WO2016065405A1 - Method and system for activity monitoring - Google Patents

Method and system for activity monitoring Download PDF

Info

Publication number
WO2016065405A1
WO2016065405A1 PCT/AU2015/000654 AU2015000654W WO2016065405A1 WO 2016065405 A1 WO2016065405 A1 WO 2016065405A1 AU 2015000654 W AU2015000654 W AU 2015000654W WO 2016065405 A1 WO2016065405 A1 WO 2016065405A1
Authority
WO
WIPO (PCT)
Prior art keywords
user
activity
data
module
monitoring
Prior art date
Application number
PCT/AU2015/000654
Other languages
French (fr)
Inventor
Tom Raguz
Original Assignee
1010 Id Pty Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from AU2014904387A external-priority patent/AU2014904387A0/en
Application filed by 1010 Id Pty Ltd filed Critical 1010 Id Pty Ltd
Publication of WO2016065405A1 publication Critical patent/WO2016065405A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/30Monitoring
    • G06F11/34Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation ; Recording or statistical evaluation of user activity, e.g. usability assessment
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/552Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/30Monitoring
    • G06F11/34Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation ; Recording or statistical evaluation of user activity, e.g. usability assessment
    • G06F11/3438Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation ; Recording or statistical evaluation of user activity, e.g. usability assessment monitoring of user actions
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/06Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
    • G06Q10/063Operations research, analysis or management
    • G06Q10/0639Performance analysis of employees; Performance analysis of enterprise or organisation operations
    • G06Q10/06398Performance of employee with respect to a job function
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/30Monitoring
    • G06F11/3003Monitoring arrangements specially adapted to the computing system or computing system component being monitored
    • G06F11/3041Monitoring arrangements specially adapted to the computing system or computing system component being monitored where the computing system component is an input/output interface
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2101Auditing as a secondary aspect
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q50/00Information and communication technology [ICT] specially adapted for implementation of business processes of specific business sectors, e.g. utilities or tourism
    • G06Q50/10Services
    • G06Q50/20Education

Definitions

  • the present invention relates to a method and system for activity monitoring and, in particular, to a method and system for monitoring electronic learning activity.
  • Electronic learning (e-learning) modules are now offered by many academic and professional institutions as part of training courses and academic courses and are becoming increasingly available to students.
  • Pre-recorded electronic material including lectures and presentations provide studying flexibility for students and teaching flexibility to teachers beyond typical face to face classroom education.
  • Such courses can increase the geographical catchment of educational institutions and allow individuals to schedule their study around other commitments.
  • Some universities and institutions provide courses entirely as remote learning courses with no classroom interaction and no face to face student and teacher engagement at all. Such courses enable
  • E-learning course provide flexibility for students and teachers however the fact that the students are not visible during study periods creates a risk that
  • embodiments of the invention provide a method for monitoring user activity at an electronic device during a user activity session
  • monitoring module controlling at least one activity monitoring device to record user activity during the activity session; and, associating the recorded user activity with the activity session; and storing the recorded user activity in an activity session file.
  • embodiments of the invention provide an activity monitoring system for monitoring user activity at an electronic device during an activity session comprising: receiver for receiving a request to initiate an activity session on a user device;
  • At least one monitoring module and at least one activity monitoring device configured to automatically activate at least one monitoring module in response to the request to initiate the activity session; monitoring module being configured to control at least one activity monitoring device during the activity session to record user activity; memory configured to store the recorded user activity during the activity session from the at least one monitoring module and associate the recorded user activity with the activity session.
  • the invention provides a method for authorising user access to a secure module at a security gateway comprising the steps of, at a secure gateway: receiving user registration data associated with a user from a secure module, the user registration data comprising user identification data and user authorisation data associated with the secure module; storing the user registration data at a security gateway database;
  • allocating security gateway user security data to the user allocating security gateway user security data to the user; associating the user security gateway security data with the user registration data; and providing the user security gateway user security data to the user;
  • identification data with the user registration data and storing the received user identification data as security data authorisation data, the received user identification data being used to authorise user access to a secure module .
  • a security gateway for authorising user access to a secure module, the security gateway comprising: receiver configured to receive user registration data associated with a user from a secure module, the user registration data comprising user identification data and user
  • memory configured to store user registration data at a security gateway database; security data allocation means configured to allocate security gateway user security data to the user; processor configured to associate the user security gateway security data with the user registration data; and transmitter configured to provide the user security gateway user security data to the user and request user identification data; receiver configured to receive user identification data, associating the received user identification data with the user registration data and storing the received user identification data as security data authorisation data, the received user identification data being used to authorise user access to a secure module.
  • a system for monitoring user activity on an electronic device comprising: Means for requesting on a user device initiation of an activity session;
  • receiver for receiving user identification: Communication bus for establishing a communications channel with a security gateway via a network; transmitter for
  • receiver for receiving at the user device authorisation result from the security gateway; and, means for
  • embodiments of the invention provide an electronic activity monitoring module
  • receiver for receiving an access request for a predefined module, the access request including user identification; means for initiating monitoring activity in response to the access request; and, means for
  • embodiments of the invention provide an electronic monitoring system comprising an activity monitoring module and a security access module comprising: at the electronic activity monitoring module, receiving an access request for a predefined module, the access request including user identification; initiating monitoring activity in response to the access request; and, associating a record of the monitoring activity with the predefined module and the user identification; and, at the security access module, receiving identification, verifying the security authorisation and providing access code in dependence on verification of the security
  • FIG. 1 illustrates the architecture in an embodiment of the invention
  • FIG. 1 illustrates the steps taken to register with the Learning Management System
  • Figure 3 illustrates components within the user device
  • FIG. 4 shows the steps taken to initiate an
  • FIG. 5 shows the architecture in an embodiment of the invention
  • Figure 6 shows the steps taken to login to the
  • Figure 7 illustrates steps taken when shutting the activity monitoring module.
  • FIG. 8 illustrates components in an embodiment
  • FIG. 9 illustrates steps performed in an
  • FIG. 10 illustrates steps performed in an
  • Embodiments of the invention provide a system to monitor the activity on and around an electronic device during user interaction with an e-learning system or other restricted access area.
  • An activity monitoring module is trigged when a user logs onto a predefined e-learning environment to which he is registered.
  • the activity monitoring module facilitates registration onto the e- learning system and activates monitoring apparatus, including for example cameras, microphones, data entry recorders and document editing recorders.
  • a record of the activity is stored and logged against the registered user and associated with the login period.
  • the activity record may be accessed by the institution or company providing the e-learning system or the e-learning content or other restricted access content to verify the activity of the user during engagement with the e-learning system or other content .
  • User device 101 is an electronic device for a user capable of logging into a Learning Management System
  • LMS LMS
  • the user device might be a desktop computer, laptop or smart phone.
  • User device 101 is connectable to the LMS 102 via communication network 103.
  • the communication network may be fixed line network or wireless network providing access to the LMS and exchange of data between the user device and the LMS. In most cases the LMS is accessed from the device across an online web link.
  • user device 101 may include a camera, microphone, display unit, fingerprint scanner, as well as software for monitoring the input to the user.
  • Some devices include modules to take a ⁇ screen shot' of the screen at a particular time in order to capture the content displayed on the screen.
  • Security gateway 104 manages access into the learning management system. In particular the registration and access to users LMS accounts is managed through security gateway 104.
  • Security gateway 104 includes software modules and a memory to store user security
  • Data store 105 provides storage facilities for files associated with the activity monitoring module. Such files include data recorded by the activity monitoring module. In some cases the files may be generated by the activity monitoring module. Although data store 105 is showed as a separate entity it may be positioned as a component part of another module within the system, for example within the user device, the security gateway or the LMS . If the data store is not a component part of the user device it will be connected via the communication network 103 in order that files can be passed from user device 101 to data store 105. The data files may be generated and populated at user device 101 or may be generated elsewhere in the system and populated with data from user device 101.
  • Security database 106 stores general identification for individuals.
  • Security database 106 may store copies of individuals' driving licences, passports as well as photographs or biometric information.
  • Security database 106 may be held by a government or private institution.
  • security database 106 is held behind firewalls or other barriers to control access to the sensitive data held within it.
  • Different components within the system can communicate with the security database in order to authorise individuals based on personal information provided to them.
  • Learning management systems provide an environment and database for storing and accessing material associated with a particular course of study. For example,
  • the LMS hosts educational material including audio lectures, study resources, lecture notes and assessment questions for courses on the LMS.
  • individuals can access the Learning Management System via a direct access website.
  • Learning Management Systems are typically associated with a university, academic institution or other company providing educational training courses. They are
  • the learning management system access page is typically accessed via the university or institution website.
  • FIG. 1 The following example describes an embodiment in which an e-learning course is provided by a university.
  • the LMS passes responsibility for managing access to the LMS by students to security gateway 104.
  • Figure 2 shows the process for gaining initial access to an e-learning course facilitated by LMS 102 with reference to the architecture shown in Figure 1.
  • a student registers with the e- learning course at 202.
  • Registration may be performed in an online environment.
  • registration may be completed in a face to face manner, for example at a university or company office, or by telephone.
  • students provide identification and may be required to pay for the course of study.
  • the registration process may require contact details to be provided for the user, for example a telephone number, address or email address.
  • the university After registration the university creates an account for the student at the LMS.
  • the account provides access to the material related to the course of study for which the student is registered.
  • the security management system manages login access to the LMS and also monitors the activity of students while they interact with the LMS, for example complete assessments or review study material.
  • the notification includes an address for security gateway 104 and the student is required to access the security gateway to gain access to the LMS.
  • the link to security gateway 104 is preferably a web address.
  • the email notification may also include a unique ID allocated to the user to be provided to the security gateway as authorisation.
  • the LMS system also notifies the security gateway that it has registered a new user.
  • the LMS provides the same unique ID allocated to the user to the security gateway and may also send additional information including personal details of the registered user.
  • the LMS also creates student LMS access codes, typically in the form of a username and password, required to access the user account within the LMS.
  • the username and password is provided to the security gateway 104 at 208.
  • the security gateway stores the username and password and the unique ID along with any other information
  • the LMS identifying the student, for example the student's name, at 210.
  • the logon page may be branded to correspond to the particular University or maybe branded under the branding of the security gateway.
  • the welcome page of the security gateway includes login and password entry fields as well as an entry field for new users to enter the unique ID provided by the LMS.
  • the security gateway On receiving the unique ID from the new user at 214, the security gateway interrogates its database to retrieve any information associated with the unique ID associated with the user and provided by the LMS. Preferably, before proceeding the security gateway conducts an authorisation check on the user at 216. The security gateway may request further information from the user including name, date of birth, courses which the individual has applied to study at the particular institution. This information is compared with any information previously provided by the LMS to the security gateway.
  • the security gateway may take further steps to authorise the user including requesting photographic identification, biometric identification or copies of a passport or driving licence or other
  • Security gateway may compare this information with information provided to it by the
  • the security gateway may authorise the user with identification database 106.
  • identification database 106 In this case the
  • Security database 106 may be managed by government or state authority.
  • security database is maintained at high security levels and so any authorisation via the security database is typically performed by providing data to the security database which is authorised by the database.
  • security database may provide a linear match / non-match output .
  • Security gateway may also request the user to enter a photograph, biometric data, audio data or other personal identifier in real time to confirm that the user currently activating the device is the individual in the passport photograph , driving licence etc.
  • security gateway may prompt or trigger activation of a data capture device on the user device, for example a camera or microphone. Such data could be compared with data in security database 106 or data stored locally in the security gateway database.
  • security gateway may retrieve data from LMS or other data holding modules .
  • Security gateway may prompt the user re-enter the unique ID and/or personal information. Upon failed authorisation no access to LMS 102 is provided.
  • security gateway 104 is conducting an
  • the security gateway authorises the user and creates login credentials associated with the security gateway for the user. Typically this is in the form of a username and password.
  • the username and password are associated with the security gateway and, typically, these are different from the username and password issued by the LMS.
  • the security gateway stores the security gateway credentials for the user in its database along with the access codes for the user issued by the LMS. Preferably, the security gateway also stores an authorised photograph of the user and any other personal information against the user account .
  • the security gateway notifies the user that
  • authorisation has been approved at 220 and provides the user with the access codes for the security gateway.
  • the access codes are unique to the user.
  • the security gateway also includes access to an activity monitoring module which is required to be downloaded onto the user device before the user may access the LMS.
  • an activity monitoring module which is required to be downloaded onto the user device before the user may access the LMS.
  • the user On receipt of the notification the user is provided with access codes to the security gateway and access to the activity monitoring module.
  • the access codes and activity monitoring module may be provided in a single or multiple notifications.
  • the security gateway After registration with the security gateway the user is prompted to load the activity monitoring module to his user device.
  • the security gateway will notify the user of a website to which the user can access the activity monitoring module for download.
  • the user may be provided with a password, typically a one-time password to retrieve a copy of the activity monitoring module.
  • the monitoring module may be sent to the user device, for example via email or other communication means to be installed on the user device.
  • the activity monitoring module may be provided on a physical medium for example a CD or digital memory card.
  • the activity monitoring module interacts with the hardware components and software modules on the device to create a record of user activity on and around the device for a particular period of time.
  • the activity record is stored in a data file.
  • the activity monitoring module can be displayed as an executable icon on the device or made available through various program menus. Once activated at 402, the module interrogates the capabilities of the device at 404. During the interrogation stage the
  • the activity monitoring module identifies the recording capabilities of the device.
  • the activity monitoring module interrogates the device to identify the presence of a camera 312 on or connected to the device.
  • the activity monitoring module interrogates the device to identify the presence of an audio recorder 310 on or connected to the device.
  • the activity monitoring module interrogates the device to identify the presence of the display on or connected to the device 314. In some cases the device may have multiple displays. In this case the module would identify multiple displays.
  • the activity monitoring module interrogates the device to identify further
  • identity or activity monitoring components for example a fingerprint input device or a retina scanner.
  • the activity monitoring module also interrogates user data input means, for example the keyboard or touch screen or mouse, or mice, to identify whether it can monitor data entry.
  • the activity monitoring module connects with the processor to identify different actions executed by the user on the device, for example text entry, cut and paste actions, print actions or other user input functions.
  • the activity monitoring module performs a series of capability checks for the user device.
  • the capability checks may be pre-programmed.
  • universities or institutions are able to specify the level of monitoring behaviour they require.
  • some universities or some courses may require only data entry to be monitored. Further universities or courses may require a greater number of activity events to be monitored, for example photographs of users or audio records of user activity.
  • the university or institution identifies the level of activity monitoring required for the user when providing registration details to the security gateway at 208 in Figure 2.
  • the device capabilities displays to the user the device capabilities.
  • the capabilities are displayed to the user on the screen.
  • the activity monitoring module prompts the user to test each of the identified capabilities of the device. For example the activity monitoring module asks the user to take a photograph using the camera to confirm that the camera is correctly positioned to capture the user while the user is operating the device. The activity monitoring module asks the user to speak into the microphone to test the recording level and confirm that the microphone is correctly positioned to capture any audio input from the user. The activity monitoring module prompts the user to conduct various data input patterns on the keyboard or execute particular functions, for example cut and paste or print, and to confirm that the module can recognise and record these inputs.
  • the activity monitoring module can be programmed to use different recording capabilities depending on the requirements of the security gateway or the Learning Management System to which the user is subscribed .
  • Embodiments of the module record the capabilities of the device and create a file for storing user activity during the session.
  • the data file created by the activity monitoring module will typically be time stamped for the time of activation of the activity monitoring module and will also include a record of the capabilities of the device at that time.
  • the file also includes further details including the identity of the user and any other relevant identifiers.
  • the user may have an option to enter identifiers for the file, for example the activity the user is undertaking during the session, for example "Advanced Maths Assignment" or
  • the electronic monitoring module may include a series of free text fields which the user can enter when creating the file to help identify the activity during the session.
  • the activity monitoring module controls activation of the available resources at the device, including camera, microphone, data input recorders, and records the data in the file.
  • the activity monitoring module controls activation of the hardware through interaction with the various drivers within the device .
  • the activity monitoring module can also monitor use of software on the user device. Any software active during the activity session can be recorded against the activity data file. For example, software which provides third party access to the screen of the user device, for example to allow a third party to view the screen
  • Such software is detected by the monitoring module and recorded in the activity data file.
  • the activity monitoring module activates the components at random time intervals.
  • the random pattern of behaviour provides a more secure capture routine than a regular predetermined time of capture which a user may recognise and work around.
  • Some data capture routines may be triggered by the activity monitoring module, for example the camera.
  • Other data capture modules may be triggered by user interaction. For example, recording of audio may be triggered by the microphone picking up an audio signal and once activated the microphone remains active for a predefined time period or until the noise reduces below a predefined noise level, or below a predefined level for a predefined time period.
  • Recording of keyboard actions for example cut and paste recording or data entry via the keyboard may be triggered by identification of those data entry.
  • Embodiments being triggered by the user activity become more efficient in terms of relevant data capture in order that irrelevant or empty fields are captured, for example audio being recorded when the user is either not present at the device or is not speaking.
  • a further field that may be captured is a screen shot.
  • the screen shot provides a record of the display of the screen at a particular point in time
  • activation of one recording device for example the microphone may trigger activation of another recorder, for example the camera. In this case each time a user talks the camera is activated to record accompanying video.
  • a record of the captured and stored data is displayed to the user.
  • the photographs from the camera are displayed to the user on the display screen as they are captured and any screen shots, audio files or other data entry records are also displayed to the user as they are captured.
  • Embodiments allow the user to edit the file by deleting selected records.
  • the activity monitoring module keeps a record of any edits made by the user, for example it will record the action of deleting the photograph or an audio clip or other interaction.
  • Such embodiments provide privacy for the user but also identify within the file when data has been edited or deleted.
  • the user is allowed to add comments when editing the file, for example "the microphone recorded a personal telephone conversation unrelated to the course of study".
  • the location of storage for the data file may vary depending on the security requirements.
  • the data file is stored on the user device. On submission of assessments or other interaction with the course which - li ⁇ the user is undertaking the user is prompted to submit the data file of activity along with any assessments or activities undertaken. In further embodiments the
  • activity monitoring module is programmed to automatically transmit the data file to an external storage facility at various times.
  • the file may be transmitted to the
  • the file may be transmitted to LMS 102.
  • the file may be transmitted to a separate storage database 105.
  • Embodiments of the activity monitoring module store a copy of the file on the user device and transmit a copy of the file to the other entities or databases. Such embodiments enable multiple copies of the files in order that these can be discussed and any results can be validated by backup copies.
  • the data file is stored or transmitted periodically or randomly during the session.
  • the file is closed and transmitted at the close of an activity session .
  • the data file On closing of the module the data file is time stamped to record the full term of the session.
  • the data file is encoded.
  • the data file is compressed for storage or transmission .
  • the activity monitoring module provides a facility to capture user activity throughout a session of user activity on a user device.
  • the activity monitoring module captures activity in order to identify any fraudulent or
  • the audio monitoring and recording facilitates record any conversations during assessments or other course activity. This enables records of those conversations to be maintained and identify whether the individual is receiving verbal guidance or input in relation to the assessment or activity he is conducting.
  • Recording screen shots of the device monitors enables the trainers and assessors to identify any sources of materials used during the completion of assessment or study .
  • the record of edits of the activity file conducted by the user allows the trainers and assessors to identify any suspicious behaviour, for example whether the student has removed many photographs or audio recordings.
  • the editing functionality allows the student a degree of privacy when completing assessment or study period, for example if he receives a personal phone call or wishes to have a personal conversation unrelated to the study during his activity period.
  • the data record provides trainers, assessors and intuitions with a tool to verify activity undertaken by students while engaging with the LMS . Assessors may randomly review the activity files or may review them in some detail as a mandatory assessment criteria of the course.
  • the activity monitoring module and file record provides assessors, trainers and
  • institutions a facility to monitor behaviour of students during various periods of activity in a manner similar to face to face activity.
  • Embodiments are compatible with current legislation to be utilised for anticorruption, criminal investigation, as described in the USI act passed in
  • this is the process a user would follow after they have been registered with the course and registered with the security gateway.
  • the activity monitoring module is loaded on the user device.
  • the process is described for LMS, the same process may be used to access any secure environment or server 510' . In this case the user would be required to have access to the secure server, secure files etc and would need to be registered with the server.
  • the activity monitoring module When a user wishes to access the LMS to engage in study or assessment he activates the activity monitoring module on the user device at 402. As discussed above, this may be activated via an executable icon or accessed through program menu on the user device 502. The activity monitoring module is now active and running on the user device .
  • the activity monitoring module initiates its capability interrogation for the device to determine the monitoring capabilities of the device.
  • the user is required to test the located activity monitoring devices, including camera, microphone, keypad.
  • the module prompts the user to enter his access codes for authorisation by the security gateway 520.
  • the user is prompted to enter his user name and password provided by the security gateway during the registration process.
  • the user device transmits the identification to the security gateway 520 across communication network 560.
  • security gateway 520 receives the user secure identification and
  • embodiments of security gateway 520 retrieve personal identification of the user from the user device.
  • Personal identification may be in the form of a photograph of the user, voice recording from the user, biometric data, for example a fingerprint or a requirement for a unique identifier by the user.
  • biometric data for example a fingerprint or a requirement for a unique identifier by the user.
  • the security gateway may request some personal information from the user, for example his date of birth or address. In such embodiments, the security gateway compares this identification with
  • the security gateway 520 includes identification records of the user, for example photographs, fingerprints, voice clips which have been provided during the login process.
  • the security gateway conducts a facial recognition
  • the security gateway 520 does not store this authorisation identification locally but, instead may contact a third party to authorise identification material provided by the user.
  • embodiments do not provide the user login ID for the Learning Management System directly to the user but, instead, manage the login process on behalf of the user in order to ensure that the activity monitoring module and security gateway are not bypassed by the user when conducting an activity session.
  • the security gateway 520 Upon authorisation of the user by security gateway 520, the security gateway 520 retrieves the LMS login details associated with the user and notifies the Learning Management System that the user wishes to login to the Learning Management System. The security gateway 520 provides the user login details, including username and password. The Learning Management System opens the user account and provides a login token for the user back to the security gateway at 614. The login token is provided to the user device 502 by the security gateway. The user device passes the token to the Learning Management System to gain access to the user account directly. The user device provides login token to the LMS to initiate the session. The user device is then logged in to the
  • Embodiments of the invention activate the activity monitoring module each time the user accesses the Learning Management System.
  • the user is only able to login to the Learning Management System via the security gateway since the Learning Management System login details for the user are securely held by the security gateway.
  • the only login identification provided to the user is associated with the security gateway rather than the Learning Management System. Consequently, whenever a user wishes to access the Learning Management System he must initiate the activity monitoring module which prompts authorisation through the security gateway.
  • embodiments of the invention increase security around account management for a Learning Management System and also facilitate the activation of the activity monitoring module each time the user logs in for an activity session.
  • the activity monitoring module is initiated by a user at 702 when logging in to the Learning Management System via the secure gateway.
  • the activity monitoring module continues to run and monitor the activity of the user throughout the session on the Learning Management System.
  • the activity monitoring module can be closed by the user during a Learning Management System session at 704.
  • the activity monitoring module upon receiving a request by the user to be shut down
  • deactivation of the activity monitoring module prompts a notification to be sent to the security gateway at 706.
  • the activity monitoring module requests confirmation from the user that he wishes to terminate the Learning Management System. If the user confirms that he intends to log out the security gateway is notified. The security gateway then notifies the LMS that the user is terminating the session at 710 and the LMS logs the student out. It will be clear that in this case the user device is directly connected to the LMS and the LMS terminates the session based on the termination request from the security gateway. Such embodiments ensure that all user activity is recorded while the LMS session is open .
  • Embodiments of the activity monitoring module also identify when the Learning Management System session is terminated by the user at the LMS, for example the user logging out of the LMS. In this case, the activity monitoring module recognises that the user has terminated the Learning Management System session, for example by logging out of the Learning Management System or by closing the active window to the Learning Management
  • the file Upon termination of the activity monitoring module the file is time stamped and closed. Depending on the predefined requirements of the course the file may be transmitted to the security gateway, LMS or other storage facility or may be retained on the user device.
  • Embodiments of the invention provide flexibility in the security requirements for e-learning courses.
  • the system enables Learning Management Systems to provide a security gateway with authorisation requirements for any particular user.
  • the LMS might require that the user is authorised to a higher security level each time he logs into the Learning Management
  • the user may be required to provide a photograph, biometric information or other personal information to be authorised by the security gateway each time they open a session.
  • the LMS may only require correct user identification to be provided at login.
  • Course administrators also have flexibility the requirements for activity monitoring associated with a particular course of study, for example certain courses may only require a few photographs of the student while interacting with the LMS . Other courses may require multiple photographs in addition to full data entry and audio monitoring.
  • Embodiments of the invention provide full flexibility for the Learning Management System to require different levels of security in order to provide integrity to e-learning courses.
  • FIG. 8 shows a monitoring module 814 loaded onto a user device 810.
  • the monitoring module is in connection with a processor 812.
  • the user device 810 receives a request to initiate an activity session.
  • the user device automatically activates the monitoring module 814.
  • Monitoring module 814 is
  • the monitoring module 814 may control several monitoring devices
  • a camera where the recorded user activity is a photograph or video
  • a microphone where the recorded user activity is an audio recording
  • a display monitoring module capable of
  • Monitoring module 814 controls at least one of the activity
  • the monitoring devices to record user activity during the activity session at 915.
  • the recorded user activity from the activity monitoring devices is stored at 920 in memory 816.
  • Identification engine 850 is configured to verify the identity of a user using the recorded user activity.
  • the identification is positioned within the user device.
  • the identification engine is located remotely from the user device, for example on a remote server.
  • the recorded user activity is transmitted from the user device to the identification engine via transmitter 818.
  • the user activity may be transmitted to identification engine 850 periodically during the activity session or on completion of the user activity session. In some embodiments user activity is transmitted during and after the activity session.
  • identification engine 850 receives the recorded user activity at 930 at receiver 852.
  • Identification engine 850 includes user
  • identification database 856 User identification database stores identification data for registered users.
  • the user identification database includes user identifier for registered users, for example name or unique
  • identification information is stored and associated with the user
  • User identification information may include photograph, voice sample, fingerprint, retina scan, or other identification data.
  • identification engine 850 includes a user identifier as well as the recorded user activity data.
  • user verification engine 858 uses the received user identifier to retrieve user identification information associated with the user identifier from its user identification database.
  • User identification information stored within the database may include, for example, photographs of the user, fingerprints of the user voice samples of the user or other identification means.
  • user verification engine 858 compares the recorded user activity data with user identification information to verify the user. The process of comparing user activity data with user
  • identification data allows the user verification engine to confirm whether the user engaged in the activity session is the registered user. Depending on the user activity data, this verification is performed by comparing facial recognition of photographs taken during user activity with user photographs stored in the user identification
  • audio samples recorded during user activity are compared with voice samples within the user identification database, any fingerprint data or other biometric data is compared with fingerprint or other biometric data stored within the user identification database.
  • the user verification engine creates a notification confirming whether the user activity data agrees with the user identification information at 940.
  • the notification may be transmitted back to the monitoring module 814, may be retained in the identification engine at memory 862 or may be provided to a third party.
  • the third party may be associated with the activity session, for example in the case of an e-learning session the third party may be in university, in in the case of a employee activity session or restrictive access activity session the notification may be provided to the employer or other company hosting the restricted access session.
  • Monitoring module 814 communicates with processor 812 in order to control activity of a user on user device 810. In some embodiments, if the verification engines
  • monitoring module may request specific user identification information before allowing the user to continue with the activity session. For example, the monitoring module may request that a user provides biometric information, for example a fingerprint or provide a voice sample or facial image or provides an identification code. This
  • identification engine 850 notifies monitoring module 814 of the positive identification verification and monitoring module 814 instruct processor 812 to continue to allow the activity session to be continued. Should the identification verification produce a negative result identification engine 850 may instruct user device 810 to terminate the activity session.
  • monitoring module 814 triggers the monitoring devices to record the activity periodically during the activity session.
  • Monitoring module 814 may trigger recording of user activity periodically using the clock of the user device.
  • the monitoring module may trigger monitoring devices to record user activity in response to a detected event. For example, the detection of audio signals above a predetermined threshold may trigger the recording of user data using the monitoring devices. Alternatively, a detected event. For example, the detection of audio signals above a predetermined threshold may trigger the recording of user data using the monitoring devices. Alternatively, a detected
  • predetermined pattern of user data entry for example particular key strokes or a sequence of actions may trigger the monitoring device to instruct monitoring devices to record user data.
  • monitoring module 810 determines whether the requested activity session has predefined recording requirements for recording during the activity session. If so, monitoring module 814 determines which monitoring devices are required to be initiated to meet the
  • Monitoring module 814 determines whether the required monitoring devices are available for recording during the activity session. For the e-learning assessment example presented above, the monitoring module determines whether the user device has a camera, fingerprint detector and keystroke detector available for recording during the activity session. In some embodiments the availability of a monitoring device is determined by the monitoring module 814 attempting to initiate the required monitoring devices and identified whether the monitoring device is initiated. If the monitoring device is initiated successfully then
  • monitoring module 814 determines that the monitoring device is available. If the monitoring device is not successfully initiated then monitoring module 814
  • monitoring module 814 determines that monitoring device is unavailable. The results of the availability of the monitoring devices are recorded by monitoring module 814. In some systems monitoring module 814 may prevent an activity session to be initiated if the required monitoring devices are not available. In further examples, any discrepancies between the required monitoring devices and available monitoring devices is notified to the party responsible for the activity session, for example the university or employer, and the party may respond with confirmation of whether or not the activity session should be allowed to proceed.
  • the monitoring module determines the requirements to initiate the activity session.
  • the requirements for initiation of an activity session vary between activity sessions. For example, if the activity session relates to accessing a student's account within a LMS, a student may be required to provide personal identifiers, for example identification number, photograph, a voice sample or some other identifier.
  • Other activities may include a user wishing to access a secure file within a server.
  • the module may require further information in order to grant access to that file, for example a fingerprint. In certain cases, no information may be required at all.
  • the requirements for activation of different activity sessions are stored in memory 816 of user device 810 and accessed by
  • monitoring module 814 upon receiving a receiving a request to initiate an activity session.
  • monitoring module 814 attempts to obtain necessary user identification data. This may be provided in the form of a prompt to the user, for example a request to enter certain identification data or a request to enter a voice recording or fingerprint. Or, information may be gained automatically, a microphone may be activated or camera activated on the user device.
  • the received user identification data is received by the monitoring device at 1015 and transmitted to
  • identification engine 850 at 1020.
  • user verification engine 858 compares the received user identification data with user
  • identification information stored in user identification database 856 to determine whether the received user identification data matches the data stored in his
  • a notification is provided to the monitoring module at 1025 from a transmitter 860.
  • a notification is provided to the monitoring module at 1025 from a transmitter 860.
  • monitoring module 814 determines whether to initiate the activity session depending on the notification from identification verification engine 850. Interaction between the monitoring module 814 and identification engine 850 is used to monitor the identity of user during activity sessions and actions of a user during an activity session. The outcomes of comparisons of user activity data provided by monitoring module 814 with user identification information stored in user identification database 856 of identification engine can be utilised to determine whether a user engaging in activity on a user device is an authorised user or an expected user. Depending on the type of activity session the result of the comparison could be used in different ways for different means. For example, in an e-learning situation the result of the comparison could be retained against that activity session and provided to the e- learning organisation, for example at university at various times or upon request. Alternatively, for more sensitive activity sessions, the result of the
  • identification verification may be transmitted in real time to parties involved with data being accessed in the activity session, for example a company.
  • Results of the identification verification can also be used passively, as a record to be stored against the session, or actively as a means to restrict access to that session. As discussed above, initiation of particular activity sessions may be restricted based on failure to verify a user. Activity sessions may also be terminated if a user' s identity is not positively identified during the session.
  • the identification engine could be installed on the user device.
  • the identification engine could be stored on a separate server managed by a third party.
  • the identification engine could be installed on the server of the university, employer, or other party responsible for the activity session.
  • the monitoring module could be located on the user device, on a remote server or on the server of the party responsible for the activity session.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Human Resources & Organizations (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Quality & Reliability (AREA)
  • Computer Hardware Design (AREA)
  • Development Economics (AREA)
  • Software Systems (AREA)
  • Educational Administration (AREA)
  • Economics (AREA)
  • Entrepreneurship & Innovation (AREA)
  • Computer Security & Cryptography (AREA)
  • Strategic Management (AREA)
  • Marketing (AREA)
  • Operations Research (AREA)
  • Game Theory and Decision Science (AREA)
  • Tourism & Hospitality (AREA)
  • General Business, Economics & Management (AREA)
  • Telephonic Communication Services (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

An activity monitoring system for monitoring user activity at an electronic device during an activity session comprising: receiver for receiving a request to initiate an activity session on a user device; at least one monitoring module and at least one activity monitoring device; processor configured to automatically activate at least one monitoring module in response to the request to initiate the activity session; monitoring module being configured to control at least one activity monitoring device during the activity session to record user activity; memory configured to store the recorded user activity during the activity session from the at least one monitoring module and associate the recorded user activity with the activity session.

Description

Method and System for Activity Monitoring
The present invention relates to a method and system for activity monitoring and, in particular, to a method and system for monitoring electronic learning activity.
Electronic learning (e-learning) modules are now offered by many academic and professional institutions as part of training courses and academic courses and are becoming increasingly available to students. Pre-recorded electronic material including lectures and presentations provide studying flexibility for students and teaching flexibility to teachers beyond typical face to face classroom education. Such courses can increase the geographical catchment of educational institutions and allow individuals to schedule their study around other commitments. Some universities and institutions provide courses entirely as remote learning courses with no classroom interaction and no face to face student and teacher engagement at all. Such courses enable
individuals to gain qualifications without any direct supervision .
E-learning course provide flexibility for students and teachers however the fact that the students are not visible during study periods creates a risk that
qualifications may be acquired fraudulently. Without face to face interaction and supervision, in particular during assessed activities, there is no assurance that the student engaged with the study material or completed the assessment himself. In many cases there is no guarantee that the individual is correctly registered under his real name. A lack of security and supervision may bring the integrity of the assessment and any qualifications gained by online courses into question.
Embodiments of the present invention address these problems . Summary
In a first aspect, embodiments of the invention provide a method for monitoring user activity at an electronic device during a user activity session
comprising; receiving a user request to initiate an activity session on a user device; automatically
activating at least one monitoring module in response to the request to initiate the activity session; the
monitoring module controlling at least one activity monitoring device to record user activity during the activity session; and, associating the recorded user activity with the activity session; and storing the recorded user activity in an activity session file.
In a second aspect, embodiments of the invention provide an activity monitoring system for monitoring user activity at an electronic device during an activity session comprising: receiver for receiving a request to initiate an activity session on a user device;
at least one monitoring module and at least one activity monitoring device; processor configured to automatically activate at least one monitoring module in response to the request to initiate the activity session; monitoring module being configured to control at least one activity monitoring device during the activity session to record user activity; memory configured to store the recorded user activity during the activity session from the at least one monitoring module and associate the recorded user activity with the activity session.
In a third aspect, the invention provides a method for authorising user access to a secure module at a security gateway comprising the steps of, at a secure gateway: receiving user registration data associated with a user from a secure module, the user registration data comprising user identification data and user authorisation data associated with the secure module; storing the user registration data at a security gateway database;
allocating security gateway user security data to the user; associating the user security gateway security data with the user registration data; and providing the user security gateway user security data to the user;
requesting user identification data; receiving user identification data, associating the received user
identification data with the user registration data and storing the received user identification data as security data authorisation data, the received user identification data being used to authorise user access to a secure module .
In a fourth aspect embodiments of the invention provide a security gateway for authorising user access to a secure module, the security gateway comprising: receiver configured to receive user registration data associated with a user from a secure module, the user registration data comprising user identification data and user
authorisation data associated with the secure module;
memory configured to store user registration data at a security gateway database; security data allocation means configured to allocate security gateway user security data to the user; processor configured to associate the user security gateway security data with the user registration data; and transmitter configured to provide the user security gateway user security data to the user and request user identification data; receiver configured to receive user identification data, associating the received user identification data with the user registration data and storing the received user identification data as security data authorisation data, the received user identification data being used to authorise user access to a secure module.
In a fifth aspect embodiments of the invention provide a system for monitoring user activity on an electronic device comprising: Means for requesting on a user device initiation of an activity session;
receiver for receiving user identification: Communication bus for establishing a communications channel with a security gateway via a network; transmitter for
transmitting the user identification and the request for the activity module to the security gateway;
receiver for receiving at the user device authorisation result from the security gateway; and, means for
initiating the activity session in dependence on the authorisation result.
In a sixth aspect, embodiments of the invention provide an electronic activity monitoring module
comprising: receiver for receiving an access request for a predefined module, the access request including user identification; means for initiating monitoring activity in response to the access request; and, means for
associating a record of the monitoring activity with the predefined module and the user identification.
In a seventh aspect, embodiments of the invention provide an electronic monitoring system comprising an activity monitoring module and a security access module comprising: at the electronic activity monitoring module, receiving an access request for a predefined module, the access request including user identification; initiating monitoring activity in response to the access request; and, associating a record of the monitoring activity with the predefined module and the user identification; and, at the security access module, receiving identification, verifying the security authorisation and providing access code in dependence on verification of the security
authorisation . Brief Description of the Figures
Figure 1 illustrates the architecture in an embodiment of the invention;
Figure 2 illustrates the steps taken to register with the Learning Management System;
Figure 3 illustrates components within the user device;
Figure 4 shows the steps taken to initiate an
activity monitoring system in the embodiment in the invention ;
Figure 5 shows the architecture in an embodiment of the invention;
Figure 6 shows the steps taken to login to the
Learning Management System.
Figure 7 illustrates steps taken when shutting the activity monitoring module.
Figure 8 illustrates components in an embodiment;
Figure 9 illustrates steps performed in an
embodiment .
Figure 10 illustrates steps performed in an
embodiment .
Detailed Description
Embodiments of the invention provide a system to monitor the activity on and around an electronic device during user interaction with an e-learning system or other restricted access area. An activity monitoring module is trigged when a user logs onto a predefined e-learning environment to which he is registered. The activity monitoring module facilitates registration onto the e- learning system and activates monitoring apparatus, including for example cameras, microphones, data entry recorders and document editing recorders. A record of the activity is stored and logged against the registered user and associated with the login period. The activity record may be accessed by the institution or company providing the e-learning system or the e-learning content or other restricted access content to verify the activity of the user during engagement with the e-learning system or other content .
In Figure 1 the architecture of the system is
illustrated for the example of Learning Management System (LMS) . User device 101 is an electronic device for a user capable of logging into a Learning Management System
(LMS) . Typically, the user device might be a desktop computer, laptop or smart phone. User device 101 is connectable to the LMS 102 via communication network 103. The communication network may be fixed line network or wireless network providing access to the LMS and exchange of data between the user device and the LMS. In most cases the LMS is accessed from the device across an online web link.
Different electronic devices have different hardware and software modules providing different capabilities to the user. For example, user device 101 may include a camera, microphone, display unit, fingerprint scanner, as well as software for monitoring the input to the
electronic device. Some devices include modules to take a ^screen shot' of the screen at a particular time in order to capture the content displayed on the screen.
Security gateway 104 manages access into the learning management system. In particular the registration and access to users LMS accounts is managed through security gateway 104. Security gateway 104 includes software modules and a memory to store user security
authorisations .
Data store 105 provides storage facilities for files associated with the activity monitoring module. Such files include data recorded by the activity monitoring module. In some cases the files may be generated by the activity monitoring module. Although data store 105 is showed as a separate entity it may be positioned as a component part of another module within the system, for example within the user device, the security gateway or the LMS . If the data store is not a component part of the user device it will be connected via the communication network 103 in order that files can be passed from user device 101 to data store 105. The data files may be generated and populated at user device 101 or may be generated elsewhere in the system and populated with data from user device 101.
Security database 106 stores general identification for individuals. Security database 106 may store copies of individuals' driving licences, passports as well as photographs or biometric information. Security database 106 may be held by a government or private institution. Typically, security database 106 is held behind firewalls or other barriers to control access to the sensitive data held within it. Different components within the system can communicate with the security database in order to authorise individuals based on personal information provided to them.
Learning management systems provide an environment and database for storing and accessing material associated with a particular course of study. For example,
Universities offering online courses or online access to study materials to their students often manage that material through a learning management system. The LMS hosts educational material including audio lectures, study resources, lecture notes and assessment questions for courses on the LMS. Typically individuals can access the Learning Management System via a direct access website. Learning Management Systems are typically associated with a university, academic institution or other company providing educational training courses. They are
typically branded with the university branding and maintained by the university or academic institution. The learning management system access page is typically accessed via the university or institution website.
The following example describes an embodiment in which an e-learning course is provided by a university. In the example embodiment the LMS passes responsibility for managing access to the LMS by students to security gateway 104. Figure 2 shows the process for gaining initial access to an e-learning course facilitated by LMS 102 with reference to the architecture shown in Figure 1.
In an embodiment a student registers with the e- learning course at 202. Registration may be performed in an online environment. Alternatively, registration may be completed in a face to face manner, for example at a university or company office, or by telephone. Typically, students provide identification and may be required to pay for the course of study. The registration process may require contact details to be provided for the user, for example a telephone number, address or email address.
After registration the university creates an account for the student at the LMS. The account provides access to the material related to the course of study for which the student is registered. In the embodiment described the security management system manages login access to the LMS and also monitors the activity of students while they interact with the LMS, for example complete assessments or review study material.
After registration is complete and the university has created an account for the student with the LMS, the
University sends notifies the student in relation to how to access the LMS at 206. Typically the notification is made to the registered email address at 206. The
notification includes an address for security gateway 104 and the student is required to access the security gateway to gain access to the LMS. The link to security gateway 104 is preferably a web address. The email notification may also include a unique ID allocated to the user to be provided to the security gateway as authorisation.
The LMS system also notifies the security gateway that it has registered a new user. The LMS provides the same unique ID allocated to the user to the security gateway and may also send additional information including personal details of the registered user. The LMS also creates student LMS access codes, typically in the form of a username and password, required to access the user account within the LMS. The username and password is provided to the security gateway 104 at 208.
The security gateway stores the username and password and the unique ID along with any other information
provided to it by the LMS identifying the student, for example the student's name, at 210.
When the user follows the link to the security gateway provided in the notification at 212 he typically is directed to a welcome logon page at the security gateway. The logon page may be branded to correspond to the particular University or maybe branded under the branding of the security gateway. The welcome page of the security gateway includes login and password entry fields as well as an entry field for new users to enter the unique ID provided by the LMS.
On receiving the unique ID from the new user at 214, the security gateway interrogates its database to retrieve any information associated with the unique ID associated with the user and provided by the LMS. Preferably, before proceeding the security gateway conducts an authorisation check on the user at 216. The security gateway may request further information from the user including name, date of birth, courses which the individual has applied to study at the particular institution. This information is compared with any information previously provided by the LMS to the security gateway.
In further embodiments the security gateway may take further steps to authorise the user including requesting photographic identification, biometric identification or copies of a passport or driving licence or other
identification. Security gateway may compare this information with information provided to it by the
university to gain a more detailed authorisation check for the student.
The security gateway may authorise the user with identification database 106. In this case the
photographic identification, biometric identification, passport, driving licence or other identification is authorised via security database 106. Security database 106 may be managed by government or state authority.
Typically security database is maintained at high security levels and so any authorisation via the security database is typically performed by providing data to the security database which is authorised by the database. The
security database may provide a linear match / non-match output .
Security gateway may also request the user to enter a photograph, biometric data, audio data or other personal identifier in real time to confirm that the user currently activating the device is the individual in the passport photograph , driving licence etc. In such embodiments security gateway may prompt or trigger activation of a data capture device on the user device, for example a camera or microphone. Such data could be compared with data in security database 106 or data stored locally in the security gateway database. In some cases, security gateway may retrieve data from LMS or other data holding modules .
If the information provided by the user does not match the data comparison then the student fails the - in ¬ security gateway authorisation at 218. Security gateway may prompt the user re-enter the unique ID and/or personal information. Upon failed authorisation no access to LMS 102 is provided.
Those skilled in the art will recognise that at this stage of the registration process the user has not yet been provided any passwords or other security access to enable him to gain access to his account within the LMS. Instead, security gateway 104 is conducting an
authorisation check to determine whether the individual registered with the LMS is, in fact, the individual stored within the security database and whether is the same individual currently attempting to access the LMS.
If the information provided by the user matches the data comparison the user passes the authorisation check at 218. The security gateway authorises the user and creates login credentials associated with the security gateway for the user. Typically this is in the form of a username and password. The username and password are associated with the security gateway and, typically, these are different from the username and password issued by the LMS. The security gateway stores the security gateway credentials for the user in its database along with the access codes for the user issued by the LMS. Preferably, the security gateway also stores an authorised photograph of the user and any other personal information against the user account .
The security gateway notifies the user that
authorisation has been approved at 220 and provides the user with the access codes for the security gateway.
Typically, the access codes are unique to the user.
In the notification, the security gateway also includes access to an activity monitoring module which is required to be downloaded onto the user device before the user may access the LMS. On receipt of the notification the user is provided with access codes to the security gateway and access to the activity monitoring module. The access codes and activity monitoring module may be provided in a single or multiple notifications. Once the security monitoring software is loaded onto the user device the registration process is complete.
After registration with the security gateway the user is prompted to load the activity monitoring module to his user device. In embodiments the security gateway will notify the user of a website to which the user can access the activity monitoring module for download. The user may be provided with a password, typically a one-time password to retrieve a copy of the activity monitoring module.
Alternatively, in further embodiments the activity
monitoring module may be sent to the user device, for example via email or other communication means to be installed on the user device. In some embodiments the activity monitoring module may be provided on a physical medium for example a CD or digital memory card.
The activity monitoring module interacts with the hardware components and software modules on the device to create a record of user activity on and around the device for a particular period of time. The activity record is stored in a data file.
Once installed, the activity monitoring module can be displayed as an executable icon on the device or made available through various program menus. Once activated at 402, the module interrogates the capabilities of the device at 404. During the interrogation stage the
activity monitoring module identifies the recording capabilities of the device. The activity monitoring module interrogates the device to identify the presence of a camera 312 on or connected to the device. The activity monitoring module interrogates the device to identify the presence of an audio recorder 310 on or connected to the device. The activity monitoring module interrogates the device to identify the presence of the display on or connected to the device 314. In some cases the device may have multiple displays. In this case the module would identify multiple displays. The activity monitoring module interrogates the device to identify further
identity or activity monitoring components, for example a fingerprint input device or a retina scanner.
The activity monitoring module also interrogates user data input means, for example the keyboard or touch screen or mouse, or mice, to identify whether it can monitor data entry. The activity monitoring module connects with the processor to identify different actions executed by the user on the device, for example text entry, cut and paste actions, print actions or other user input functions.
In embodiments, the activity monitoring module performs a series of capability checks for the user device. The capability checks may be pre-programmed. In embodiments, universities or institutions are able to specify the level of monitoring behaviour they require.
For example, some universities or some courses may require only data entry to be monitored. Further universities or courses may require a greater number of activity events to be monitored, for example photographs of users or audio records of user activity. Typically, the university or institution identifies the level of activity monitoring required for the user when providing registration details to the security gateway at 208 in Figure 2.
In embodiments the activity monitoring module
displays to the user the device capabilities. Typically the capabilities are displayed to the user on the screen.
Embodiments require the user to confirm the
capabilities of the device in response to the display by the activity monitoring module. In further embodiments the activity monitoring module prompts the user to test each of the identified capabilities of the device. For example the activity monitoring module asks the user to take a photograph using the camera to confirm that the camera is correctly positioned to capture the user while the user is operating the device. The activity monitoring module asks the user to speak into the microphone to test the recording level and confirm that the microphone is correctly positioned to capture any audio input from the user. The activity monitoring module prompts the user to conduct various data input patterns on the keyboard or execute particular functions, for example cut and paste or print, and to confirm that the module can recognise and record these inputs.
In embodiments the activity monitoring module
identifies the required capabilities of the device and confirms whether the user device currently meets those requirements. For example, the camera may be disconnected or obscured. The activity monitoring module can be programmed to use different recording capabilities depending on the requirements of the security gateway or the Learning Management System to which the user is subscribed .
Embodiments of the module record the capabilities of the device and create a file for storing user activity during the session. The data file created by the activity monitoring module will typically be time stamped for the time of activation of the activity monitoring module and will also include a record of the capabilities of the device at that time. The file also includes further details including the identity of the user and any other relevant identifiers. In some embodiments the user may have an option to enter identifiers for the file, for example the activity the user is undertaking during the session, for example "Advanced Maths Assignment" or
"Construction Lecture 1" in order to make a more
identifiable record. In embodiments the electronic monitoring module may include a series of free text fields which the user can enter when creating the file to help identify the activity during the session.
Upon activation of the activity monitoring module and once the data file is created the activity monitoring module controls activation of the available resources at the device, including camera, microphone, data input recorders, and records the data in the file. The activity monitoring module controls activation of the hardware through interaction with the various drivers within the device .
The activity monitoring module can also monitor use of software on the user device. Any software active during the activity session can be recorded against the activity data file. For example, software which provides third party access to the screen of the user device, for example to allow a third party to view the screen
remotely, or which allows a third party to control the user device. Such software is detected by the monitoring module and recorded in the activity data file.
Preferably the activity monitoring module activates the components at random time intervals. The random pattern of behaviour provides a more secure capture routine than a regular predetermined time of capture which a user may recognise and work around.
Some data capture routines may be triggered by the activity monitoring module, for example the camera. Other data capture modules may be triggered by user interaction. For example, recording of audio may be triggered by the microphone picking up an audio signal and once activated the microphone remains active for a predefined time period or until the noise reduces below a predefined noise level, or below a predefined level for a predefined time period.
Recording of keyboard actions, for example cut and paste recording or data entry via the keyboard may be triggered by identification of those data entry.
Embodiments being triggered by the user activity become more efficient in terms of relevant data capture in order that irrelevant or empty fields are captured, for example audio being recorded when the user is either not present at the device or is not speaking.
A further field that may be captured is a screen shot. The screen shot provides a record of the display of the screen at a particular point in time
In some embodiments activation of one recording device, for example the microphone may trigger activation of another recorder, for example the camera. In this case each time a user talks the camera is activated to record accompanying video.
As the user session continues more activity data is captured and stored in the file. In embodiments a record of the captured and stored data is displayed to the user. The photographs from the camera are displayed to the user on the display screen as they are captured and any screen shots, audio files or other data entry records are also displayed to the user as they are captured. Embodiments allow the user to edit the file by deleting selected records. Preferably, the activity monitoring module keeps a record of any edits made by the user, for example it will record the action of deleting the photograph or an audio clip or other interaction. Such embodiments provide privacy for the user but also identify within the file when data has been edited or deleted. In some embodiments the user is allowed to add comments when editing the file, for example "the microphone recorded a personal telephone conversation unrelated to the course of study".
The location of storage for the data file may vary depending on the security requirements. In embodiments, the data file is stored on the user device. On submission of assessments or other interaction with the course which - li ¬ the user is undertaking the user is prompted to submit the data file of activity along with any assessments or activities undertaken. In further embodiments the
activity monitoring module is programmed to automatically transmit the data file to an external storage facility at various times. The file may be transmitted to the
security gateway 104. The file may be transmitted to LMS 102. The file may be transmitted to a separate storage database 105. Embodiments of the activity monitoring module store a copy of the file on the user device and transmit a copy of the file to the other entities or databases. Such embodiments enable multiple copies of the files in order that these can be discussed and any results can be validated by backup copies. In some embodiments the data file is stored or transmitted periodically or randomly during the session. In further embodiments the file is closed and transmitted at the close of an activity session .
On closing of the module the data file is time stamped to record the full term of the session. In embodiments the data file is encoded. In further
embodiments the data file is compressed for storage or transmission .
It will be clear to those skilled in the art that the activity monitoring module provides a facility to capture user activity throughout a session of user activity on a user device. The activity monitoring module captures activity in order to identify any fraudulent or
inappropriate activity during the course of study. The taking and storing of randomly timed images using the camera on the device enables a record of the individual using the device to be captured and retained. One concern for online courses is that without face to face or
personal supervision of students it is possible that a student could ask a third party to complete an assessment on his behalf. By recording images of the user at the device, trainers and assessors can have greater certainty of the identity of the individuals completing the
assignment. On receipt of the images within the file the institution can also conduct facial recognition analysis to confirm that the individual appearing in the
photographs at the device is, indeed, the individual registered on the course.
The audio monitoring and recording facilitates record any conversations during assessments or other course activity. This enables records of those conversations to be maintained and identify whether the individual is receiving verbal guidance or input in relation to the assessment or activity he is conducting.
Recording screen shots of the device monitors enables the trainers and assessors to identify any sources of materials used during the completion of assessment or study .
Records of copy and paste actions and access to URL addresses enables the institution to identify whether the individual has breached any plagiarism rules when
completing the assessment or study. One possible
situation is that a student may complete an assessment entirely remotely from his user device, for example without logging into the LMS or on a different device. In such cases, when the user logs into the LMS to submit the assessment the system will identify that there is no activity file associated with the completion of the assessment .
The record of edits of the activity file conducted by the user allows the trainers and assessors to identify any suspicious behaviour, for example whether the student has removed many photographs or audio recordings.
Additionally the editing functionality allows the student a degree of privacy when completing assessment or study period, for example if he receives a personal phone call or wishes to have a personal conversation unrelated to the study during his activity period.
It will be clear that the data record provides trainers, assessors and intuitions with a tool to verify activity undertaken by students while engaging with the LMS . Assessors may randomly review the activity files or may review them in some detail as a mandatory assessment criteria of the course. The activity monitoring module and file record provides assessors, trainers and
institutions a facility to monitor behaviour of students during various periods of activity in a manner similar to face to face activity.
It will be clear to those skilled in the art that embodiments of the invention can be incorporated into courses and assessments in order to support existing law enforcement gateways such as Document Verification System to verify participants associated and submitted
documentation. Embodiments are compatible with current legislation to be utilised for anticorruption, criminal investigation, as described in the USI act passed in
June 2014.
Further embodiments of the invention can be used for applications beyond e-learning integrity by law
enforcement via images and facial recognition, voice monitoring and recognition, and ID theft.
Referring to Figure 5 and 6, the process for a user to access a user account in the LMS is now discussed.
Typically, this is the process a user would follow after they have been registered with the course and registered with the security gateway. At this stage the activity monitoring module is loaded on the user device. Although the process is described for LMS, the same process may be used to access any secure environment or server 510' . In this case the user would be required to have access to the secure server, secure files etc and would need to be registered with the server.
When a user wishes to access the LMS to engage in study or assessment he activates the activity monitoring module on the user device at 402. As discussed above, this may be activated via an executable icon or accessed through program menu on the user device 502. The activity monitoring module is now active and running on the user device .
As discussed above the activity monitoring module initiates its capability interrogation for the device to determine the monitoring capabilities of the device. The user is required to test the located activity monitoring devices, including camera, microphone, keypad.
At 604 the module prompts the user to enter his access codes for authorisation by the security gateway 520. In embodiments the user is prompted to enter his user name and password provided by the security gateway during the registration process. At 606 the user device transmits the identification to the security gateway 520 across communication network 560. At 606 security gateway 520 receives the user secure identification and
interrogates its database 524 to authorise the user.
As a further authentication step, embodiments of security gateway 520 retrieve personal identification of the user from the user device. Personal identification may be in the form of a photograph of the user, voice recording from the user, biometric data, for example a fingerprint or a requirement for a unique identifier by the user. Alternatively the security gateway may request some personal information from the user, for example his date of birth or address. In such embodiments, the security gateway compares this identification with
identification stored in its database in order to verify that the individual operating in the user device is, in fact, the registered individual. In embodiments, the security gateway 520 includes identification records of the user, for example photographs, fingerprints, voice clips which have been provided during the login process. The security gateway conducts a facial recognition
assessment or other comparative assessment in order to confirm the identity of the individual initiating the session. In some embodiments the security gateway 520 does not store this authorisation identification locally but, instead may contact a third party to authorise identification material provided by the user.
As discussed above, embodiments do not provide the user login ID for the Learning Management System directly to the user but, instead, manage the login process on behalf of the user in order to ensure that the activity monitoring module and security gateway are not bypassed by the user when conducting an activity session.
Upon authorisation of the user by security gateway 520, the security gateway 520 retrieves the LMS login details associated with the user and notifies the Learning Management System that the user wishes to login to the Learning Management System. The security gateway 520 provides the user login details, including username and password. The Learning Management System opens the user account and provides a login token for the user back to the security gateway at 614. The login token is provided to the user device 502 by the security gateway. The user device passes the token to the Learning Management System to gain access to the user account directly. The user device provides login token to the LMS to initiate the session. The user device is then logged in to the
Learning Management System to enable the user to retrieve study material or to access any course assessment or further course material.
It will be clear to those skilled in the art that the process of logging in to the Learning Management System by the user device has been authorised and controlled through the security gateway. Embodiments of the invention activate the activity monitoring module each time the user accesses the Learning Management System. The user is only able to login to the Learning Management System via the security gateway since the Learning Management System login details for the user are securely held by the security gateway. The only login identification provided to the user is associated with the security gateway rather than the Learning Management System. Consequently, whenever a user wishes to access the Learning Management System he must initiate the activity monitoring module which prompts authorisation through the security gateway. It will be clear to those skilled in the art that
embodiments of the invention increase security around account management for a Learning Management System and also facilitate the activation of the activity monitoring module each time the user logs in for an activity session.
The description above, in particular with reference to Figures 3 and 4 describes how the activity monitoring module is initiated by a user at 702 when logging in to the Learning Management System via the secure gateway. The activity monitoring module continues to run and monitor the activity of the user throughout the session on the Learning Management System. In embodiments, the activity monitoring module can be closed by the user during a Learning Management System session at 704. In preferred embodiments the activity monitoring module, upon receiving a request by the user to be shut down
automatically logs the user out from the Learning
Management System session. Typically, deactivation of the activity monitoring module prompts a notification to be sent to the security gateway at 706. In preferred
embodiments the activity monitoring module requests confirmation from the user that he wishes to terminate the Learning Management System. If the user confirms that he intends to log out the security gateway is notified. The security gateway then notifies the LMS that the user is terminating the session at 710 and the LMS logs the student out. It will be clear that in this case the user device is directly connected to the LMS and the LMS terminates the session based on the termination request from the security gateway. Such embodiments ensure that all user activity is recorded while the LMS session is open .
Embodiments of the activity monitoring module also identify when the Learning Management System session is terminated by the user at the LMS, for example the user logging out of the LMS. In this case, the activity monitoring module recognises that the user has terminated the Learning Management System session, for example by logging out of the Learning Management System or by closing the active window to the Learning Management
System, and terminates the activity monitoring session in response to logging out of the Learning Management System.
Upon termination of the activity monitoring module the file is time stamped and closed. Depending on the predefined requirements of the course the file may be transmitted to the security gateway, LMS or other storage facility or may be retained on the user device.
Embodiments of the invention provide flexibility in the security requirements for e-learning courses. The system enables Learning Management Systems to provide a security gateway with authorisation requirements for any particular user. For sensitive courses, for example those providing professional qualifications, the LMS might require that the user is authorised to a higher security level each time he logs into the Learning Management
System. In such cases the user may be required to provide a photograph, biometric information or other personal information to be authorised by the security gateway each time they open a session. Alternatively, for courses with lower security requirements the LMS may only require correct user identification to be provided at login.
Course administrators also have flexibility the requirements for activity monitoring associated with a particular course of study, for example certain courses may only require a few photographs of the student while interacting with the LMS . Other courses may require multiple photographs in addition to full data entry and audio monitoring. Embodiments of the invention provide full flexibility for the Learning Management System to require different levels of security in order to provide integrity to e-learning courses.
A further exemplary embodiment is now described with reference to Figure 8, Figure 9 and Figure 10. Figure 8 shows a monitoring module 814 loaded onto a user device 810. Typically, the monitoring module is in connection with a processor 812. At 905 the user device 810 receives a request to initiate an activity session. On receipt of the request the user device automatically activates the monitoring module 814. Monitoring module 814 is
configured to control at least one activity monitoring device 820 during the activity session. The monitoring module 814 may control several monitoring devices
associated with the user device, including: a camera, where the recorded user activity is a photograph or video; a microphone, where the recorded user activity is an audio recording; a display monitoring module, capable of
recording the data displayed on the display of the user device; a keyboard or other user data entry device, where the recorded user activity is a record of the keystrokes entered by user; a processor activity recorder, where the recorded activity includes actions of the processor; a fingerprint scanner or a retina scanner. Monitoring module 814 controls at least one of the activity
monitoring devices to record user activity during the activity session at 915. The recorded user activity from the activity monitoring devices is stored at 920 in memory 816.
Identification engine 850 is configured to verify the identity of a user using the recorded user activity. In embodiments the identification is positioned within the user device. In further embodiments the identification engine is located remotely from the user device, for example on a remote server. At 925, the recorded user activity is transmitted from the user device to the identification engine via transmitter 818. The user activity may be transmitted to identification engine 850 periodically during the activity session or on completion of the user activity session. In some embodiments user activity is transmitted during and after the activity session. At 930 identification engine 850 receives the recorded user activity at 930 at receiver 852.
Identification engine 850 includes user
identification database 856. User identification database stores identification data for registered users. The user identification database includes user identifier for registered users, for example name or unique
identification number. For each user, identification information is stored and associated with the user
identifier. User identification information may include photograph, voice sample, fingerprint, retina scan, or other identification data.
The transmission from user device 810 to
identification engine 850 includes a user identifier as well as the recorded user activity data. At 935 user verification engine 858 uses the received user identifier to retrieve user identification information associated with the user identifier from its user identification database. User identification information stored within the database may include, for example, photographs of the user, fingerprints of the user voice samples of the user or other identification means. At 935 user verification engine 858 compares the recorded user activity data with user identification information to verify the user. The process of comparing user activity data with user
identification data allows the user verification engine to confirm whether the user engaged in the activity session is the registered user. Depending on the user activity data, this verification is performed by comparing facial recognition of photographs taken during user activity with user photographs stored in the user identification
database, audio samples recorded during user activity are compared with voice samples within the user identification database, any fingerprint data or other biometric data is compared with fingerprint or other biometric data stored within the user identification database.
The user verification engine creates a notification confirming whether the user activity data agrees with the user identification information at 940. There are many options for using the notification which fall within the scope of embodiments of the invention. The notification may be transmitted back to the monitoring module 814, may be retained in the identification engine at memory 862 or may be provided to a third party. The third party may be associated with the activity session, for example in the case of an e-learning session the third party may be in university, in in the case of a employee activity session or restrictive access activity session the notification may be provided to the employer or other company hosting the restricted access session.
In some embodiments the identification engine
notifies the monitoring module 814 that the current activity session should be paused or terminated.
Monitoring module 814 communicates with processor 812 in order to control activity of a user on user device 810. In some embodiments, if the verification engines
determines that the user activity data does not relate to the registered user and provides a negative notification, monitoring module may request specific user identification information before allowing the user to continue with the activity session. For example, the monitoring module may request that a user provides biometric information, for example a fingerprint or provide a voice sample or facial image or provides an identification code. This
information is recorded and sent by transmitter 818 to identification engine for verification. Again, this data is compared against the user identification information held in user identification database 856. Should the user verification engine 858 verify the identity of the user then identification engine 850 notifies monitoring module 814 of the positive identification verification and monitoring module 814 instruct processor 812 to continue to allow the activity session to be continued. Should the identification verification produce a negative result identification engine 850 may instruct user device 810 to terminate the activity session.
In one example monitoring module 814 triggers the monitoring devices to record the activity periodically during the activity session. Monitoring module 814 may trigger recording of user activity periodically using the clock of the user device. Alternatively, the monitoring module may trigger monitoring devices to record user activity in response to a detected event. For example, the detection of audio signals above a predetermined threshold may trigger the recording of user data using the monitoring devices. Alternatively, a detected
predetermined pattern of user data entry, for example particular key strokes or a sequence of actions may trigger the monitoring device to instruct monitoring devices to record user data.
Certain activity sessions may have different user activity recording requirements. For example an e- learning lecture activity session may require audio recordings only. However an e-learning assessment may have higher recording requirements, for example including image recordings, data entry recordings and fingerprint recordings. When receiving a request to initiate an activity session, monitoring module 810 determines whether the requested activity session has predefined recording requirements for recording during the activity session. If so, monitoring module 814 determines which monitoring devices are required to be initiated to meet the
predefined recording requirements. Monitoring module 814 determines whether the required monitoring devices are available for recording during the activity session. For the e-learning assessment example presented above, the monitoring module determines whether the user device has a camera, fingerprint detector and keystroke detector available for recording during the activity session. In some embodiments the availability of a monitoring device is determined by the monitoring module 814 attempting to initiate the required monitoring devices and identified whether the monitoring device is initiated. If the monitoring device is initiated successfully then
monitoring module 814 determines that the monitoring device is available. If the monitoring device is not successfully initiated then monitoring module 814
determines that monitoring device is unavailable. The results of the availability of the monitoring devices are recorded by monitoring module 814. In some systems monitoring module 814 may prevent an activity session to be initiated if the required monitoring devices are not available. In further examples, any discrepancies between the required monitoring devices and available monitoring devices is notified to the party responsible for the activity session, for example the university or employer, and the party may respond with confirmation of whether or not the activity session should be allowed to proceed.
In one example, upon receiving a request to initiate an activity session, the monitoring module determines the requirements to initiate the activity session. In some cases the requirements for initiation of an activity session vary between activity sessions. For example, if the activity session relates to accessing a student's account within a LMS, a student may be required to provide personal identifiers, for example identification number, photograph, a voice sample or some other identifier.
Other activities may include a user wishing to access a secure file within a server. In this case, the module may require further information in order to grant access to that file, for example a fingerprint. In certain cases, no information may be required at all. The requirements for activation of different activity sessions are stored in memory 816 of user device 810 and accessed by
monitoring module 814 upon receiving a receiving a request to initiate an activity session.
In the case that user identification data is required before initiating an activity session, monitoring module 814 attempts to obtain necessary user identification data. This may be provided in the form of a prompt to the user, for example a request to enter certain identification data or a request to enter a voice recording or fingerprint. Or, information may be gained automatically, a microphone may be activated or camera activated on the user device. The received user identification data is received by the monitoring device at 1015 and transmitted to
identification engine 850 at 1020. On receipt of the user identification data user verification engine 858 compares the received user identification data with user
identification information stored in user identification database 856 to determine whether the received user identification data matches the data stored in his
database. A notification is provided to the monitoring module at 1025 from a transmitter 860. At 1030,
monitoring module 814 determines whether to initiate the activity session depending on the notification from identification verification engine 850. Interaction between the monitoring module 814 and identification engine 850 is used to monitor the identity of user during activity sessions and actions of a user during an activity session. The outcomes of comparisons of user activity data provided by monitoring module 814 with user identification information stored in user identification database 856 of identification engine can be utilised to determine whether a user engaging in activity on a user device is an authorised user or an expected user. Depending on the type of activity session the result of the comparison could be used in different ways for different means. For example, in an e-learning situation the result of the comparison could be retained against that activity session and provided to the e- learning organisation, for example at university at various times or upon request. Alternatively, for more sensitive activity sessions, the result of the
identification verification may be transmitted in real time to parties involved with data being accessed in the activity session, for example a company.
Results of the identification verification can also be used passively, as a record to be stored against the session, or actively as a means to restrict access to that session. As discussed above, initiation of particular activity sessions may be restricted based on failure to verify a user. Activity sessions may also be terminated if a user' s identity is not positively identified during the session.
It will be clear to those skilled in the art that the location of various components discussed in the
embodiments above is not limiting. For example, the identification engine could be installed on the user device. Alternatively, the identification engine could be stored on a separate server managed by a third party. Or, the identification engine could be installed on the server of the university, employer, or other party responsible for the activity session. Similarly, the monitoring module could be located on the user device, on a remote server or on the server of the party responsible for the activity session.
In the claims which follow and in the preceding description of the invention, except where the context requires otherwise due to express language or necessary implication, the word "comprise" or variations such as "comprises" or "comprising" is used in an inclusive sense, i.e. to specify the presence of the stated features but not to preclude the presence or addition of further features in various embodiments of the invention.

Claims

Claims
1. A method for monitoring user activity at an
electronic device during a user activity session comprising:
receiving a user request to initiate an activity session on a user device;
automatically activating at least one monitoring module in response to the request to initiate the activity session;
the monitoring module controlling at least one activity monitoring device to record user activity during the activity session;
and,
associating the recorded user activity with the activity session; and
storing the recorded user activity in an activity session file.
2. A method according to claim 1 comprising the further step of transmitting the recorded user activity to a user identity verification module.
3. A method according to claim 2 comprising the further step, at the identity verification module:
receiving the recorded user activity, the recorded user activity including user identification;
comparing the recorded user activity with user identification information associated with the identity verification module; and
creating a notification in dependence on the result of the comparison.
4. A method according to claim 3 comprising the further step of transmitting the notification to at least one of:
an e-learning module associated with the activity session; the monitoring module.
5. A method according to claims 1 to 4 wherein the step of controlling comprises the further step of
triggering the at least one monitoring device to record user activity periodically during the activity session .
6. A method according to claims 1 to 5 wherein the step of controlling comprises the further step of
triggering the at least monitoring device to record user activity in response to a detected event.
7. A method according to claim 6 wherein the detected event is at least one of:
detecting audio signals on a microphone above a predetermined audio level;
detecting a predetermined pattern of user data entry.
8. A method according to claims 1 to 8 wherein the
activity session has predefined recording
requirements, the monitoring module performing the further step of determining which monitoring devices are required to meet the predefined recording
requirements for recording during the activity session .
9. A method according to claim 8, the monitoring module performing the further step of determining whether the required monitoring devices are available for recording during the activity session.
10. A method according to claim 9 comprising the further step of recording the result of the determination.
11. A method according to claim 9 or 10 comprising the further step of determining whether to initiate the activity session in dependence on the result of the availability of the required monitoring devices.
12. A method according to claim 8 wherein the step of
determining whether the required monitoring devices are available comprises the step of initiating the at least one predetermined monitoring device associated with the activity session, on the electronic device; and determining whether the predetermined monitoring module is initiated.
13. A method according to any preceding claim wherein the monitoring module performs the further step of requesting user identification data and receiving user identification data input from at least one monitoring device;
the method comprising transmitting the received user identification data an identification verification engine, and
initiating an activity session in dependence on receiving an authorisation response from the
identification verification engine.
14. A method according to claim 13 wherein the user
identification data is biometric identification.
15. A method according to claim 13 or 14 comprising the further step of comparing the user identification data with predetermined requirements and determining whether to initiate the activity session in
dependence on the comparison.
16. A method according to any of claims 1 to 15, the
monitoring module performing the further step of requesting authorisation to initiate the activity session from an authorisation module and initiating the activity session in dependence on receiving authorisation from the authorisation module.
17. A method according to claim 16 wherein the
authorisation module is an identification
verification engine.
18. A method according to any of claims 1 to 9 comprising the further step of creating a user activity file associated with the user activity session and, in the user activity file, storing at least one of:
identification for the activity session;
user identification information;
recorded user activity during the activity session; availability of required monitoring devices.
A method according to claim 12 comprising the further step of displaying the recorded user activity to the user .
A method according to any preceding claim, wherein the at least one monitoring device comprises at least one of:
a camera, wherein the recorded user activity
comprises a photograph or video;
a microphone, wherein the recorded activity comprises audio recording;
a display monitoring module, wherein the recorded activity comprises a record of the data displayed on the display;
a data input monitoring module, wherein the recorded activity comprises a record of data entry;
a processor activity recorder wherein the recorded activity includes processor actions;
fingerprint scanner;
retina scanner.
A method according to any preceding claim wherein the activity session is at least one of an e-learning session a file access session; a server access session .
A method according to claim 15 comprising the steps of, at a security gateway:
receiving a request to authorise an activity session, the request including authorisation activity data comprising at least one of user identification information or information about available monitoring devices ; comparing the authorisation activity data with predefined authorisation activity data; and
providing authorisation for the activity session in dependence on the comparison.
An activity monitoring system for monitoring user activity at an electronic device during an activity session comprising:
receiver for receiving a request to initiate an activity session on a user device;
at least one monitoring module and at least one activity monitoring device;
processor configured to automatically activate at least one monitoring module in response to the request to initiate the activity session;
monitoring module being configured to control at least one activity monitoring device during the activity session to record user activity;
memory configured to store the recorded user activity during the activity session from the at least one monitoring module and associate the recorded user activity with the activity session.
An activity monitoring system according to claim 23 further comprising a transmitter to transmit the recorded user activity to a user identity
verification module.
An activity monitoring system according to claim 23 or 24 further comprising an identity verification module, the identity verification module comprising: receiver, configured to receive recorded user
activity associated with a user identifier;
user identification database configured to store user identification information;
user verification engine configured to compare user identification information with recorded user
activity to verify the identity of the user and generate a notification in dependence on the result of the comparison.
26. An activity monitoring system according to claim 25 use verification engine further comprising a
transmitter configured to transmit the notification to at least one of an e-learning module associated with the activity session or the monitoring module.
27. An activity monitoring system according to claim 25 further comprising processor configured to
determining whether to initiate the activity session in dependence on the notification.
28. An activity monitoring system according to any of
claims 23 to 27 wherein the monitoring module is further configured to trigger the at least one monitoring module to record user activity
periodically during the activity session.
29. An activity monitoring system according to claim 23 to 28 further configured to detect a predefined event wherein the at least one monitoring device is triggered to record user activity in response to a detected event.
30. An activity monitoring system according to claim 29 wherein the detected event is at least one of:
detected audio signals on a microphone above a predetermined audio level;
detected predetermined pattern of user data entry.
31. An activity monitoring system according to any of
claims 23 to 30 wherein the system is configured to store predefined recording requirements associated with activity sessions, the monitoring module being configured to determine which monitoring devices are required to meet the predefined recording
requirements for recording during the activity session .
32. An activity monitoring system according to claim 31 the monitoring module being further configured to determine whether the required monitoring devices are available for recording during the activity session.
33. An activity monitoring system according to claim 32 wherein the monitoring module is configured to initiate the requested activity session in dependence on the result of the availability of the required monitoring devices.
34. An activity monitoring system according to any of
claims 23 to 33 further comprising:
a memory for storing predefined monitoring module requirements for predefined activity sessions;
processor for identifying at least one predetermined monitoring module requirement from the memory in dependence on the requested activity session;
means for initiating the predetermined monitoring module on the electronic device;
processor for determining whether the predetermined monitoring module is initiated; and
processor for determining whether to initiate the activity session in dependence on the result of the initiation of the monitoring module.
35. An activity monitoring system according to any of
claims 23 to 34 wherein the monitoring module is configured to control user monitoring devices to obtain user identification data;
transmitter configured to transmit the obtained user identification data to the identification
verification engine and;
wherein the monitoring module is configure to initiate the activity session in dependence on receiving an authorisation response from the
identification verification engine.
36. An activity monitoring system according to claim 35 wherein the user identification data is biometric identification
37. An activity monitoring system according to claim 35 or 36 the monitoring module comprising a requirement comparison module configured to compare the user identification data with predetermined requirements and to determining whether to initiate the activity session in dependence on the comparison.
38. An activity monitoring system according to claim 23 to 37 comprising a display for displaying the
recorded user activity to the user.
39. An activity monitoring system according to any of
claims 23 to 39, wherein the at least one monitoring device comprises at least one of:
a camera, wherein the recorded user activity
comprises a photograph;
a microphone, wherein the recorded activity comprises audio recording;
a display monitoring module, wherein the recorded activity comprises a record of the data displayed on the display;
a data input monitoring module, wherein the recorded activity comprises a record of data entry;
a processor activity recorder wherein the recorded activity includes processor actions.
40. A method for authorising user access to a secure
module at a security gateway comprising the steps of, at a secure gateway:
receiving user registration data associated with a user from a secure module, the user registration data comprising user identification data and user
authorisation data associated with the secure module; storing the user registration data at a security gateway database;
allocating security gateway user security data to the user; associating the user security gateway security data with the user registration data; and
providing the user security gateway user security data to the user;
requesting user identification data;
receiving user identification data, associating the received user identification data with the user registration data and storing the received user identification data as security data authorisation data, the received user identification data being used to authorise user access to a secure module.
41. A method according to claim 40 comprising the steps of:
receiving a user request to access the secure module at the security gateway;
receiving user identification data at the secure gateway;
comparing the user identification data with the security gateway authorisation data ;
initiating a user session with the secure module in dependence on the comparison of the user
identification data with the security gateway authorisation data.
42. A method according to claim 40 or 41 wherein the user identification includes biometric information.
43. A method according to claim 33, 34 or 35 comprising the further steps of transmitting the user
information to an identification engine for
authorisation .
44. A security gateway for authorising user access to a secure module, the security gateway comprising:
receiver configured to receive user registration data associated with a user from a secure module, the user registration data comprising user identification data and user authorisation data associated with the secure module;
memory configured to store user registration data at a security gateway database;
security data allocation means configured to allocate security gateway user security data to the user;
processor configured to associate the user security gateway security data with the user registration data; and
transmitter configured to provide the user security gateway user security data to the user and request user identification data;
receiver configured to receive user identification data, associating the received user identification data with the user registration data and storing the received user identification data as security data authorisation data, the received user identification data being used to authorise user access to a secure module .
A security gateway according to claim 44 comprising: receiver configured to receive a user request to access the secure module at the security gateway; receiving user identification data at the secure gateway;
verification engine configured to compare the user identification data with the security gateway authorisation data and initiate a user session with the secure module in dependence on the comparison of the user identification data with the security gateway authorisation data.
A security gateway according to claim 44 or 45 wherein the user identification data includes biometric information.
A system for monitoring user activity on an
electronic device comprising:
means for requesting on a user device initiation of an activity session; receiver for receiving user identification:
communication bus for establishing a communications channel with a security gateway via a network;
transmitter for transmitting the user identification and the request for the activity module to the security gateway;
receiver for receiving at the user device
authorisation result from the security gateway; and, means for initiating the activity session in
dependence on the authorisation result.
48. An electronic activity monitoring module comprising: receiver for receiving an access request for a predefined module, the access request including user identification;
means for initiating monitoring activity in response to the access request; and,
means for associating a record of the monitoring activity with the predefined module and the user identification.
49. An electronic activity monitoring module according to claim 48 further comprising terminating monitoring activity in response to a request to terminate the predefined module.
50. An electronic activity monitoring module according to claim 42 or 43 further comprising recording the monitored activity and storing the monitored
activity, the monitored activity being associated with the predefined module and the user
identification.
51. An electronic activity monitoring module according to any of claims 47 to 50 further arranged to facilitate user manipulation of the recorded monitored activity, wherein manipulation is recorded.
52. An electronic monitoring system comprising an
activity monitoring module and a security access module comprising:
at the electronic activity monitoring module, receiving an access request for a predefined module, the access request including user identification; initiating monitoring activity in response to the access request; and, associating a record of the monitoring activity with the predefined module and the user identification; and,
at the security access module, receiving
identification, verifying the security authorisation and providing access code in dependence on
verification of the security authorisation.
PCT/AU2015/000654 2014-10-31 2015-10-30 Method and system for activity monitoring WO2016065405A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
AU2014904387 2014-10-31
AU2014904387A AU2014904387A0 (en) 2014-10-31 Method and system for activity monitoring

Publications (1)

Publication Number Publication Date
WO2016065405A1 true WO2016065405A1 (en) 2016-05-06

Family

ID=54704290

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/AU2015/000654 WO2016065405A1 (en) 2014-10-31 2015-10-30 Method and system for activity monitoring

Country Status (2)

Country Link
AU (1) AU2015101597A4 (en)
WO (1) WO2016065405A1 (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3572961A1 (en) * 2018-05-25 2019-11-27 Smiley Owl Tech S.L. Method and system for continuous verification of user identity in an online service using multi-biometric data
CN111127267A (en) * 2019-12-18 2020-05-08 四川文轩教育科技有限公司 School teaching problem analysis method based on evaluation big data
CN111459765A (en) * 2020-04-16 2020-07-28 Oppo广东移动通信有限公司 Statistical method, statistical apparatus, electronic device, and storage medium
CN111507873A (en) * 2020-04-14 2020-08-07 四川聚阳科技集团有限公司 Classroom participation degree evaluation method based on sound and image joint sampling
WO2022245180A1 (en) * 2021-05-21 2022-11-24 서울대학교산학협력단 Method and device for active terminal detection using spreading code learned using deep learning in multiplexing communications

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040075590A1 (en) * 2002-09-25 2004-04-22 Pearson Esther Mae E-learning biometric identification information system
WO2008038996A1 (en) * 2006-09-27 2008-04-03 Jong Hae Kim Method and related system for authenticating e-learning study.
US20140222995A1 (en) * 2013-02-07 2014-08-07 Anshuman Razden Methods and System for Monitoring Computer Users

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040075590A1 (en) * 2002-09-25 2004-04-22 Pearson Esther Mae E-learning biometric identification information system
WO2008038996A1 (en) * 2006-09-27 2008-04-03 Jong Hae Kim Method and related system for authenticating e-learning study.
US20140222995A1 (en) * 2013-02-07 2014-08-07 Anshuman Razden Methods and System for Monitoring Computer Users

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3572961A1 (en) * 2018-05-25 2019-11-27 Smiley Owl Tech S.L. Method and system for continuous verification of user identity in an online service using multi-biometric data
WO2019224109A1 (en) * 2018-05-25 2019-11-28 Smiley Owl Tech Sl Method and system for continuous verification of user identity in an online service using multi-biometric data
CN111127267A (en) * 2019-12-18 2020-05-08 四川文轩教育科技有限公司 School teaching problem analysis method based on evaluation big data
CN111507873A (en) * 2020-04-14 2020-08-07 四川聚阳科技集团有限公司 Classroom participation degree evaluation method based on sound and image joint sampling
CN111459765A (en) * 2020-04-16 2020-07-28 Oppo广东移动通信有限公司 Statistical method, statistical apparatus, electronic device, and storage medium
CN111459765B (en) * 2020-04-16 2023-02-24 Oppo广东移动通信有限公司 Statistical method, statistical apparatus, electronic device, and storage medium
WO2022245180A1 (en) * 2021-05-21 2022-11-24 서울대학교산학협력단 Method and device for active terminal detection using spreading code learned using deep learning in multiplexing communications

Also Published As

Publication number Publication date
AU2015101597A4 (en) 2015-12-03

Similar Documents

Publication Publication Date Title
US20200410886A1 (en) Cloud based test environment
US10628571B2 (en) Systems and methods for high fidelity multi-modal out-of-band biometric authentication with human cross-checking
US11205349B2 (en) System for online automated exam proctoring
AU2015101597A4 (en) Method and system for activity monitoring
US20120135388A1 (en) Online Proctoring
US20160065558A1 (en) Identity verification for online education
EP1669836A1 (en) User authentication by combining speaker verification and reverse turing test
US20140272882A1 (en) Detecting aberrant behavior in an exam-taking environment
US20220107710A1 (en) Remotely restricting client devices
US20120042358A1 (en) Proctoring System
US11971971B2 (en) Acknowledgment authentication system and method
US20150186634A1 (en) Biometric access system
US9197638B1 (en) Method and apparatus for remote identity proofing service issuing trusted identities
US10192043B2 (en) Identity verification
Pandey et al. E-parakh: Unsupervised online examination system
Venter et al. A digital forensic readiness architecture for online examinations
US11450222B2 (en) System and method for sharing content
WO2011115644A1 (en) Systems and methods for secure, online, proctored examination
US20220269761A1 (en) Cognitive multi-factor authentication
Vinţe et al. Perspectives of digital identity–the case of online education during the COVID-19 pandemic
Rose Virtual Proctoring in Distance Education: An Open-Source Solution.
US20210258317A1 (en) Identity verification system and method
US12039887B2 (en) System for online automated exam proctoring
US20220417234A1 (en) Host-initiated authentication system and method
TR202006023Y (en) AN INTERNET-BASED EXAM SYSTEM

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15853770

Country of ref document: EP

Kind code of ref document: A1

DPE1 Request for preliminary examination filed after expiration of 19th month from priority date (pct application filed from 20040101)
NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 15853770

Country of ref document: EP

Kind code of ref document: A1