Methods and systems for active data security enforcement during protected mode use of a system

US 9,053,335 B2
Filed: 03/14/2013
Issued: 06/09/2015
Est. Priority Date: 04/11/2011
Status: Active Grant

First Claim

Patent Images

1. A method for enforcing data security, comprising:

receiving user identification information from a screen of a device that is connectable to a database of secure information, the database being stored on a non-transitory computer readable medium;

receiving captured image data of a user associated with the user identification information;

authenticating the user initially based on the received identification information and the received captured image data;

providing access to the database, during a session, of secure information upon authenticating the user, and re-authenticating the user while the access is provided during the session, the re-authenticating occurring one or more times during the session and being based on analysis of captured image data received after the initial authentication and during the session; and

recording data of user interactive input, viewed images displayed on the screen, and captured image data corresponding to the user interactive input and viewed images while the access is provided;

monitoring the user interactive input and viewed images displayed to identify activities of the user for accessing the database while the access is provided; and

disabling the access to the database of secure information when the monitoring identifies a predefined security enforcement violation associated with an activity by the user during access to the database, wherein rules are assigned to the user to enable detection of the predefined security enforcement violation for the activities of the user, wherein the re-authenticating occurring one or more times during the session includes periodically performing the re-authentication or continuously performing the re-authentication during the session and the method being executed by a processor.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and method are provided for enforcing data security. One example method includes receiving user identification information from a screen of a device that is connectable to a database of secure information. The method includes authenticating the user identification information. The authenticating includes capturing image data of a user associated with the user identification information. The method provides access to the database of secure information upon authenticating the user identification information, such that while the access is provided the capturing of the image data of the user is maintained. The method includes recording data of user interactive input and viewed images displayed on the screen while the access provided. The method disables the access to the database of secure information upon detecting a predefined security enforcement violation associated with an activity by the user during access to the database. The method being executed by a processor.

51 Citations

View as Search Results

19 Claims

1. A method for enforcing data security, comprising:
- receiving user identification information from a screen of a device that is connectable to a database of secure information, the database being stored on a non-transitory computer readable medium;
  
  receiving captured image data of a user associated with the user identification information;
  
  authenticating the user initially based on the received identification information and the received captured image data;
  
  providing access to the database, during a session, of secure information upon authenticating the user, and re-authenticating the user while the access is provided during the session, the re-authenticating occurring one or more times during the session and being based on analysis of captured image data received after the initial authentication and during the session; and
  
  recording data of user interactive input, viewed images displayed on the screen, and captured image data corresponding to the user interactive input and viewed images while the access is provided;
  
  monitoring the user interactive input and viewed images displayed to identify activities of the user for accessing the database while the access is provided; and
  
  disabling the access to the database of secure information when the monitoring identifies a predefined security enforcement violation associated with an activity by the user during access to the database, wherein rules are assigned to the user to enable detection of the predefined security enforcement violation for the activities of the user, wherein the re-authenticating occurring one or more times during the session includes periodically performing the re-authentication or continuously performing the re-authentication during the session and the method being executed by a processor.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The method of claim 1, further comprising,generating audit data for the user when accessing the database of secure information.
  - 3. The method of claim 2, further comprising,storing the audit data for the user in a security database stored on non-transitory computer readable medium.
  - 4. The method of claim 2, wherein the audit data is associated with a date and time for one or more sessions of access to the database.
  - 5. The method of claim 2, wherein the audit data includes recorded information from one or more sensors, or one or more additional cameras for a location proximate to the screen, or audio captured proximate to the screen, or screen captures made of the screen, or user facial images captured in a viewing space of the screen.
  - 6. The method of claim 1, wherein the predefined security enforcement violation is defined for the activity when no user is present in proximity to the screen, or when multiple people are detected to be able to view the screen, or when a camera is detected to be directed toward the screen, or a combination thereof.
  - 7. The method of claim 2, wherein the audit data is made accessible to the users for reviewing, and enables user request to remove captured data, the requests to remove captured data being verified by a security administrator.
  - 8. The method of claim 2, wherein the audit data is associated with one or more user policy violations, each policy violation being searchable to enable review of the user and actions taken that produced each policy violation.
  - 9. The method of claim 2, wherein the audit data produces an audit trail for the user, and the audit trail includes one or more security alerts, the security alerts maintaining a binding of the user to actions taken by the user.
  - 10. The method of claim 1, wherein the user identification information is associated with image data, or picture data, or video data, or image recognition data, or biometric sensor data, or a temperature sensor, or a weight sensor, or combinations of one or more thereof.
  - 11. The method of claim 1, wherein the screen is associated with an apparatus, the apparatus is one of a standalone monitor, a tablet computer, a smartphone, a desktop computer, a laptop computer, a display device, or a touch screen.
  - 12. The method of claim 1, wherein the user identification information is of a human face.
  - 13. The method of claim 1, wherein the access is disabled upon detection of two or more people in proximity of the screen.
  - 14. The method of claim 1, wherein a security entity is alerted of policy violations or activity determined by rules to be violations for the access.
  - 15. The method of claim 1, wherein capturing image data of the user is performed either continuously or at predetermined intervals of time during a session of access.
  - 16. The method of claim 1, further comprising,enabling switching between a protected mode when accessing the database of secure information and a non-protected mode where no access is provided to the database of secure information.
  - 17. The method of claim 2, wherein the audit data includes screen captures made of the screen.

18. A system for enforcing data security, comprising:
- a memory; and
  
  a processor configured to receive, from a camera, captured image data of a user while accessing a screen, wherein the processor is configured to connect to a database of secure information stored on a tangible computer readable medium;
  
  wherein the processor transmits, to an authentication server, user identification information and the captured image data, wherein the processor initially receives an authentication of the user from the authentication server, the authentication being based on the user identification information and the captured image data, wherein the processor continues to transmit the captured image data while the access to the database, during a session, is provided;
  
  wherein the processor re-authenticates the user while the access is provided during the session, the re-authenticating occurring one or more times during the session and being based on analysis of captured image data received after the initial authentication and during the session;
  
  wherein the processor disables the access to the database of secure information when the authentication server identifies a predefined security enforcement violation associated with an activity by the user during access to the database, the activity by the user being based on an analysis of user interactive input and viewed images displayed on the screen while the access is provided, wherein rules are assigned to the user to enable detection of the predefined security enforcement violation for the activities of the user, wherein the re-authenticating occurring one or more times during the session includes periodically performing the re-authentication or continuously performing the re-authentication during the session.

19. A non-transitory computer-readable storage medium storing a computer program for enforcing data security, the computer-readable storage medium comprising:
- program instructions for receiving user identification information from a screen of a device that is connectable to a database of secure information, the database being stored on a non-transitory computer readable medium;
  
  program instructions for receiving captured image data of a user associated with the user identification information;
  
  program instructions for authenticating the user initially based on the received identification information and the received captured image data;
  
  program instructions for providing access to the database, during a session, of secure information upon authenticating the user, and re-authenticating the user while the access is provided during the session, the re-authenticating occurring one or more times during the session and being based on analysis of captured image data received after the initial authentication and during the session; and
  
  program instructions for recording data of user interactive input, viewed images displayed on the screen, and captured image data corresponding to the user interactive input and viewed images while the access is provided;
  
  program instructions for monitoring the user interactive input and viewed images displayed to identify activities of the user for accessing the database while the access is provided; and
  
  program instructions for disabling the access to the database of secure information when the monitoring identifies a predefined security enforcement violation associated with an activity by the user during access to the database, wherein rules are assigned to the user to enable detection of the predefined security enforcement violation for the activities of the user wherein the re-authenticating occurring one or more times during the session includes periodically performing the re-authentication or continuously performing the re-authentication during the session.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
NSS Lab Works LLC
Original Assignee
NSS Lab Works LLC
Inventors
Sambamurthy, Namakkal S., Krishnan, Parthasarathy
Primary Examiner(s)
Gee, Jason K
Assistant Examiner(s)
Ullah, Sharif E

Application Number

US13/830,527
Publication Number

US 20130205367A1
Time in Patent Office

817 Days
Field of Search

726/1, 726/2, 726/21, 726/36, 713/150, 713/163, 713/181, 380/255, 380/264, 380/276
US Class Current

1/1
CPC Class Codes

G06F 21/31   User authentication

G06F 21/32   using biometric data, e.g. ...

G06F 21/554   involving event detection a...

G06F 21/60   Protecting data

G06F 21/6209   to a single file or object,...

G06F 21/84   output devices, e.g. displa...

G06F 2221/2153   Using hardware token as a s...

G06T 2207/10   Image acquisition modality

G06T 2207/30201   Face

G06V 30/224   of printed characters havin...

G06V 40/172   Classification, e.g. identi...

H04L 63/083   using passwords cryptograph...

H04L 63/0861   using biometrical features,...

H04L 63/105   Multiple levels of security

H04L 63/20   for managing network securi...

Methods and systems for active data security enforcement during protected mode use of a system

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

51 Citations

19 Claims

Specification

Use Cases

Quick Links

Others

Methods and systems for active data security enforcement during protected mode use of a system

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

51 Citations

19 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others