COMPUTING SECURITY MECHANISM
First Claim
Patent Images
1. A computer-implemented method comprising:
- determining, using a processor, an identity currently logged-in to a computing system that provides access to a number of user applications;
while the identity remains logged-in to the computing system, monitoring, using a processor, interaction with multiple of the user applications accessible via the computing system;
comparing, using a processor, the monitored interaction with the multiple user applications to a system resource usage model corresponding to the identity determined to be logged-in to the computing system currently;
based on a result of comparing the monitored interaction with the multiple user applications to the system resource usage model corresponding to the identity determined to be logged-in to the computing system, determining, using a processor, that the monitored interaction with the multiple user applications is suspicious; and
as a consequence of determining that the monitored interaction with the multiple user applications is suspicious, invoking, using a processor, a security mechanism in connection with the computing system.
1 Assignment
0 Petitions
Accused Products
Abstract
Interaction involving a computing system and/or applications accessible via the computing system is monitored. As a consequence of determining that the monitored interaction is suspicious, a security mechanism is invoked in connection with the computing system.
115 Citations
17 Claims
-
1. A computer-implemented method comprising:
-
determining, using a processor, an identity currently logged-in to a computing system that provides access to a number of user applications; while the identity remains logged-in to the computing system, monitoring, using a processor, interaction with multiple of the user applications accessible via the computing system; comparing, using a processor, the monitored interaction with the multiple user applications to a system resource usage model corresponding to the identity determined to be logged-in to the computing system currently; based on a result of comparing the monitored interaction with the multiple user applications to the system resource usage model corresponding to the identity determined to be logged-in to the computing system, determining, using a processor, that the monitored interaction with the multiple user applications is suspicious; and as a consequence of determining that the monitored interaction with the multiple user applications is suspicious, invoking, using a processor, a security mechanism in connection with the computing system. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A computer-readable storage medium storing instructions that, when executed by a computing system, cause the computing system to:
-
receive authentication information for an identity; store the received authentication information for the identity; allow the identity to log-in to a first session with the computing system; while the identity remains logged-in to the first session with the computing system, monitor user interaction with multiple user applications accessible via the computing system; based on monitoring user interaction with the multiple user applications, develop a user application usage model for the identity; cause the identity to be logged-out from the computing system; after causing the identity to be logged-out from the computing system, receive a request to log-in the identity to a second session with the computing system, the request including a portion of the authentication information for the identity; responsive to receiving the request to log-in the identity to a second session with the computing system, compare the authentication information received with the log-in request to the stored authentication information for the identity; based on results of comparing the authentication information received with the log-in request to the stored authentication information for the identity, allow the identity to log-in to a second session with the computing system; while the identity remains logged-in to the second session with the computing system, monitor user interaction with multiple user applications accessible via the computing system; compare the monitored user interaction with the multiple user applications from the second session to the user application usage model developed for the identity; based on a result of comparing the monitored user interaction with the multiple user applications from the second session to the user application usage model developed for the identity, determine that the monitored user interaction with the multiple user applications from the second session is suspicious; and as a consequence of determining that the monitored user interaction with the multiple user applications from the second session is suspicious, invoke a security mechanism in connection with the computing system.
-
-
17. A computer-readable storage medium storing instructions that, when executed by a computing system, cause the computing system to:
-
monitor, at one or more unannounced intervals and transparently to any end user of a computing device, interaction that involves the computing device and user applications that are accessible via the computing device; determine that the monitored interaction is suspicious; and as a consequence of having determined that the monitored interaction is suspicious, invoke a security mechanism in connection with the computing system.
-
Specification