System and method for calendar-based anomalous access detection

US 20080228721A1
Filed: 03/17/2007
Published: 09/18/2008
Est. Priority Date: 03/17/2007
Status: Active Grant

First Claim

Patent Images

1. A method of detecting anomalous access to a resource in a network environment, said method comprising:

(a) providing a user calendar for a user,(b) providing a client in said network environment,(c) accessing a calendar record within said user calendar,(d) determining a location of said client when said client has sent a request to said resource,(e) comparing said location with a predicted location obtained from said calendar record,(f) rejecting said request if said location is inconsistent with said predicted location.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An access control system is augmented with the ability to categorize access requests as anomalous, by correlating the time and location of the requesting user with information provided by the requesting user'"'"'s calendar entries. These entries provide the dates and times that a user is anticipated to be located in a particular geographic region.

Citations

10 Claims

1. A method of detecting anomalous access to a resource in a network environment, said method comprising:
- (a) providing a user calendar for a user,(b) providing a client in said network environment,(c) accessing a calendar record within said user calendar,(d) determining a location of said client when said client has sent a request to said resource,(e) comparing said location with a predicted location obtained from said calendar record,(f) rejecting said request if said location is inconsistent with said predicted location.
- View Dependent Claims (2, 3)
- - 2. The method of claim 1, wherein the step of determining the location of said client when said client has sent the request to said resource further comprises:
    - (a) identifying a source network in said request,(b) determining said location of said client based on the location of said source network.
  - 3. The method of claim 1, further comprising:
    - (a) storing a previous location of said user with a previous request time,(b) computing a time difference from an arrival time of said request and said previous request time,(c) rejecting said request if said time difference is inconsistent with a minimum transit time between said location and said previous location.

4. A system for detecting anomalous access to a resource in a network environment, comprising:
- (a) a user calendar for a user containing a calendar record,(b) a resource comprising a software application,(c) a client which is able to send an access request to said resource on behalf of said user,(d) a software agent which will intercept said access request,(e) a database which is operationally connected to said agent.
- View Dependent Claims (5, 6, 7)
- - 5. The system of claim 4, wherein said resource and software agent are implemented as software running on a general-purpose computer system.
  - 6. The system of claim 4, wherein said database is implemented as a relational database.
  - 7. The system of claim 4, wherein said calendar record includes a predicted future location for said user.

8. A computer program product within a computer usable medium for anomalous access detection, comprising:
- (a) instructions for accessing a calendar record within a user calendar,(b) instructions for determining a location of a client when said client has sent a request to a resource,(c) instructions for comparing said location with a predicted location obtained from said calendar record.
- View Dependent Claims (9, 10)
- - 9. The computer program product of claim 8, wherein the instructions for determining the location of said client when said client has sent the request to said resource further comprises:
    - (a) instructions for identifying a source network in said request,(b) instructions for determining said location of said client based on the location of said source network.
  - 10. The computer program product of claim 8, further comprising:
    - (a) instructions for storing in a database a previous location of a user with a previous request time,(b) instructions for computing a time difference from an arrival time of said request and said previous request time,(c) instructions for determining if said time difference is inconsistent with a minimum transit time between said location and said previous location.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Informed Control Incorporated
Original Assignee
Informed Control Incorporated
Inventors
Wahl, Mark Frederick

Granted Patent

US 7,747,645 B2
Time in Patent Office

Days
Field of Search
US Class Current

707/3
CPC Class Codes

G06F 21/316   by observing the pattern of...

G06F 2221/2101   Auditing as a secondary aspect

G06F 2221/2111   Location-sensitive, e.g. ge...

G06F 2221/2149   Restricted operating enviro...

G06F 2221/2151   Time stamp

G06Q 10/109   Time management, e.g. calen...

H04L 63/102   Entity profiles

H04L 63/1416   Event detection, e.g. attac...

System and method for calendar-based anomalous access detection

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

10 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for calendar-based anomalous access detection

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

10 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links