Preventing unauthorized access to an application server

US 10,225,249 B2
Filed: 11/12/2014
Issued: 03/05/2019
Est. Priority Date: 03/26/2012
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for preventing unauthorized access to an application server, the method comprising:

collecting, by the application server, access data, the access data including instances of authorized requests for data fulfilled by the application server from users of a first organization and an identifying characteristic of each requested data;

anonymizing, by an anonymizing module, the access data to create anonymized access data;

creating at least one identifying key for the anonymized access data, the at least one identifying key being operable to match a datum of the anonymized access data to a respective user of the users of the first organization;

saving the at least one identifying key at a secure location associated with the first organization;

storing the anonymized access data in an access data warehouse, the access data warehouse additionally storing another anonymized access data associated with a second organization; and

performing an analysis on the stored anonymized access data using at least one analytic criterion, the stored anonymized access data being separated from the another anonymized access data using the at least one identifying key.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and platform for preventing unauthorized access to an application server comprises collecting access data associated with an organization, anonymizing the access data, creating identifying keys which allow the anonymized access data to be matched to its associated users, storing the identifying keys at a secure location associated with the organization, transferring the anonymized access data to an access data warehouse, and performing an analysis on the anonymized access data. The access data warehouse can be maintained in a cloud computing environment, and may aggregate anonymized access data from a plurality of organizations. An organization may detect abnormal usage patterns by analyzing its usage data and the anonymized usage data of further organizations, and may use the abnormal usage patterns to predict future events, for example intrusion attempts. An organization can automatically generate protective measures against potential threats associated with abnormal usage patterns.

62 Citations

21 Claims

1. A computer-implemented method for preventing unauthorized access to an application server, the method comprising:
- collecting, by the application server, access data, the access data including instances of authorized requests for data fulfilled by the application server from users of a first organization and an identifying characteristic of each requested data;
  
  anonymizing, by an anonymizing module, the access data to create anonymized access data;
  
  creating at least one identifying key for the anonymized access data, the at least one identifying key being operable to match a datum of the anonymized access data to a respective user of the users of the first organization;
  
  saving the at least one identifying key at a secure location associated with the first organization;
  
  storing the anonymized access data in an access data warehouse, the access data warehouse additionally storing another anonymized access data associated with a second organization; and
  
  performing an analysis on the stored anonymized access data using at least one analytic criterion, the stored anonymized access data being separated from the another anonymized access data using the at least one identifying key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The method of claim 1, wherein the access data includes at least one of a request, a log-in, a user location, a user name, a role, a content, a header of a data package, a data attribute, an activity associated with content, an activity associated with a type of user, a multi-factor authentication activity, a user identification (ID), an IP address, a browser type, a date, a time, a login page, a portal content, an employee ID, an action taken, a script run, and a response.
  - 3. The method of claim 1, wherein the access data is collected by a plug-in installed on a web server.
  - 4. The method of claim 1, further comprising formatting the anonymized access data in the access data warehouse prior to the analysis.
  - 5. The method of claim 1, wherein the at least one analytic criterion includes a data mining algorithm.
  - 6. The method of claim 1, wherein the analysis includes comparing the anonymized access data to reference access data.
  - 7. The method of claim 1, wherein the access data warehouse is located in a cloud computing environment.
  - 8. The method of claim 7, wherein the analysis occurs in the cloud computing environment.
  - 9. The method of claim 1, further comprising selectively identifying, based on the analysis, at least one abnormal usage pattern.
  - 10. The method of claim 9, wherein the at least one abnormal usage pattern includes at least one of a security breach, a threat, at least two segregated users interacting in a single online process, a payee and a payer accessing the application server from the same IP address, at least two users accessing from different locations with the same credentials, a failed login request, abnormally formatted data, and an attack from an IP address.
  - 11. The method of claim 9, further comprising generating at least one protective measure based on the identification of the at least one abnormal usage pattern, the at least one protective measure including blocking access by a user of the users of the first organization to the application server.
  - 12. The method of claim 11, wherein the at least one protective measure includes at least one of automatically modifying access, issuing an alert, providing a report, requiring multi-factor authentication, displaying a message, restricting access, blocking access, blocking an Internet Protocol (IP) address, blacklisting the IP address, and generating an ad hoc query result.
  - 13. The method of claim 9, further comprising predicting at least one future event based on the least one abnormal usage pattern.
  - 14. The method of claim 1, further comprising aggregating anonymized access data in the access data warehouse with further anonymized access data associated with further organizations.
  - 15. The method of claim 1, whereinthe performing the analysis is on the stored anonymized access data and the another anonymized access data, andthe at least one identifying key reidentifies the anonymized access data and does not reidentify the another anonymized access data.

16. An unauthorized access prevention platform comprising:
- a plug-in installed on a web server associated with a first organization, the plug-in being operable to collect access data, the access data including instances of authorized requests for data fulfilled by an application server from users of the first organization and an identifying characteristic of each requested data;
  
  a processor;
  
  a memory coupled to the processor, the memory storing instructions executable by the processor to;
  
  anonymize the access data to create anonymized access data; and
  
  create at least one identifying key for the anonymized access data, the at least one identifying key being operable to match a datum of the anonymized access data to a respective user of the users of the first organization;
  
  a secure location associated with the first organization, the secure location securely saving the at least one identifying key at the secure location associated with the first organization;
  
  an access data warehouse storing the anonymized access data, the access data warehouse additionally storing another anonymized access data associated with a second organization; and
  
  at least one analytics package analyzing the stored anonymized access data, the stored anonymized access data being separated from the another anonymized access data using the at least one identifying key.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The unauthorized access prevention platform of claim 16, wherein the at least one analytics package further selectively identifies at least one abnormal usage pattern.
  - 18. The unauthorized access prevention platform of claim 17, wherein the at least one analytics package further generates at least one protective measure based on the identification of the at least one abnormal usage pattern, the at least one protective measure including blocking access by a user of the users of the first organization to the application server.
  - 19. The unauthorized access prevention platform of claim 18, wherein the at least one protective measure includes at least one of automatically modifying access, issuing an alert, providing a report, requiring multi-factor authentication, displaying a message, restricting access, blocking access, blocking an Internet Protocol (IP) address, blacklisting the IP address, and generating an ad hoc query result.
  - 20. The unauthorized access prevention platform of claim 16, wherein the anonymized access data in the access data warehouse is aggregated with further anonymized access data associated with further organizations.

21. A non-transitory computer-readable storage medium having embodied thereon at least one program, the program being executable by a processor to perform a method for preventing unauthorized access to an application server, the method comprising:
- collecting access data, the access data including instances of authorized requests for data fulfilled by the application server from users of a first organization and an identifying characteristic of each requested data;
  
  anonymizing the access data to create anonymized access data;
  
  creating at least one identifying key for the anonymized access data, the at least one identifying key being operable to match a datum of the anonymized access data to a respective user of the users of the first organization;
  
  saving the at least one identifying key at a secure location associated with the first organization;
  
  storing the anonymized access data in an access data warehouse, the access data warehouse additionally storing another anonymized access data associated with a second organization; and
  
  performing an analysis on the stored anonymized access data using at least one analytic criterion, the stored anonymized access data being separated from the another anonymized access data using the at least one identifying key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Pathlock Incorporated
Original Assignee
Greyheller, LLC
Inventors
Heller, Chris, Grey, Larry
Primary Examiner(s)
Baderman, Scott T
Assistant Examiner(s)
Level, Barbara M

Application Number

US14/539,984
Publication Number

US 20160050205A1
Time in Patent Office

1,574 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/6245   Protecting personal data, e...

G06F 21/6263   during internet communicati...

G06F 21/629   to features or functions of...

G06F 2221/2101   Auditing as a secondary aspect

G06F 2221/2141   Access rights, e.g. capabil...

H04L 2463/082   applying multi-factor authe...

H04L 63/10   for controlling access to d...

Preventing unauthorized access to an application server

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

62 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Preventing unauthorized access to an application server

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

62 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links