System and method for calendar-based anomalous access detection
First Claim
Patent Images
1. A method of detecting and rejecting an anomalous access request from a client on behalf of a requesting user at a current date and time to a resource in a network environment, said method comprising:
- (a) providing a user calendar for a user comprising a predicted calendar record identifying a predicted location for said user at said current date and time and a previous calendar record identifying a previous location for said user at a previous date and time,(b) providing said client in said network environment,(c) retrieving said user calendar for said requesting user,(d) retrieving said predicted calendar record within said user calendar corresponding to said current date and time when said client has sent said request to said resource and said previous calendar record,(e) determining a location of said client corresponding to said current date and time when said client has sent said request to said resource,(f) computing a time difference from said current date and time and said previous date and time from said previous calendar record,(g) comparing said location with said predicted location for said user obtained from said predicted calendar record,(h) computing a minimum transit time for said user to travel between said location and said previous location from said previous calendar record,(i) rejecting said request if said location is inconsistent with said predicted location and said time difference is inconsistent with said minimum transit time between said location and said previous location.
1 Assignment
0 Petitions
Accused Products
Abstract
An access control system is augmented with the ability to categorize access requests as anomalous, by correlating the time and location of the requesting user with information provided by the requesting user'"'"'s calendar entries. These entries provide the dates and times that a user is anticipated to be located in a particular geographic region.
29 Citations
6 Claims
-
1. A method of detecting and rejecting an anomalous access request from a client on behalf of a requesting user at a current date and time to a resource in a network environment, said method comprising:
-
(a) providing a user calendar for a user comprising a predicted calendar record identifying a predicted location for said user at said current date and time and a previous calendar record identifying a previous location for said user at a previous date and time, (b) providing said client in said network environment, (c) retrieving said user calendar for said requesting user, (d) retrieving said predicted calendar record within said user calendar corresponding to said current date and time when said client has sent said request to said resource and said previous calendar record, (e) determining a location of said client corresponding to said current date and time when said client has sent said request to said resource, (f) computing a time difference from said current date and time and said previous date and time from said previous calendar record, (g) comparing said location with said predicted location for said user obtained from said predicted calendar record, (h) computing a minimum transit time for said user to travel between said location and said previous location from said previous calendar record, (i) rejecting said request if said location is inconsistent with said predicted location and said time difference is inconsistent with said minimum transit time between said location and said previous location. - View Dependent Claims (2)
-
-
3. A system for detecting and rejecting an anomalous access request from a client on behalf of a requesting user at a current date and time to a resource in a network environment, comprising:
-
(a) a processor, (b) a memory device coupled to said processor for storing computer-implemented instructions, when executed by said processor, providing (i) a user calendar for a user containing a predicted calendar record identifying a predicted location for said user at said current date and time and a previous calendar record identifying a previous location for said user at a previous date and time, (ii) a resource comprising a software application, (iii) said client which is able to send said access request to said resource on behalf of said user, (iv) a software agent which will intercept said access request, (v) a database which is operationally connected to said agent, wherein said user calendar, said resource, said client, said software agent and said database are implemented as software stored in said memory device running on a general-purpose computer system, said software agent will retrieve said user calendar for said requesting user, said software agent will retrieve said predicted calendar record within said user calendar corresponding to said current date and time when said client has sent said request to said resource and said previous calendar record, said software agent will determine a location of said client corresponding to said date and time when said client has sent said request to said resource, said software agent will compute a time difference from said current date and time and said previous date and time from said previous calendar record, said software agent will compare said location with said predicted location for said user obtained from said predicted calendar record, said software agent will compute a minimum transit time for said user to travel between said location and said previous location from said previous calendar record, and said software agent will reject said request if said location is inconsistent with said predicted location and said time difference is inconsistent with said minimum transit time between said location and said previous location . - View Dependent Claims (4)
-
-
5. A computer program product stored in a memory device with software for detection and rejection of an anomalous access request from a client on behalf of a requesting user at a current date and time to a resource in a network environment, said computer program product comprising:
-
(a) computer-implemented instructions, when executed by a processor, for providing a user calendar for a user comprising a predicted calendar record identifying a predicted location for said user at said current date and time and a previous calendar record identifying a previous location for said user at a previous date and time, (b) computer-implemented instructions, when executed by said processor, for providing said client in said network environment, (c) computer-implemented instructions, when executed by said processor, for retrieving said predicted calendar record within said user calendar corresponding to said current date and time when said client has sent said request to said resource and said previous calendar record, (d) computer-implemented instructions, when executed by said processor, for determining a location of said client corresponding to said current date and time when said client has sent said request to said resource, (e) computer-implemented instructions, when executed by said processor, for computing a time difference from said current date and time and said previous date and time from said previous calendar record, (f) computer-implemented instructions, when executed by said processor, for comparing said location with a predicted location for said user obtained from said predicted calendar record, (g) computer-implemented instructions, when executed by said processor, for computing a minimum transit time for said user to travel between said location and said previous location from said previous calendar record, and (h) computer-implemented instructions, when executed by said processor, for rejecting said request if said location is inconsistent with said predicted location and said time difference is inconsistent with said minimum transit time between said location and said previous location. - View Dependent Claims (6)
-
Specification