Continuous monitoring of computer user and computer activities
First Claim
Patent Images
1. A method for securing a computer device, the method comprising:
- receiving, by a security server, interaction data for a user interfacing with the computer device while the user is authenticated for accessing at least one computer resource, the interaction data including keyboard inputs, images taken of the user during the access and screen captures taken periodically;
performing optical character recognition (OCR) to identify text in the screen captures;
extracting semantic data from the interaction data and from the text in the screen captures, the semantic data identifying user activities associated with the interaction data;
generating a schema based on the extracted semantic data, the schema including tags that are descriptive of at least one of the identified user activity and the associated interaction data;
analyzing the schema based on a model to identify security threats associated with the user activities;
creating an alarm when non-conforming behavior for at least one user activity is detected, the alarm including a binding of the one or more user activities, one or more tags, keyboard inputs, and screen captures associated with the one or more user activities; and
sending a command from the security server to terminate access to the at least one computer resource in response to the alarm, wherein operations of the method are executed by a processor.
2 Assignments
0 Petitions
Accused Products
Abstract
Methods, systems, and computer programs are presented for securing a computer device. One method includes an operation for capturing interaction data for a user interfacing with the computer device, the interaction data including keyboard inputs and screen captures taken periodically. Further, the method includes operations for extracting semantic meaning of the interaction data, and generating a schema, based on the extracted semantic meaning, to create meaningful tags for the interaction data. The schema is analyzed based on a model in order to identify security threats, and an alarm is created when non-conforming behavior for the model is detected.
-
Citations
18 Claims
-
1. A method for securing a computer device, the method comprising:
-
receiving, by a security server, interaction data for a user interfacing with the computer device while the user is authenticated for accessing at least one computer resource, the interaction data including keyboard inputs, images taken of the user during the access and screen captures taken periodically; performing optical character recognition (OCR) to identify text in the screen captures; extracting semantic data from the interaction data and from the text in the screen captures, the semantic data identifying user activities associated with the interaction data; generating a schema based on the extracted semantic data, the schema including tags that are descriptive of at least one of the identified user activity and the associated interaction data; analyzing the schema based on a model to identify security threats associated with the user activities; creating an alarm when non-conforming behavior for at least one user activity is detected, the alarm including a binding of the one or more user activities, one or more tags, keyboard inputs, and screen captures associated with the one or more user activities; and sending a command from the security server to terminate access to the at least one computer resource in response to the alarm, wherein operations of the method are executed by a processor. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A computer device comprising:
-
a memory; a processor; an interface to an image capture device for receiving images of a user while accessing the computer device; and a keyboard for receiving keyboard inputs, wherein the memory includes a computer program that, when executed by the processor, performs a method, the method comprising; authenticate the user on a security server for accessing at least one computer resource; perform optical character recognition (OCR) to identify text in screen captures; extracting semantic data from the text in the screen captures and from interaction data that includes the screen captures, images of the user and the keyboard inputs, the semantic data identifying user activities associated with the interaction data; generating a schema based on the extracted semantic data, the schema including tags that are descriptive of at least one of the identified user activity and the associated interaction data; analyzing the schema based on a defined model to identify security threats associated with the user activities; creating an alarm when a security threat is identified, the alarm including a binding of the one or more user activities, one or more tags, keyboard inputs, and screen captures associated with the one or more user activities; and sending a command to the security server to terminate access to the at least one computer resource in response to the alarm.
-
-
11. A computer program embedded in a non-transitory computer-readable storage medium, when executed by one or more processors, for securing a computer device, the computer program comprising:
-
program instructions for receiving, by a security server, interaction data for a user interfacing with the computer device while the user is authenticated for accessing at least one computer resource, the interaction data including keyboard inputs, images taken of the user during the access and screen captures taken periodically; program instructions for performing optical character recognition (OCR) to identify text in the screen captures; program instructions for extracting semantic data from the interaction data and from the text in the screen captures, the semantic data identifying user activities associated with the interaction data; program instructions for generating a schema based on the extracted semantic data, the schema including tags that are descriptive of at least one of the identified user activity and the associated interaction data; program instructions for analyzing the schema based on a model to identify security threats associated with the user activities; program instructions for creating an alarm when non-conforming behavior for at least one user activity is detected, the alarm including a binding of the one or more user activities, one or more tags, keyboard inputs, and screen captures associated with the one or more user activities; and sending a command from the security server to terminate access to the at least one computer resource in response to the alarm. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
-
Specification