets and reproduction of information, wherein the event analysis engine evaluates the acquired actions based on the information stored in the database and in context of past actions which have occurred, and wherein the event analysis engine determines a suitable response to the acquired action based on the evaluation.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
- - 11. The security architecture of claim 10 wherein the event analysis engine comprises a mapper, wherein the mapper correlates physical and logical coordinates, wherein the physical coordinate corresponds to one of the actions related to an attempt to access one of the assets, and wherein the logical coordinate corresponds to an action relating to an attempt to access the one asset.
  - 12. The security architecture of claim 10 wherein the event analysis engine comprises an action interpreter and detector, wherein the action interpreter and detector interprets the actions based on information stored in the database to determine whether the actions are authorized.
  - 13. The security architecture of claim 10 wherein the event analysis engine comprises a pattern analysis engine, wherein the pattern analysis engine uses a current action with past actions to detect a pattern indicating whether the current and past actions relate to authorized behavior of a user with respect to the assets.
  - 14. The security architecture of claim 10 wherein the event analysis engine is arranged to detect an unauthorized transfer of a document from a first data carrying device to a second data carrying device.
  - 15. The security architecture of claim 14 wherein the document contains a document identifier, wherein the document identifier identifies an allowable usage of the document, and wherein the event analysis engine is arranged to detect an unauthorized transfer of a document by detecting a use of the document contrary to the allowable usage identified by the document identifier.
  - 16. The security architecture of claim 10 wherein the event analysis engine is arranged to detect an unauthorized reproduction of information by monitoring actions involving the information.
  - 17. The security architecture of claim 10 wherein the event analysis engine is arranged to track actions with respect to a document from creation of the document to either destruction or archiving of the document.
  - 18. The security architecture of claim 10 wherein the event analysis engine is arranged to detect a pattern from actions involving the asset based on policies governing the asset and based on a context of the actions and to determine access to the asset in response to the pattern.
  - 19. The security architecture of claim 10 wherein the event analysis engine is arranged to continuously track a user as the user moves to and away from the asset.
  - 20. The security architecture of claim 10 wherein the event analysis engine is arranged to transmit information in data packets including an action ID and a system ID, wherein the action ID identifies an action taken by a user with respect to the asset, and wherein the system ID identifies a system interacting with the asset with respect to the action.
  - 21. The security architecture of claim 20 wherein the data packets further include the logical coordinate.

22. A method of protecting the transfer of a document from a first data carrying device to a second data carrying device comprising:
- monitoring an action of a user with respect to an attempt to transfer the document from the first data carrying device to the second data carrying device;
  
  determining whether the user is authorized to make the transfer based credentials of the user and a usage code on the document;
  
  permitting the transfer if the user is authorized and preventing the transfer if the user is not authorized.
- View Dependent Claims (23)
- - 23. The method of claim 22 further comprising:
    - mapping physical and logical coordinates of the user and at least one of the first and second data carrying device;
      
      permitting the transfer if the user is authorized and if the physical and logical coordinates properly map to one another; and
      
      , preventing the transfer either if the user is not authorized or if the physical and logical coordinates improperly map to one another.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Honeywell International Inc.
Original Assignee
Honeywell International Inc.
Inventors
Arora, Vikram, Dwivedi, Saket, Angeri, Harsha

Application Number

US11/871,611
Publication Number

US 20080091681A1
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/31 User authentication

G06F 21/554 involving event detection a...

ARCHITECTURE FOR UNIFIED THREAT MANAGEMENT

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

166 Citations

23 Claims

Specification

Use Cases

Quick Links

Others

ARCHITECTURE FOR UNIFIED THREAT MANAGEMENT

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

166 Citations

23 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others