Platform-independent data application description language
US-9110873-B2 · Aug 18, 2015 · US
Distinguishing user-initiated activity from application-initiated activity
US12563064B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-12563064-B2 |
| Application number | US-202318162185-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jan 31, 2023 |
| Priority date | Nov 27, 2017 |
| Publication date | Feb 24, 2026 |
| Grant date | Feb 24, 2026 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Distinguishing user-initiated activity from application-initiated activity, including: gathering first information generated by a browser extension of a browser executed on a user device, wherein the first information describes activity associated with the browser; gathering second information generated by a client application executed on the user device, wherein the second information describes activity associated with the user device; and determining whether a user has deviated from normal activity by determining, based on the first information, whether at least a portion of the activity described in the second information comprises user-initiated activity or browser-initiated activity.
First claim
Opening claim text (preview).
What is claimed is: 1 . A method of distinguishing user-initiated activity from application-initiated activity, the method comprising: gathering first information generated by a browser extension of a browser executed on a user device, wherein the browser extension is installed within the browser on the user device and records browser event telemetry, and the first information describes activity associated with the browser; gathering second information generated by a client application executed on the user device, wherein the second information describes activity associated with the user device; and determining whether a user has deviated from normal activity by determining, based on the first information, whether at least a portion of the activity described in the second information comprises user-initiated activity or browser-initiated activity, wherein normal activity for the user is determined based on historical usage of the device and the normal activity is represented as a user-specific polygraph. 2 . The method of claim 1 wherein the second information further comprises information describing a state of the user device and wherein determining whether the user has deviated from normal activity is further based on the information describing the state of the user device. 3 . The method of claim 1 wherein the first information describes one or more user interactions with the browser. 4 . The method of claim 1 wherein the first information describes a state of the browser. 5 . The method of claim 1 wherein determining whether the at least a portion of the activity described in the second information comprises user-initiated activity or browser-initiated activity is based on a lineage of a plurality of requests. 6 . The method of claim 1 wherein determining whether the at least a portion of the activity described in the second information comprises user-initiated activity or browser-initiated activity is based on whether a particular request comprises a request for top-level content or a request for embedded content. 7 . The method of claim 1 further comprising generating, by the user device, one or more of the first information and the second information based on one or more policies defining whether the first information or the second information can be collected. 8 . The method of claim 7 wherein the one or more policies comprise a policy defining one or more geographic restrictions for collecting the first information and/or the second information. 9 . The method of claim 7 wherein the one or more policies comprise a policy restricting collection of the first information and/or the second information based on one or more of: a user agreement to collect information or a user selection of information to be collected. 10 . The method of claim 1 further comprising: preventing, in response to determining that the user has deviated from normal activity, completion of a request; and providing, via the browser extension, an indication of why the request was not completed. 11 . A non-transitory computer program product for distinguishing user-initiated activity from application-initiated activity, the computer program product disposed on a non-transitory computer readable medium, the computer program product including computer program instructions configurable to cause one or more computing platforms to: gather first information generated by a browser extension of a browser executed on a user device, wherein the browser extension is installed within the browser on the user device and records browser event telemetry, and the first information describes activity associated with the browser; gather second information generated by a client application executed on the user device, wherein the second information describes activity associated with the user device; and determine whether a user has deviated from normal activity by determining, based on the first information, whether at least a portion of the activity described in the second information comprises user-initiated activity or browser-initiated activity, wherein normal activity for the user is determined based on historical usage of the device and the normal activity is represented as a user-specific polygraph. 12 . The non-transitory computer program product of claim 11 wherein the second information further comprises information describing a state of the user device and wherein determining whether the user has deviated from normal activity is further based on the information describing the state of the user device. 13 . The non-transitory computer program product of claim 11 wherein the first information describes one or more user interactions with the browser. 14 . The non-transitory computer program product of claim 11 wherein the first information describes a state of the browser. 15 . The non-transitory computer program product of claim 11 wherein determining whether the at least a portion of the activity described in the second information comprises user-initiated activity or browser-initiated activity is based on a lineage of a plurality of requests. 16 . The non-transitory computer program product of claim 11 wherein determining whether the at least a portion of the activity described in the second information comprises user-initiated activity or browser-initiated activity is based on whether a particular request comprises a request for top-level content or a request for embedded content. 17 . The non-transitory computer program product of claim 11 further comprising generating, by the user device, one or more of the first information and the second information based on one or more policies defining whether the first information or the second information can be collected. 18 . The non-transitory computer program product of claim 17 wherein the one or more policies comprise a policy defining one or more geographic restrictions for collecting the first information and/or the second information. 19 . The non-transitory computer program product of claim 17 wherein the one or more policies comprise a policy restricting collection of the first information and/or the second information based on one or more of: a user agreement to collect information or a user selection of information to be collected. 20 . The non-transitory computer program product of claim 11 further comprising: preventing, in response to determining that the user has deviated from normal activity, completion of a request; and providing, via the browser extension, an indication of why the request was not completed.
Assignees
Inventors
Classifications
Tracking the activity of the user (network monitoring arrangements H04L43/00; recording of computer activity G06F11/34) · CPC title
Search customisation based on user profiles and personalisation · CPC title
Generation of reports · CPC title
for graphical visualisation of monitoring data · CPC title
Join operations · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US12563064B2 cover?
- Distinguishing user-initiated activity from application-initiated activity, including: gathering first information generated by a browser extension of a browser executed on a user device, wherein the first information describes activity associated with the browser; gathering second information generated by a client application executed on the user device, wherein the second information describe…
- Who is the assignee on this patent?
- Fortinet Inc
- What technology area does this patent fall under?
- Primary CPC classification G06F21/57. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Feb 24 2026 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 12 related publications on this page (citations in our corpus or others sharing the same primary CPC).