Layered graphical event mapping

US 9,008,617 B2
Filed: 12/28/2006
Issued: 04/14/2015
Est. Priority Date: 12/28/2006
Status: Active Grant

First Claim

Patent Images

1. A processor-implemented method, comprising:

receiving fraud information about a plurality of fraud events that were facilitated by a network, the fraud information including, for each of the fraud events, a network address identifying a network point that facilitated the respective fraud event;

receiving network intrusion information about a plurality of intrusion events occurring in the network, where each intrusion event comprises an unauthorized attempt to enter or use a system of the network via a network point, and the network intrusion information includes, for each of the plurality of intrusion events, a network address of the network point associated with the respective intrusion event;

receiving physical crime information associated with a plurality of physical crimes, wherein the physical crime information includes geographical locations that are associated with the plurality of physical crimes, and a description of each of the plurality of physical crimes;

automatically correlating via a processor the network addresses of the network intrusion information and the network addresses of the fraud information with location information for the network points of the network to determine physical locations associated with the plurality of fraud events and physical locations associated with the plurality of intrusion events;

generating via the processor a map of subject specific overlays displaying in layers;

a fraud events overlay of geographical locations of the physical locations associated with the plurality of fraud events, an intrusion events overlay of geographical locations of the physical locations associated with the plurality of intrusion events, and a physical crime events overlay of geographical locations of the physical crime locations;

identifying via the processor geographical pockets of threats derived from the fraud event locations, the intrusion events locations, and the physical crime locations, displayed on the generated multi-overlay map; and

prioritizing via the processor threat response resources according to the identified geographical pockets of threats.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system, method and computer program product for graphically overlaying multiple types of events in order to facilitate determining one or more courses of action are each disclosed. Events are received from an event detection system or from another source, correlated with an address or location, and representatively mapped on an electronic map configured to be displayed on a display device. Mapped events may include cyber attacks or intrusions, credit card fraud based on the location of use of the credit card, check (and check-card) fraud based on usage location, 911 calls, law enforcement demographic data, and telecommunications based fraud.

Citations

28 Claims

1. A processor-implemented method, comprising:
- receiving fraud information about a plurality of fraud events that were facilitated by a network, the fraud information including, for each of the fraud events, a network address identifying a network point that facilitated the respective fraud event;
  
  receiving network intrusion information about a plurality of intrusion events occurring in the network, where each intrusion event comprises an unauthorized attempt to enter or use a system of the network via a network point, and the network intrusion information includes, for each of the plurality of intrusion events, a network address of the network point associated with the respective intrusion event;
  
  receiving physical crime information associated with a plurality of physical crimes, wherein the physical crime information includes geographical locations that are associated with the plurality of physical crimes, and a description of each of the plurality of physical crimes;
  
  automatically correlating via a processor the network addresses of the network intrusion information and the network addresses of the fraud information with location information for the network points of the network to determine physical locations associated with the plurality of fraud events and physical locations associated with the plurality of intrusion events;
  
  generating via the processor a map of subject specific overlays displaying in layers;
  
  a fraud events overlay of geographical locations of the physical locations associated with the plurality of fraud events, an intrusion events overlay of geographical locations of the physical locations associated with the plurality of intrusion events, and a physical crime events overlay of geographical locations of the physical crime locations;
  
  identifying via the processor geographical pockets of threats derived from the fraud event locations, the intrusion events locations, and the physical crime locations, displayed on the generated multi-overlay map; and
  
  prioritizing via the processor threat response resources according to the identified geographical pockets of threats.
- View Dependent Claims (2, 3, 4, 5, 11, 12, 13, 14, 15, 16, 24, 25, 26, 27, 28)
- - 2. The method of claim 1, wherein receiving fraud information about a fraud event comprises receiving a description of the fraud event and at least one telephone number.
  - 3. The method of claim 2, wherein correlating the fraud information with location information to determine a plurality of physical locations associated with the events comprises electronically correlating the at least one phone number with at least one of an inventory database and a billing database to determine at least one physical location associated with the fraud event.
  - 4. The method of claim 1, wherein receiving fraud information about a fraud event comprises receiving from a fraud detection system that electronically reviews call detail records a description of the fraud event and at least one telephone number.
  - 5. The method of claim 1, further comprising electronically generating a map with a computing device and mapping software and electronically displaying on a display device computer-generated icons that show the geographical plurality of physical locations associated with the fraud event, the geographical locations of the identified network points and the geographical locations of the physical crime locations.
  - 11. The method of claim 1, further comprising:
    - determining via the processor a cumulative risk of the identified geographic pockets of threats, wherein the cumulative risk is determined relative to a predetermined risk threshold.
  - 12. The method of claim 5, further comprising including non-crime data along with the subject specific overlays, the non-crime data including at least one of sales information, census figures, and property values.
  - 13. The method of claim 12, further comprising prioritizing the threat response resources further accounting for the non-crime data.
  - 14. The method of claim 5, further comprising sizing the computer-generated icons on the display device according to a magnitude of a respective activity represented by the respective computer-generated icons.
  - 15. The method of claim 14, wherein the magnitude of the respective activity represents a cumulative crime risk associated with the location of the respective computer-generated icons.
  - 16. The method of claim 15, wherein the cumulative crime risk represents cumulative risk of intrusion, fraud and physical crime associated with the location.
  - 24. A computer program product, comprising:
    - a non-transitory computer readable medium having computer readable code embodied therein, the computer readable code being configured to, when executed by a processor of a computing device, cause the computing device to perform the method of claim 1.
  - 25. The computer program product of claim 24, wherein the computer readable code is further configured to, when executed by the processor, cause the computing device to receive a description of each of the plurality of fraud events and at least one telephone number of each of the plurality of fraud events.
  - 26. The computer program product of claim 24, wherein the computer readable code is further configured to, when executed by the processor, cause the computing device to electronically correlate each of the at least one phone numbers with at least one of an inventory database and a billing database to determine each of the plurality of physical locations associated with the fraud events.
  - 27. The computer program product of claim 24, wherein the computer readable code is further configured to, when executed by the processor, cause the computing device to receive from a fraud detection system that electronically reviews call detail records a description of the fraud events and each of the at least one telephone numbers.
  - 28. The computer program product of claim 24, wherein the computer readable code is further configured to, when executed by the processor, cause the computing device to electronically generate a multi-overlay map with a computing device and mapping software and electronically display on a display device computer-generated icons that show the geographical locations of the plurality of physical locations associated with the fraud events, the geographical locations of the identified network points and the geographical locations of the physical crime locations.

6. A system comprising:
- a fraud detection system configured to electronically review call detail records and identify suspected fraudulent events that were facilitated by a network, thereby creating fraud information that includes, for each of the fraud events, a network address identifying a network point that facilitated the respective fraud event;
  
  an intrusion detection system configured to electronically review network information and identify network intrusion events occurring in the network, where each intrusion event comprises an unauthorized attempt to enter or use a system of the network via a network point, thereby generating network intrusion information that includes, for each of the plurality of network intrusion events, a network address of the network point associated with the respective network intrusion event;
  
  a physical crimes database configured to electronically store locations of occurrences of physical crimes;
  
  a location/GPS engine configured to automatically correlate said network addresses of fraud information with one or more physical locations according to the call detail records, automatically correlate said network addresses of the network intrusion information with one or more physical locations, and obtain from said physical crimes database the locations of said occurrences of physical crimes; and
  
  an electronic mapping system configured to receive fraud-location information indicating physical locations associated with the fraud events from said location/GPS engine, map said fraud-location information according to a fraud events overlay on an electronic multi-overlay map that is displayed on a display device, receive network-intrusion-location information indicating physical locations associated with the network intrusion events from said location/GPS engine, map said network-intrusion-location information on an intrusion events overlay of the electronic multi-overlay map that is displayed on the display device, receive physical-crime-location information indicating the locations of said occurrences of physical crimes from said location/GPS engine, map said physical-crime-location information on a physical crime events overlay of the electronic multi-overlay map that is displayed on the display device, identify geographical pockets of threats derived from the physical location information displayed on the electronic multi-overlay map, and prioritize threat response resources according to the identified geographical pockets of threats.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The system of claim 6, wherein said fraud information comprises at least a portion of one or more telephone numbers.
  - 8. The system of claim 6, wherein correlating said fraud information with one or more physical locations comprises using said at least a portion of one or more telephone numbers correlated against a location database to determine said one or more physical locations.
  - 9. The system of claim 8, wherein the location database is comprised of at least one of an inventory database and a billing database.
  - 10. The system of claim 6, wherein said one or more physical locations are provided as one of street addresses, latitude and longitude, horizontal and vertical coordinates, or combinations thereof.

17. A system comprising:
- a fraud database comprised of fraud information associated with a plurality of fraud events that were facilitated by a network, the fraud information including, for each of the fraud events, a network address identifying a network point that facilitated the respective fraud event;
  
  an intrusion database comprised of intrusion information about a plurality of intrusion events occurring in the network, where each intrusion event comprises an unauthorized attempt to enter or use a system of the network via a network point, and the network intrusion information includes, for each of the plurality of intrusion events, a network address of the network point associated with the respective intrusion event;
  
  a physical crimes database comprised of physical crime information that is associated with at least the locations of the occurrences of a plurality of physical crimes;
  
  a location/GPS engine configured to receive said fraud information from said fraud database and said intrusion information from said intrusion database, correlate the network addresses of said fraud information with physical locations thereby obtaining physical locations associated with the fraud events, and correlate the network addresses of said intrusion information with physical locations thereby obtaining physical locations associated with the intrusion events;
  
  a mapping database configured to receive at least said physical locations of the fraud events and said physical locations of the intrusion events from said location/GPS engine and said locations of the occurrences of the plurality of physical crimes from the physical crimes database to form mapping information; and
  
  an electronic mapping system map that is configured toretrieve said mapping information from said mapping database,display in layers said physical locations of said fraud events in a fraud events overlay, said physical locations of the intrusion events in an intrusion events overlay, and the physical locations of said physical crimes via computer-generated icons in a physical crime events overlay, on an electronic multi-overlay map that is displayed on a display device,size the computer-generated icons on the display device according to a magnitude of a respective activity represented by the respective computer-generated icons,identify geographical pockets of threats derived from the fraud event locations, the identified network point locations, and the physical crime locations, displayed on the multi-overlay map, andprioritize via the processor threat response resources according to the identified geographical pockets of threats.
- View Dependent Claims (18, 19, 20, 21, 22, 23)
- - 18. The system of claim 17, wherein said fraud information is comprised of at least a portion of one or more telephone numbers.
  - 19. The system of claim 18, wherein correlating said fraud information with the plurality of physical locations comprises using said at least a portion of one or more telephone numbers correlated against a location database to determine said plurality of physical locations.
  - 20. The system of claim 19, wherein the location database is comprised of at least one of an inventory database and a billing database.
  - 21. The system of claim 17, wherein said intrusion information comprises at least a portion of one or more Internet Protocol (IP) addresses.
  - 22. The system of claim 21, wherein correlating said intrusion information with the plurality of physical locations comprises using said at least a portion of one or more IP addresses correlated against a location database to determine the plurality of physical locations.
  - 23. The system of claim 22, wherein the location database comprises at least an address routing protocol (ARP) database.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Verizon Patent and Licensing Incorporated (Verizon Communications Inc.)
Original Assignee
Verizon Patent and Licensing Incorporated (Verizon Communications Inc.)
Inventors
McConnell, James T.
Primary Examiner(s)
Brandt, Christopher M
Assistant Examiner(s)
DEAN, JR, JOSEPH E

Application Number

US11/617,140
Publication Number

US 20080162556A1
Time in Patent Office

3,029 Days
Field of Search

455/404.1, 455/404.2, 455/406, 455/410, 4554561- 3, 707/104.1, 726/22, 726/26
US Class Current

455/410
CPC Class Codes

G06F 21/552 involving long-term monitor...

G06F 2221/2111 Location-sensitive, e.g. ge...

Layered graphical event mapping

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

28 Claims

Specification

Solutions

Use Cases

Quick Links

Layered graphical event mapping

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

28 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links