Adaptive trust profile reference architecture

US 10,798,109 B2
Filed: 05/17/2019
Issued: 10/06/2020
Est. Priority Date: 05/15/2017
Status: Active Grant

First Claim

Patent Images

1. A computer-implementable method for generating and managing an adaptive trust profile, comprising:

monitoring a plurality of electronically-observable actions of an entity, the plurality of electronically-observable actions of the entity corresponding to a respective plurality of events enacted by the entity, the entity comprising a user entity;

converting the plurality of electronically-observable actions of the entity to electronic information representing the plurality of actions of the entity;

generating the adaptive trust profile based upon the plurality of actions of the entity, the adaptive trust profile being generated by an adaptive trust profile system, the adaptive trust profile comprising a collection of information describing an identity of the entity and an associated behavior of the entity, the adaptive trust profile system executing on a hardware processor of an information handling system;

determining, via the adaptive trust profile system, whether an event of the plurality of events enacted by the entity is of analytic utility, the event being of analytic utility indicating an entity behavior associated with the event represents a security risk;

generating, via the adaptive trust profile system, contextual information about the event based upon an entity profile, the contextual information comprising information relating to a particular entity behavior;

deriving, via the adaptive trust profile system, a meaning from the contextual information associated with the event, the meaning including an inference of an intent of the entity associated with the event; and

,updating, via the adaptive trust profile system, the adaptive trust profile of the entity based upon the contextual information about the event and the intent of the entity associated with the event.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system, method, and computer-readable medium are disclosed for generating an adaptive trust profile via an adaptive trust profile operation. In various embodiments the adaptive trust profile operation includes: monitoring a plurality of electronically-observable actions of an entity, the plurality of electronically-observable actions of the entity corresponding to a respective plurality of events enacted by the entity; converting the plurality of electronically-observable actions of the entity to electronic information representing the plurality of actions of the entity; and generating the adaptive trust profile based upon the plurality of actions of the entity, the adaptive trust profile being generated by an adaptive trust profile system.

320 Citations

20 Claims

1. A computer-implementable method for generating and managing an adaptive trust profile, comprising:
- monitoring a plurality of electronically-observable actions of an entity, the plurality of electronically-observable actions of the entity corresponding to a respective plurality of events enacted by the entity, the entity comprising a user entity;
  
  converting the plurality of electronically-observable actions of the entity to electronic information representing the plurality of actions of the entity;
  
  generating the adaptive trust profile based upon the plurality of actions of the entity, the adaptive trust profile being generated by an adaptive trust profile system, the adaptive trust profile comprising a collection of information describing an identity of the entity and an associated behavior of the entity, the adaptive trust profile system executing on a hardware processor of an information handling system;
  
  determining, via the adaptive trust profile system, whether an event of the plurality of events enacted by the entity is of analytic utility, the event being of analytic utility indicating an entity behavior associated with the event represents a security risk;
  
  generating, via the adaptive trust profile system, contextual information about the event based upon an entity profile, the contextual information comprising information relating to a particular entity behavior;
  
  deriving, via the adaptive trust profile system, a meaning from the contextual information associated with the event, the meaning including an inference of an intent of the entity associated with the event; and
  
  ,updating, via the adaptive trust profile system, the adaptive trust profile of the entity based upon the contextual information about the event and the intent of the entity associated with the event.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein:
    - the adaptive trust profile system comprises an event enrichment module, the event enrichment module performing an event enrichment operation.
  - 3. The method of claim 1, wherein:
    - the adaptive trust profile system comprises a meaning derivation module, the meaning derivation module performing a meaning derivation operation, the meaning derivation operation deriving the meaning from the contextualized information.
  - 4. The method of claim 1, wherein:
    - the adaptive trust profile system comprises a contextualization module, the contextualization module performing a contextualization operation, the contextualization operation generating the contextual information.
  - 5. The method of claim 1, wherein:
    - the adaptive trust profile system comprises an anomaly detection module, the anomaly detection module performing an anomaly detection operation.
  - 6. The method of claim 5, wherein:
    - the anomaly detection operation determines whether the event of the plurality of events is of analytic utility.

7. A system comprising:
- a hardware processor;
  
  a data bus coupled to the processor; and
  
  a non-transitory, computer-readable storage medium embodying computer program code for generating and managing an adaptive trust profile, the non-transitory, computer-readable storage medium being coupled to the data bus, the computer program code interacting with a plurality of computer operations and comprising instructions executable by the processor and configured for;
  
  monitoring a plurality of electronically-observable actions of an entity, the plurality of electronically-observable actions of the entity corresponding to a respective plurality of events enacted by the entity, the entity comprising a user entity;
  
  converting the plurality of electronically-observable actions of the entity to electronic information representing the plurality of actions of the entity;
  
  generating the adaptive trust profile based upon the plurality of actions of the entity, the adaptive trust profile being generated by an adaptive trust profile system, the adaptive trust profile comprising a collection of information describing an identity of the entity and an associated behavior of the entity, the adaptive trust profile system executing on the hardware processor of the system;
  
  determining, via the adaptive trust profile system, whether an event of the plurality of events enacted by the entity is of analytic utility, the event being of analytic utility indicating an entity behavior associated with the event represents a security risk;
  
  generating, via the adaptive trust profile system, contextual information about the event based upon an entity profile, the contextual information comprising information relating to a particular entity behavior;
  
  deriving, via the adaptive trust profile system, a meaning from the contextualized information associated with the event, the meaning including an inference of an intent of the entity associated with the event; and
  
  ,updating, via the adaptive trust profile system, the adaptive trust profile of the entity based upon the contextual information about the event and the intent of the entity associated with the event.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The system of claim 7, wherein:
    - the adaptive trust profile system comprises an event enrichment module, the event enrichment module performing an event enrichment operation.
  - 9. The system of claim 7, wherein:
    - the adaptive trust profile system comprises a meaning derivation module, the meaning derivation module performing a meaning derivation operation, the meaning derivation operation deriving the meaning from the contextualized information.
  - 10. The system of claim 7, wherein:
    - the adaptive trust profile system comprises a contextualization module, the contextualization module performing a contextualization operation, the contextualization operation generating the contextual information.
  - 11. The system of claim 7, wherein:
    - the adaptive trust profile system comprises an anomaly detection module, the anomaly detection module performing an anomaly detection operation.
  - 12. The system of claim 11, wherein:
    - the anomaly detection operation determines whether the event of the plurality of events is of analytic utility.

13. A non-transitory, computer-readable storage medium embodying computer program code for generating and managing an adaptive trust profile, the computer program code comprising computer executable instructions configured for:
- monitoring a plurality of electronically-observable actions of an entity, the plurality of electronically-observable actions of the entity corresponding to a respective plurality of events enacted by the entity, the entity comprising a user entity;
  
  converting the plurality of electronically-observable actions of the entity to electronic information representing the plurality of actions of the entity;
  
  generating the adaptive trust profile based upon the plurality of actions of the entity, the adaptive trust profile being generated by an adaptive trust profile system, the adaptive trust profile comprising a collection of information describing an identity of the entity and an associated behavior of the entity, the adaptive trust profile system executing on a hardware processor of an information handling system;
  
  determining, via the adaptive trust profile system, whether an event of the plurality of events enacted by the entity is of analytic utility, the event being of analytic utility indicating an entity behavior associated with the event represents a security risk;
  
  generating, via the adaptive trust profile system, contextual information about the event based upon an entity profile, the contextual information comprising information relating to a particular entity behavior;
  
  deriving, via the adaptive trust profile system, a meaning from the contextualized information associated with the event, the meaning including an inference of an intent of the entity associated with the event; and
  
  ,updating, via the adaptive trust profile system, the adaptive trust profile of the entity based upon the contextual information about the event and the intent of the entity associated with the event.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
- - 14. The non-transitory, computer-readable storage medium of claim 13, wherein:
    - the adaptive trust profile system comprises an event enrichment module, the event enrichment module performing an event enrichment operation.
  - 15. The non-transitory, computer-readable storage medium of claim 13, wherein:
    - the adaptive trust profile system comprises a meaning derivation module, the meaning derivation module performing a meaning derivation operation, the meaning derivation operation deriving the meaning from the contextualized information.
  - 16. The non-transitory, computer-readable storage medium of claim 13, wherein:
    - the adaptive trust profile system comprises a contextualization module, the contextualization module performing a contextualization operation, the contextualization operation generating the contextual information.
  - 17. The non-transitory, computer-readable storage medium of claim 13, wherein:
    - the adaptive trust profile system comprises an anomaly detection module, the anomaly detection module performing an anomaly detection operation.
  - 18. The non-transitory, computer-readable storage medium of claim 17, wherein:
    - the anomaly detection operation determines whether the event of the plurality of events is of analytic utility.
  - 19. The non-transitory, computer-readable storage medium of claim 13, wherein:
    - the computer executable instructions are deployable to a client system from a server system at a remote location.
  - 20. The non-transitory, computer-readable storage medium of claim 13, wherein:
    - the computer executable instructions are provided by a service provider to a user on an on-demand basis.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Forcepoint LLC
Original Assignee
Forcepoint LLC
Inventors
Ford, Richard A.
Primary Examiner(s)
Schwartz, Darren B

Application Number

US16/415,707
Publication Number

US 20200128048A1
Time in Patent Office

508 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/554   involving event detection a...

G06F 21/57   Certifying or maintaining t...

G06F 21/604   Tools and structures for ma...

G06F 21/6218   to a system of files or obj...

G06F 2221/2101   Auditing as a secondary aspect

G06F 2221/2141   Access rights, e.g. capabil...

G06N 5/04   Inference or reasoning models

H04L 63/10   for controlling access to d...

H04L 63/102   Entity profiles

H04L 63/14   for detecting or protecting...

H04L 63/1408   by monitoring network traff...

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 63/205   involving negotiation or de...

H04L 67/306   User profiles

H04L 67/535   Tracking the activity of th...

H04L 9/3239   involving non-keyed hash fu...

H04L 9/50   using hash chains, e.g. blo...

Adaptive trust profile reference architecture

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

320 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Adaptive trust profile reference architecture

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

320 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links