Systems and methods for tracking responses on an online social network
US-2015026600-A1 · Jan 22, 2015 · US
Distributed monitoring, evaluation, and response for multiple devices
US9753796B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9753796-B2 |
| Application number | US-201314099737-A |
| Country | US |
| Kind code | B2 |
| Filing date | Dec 6, 2013 |
| Priority date | Dec 6, 2013 |
| Publication date | Sep 5, 2017 |
| Grant date | Sep 5, 2017 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Data is collected from a set of devices. The data is associated with the devices, mobile application programs (apps), web applications, users, or combinations of these. A norm is established using the collected data. The norm is compared with data collected from a particular device. If there is a deviation outside of a threshold deviation between the norm and the data collected from the particular device, a response is initiated.
First claim
Opening claim text (preview).
What is claimed is: 1. A method comprising: at a server, collecting observation data based on a first data collection policy from a plurality of devices, the collected observation data including information associated with device configuration, device state, and device behavior with regard to (1) an execution of an application on at least one of the plurality of devices and at least one of (2) a hardware or a firmware component on the at least one of the plurality of devices and (3) access to a network resource by the at least one of the plurality of devices; at the server, determining a normal pattern of activity occurring on the plurality of devices by processing the collected observation data, the normal pattern of activity being associated with at least one of the device configuration, the device state, and the device behavior of the plurality of devices; at the server, deriving a second data collection policy from the determined normal pattern of activity occurring on the plurality of devices, the second data collection policy being different than the first data collection policy; at the server, collecting first device data based on the derived second data collection policy from a first device of the plurality of devices; at the server comparing the normal pattern of activity occurring on the plurality of devices with a first pattern of activity occurring on the first device, the first pattern of activity being identified by the first device data; at the server determining that a deviation between the normal pattern of activity and the first pattern of activity associated with the first device is outside of a threshold deviation; and upon the determination, generating alert information by the server, wherein the alert information when processed causes performance of a first action on the first device. 2. The method of claim 1 wherein the action on the first device comprises: blocking the first device from accessing a service. 3. The method of claim 1 wherein the action on the first device comprises: transmitting to the first device instructions to uninstall an application program on the first device. 4. The method of claim 1 wherein the step of generating an alert further comprises: transmitting a message to an administrator. 5. The method of claim 1 wherein the observation data collected comprises a first set of observation data associated with an organization and collected from a first subset of the plurality of devices associated with the organization, and a second set of observation data collected from a second subset of the plurality of device not associated with the organization. 6. A method comprising: at a server, monitoring a plurality of devices for observation data based on a first data monitoring policy, the monitored observation data including information associated with device configuration, device state, and device behavior with regard to (1) an execution of an application on at least one of the plurality of devices and at least one of (2) a hardware or a firmware component on the at least one of the plurality of devices and (3) access to a network resource by the at least one of the plurality of devices; at the server, establishing a normal pattern of activity occurring on the plurality of devices based on the monitored observation data, the normal pattern of activity being associated with at least one of the device configuration, the device state, and the device behavior of the plurality of devices; at the server, deriving a second data monitoring policy from the determined normal pattern of activity occurring on the plurality of devices, the second data monitoring policy being different than the first data monitoring policy; at the server, monitoring a first device of the plurality of devices for first device data based on the derived second data monitoring policy; at the server, comparing the normal pattern of activity occurring on the plurality of devices with a first pattern of activity occurring on the first device, the first pattern of activity being identified by the monitored first device data; at the server, determining that the first pattern of activity associated with the first device of the plurality of devices is outside of a threshold deviation from the normal pattern of activity; and upon the determination, modifying the second data monitoring policy for monitoring of the first device by the server. 7. The method of claim 6 wherein the step of modifying the second data monitoring policy comprises: increasing the monitoring of the first device. 8. The method of claim 6 wherein the step of modifying the second data monitoring policy comprises: decreasing the monitoring of the first device. 9. The method of claim 6 wherein the normal pattern of activity indicates that a first event occurs during a first context, and the step of determining that activity on the first device is outside the normal pattern of activity comprises: determining that the first event occurred on the first device during a second context, different from the first context. 10. The method of claim 6 wherein the step of determining that the first pattern of activity on the first device is outside the normal pattern of activity comprises: receiving from the first device an indication that a shared library has been loaded on the first device from a memory card. 11. The method of claim 6 comprising: generating a model of characteristics for a specific application program on the plurality of device; and wherein the step of determining that the first pattern of activity on the first device is outside the normal pattern of activity comprises: determining that the application program, on the first device and identified as being the same as the specific application program, has a characteristic that is not included in the model of characteristics. 12. The method of claim 6 wherein the step of monitoring the plurality of devices comprises: monitoring a first subset of the plurality of devices for first events associated with the application program on the plurality of devices; and monitoring a second subset of the plurality of devices for second events associated with the application program, wherein the second subset of devices is not monitored for the first events, and the first subset of devices is not monitored for the second events. 13. A method comprising: at a server, distributing first policies to a plurality of devices, the plurality of devices includes a first device; at a server, receiving, from the plurality of devices, observation data responsive to the first policies for observation data, the received observation data including information associated with device configuration, device state, and device behavior with regard to (1) an execution of an application on at least one of the plurality of devices and at least one of (2) a hardware or a firmware component on the at least one of the plurality of devices and (3) access to a network resource by the at least one of the plurality of devices; at the server, determining a normal pattern of activity occurring on the plurality of devices using the received observation data, the normal pattern of activity being associated with at least one of the device configuration, the device state, and the device behavior of the plurality of devices; at the server, receiving first device data from a first device of the plurality of devices, the first device data being based on a second policy that has been derived from the normal pattern of activity occurring on the plurality of devices; at the server, determining a first pattern of activity occurring on the first device
Assignees
Inventors
Classifications
- G06F11/0766Primary
Error or fault reporting or storing · CPC title
by exceeding limits · CPC title
in a distributed system consisting of a plurality of standalone computer nodes, e.g. clusters, client-server systems · CPC title
Monitoring arrangements determined by the means or processing involved in sensing the monitored data, e.g. interfaces, connectors, sensors, probes, agents (software debugging using additional hardware using a specific debug interface G06F11/3656; performance evaluation by tracing or monitoring G06F11/3466) · CPC title
Traffic logging, e.g. anomaly detection · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9753796B2 cover?
- Data is collected from a set of devices. The data is associated with the devices, mobile application programs (apps), web applications, users, or combinations of these. A norm is established using the collected data. The norm is compared with data collected from a particular device. If there is a deviation outside of a threshold deviation between the norm and the data collected from the particu…
- Who is the assignee on this patent?
- Lookout Inc
- What technology area does this patent fall under?
- Primary CPC classification G06F11/0766. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Sep 05 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).