Identifying dominant entity categories
US-2015286723-A1 · Oct 8, 2015 · US
Representing identity data relationships using graphs
US9703845B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9703845-B2 |
| Application number | US-201514604783-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jan 26, 2015 |
| Priority date | Jan 26, 2015 |
| Publication date | Jul 11, 2017 |
| Grant date | Jul 11, 2017 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Identity data collected from network flows is managed and graphed according to a hierarchical schema that reduces data storage requirements and enhance database querying efficiencies. Preferably, the schema comprises a set of objects, such as a “source” object, a “time” object, and an “identity” object. A source object represents a source of an identity, namely, where an identity comes from. A time object represents a time bucket along a particular time frame corresponding to when an identity appears on the network. An identity object represents the actual identity itself. As each distinctive identity data is detected, it is added to the graph, preferably just once, and relationships between particular pairs of identities are identified. The resulting graph has significantly-reduced storage requirements, and it facilitates the discovery of linked identities much more efficiently, even when the identities are not directly connected.
First claim
Opening claim text (preview).
Having described our invention, what we now claim is as follows: 1. A method of managing identity data discovered from network data traffic, comprising: representing identity data in an association of data object types, the data object types including a first type representing a source of an identity, a second type representing a time at which an identity appears in the network data traffic, and a third type representing an identity, wherein, for a given time period, an identity is represented only once in the hierarchical association; linking a particular identity in the hierarchical association with at least one other identity with which the particular identity shares a given relationship; and querying the hierarchical association to discover the given relationship. wherein each operation is carried out in software executing in a hardware element. 2. The method as described in claim 1 further including generating a graphical representation of the association of data object types. 3. The method as described in claim 2 wherein the graphical representation is a hierarchy comprising source data objects at a top level, time data objects at an intermediary level, and identity data objects at a lower level. 4. The method as described in claim 3 further including displaying the graphical representation as a visualization of one or more identity relationships. 5. The method as described in claim 1 wherein the at least one other identity is linked to the particular identity directly or indirectly. 6. The method as described in claim 1 wherein the querying operation is associated with a forensics incident analysis. 7. The method as described in claim 1 further including storing the association of data object types as a compact data structure within a distributed database. 8. Apparatus, comprising: a processor; computer memory holding computer program instructions executed by the processor to perform operations to manage identity data discovered from network data traffic by: representing identity data in an association of data object types, the data object types including a first type representing a source of an identity, a second type representing a time at which an identity appears in the network data traffic, and a third type representing an identity, wherein, for a given time period, an identity is represented only once in the hierarchical association; linking a particular identity in the hierarchical association with at least one other identity with which the particular identity shares a given relationship; and querying the hierarchical association to discover the given relationship. 9. The apparatus as described in claim 8 wherein the operations further include generating a graphical representation of the association of data object types. 10. The apparatus as described in claim 9 wherein the graphical representation is a hierarchy comprising source data objects at a top level, time data objects at an intermediary level, and identity data objects at a lower level. 11. The apparatus as described in claim 10 wherein the operations further include displaying the graphical representation as a visualization of one or more identity relationships. 12. The apparatus as described in claim 8 wherein the at least one other identity is linked to the particular identity directly or indirectly. 13. The apparatus as described in claim 8 wherein the querying operation is associated with a forensics incident analysis. 14. The apparatus as described in claim 8 wherein the operations further include storing the association of data object types as a compact data structure within a distributed database. 15. A computer program product in a non-transitory computer readable medium for use in a data processing system, the computer program product holding computer program instructions which, when executed by the data processing system, perform a method of managing identity data discovered from network data traffic, comprising: representing identity data in an association of data object types, the data object types including a first type representing a source of an identity, a second type representing a time at which an identity appears in the network data traffic, and a third type representing an identity, wherein, for a given time period, an identity is represented only once in the hierarchical association; linking a particular identity in the hierarchical association with at least one other identity with which the particular identity shares a given relationship; and querying the hierarchical association to discover the given relationship. wherein each operation is carried out in software executing in a hardware element. 16. The computer program product as described in claim 15 wherein the method further includes generating a graphical representation of the association of data object types. 17. The computer program product as described in claim 16 wherein the graphical representation is a hierarchy comprising source data objects at a top level, time data objects at an intermediary level, and identity data objects at a lower level. 18. The computer program product as described in claim 17 wherein the method further includes displaying the graphical representation as a visualization of one or more identity relationships. 19. The computer program product as described in claim 15 wherein the at least one other identity is linked to the particular identity directly or indirectly. 20. The computer program product as described in claim 15 wherein the querying operation is associated with a forensics incident analysis. 21. The computer program product as described in claim 15 wherein the method further includes storing the association of data object types as a compact data structure within a distributed database.
Assignees
Inventors
Classifications
- G06F16/248Primary
Presentation of query results · CPC title
Relational databases · CPC title
- G06F21/31Primary
User authentication · CPC title
- H04L63/1408Primary
by monitoring network traffic (monitoring network traffic per se H04L43/00) · CPC title
for detecting or protecting against malicious traffic · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9703845B2 cover?
- Identity data collected from network flows is managed and graphed according to a hierarchical schema that reduces data storage requirements and enhance database querying efficiencies. Preferably, the schema comprises a set of objects, such as a “source” object, a “time” object, and an “identity” object. A source object represents a source of an identity, namely, where an identity comes from. A …
- Who is the assignee on this patent?
- IBM
- What technology area does this patent fall under?
- Primary CPC classification G06F16/248. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Jul 11 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 3 related publications on this page (citations in our corpus or others sharing the same primary CPC).