US 12,430,427 B2
Methods, systems and computer programs for detecting potentially suspicious resource access events
Daniel Davraev, Or Yehuda (IL); Shalom Shay Shavit, Yehud (IL); and Ram Haim Pliskin, Rishon Le Tzion (IL)
Assigned to Microsoft Technology Licensing, LLC, Redmond, WA (US)
Filed by Microsoft Technology Licensing, LLC, Redmond, WA (US)
Filed on Dec. 19, 2022, as Appl. No. 18/068,440.
Claims priority of provisional application 63/374,135, filed on Aug. 31, 2022.
Prior Publication US 2024/0070271 A1, Feb. 29, 2024
Int. Cl. G06F 21/55 (2013.01)
CPC G06F 21/554 (2013.01) [G06F 2221/034 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A computer system comprising:
a memory embodying computer-readable instructions; and
a processor coupled to the memory and configured to execute the computer-readable instructions, the computer-readable instructions being configured to cause the processor to:
detect a recovery instruction pertaining to a resource, wherein the recovery instruction is associated with a first user account comprising a first user account identifier and a first user account credential;
match the recovery instruction with a soft delete instruction that caused the resource to enter a soft-deleted state, wherein the soft delete instruction is associated with a second user account comprising a second user account identifier and a second user account credential, wherein the second user account is authorized to soft delete the resource;
determine a mismatch between the first user account associated with the recovery instruction and the second user account associated with the soft delete instruction; and
perform a mitigation action based on determining the mismatch between the first user account and the second user account.