Secure application bridge server

US 8,046,823 B1
Filed: 10/03/2006
Issued: 10/25/2011
Est. Priority Date: 10/03/2006
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving, at a bridge server, a login request from one of a plurality of users, wherein each of said plurality of users are associated with a same entity and each have respective user credentials;

validating, by said bridge server, user credentials of said user requesting said login;

identifying, by said bridge server, a secure application account of said entity that is associated with at least one secure application;

determining, by said bridge server, entity credentials that grant the entity certain rights to said entity'"'"'s secure application account;

mapping, by said bridge server, said user credentials to said entity credentials; and

managing, by said bridge server, interaction of said user with said at least one secure application for performing activity involving use of the secure application account on behalf of said entity, wherein said managing comprises providing at least one value-added service not available from unmapped use of the entity credentials, and said managing further comprises storing status data indicating current usage by said plurality of users of the secure application account.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods are provided which implement a bridge server to provide user access to one or more secure applications. A bridge server of embodiments is disposed between a user and a secure application and invokes bridge server security protocols with respect to the user and secure application security protocols with respect to the secure application. In operation according to embodiments, client applications will link into a bridge server, the user will be authenticated by the bridge server, and a valid user will be correlated to an account of the secure application by the bridge server. Bridge servers of embodiments facilitate providing features with respect to secure application user access unavailable using the secure application security protocols.

317 Citations

47 Claims

1. A method comprising:
- receiving, at a bridge server, a login request from one of a plurality of users, wherein each of said plurality of users are associated with a same entity and each have respective user credentials;
  
  validating, by said bridge server, user credentials of said user requesting said login;
  
  identifying, by said bridge server, a secure application account of said entity that is associated with at least one secure application;
  
  determining, by said bridge server, entity credentials that grant the entity certain rights to said entity'"'"'s secure application account;
  
  mapping, by said bridge server, said user credentials to said entity credentials; and
  
  managing, by said bridge server, interaction of said user with said at least one secure application for performing activity involving use of the secure application account on behalf of said entity, wherein said managing comprises providing at least one value-added service not available from unmapped use of the entity credentials, and said managing further comprises storing status data indicating current usage by said plurality of users of the secure application account.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 2. The method of claim 1 wherein said at least one secure application comprises a postal application.
  - 3. The method of claim 1 wherein said entity credentials comprises postal meter account credentials.
  - 4. The method of claim 1 wherein said secure application account comprises a value account.
  - 5. The method of claim 1 wherein said at least one value-added service comprises:
    - determining what of said certain rights that are granted to the entity are granted to said user; and
      
      managing said interaction of said user with said at least one secure application consistent with the determined rights that the user is granted.
  - 6. The method of claim 5 wherein said user is granted a subset of said certain rights that are granted to the entity.
  - 7. The method of claim 5 wherein said at least one secure application comprises a postal application.
  - 8. The method of claim 5 wherein said mapping specifies what of said certain rights that are granted to the entity are granted to said user.
  - 9. The method of claim 1 wherein said at least one value-added service comprises:
    - monitoring use of the secure application account on a per user basis.
  - 10. The method of claim 1 wherein said at least one value-added service comprises:
    - storing information detailing respective use of the secure application account by said user.
  - 11. The method of claim 1 wherein said at least one value-added service comprises:
    - generating a report showing use of the secure application account on a per user basis.
  - 12. The method of claim 11 wherein said at least one secure application comprises a postal application.
  - 13. The method of claim 1 further comprising:
    - disposing said bridge server in a communication path between at least one client device and said at least one secure application.
  - 14. The method of claim 13 wherein disposing said bridge server in said communication path comprises:
    - isolating said at least one secure application from said at least one client device such that any communication between said at least one client device and said at least one secure application passes through said bridge server.
  - 15. The method of claim 13 wherein said communication path comprises a public network.
  - 16. The method of claim 13 wherein said at least one client device comprises a plurality of client devices that comprise:
    - a first group of client devices adapted to implement protocols supported by said at least one secure application; and
      
      a second group of client devices adapted to implement protocols supported by said bridge server.
  - 17. The method of claim 16 further comprising:
    - providing data tunneling through said bridge server to said at least one secure application for said first group of client devices.
  - 18. The method of claim 1 further comprising:
    - initiating, by said bridge server, a reregistration process on behalf of said user.
  - 19. The method of claim 1 further comprising:
    - emulating, by said bridge server, operation of a client device adapted to implement protocols supported by said at least one secure application.
  - 20. The method of claim 1 further comprising:
    - combining, by said bridge server, transactions supported by said at least one secure application to define additional transactions available to said users.

21. A system comprising:
- a bridge server disposed in a communication path between at least one client device and at least one secure application;
  
  wherein said bridge server is communicatively coupled to a bridge database containing information mapping, for each of a plurality of users who each have respective user credentials and are associated with a same entity having entity credentials that grant the entity certain rights to a secure application account of said entity, said user credentials to said entity credentials; and
  
  wherein said bridge server is configured to facilitate access by said plurality of users to said at least one secure application for conducting activity involving use of the secure application account through use of said entity credentials, while maintaining unique identification of each of said users who are so accessing the at least one secure application;
  
  wherein said bridge server is configured to receive a login request from one of said plurality of users using said at least one client device, validate user credentials of said user requesting said login, and determine said mapping of said user credentials to said entity credentials;
  
  wherein said bridge server is configured to manage interaction of said user with said at least one secure application through use of said entity credentials for performing activity involving use of the secure application account on behalf of said entity;
  
  wherein said bridge server is configured to provide at least one value-added service not available from use of the entity credentials unmapped to said user credentials; and
  
  wherein said bridge server is configured to store status data indicating current usage by said plurality of users of the secure application account.
- View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38)
- - 22. The system of claim 21 wherein said at least one value-added service comprises:
    - determining what of said certain rights that are granted to the entity are granted to a given one of said users; and
      
      managing said interaction of said given one of the users with said at least one secure application consistent with the determined rights that the given one of the users is determined as granted.
  - 23. The system of claim 22 wherein said given one of the users is granted a subset of said certain rights that are granted to the entity.
  - 24. The system of claim 22 wherein said at least one secure application comprises a postal application.
  - 25. The system of claim 22 wherein said mapping specifies what of said certain rights that are granted to the entity are granted to each of said users.
  - 26. The system of claim 21 wherein said at least one value-added service comprises:
    - monitoring use of the secure application account on a per user basis.
  - 27. The system of claim 21 wherein said at least one value-added service comprises:
    - storing information detailing respective use of the secure application account by each of said users.
  - 28. The system of claim 21 wherein said at least one value-added service comprises:
    - generating a report showing use of the secure application account on a per user basis.
  - 29. The system of claim 28 wherein said at least one secure application comprises a postal application.
  - 30. The system of claim 21 wherein said at least one client device utilizes standardized security protocols and said at least one secure application utilizes proprietary security protocols.
  - 31. The system of claim 30 wherein said at least one client device comprises a web browser.
  - 32. The system of claim 21 wherein said bridge database comprises information correlating transaction requests between a protocol used by said at least one client device and a protocol used by said at least one secure application.
  - 33. The system of claim 32 wherein said correlation of transaction requests combines transactions of said protocol used by said at least one secure application to define a transaction of said protocol used by said at least one client device.
  - 34. The system of claim 21 wherein said bridge database comprises:
    - a user database, said user database comprising user identification and password information;
      
      an application link database, said application link database comprising user identification information and secure application account identification information; and
      
      a secure application account database, said secure application account database comprising secure application account identification information and secure application account credentials.
  - 35. The system of claim 21 wherein said bridge server provides a data tunnel to accommodate interaction between one or more of said at least one client that is adapted to directly interact with said at least one secure application through said bridge server.
  - 36. The system of claim 21 wherein said at least one secure application comprises a postal application and said bridge database comprises postal meter account credentials.
  - 37. The system of claim 21 wherein said communication path comprises a public network.
  - 38. The system of claim 21 wherein said at least one secure application comprises a postal application and wherein said secure application account comprises a value account.

39. A method comprising:
- receiving, at a bridge server, a login request from one of a plurality of users, wherein each of said plurality of users are associated with a same entity and each have respective user credentials;
  
  validating, by said bridge server, user credentials of said user requesting said login;
  
  identifying, by said bridge server, a secure application account of said entity that is associated with at least one secure application;
  
  determining, by said bridge server, entity credentials that grant the entity certain rights to said entity'"'"'s secure application account;
  
  mapping, by said bridge server, said user credentials to said entity credentials, wherein said mapping comprises determining what of said certain rights that are granted to the entity are granted to said user; and
  
  managing, by said bridge server, interaction of said user with said at least one secure application for performing activity involving use of the secure application account on behalf of said entity consistent with the determined rights that the user is granted, wherein said managing comprises providing at least one value-added service not available from unmapped use of the entity credentials, and said managing further comprises storing status data indicating current usage by said plurality of users of the secure application account.
- View Dependent Claims (40, 41, 42, 43, 44, 45, 46, 47)
- - 40. The method of claim 39 wherein said at least one secure application comprises a postal application.
  - 41. The method of claim 39 wherein said entity credentials comprises postal meter account credentials.
  - 42. The method of claim 39 wherein said secure application account comprises a value account.
  - 43. The method of claim 39 wherein said user is granted a subset of said certain rights that are granted to the entity.
  - 44. The method of claim 39 wherein said managing further comprises:
    - monitoring use of the secure application account on a per user basis.
  - 45. The method of claim 39 wherein said managing further comprises:
    - storing information detailing respective use of the secure application account by said user.
  - 46. The method of claim 39 wherein said managing further comprises:
    - generating a report showing use of the secure application account on a per user basis.
  - 47. The method of claim 46 wherein said at least one secure application comprises a postal application.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Auctane LLC (Stamps.com, Inc.)
Original Assignee
Stamps.com, Inc.
Inventors
Bussell, Keith David, Begen, Geoffrey Charles
Primary Examiner(s)
SIMITOSKI, MICHAEL J

Application Number

US11/542,654
Time in Patent Office

1,848 Days
Field of Search

726 2- 3, 726/12, 726 14- 15
US Class Current

726/3
CPC Class Codes

G06F 21/335   for accessing specific reso...

H04L 63/0815   providing single-sign-on or...

H04L 63/0884   by delegation of authentica...

Secure application bridge server

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

317 Citations

47 Claims

Specification

Solutions

Use Cases

Quick Links

Secure application bridge server

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

317 Citations

47 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links