Continuous Monitoring of Computer User and Computer Activities

US 20140283059A1
Filed: 03/15/2013
Published: 09/18/2014
Est. Priority Date: 04/11/2011
Status: Active Grant

First Claim

Patent Images

1. A method for securing a computer device, the method comprising:

capturing interaction data for a user interfacing with the computer device, the interaction data including keyboard inputs and screen captures taken periodically;

extracting semantic meaning of the interaction data;

generating a schema based on the extracted semantic meaning to create meaningful tags for the interaction data;

analyzing the schema based on a model to identify security threats; and

creating an alarm when non-conforming behavior for the model is detected, wherein operations of the method are executed by a processor.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, systems, and computer programs are presented for securing a computer device. One method includes an operation for capturing interaction data for a user interfacing with the computer device, the interaction data including keyboard inputs and screen captures taken periodically. Further, the method includes operations for extracting semantic meaning of the interaction data, and generating a schema, based on the extracted semantic meaning, to create meaningful tags for the interaction data. The schema is analyzed based on a model in order to identify security threats, and an alarm is created when non-conforming behavior for the model is detected.

83 Citations

View as Search Results

20 Claims

1. A method for securing a computer device, the method comprising:
- capturing interaction data for a user interfacing with the computer device, the interaction data including keyboard inputs and screen captures taken periodically;
  
  extracting semantic meaning of the interaction data;
  
  generating a schema based on the extracted semantic meaning to create meaningful tags for the interaction data;
  
  analyzing the schema based on a model to identify security threats; and
  
  creating an alarm when non-conforming behavior for the model is detected, wherein operations of the method are executed by a processor.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method as recited in claim 1, further including:
    - providing an interface for receiving parameters associated with the model, the parameters identifying non-conforming behavior for the model.
  - 3. The method as recited in claim 2, further including:
    - refining the model by analyzing computer use during a predetermined period of time.
  - 4. The method as recited in claim 2, wherein the interface includes a definition of exceptions for the creating of alarms for one or more exception behaviors.
  - 5. The method as recited in claim 1, wherein analyzing the schema further includes:
    - identifying a non-conforming behavior based on the model and a time of the non-conforming behavior.
  - 6. The method as recited in claim 1, further including:
    - providing a search interface for viewing the interaction data and identification of non-conforming behavior.
  - 7. The method as recited in claim 1, wherein extracting semantic meaning further includes:
    - performing optical character recognition (OCR) on the screen captures to identify text displayed on the screen.
  - 8. The method as recited in claim 7, further including:
    - creating tags based on the identified text.
  - 9. The method as recited in claim 1, wherein the interaction data further includes one or more of a mouse input, an audio input, a biometric signal for the user, a geographic location of the user, a name of an active application used by the user, an operation to save data to an external device, an operation to print, a cut-and-paste of data for inclusion in an email or an attachment of a file being emailed, or computer device type including operating system, BIOS version, time and date.
  - 10. The method as recited in claim 1, wherein the screen captures are performed periodically with an interval between thirty-times-a-second and every 10 seconds, wherein the interval is increased when a user operation for access to an external storage device or when the user performs a cut-and-paste operation.
  - 11. The method as recited in claim 1, further including:
    - performing continuous authentication of the user based on images taken of the user while interacting with the computer device.

12. A computer device comprising:
- a memory;
  
  a processor; and
  
  a keyboard for entering keyboard inputs, wherein the memory includes a computer program that, when executed by the processor, performs a method, the method comprising;
  
  extracting semantic meaning from interaction data that includes screen captures and the keyboard inputs;
  
  generating a schema based on the extracted semantic meaning to create meaningful tags for the interaction data;
  
  analyzing the schema based on a defined model to identify security threats; and
  
  creating an alarm when a security threat is identified.

13. A computer program embedded in a non-transitory computer-readable storage medium, when executed by one or more processors, for securing a computer device, the computer program comprising:
- program instructions for capturing interaction data for a user interfacing with the computer device, the interaction data including keyboard inputs and screen captures taken periodically;
  
  program instructions for extracting semantic meaning of the interaction data;
  
  program instructions for generating a schema based on the extracted semantic meaning to create meaningful tags for the interaction data;
  
  program instructions for analyzing the schema based on a defined model to identify security threats; and
  
  program instructions for creating an alarm when non-conforming behavior for the model is detected.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
- - 14. The computer device as recited in claim 13, further including:
    - program instructions for providing a search interface for viewing the interaction data and identification of non-conforming behavior.
  - 15. The computer program as recited in claim 14, further including:
    - program instructions for providing search results after a search request, wherein the search results include time snapshots having an image of the user and an associated screen capture.
  - 16. The computer program as recited in claim 13, wherein analyzing the schema includes generating a security score based on the model and the interaction data.
  - 17. The computer program as recited in claim 13, further including:
    - program instructions for providing an interface for receiving parameters associated with the model, the parameters identifying non-conforming behavior for the model.
  - 18. The computer program as recited in claim 17, further including:
    - program instructions for refining the model by analyzing computer use during a predetermined period of time.
  - 19. The computer program as recited in claim 17, wherein the interface includes a definition of exceptions for creating the alarm for one or more exception behaviors.
  - 20. The computer program as recited in claim 13, wherein analyzing the schema further includes:
    - program instructions for identifying a non-conforming behavior based on the model and a time of the non-conforming behavior.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
NSS Lab Works LLC
Original Assignee
NSS Lab Works LLC
Inventors
Sambamurthy, Namakkal S., Krishnan, Parthasarathy

Granted Patent

US 9,047,464 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/23
CPC Class Codes

G06F 21/55 Detecting local intrusion o...

G06F 21/552 involving long-term monitor...

Continuous Monitoring of Computer User and Computer Activities

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

83 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Continuous Monitoring of Computer User and Computer Activities

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

83 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links