Protecting user identity at a cloud using a distributed user identity system

US 9,628,471 B1
Filed: 06/01/2015
Issued: 04/18/2017
Est. Priority Date: 05/03/2011
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

assigning, by a server computer system, an anonymous cloud account to a user in response to a determination that identity information of the user is validated for a user request to access a cloud, wherein the anonymous cloud account does not reveal an identity of the user to the cloud;

creating mapping data associating the user with the anonymous cloud account, wherein the mapping data is not made available to the cloud;

receiving, from the cloud, cloud access pattern data associated with the anonymous cloud account that does not reveal the identity of the user to the cloud; and

correlating, by the server computer system, the cloud access pattern data received from the cloud with the mapping data to identify the user that accessed cloud content specified in the cloud access pattern data.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computing system assigns an anonymous cloud account to a user in response to a determination that identity information of the user is validated for a request to access a cloud. The anonymous cloud account does not reveal an identity of the user to the cloud. The computing system creates mapping data that associates the user with the anonymous cloud account. The cloud does not have access to the mapping data. The computing system facilitates user access to the cloud based on the anonymous cloud account. The cloud generates cloud access pattern data for the anonymous cloud account without determining the identity of the user.

109 Citations

View as Search Results

20 Claims

1. A method comprising:
- assigning, by a server computer system, an anonymous cloud account to a user in response to a determination that identity information of the user is validated for a user request to access a cloud, wherein the anonymous cloud account does not reveal an identity of the user to the cloud;
  
  creating mapping data associating the user with the anonymous cloud account, wherein the mapping data is not made available to the cloud;
  
  receiving, from the cloud, cloud access pattern data associated with the anonymous cloud account that does not reveal the identity of the user to the cloud; and
  
  correlating, by the server computer system, the cloud access pattern data received from the cloud with the mapping data to identify the user that accessed cloud content specified in the cloud access pattern data.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the anonymous cloud account comprises an anonymous cloud account identifier that does not reveal the identity of the user to the cloud and further comprising:
    - providing the anonymous cloud account identifier to the cloud, wherein cloud access pattern data using the anonymous cloud account identifier is generated by the cloud.
  - 3. The method of claim 1, wherein the cloud access pattern data is generated by the cloud for the anonymous cloud account without the cloud determining the identity of the user.
  - 4. The method of claim 1, wherein the cloud access pattern data is a cloud access pattern database table and the mapping data is a mapping database table.
  - 5. The method of claim 4, wherein correlating the cloud access pattern data with the mapping data comprises:
    - joining fields of the cloud access pattern database table and the mapping database table.
  - 6. The method of claim 1, wherein the cloud access pattern data comprises an anonymous cloud account identifier, an access start time indicator, an access end time indicator, and content identifiers of cloud content that is being accessed using the anonymous cloud account.
  - 7. The method of claim 1, wherein the mapping data comprises a user identifier, an access start time indicator, an access end time indicator, and an anonymous cloud account identifier of the anonymous cloud account that is assigned to the user.

8. A system comprising:
- a memory; and
  
  a processing device coupled with the memory to;
  
  assign an anonymous cloud account to a user in response to a determination that identity information of the user is validated for a user request to access a cloud, wherein the anonymous cloud account does not reveal an identity of the user to the cloud;
  
  create mapping data associating the user with the anonymous cloud account, wherein the mapping data is not made available to the cloud;
  
  receive, from the cloud, cloud access pattern data associated with the anonymous cloud account that does not reveal the identity of the user to the cloud; and
  
  correlate the cloud access pattern data received from the cloud with the mapping data to identify the user that accessed cloud content specified in the cloud access pattern data.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The system of claim 8, wherein the anonymous cloud account comprises an anonymous cloud account identifier that does not reveal the identity of the user to the cloud and the processing device is further configured to:
    - provide the anonymous cloud account identifier to the cloud, wherein the cloud access pattern data using the anonymous cloud account identifier is generated by the cloud.
  - 10. The system of claim 9, wherein the cloud access pattern data is generated by the cloud for the anonymous cloud account without the cloud determining the identity of the user.
  - 11. The system of claim 8, wherein the cloud access pattern data is a cloud access pattern database table and the mapping data is a mapping database table, and the processing device is configured to correlate the cloud access pattern data with the mapping data by joining fields of the cloud access pattern database table and the mapping database table.
  - 12. The system of claim 8, wherein the cloud access pattern data comprises an anonymous cloud account identifier, an access start time indicator, an access end time indicator, and content identifiers of cloud content that is being accessed using the anonymous cloud account.
  - 13. The system of claim 8, wherein the mapping data comprises a user identifier, an access start time indicator, an access end time indicator, and an anonymous cloud account identifier of the anonymous cloud account that is assigned to the user.

14. A non-transitory computer readable storage medium including instructions that, when executed by a processing device, cause the processing device to perform a method comprising:
- assigning, by the processing device, an anonymous cloud account to a user in response to a determination that identity information of the user is validated for a user request to access a cloud, wherein the anonymous cloud account does not reveal an identity of the user to the cloud;
  
  creating mapping data associating the user with the anonymous cloud account, wherein the mapping data is not made available to the cloud;
  
  receiving, from the cloud, cloud access pattern data associated with the anonymous cloud account that does not reveal the identity of the user to the cloud; and
  
  correlating the cloud access pattern data received from the cloud with the mapping data to identify the user that accessed cloud content specified in the cloud access pattern data.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The non-transitory computer readable storage medium of claim 14, wherein the anonymous cloud account comprises an anonymous cloud account identifier that does not reveal the identity of the user to the cloud and the method further comprising:
    - providing the anonymous cloud account identifier to the cloud, wherein the cloud access pattern data using the anonymous cloud account identifier is generated by the cloud.
  - 16. The non-transitory computer readable storage medium of claim 14, wherein the cloud access pattern data is generated by the cloud for the anonymous cloud account without the cloud determining the identity of the user.
  - 17. The non-transitory computer readable storage medium of claim 14, wherein the cloud access pattern data is a cloud access pattern database table and the mapping data is a mapping database table.
  - 18. The non-transitory computer readable storage medium of claim 17, wherein correlating the cloud access pattern data with the mapping data comprises:
    - joining fields of the cloud access pattern database table and the mapping database table.
  - 19. The non-transitory computer readable storage medium of claim 14, wherein the cloud access pattern data comprises an anonymous cloud account identifier, an access start time indicator, an access end time indicator, and content identifiers of cloud content that is being accessed using the anonymous cloud account.
  - 20. The non-transitory computer readable storage medium of claim 14, wherein the mapping data comprises a user identifier, an access start time indicator, an access end time indicator, and an anonymous cloud account identifier of the anonymous cloud account that is assigned to the user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
Symantec Corporation (NortonLifeLock Inc.)
Inventors
Sundaram, Sharada, Koeten, Robert
Primary Examiner(s)
Rahim, Monjour

Application Number

US14/727,732
Time in Patent Office

687 Days
Field of Search

726 5
US Class Current
CPC Class Codes

G06F 16/00   Information retrieval; Data...

G06F 21/00   Security arrangements for p...

G06F 21/50   Monitoring users, programs ...

G06F 21/604   Tools and structures for ma...

G06F 21/62   Protecting access to data v...

G06F 21/6218   to a system of files or obj...

G06F 9/5061   Partitioning or combining o...

H04L 63/04   for providing a confidentia...

H04L 63/08   for authentication of entit...

H04L 63/0815   providing single-sign-on or...

H04L 63/083   using passwords cryptograph...

H04L 63/104   Grouping of entities

H04L 63/105   Multiple levels of security

H04L 63/107   wherein the security polici...

H04L 67/10   in which an application is ...

H04L 9/32   including means for verifyi...

Protecting user identity at a cloud using a distributed user identity system

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

109 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Protecting user identity at a cloud using a distributed user identity system

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

109 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links