System and method for data and request filtering
First Claim
Patent Images
1. A system for monitoring access via a client computer to data provided by a network-based application, the system comprising:
- an identification database comprising user profiles each corresponding to a user, each of the user profiles including at least one re-authentication trigger event that (i) is associated with the user, and (ii) is stored in the user profile of the user, wherein at least two of the user profiles include re-authentication trigger events of different types each selected from (a) a function initiated by the user or an administrator, (b) a broken communication link, (c) a screen or web page requested by a user, (d) inactivity of the user, (e) passage of a period of time, or (f) a signal from an identification server sent on a periodic or random basis, whereby the identification database comprises, for at least two different users, user profiles for the different users differing from each other by inclusion of different re-authentication trigger events;
a communications module on the client computer for communicating with a computer network for facilitating authentication and log-in, by a user, to an identification server to initiate a session with an application, and for receiving thereover, from the identification database, the at least one re-authentication trigger event associated with the user;
a storage device on the client computer for storing the at least one re-authentication trigger event; and
an active agent operable on the client computer for (i) monitoring ongoing activities of the user during the session, (ii) determining that the user'"'"'s access privileges have not been revoked, (iii) determining that a re-authentication trigger event associated with the user has occurred as the user performs the ongoing activities, and (iv) interrupting user activity in response to determining that the re-authentication trigger event has occurred and thereupon presenting the user with a login screen for re-authentication to the identification server.
7 Assignments
0 Petitions
Accused Products
Abstract
Data and data requests of users of applications are filtered using a client-resident agent. A user profile may contain data pertaining to restrictions on content the user is permitted to view or types of requests the user is permitted to make. within one or more applications. Data in the user profile may be used to grant or deny access to applications, filter particular content from the user'"'"'s view, or filter particular data requests made by the user.
137 Citations
24 Claims
-
1. A system for monitoring access via a client computer to data provided by a network-based application, the system comprising:
-
an identification database comprising user profiles each corresponding to a user, each of the user profiles including at least one re-authentication trigger event that (i) is associated with the user, and (ii) is stored in the user profile of the user, wherein at least two of the user profiles include re-authentication trigger events of different types each selected from (a) a function initiated by the user or an administrator, (b) a broken communication link, (c) a screen or web page requested by a user, (d) inactivity of the user, (e) passage of a period of time, or (f) a signal from an identification server sent on a periodic or random basis, whereby the identification database comprises, for at least two different users, user profiles for the different users differing from each other by inclusion of different re-authentication trigger events; a communications module on the client computer for communicating with a computer network for facilitating authentication and log-in, by a user, to an identification server to initiate a session with an application, and for receiving thereover, from the identification database, the at least one re-authentication trigger event associated with the user; a storage device on the client computer for storing the at least one re-authentication trigger event; and an active agent operable on the client computer for (i) monitoring ongoing activities of the user during the session, (ii) determining that the user'"'"'s access privileges have not been revoked, (iii) determining that a re-authentication trigger event associated with the user has occurred as the user performs the ongoing activities, and (iv) interrupting user activity in response to determining that the re-authentication trigger event has occurred and thereupon presenting the user with a login screen for re-authentication to the identification server. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A system for monitoring access via a client computer to data provided by a network-based application, the system comprising:
-
an identification database comprising user profiles each corresponding to a user, each of the user profiles including at least one re-authentication trigger event associated with the user and stored in the user profile; a communications module on the client computer for communicating with a computer network for facilitating authentication and log-in, by a user, to an identification server to initiate a session with an application, and for receiving thereover, from the identification database, the at least one re-authentication trigger event associated with the user; a storage device on the client computer for storing the at least one re-authentication trigger event; and an active agent operable on the client computer for (i) monitoring ongoing activities of the user during the session, (ii) determining that the user'"'"'s access privileges have not been revoked, (iii) determining that one or more re-authentication trigger events associated with the user have occurred as the user performs the ongoing activities, and (iv) interrupting user activity in response to determining that the one or more re-authentication trigger events have occurred and thereupon presenting the user with a login screen for re-authentication to the identification server, wherein; the at least one re-authentication trigger event associated with at least one user comprises a plurality of different re-authentication trigger events each being of a different type of re-authentication trigger event, and the active agent only interrupts activity of the at least one user and presents the at least one user with the login screen for re-authentication when the active agent determines that a plurality of the different re-authentication trigger events, each being of a different type of re-authentication trigger event, have occurred. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
-
Specification