CLIAMS:1. A method for monitoring activities performed by a user on a software application, the method comprising:
logging user data associated with the activities of the user on the software application, wherein the user data comprises a plurality of entities associated with the software application and a plurality of values of the plurality of entities;
determining a subset of entities and corresponding values from the user data based upon one or more parameters;
identifying similar entities amongst the subset of entities based upon the corresponding values of the subset of entities;
grouping the similar entities into a group; and
generating a report comprising values of the similar entities present in the group for monitoring the activities of the user on the software application, wherein the logging, the determining, the identifying, the grouping, and the generating are performed by a processor.

2. The method of claim 1, wherein the entities comprises at least one of a data field and data label.

3. The method of claim 1 further comprising creating queries to be applied on the report for generating a customized report, wherein the customized report are specific to auditor’s requirement.

4. The method of claim 1, wherein the activities performed by the user comprises at least one of a clicking a link, navigating, and entering values into the plurality of entities.

5. The method of claim 1, wherein the one or more parameters comprises useless clicks, un-entered text, and sensitive keywords such as passwords.

6. The method of claim 1 further comprising creating a learning pattern based on the determining a subset of entities and corresponding values from the user data.

7. The method of claim 1 further comprising determining behavioral intention of the user based upon the grouping of the similar entities into the group.
8. A system 102 for monitoring activities performed by a user on a software application, the system 102 comprises:
a processor 202;
a memory 206 coupled to the processor 202, wherein the processor 202 is capable for executing a plurality of modules 208 stored in the memory 206, and wherein the plurality of modules 208 comprising:
logging module 210 configured to log user data associated with the activities of the user on the software application, wherein the user data comprises a plurality of entities associated with the software application and a plurality of values of the plurality of entities;
determining module 212 configured to determine a subset of entities and corresponding values from the user data based upon one or more parameters;
identifying module 214 configured to identify similar entities amongst the subset of entities based upon the corresponding values of the subset of entities;
grouping module 216 configured to group the similar entities into a group; and
generating module 218 configured to generate a report comprising values of the similar entities present in the group for monitoring the activities of the user on the software application.

9. The system 102 of claim 8 further comprises a query building module 220 configured to create queries to be applied on the report for generating a customized report, wherein the customized report are specific to auditor’s requirement

10. The system 102 of claim 8, wherein the activities performed by the user comprises at least one of a clicking a link, navigating, and entering values into the plurality of entities.

11. The system 102 of claim 8, wherein the one or more parameters comprises useless clicks, un-entered text, and sensitive keywords such as password.

12. A non-transitory computer readable medium embodying a program executable in a computing device for monitoring activities performed by a user on a software application, and the non-transitory computer readable medium comprising a set of instructions, the instructions comprising instructions for:
logging user data associated with the activities of the user on the software application, wherein the user data comprises a plurality of entities associated with the software application and a plurality of values of the plurality of entities;
determining a subset of entities and corresponding values from the user data based upon one or more parameters;
identifying similar entities amongst the subset of entities based upon the corresponding values of the subset of entities;
grouping the similar entities into a group; and
generating a report comprising values of the similar entities present in the group for monitoring the activities of the user on the software application. ,TagSPECI:
FORM 2

THE PATENTS ACT, 1970
(39 of 1970)
&
THE PATENT RULES, 2003

COMPLETE SPECIFICATION

(See Section 10 and Rule 13)

Title of invention:

SYSTEM AND METHOD FOR MONITORING ACTIVITIES OF A USER ON A SOFTWARE APPLICATION

APPLICANT:
Tata Consultancy Services Limited
A company Incorporated in India under the Companies Act, 1956
Having address:
Nirmal Building, 9th floor,
Nariman point, Mumbai 400021,
Maharashtra, India

The following specification describes the invention and the manner in which it is to be performed.

CROSS-REFERENCE TO RELATED APPLICATIONS AND PRIORITY
[001] The present application does not claim priority from any patent application.

TECHNICAL FIELD
[002] The present subject matter described herein, in general, relates to a method and a system for monitoring user activities, more specifically, monitoring activities of the user performed on a software application.

BACKGROUND
[003] In an every organization, auditing is required to monitor the behavioral intention of a user associated with the organization. The organization provides different in-house software applications and third party software applications to be accessed by the users. While accessing the in-house software application, the behavioral intention of the user is monitored by capturing user actions. But, in a case when the monitoring is required while the user access the third party software applications, capturing the user actions/activities on the third party software application may become difficult. In such cases, an auditor of the organization follows a general approach of sending a request to an authority hosting the third party software application for an audit report. In response of the request, the authority of the third party software application generates the audit report comprising the user’s behavior captured corresponding to the third party software application. Further, the audit report generated is sent to the auditor of the organization for review. Thus, the present processes/methodologies followed are time consuming and also add extra burden on the auditor of the organization in raising auditing request and waiting for the response.
[004] To audit a system for any information related to user’s activity while the user is accessing a software application (in-house software application or third party software application), source code of the software application needs to be changed. Changing the source code of the in-house software applications are under control - of the organization. But, where auditing is required for the third party software application, software code change solution fails. Thus, without changing the source code of the software application, auditing becomes a challenge for the auditor. Therefore, the dependency on the source code of the software applications is a challenge for auditing the system.
SUMMARY
[005] This summary is provided to introduce aspects related to systems and methods for monitoring activities performed by a user on a software application the concepts are further described below in the detailed description. This summary is not intended to identify essential features of subject matter nor is it intended for use in determining or limiting the scope of the subject matter.
[006] In one implementation, a system for monitoring activities performed by a user on a software application. The system comprises a processor and a memory coupled to the processor for executing a plurality of modules stored in the memory. The plurality of modules comprises a logging module, a determining module, an identifying module, a grouping module, a generating module, and a query building module. The logging module may be configured to log user data associated with the activities of the user on the software application. The user data comprises a plurality of entities associated with the software application and a plurality of values of the plurality of entities. Further, the determining module may be configured to determine a subset of entities and corresponding values from the user data based upon one or more parameters. Further, the identifying module may be configured to identify similar entities amongst the subset of entities based upon the corresponding values of the subset of entities. After identifying the similar entities, the grouping module may be configured to group the similar entities into a group. Further, the generating module may be configured to generate a report comprising values of the similar entities present in the group for monitoring the activities of the user on the software application.
[007] In another implementation, a method for monitoring activities performed by a user on a software application. The method comprises a step of logging user data associated with the activities of the user on the software application. Further, the user data comprises a plurality of entities associated with the software application and a plurality of values of the plurality of entities. The method may be further provided for determining a subset of entities and corresponding values from the user data based upon one or more parameters. Further, the method may be provided for identifying similar entities amongst the subset of entities based upon the corresponding values of the subset of entities. Upon identifying the similar entities, the method may be provided for grouping the similar entities into a group. Further, the method may be provided for generating a report comprising values of the similar entities present in the group for monitoring the activities of the user on the software application. Further, the logging, the determining, the identifying, the grouping, and the generating are performed by a processor.
[008] Yet in another implementation a non-transitory computer readable medium embodying a program executable in a computing device for monitoring activities performed by a user on a software application. The non-transitory computer readable medium comprises a set of instructions, the instructions comprising instructions for logging user data associated with the activities of the user on the software application. The user data comprises a plurality of entities associated with the software application and a plurality of values of the plurality of entities. Further, a set of instructions may be provided for determining a subset of entities and corresponding values from the user data based upon one or more parameters. A set of instructions may be further provided for identifying similar entities amongst the subset of entities based upon the corresponding values of the subset of entities. After identifying the similar entities, a set of instructions may be provided for grouping the similar entities into a group. Further, a set of instructions may be provided for generating a report comprising values of the similar entities present in the group for monitoring the activities of the user on the software application.

BRIEF DESCRIPTION OF THE DRAWINGS
[009] The detailed description is described with reference to the accompanying figures. In the figures, the left-most digit(s) of a reference number identifies the figure in which the reference number first appears. The same numbers are used throughout the drawings to refer like features and components.
[0010] Figure 1 illustrates a network implementation of a system for monitoring activities performed by a user on a software application, in accordance with an embodiment of the present subject matter.
[0011] Figure 2 illustrates the system, in accordance with an embodiment of the present subject matter.
[0012] Figure 3 and 4 illustrates a detailed working of the system, in accordance with an embodiment of the present subject matter.
[0013] Figure 5 illustrates a method for monitoring activities performed by a user on a software application, in accordance with an embodiment of the present subject matter.
DETAILED DESCRIPTION
[0014] Systems and methods for monitoring activities of a user on a software application are described. The user of an organization may have an access to in-house software applications internal to the organization, and other software applications (third party software applications) external to the organization. When an auditing is required i.e., monitoring the activities of the user on the software application, an auditor of the organization may have to sent an audit request to an authority of the software application external to the user. In response, the authority may send back an audit report to the auditor of the organization. Further, for monitoring the activities of the user on the software application, source code of the software application needed to be changed. Thus, the dependency on the source code of the software application limits the auditor in performing his/her job.
[0015] To overcome such limitation, the present disclosure discloses a methodology for monitoring the activities of the user on the software application external to the organization without changing the source code and processes of the software application. While the user interacts with the software application, activities of the user may be captured. Based on the activities captured, a log of user data which is associated with the activities of the user may be maintained. The log of the user data comprises plurality of entities associated with the software application and plurality of values of the plurality of entities. With each entity of the plurality of entities, a data field or a data label may be associated where the user may enter the value corresponding to the entity. Further, the user data also comprises other user activities such as clicking on links, navigating from one view to another etc., while accessing the software application.
[0016] Since, the user data captured in the log may contain various inconsistency and redundancies, filtering/sanitizing of the user data may be required to remove useless or unwanted data from the user data. Thus, a subset of entities and corresponding values of the subset of entities may be determined from the user data, based on one or more parameters. The one or more parameters based on which sanitization of the user data is performed may comprise useless clicks, un-entered text, and sensitive keywords such as passwords etc. Thus, the relevant data (i.e., a subset of entities and corresponding values of the subset of entities) may get extracted from the user data.
[0017] After extracting, an orchestration may be performed upon the relevant data by using a tree traversal algorithm. At first, similar entities amongst the subset of entities may be identified. Further, the similar entities identified based on the values corresponding to the subset of entities. Further, a grouping may be performed in order to group the similar entities into one group. Thus, the orchestration is performed by identifying and grouping the similar entities. After the orchestration a report may be generated, and the report comprises values of the similar entities present in the group for monitoring the activities of the user on the software application.
[0018] While aspects of described system and method for monitoring activities performed by a user on a software application may be implemented in any number of different computing systems, environments, and/or configurations, the embodiments are described in the context of the following exemplary system.
[0019] Referring to Figure 1, a network implementation 100 of system 102 for monitoring activities performed by a user on a software application in an organization is illustrated, in accordance with an embodiment of the present subject matter. In one embodiment, the system 102 facilitates the monitoring of the user activities on the software application external to the organization. Although the present subject matter is explained considering that the system 102 is implemented for monitoring activities performed by the user on the software application on a server, it may be understood that the system 102 may also be implemented in a variety of computing systems, such as a laptop computer, a desktop computer, a notebook, a workstation, a mainframe computer, a server, a network server, a tablet, a mobile phone, and the like. In one embodiment, the system 102 may be implemented in a cloud-based environment. It will be understood that the system 102 may be accessed by multiple users through one or more user devices 104-1, 104-2…104-N, collectively referred to as user 104 hereinafter, or applications residing on the user devices 104. Examples of the user devices 104 may include, but are not limited to, a portable computer, a personal digital assistant, a handheld device, and a workstation. The user devices 104 are communicatively coupled to the system 102 through a network 106.
[0020] In one implementation, the network 106 may be a wireless network, a wired network or a combination thereof. The network 106 can be implemented as one of the different types of networks, such as intranet, local area network (LAN), wide area network (WAN), the internet, and the like. The network 106 may either be a dedicated network or a shared network. The shared network represents an association of the different types of networks that use a variety of protocols, for example, Hypertext Transfer Protocol (HTTP), Transmission Control Protocol/Internet Protocol (TCP/IP), Wireless Application Protocol (WAP), and the like, to communicate with one another. Further the network 106 may include a variety of network devices, including routers, bridges, servers, computing devices, storage devices, and the like.
[0021] Referring now to Figure 2, the system 102 is illustrated in accordance with an embodiment of the present subject matter. In one embodiment, the system 102 may include at least one processor 202, an input/output (I/O) interface 204, and a memory 206. The at least one processor 202 may be implemented as one or more microprocessors, microcomputers, microcontrollers, digital signal processors, central processing units, state machines, logic circuitries, and/or any devices that manipulate signals based on operational instructions. Among other capabilities, the at least one processor 202 is configured to fetch and execute computer-readable instructions or modules stored in the memory 206.
[0022] The I/O interface 204 may include a variety of software and hardware interfaces, for example, a web interface, a graphical user interface, and the like. The I/O interface 204 may allow the system 102 to interact with a user directly or through the client devices 104. Further, the I/O interface 204 may enable the system 102 to communicate with other computing devices, such as web servers and external data servers (not shown). The I/O interface 204 can facilitate multiple communications within a wide variety of networks and protocol types, including wired networks, for example, LAN, cable, etc., and wireless networks, such as WLAN, cellular, or satellite. The I/O interface 204 may include one or more ports for connecting a number of devices to one another or to another server.
[0023] The memory 206 may include any computer-readable medium or computer program product known in the art including, for example, volatile memory, such as static random access memory (SRAM) and dynamic random access memory (DRAM), and/or non-volatile memory, such as read only memory (ROM), erasable programmable ROM, flash memories, hard disks, optical disks, a compact disks (CDs), digital versatile disc or digital video disc (DVDs) and magnetic tapes. The memory 206 may include modules 208 and data 224.
[0024] The modules 208 include routines, programs, objects, components, data structures, etc., which perform particular tasks or implement particular abstract data types. In one implementation, the modules 208 may include a logging module 210, a determining module 212, an identifying module 214, a grouping module 216, a generating module 218, a query building module 220, and other modules 222. The other modules 222 may include programs or coded instructions that supplement applications and functions of the system 102.
[0025] The data 224, amongst other things, serves as a repository for storing data processed, received, and generated by one or more of the modules 208. The data 224 may also include a user activity database 226, and other data 228.
[0026] Referring now to Figure 3 and 4, illustrates detailed working of the system, in accordance with an embodiment of the present subject matter. The system 102 is provided for monitoring activities performed by a user on a software application in an organization, and the software application may be internal as well as external to the organization. Further, the software application external to the organization may be hosted on an external server (302). When an auditor 304 of the organization is required to perform an audit, he/she may not have a direct control over the software application hosted on the external server 302. The auditor 304 may have to send an audit request to an authority of the external server 304 for having an audit report of activities of the user on the software application. Also, to monitor the activities of the user on the software application (internal or external), source code and processes of the software application is required to be changed. The dependencies of changing the source code and the processes of the software application may limit the auditor 304 of the organization of perform his/her job, as he/she doesn’t have a control over the source code of the software application (hosted on the external server). Thus, the purpose of the present disclosure is to provide a system 102 for eliminating a need of changing the source code and processes of the software application for monitoring the activities of the user on the software application hosted on the external server 302.
[0027] For monitoring the activities, several modules may be provided. The working of each module is explained in detail according to Fig. 3 and Fig. 4. One of a module is a logging module 210 configured for maintaining a log of user data associated with the activities of the user on the software application. The activities performed by the user may be like clicking a link, navigating, and entering values into the plurality of entities. Further, the user data comprises a plurality of entities associated with the software application and a plurality of values of the plurality of entities. From the Fig. 4, a screenshot of a web page 402 of the software application may be seen. The organization may provide different types of user access such as (GmailTM Login, FacebookTM Login, Hotel Reservation, Flight reservation etc.,) to the user as can be seen under the “user access menu” of the web page 402. In the present scenario, the user have selected the “Hotel Reservation”, and after the selection, a separate window i.e., Hotel Login 404 window pops up on the web page 402. From the Hotel Login 404 window, the plurality of entities associated with the software application may be seen in the figure. According to present scenario, the plurality of entities comprises “Hotel Number”, “Password”, and “User Name”. Corresponding to each entity, a data field may be associated in which the user may be allowed to enter the values of the plurality of entities.
[0028] According to the present scenario, the values entered by the user are “1234”, “*******”, and “admin@123” corresponding to the entities “Hotel Number”, “Password”, and “User Name”, respectively. Thus, the logging module 210 maintains the log of the user data i.e., the plurality of entities (“Hotel Number”, “Password”, and “User Name”) and the values of the entities (“1234”, “*******”, and “admin@123”). The logging module 210 may also be configured to capture and store data corresponding to the clicking the link, and the navigating, performed by the user. According to embodiments, the logging module 210 may also configured to sense a neighborhood environment through rendering mechanism where the user performs its action like what will be the probable label where user is entering his/her data or on what link the user has clicked etc. Further, the user data logged by the logging module 210 may be stored in a user activity database 226 of the system 102. Thus, the log of the user data may reflect the different activities performed by the user while accessing the software application.
[0029] Further, the log of the user data may be highly voluminous consisting of various inconsistency and redundancies. To filter the log of the user data, it may be required to remove unwanted data from the log of the user data. For removing such unwanted data, a determining module 212 may be configured to determine a subset of entities and corresponding values from the user data based upon one or more parameters. Thus, based on the one or more parameters like useless clicks, un-entered text, and sensitive keywords such as password, the determining module 212 sanitizes the log of the user data resulting in determination of the subset of entities and values corresponding to the subset of entities. According to the present scenario, the subset of entities and the values corresponding to the subset of entities may be seen from 404A and 404B of Fig. 4 in detail. As it can be seen from Fig. 4, the determining module 212 has removed the entity “Password” (being as a sensitive entity) and its corresponding value “*******” while determining the subset of entities and the values to the subset of entities. According to embodiments of the present disclosure, the system 102 may also create a learning pattern based on the determination of the subset of entities and corresponding values, from the user data.
[0030] After sanitizing the log of the user data, an identifying module 214 may be configured to identify similar entities amongst the subset of entities based upon the corresponding values of the subset of entities. Thus, the entities i.e., “Hotel Number” and “User Name” (404A and 404B) are identified as the similar entities under the same window i.e., the Hotel Login 404 window of the web page 402. After the similar entities are identified, a grouping module 216 may be configured to group the similar entities into a group. As can be seen from block 406 of the Fig. 4, the similar entities “Hotel Number” and “User Name” and their corresponding values i.e., “1234” and “admin@123” respectively, are grouped under a one group. According to embodiments, the grouping of the similar entities may be further converted into lucid semantics like user entered “1234 Hotel Number under Hotel Login” or “admin@123 User Name under Hotel Login” which can easily be understood by the auditor 304. Thus, the identifying and grouping of the similar entities create a logical significance and cohesiveness amongst the plurality of entities. Based on the grouping of the similar entities and their corresponding values, behavioral intention of the user may be determined. In one example, if the similar entities are grouped under a “leave application” window (not shown in the figure) of the web page 402, then based on the values (From: 21/03/2014 and Till: 30/03/2014) of the similar entities, the intention of the user may be determined i.e., the user might have applied for a leave application between the dates 21/03/2014 to 30/03/2014 while accessing the software application.
[0031] Further, a generating module 218 may be configured to generate a report comprising values of the similar entities present in the group for monitoring the activities of the user on the software application. The report generated facilitates the auditor 304 to monitor any malicious user actions with the software application external to the organization of the user. Also, the methodologies discussed in the present disclosure eliminate the need for changing the source code and processes of the software application (third party software application) external to the organization. Thus, the dependency on the source code of the software application may be overcome.
[0032] The report generated may be further customized based on the requirement of the auditor 304. In exemplary embodiments of the present disclosure, a query building module 220 may be provided to create queries to be applied on the report. The queries applied may help in generation of a customized report comprising intended results specific to the requirement of the auditor 304.
[0033] Referring now to Figure 5, the method for monitoring activities performed by a user on a software application external to an organization is shown, in accordance with an embodiment of the present subject matter. The method 500 may be described in the general context of computer executable instructions. Generally, computer executable instructions can include routines, programs, objects, components, data structures, procedures, modules, functions, etc., that perform particular functions or implement particular abstract data types. The method 500 may also be practiced in a distributed computing environment where functions are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, computer executable instructions may be located in both local and remote computer storage media, including memory storage devices.
[0034] The order in which the method 500 is described is not intended to be construed as a limitation, and any number of the described method blocks can be combined in any order to implement the method 500 or alternate methods. Additionally, individual blocks may be deleted from the method 500 without departing from the spirit and scope of the subject matter described herein. Furthermore, the method can be implemented in any suitable hardware, software, firmware, or combination thereof. However, for ease of explanation, in the embodiments described below, the method 500 may be considered to be implemented in the above described system 102.
[0035] At block 502, a log of user data associated with the activities of the user on the software application is maintained. Further, the user data comprises a plurality of entities associated with the software application and a plurality of values of the plurality of entities. Further, the step of logging of the user data may be performed by a processor.
[0036] At block 504, subset of entities and corresponding values of the subset of entities are determined from the user data, based on one or more parameters. Further, the one or more parameters may comprise useless clicks, un-entered text, and sensitive keywords such as passwords. Further, the step of determining of the subset of entities and corresponding values of the subset of entities is performed by the processor.
[0037] At block 506, similar entities amongst the subset of entities may be identified based upon the corresponding values of the subset of entities. Further, the step of identifying the similar entities amongst the subset of entities is performed by the processor.
[0038] At block 508, grouping of the similar entities may be performed to group the similar entities into a group. Further, the grouping of the similar entities helps in determining the user intention/behavioral intention of the user. For example, user has changed password, user has approved accommodation request, user transferred the amount etc. Further, the step of the grouping of the similar entities is performed by the processor.
[0039] At block 510, a report may be generated, and the report comprises values of the similar entities present in the group for monitoring the activities of the user on the software application. Further, the step of generating the report may be performed by the processor.
[0040] Although implementations for methods and systems for monitoring activities performed by a user on a software application have been described in language specific to structural features and/or methods, it is to be understood that the appended claims are not necessarily limited to the specific features or methods described. Rather, the specific features and methods are disclosed as examples of implementations for monitoring the user activities on the software application external to an organization.