Who is the assignee on this patent?

Emc Corp, Emc Ip Holding Co Llc

What technology area does this patent fall under?

Primary CPC classification H04L63/1433. Mapped technology areas include Electricity.

When was this patent published?

Publication date Tue Aug 01 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (B1). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).

Method, apparatus and computer program product for detecting risky communications

US9723017B1 · US · B1

Patent metadata
Field	Value
Publication number	US-9723017-B1
Application number	US-201514755298-A
Country	US
Kind code	B1
Filing date	Jun 30, 2015
Priority date	Dec 21, 2011
Publication date	Aug 1, 2017
Grant date	Aug 1, 2017

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

There is disclosed herein techniques for use in detecting risky communications. In one embodiment, the techniques comprise a method including the following steps. The method comprises determining entropy in connection with a communication. The method also comprises performing a comparison based on the entropy and historical communications. The method further comprises determining the similarity between the communication and the historical communications based on the comparison.

First claim

Opening claim text (preview).

What is claimed is: 1. A method of performing computerized authentication comprising: receiving, by processing circuitry, an electronic communication in connection with a computerized resource; upon receiving the electronic communication, determining, by processing circuitry, an entropy value relating to the electronic communication; determining, by processing circuitry, a mean value and a standard deviation value from historical entropy values relating to historical electronic communications in connection with the computerized resource; based on the entropy value, the mean value, and the standard deviation value, performing, by processing circuitry, a risk operation to determine a risk score indicating a riskiness of the electronic communication; and determining, by processing circuitry, an action to take in connection with the electronic communication based on the risk score. 2. The method as claimed in claim 1 , wherein performing the risk operation, comprises: subtracting the mean value from the entropy value in connection with the electronic communication and dividing the difference between the mean and entropy values by the standard deviation value in order to determine the risk score. 3. The method as claimed in claim 2 , wherein a range comprising upper and lower endpoints enables an assessment of the similarity between the electronic communication and the historical electronic communications; and performing the risk operation, comprises: determining whether the risk score lies within the range, wherein the communication is deemed similar in the event the risk score lies within the range and anomalous in the event the risk score lies outside range. 4. The method as claimed in claim 1 , wherein determining the entropy value, comprises: determining a probability of seeking access with the computerized resource, wherein the probability is dependent on the number of visits to the computerized resource; and based on the probability, determining the entropy value in connection with the electronic communication. 5. The method as claimed in claim 4 , wherein the probability is dependent on the number of visits to the computerized resource by a particular user and a total number of visits to the computerized resource by all users. 6. The method as claimed in claim 4 , wherein the communication seeks access to a page of a website, further wherein the probability is dependent on the number of visits by a particular user to the page of the website and a total number of page visits in connection with the website. 7. An apparatus for performing computerized authentication, comprising: memory; and processing circuitry coupled to the memory, the memory storing instructions which, when carried out by the processing circuitry, cause the processing circuitry to: receive an electronic communication in connection with a computerized resource; upon receiving the electronic communication, determine an entropy value relating to the electronic communication; determine a mean value and a standard deviation value from historical entropy values relating to historical electronic communications in connection with the computerized resource; based on the entropy value, the mean value, and the standard deviation value, perform a risk operation to determine a risk score indicating a riskiness of the electronic communication; and determine an action to take in connection with the electronic communication based on the risk score. 8. The apparatus as claimed in claim 7 , wherein performing the risk operation, comprises: subtracting the mean value from the entropy value in connection with the electronic communication and dividing the difference between the mean and entropy values by the standard deviation value in order to determine the risk score. 9. The apparatus as claimed in claim 8 , wherein a range comprising upper and lower endpoints enables an assessment of the similarity between the electronic communication and the historical electronic communications; and performing the risk operation, comprises: determining whether the risk score lies within the range, wherein the communication is deemed similar in the event the risk score lies within the range and anomalous in the event the risk score lies outside range. 10. The apparatus as claimed in claim 7 , wherein determining the entropy value, comprises: determining a probability of seeking access with the computerized resource, wherein the probability is dependent on the number of visits to the computerized resource; and based on the probability, determining the entropy value in connection with the electronic communication. 11. The apparatus as claimed in claim 10 , wherein the probability is dependent on the number of visits to the computerized resource by a particular user and a total number of visits to the computerized resource by all users. 12. The apparatus as claimed in claim 10 , wherein the communication seeks access to a page of a website, further wherein the probability is dependent on the number of visits by a particular user to the page of the website and a total number of page visits in connection with the website. 13. A computer program product having a non-transitory computer readable medium which stores a set of instructions for performing computerized authentication, the set of instructions, when carried out by processing circuitry, causing the processing circuitry to perform a method of: receiving an electronic communication in connection with a computerized resource; upon receiving the electronic communication, determining an entropy value relating to the electronic communication; determining a mean value and a standard deviation value from historical entropy values relating to historical electronic communications in connection with the computerized resource; based on the entropy value, the mean value, and the standard deviation value, performing a risk operation to determine a risk score indicating a riskiness of the electronic communication; and determining an action to take in connection with the electronic communication based on the risk score. 14. The computer program product as claimed in claim 13 , wherein performing the risk operation, comprises: subtracting the mean value from the entropy value in connection with the electronic communication and dividing the difference between the mean and entropy values by the standard deviation value in order to determine the risk score. 15. The computer program product as claimed in claim 14 , wherein a range comprising upper and lower endpoints enables an assessment of the similarity between the electronic communication and the historical electronic communications; and performing the risk operation, comprises: determining whether the risk score lies within the range, wherein the communication is deemed similar in the event the risk score lies within the range and anomalous in the event the risk score lies outside range. 16. The computer program product as claimed in claim 13 , wherein determining the entropy value, comprises: determining a probability of seeking access with the computerized resource, wherein the probability is dependent on the number of visits to the computerized resource; and based on the probability, determining the entropy value in connection with the electronic communication. 17. The computer program product as claimed in claim 16 , wherein the probability is dependent on the number of visits to the computerized resource by a particular user and a total number of visits to the computerized resource by all users

Assignees

Inventors

Pandey Sanjiv

Classifications

H04L63/1433Primary
Vulnerability analysis · CPC title
H04L67/22
Electricity · mapped topic
H04L67/535Primary
Tracking the activity of the user (network monitoring arrangements H04L43/00; recording of computer activity G06F11/34) · CPC title
H04L63/1408
by monitoring network traffic (monitoring network traffic per se H04L43/00) · CPC title

Patent family

Related publications grouped by family.

View patent family 59382822

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US9723017B1 cover?: There is disclosed herein techniques for use in detecting risky communications. In one embodiment, the techniques comprise a method including the following steps. The method comprises determining entropy in connection with a communication. The method also comprises performing a comparison based on the entropy and historical communications. The method further comprises determining the similarity…
Who is the assignee on this patent?: Emc Corp, Emc Ip Holding Co Llc
What technology area does this patent fall under?: Primary CPC classification H04L63/1433. Mapped technology areas include Electricity.
When was this patent published?: Publication date Tue Aug 01 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (B1). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).