Continuous Monitoring of Computer User and Computer Activities
First Claim
1. A method for securing a computer device, the method comprising:
- capturing interaction data for a user interfacing with the computer device, the interaction data including keyboard inputs and screen captures taken periodically;
extracting semantic meaning of the interaction data;
generating a schema based on the extracted semantic meaning to create meaningful tags for the interaction data;
analyzing the schema based on a model to identify security threats; and
creating an alarm when non-conforming behavior for the model is detected, wherein operations of the method are executed by a processor.
2 Assignments
0 Petitions
Accused Products
Abstract
Methods, systems, and computer programs are presented for securing a computer device. One method includes an operation for capturing interaction data for a user interfacing with the computer device, the interaction data including keyboard inputs and screen captures taken periodically. Further, the method includes operations for extracting semantic meaning of the interaction data, and generating a schema, based on the extracted semantic meaning, to create meaningful tags for the interaction data. The schema is analyzed based on a model in order to identify security threats, and an alarm is created when non-conforming behavior for the model is detected.
83 Citations
20 Claims
-
1. A method for securing a computer device, the method comprising:
-
capturing interaction data for a user interfacing with the computer device, the interaction data including keyboard inputs and screen captures taken periodically; extracting semantic meaning of the interaction data; generating a schema based on the extracted semantic meaning to create meaningful tags for the interaction data; analyzing the schema based on a model to identify security threats; and creating an alarm when non-conforming behavior for the model is detected, wherein operations of the method are executed by a processor. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A computer device comprising:
-
a memory; a processor; and a keyboard for entering keyboard inputs, wherein the memory includes a computer program that, when executed by the processor, performs a method, the method comprising; extracting semantic meaning from interaction data that includes screen captures and the keyboard inputs; generating a schema based on the extracted semantic meaning to create meaningful tags for the interaction data; analyzing the schema based on a defined model to identify security threats; and creating an alarm when a security threat is identified.
-
-
13. A computer program embedded in a non-transitory computer-readable storage medium, when executed by one or more processors, for securing a computer device, the computer program comprising:
-
program instructions for capturing interaction data for a user interfacing with the computer device, the interaction data including keyboard inputs and screen captures taken periodically; program instructions for extracting semantic meaning of the interaction data; program instructions for generating a schema based on the extracted semantic meaning to create meaningful tags for the interaction data; program instructions for analyzing the schema based on a defined model to identify security threats; and program instructions for creating an alarm when non-conforming behavior for the model is detected. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
-
Specification