Privacy protection during insider threat monitoring

US 10,733,323 B2
Filed: 03/29/2019
Issued: 08/04/2020
Est. Priority Date: 07/26/2017
Status: Active Grant

First Claim

Patent Images

1. A computer-implementable method for performing a privacy operation, comprising:

monitoring user behavior via an Input/output collector, the Input/output collector capturing user/device interactions between a user and a device, the Input/output collector comprising a keystroke collector, the monitoring comprising collecting keystrokes resulting from user/device interactions;

determining whether the keystrokes resulting from the user/device interactions include sensitive personal information;

obfuscating the sensitive personal information, the obfuscating preventing viewing of the sensitive personal information;

storing sensitive personal information that has been obfuscated within an obfuscated sensitive personal information repository; and

,allowing access to the sensitive personal information stored within the obfuscated sensitive personal information repository only when a security administrator is authorized to access the sensitive personal information, the allowing access only when the security administrator is authorized providing conditional sensitive personal information access, authorization to access the sensitive personal information being provided via a superior of the administrator, access to the sensitive personal information being via a security analytics system, the security analytics system executing on a hardware processor of an information handling system.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method, system and computer-usable medium are disclosed for performing a privacy operation, comprising: monitoring user behavior via an Input/output collector, the Input/output collector capturing user/device interactions between a user and a device; determining whether the user/device interactions include sensitive personal information; obfuscating the sensitive personal information, the obfuscating preventing viewing of the sensitive personal information; storing obfuscated sensitive personal information within an obfuscated sensitive personal information repository; and, allowing access to the obfuscated sensitive personal information stored within the obfuscated sensitive personal information repository only when an administrator is authorized to access the obfuscated sensitive personal information so as to provide conditional sensitive personal information access.

99 Citations

View as Search Results

20 Claims

1. A computer-implementable method for performing a privacy operation, comprising:
- monitoring user behavior via an Input/output collector, the Input/output collector capturing user/device interactions between a user and a device, the Input/output collector comprising a keystroke collector, the monitoring comprising collecting keystrokes resulting from user/device interactions;
  
  determining whether the keystrokes resulting from the user/device interactions include sensitive personal information;
  
  obfuscating the sensitive personal information, the obfuscating preventing viewing of the sensitive personal information;
  
  storing sensitive personal information that has been obfuscated within an obfuscated sensitive personal information repository; and
  
  ,allowing access to the sensitive personal information stored within the obfuscated sensitive personal information repository only when a security administrator is authorized to access the sensitive personal information, the allowing access only when the security administrator is authorized providing conditional sensitive personal information access, authorization to access the sensitive personal information being provided via a superior of the administrator, access to the sensitive personal information being via a security analytics system, the security analytics system executing on a hardware processor of an information handling system.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein:
    - the obfuscating comprises storing the sensitive personal information within the obfuscated sensitive personal information repository via a one-way function, the one-way function preventing access to the sensitive personal information unless access to the obfuscated sensitive personal information is authorized.
  - 3. The method of claim 2, wherein:
    - the keystrokes corresponding to the sensitive personal information being are added to the one-way function.
  - 4. The method of claim 1, wherein:
    - storing the sensitive personal information comprises storing the sensitive personal information as a tamper-evident record, the tamper-evident record providing immutability of requests for conditional sensitive personal information access.
  - 5. The method of claim 1, wherein:
    - the allowing access further comprises determining whether the security administrator is authorized to access the obfuscated sensitive personal information based upon a sensitive personal information policy.
  - 6. The method of claim 5, wherein:
    - the sensitive personal information policy is generated using a sensitive personal information obfuscation and conditional access policy generation operation, the sensitive personal information obfuscation and conditional access policy generation operation comprising determining factors associated with a particular sensitive personal information policy, the factors associated with a particular sensitive personal information policy comprising at least one of known user authentication factors, identification factors and risk-adaptive behavior factors.

7. A system comprising:
- a processor;
  
  a data bus coupled to the processor; and
  
  a non-transitory, computer-readable storage medium embodying computer program code, the non-transitory, computer-readable storage medium being coupled to the data bus, the computer program code interacting with a plurality of computer operations and comprising instructions executable by the processor and configured for;
  
  monitoring user behavior via an Input/output collector, the Input/output collector capturing user/device interactions between a user and a device, the Input/output collector comprising a keystroke collector, the monitoring comprising collecting keystrokes resulting from user/device interactions;
  
  determining whether the keystrokes resulting from the user/device interactions include sensitive personal information;
  
  obfuscating the sensitive personal information, the obfuscating preventing viewing of the sensitive personal information;
  
  storing sensitive personal information that has been obfuscated within an obfuscated sensitive personal information repository; and
  
  ,allowing access to the sensitive personal information stored within the obfuscated sensitive personal information repository only when a security administrator is authorized to access the sensitive personal information, the allowing access only when the security administrator is authorized providing conditional sensitive personal information access, authorization to access the sensitive personal information being provided via a superior of the administrator, access to the sensitive personal information being via a security analytics system, the security analytics system executing on a hardware processor of an information handling system.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The system of claim 7, wherein:
    - the obfuscating comprises storing the sensitive personal information within the obfuscated sensitive personal information repository via a one-way function, the one-way function preventing access to the sensitive personal information unless access to the obfuscated sensitive personal information is authorized.
  - 9. The system of claim 8, wherein:
    - the keystrokes corresponding to the sensitive personal information are added to the one-way function.
  - 10. The system of claim 7, wherein:
    - storing the sensitive personal information comprises storing the sensitive personal information as a tamper-evident record, the tamper-evident record providing immutability of requests for conditional sensitive personal information access.
  - 11. The system of claim 7, wherein:
    - the allowing access further comprises determining whether the security administrator is authorized to access the obfuscated sensitive personal information based upon a sensitive personal information policy.
  - 12. The system of claim 11, wherein the instructions executable by the processor are further configured for:
    - the sensitive personal information policy is generated using a sensitive personal information obfuscation and conditional access policy generation operation, the sensitive personal information obfuscation and conditional access policy generation operation comprising determining factors associated with a particular sensitive personal information policy, the factors associated with a particular sensitive personal information policy comprising at least one of known user authentication factors, identification factors and risk-adaptive behavior factors.

13. A non-transitory, computer-readable storage medium embodying computer program code, the computer program code comprising computer executable instructions configured for:
- monitoring user behavior via an Input/output collector, the Input/output collector capturing user/device interactions between a user and a device, the Input/output collector comprising a keystroke collector, the monitoring comprising collecting keystrokes resulting from user/device interactions;
  
  determining whether the keystrokes resulting from the user/device interactions include sensitive personal information;
  
  obfuscating the sensitive personal information, the obfuscating preventing viewing of the sensitive personal information;
  
  storing sensitive personal information that has been obfuscated within an obfuscated sensitive personal information repository; and
  
  ,allowing access to the sensitive personal information stored within the obfuscated sensitive personal information repository only when a security administrator is authorized to access the sensitive personal information, the allowing access only when the security administrator is authorized providing conditional sensitive personal information access, authorization to access the sensitive personal information being provided via a superior of the administrator, access to the sensitive personal information being via a security analytics system, the security analytics system executing on a hardware processor of an information handling system.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
- - 14. The non-transitory, computer-readable storage medium of claim 13, wherein:
    - the obfuscating comprises storing the sensitive personal information within the obfuscated sensitive personal information repository via a one-way function, the one-way function preventing access to the sensitive personal information unless access to the obfuscated sensitive personal information is authorized.
  - 15. The non-transitory, computer-readable storage medium of claim 14, wherein:
    - the keystrokes corresponding to the sensitive personal information are added to the one-way function.
  - 16. The non-transitory, computer-readable storage medium of claim 13, wherein the computer executable instructions are further configured for:
    - storing the sensitive personal information comprises storing the sensitive personal information as a tamper-evident record, the tamper-evident record providing immutability of requests for conditional sensitive personal information access.
  - 17. The non-transitory, computer-readable storage medium of claim 13, wherein:
    - the allowing access further comprises determining whether the security administrator is authorized to access the obfuscated sensitive personal information based upon a sensitive personal information policy.
  - 18. The non-transitory, computer-readable storage medium of claim 17, wherein:
    - the sensitive personal information policy is generated using a sensitive personal information obfuscation and conditional access policy generation operation, the sensitive personal information obfuscation and conditional access policy generation operation comprising determining factors associated with a particular sensitive personal information policy, the factors associated with a particular sensitive personal information policy comprising at least one of known user authentication factors, identification factors and risk-adaptive behavior factors.
  - 19. The non-transitory, computer-readable storage medium of claim 13, wherein the computer executable instructions are deployable to a client system from a server system at a remote location.
  - 20. The non-transitory, computer-readable storage medium of claim 13, wherein the computer executable instructions are provided by a service provider to a user on an on-demand basis.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Forcepoint LLC
Original Assignee
Forcepoint LLC
Inventors
Ford, Richard A., Shirey, Christopher B., Knepher, Jonathan B., Troyansky, Lidror
Primary Examiner(s)
Schwartz, Darren B

Application Number

US16/369,924
Publication Number

US 20190228181A1
Time in Patent Office

494 Days
Field of Search
US Class Current
CPC Class Codes

G06F 11/3072   where the reporting involve...

G06F 11/3438   monitoring of user actions ...

G06F 21/552   involving long-term monitor...

G06F 21/577   Assessing vulnerabilities a...

G06F 21/602   Providing cryptographic fac...

G06F 21/6245   Protecting personal data, e...

G06F 21/6254   by anonymising data, e.g. d...

G06F 21/84   output devices, e.g. displa...

G06F 2201/86   Event-based monitoring

G06F 2221/031   Protect user input by softw...

G06F 2221/032   Protect output to user by s...

G06F 2221/034   Test or assess a computer o...

H04L 2209/16   Obfuscation or hiding, e.g....

H04L 63/1408   by monitoring network traff...

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 63/1433   Vulnerability analysis

H04L 63/1441   Countermeasures against mal...

H04L 63/20   for managing network securi...

H04L 67/025   for remote control or remot...

H04L 67/141   Setup of application sessio...

H04L 67/146 : Markers for unambiguous ide...

H04L 67/289 : Intermediate processing fun...

H04L 67/306 : User profiles

H04L 67/535 : Tracking the activity of th...

View All

Privacy protection during insider threat monitoring

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

99 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Privacy protection during insider threat monitoring

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

99 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others