System and method for producing audit trails

US 7,908,160 B2
Filed: 09/11/2006
Issued: 03/15/2011
Est. Priority Date: 09/11/2006
Status: Active Grant

First Claim

Patent Images

1. A method for generating audit trails, comprising:

establishing a connection between an event listener component and at least one event source;

collecting event data for one of a plurality of events from the at least one event source at the event listener component;

responsive to collecting the event data, transmitting an event notification from the event listener component to a correlator;

loading a process definition at the correlator, the process definition defining a plurality of state transitions each associated with different ones of the plurality of events;

responsive to receiving the event notification, determining at the correlator that the event data is representative of a state transition to a final process state;

traversing the process definition in reverse by a computer and, for each one of the plurality of state transitions, transmitting a query to the event listener component to retrieve the event associated with the one of the plurality of state transitions;

determining if all of the events associated with the plurality of state transitions have been retrieved or have not been retrieved;

generating, by the computer, at least one audit trail event at the correlator, based on the event data collected at the event listener component;

wherein if all of the events associated with the plurality of state transitions are retrieved, a normal audit trail event is generated, and if one or more events associated with the plurality of state transitions are not retrieved, an anomaly audit trail event is generated; and

transmitting the at least one audit trail event to a notification component.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Business Processes handle business transactions. The life cycle of a transaction is controlled by state of the process and events. Events represent information exchange between systems. The states determine when the exchange should take place.

Key issues are to identify whether a transaction is anomalous and if so, determining the trace to the root cause

To detect anomalies, current approaches evaluate transaction data statistically. To validate whether the transaction is indeed anomalous requires significant storage, processing power and human resources.

The new approach audits events as they happen against the business process definition. Events that do not follow the right sequences and conditions of the process definition are identified to be anomalous. The generated audit trail traces the root cause of the transaction anomaly.

Businesses can now protect or re-engineer their strategic business processes using audit trail traces.

Citations

15 Claims

1. A method for generating audit trails, comprising:
- establishing a connection between an event listener component and at least one event source;
  
  collecting event data for one of a plurality of events from the at least one event source at the event listener component;
  
  responsive to collecting the event data, transmitting an event notification from the event listener component to a correlator;
  
  loading a process definition at the correlator, the process definition defining a plurality of state transitions each associated with different ones of the plurality of events;
  
  responsive to receiving the event notification, determining at the correlator that the event data is representative of a state transition to a final process state;
  
  traversing the process definition in reverse by a computer and, for each one of the plurality of state transitions, transmitting a query to the event listener component to retrieve the event associated with the one of the plurality of state transitions;
  
  determining if all of the events associated with the plurality of state transitions have been retrieved or have not been retrieved;
  
  generating, by the computer, at least one audit trail event at the correlator, based on the event data collected at the event listener component;
  
  wherein if all of the events associated with the plurality of state transitions are retrieved, a normal audit trail event is generated, and if one or more events associated with the plurality of state transitions are not retrieved, an anomaly audit trail event is generated; and
  
  transmitting the at least one audit trail event to a notification component.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, further comprising:
    - prior to establishing the connection, loading event mapping data at the event listener component.
  - 3. The method of claim 1, further comprising:
    - responsive to collecting the event data, storing the event data in a queue at the event listener component.
  - 4. The method of claim 1, wherein the query is transmitted via a query interface.
  - 5. The method of claim 1, further comprising, for each one of the plurality of state transitions:
    - following transmission of the query to the event listener component, if the associated event is not retrieved, suspending further processing until a jitter period has expired;
      
      following expiry of the jitter period, advancing to the next one of the plurality of state transitions.
  - 6. The method of claim 1, further comprising:
    - receiving the at least one audit trail event at the notification component;
      
      translating the received at least one audit trail event into a middleware message format; and
      
      forwarding the translated at least one audit trail event to an external system.
  - 7. The method of claim 1, wherein the event listener component further comprises an event provider and a guard evaluation component, and wherein collecting the event data comprises:
    - receiving the event data for the event from the at least one event source at the event provider;
      
      loading a guard condition associated with the event at the guard evaluation component;
      
      determining whether the guard condition is satisfied; and
      
      ,when the guard condition is satisfied, transmitting the event notification to the correlator and storing the event data in the queue.

8. A system for generating audit trails, comprising:
- a computer;
  
  an event listener component for establishing a connection to at least one event source, the event listener component configured to collect event data for one of a plurality of events from the at least one event source and to transmit an event notification;
  
  a correlator configured to load a process definition, the process definition defining a plurality of state transitions each associated with different ones of the plurality of events;
  
  the correlator further configured to determine, responsive to receiving the event notification, if the event data is representative of a state transition to a final process state; and
  
  , when the determination is affirmative, to traverse the process definition in reverse by a computer and, for each one of the plurality of state transitions, to transmit a query to the event listener component for retrieving the event associated with the one of the plurality of state transitions;
  
  the correlator further configured to receive the event notification and generate, by the computer, at least one audit trail event, based on the event data collected at the event listener component;
  
  the correlator being further configured, if all of the events associated with the plurality of state transitions are retrieved, to generate a normal audit trail event; and
  
  , if one or more of the events associated with the plurality of state transitions are not retrieved, to generate an anomaly audit trail event;
  
  the correlator further configured to transmit the at least one audit trail event; and
  
  ,a notification component configured to receive the at least one audit trail event from the correlator.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15)
- - 9. The system of claim 8, the event listener component being further configured to load event mapping data prior to establishing the connection.
  - 10. The system of claim 8, wherein the event listener component comprises a plurality of event listeners, each event listener including an event queue and being configured to store the event data in the event queue.
  - 11. The system of claim 8, further comprising a query interface for carrying the query transmitted by the correlator.
  - 12. The method of claim 8, the correlator being further configured:
    - for each one of the plurality of state transitions, following transmission of the query to the event listener component, if the associated event is not retrieved, to suspend further processing until a jitter period has expired; and
      
      following expiry of the jitter period, to advance to the next state transition.
  - 13. The system of claim 8, the notification component being further configured to receive the at least one audit trail event at the notification component, to translate the received at least one audit trail event into a middleware message format;
    - and to forward the translated at least one audit trail event to an external system.
  - 14. The system of claim 10, wherein each event listener further comprises:
    - an event provider configured to receive the event data for the event from the at least one event source; and
      
      a guard evaluation component configured to load a guard condition associated with the event, to determine whether the guard condition is satisfied, and, when the guard condition is satisfied, to transmit the event notification to the correlator and store the event data in the queue.
  - 15. The system of claim 12, wherein the correlator comprises a main event correlator for generating at least one audit trail event and a jitter compensator for suspending further processing until the jitter period has expired.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Decision-Zone Inc.
Original Assignee
Decision-Zone Inc.
Inventors
Bhargava, Rajeev
Primary Examiner(s)
Boswell; Beth V
Assistant Examiner(s)
FEACHER, LORENA R

Application Number

US11/530,885
Publication Number

US 20080065400A1
Time in Patent Office

1,646 Days
Field of Search

705/7, 705/11
US Class Current

705/7.11
CPC Class Codes

G06F 11/3612   by runtime analysis perform...

G06Q 10/063   Operations research, analys...

G06Q 10/06316   Sequencing of tasks or work

System and method for producing audit trails

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for producing audit trails

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links