Access record gateway

US 7,552,126 B2
Filed: 06/02/2006
Issued: 06/23/2009
Est. Priority Date: 06/02/2006
Status: Active Grant

First Claim

Patent Images

1. A method of managing access records of user access to a secure data network, the method comprising:

acquiring user access information at an access record gateway from an access server, wherein the access server allows at least one user to access the secure data network;

recording the user access information in at least one access record;

storing the at least one access record in an access record data store, wherein the access record gateway includes the access record datastore;

acquiring user access activity information; and

updating previously recorded user access information with the user access activity information comprising the steps of;

retrieving a key from the user access activity information;

retrieving a previously recorded access record matching the key;

modifying the previously recorded access record based on the user access activity information; and

,storing the modified access record;

wherein the user access information includes time information; and

,wherein the at least one access record includes a plurality of sub-records, the plurality of sub-records being selected from a list of sub-records comprising a user information sub-record, a network information sub-record, and a time information sub-record.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods of managing access records of user access to a secure data network include an access record gateway and an access record datastore; the access record gateway being in communication with an access server of the secure data network; and the access record datastore being in communication with the access record gateway. The access record gateway acquires user access information, such as time information; records the user access information in at least one access record; and stores the at least one access record in the access record datastore. The access record gateway also acquires user access activity information, such as user access termination information, and updates previously recorded user access information with the user access activity information. The at least one access record includes a plurality of sub-records, selected from a list including a user information sub-record, a network information sub-record, and a time information sub-record. The system may include a security application in communication with the access record gateway to query for an access record satisfying the security query parameter(s).

Citations

56 Claims

1. A method of managing access records of user access to a secure data network, the method comprising:
- acquiring user access information at an access record gateway from an access server, wherein the access server allows at least one user to access the secure data network;
  
  recording the user access information in at least one access record;
  
  storing the at least one access record in an access record data store, wherein the access record gateway includes the access record datastore;
  
  acquiring user access activity information; and
  
  updating previously recorded user access information with the user access activity information comprising the steps of;
  
  retrieving a key from the user access activity information;
  
  retrieving a previously recorded access record matching the key;
  
  modifying the previously recorded access record based on the user access activity information; and
  
  ,storing the modified access record;
  
  wherein the user access information includes time information; and
  
  ,wherein the at least one access record includes a plurality of sub-records, the plurality of sub-records being selected from a list of sub-records comprising a user information sub-record, a network information sub-record, and a time information sub-record.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
- - 2. The method of claim 1 further comprising:
    - identifying a termination of user access to the secure data network.
  - 3. The method of claim 2 wherein identifying a termination of user access to the secure data network comprises receiving a user access termination request relating to the user.
  - 4. The method of claim 2 wherein identifying a termination of user access to the secure data network comprises detecting an absence of network traffic for the user over a specified period of time.
  - 5. The method of claim 2 wherein identifying a termination of user access to the secure data network comprises determining that the user lacks authorization to continue accessing the secure data network.
  - 6. The method of claim 1 wherein:
    - the list of sub-records further comprises at least one additional user information sub-record.
  - 7. The method of claim 6 wherein:
    - the at least one additional user information sub-record comprises user contact information, location information, or departmental information.
  - 8. The method of claim 6 further comprising:
    - populating the at least one additional user information sub-record.
  - 9. The method of claim 8 wherein populating the at least one additional user information sub-record comprises:
    - sending a user information request to a user information server;
      
      retrieving additional user information;
      
      providing the additional user information to access record gateway; and
      
      recording the additional user information into the at least one access record.
  - 10. The method of claim 1 wherein acquiring the user access information comprises:
    - receiving an access event at the access record gateway; and
      
      ,extracting the user access information from the access event.
  - 11. The method of claim 1 wherein acquiring the user access information comprises:
    - sending an access query to an access server;
      
      receiving an access query response; and
      
      ,extracting the user access information from the access query response.
  - 12. The method of claim 1 wherein acquiring the user access activity information comprises:
    - receiving an activity event at the access record gateway; and
      
      ,extracting the user access activity information from the activity event.
  - 13. The method of claim 1 wherein acquiring the user access activity information comprises:
    - sending an activity query to an access server;
      
      receiving an activity query response; and
      
      ,extracting the user access activity information from the activity query response.
  - 14. The method of claim 1 further comprising:
    - receiving at the access record gateway a security query;
      
      processing the security query against the at least one access record;
      
      retrieving each at least one access record satisfying the security query; and
      
      ,responding to the security query with each retrieved at least one access record.
  - 15. The method of claim 14 wherein:
    - the security query includes at least one query parameter delimiting the security query'"'"'s scope.
  - 16. The method of claim 15 wherein:
    - the at least one query parameter includes a query key comprising a user name, a user device network address, a time, or an access server network address.
  - 17. The method of claim 14 wherein:
    - a security application in communication with the access record gateway sends the security query and receives the response to the security query.
  - 18. The method of claim 17 further comprising:
    - receiving the retrieved at least one access record; and
      
      ,storing the retrieved at least one access record in an access record archive datastore;
      
      wherein the security application comprises an access record archiving security application.
  - 19. The method of claim 18 further comprising:
    - removing the at least one access record from the access record datastore in accordance with a security policy or an archiving policy.
  - 20. The method of claim 1 further comprising:
    - receiving a user access request related to the user;
      
      validating user for access; and
      
      allowing the user to access the secure data network.
  - 21. The method of claim 1, wherein the time information includes at least one of:
    - information about the time the at least one user accesses the secure data network;
      
      a start time of the user access; and
      
      an end time of the user access.

22. A system of managing access records of user access to a secure data network, the system comprising:
- an access record gateway in communication with an access server of the secure data network, wherein the access server allows at least one user to access the secure data network, and the access record gateway receives an at least one access record from the access server; and
  
  ,an access record datastore including a computer readable medium in communication with the access record gateway for storing the at least one access record on the computer-readable medium of the access record datastore;
  
  wherein the at least one access record comprises user access information including time information; and
  
  ,wherein the at least one access record includes a plurality of sub-records, the plurality of sub-records being selected from a list of sub-records comprising a user information sub-record, a network information sub-record, and a time information sub-record, andwherein the access record gateway is configured to update previously recorded user access information with user access activity information by;
  
  retrieving a key from the user access activity information;
  
  retrieving a previously recorded access record matching the key;
  
  modifying the previously recorded access record based on the user access activity information; and
  
  ,storing the modified access record.
- View Dependent Claims (23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37)
- - 23. The system of claim 22 further comprising:
    - a security application in communication with the access record gateway.
  - 24. The system of claim 23 wherein:
    - the access record gateway is configured to;
      
      receive a security query;
      
      process the security query against the at least one access record;
      
      retrieve each at least one access record satisfying the security query; and
      
      ,respond to the security query with each retrieved at least one access record.
  - 25. The system of claim 24 wherein:
    - the security query includes at least one query parameter delimiting the security query'"'"'s scope.
  - 26. The system of claim 25 wherein:
    - the at least one query parameter includes a query key comprising a user name, a user device network address, a time, or an access server network address.
  - 27. The system of claim 24 wherein the security application comprises an access record archiving security application and wherein:
    - the access record archiving security application is configured to;
      
      receive the retrieved at least one access record; and
      
      ,store the retrieved at least one access record in an access record archive datastore.
  - 28. The system of claim 22 further comprising:
    - an access record archiving security application in communication with the access record gateway; and
      
      ,an access record archive datastore in communication with the access record archiving security application.
  - 29. The system of claim 22 wherein:
    - the list of sub-records further comprises at least one additional user information sub-record.
  - 30. The system of claim 29 wherein:
    - the at least one additional user information sub-record comprises user contact information, location information, or departmental information.
  - 31. The system of claim 29 further comprising:
    - a user information server in communication with the access record gateway for retrieving additional user information.
  - 32. The system of claim 22 wherein:
    - the access record gateway is configured to;
      
      acquire the user access information by receiving an access event and extracting the user access information from the access event; and
      
      generate the at least one access record.
  - 33. The system of claim 22 wherein:
    - the access record gateway is configured to;
      
      acquire the user access information by sending an access query to an access server, receiving an access query response, and extracting the user access information from the access query response; and
      
      generate the at least one access record.
  - 34. The system of claim 22 wherein:
    - the access record gateway is configured to acquire the user access activity information by;
      
      receiving an activity event; and
      
      ,extracting the user access activity information from the activity event.
  - 35. The system of claim 22 wherein:
    - the access record gateway is configured to acquire the user access activity information by;
      
      sending an activity query to an access server;
      
      receiving an activity query response; and
      
      ,extracting the user access activity information from the activity query response.
  - 36. The system of claim 22 wherein:
    - the access record gateway is further configured to;
      
      remove the at least one access record from the access record datastore in accordance with a security policy or an archiving policy.
  - 37. The system of claim 22, wherein the time information includes at least one of:
    - information about the time the at least one user accesses the secure data network;
      
      a start time of the user access; and
      
      an end time of the user access.

38. A method of managing access records of user access to a secure data network, the method comprising:
- acquiring user access information at an access record gateway from an access server, wherein the access server allows at least one user to access the secure data network;
  
  recording the user access information in at least one access record;
  
  storing the at least one access record in an access record datastore, wherein the access record gateway includes the access record datastore;
  
  acquiring user access activity information; and
  
  updating previously recorded user access information with the user access activity information;
  
  wherein the user access information includes time information, and wherein the at least one access record includes a plurality of sub-records, the plurality of sub-records being selected from a list of sub-records comprising a user information sub-record, a network information sub-record, and a time information sub-record; and
  
  further comprising;
  
  receiving at the access record gateway a security query;
  
  processing the security query against the at least one access record;
  
  retrieving each at least one access record satisfying the security query; and
  
  ,responding to the security query with each retrieved at least one access record.
- View Dependent Claims (39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56)
- - 39. The method of claim 38 further comprising:
    - identifying a termination of user access to the secure data network.
  - 40. The method of claim 39 wherein identifying a termination of user access to the secure data network comprises receiving a user access termination request relating to the user.
  - 41. The method of claim 39 wherein identifying a termination of user access to the secure data network comprises detecting an absence of network traffic for the user over a specified period of time.
  - 42. The method of claim 39 wherein identifying a termination of user access to the secure data network comprises determining that the user lacks authorization to continue accessing the secure data network.
  - 43. The method of claim 38 wherein:
    - the list of sub-records further comprises at least one additional user information sub-record.
  - 44. The method of claim 43 wherein:
    - the at least one additional user information sub-record comprises user contact information, location information, or departmental information.
  - 45. The method of claim 43 further comprising:
    - populating the at least one additional user information sub-record.
  - 46. The method of claim 45 wherein populating the at least one additional user information sub-record comprises:
    - sending a user information request to a user information server;
      
      retrieving additional user information;
      
      providing the additional user information to access record gateway; and
      
      recording the additional user information into the at least one access record.
  - 47. The method of claim 38 wherein acquiring the user access information comprises:
    - receiving an access event at the access record gateway; and
      
      ,extracting the user access information from the access event.
  - 48. The method of claim 38 wherein acquiring the user access information comprises:
    - sending an access query to an access server;
      
      receiving an access query response; and
      
      ,extracting the user access information from the access query response.
  - 49. The method of claim 38 wherein acquiring the user access activity information comprises:
    - receiving an activity event at the access record gateway; and
      
      ,extracting the user access activity information from the activity event.
  - 50. The method of claim 38 wherein acquiring the user access activity information comprises:
    - sending an activity query to an access server;
      
      receiving an activity query response; and
      
      ,extracting the user access activity information from the activity query response.
  - 51. The method of claim 38 wherein:
    - the security query includes at least one query parameter delimiting the security query'"'"'s scope.
  - 52. The method of claim 51 wherein:
    - the at least one query parameter includes a query key comprising a user name, a user device network address, a time, or an access server network address.
  - 53. The method claim 38 wherein:
    - a security application in communication with the access record gateway sends the security query and receives the response to the security query.
  - 54. The method of claim 53 further comprising:
    - receiving the retrieved at least one access record; and
      
      ,storing the retrieved at least one access record in an access record archive datastore;
      
      wherein the security application comprises an access record archiving security application.
  - 55. The method of claim 54 further comprising:
    - removing the at least one access record form the access record datastore in accordance with a security policy or an archiving policy.
  - 56. The method of claim 38 further comprising:
    - receiving a user access request related to the user;
      
      validating user for access; and
      
      allowing the user to access the secure data network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
A10 Networks Incorporated
Original Assignee
A10 Networks Incorporated
Inventors
Kwan, Phillip, Chen, Lee, Chiong, John
Primary Examiner(s)
LEWIS, CHERYL RENEA

Application Number

US11/446,028
Publication Number

US 20070282855A1
Time in Patent Office

1,117 Days
Field of Search

707/100, 707/9, 707/10, 707/200
US Class Current

1/1
CPC Class Codes

H04L 63/10 for controlling access to d...

H04L 63/1425 Traffic logging, e.g. anoma...

Access record gateway

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

56 Claims

Specification

Solutions

Use Cases

Quick Links

Access record gateway

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

56 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links