Methods and systems for enforcing network and computer use policy

US 7,603,705 B2
Filed: 06/28/2005
Issued: 10/13/2009
Est. Priority Date: 05/04/2004
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method comprising:

receiving from a client computing device data associated with a user'"'"'s interaction with the client computing device, wherein the client computing device is connected to a computer network that has a network policy;

probabilistically analyzing, by the client computing device, the data to ascertain whether the data constitutes data of interest, wherein the data comprises data of interest when it pertains to a policy selected from the group consisting of the network policy for the network and a computer use policy of the client computing device, and wherein probabilistically analyzing comprises;

performing lexical analysis on the data;

matching one or more portions of the received data with one or more cases of data defined in one or more pre-defined files; and

assigning a score to the received data based at least in part on the matching, the score indicative of whether the data constitutes data of interest,wherein individual pre-defined files are defined in a hierarchical tag-based language comprising a first top level tag encompassing multiple other tags including;

a second tag specifying a file to be used to perform the lexical analysis; and

a third tag specifying individual cases of data and having sub-tags identifying text patterns that are attempted to be matched and associated responses triggered in an event of a match; and

in an event the data constitutes data of interest, applying one or more rules to ascertain whether any actions should be taken responsive to the user'"'"'s interaction with the client computing device, wherein one or more actions are taken independent of input from the user with regard to the one or more actionsdetermining, by the client computer device, whether to apply a rule to take one or more actions when it is determined that the data is data of interest based on one or more rule set profiles that define when an action should be triggered; and

receiving, by the client computer device, configuration data for the one or more rule set profiles from a remote computer device connected to the client computer device via the computer network.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Network and computer use policy is enforced by employing client-side systems that analyze data usage at the client in terms of what the data is, who is using the data, and the context of the data, and then make an intelligent decision on what action(s) to take responsive to the analysis that is performed. Such systems and related methods can protect organizational resources from inappropriate activities that originate from within the organization.

44 Citations

View as Search Results

23 Claims

1. A computer-implemented method comprising:
- receiving from a client computing device data associated with a user'"'"'s interaction with the client computing device, wherein the client computing device is connected to a computer network that has a network policy;
  
  probabilistically analyzing, by the client computing device, the data to ascertain whether the data constitutes data of interest, wherein the data comprises data of interest when it pertains to a policy selected from the group consisting of the network policy for the network and a computer use policy of the client computing device, and wherein probabilistically analyzing comprises;
  
  performing lexical analysis on the data;
  
  matching one or more portions of the received data with one or more cases of data defined in one or more pre-defined files; and
  
  assigning a score to the received data based at least in part on the matching, the score indicative of whether the data constitutes data of interest,wherein individual pre-defined files are defined in a hierarchical tag-based language comprising a first top level tag encompassing multiple other tags including;
  
  a second tag specifying a file to be used to perform the lexical analysis; and
  
  a third tag specifying individual cases of data and having sub-tags identifying text patterns that are attempted to be matched and associated responses triggered in an event of a match; and
  
  in an event the data constitutes data of interest, applying one or more rules to ascertain whether any actions should be taken responsive to the user'"'"'s interaction with the client computing device, wherein one or more actions are taken independent of input from the user with regard to the one or more actionsdetermining, by the client computer device, whether to apply a rule to take one or more actions when it is determined that the data is data of interest based on one or more rule set profiles that define when an action should be triggered; and
  
  receiving, by the client computer device, configuration data for the one or more rule set profiles from a remote computer device connected to the client computer device via the computer network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1, wherein the data is associated with a user'"'"'s keyboard interaction.
  - 3. The method of claim 1, wherein the data is associated with a user'"'"'s clipboard interaction.
  - 4. The method of claim 1, wherein the data is associated with a user'"'"'s file system interaction.
  - 5. The method of claim 1, wherein the data is associated with a user'"'"'s network interaction.
  - 6. The method of claim 1, wherein the data is associated with a user'"'"'s interaction with one or more peripheral devices.
  - 7. The method of claim 1, wherein an action comprises making an entry in a log.
  - 8. The method of claim 1, wherein an action comprises capturing a screen associated with the user'"'"'s interaction.
  - 9. The method of claim 1, wherein an action comprises generating a notification.
  - 10. The method of claim 1, wherein an action comprises shutting down an application.
  - 11. The method of claim 1, wherein an action comprises shutting down the client computing device.
  - 12. The method of claim 1, wherein the act of probabilistically analyzing further comprises using:
    - one or more runtime objects that are configured to receive and process data, andone or more knowledge base objects, individual knowledge base objects being associated with one or more runtime objects;
      
      wherein individual knowledge base objects are associated with individual pre-defined files.
  - 13. The method of claim 12, wherein knowledge base objects are configured to process data received from runtime objects and return the score and an indication of an associated node that generated the score to runtime objects from which the data was received.

14. A system comprising:
- a first computer device; and
  
  a client computer device connected to the first computer device via a computer network that has a network policyv, wherein the client computer device comrrises;
  
  one or more computer-readable media;
  
  computer-readable instructions stored in the computer-readable media which, when executed, implement a system comprising;
  
  an engine component configured to receive data associated with a user'"'"'s interaction with the client computing device and probabilistically analyze the data to ascertain whether the data constitutes data of interest, wherein the data constitutes data of interest when it pertains to one or more of the network policy and a computer use policy of the client computing device wherein the engine is configured to probabilistically analyze the data by performing the following;
  
  lexical analysis on the data;
  
  matching one or more portions of the data with one or more cases of data defined in one or more pre-defined files; and
  
  assigning a score to the data based at least in part on the matching, the score indicative of whether the data constitutes data of interest,wherein individual pre-defined files are defined in a hierarchical tag-based language comprising a first top level tag encompassing multiple other tags including;
  
  a second tag specifying a file to be used to perform the lexical analysis; and
  
  a third tag specifying individual cases of data and having sub-tags identifying text patterns that are attempted to be matched and associated responses triggered in an event of a match; and
  
  a decision framework component communicatively coupled with the engine component and configured to, in an event the data constitutes data of interest, apply one or more rules based on one or more rule set policies to ascertain whether any actions should be taken responsive to the user'"'"'s interaction, wherein one or more actions are taken independent of input from the user with regard to the one or more actions;
  
  wherein the first computer device is programmed to transmit configuration data to the client computer device for the one or more rule set profiles via the computer network.
- View Dependent Claims (15, 16, 17, 18)
- - 15. The system of claim 14, wherein the data is associated with one or more of a user'"'"'s keyboard interaction, a user'"'"'s clipboard interaction, a user'"'"'s file system interaction, a user'"'"'s network interaction, or a user'"'"'s interaction with one or more peripheral devices.
  - 16. The system of claim 14, wherein an action comprises one or more of making an entry in a log, capturing a screen associated with the user'"'"'s interaction, generating a notification, shutting down an application, and shutting down the client computing device.
  - 17. The system of claim 14, wherein the engine component comprises:
    - one or more runtime objects that are configured to receive and process data, andone or more knowledge base objects, individual knowledge base objects being associated with one or more runtime objects;
      
      wherein individual knowledge base objects are associated with individual pre-defined files.
  - 18. The system of claim 17, wherein knowledge base objects are configured to process data received from runtime objects and return the score and an indication of an associated node that generated the score.

19. A computer-implemented method comprising:
- receiving, at a client computing device from a first computer device via a computer network, configuration information that describes one or more heuristics that are to be applied to data associated with a user'"'"'s interactions on the client computing device, the configuration information being structured in a hierarchical, tag-based language, wherein the hierarchical tag-based language comprises a top level tag that can contain a profile tag associated with a set of rules for deciding when certain actions should be taken, and a filter tag associated with a single rule, keyword or lexical program;
  
  using the configuration information to remotely configure a decision framework component of the client computing device;
  
  receiving, with an engine component of the client computing device, data associated with a user'"'"'s interaction with the client computing device;
  
  probabilistically analyzing, with the engine component of the client computing device, the data to ascertain whether the data constitutes data of interest, wherein the data constitutes data of interest if it pertains to one or more of a network policy of the computer network and a computer use policy of the client computing device, and wherein probabilistically analyzing comprises;
  
  matching one or more portions of the data with one or more cases of data defined in one or more pre-defined files; and
  
  assigning a score to the data based at least in part on the matching and indicative of whether the data constitutes data of interest; and
  
  in an event the data constitutes data of interest, applying, with the configured decision framework component of the client computing device, one or more rules to ascertain whether any actions should be taken responsive to the user'"'"'s interaction with the client computing device, wherein one or more actions are taken independent of input from the user with regard to the one or more actions.
- View Dependent Claims (20, 21, 22, 23)
- - 20. The method of claim 19, wherein the data is associated with one or more of a user'"'"'s keyboard interaction, a user'"'"'s clipboard interaction, a user'"'"'s file system interaction, a user'"'"'s network interaction, or a user'"'"'s interaction with one or more peripheral devices.
  - 21. The method of claim 19, wherein an action comprises one or more of making an entry in a log, capturing a screen associated with the user'"'"'s interaction with the client computing device, generating a notification, shutting down an application, and shutting down the client computing device.
  - 22. The method of claim 19, wherein the profile tag contains one or more of an expression tag associated with an expression that is to be used to evaluate data, a filter reference tag associated with a filter that can be applied to the data, and an action tag associated with a type of action that can be performed.
  - 23. The method of claim 22, wherein filter reference tags contains a context item tag which is associated with specific data that are applied to a filter associated with filter reference tags.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Verint Americas Incorporated (Verint Systems Incorporated)
Original Assignee
Next IT Corporation (Verint Systems Incorporated)
Inventors
Roy, Shantu
Primary Examiner(s)
Barron, Jr.; Gilberto
Assistant Examiner(s)
ARMOUCHE, HADI S

Application Number

US11/169,142
Publication Number

US 20060037076A1
Time in Patent Office

1,568 Days
Field of Search

726/22, 726/23, 726/25, 707/102, 704/9, 704/10, 713/189
US Class Current

726/22
CPC Class Codes

G06F 16/3329   Natural language query form...

G06F 16/3344   using natural language anal...

G06F 21/554   involving event detection a...

G06F 2221/2113   Multi-level security, e.g. ...

G06F 2221/2145   Inheriting rights or proper...

G06F 40/284   Lexical analysis, e.g. toke...

H04L 63/1416   Event detection, e.g. attac...

Methods and systems for enforcing network and computer use policy

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

44 Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and systems for enforcing network and computer use policy

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

44 Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links