Role based identity tracker
First Claim
1. A method to detect fraudulent behavior, performed by one or more processors, comprising:
- associating, using the one or more processors, a plurality of users having similar job responsibilities with a common role in a business entity, with the plurality of users performing a certain set of business-related tasks related to the similar job responsibilities, where users performing the certain set of business-related tasks are authorized to perform similar role-related transactions using common web service enabled business applications;
monitoring, using the one or more processors, workflow and collaboration processes across the common web service enabled business applications used by the plurality of users associated with the common role when performing the similar role-related transactions;
receiving specific individual activities over time that are uniquely associated with each of the user'"'"'s individual performance of the certain set of business-related tasks related to the common role;
in response to the specific individual activities for each user, generating, using the one or more processors, a role profile for each user in the plurality of users associated with the common role, wherein the role profile associated with each user represents behaviors that are unique and vary according to each user performing the certain set of business-related tasks;
comparing, using the one or more processors, the role profiles of the plurality of users associated with the common role to identify behavioral differences between the plurality of users performing the certain set of business-related tasks related to the common role;
determining, using the one or more processors, a presence of anomalous behavior by analyzing the behavioral differences between the plurality of users to determine whether the behavioral differences represent anomalous behavior with respect to the common role; and
outputting, using the one or more processors, an alert in response to determining the behavioral differences represent anomalous behavior.
1 Assignment
0 Petitions
Accused Products
Abstract
Particular embodiments use roles to determine anomalies in a user'"'"'s behavior. Different roles may be defined for a business. For example, users that have similar job responsibilities are grouped in a role. Behavior information is then monitored for the plurality of users in the role. This may include transactions or other actions taken by the user. Over time, a profile can be generated for the user based on the monitored behavior. This profile learns the user'"'"'s behavior. Information for the user'"'"'s behavior may then be compared to other users'"'"' profiles in the same role to determine anomalies in the user'"'"'s behavior over time. For example, when differences in activities occur for a user as compared to other users with the same role, a message may be generated that indicates that there may be an anomaly in the user'"'"'s behavior. This alert may then be output.
27 Citations
20 Claims
-
1. A method to detect fraudulent behavior, performed by one or more processors, comprising:
-
associating, using the one or more processors, a plurality of users having similar job responsibilities with a common role in a business entity, with the plurality of users performing a certain set of business-related tasks related to the similar job responsibilities, where users performing the certain set of business-related tasks are authorized to perform similar role-related transactions using common web service enabled business applications; monitoring, using the one or more processors, workflow and collaboration processes across the common web service enabled business applications used by the plurality of users associated with the common role when performing the similar role-related transactions; receiving specific individual activities over time that are uniquely associated with each of the user'"'"'s individual performance of the certain set of business-related tasks related to the common role; in response to the specific individual activities for each user, generating, using the one or more processors, a role profile for each user in the plurality of users associated with the common role, wherein the role profile associated with each user represents behaviors that are unique and vary according to each user performing the certain set of business-related tasks; comparing, using the one or more processors, the role profiles of the plurality of users associated with the common role to identify behavioral differences between the plurality of users performing the certain set of business-related tasks related to the common role; determining, using the one or more processors, a presence of anomalous behavior by analyzing the behavioral differences between the plurality of users to determine whether the behavioral differences represent anomalous behavior with respect to the common role; and outputting, using the one or more processors, an alert in response to determining the behavioral differences represent anomalous behavior. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A non-transitory computer-readable storage medium comprising encoded logic for execution by the one or more computer processors, the logic when executed is operable to:
-
associate a plurality of users having similar job responsibilities with a common role in a business entity, with the plurality of users performing a certain set of business-related tasks related to the similar job responsibilities, where users performing the certain set of business-related tasks are authorized to perform similar role-related transactions using common web service enabled business applications; monitor workflow and collaboration processes across the common web service enabled business applications used by the plurality of users associated with the common role when performing the similar role-related transactions; receive specific individual activities over time that are uniquely associated with each of the user'"'"'s individual performance of the certain set of business-related tasks related to the common role; in response to the specific individual activities for each user, generate a role profile for the plurality of users associated with the common role, wherein the role profile associated with each user represents behaviors that are unique and vary according to each user performing the certain set of business-related tasks; compare the role profiles of the plurality of users associated with the common role to identify behavioral differences between the plurality of users performing the certain set of business-related tasks related to the common role; determine a presence of anomalous behavior by analyzing the behavioral differences between the plurality of users to determine whether the behavioral differences represent anomalous behavior with respect to the common role; and output an alert in response to determining the presence of the anomalous behavior. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. An apparatus comprising:
-
one or more processors; and logic encoded in one or more non-transitory computer readable storage media for execution by the one or more computer processors and when executed operable to; associate a plurality of users having similar job responsibilities with a common role in a business entity, with the plurality of users performing a certain set of business-related tasks related to the similar job responsibilities, where users performing the certain set of business-related tasks are authorized to perform similar role-related transactions using common web service enabled business applications; monitor workflow and collaboration processes across the common web service enabled business applications used by the plurality of users associated with the common role when performing the similar role-related transactions; receive specific individual activities over time that are uniquely associated with each of the user'"'"'s individual performance of the certain set of business-related tasks related to the common role; in response to the specific individual activities for each user, generate a role profile for the plurality of users associated with the common role, wherein the role profile associated with each user represents behaviors that are unique and vary according to each user performing the certain set of business-related tasks; compare the role profiles of the plurality of users associated with the common role to identify behavioral differences between the plurality of users performing the certain set of business-related tasks related to the common role; determine a presence of anomalous behavior by analyzing the behavioral differences between the plurality of users to determine whether the behavioral differences represent anomalous behavior with respect to the common role; and output an alert in response to determining the presence of the anomalous behavior. - View Dependent Claims (18, 19, 20)
-
Specification