As the world continues to advance technologically, efficient and secure work on digital media is becoming very important. Efficiency has become difficult to measure with the increasing ease of access to the internet, as well as normal misuse, and abnormal malfunctions within the program. Security is also difficult to maintain in an environment where every person and machine is not directly supervised in addition to any unauthorized remote access via the internet.
Inefficiencies among the assets in a company waste time, money, and resources. U.S. Pat. No. 7,185,367 describes a disclosure that uses the statistical analysis of the differences between normal behaviors of any program including the operating system, and then compares this to the current run to determine any anomalies, which could be unauthorized, abusive, productive, or unproductive use of the Computer system. Therefore, if the Computer system is not operating properly then the disclosure records and notifies the correct people about the problem. The cause of improper operation could range from (but is not limited to) improper inputs from the user, to use of the program for functions it is not designed for, to malfunctioning of the code.
Security of digital media has a variety of prior art covering a wealth of options including traditional virus protection, but more specifically options dealing with the behavior associated with the system. For example, U.S. Patent Application Publication No. 2008/0047017 assesses the risks of users based on questions that quiz the user's behavior. The user is presented questions, and the computer dynamically assesses changes to the user's security level as a result of the information provided by the responses. Likewise, U.S. Patent Application Publication No. 2008/0141349 determines whether a user should be routed to the generated content based on the content of the computer associated with the network.
In a different method, U.S. Pat. No. 7,723,264 prevents misuse conditions on a data network by analyzing variables such as the state of the network and/or target, the response/reaction of the network and/or target, and/or the fingerprint of the target. The disclosure is looking for the receipt of suspicious data transmissions by a network node, originating by another network node.
Keyboard use in terms of keystroke rate and timings of speed between different keys on the keyboard has been widely used in biometric systems to provide patterns of keystrokes which can be associated with a particular user (such as in U.S. Patent Application Publication No. 2004/0187037 A1). However, the number of key presses that occur within a graphical window on screen, or those that occur within a component of this window, is also a useful measurement of user behaviour. Further, the referenced patent only monitors keystrokes during log-in events.
Methods which track user-computer interactions throughout the duration of the interaction are needed. Further, the metrics for monitoring log-in time events can not fully capture all interaction. The referenced disclosure does not provide a method for tracking application switches, application usage frequency, mouse clicks within an application, or keystrokes within an application. These limitations do not enable the referenced patent to enable a greater insight into user-computer interactions.
Further, there is not a system which analyzes the way an individual computer operating system is used and interacted with by its user which allows objective analysis and measurement of anomalous behavior patterns.
Further, there is not a system that allows managers the ability to both analyze efficiency and security of a network or computer at the same time. There is a need to be able to measure and classify the user behavior of the computer in terms of this user's own individual preferences and approaches to the user interface.