Role based identity tracker

US 8,972,325 B2
Filed: 07/01/2009
Issued: 03/03/2015
Est. Priority Date: 07/01/2009
Status: Active Grant

First Claim

Patent Images

1. A method to detect fraudulent behavior, performed by one or more processors, comprising:

associating, using the one or more processors, a plurality of users having similar job responsibilities with a common role in a business entity, with the plurality of users performing a certain set of business-related tasks related to the similar job responsibilities, where users performing the certain set of business-related tasks are authorized to perform similar role-related transactions using common web service enabled business applications;

monitoring, using the one or more processors, workflow and collaboration processes across the common web service enabled business applications used by the plurality of users associated with the common role when performing the similar role-related transactions;

receiving specific individual activities over time that are uniquely associated with each of the user'"'"'s individual performance of the certain set of business-related tasks related to the common role;

in response to the specific individual activities for each user, generating, using the one or more processors, a role profile for each user in the plurality of users associated with the common role, wherein the role profile associated with each user represents behaviors that are unique and vary according to each user performing the certain set of business-related tasks;

comparing, using the one or more processors, the role profiles of the plurality of users associated with the common role to identify behavioral differences between the plurality of users performing the certain set of business-related tasks related to the common role;

determining, using the one or more processors, a presence of anomalous behavior by analyzing the behavioral differences between the plurality of users to determine whether the behavioral differences represent anomalous behavior with respect to the common role; and

outputting, using the one or more processors, an alert in response to determining the behavioral differences represent anomalous behavior.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Particular embodiments use roles to determine anomalies in a user'"'"'s behavior. Different roles may be defined for a business. For example, users that have similar job responsibilities are grouped in a role. Behavior information is then monitored for the plurality of users in the role. This may include transactions or other actions taken by the user. Over time, a profile can be generated for the user based on the monitored behavior. This profile learns the user'"'"'s behavior. Information for the user'"'"'s behavior may then be compared to other users'"'"' profiles in the same role to determine anomalies in the user'"'"'s behavior over time. For example, when differences in activities occur for a user as compared to other users with the same role, a message may be generated that indicates that there may be an anomaly in the user'"'"'s behavior. This alert may then be output.

27 Citations

View as Search Results

20 Claims

1. A method to detect fraudulent behavior, performed by one or more processors, comprising:
- associating, using the one or more processors, a plurality of users having similar job responsibilities with a common role in a business entity, with the plurality of users performing a certain set of business-related tasks related to the similar job responsibilities, where users performing the certain set of business-related tasks are authorized to perform similar role-related transactions using common web service enabled business applications;
  
  monitoring, using the one or more processors, workflow and collaboration processes across the common web service enabled business applications used by the plurality of users associated with the common role when performing the similar role-related transactions;
  
  receiving specific individual activities over time that are uniquely associated with each of the user'"'"'s individual performance of the certain set of business-related tasks related to the common role;
  
  in response to the specific individual activities for each user, generating, using the one or more processors, a role profile for each user in the plurality of users associated with the common role, wherein the role profile associated with each user represents behaviors that are unique and vary according to each user performing the certain set of business-related tasks;
  
  comparing, using the one or more processors, the role profiles of the plurality of users associated with the common role to identify behavioral differences between the plurality of users performing the certain set of business-related tasks related to the common role;
  
  determining, using the one or more processors, a presence of anomalous behavior by analyzing the behavioral differences between the plurality of users to determine whether the behavioral differences represent anomalous behavior with respect to the common role; and
  
  outputting, using the one or more processors, an alert in response to determining the behavioral differences represent anomalous behavior.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1 wherein comparing occurs concurrently with monitoring.
  - 3. The method of claim 1 wherein the common role is a business role required by the entity to be performed by the plurality of users.
  - 4. The method of claim 3 where the business role is processing loans of a certain type and where the certain set of tasks relate to processing loans.
  - 5. The method of claim 3 where the business role is procurement manager and where the certain set of tasks relate authorizing purchases of a certain type.
  - 6. The method of claim 1 wherein monitoring further includes concurrently monitoring workflow and collaboration processes for the plurality of users during a common interval of time.
  - 7. The method of claim 1 wherein the anomalous behavior comprises an activity-based anomaly that is determined to be different from profiled activity for each of the plurality of users.

8. A non-transitory computer-readable storage medium comprising encoded logic for execution by the one or more computer processors, the logic when executed is operable to:
- associate a plurality of users having similar job responsibilities with a common role in a business entity, with the plurality of users performing a certain set of business-related tasks related to the similar job responsibilities, where users performing the certain set of business-related tasks are authorized to perform similar role-related transactions using common web service enabled business applications;
  
  monitor workflow and collaboration processes across the common web service enabled business applications used by the plurality of users associated with the common role when performing the similar role-related transactions;
  
  receive specific individual activities over time that are uniquely associated with each of the user'"'"'s individual performance of the certain set of business-related tasks related to the common role;
  
  in response to the specific individual activities for each user, generate a role profile for the plurality of users associated with the common role, wherein the role profile associated with each user represents behaviors that are unique and vary according to each user performing the certain set of business-related tasks;
  
  compare the role profiles of the plurality of users associated with the common role to identify behavioral differences between the plurality of users performing the certain set of business-related tasks related to the common role;
  
  determine a presence of anomalous behavior by analyzing the behavioral differences between the plurality of users to determine whether the behavioral differences represent anomalous behavior with respect to the common role; and
  
  output an alert in response to determining the presence of the anomalous behavior.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16)
- - 9. The non-transitory computer-readable storage medium of claim 8 wherein logic operable to monitor behavior comprises logic operable to monitor the workflow and collaboration processes concurrently with comparing users'"'"' profiled for anomalous behavior.
  - 10. The non-transitory computer-readable storage medium of claim 8 wherein the common role is a business role required by the entity to be performed by the plurality of users.
  - 11. The non-transitory computer readable medium of claim 10 where the business role is processing loans of a certain type and where the certain set of tasks relate to processing loans.
  - 12. The non-transitory computer readable medium of claim 10 where the business role is procurement manager and where the certain set of tasks relate authorizing purchases of a certain type.
  - 13. The non-transitory computer-readable storage medium of claim 8 wherein logic operable to monitor comprises logic operable to concurrently monitor workflow and collaboration processes of the plurality of users during a common interval of time.
  - 14. The non-transitory computer-readable storage medium of claim 8 wherein the anomalous behavior comprises an activity-based anomaly that is determined to be different from profiled activity for each of the plurality of users.
  - 15. The non-transitory computer-readable storage medium of claim 8 further including logic operable to terminate the logic operable to monitor and to compare users'"'"' profiles to determine anomalous behavior after the logic operable to monitor has terminated.
  - 16. The non-transitory computer-readable storage medium of claim 15 wherein logic operable to compare operates following an interval of time after the logic operable to monitor has terminated.

17. An apparatus comprising:
- one or more processors; and
  
  logic encoded in one or more non-transitory computer readable storage media for execution by the one or more computer processors and when executed operable to;
  
  associate a plurality of users having similar job responsibilities with a common role in a business entity, with the plurality of users performing a certain set of business-related tasks related to the similar job responsibilities, where users performing the certain set of business-related tasks are authorized to perform similar role-related transactions using common web service enabled business applications;
  
  monitor workflow and collaboration processes across the common web service enabled business applications used by the plurality of users associated with the common role when performing the similar role-related transactions;
  
  receive specific individual activities over time that are uniquely associated with each of the user'"'"'s individual performance of the certain set of business-related tasks related to the common role;
  
  in response to the specific individual activities for each user, generate a role profile for the plurality of users associated with the common role, wherein the role profile associated with each user represents behaviors that are unique and vary according to each user performing the certain set of business-related tasks;
  
  compare the role profiles of the plurality of users associated with the common role to identify behavioral differences between the plurality of users performing the certain set of business-related tasks related to the common role;
  
  determine a presence of anomalous behavior by analyzing the behavioral differences between the plurality of users to determine whether the behavioral differences represent anomalous behavior with respect to the common role; and
  
  output an alert in response to determining the presence of the anomalous behavior.
- View Dependent Claims (18, 19, 20)
- - 18. The apparatus of claim 17 wherein logic operable to monitor comprises logic operable to monitor concurrently workflow and collaboration processes with comparing users'"'"' profiles for anomalous behavior.
  - 19. The apparatus of claim 17 where the common role is a business role required by the entity to be performed by the plurality of users.
  - 20. The apparatus of claim 19 where the business role is processing loans of a certain type and where the certain set of tasks relate to processing loans.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
Varghese, Thomas
Primary Examiner(s)
Gaffin, Jeffrey A
Assistant Examiner(s)
Traktovenko, Ilya

Application Number

US12/496,598
Publication Number

US 20110004580A1
Time in Patent Office

2,071 Days
Field of Search

706/47, 706/46, 706/45, 706/62
US Class Current

706/47
CPC Class Codes

G06N 20/00   Machine learning

G06Q 30/0185   Product, service or busines...

G06Q 30/02   Marketing; Price estimation...

Role based identity tracker

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

27 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Role based identity tracker

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

27 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links