Systems and user interfaces for dynamic and interactive investigation of bad actor behavior based on automatic clustering of related data in various data structures

US 9,367,872 B1
Filed: 12/22/2014
Issued: 06/14/2016
Est. Priority Date: 12/22/2014
Status: Active Grant

First Claim

Patent Images

1. A computer system comprising:

one or more non-transitory computer readable storage devices configured to store;

a plurality of computer executable instructions including at least a clustering engine;

one or more cluster data sources configured to store a plurality of data items, wherein the plurality of data items include at least one of;

emails, electronic chat logs, or electronic trades; and

a plurality of data cluster types, each data cluster type associated with a respective one of a plurality of data clustering strategies and a respective plurality of data cluster tagging rules; and

one or more hardware computer processors in communication with the one or more non-transitory computer readable storage devices and configured to execute the plurality of computer executable instructions in order to;

generate, by the clustering engine, a plurality of data clusters by at least;

designating, for each of at least some of the plurality of data clustering strategies and based on the respective data clustering strategies, one or more data item seeds, wherein the one or more data items seeds are designated from the plurality of data items and accessed from the one or more cluster data sources;

for each of the data items seeds, and based on the respective data clustering strategies;

identifying one or more additional data items related to the data item seed, wherein the one or more additional data items are accessed from the one or more cluster data sources;

combining the data item seed and the one or more additional data items to generate a data cluster; and

associating the data cluster with a data cluster type associated with the data clustering strategy by which the seed was designated and the one or more additional data items were identified;

store the plurality of data clusters in the one or more non-transitory computer readable storage devices;

for each particular data cluster of the plurality of data clusters;

access the particular data cluster from the one or more non-transitory computer readable storage devices;

determine the data cluster type associated with the particular data cluster;

associate one or more tags types with the particular data cluster based on the data cluster tagging rules associated with the determined data cluster type, wherein the one or more tags types include at least one of;

trader, trading book, counterparty, or trading desk; and

for each particular tag type of the one or more tags types, associate at least one tag value with the particular tag type, wherein each tag type and each associated tag value is expressed in the format tag type;

tag value;

generate user interface data for rendering an interactive user interface on a computing device, the interactive user interface including one or more selectable elements useable by a user for indicating a tag type;

receive an indication of a first tag type via selection of one of the selectable elements by the user;

automatically identify tag types associated with each of the plurality of data clusters that have the first tag type;

automatically generate a plurality of first groups of the plurality of data clusters, wherein each of the first groups is associated with a different common tag value of the first tag type;

automatically update the user interface data such that the interactive user interface further includes a plurality of first tiles, wherein each of the first tiles represents a different one of the first groups, and wherein;

each of the first tiles displays a time-based graph showing events associated with data clusters associated with the respective common tag values of the respective first tiles,the time-based graphs represent a merger or aggregation of all data items associated with that particular tag value for that respective group of data clusters;

each of the time-based graphs of the first tiles includes at least one common axis and a common scale for the at least one common axis;

the interactive user interface further displays the first tiles in an orthogonal arrangement on the display with multiple tiles arranged in rows and columns on the display;

the orthogonal tiles are separated by thin seams or lines, each tile having an indication of the number of alerts associated with the tag value for that particular tile and an indication of critical alerts for that particular tile;

the tiles are arranged horizontally on the display in order of number of critical alerts;

the first tiles have only one of two colors with tiles of one color being arranged at the top of the display and tiles of a different color being arranged generally at the bottom of the display, the colors representing a tag value having more or less critical alerts; and

each tile is selectable by the user in the interactive user interface, the selection generating a second display of only the selected tile wherein the time-based graph is automatically resized to be displayed horizontally across the entire display while maintaining the common axis and common scale displayed in the previous display;

receive an indication of a second tag type via selection of one of the selectable elements by the user;

automatically identify tag types associated with each of the plurality of data clusters that have the second tag type;

automatically generate a plurality of second groups of the plurality of data clusters, wherein each of the second groups is associated with a different common tag value of the second tag type; and

automatically update the user interface data such that the plurality of first tiles in the interactive user interface are dynamically replaced with a plurality of second tiles, wherein each of the second tiles represents a different one of the second groups, and wherein;

each of the second tiles displays a time-based graph showing events associated with data clusters associated with the respective common tag values of the respective second tiles, andeach of the time-based graphs of the second tiles includes at least one common axis and a common scale for the at least one common axis.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments of the present disclosure relate to a data analysis system that may automatically generate memory-efficient clustered data structures, automatically analyze those clustered data structures, automatically tag and group those clustered data structures, and provide results of the automated analysis and grouping in an optimized way to an analyst. The automated analysis of the clustered data structures (also referred to herein as data clusters) may include an automated application of various criteria or rules so as to generate a tiled display of the groups of related data clusters such that the analyst may quickly and efficiently evaluate the groups of data clusters. In particular, the groups of data clusters may be dynamically re-grouped and/or filtered in an interactive user interface so as to enable an analyst to quickly navigate among information associated with various groups of data clusters and efficiently evaluate those data clusters in the context of, for example, a fraud investigation.

Citations

16 Claims

1. A computer system comprising:
- one or more non-transitory computer readable storage devices configured to store;
  
  a plurality of computer executable instructions including at least a clustering engine;
  
  one or more cluster data sources configured to store a plurality of data items, wherein the plurality of data items include at least one of;
  
  emails, electronic chat logs, or electronic trades; and
  
  a plurality of data cluster types, each data cluster type associated with a respective one of a plurality of data clustering strategies and a respective plurality of data cluster tagging rules; and
  
  one or more hardware computer processors in communication with the one or more non-transitory computer readable storage devices and configured to execute the plurality of computer executable instructions in order to;
  
  generate, by the clustering engine, a plurality of data clusters by at least;
  
  designating, for each of at least some of the plurality of data clustering strategies and based on the respective data clustering strategies, one or more data item seeds, wherein the one or more data items seeds are designated from the plurality of data items and accessed from the one or more cluster data sources;
  
  for each of the data items seeds, and based on the respective data clustering strategies;
  
  identifying one or more additional data items related to the data item seed, wherein the one or more additional data items are accessed from the one or more cluster data sources;
  
  combining the data item seed and the one or more additional data items to generate a data cluster; and
  
  associating the data cluster with a data cluster type associated with the data clustering strategy by which the seed was designated and the one or more additional data items were identified;
  
  store the plurality of data clusters in the one or more non-transitory computer readable storage devices;
  
  for each particular data cluster of the plurality of data clusters;
  
  access the particular data cluster from the one or more non-transitory computer readable storage devices;
  
  determine the data cluster type associated with the particular data cluster;
  
  associate one or more tags types with the particular data cluster based on the data cluster tagging rules associated with the determined data cluster type, wherein the one or more tags types include at least one of;
  
  trader, trading book, counterparty, or trading desk; and
  
  for each particular tag type of the one or more tags types, associate at least one tag value with the particular tag type, wherein each tag type and each associated tag value is expressed in the format tag type;
  
  tag value;
  
  generate user interface data for rendering an interactive user interface on a computing device, the interactive user interface including one or more selectable elements useable by a user for indicating a tag type;
  
  receive an indication of a first tag type via selection of one of the selectable elements by the user;
  
  automatically identify tag types associated with each of the plurality of data clusters that have the first tag type;
  
  automatically generate a plurality of first groups of the plurality of data clusters, wherein each of the first groups is associated with a different common tag value of the first tag type;
  
  automatically update the user interface data such that the interactive user interface further includes a plurality of first tiles, wherein each of the first tiles represents a different one of the first groups, and wherein;
  
  each of the first tiles displays a time-based graph showing events associated with data clusters associated with the respective common tag values of the respective first tiles,the time-based graphs represent a merger or aggregation of all data items associated with that particular tag value for that respective group of data clusters;
  
  each of the time-based graphs of the first tiles includes at least one common axis and a common scale for the at least one common axis;
  
  the interactive user interface further displays the first tiles in an orthogonal arrangement on the display with multiple tiles arranged in rows and columns on the display;
  
  the orthogonal tiles are separated by thin seams or lines, each tile having an indication of the number of alerts associated with the tag value for that particular tile and an indication of critical alerts for that particular tile;
  
  the tiles are arranged horizontally on the display in order of number of critical alerts;
  
  the first tiles have only one of two colors with tiles of one color being arranged at the top of the display and tiles of a different color being arranged generally at the bottom of the display, the colors representing a tag value having more or less critical alerts; and
  
  each tile is selectable by the user in the interactive user interface, the selection generating a second display of only the selected tile wherein the time-based graph is automatically resized to be displayed horizontally across the entire display while maintaining the common axis and common scale displayed in the previous display;
  
  receive an indication of a second tag type via selection of one of the selectable elements by the user;
  
  automatically identify tag types associated with each of the plurality of data clusters that have the second tag type;
  
  automatically generate a plurality of second groups of the plurality of data clusters, wherein each of the second groups is associated with a different common tag value of the second tag type; and
  
  automatically update the user interface data such that the plurality of first tiles in the interactive user interface are dynamically replaced with a plurality of second tiles, wherein each of the second tiles represents a different one of the second groups, and wherein;
  
  each of the second tiles displays a time-based graph showing events associated with data clusters associated with the respective common tag values of the respective second tiles, andeach of the time-based graphs of the second tiles includes at least one common axis and a common scale for the at least one common axis.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. The computer system of claim 1, wherein associating one or more tag types with the particular data cluster comprises:
    - determining one or more tag types associated with the data cluster type.
  - 3. The computer system of claim 2, wherein associating one or more tag types with the particular data cluster further comprises:
    - analyzing the particular data cluster to identify one or more tag values to associate with at least one of the one or more tag types.
  - 4. The computer system of claim 3, wherein associating one or more tag types with the particular data cluster further comprises:
    - associating a first tag value with the particular data cluster, the first tag value indicating the data cluster type associated with the particular data cluster.
  - 5. The computer system of claim 4, wherein the one or more hardware computer processors are further configured to execute the plurality of computer executable instructions in order to:
    - determine the one or more selectable elements based on one or more tag types associated with a type of investigation to be performed by the user.
  - 6. The computer system of claim 1, wherein the interactive user interface further includes one or more selectable filter criteria, wherein the one or more hardware computer processors are further configured to execute the plurality of computer executable instructions in order to:
    - filter the plurality of data clusters based on one or more filter criteria.
  - 7. The computer system of claim 6, wherein the one or more hardware computer processors are further configured to execute the plurality of computer executable instructions in order to:
    - receive an indication of the one or more filter criteria via a user selection of at least one of the one or more selectable filter criteria.
  - 8. The computer system of claim 6, wherein the one or more selectable filter criteria include at least one of a tag value, a cluster type, or a state.
  - 9. The computer system of claim 6, wherein:
    - filtering the plurality of data clusters comprises determining a subset of data clusters of the plurality of data clusters satisfying the one or more filter criteria, andgenerating the plurality of first groups of the plurality of data clusters is based on the subset of data clusters.
  - 10. The computer system of claim 6, wherein filter criteria of the one or more filter criteria of the same type are applied disjunctively when filtering the plurality of data clusters.
  - 11. The computer system of claim 10, wherein filter criteria of the one or more filter criteria of different types are applied conjunctively when filtering the plurality of data clusters.
  - 12. The computer system of claim 1, wherein each of the first tiles includes an indication of:
    - a tag value associated with a first group associated with the respective first tile.
  - 13. The computer system of claim 12, wherein each of the first tiles further includes an indication of:
    - a number of critical data clusters in the first group associated with the respective first tile.
  - 14. The computer system of claim 1, wherein the one or more hardware computer processors are further configured to execute the plurality of computer executable instructions in order to:
    - receive a selection of one of the plurality of first tiles; and
      
      update the user interface data such that the interactive user interface includes;
      
      an indication of at least one data cluster represented by the one of the plurality of first tiles; and
      
      a resized time-based graph of data associated with the data clusters represented by the one of the plurality of first tiles, wherein the resized time-based graph is displayed horizontally across the entire display while maintaining the common axis and common scale displayed in the previous display.
  - 15. The computer system of claim 1, wherein the interactive user interface further includes one or more selectable assignable states, wherein the one or more hardware computer processors are further configured to execute the plurality of computer executable instructions in order to:
    - receive an indication of one of the assignable states via a user selection of one of the one or more selectable assignable states;
      
      associate one or more groups of data clusters with the indicated one of the assignable states.
  - 16. The computer system of claim 1, wherein each of the first tiles displays an indication of a number of data clusters associated with the respective common tag values of the respective first tiles, and wherein each of the second tiles displays an indication of a number of data clusters associated with the respective common tag values of the respective second tiles.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Palantir Technologies Incorporated
Original Assignee
Palantir Technologies Incorporated
Inventors
Witherspoon, Devin, Lai, Vicktoria, Smaliy, Alexei, Lee, Suchan, Visbal, Alexander, Thompson, James, Sum, Marvin, Ma, Jason, Fu, Bing Jie, Nepomnyashchiy, Ilya, Berler, Steven
Primary Examiner(s)
Trotter, Scott S

Application Number

US14/579,752
Publication Number

US 20160180451A1
Time in Patent Office

540 Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 12/1036   for multiple virtual addres...

G06F 16/24578   using ranking

G06F 16/287   Visualization; Browsing

G06F 16/34   Browsing; Visualisation the...

G06F 16/9038   Presentation of query results

G06F 18/23   Clustering techniques

G06F 18/40   Software arrangements speci...

G06F 21/552   involving long-term monitor...

G06F 3/0482   Interaction with lists of s...

G06F 3/04842   Selection of displayed obje...

G06Q 40/00   Finance; Insurance; Tax str...

G06Q 40/02   Banking, e.g. interest calc...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 63/1433   Vulnerability analysis

Systems and user interfaces for dynamic and interactive investigation of bad actor behavior based on automatic clustering of related data in various data structures

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and user interfaces for dynamic and interactive investigation of bad actor behavior based on automatic clustering of related data in various data structures

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links