COMPLIANT AUDITING ARCHITECTURE

US 20150332280A1
Filed: 11/19/2014
Published: 11/19/2015
Est. Priority Date: 05/16/2014
Status: Active Application

First Claim

Patent Images

1. A method to collect and store audit data implementing a compliant auditing architecture, the method comprising:

detecting a user action through a user interface of an application executed on a client device associated with a user;

generating an audit event corresponding to the user action though a protocol service; and

transmitting audit data associated with the audit event from the protocol service to a local queue of a datacenter for short-term storage, wherein the audit data is uploaded from the local queue through an upload service hosted by the datacenter for long-term storage at a data store.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A compliant auditing architecture is implemented such that a uniform experience of collecting, storing, and interacting with audit data may be provided for various compliance scenarios. A user action to be audited may be detected through a user interface of an auditing application, and a protocol service of the application may generate an audit event corresponding to the user action. The protocol service may transmit audit data associated with the audit event to a local queue of a datacenter for short-term storage, and an upload service hosted by the datacenter may upload the audit data from the local queue, and transmit the audit data to a data store for long-term storage. In response to a request from an administrator, the stored audit data may be converted to a format compatible with one or more compliance interfaces, and transmitted to the administrator through the interfaces for querying and/or reporting.

Citations

20 Claims

1. A method to collect and store audit data implementing a compliant auditing architecture, the method comprising:
- detecting a user action through a user interface of an application executed on a client device associated with a user;
  
  generating an audit event corresponding to the user action though a protocol service; and
  
  transmitting audit data associated with the audit event from the protocol service to a local queue of a datacenter for short-term storage, wherein the audit data is uploaded from the local queue through an upload service hosted by the datacenter for long-term storage at a data store.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, further comprising:
    - in response to a request from an administrator to retrieve the audit data from the data store, converting the stored audit data into a format compatible with one or more compliance user interfaces of the application executed on another client device associated with the administrator.
  - 3. The method of claim 2, further comprising:
    - providing the audit data in the compatible format to the administrator for querying through a query user interface of the other client device.
  - 4. The method of claim 2, further comprising:
    - providing the audit data in the compatible format to the administrator for reporting of statistical information associated with the audit data through an audit reporting user interface of the other client device.
  - 5. The method of claim 1, further comprising:
    - accumulating audit data associated with multiple audit events generated by a variety of protocol services at the local queue.
  - 6. The method of claim 1, further comprising:
    - during the upload of the audit data, batching the audit data.
  - 7. The method of claim 6, further comprising:
    - transmitting the batched audit data to corresponding partitions of the data store for long-term storage.
  - 8. The method of claim 1, further comprising:
    - during the upload of the audit data, verifying a consistency and a correctness of the audit data.

9. A system configured to implement a compliant auditing architecture, the system comprising:
- a communication module configured to transmit audit data between one or more servers of the system and one or more client devices associated with the system;
  
  at least one short-term storage server configured to;
  
  receive audit data associated with an audit event at a local queue for short-term storage, wherein the audit data is received through the communication module from a protocol service through an application executed on a client device associated with a user, the protocol service generating the audit event to correspond to a user action detected through a user interface of the application; and
  
  accumulate further audit data associated with multiple audit events generated by a variety of protocol services at the local queue;
  
  at least one processing server coupled to the at least one short-term storage server through the communication module, wherein the at least one processing server hosts an upload service, and is configured to;
  
  upload the accumulated audit data from the local queue through the upload service; and
  
  batch the accumulated audit data such that the batched audit data is transmitted to corresponding partitions of a data store for long-term storage; and
  
  at least one long-term storage server coupled to the at least one processing server through the communication module, the at least one long-term storage server configured to;
  
  receive the batched audit data from the at least one processing server; and
  
  store the batched audit data at the corresponding partitions of the data store.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The system of claim 9, wherein the upload of the audit data is based on a specific workload of the protocol service.
  - 11. The system of claim 10, wherein the audit data is written into a persisted queue of the protocol service by an audit handler provided through a unified policy framework, and initially uploaded by the protocol service prior to being uploaded through the upload service if the workload of the protocol service is integrated with the unified policy framework.
  - 12. The system of claim 10, wherein the audit data is transmitted directly from the protocol service by a workload specific audit handler to the at least one processing server for uploading through the upload service if the workload of the protocol service is not integrated with a unified policy framework.
  - 13. The system of claim 9, wherein the long-term storage of the audit data is common to workloads of the variety of protocol services.
  - 14. The system of claim 9, wherein the audit data is stored in two tables within the data store, a first of the two tables comprising query-searchable properties of the audit data and a second of the two tables comprising overflow and multi-value properties of the audit data.
  - 15. The system of claim 9, wherein the system is implemented at a datacenter.

16. A computer-readable memory device with instructions stored thereon to collect and store audit data implementing a compliant auditing architecture, the instructions comprising:
- detecting a user action through a user interface of an application executed on a client device associated with a user;
  
  generating an audit event corresponding to the user action though a protocol service;
  
  transmitting audit data associated with the audit event from the protocol service to a local queue for short-term storage;
  
  uploading the audit data through an uploader service for long-term storage at a data store; and
  
  providing the stored audit data to an administrator for one or more of querying and reporting statistical information associated with the audit data through one or more compliance user interfaces of another client device associated with the administrator.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The computer-readable memory device of claim 16, wherein the instructions further comprise:
    - aggregating the audit data periodically to facilitate conversion of the stored audit data to a compatible format for the one or more compliance user interfaces in response to a request from the administrator to receive the stored audit data for the one or more of querying and reporting.
  - 18. The computer-readable memory device of claim 16, wherein the instructions further comprise:
    - aggregating the audit data in response to detecting duplicated audit data.
  - 19. The computer-readable memory device of claim 18, further comprising:
    - detecting the duplicated audit data in response to detecting a match of the user action, the user, and an object of two audit events.
  - 20. The computer-readable memory device of claim 19, wherein the match of the user action, the user, and the object of two audit events are detected at one or more of the protocol service of the application, the local queue, the upload service, and the data store.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Inventors
Martchenko, Serguei V., Deshpande, Ketaki Arun, Batra, Gaurav, Reyes, Arman Centeno, Manning Dawson, Sara Louise

Application Number

US14/548,147
Publication Number

US 20150332280A1
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06Q 10/10 Office automation; Time man...

G06Q 30/018 Certifying business or prod...

COMPLIANT AUDITING ARCHITECTURE

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

COMPLIANT AUDITING ARCHITECTURE

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links