Patent Application
20100269053
The present invention is in the field of systems, methods, and computer program products for security and market surveillance of a virtual world asset through interactions with a real world monitoring center.
Virtual worlds are becoming increasingly larger and complex, representing billions of dollars in service revenues. This is enabled by continually declining CPU and network interconnection costs and advances in virtual world systems.
A virtual world is a computer-based simulated environment intended for its users to inhabit and interact via avatars. These avatars are usually depicted as textual, two-dimensional, or three-dimensional graphical representations, although other forms are possible (auditory and touch sensations for example). Some, but not all, virtual worlds allow for multiple users.
At least one embodiment of the invention provides a method for security and market surveillance of a virtual world asset through interactions with a real world monitoring center. The method monitors at least one virtual world object in a virtual world, including detecting at least one virtual world event associated with the virtual world object. A notification of the virtual world event is received by a real world operations center. The notification includes attribute information of the virtual world object (e.g., identity, location, orientation, active/inactive status, and/or open/close status) and the correlation value between the virtual world object and the virtual world event.
The real world operations center determines a real world response and/or a virtual world response based on the correlation value. In response to the receiving of the notification, the real world operations center automatically sends the real world response to an end user and/or the virtual world response to the virtual world. The real world response includes a telephone call, a text message, an email, an audible alert, and/or a silent alert.
In an embodiment of the invention, the detecting of the virtual world event detects malicious software. In another embodiment, the detecting of the virtual world event detects the most visited virtual stores of a plurality of virtual stores and/or the virtual stores having the highest sales volumes. In still another embodiment, the detecting of the virtual world event detects: the most visited areas within a single store of the plurality of virtual stores, the number of times an avatar of a plurality of avatars visits the virtual store, the number of times the virtual store has been visited by the plurality of avatars, patterns of visits to the virtual store based on time of day, and/or patterns of visits to the virtual store based on day of week.
In yet another embodiment, the detecting of the virtual world event detects an interaction between the virtual world object and at least one third party. The third party is an avatar and/or an autonomous object. The virtual world response includes: identifying the third party, obtaining an image of the third party, activating a virtual world security system (an alarm and/or security avatars), reporting the virtual world event to a central authority in the virtual world, closing down the virtual world object, including preventing interaction between the virtual world object and the third party and interaction between the virtual world object and additional third parties, and/or freezing assets owned by the third party.
At least one embodiment of the invention provides a system for security and market surveillance of a virtual world asset through interactions with a real world monitoring center. The system has a monitor and a real world operations center. The monitor is adapted to monitor at least one virtual world object in a virtual world and detect at least one virtual world event associated with the virtual world object.
In at least one embodiment, the virtual world event is the presence of malicious software. In another embodiment, the virtual world event is the most visited virtual stores and/or the virtual stores having the highest sales volumes. In still another embodiment, the virtual world event is the most visited areas within a single store, the number of times an avatar visits the virtual store, the number of times the virtual store has been visited by the avatars, patterns of visits to the virtual store based on time of day, and/or patterns of visits to the virtual store based on day of week.
In yet another embodiment, the virtual world event is an interaction between the virtual world object and at least one third party. The third party is an avatar and/or an autonomous object. The virtual world response includes: identifying the third party, obtaining an image of the third party, activating a virtual world security system (e.g., an alarm and/or security avatars), reporting the virtual world event to a central authority in the virtual world, closing down the virtual world object, including preventing interaction between the virtual world object and the third party and interaction between the virtual world object and additional third parties, and freezing assets owned by the third party.
The real world operations center receives a notification of the virtual world event. The notification includes attribute information of the virtual world object (e.g., identity, location, orientation, active/inactive status, and/or open/close status) and/or a correlation value between the virtual world object and the virtual world event. The real world operations center determines a real world response and/or a virtual world response based on the correlation value. In response to the notification, the real world operations center automatically sends the real world response to an end user and/or the virtual world response to the virtual world. The real world response is a telephone call, a text message, an email, an audible alert, and/or a silent alert.
The present invention is described with reference to the accompanying drawings. In the drawings, like reference numbers indicate identical or functionally similar elements.
Exemplary, non-limiting, embodiments of the present invention are discussed in detail below. While specific configurations are discussed to provide a clear understanding, it should be understood that the disclosed configurations are provided for illustration purposes only. A person of ordinary skill in the art will recognize that other configurations may be used without departing from the spirit and scope of the invention.
The concept of monitoring assets as a service in the real world is applied to virtual world assets. An embodiment of the invention monitors virtual world assets (also referred to herein as “virtual world objects”) with real world techniques. More specifically, an embodiment of the invention associates a virtual world asset with a message to a real world (security) operations center. When the virtual world asset is interacted, the real world operations center is informed. The real world operations center carries out the requested services, potentially including additional interactions with the virtual world.
In applications in which a virtual world is created and humans project themselves into the world in the form of an “actor” which can interact within the virtual world, at least one embodiment of the invention provides services which support the interaction between the virtual world and the real world. Examples of virtual worlds include: SECOND LIFE, 3DVIRTUAL, METAVERSE, and massively multiplayer online role-playing games (MMORPGs). The term avatar is generally used to describe an “actor” in the virtual world.
A service provides surveillance of a virtual world asset and the transmission of this information to a real world monitoring center. In at least one embodiment, the real world monitoring center is in the form of a security operations center (SOC) which follows predefined process(es) instigated by an activity associated with the virtual world asset, e.g., an avatar approaching a location or interacting with an asset or other avatar. As illustrated in
In an embodiment of the invention, the service is illustrated in
Just as in the real world, objects in the virtual world will have value. A system is provided which observes the valuable object and if interacted with, invokes a response. An embodiment of the invention links virtual world actions against a virtual world asset to a real world response service. In
The real world response script is the set of steps performed by the operations center in response to a surveillance event. Additionally, an optional virtual world response script may be attached to the virtual world object, to be executed by the virtual world system (item 250).
As illustrated in
During operation of the service, the object under surveillance is interacted with by an avatar or some other entity, such as an autonomous object (item 310). This causes the invocation of the virtual world response script (item 320). The virtual world object attributes are determined and appended to the surveillance message (item 330); and, the surveillance message is sent (with the correlation value) to the real world (item 340) using an inter-world protocol 342.
The real world operations center receives the information, using the correlation value, determines which monitored virtual world asset has been interacted with, and based on rules, determines the appropriate response script and executes that script. Within the virtual world, if a virtual world response script was prepared (item 350), it is executed (item 360).
If there is a message from the virtual world (item 370), the message is received (item 380). Based on the correlation value, the response script is determined (item 390) and executed (item 392). The result of these real world service method steps is a security action, such as an alert sent to a designated person, a protective action, such as the execution of a script within the virtual world or some other predefined action.
In at least one embodiment, the real world response is in the form of a customer response center which follows predefined process(es) instigated by an activity associated with the virtual world asset, such as, for example, an avatar entering a location or interacting with another object or other avatar. This service is illustrated in
In virtual worlds, avatars have a unique identifier for the purpose of logging on. This can be the unique identifying number (such as in the ActiveWorlds platform) or a unique logon name which is used to identify the avatar and correlate it to an action in the virtual world. The optional virtual world response can include, for example, capturing the avatar's unique identifier, taking a virtual picture of the offender, flashing strobe lights, summoning security avatars or bots, reporting the event to the central authority of the virtual world, locking the account to prevent further log-ins, and/or freezing the inventory of the offending avatar.
In an exemplary embodiment of the invention, security is set in a virtual world museum to prevent anyone from taking a virtual world DaVinci Mona Lisa portrait, as well as to track anyone that attempts to perform an action on the portrait, such as copying it, moving it, or attempting to vandalize it. Responses to these virtual world actions cause a real world notification and an optional virtual world response.
In at least one other embodiment, virus and other malware (malicious software) are introduced into the virtual world. Thus, methods herein are extended to apply to a virus detection and response system. In such methods, the virtual world surveillance script is replaced with a virtual world malware detection agent, similar in function to a real world virus detection agent, except that the virtual world agent operates at the application layer, observing malicious behavior. This observation can be based on signatures, heuristics, and/or observation of abnormal behavior. The virtual world malware agent would then communication, per the methods described above, to a real world virus monitoring service. The service would perform service functions, such as correlation of malware events, reporting of malware events, and responding to malware events. Accordingly, an embodiment of the invention provides a service method for virtual world events into the real world.
As described in further detail below, examples of how a surveillance script detects abnormal events are provided. These scripts may also be used simultaneously and additional scripts of similar structure and/or content may be defined. The format of the illustrative examples is: if <conditional which is used to determine an abnormal event is true> then <notify the real world operations center> (via the steps as illustrated in
In the first example, the detection of the abnormal event involves detecting the number/density of avatars. Periodically the virtual world provider counts and records the number of avatars within the monitored zone. In addition, the virtual world provider quantizes the space between the avatars and determines the spatial distribution of avatars with respect to each other and/or with respect to the monitored zone. This information is periodically recorded. Over a specific time period set by the operator of the service, such as weekdays, weekends, lunch time, and all of the time, the service provider establishes a historical distribution which reflects a typical avatar population number and/or density within the monitored space.
If the virtual world provider of service observes that the current avatar population or density exceeds the historical typical avatar population and/or density by some threshold amount (set by agreement between the customer and the virtual world provider of service), then an abnormal event is detected and the method steps in
In a second example, the detection of an abnormal event involves detecting the presence of an avatar with a pre-identified public credential. The virtual world provider of service obtains, from the customer, a list of the public credentials used to identify avatars “of interest”, e.g., the media, a specific competitor's name, or other important person (e.g., chairman of the board). The virtual world's provider of service observes all avatars as they enter this monitored space. If an avatar's public credential is found to match the list provided by the customer, then the virtual world provider of service has detected an abnormal event and the method steps in
In a third example, the presence of an avatar having identity associated in an “exclude list” is detected. Within virtual worlds, certain individuals can be identified over time as problematic or instigators of trouble. These individuals can be identified through crowd sourcing of their behavior patterns. There are multiple methods to identify “instigators of trouble”, ranging from collection of identities by a company function (e.g., a complaint line), to publicly available sources (e.g., the Federal Convicted Sexual Offender list). In some cases the “exclude list” is maintained through a central repository which can be contributed to by other owners in the region, or through a rating system (similar to Amazon™ or e-Bay's™ reputation system). Avatars, as identified by object type, that exist on the exclude list trigger an event message when they come within a customer predefined range of a monitoring device (object) or when they arrive on a virtual parcel (region) as defined within the given virtual world platform. This event may be captured and sent to a control center for action. This is accomplished by the virtual world's provider of service observing all avatars as they enter this monitored space, or within a defined range; and, if the object type value is contained on the exclude list, then the virtual world provider of service has detected an abnormal event. The method steps in
In addition, the service provider of the virtual world space, in the provision of this service to multiple customers, may populate a common “object exclude list” from interaction with multiple different customers, each contributing to the common list. As an additional service (e.g., for an additional fee), the provider of service may make this common list available to a specific customer.
In a fourth example, the presence of an avatar with an offensive sign or message is detected. During a strike at a virtual world location, one of the techniques for drawing attention to the message that is being sent to those who attend is to carry signs with messages on them. In order to identify such “signs”, the provider of service examines each object attached to an avatar for one or more attributes. If the object contains a threshold number of attributes, as determined by the customer of the service, then the virtual world provider of service has detected an abnormal event. The method steps in
Examples of attributes that the customer of the service may choose, which are used to determine an instance of an abnormal event, include: object(s) attached to an avatar which are as large as or larger than the avatar itself, object(s) attached to an avatar which contains text, object(s) attached to an avatar which contains certain shapes and/or textures, and object(s) attached to an avatar which have excessive message generation through scripts or animations (“excessive” is defined by the service provider and/or customer).
In a fifth example, the system detects behavior associated with a “no shopping and a large amount of chat & voice-over-Internet protocol (VoIP)”. Many of the “areas” within virtual worlds have a purpose beyond serving as a gathering point. Shopping, presenting, and creating are all examples of purposes why people will congregate in a particular virtual zone. When a significant number of people gather in close proximity and do not take advantage of the purpose of the place (e.g., by clicking on objects and/or showing a presentation), but rather are chatting with one another via text or VoIP, this could be a flag that something out of the ordinary is occurring, that would raise a trigger to warrant an action or response. Thus, the provider of service obtains from the customer the set of actions that are “normally expected” in a zone, a threshold of the number of avatars, and a threshold on the amount of chat & VoIP activity that is considered abnormal. If the virtual world provider of service observes that the number of avatars within in a zone exceeds the threshold and/or the number of actions is less than the “normally expected” number, then the virtual world provider of service has detected an abnormal event. The method steps in
In a sixth example, known customers versus non-customers are detected. Just like websites, many virtual world places keep track of the frequent visitors, either by noticing/recording their arrival and departure, or through a more formal sign-up process where more information and preferences are disclosed. When a significant number of first time visitors materialize on a site within a short time period, this is a trigger for a response. Thus the provider of service or the customer records in a “prior visit list”, each avatar's object identifier when the avatar enters the area the first time. If the virtual world provider of service or customer observes the arrival of an avatar and the avatar's object identifier is not on the “prior visit list”, then the virtual world provider of service has detected an abnormal event. The method steps in
The real world operations center determines a real world response and/or a virtual world response based on the correlation value (item 430). In response to the receiving of the notification, the real world operations center automatically sends the real world response to an end user and/or the virtual world response to the virtual world (item 440). The real world response includes a telephone call, a text message, an email, an audible alert, and/or a silent alert.
In an embodiment of the invention, the detecting of the virtual world event detects malicious software. In another embodiment, the detecting of the virtual world event detects the most visited virtual stores of a plurality of virtual stores and/or the virtual stores having the highest sales volumes. In still another embodiment, the detecting of the virtual world event detects: the most visited areas within a single store of the plurality of virtual stores, the number of times an avatar of a plurality of avatars visits the virtual store, the number of times the virtual store has been visited by the plurality of avatars, patterns of visits to the virtual store based on time of day, and/or patterns of visits to the virtual store based on day of week.
In yet another embodiment, the detecting of the virtual world event detects an interaction between the virtual world object and at least one third party. The third party is an avatar and/or an autonomous object. The virtual world response includes: identifying the third party, obtaining an image of the third party, activating a virtual world security system (an alarm and/or security avatars), reporting the virtual world event to a central authority in the virtual world, closing down the virtual world object, including preventing interaction between the virtual world object and the third party and interaction between the virtual world object and additional third parties, and/or freezing assets owned by the third party.
In at least one embodiment, the virtual world event is the presence of malicious software. In another embodiment, the virtual world event is the most visited virtual stores and/or the virtual stores having the highest sales volumes. In still another embodiment, the virtual world event is the most visited areas within a single store, the number of times an avatar visits the virtual store, the number of times the virtual store has been visited by the avatars, patterns of visits to the virtual store based on time of day, and/or patterns of visits to the virtual store based on day of week.
In yet another embodiment, the virtual world event is an interaction between the virtual world object 532 and at least one third party. The third party is an avatar and/or an autonomous object. The virtual world response includes: identifying the third party, obtaining an image of the third party, activating a virtual world security system (e.g., an alarm and/or security avatars), reporting the virtual world event to a central authority in the virtual world 530, closing down the virtual world object 532, including preventing interaction between the virtual world object 532 and the third party and interaction between the virtual world object 532 and additional third parties, and freezing assets owned by the third party.
The real world operations center 520 receives a notification of the virtual world event. The notification includes attribute information of the virtual world object 532 (e.g., identity, location, orientation, active/inactive status, and/or open/close status) and/or a correlation value between the virtual world object 532 and the virtual world event. The real world operations center 520 determines a real world response and/or a virtual world response based on the correlation value. In response to the notification, the real world operations center 520 automatically sends the real world response to an end user and/or the virtual world response to the virtual world 530. The real world response is a telephone call, a text message, an email, an audible alert, and/or a silent alert.
As will be appreciated by one skilled in the art, the present invention may be embodied as a system, method or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment (including firmware, resident software, micro-code, etc.) or an embodiment combining software and hardware aspects that may all generally be referred to herein as a “circuit,” “module” or “system.” Furthermore, the present invention may take the form of a computer program product embodied in any tangible medium of expression having computer-usable program code embodied in the medium.
Any combination of one or more computer usable or computer readable medium(s) may be utilized. The computer-usable or computer-readable medium may be, for example but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, device, or propagation medium. More specific examples (a non-exhaustive list) of the computer-readable medium would include the following: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a random access memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or Flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a transmission media such as those supporting the Internet or an intranet, or a magnetic storage device. Note that the computer-usable or computer-readable medium could even be paper or another suitable medium upon which the program is printed, as the program can be electronically captured, via, for instance, optical scanning of the paper or other medium, then compiled, interpreted, or otherwise processed in a suitable manner, if necessary, and then stored in a computer memory. In the context of this document, a computer-usable or computer-readable medium may be any medium that can contain, store, communicate, propagate, or transport the program for use by or in connection with the instruction execution system, apparatus, or device. The computer-usable medium may include a propagated data signal with the computer-usable program code embodied therewith, either in baseband or as part of a carrier wave. The computer usable program code may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc.
Computer program code for carrying out operations of the present invention may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, Smalltalk, C++ or the like and conventional procedural programming languages, such as the “C” programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the latter scenario, the remote computer may be connected to the user's computer through any type of network, including a local area network (LAN) or a wide area network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet Service Provider).
The present invention is described above with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the invention. It will be understood that each block of the flowchart illustrations and/or block diagrams, and combinations of blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions/acts specified in the flowchart and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable medium that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable medium produce an article of manufacture including instruction means which implement the function/act specified in the flowchart and/or block diagram block or blocks.
The computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide processes for implementing the functions/acts specified in the flowchart and/or block diagram block or blocks.
Referring now to
The flowchart and block diagrams in the Figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present invention. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems that perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. As used herein, the singular forms “a”, “an” and “the” are intended to include the plural forms as well, unless the context clearly indicates otherwise. It will be further understood that the terms “comprises” and/or “comprising,” when used in this specification, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof.
The description of the present invention has been presented for purposes of illustration and description, but is not intended to be exhaustive or limited to the invention in the form disclosed. Many modifications and variations will be apparent to those of ordinary skill in the art without departing from the scope and spirit of the invention. The embodiment was chosen and described in order to best explain the principles of the invention and the practical application, and to enable others of ordinary skill in the art to understand the invention for various embodiments with various modifications as are suited to the particular use contemplated.
