Methods and systems for providing a token-based application firewall correlation

US 10,116,623 B2
Filed: 05/19/2016
Issued: 10/30/2018
Est. Priority Date: 06/25/2010
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving a request for access to a resource from a remote user device, the request received by an application-level firewall;

associating a token with the request, by the application-level firewall, wherein the token is added to a session context and the token is injected into multiple events that originate from the request to service the request during the session to allow the application-level firewall to correlate the request with a corresponding session wherein associating a token with the request comprises the application-level firewall modifying logic of the request to include the token;

storing the token and associated information in an event correlator communicatively coupled with the application-level firewall;

associating the token with one or more subsequent actions by the resource in response to receiving the request, wherein the one or more subsequent actions comprises at least generating a database query based on the request, the database query including the token in logic of the database query;

selectively applying one or more traffic management policies by the application-level firewall based on at least the session context having the token by at least identifying abnormalities in transactions through the application-level firewall utilizing at least a statistical model, wherein a total score is maintained over a session and can be updated by multiple host system entities; and

transmitting a response to the request with the token to the remote user device via the application firewall, wherein the application-level firewall analyzes the response and determines an action to be taken on the response based on the token and the associated information.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Token-based firewall functionality. A request is received for access to a resource from a remote user device, the request received by an application firewall. A token is associated with the request. The token and associated information are stored in an event correlator coupled with the application firewall. The token is associated with one or more subsequent actions by the resource in response to receiving the request. A response to the request including the token is generated. The response with the token is transmitted to the remote user device via the application firewall. The application firewall analyzes the response and determines an action to be taken on the response based on the token and the associated information.

Citations

19 Claims

1. A method comprising:
- receiving a request for access to a resource from a remote user device, the request received by an application-level firewall;
  
  associating a token with the request, by the application-level firewall, wherein the token is added to a session context and the token is injected into multiple events that originate from the request to service the request during the session to allow the application-level firewall to correlate the request with a corresponding session wherein associating a token with the request comprises the application-level firewall modifying logic of the request to include the token;
  
  storing the token and associated information in an event correlator communicatively coupled with the application-level firewall;
  
  associating the token with one or more subsequent actions by the resource in response to receiving the request, wherein the one or more subsequent actions comprises at least generating a database query based on the request, the database query including the token in logic of the database query;
  
  selectively applying one or more traffic management policies by the application-level firewall based on at least the session context having the token by at least identifying abnormalities in transactions through the application-level firewall utilizing at least a statistical model, wherein a total score is maintained over a session and can be updated by multiple host system entities; and
  
  transmitting a response to the request with the token to the remote user device via the application firewall, wherein the application-level firewall analyzes the response and determines an action to be taken on the response based on the token and the associated information.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1 wherein the resource is part of a multitenant environment.
  - 3. The method of claim 2 wherein the multitenant environment comprises a multitenant database environment, wherein the multitenant database environment stores data for multiple client entities each identified by a tenant identifier (ID) having one or more users associated with the tenant ID, wherein users of each of multiple client entities can only access data identified by a tenant ID associated with the respective client entity, and wherein the multitenant database is a hosted database provided by an entity separate from the client entities, and provides on-demand database service to the client entities.
  - 4. The method of claim 1 wherein associating a token with the request comprises the application-level firewall inserting the token in at least a header of the request.
  - 5. The method of claim 1 wherein associating a token with the request comprises the application-level firewall modifying logic of the request to include the token.
  - 6. The method of claim 1 wherein the one or more subsequent actions comprises at least generating a file event based on the request, the file event including the token.
  - 7. The method of claim 1 wherein the one or more subsequent actions comprises at least generating a network request based on the request, the network request including the token.

8. An article comprising a non-transitory computer-readable medium having stored thereon instructions that, when executed by one or more processors, are configurable to cause the one or more processors to:
- receive a request for access to a resource from a remote user device, the request received by an application-level firewall;
  
  associate a token with the request, by the application-level firewall, wherein the token is added to a session context and the token is injected into multiple events that originate from the request to service the request during the session to allow the application-level firewall to correlate the request with a corresponding session;
  
  store the token and associated information in an event correlator communicatively coupled with the application-level firewall;
  
  associate the token with one or more subsequent actions by the resource in response to receiving the request, wherein the one or more subsequent actions comprises at least generating a database query based on the request, the database query including the token in logic of the database query;
  
  selectively apply one or more traffic management policies by the application-level firewall based on at least the session context having the token by at least identifying abnormalities in transactions through the application-level firewall utilizing at least a statistical model, wherein a total score is maintained over a session and can be updated by multiple host system entities; and
  
  transmit a response to the request with the token to the remote user device via the application firewall, wherein the application-level firewall analyzes the response and determines an action to be taken on the response based on the token and the associated information.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The article of claim 8 wherein the resource is part of a multitenant environment.
  - 10. The article of claim 9 wherein the multitenant environment comprises a multitenant database environment, wherein the multitenant database environment stores data for multiple client entities each identified by a tenant identifier (ID) having one or more users associated with the tenant ID, wherein users of each of multiple client entities can only access data identified by a tenant ID associated with the respective client entity, and wherein the multitenant database is a hosted database provided by an entity separate from the client entities, and provides on-demand database service to the client entities.
  - 11. The article of claim 8 wherein the instructions that cause the one or more processors to associate a token with the request comprise instructions that, when executed, cause the one or more processors to insert the token in at least a header of the request.
  - 12. The article of claim 8 wherein the instructions that cause the one or more processors to associate a token with the request comprise instructions that, when executed, cause the one or more processor to modify logic of the request to include the token.
  - 13. The article of claim 8 wherein the one or more subsequent actions comprises at least generating a file event based on the request, the file event including the token.
  - 14. The method of claim 8 wherein the one or more subsequent actions comprises at least generating a network request based on the request, the network request including the token.

15. A system comprising:
- a computing environment coupled over a network to communicate with multiple user systems each having at least one memory device and one or more hardware processing devices coupled with the at least one memory device, the computing environment comprising at least an application-level firewall and an application, both coupled to receive traffic from the multiple user systems, the application-level firewall and the application to interact to receive a request for access to a resource from a remote user device, the request received by an application-level firewallto associate a token with the request, by the application-level firewall, wherein the token is added to a session context and the token is injected into multiple events that originate from the request to service the request during the session to allow the application-level firewall to correlate the request with a corresponding session,to store the token and associated information in an event correlator communicatively coupled with the application-level firewall,to associate the token with one or more subsequent actions by the resource in response to receiving the request, wherein the one or more subsequent actions comprises at least generating a database query based on the request, the database query including the token in logic of the database query,to selectively apply one or more traffic management policies by the application-level firewall based on at least the session context having the token by at least identifying abnormalities in transactions through the application-level firewall utilizing at least a statistical model, wherein a total score is maintained over a session and can be updated by multiple host system entities, andto transmit a response to the request with the token to the remote user device via the application firewall, wherein the application-level firewall analyzes the response and determines an action to be taken on the response based on the token and the associated information.
- View Dependent Claims (16, 17, 18, 19)
- - 16. The system of claim 15 wherein associating a token with the request comprises the firewall inserting the token in at least a header of the request.
  - 17. The system of claim 15 wherein associating a token with the request comprises the firewall modifying logic of the request to include the token.
  - 18. The system of claim 15 wherein the one or more subsequent actions comprises at least generating a file event based on the request, the file event including the token.
  - 19. The system of claim 15 wherein the one or more subsequent actions comprises at least generating a network request based on the request, the network request including the token.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Salesforce.com, Inc.
Original Assignee
Salesforce.com, Inc.
Inventors
Gluck, Yoel
Primary Examiner(s)
Pham, Luu
Assistant Examiner(s)
Le, Canh

Application Number

US15/159,732
Publication Number

US 20160269360A1
Time in Patent Office

894 Days
Field of Search
US Class Current
CPC Class Codes

G06F 16/9535   Search customisation based ...

G06F 16/955   using information identifie...

H04L 63/0209   Architectural arrangements,...

H04L 63/0227   Filtering policies mail mes...

H04L 63/08   for authentication of entit...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/102   Entity profiles

H04L 67/02   based on web technology, e....

Methods and systems for providing a token-based application firewall correlation

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and systems for providing a token-based application firewall correlation

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links