METHOD AND SYSTEM FOR AUTOMATIC DETECTION OF EAVESDROPPING OF AN ACCOUNT BASED ON IDENTIFIERS AND CONDITIONS

US 20130298238A1
Filed: 05/02/2012
Published: 11/07/2013
Est. Priority Date: 05/02/2012
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

determining, by a server computer for a client device, a first identifier associated with the client device;

analyzing, by the server computer, an activity log associated with an account of a user to determine if an eavesdropping condition has been met during a given duration, the analysis comprising;

determining that an eavesdropping activity has occurred during the given duration and determining that no normal activity has occurred during the given duration for the first identifier;

determining a second identifier associated with a second device used to access the user account; and

determining that a normal activity associated with the second identifier has occurred during the given duration; and

communicating, by the server computer, a result of the analysis.

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for detecting whether a user account has been compromised. A server computer determines, for a client device, a first identifier associated with the client device. The server computer analyzes an activity log associated with an account of a user to determine if an eavesdropping condition has been met during a given duration. The analysis includes: 1) determining that an eavesdropping activity has occurred during the given duration and determining that no normal activity has occurred during the given duration for the first identifier; 2) determining a second identifier associated with a second device used to access the user account; and 3) determining that a normal activity associated with the second identifier has occurred during the given duration.

Citations

20 Claims

1. A method comprising:
- determining, by a server computer for a client device, a first identifier associated with the client device;
  
  analyzing, by the server computer, an activity log associated with an account of a user to determine if an eavesdropping condition has been met during a given duration, the analysis comprising;
  
  determining that an eavesdropping activity has occurred during the given duration and determining that no normal activity has occurred during the given duration for the first identifier;
  
  determining a second identifier associated with a second device used to access the user account; and
  
  determining that a normal activity associated with the second identifier has occurred during the given duration; and
  
  communicating, by the server computer, a result of the analysis.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 12, 13, 14, 15)
- - 2. The method of claim 1, further comprising storing, by the server computer, an activity that occurs for the account in the activity log.
  - 3. The method of claim 1, further comprising grouping, by the server computer, the activity into a user activity group based on an identifier.
  - 4. The method of claim 1, further comprising marking the account of the user as compromised.
  - 5. The method of claim 1, wherein the analyzing the activity to determine if an eavesdropping condition is met further comprises determining that an unread email is read and then marked as unread.
  - 6. The method of claim 1, wherein the analyzing the activity to determine if an eavesdropping condition is met further comprises determining that chat history has been searched.
  - 7. The method of claim 1, wherein the analyzing the activity to determine if an eavesdropping condition is met further comprises determining that emails have been searched using a keyword.
  - 8. The method of claim 1, wherein the analyzing the activity to determine if an eavesdropping condition is met further comprises determining that an email message has been sent and then deleted from the sent items folder.
  - 9. The method of claim 1, wherein the analyzing the activity to determine if an eavesdropping condition is met further comprises determining that a chat session has occurred and then its logs have been deleted from chat history.
  - 10. The method of claim 1, wherein the analyzing the activity to determine if an eavesdropping condition is met further comprises determining that an attachment from a read email has been downloaded.
  - 12. The method claim 1, wherein the determining that a normal activity has occurred further comprises determining that an incoming email is read and not marked as unread.
  - 13. The method claim 1, wherein the determining that a normal activity has occurred further comprises determining that an email is sent and not deleted from a sent items folder.
  - 14. The method claim 1, wherein the determining that a normal activity has occurred further comprises determining that a chat has occurred with another user and a chat history for the chat has not been deleted.
  - 15. The method of claim 1, further comprising communicating, by the server computer, a notification message to the user requesting the user to change a password associated with the account.

11. (canceled)

16. A computing device comprising:
- a microprocessor of the computing device;
  
  a storage medium for tangibly storing thereon program logic for execution by the microprocessor, the program logic comprising;
  
  determining logic executed by the microprocessor for determining, for a client device, a first identifier associated with the client device;
  
  analyzing logic executed by the microprocessor for analyzing an activity log associated with an account of a user to determine if an eavesdropping condition has been met during a given duration, the analysis comprising;
  
  determining that an eavesdropping activity has occurred during the given duration and determining that no normal activity has occurred during the given duration for the first identifier;
  
  determining a second identifier associated with a second device used to access the user account; and
  
  determining that a normal activity associated with the second identifier has occurred during the given duration; and
  
  communicating logic executed by the microprocessor for communicating a result of the analysis.
- View Dependent Claims (17, 18, 19)
- - 17. The computing device of claim 16, further comprising storing logic executed by the microprocessor for storing an activity that occurs for the account in the activity log.
  - 18. The computing device of claim 16, wherein the analyzing logic further comprises eavesdropping condition logic executed by the microprocessor for one or more of determining that an unread email has been read and then marked as unread, determining that chat history has been searched, determining that emails have been searched using a keyword, determining that an email message has been sent and then deleted from the sent items folder, determining that a chat session has occurred and then its logs have been deleted from chat history, and determining that an attachment from a read email has been downloaded.
  - 19. The computing device of claim 16, wherein the analyzing logic further comprises normal activity logic executed by the microprocessor for one or more of determining that an unread email is read and then marked as unread, determining that a normal activity has occurred further comprises determining that an incoming email is read and not marked as unread, determining that an email is sent and not deleted from a sent items folder, and determining that a chat has occurred with another user and a chat history for the chat has not been deleted.

20. A non-transitory computer readable storage medium tangibly storing computer program instructions capable of being executed by a computer processor, the computer program instructions defining the steps of:
- determining, by the computer processor for a client device, a first identifier associated with the client device;
  
  analyzing, by the computer processor, an activity log associated with an account of a user to determine if an eavesdropping condition has been met during a given duration, the analysis comprising;
  
  determining that an eavesdropping activity has occurred during the given duration and determining that no normal activity has occurred during the given duration for the first identifier;
  
  determining a second identifier associated with a second device used to access the user account; and
  
  determining that a normal activity associated with the second identifier has occurred during the given duration; and
  
  communicating, by the computer processor, a result of the analysis.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
R2 Solutions LLC (Acacia Research Corporation)
Original Assignee
Yahoo! Inc. (Apollo Global Management, Inc.)
Inventors
Shah, Purshotam, Vasthimal, Deepak Kumar

Granted Patent

US 8,869,280 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/23
CPC Class Codes

G06F 21/554 involving event detection a...

METHOD AND SYSTEM FOR AUTOMATIC DETECTION OF EAVESDROPPING OF AN ACCOUNT BASED ON IDENTIFIERS AND CONDITIONS

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD AND SYSTEM FOR AUTOMATIC DETECTION OF EAVESDROPPING OF AN ACCOUNT BASED ON IDENTIFIERS AND CONDITIONS

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links