Skeptical system

US 7,421,738 B2
Filed: 11/25/2002
Issued: 09/02/2008
Est. Priority Date: 11/25/2002
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented skeptical method comprising:

monitoring commands of a user entered into a computer;

predicting a plan of the user based on the monitored commands;

assessing a threat based on the predicted plan;

selecting, from among a plurality of possible responses, a response that is appropriate to the assessed threat; and

executing the selected response to store the assessed threat.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A skeptical system protects an asset by monitoring commands of a user, predicting a plan of the user based on the monitored commands, inferring an actual plan from the predicted plan, receiving information related to an identity of the user, inferring an actual identity of the user from the information, assessing a threat based on the actual plan and the actual user identity, and selecting, from among a plurality of possible responses, a response that is appropriate to the assessed threat.

Citations

36 Claims

1. A computer-implemented skeptical method comprising:
- monitoring commands of a user entered into a computer;
  
  predicting a plan of the user based on the monitored commands;
  
  assessing a threat based on the predicted plan;
  
  selecting, from among a plurality of possible responses, a response that is appropriate to the assessed threat; and
  
  executing the selected response to store the assessed threat.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
- - 2. The skeptical method of claim 1 wherein the assessing of the threat based on the user'"'"'s intent and plan comprises:
    - determining an identity of the user; and
      
      ,assessing the thread based on the predicted plan and the identity of the user.
  - 3. The skeptical method of claim 2 wherein the determining of an identity of the user comprises determining the identity of the user from a biometric input.
  - 4. The skeptical method of claim 2 wherein the determining of an identity of the user comprises determining the identity of the user from a passive biometric input.
  - 5. The skeptical method of claim 2 wherein the determining of an identity of the user comprises determining the identity of the user from an active biometric input.
  - 6. The skeptical method of claim 2 wherein the determining of an identity of the user comprises providing a user with a message directing the user to authenticate the identity of the user.
  - 7. The skeptical method of claim 2 wherein the determining of an identity of the user comprises determining the identity of the user from user patterns.
  - 8. The skeptical method of claim 7 wherein the user patterns comprise command patterns of the user.
  - 9. The skeptical method of claim 7 wherein the user patterns comprise typing patterns of the user.
  - 10. The skeptical method of claim 7 wherein the user patterns comprise pointing patterns of the user.
  - 11. The skeptical method of claim 2 wherein the determining of an identity of the user comprises determining the identity of the user from user patterns and from user authentication.
  - 12. The skeptical method of claim 1 wherein the predicting of a plan of the user based on the monitored commands comprises:
    - matching observed commands to plans in a stored plan library; and
      
      ,predicting the plan of the user based on the matching plans.
  - 13. The skeptical method of claim 12 further comprising determining unobserved actions of the user from the matching plans.
  - 14. The skeptical method of claim 12 further comprising determining unobserved actions of the user from reports of state changes.
  - 15. The skeptical method of claim 14 further comprising determining unobserved actions of the user from the matching plans.
  - 16. The skeptical method of claim 1 further comprising determining unobserved actions of the user from reports of state changes.
  - 17. The skeptical method of claim 1 wherein the selecting of a response that is appropriate to the assessed threat comprises selecting a response to hedge and limit risk.
  - 18. The skeptical method of claim 1 wherein the plurality of possible responses comprises passing commands, logging commands, rejecting commands, and terminating a session.
  - 19. The skeptical method of claim 18 wherein the plurality of possible responses comprises requiring the user to again provide the user'"'"'s identity, asking the user if the effects of the commands are intended by the user, and requiring corroboration from another party.
  - 20. The skeptical method of claim 1 wherein the plurality of possible responses comprises requiring the user to again provide the user'"'"'s identity, asking the user if the effects of the commands are intended by the user, and requiring corroboration from another party.
  - 21. The skeptical method of claim 1 wherein the assessing of the threat based on the predicted plan comprises maintaining user models and session models, wherein the user models relate to user identification, and wherein the session models relate to the predicted plan.
  - 22. The skeptical method of claim 21 wherein the assessing of the threat based on the predicted plan further comprises maintaining cost models, wherein the cost models relate to consequential costs of the predicted plan.
  - 23. The skeptical method of claim 21 wherein the session models are rendered as a Bayesian belief network.

24. A computer-implemented skeptical method comprising:
- monitoring commands of a user entered into a computer;
  
  matching the commands to plans stored in a plan library;
  
  predicting a plan of the user from the matching plans;
  
  receiving information related to an identity of the user;
  
  assessing a threat assessment from a memory based on the predicted plan and the user identification information;
  
  selecting, from among a plurality of possible responses, a response that is appropriate to the assessed threat assessment; and
  
  executing the selected response to store the assessed threat.
- View Dependent Claims (25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36)
- - 25. The skeptical method of claim 24 wherein the receiving of information related to an identity of the user comprises receiving a biometric input.
  - 26. The skeptical method of claim 24 wherein the receiving of information related to an identity of the user comprises receiving identity information in response to a message directing the user to authenticate the identity of the user.
  - 27. The skeptical method of claim 24 wherein the receiving of information related to an identity of the user comprises determining identity from user patterns.
  - 28. The skeptical method of claim 24 wherein the receiving of information related to an identity of the user comprises determining the identity of the user from user patterns and from user authentication.
  - 29. The skeptical method of claim 24 further comprising determining unobserved actions of the user from the matching plans.
  - 30. The skeptical method of claim 24 further comprising determining unobserved actions of the user from reports of state changes.
  - 31. The skeptical method of claim 24 wherein the selecting of a response that is appropriate to the accessed threat assessment comprises selecting a response to hedge and limit risk.
  - 32. The skeptical method of claim 24 wherein the plurality of possible responses comprises passing commands, logging commands, rejecting commands, and terminating a session.
  - 33. The skeptical method of claim 24 wherein the plurality of possible responses comprises requiring the user to again provide the user'"'"'s identity, asking the user if the effects of the commands are intended by the user, and requiring corroboration from another party.
  - 34. The skeptical method of claim 24 wherein the assessing of the threat assessment comprises maintaining user models and session models, wherein the user models relate to user identification, and wherein the session models relate to the predicted plan.
  - 35. The skeptical method of claim 34 wherein the assessing of the threat assessment further comprises maintaining cost models, wherein the cost models relate to consequential costs of the predicted plan.
  - 36. The skeptical method of claim 34 wherein the session models are rendered as a Bayesian belief network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Honeywell International Inc.
Original Assignee
Honeywell International Inc.
Inventors
Geib, Christopher W., Harp, Steven A.
Primary Examiner(s)
Parthasarathy; Pramila

Application Number

US10/303,223
Publication Number

US 20040103296A1
Time in Patent Office

2,108 Days
Field of Search

None
US Class Current

726/25
CPC Class Codes

G06F 21/316 by observing the pattern of...

G06F 21/55 Detecting local intrusion o...

Skeptical system

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

36 Claims

Specification

Solutions

Use Cases

Quick Links

Skeptical system

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

36 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links