Methods and systems for enterprise data use monitoring and auditing user-data interactions

US 9,081,980 B2
Filed: 03/14/2013
Issued: 07/14/2015
Est. Priority Date: 04/11/2011
Status: Active Grant

First Claim

Patent Images

1. A method for managing data use of an enterprise, comprising,(a) receiving login parameters from a user associated with user identification information, the login parameters being supplied through a user interface of a screen;

(b) authenticating the login parameters;

(c) authenticating the user information to determine if the login parameters match the user identification information;

(d) providing access to specific data in a database that stores enterprise information, the specific data being managed by policy rules that determine if the specific data is shared by users of the enterprise and determine if the specific data is private to the user;

(e) upon providing access, initiating video capture of a viewing space for the screen, the video capture being stored in a non-volatile medium, the viewing space being configured to include a location where the user associate with the user identification information is predefined to reside when accessing the specific data;

(f) during the video capture, capturing image data presented on the screen, text embedded within the image data presented on the screen, and input received for the user interface of the screen, wherein the captured image data, text embedded within the image data, and the input received are stored in the non-volatile medium; and

(g) binding the video capture, the captured image data presented on the screen, the text embedded within the image data, and the input received, the binding acting to define audit data that defines a link between the user and actions taken by the user regarding the specific data, wherein the audit data is associated with one or more user policy violations, each policy violation being searchable to enable review of the user and actions taken that produced each policy violation, wherein the method is executed by a processor.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for managing data use of an enterprise is disclosed. The method includes receiving login parameters from a user associated with user identification information. The method authenticates the login parameters and the user information to determine if the login parameters match the user identification information. The method provides access to specific data in a database that stores enterprise information. Upon providing access, initiating video capture of a viewing space for the screen, the viewing space being configured to include a location where the user associate with the user identification information is predefined to reside when accessing the specific data. During the video capture, capturing image data presented on the screen and input received for the user interface of the screen. The method acts to bind the video capture and the captured image data presented on the screen and the input received.

48 Citations

View as Search Results

16 Claims

1. A method for managing data use of an enterprise, comprising,(a) receiving login parameters from a user associated with user identification information, the login parameters being supplied through a user interface of a screen;
- (b) authenticating the login parameters;
  
  (c) authenticating the user information to determine if the login parameters match the user identification information;
  
  (d) providing access to specific data in a database that stores enterprise information, the specific data being managed by policy rules that determine if the specific data is shared by users of the enterprise and determine if the specific data is private to the user;
  
  (e) upon providing access, initiating video capture of a viewing space for the screen, the video capture being stored in a non-volatile medium, the viewing space being configured to include a location where the user associate with the user identification information is predefined to reside when accessing the specific data;
  
  (f) during the video capture, capturing image data presented on the screen, text embedded within the image data presented on the screen, and input received for the user interface of the screen, wherein the captured image data, text embedded within the image data, and the input received are stored in the non-volatile medium; and
  
  (g) binding the video capture, the captured image data presented on the screen, the text embedded within the image data, and the input received, the binding acting to define audit data that defines a link between the user and actions taken by the user regarding the specific data, wherein the audit data is associated with one or more user policy violations, each policy violation being searchable to enable review of the user and actions taken that produced each policy violation, wherein the method is executed by a processor.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The method for managing data use of an enterprise as recited in claim 1, wherein the audit data is associated with a data and time for one or more sessions of access to the specific data, the specific data being of the enterprise.
  - 3. The method for managing data use of an enterprise as recited in claim 1, wherein the audit data includes recorded information from one or more sensors, or one or more additional cameras for a location proximate to the screen, or audio captured proximate to the screen, or screen captures made of the screen, or user facial images captured in the viewing space.
  - 4. The method for managing data use of an enterprise as recited in claim 1, further comprising,automatically disabling the access upon detection of no user present, or of multiple people viewing the screen, or detecting a camera in the viewing space, or a combination thereof.
  - 5. The method for managing data use of an enterprise as recited in claim 1, wherein the database that stores enterprise information is connected to an enterprise network, each screen and device associated with each screen enables processing of (a)-(g), and stores the audit data in a security database.
  - 6. The method for managing data use of an enterprise as recited in claim 1, wherein the audit data is made accessible to the users for viewing, and enables user request to remove captured data, the requests to remove captured data being verified by a security entity of the enterprise.
  - 7. The method for managing data use of an enterprise as recited in claim 1, wherein the audit data produces an audit trail for each user of the enterprise, and the audit trail includes one or more security alerts for particular users in the enterprise, the security alerts maintaining the binding of the user to the actions taken by the user.
  - 8. The method for managing data use of an enterprise as recited in claim 1, wherein the user identification information is associated with image data, or picture data, or video data, or image recognition data, or biometric sensor data, or a temperature sensor, or a weight sensor, or combinations of one or more thereof.
  - 9. The method for managing data use of an enterprise as recited in claim 1, wherein the screen is associated with an apparatus, the apparatus is one of a standalone monitor, a tablet computer, a smartphone, a desktop computer, a laptop computer, a display device, or a touch screen.
  - 10. The method for managing data use of an enterprise as recited in claim 1, wherein the user identification information is of a human face.
  - 11. The method for managing data use of an enterprise as recited in claim 1, wherein the access is disabled upon detection of two or more people in proximity of the screen.
  - 12. The method for managing data use of an enterprise as recited in claim 1, wherein a security entity is alerted of policy violations or activity determined by rules to be violations for the access.
  - 13. The method for managing data use of an enterprise as recited in claim 1, wherein capturing image data further includes:
    - performing optical character recognition (OCR) of the captured image data to determine the text embedded within the image data.
  - 14. The method for managing data use of an enterprise as recited in claim 1, wherein the enterprise includes a plurality of user accounts for accessing the database for applications in one or more of work flow tracking and optimization, manufacturing, testing, quality assurance, payment systems, or DRM applications.

15. A method for managing data use of an enterprise, the method comprising:
- (a) receiving login parameters from a user associated with user identification information, the login parameters being supplied through a user interface of a screen;
  
  (b) authenticating the login parameters;
  
  (c) authenticating the user information to determine if the login parameters match the user identification information;
  
  (d) providing access to specific data in a database that stores enterprise information, the specific data being managed by policy rules that determine if the specific data is shared by users of the enterprise or is private to the user;
  
  (e) upon providing access, initiating video capture of a viewing space for the screen, the video capture being stored in a non-volatile medium, the viewing space being configured to include a location where the user associate with the user identification information is predefined to reside when accessing the specific data;
  
  (f) during the video capture, capturing image data presented on the screen, text embedded within the image data presented on the screen, and input received for the user interface of the screen, wherein capturing image data of the user is performed either continuously or at predetermined intervals of time during a session of access; and
  
  (g) binding the video capture, the captured image data presented on the screen, the text embedded within the image data, and the input received, the binding acting to define audit data that defines a link between the user and actions taken by the user regarding the specific data, wherein the audit data is associated with one or more user policy violations, each policy violation being searchable to enable review of the user and actions taken that produced each policy violation, wherein the method is executed by a processor.

16. A method for managing data use of an enterprise, comprising,(a) receiving login parameters from a user associated with user identification information, the login parameters being supplied through a user interface of a screen;
- (b) authenticating the login parameters;
  
  (c) authenticating the user information to determine if the login parameters match the user identification information;
  
  (d) providing access to specific data in a database that stores enterprise information, the specific data being managed by policy rules that determine if the specific data is shared by users of the enterprise and determine if the specific data is private to the user;
  
  (e) upon providing access, initiating video capture of a viewing space for the screen, the video capture being stored in a non-volatile medium, the viewing space being configured to include a location where the user associate with the user identification information is predefined to reside when accessing the specific data;
  
  (f) during the video capture, capturing image data presented on the screen, text embedded within the image data presented on the screen, and input received for the user interface of the screen;
  
  (g) binding the video capture, the captured image data presented on the screen, the text embedded within the image data, and the input received, the binding acting to define audit data that defines a link between the user and actions taken by the user regarding the specific data, wherein the audit data is associated with one or more user policy violations, each policy violation being searchable to enable review of the user and actions taken that produced each policy violation;
  
  (h) receiving login parameters from additional users, each of the additional users having respective user identification information;
  
  (i) processing (b)-(c) for the additional users of the enterprise; and
  
  (j) storing the audit data for the user and the additional users in a security database.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
NSS Lab Works LLC
Original Assignee
NSS Lab Works LLC
Inventors
Sambamurthy, Namakkal S., Krishnan, Parthasarathy
Primary Examiner(s)
Gee, Jason K.
Assistant Examiner(s)
Ullah, Sharif E

Application Number

US13/830,601
Publication Number

US 20130219463A1
Time in Patent Office

852 Days
Field of Search

726/1, 726/2, 726/21, 726/36, 713/150, 713/163, 713/181, 380/255, 380/264, 380/276
US Class Current

1/1
CPC Class Codes

G06F 21/31   User authentication

G06F 21/32   using biometric data, e.g. ...

G06F 21/554   involving event detection a...

G06F 21/60   Protecting data

G06F 21/6209   to a single file or object,...

G06F 21/84   output devices, e.g. displa...

G06F 2221/2153   Using hardware token as a s...

G06T 2207/10   Image acquisition modality

G06T 2207/30201   Face

G06V 30/224   of printed characters havin...

G06V 40/172   Classification, e.g. identi...

H04L 63/083   using passwords cryptograph...

H04L 63/0861   using biometrical features,...

H04L 63/105   Multiple levels of security

H04L 63/20   for managing network securi...

Methods and systems for enterprise data use monitoring and auditing user-data interactions

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

48 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and systems for enterprise data use monitoring and auditing user-data interactions

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

48 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links