Usage tracking for software as a service (SaaS) applications

US 9,826,100 B2
Filed: 06/10/2015
Issued: 11/21/2017
Est. Priority Date: 06/10/2015
Status: Active Grant

First Claim

Patent Images

1. A method for tracking software as a service (SaaS) application usage, the method comprising:

initiating a client generated by a processor and presented on a display of a network-accessible device;

establishing a communication link between a SaaS usage proxy and the client;

logging into the SaaS usage proxy by entering a first set of credentials using the client,wherein the first set of credentials is known by, and uniquely associated with, a user, andwherein the first set of credentials is authenticated by a first authentication system associated with an enterprise;

selecting a SaaS application from a plurality of SaaS applications accessible through the SaaS usage proxy;

causing the SaaS usage proxy to associate a second set of credentials exclusive to the SaaS application with the first set of credentials,wherein the second set of credentials is for one of a plurality of SaaS application accounts allocated to the enterprise rather than individual users;

causing the SaaS usage proxy to enter the second set of credentials on behalf of the user such that the second set of credentials remains unknown to the user,wherein the second set of credentials is authenticated by a second authentication system associated with the SaaS application, andwherein entry of the second set of credentials logs the user into the SaaS application and enables the user to utilize the SaaS application;

causing the SaaS usage proxy to identify one or more steps required to log into each SaaS application of the plurality of SaaS applications in response to being trained by an administrator;

using the SaaS application on the client,wherein the SaaS usage proxy tracks usage of the SaaS application by the user; and

upon completion of said using the SaaS application on the client, causing the SaaS usage proxy to dissociate the second set of credentials from the first set of credentials, thereby making the second set of credentials available to other users of the SaaS usage proxy.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Various of the disclosed embodiments concern computer systems, methods, and programs for brokering logins to software as a service (SaaS) applications and tracking usage of the SaaS applications. First, a user, e.g. employee of an enterprise, logs into a SaaS usage proxy using a first set of credentials. The first set of credentials is known by the user, e.g. preexisting credentials for an enterprise-wide authentication system. Once a SaaS application is selected by the user, the SaaS usage proxy logs into the SaaS application using a second set of credentials. However, the second set of login credentials is encrypted and not known by the user, which causes the SaaS application to be accessible only through the SaaS usage proxy. This allows the SaaS usage proxy to monitor all usage of the SaaS application, even if multiple network-accessible devices are used to log into the SaaS usage proxy.

12 Citations

View as Search Results

21 Claims

1. A method for tracking software as a service (SaaS) application usage, the method comprising:
- initiating a client generated by a processor and presented on a display of a network-accessible device;
  
  establishing a communication link between a SaaS usage proxy and the client;
  
  logging into the SaaS usage proxy by entering a first set of credentials using the client,wherein the first set of credentials is known by, and uniquely associated with, a user, andwherein the first set of credentials is authenticated by a first authentication system associated with an enterprise;
  
  selecting a SaaS application from a plurality of SaaS applications accessible through the SaaS usage proxy;
  
  causing the SaaS usage proxy to associate a second set of credentials exclusive to the SaaS application with the first set of credentials,wherein the second set of credentials is for one of a plurality of SaaS application accounts allocated to the enterprise rather than individual users;
  
  causing the SaaS usage proxy to enter the second set of credentials on behalf of the user such that the second set of credentials remains unknown to the user,wherein the second set of credentials is authenticated by a second authentication system associated with the SaaS application, andwherein entry of the second set of credentials logs the user into the SaaS application and enables the user to utilize the SaaS application;
  
  causing the SaaS usage proxy to identify one or more steps required to log into each SaaS application of the plurality of SaaS applications in response to being trained by an administrator;
  
  using the SaaS application on the client,wherein the SaaS usage proxy tracks usage of the SaaS application by the user; and
  
  upon completion of said using the SaaS application on the client, causing the SaaS usage proxy to dissociate the second set of credentials from the first set of credentials, thereby making the second set of credentials available to other users of the SaaS usage proxy.
- View Dependent Claims (2, 3, 4, 5, 6, 21)
- - 2. The method of claim 1, wherein the second set of credentials is randomly generated and encrypted by the SaaS usage proxy.
  - 3. The method of claim 2, wherein the SaaS usage proxy includes a mapping table that matches the second set of credentials to the first set of credentials.
  - 4. The method of claim 1, wherein the user is one of a plurality of users, each of whom can initiate one of the plurality of accounts for the SaaS application through the SaaS usage proxy.
  - 5. The method of claim 4, wherein the SaaS usage proxy is configured to:
    - generate a distinct set of encrypted credentials for each of the plurality of users;
      
      identify when each distinct set of encrypted credentials is used by the SaaS usage proxy to log into the SaaS application; and
      
      determine usage of the SaaS application by each of the plurality of users.
  - 6. The method of claim 1, wherein usage of the SaaS application is determined by tracking uniform resource locators (URLs) accessed by the user through the SaaS application.
  - 21. The method of claim 1, wherein the plurality of SaaS application accounts are temporarily assigned to employees of the enterprise by the SaaS usage proxy when the employees log into the SaaS usage proxy and select the SaaS application.

7. A method for tracking SaaS usage, the method comprising:
- providing a server that hosts a SaaS usage proxy;
  
  generating, by the SaaS usage proxy, a client that an employee of an enterprise is able to access;
  
  receiving, by the SaaS usage proxy, known login credentials from the client that are input by the employee;
  
  validating, by the SaaS usage proxy, the known login credentials using a first authentication system associated with the enterprise;
  
  receiving, by the SaaS usage proxy, a selection of a SaaS application from one or more SaaS applications accessible through the SaaS usage proxy;
  
  generating, by the SaaS usage proxy, encrypted login credentials exclusive to the SaaS application selected by the employee,wherein the encrypted login credentials are for one of a plurality of SaaS application accounts allocated to the enterprise;
  
  supplying, by the SaaS usage proxy, the encrypted login credentials to a mapping table, which causes the encrypted login credentials to be temporarily associated with the known login credentials belonging to the employee;
  
  providing the employee access to the SaaS application and allowing the employee to initiate the SaaS application through the SaaS usage proxy;
  
  inputting, by the SaaS usage proxy upon the SaaS application being initiated, the encrypted login credentials on behalf of the employee such that the encrypted login credentials remain unknown to the employee,wherein the encrypted login credentials are authenticated by a second authentication system associated with the SaaS application, andwherein inputting the encrypted login credentials logs the employee into the SaaS application and grants the employee access to the SaaS application;
  
  identifying, by the SaaS usage proxy, one or more steps required to log into each SaaS application of the one or more SaaS applications in response to being trained by an administrator;
  
  monitoring, by the SaaS usage proxy, usage of the SaaS application by the employee; and
  
  upon completion of the usage of the SaaS application by the employee, removing the encrypted login credentials from the mapping table, thereby dissociating the encrypted login credentials from the known login credentials and making the encrypted login credentials available to other employees of the enterprise.
- View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15)
- - 8. The method of claim 7, wherein the mapping table is hosted by the server.
  - 9. The method of claim 7, wherein the mapping table is hosted by another distinct server to which the SaaS usage proxy is communicatively coupled.
  - 10. The method of claim 7, wherein the SaaS application is only accessible through the SaaS usage proxy.
  - 11. The method of claim 7, further comprising:
    - establishing, by the SaaS usage proxy, a virtual URL that directs the employee to the SaaS application via the SaaS usage proxy.
  - 12. The method of claim 11, wherein the virtual URL is transparent to the employee, but a location targeted by the virtual URL remains obfuscated.
  - 13. The method of claim 7, wherein tracking usage of the SaaS application by the employee comprises:
    - tracking URLs accessed by the employee through the SaaS application;
      
      tracking login time, logout time, or both;
      
      ortracking total time spent using the SaaS application.
  - 14. The method of claim 7, wherein the SaaS usage proxy, the SaaS application, and the mapping table are stored on one or more servers maintained by the enterprise.
  - 15. The method of claim 7, wherein the SaaS usage proxy, the SaaS application, and the mapping table are communicatively coupled to one another over one or more networks.

16. An authentication system comprising:
- a communication module communicatively coupled to a client that is presented on a network-accessible device and a SaaS application that is hosted by a server;
  
  an enterprise authentication module configured to validate a first set of credentials received from the client,wherein entry of the first set of credentials enables a user to select the SaaS application from one or more SaaS applications accessible through a SaaS usage proxy,wherein the first set of credentials is known by, and uniquely associated with, the user, andwherein the first set of credentials is valid for an established enterprise-wide authentication system; and
  
  the SaaS usage proxy;
  
  provides the client to the user;
  
  generates a second set of credentials exclusive to the SaaS application,wherein the second set of credentials is for one of a plurality of SaaS application accounts allocated to an enterprise;
  
  encrypts the second set of credentials such that the second set of credentials remains unknown to the user;
  
  temporarily associates the second set of credentials with the first set of credentials;
  
  stores the first set of credentials and the second set of credentials in a mapping table;
  
  allows the user to initiate the SaaS application using the client;
  
  logs into the SaaS application by entering the second set of credentials on behalf of the user when the user elects to initiate the SaaS application, andwherein the second set of credentials is valid for a cloud service authentication system;
  
  identifies one or more steps required to log into each SaaS application of the one or more SaaS applications in response to being trained by an administrator;
  
  tracks usage of the SaaS application by the user; and
  
  upon completion of the usage of the SaaS application by the user, dissociates the second set of credentials from the first set of credentials, thereby making the second set of credentials available to other users of the SaaS usage proxy.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The authentication system of claim 16, wherein the communication module establishes a communication link directly between the network-accessible device and the server upon the SaaS usage proxy logging into the SaaS application.
  - 18. The authentication system of claim 16, wherein the communication module continues to facilitate and redirect communication between the network-accessible device and the server upon the SaaS usage proxy logging into the SaaS application.
  - 19. The authentication system of claim 16, wherein the network-accessible device is one of a plurality of network-accessible devices.
  - 20. The authentication system of claim 19, wherein the first set of credentials entered by the user and the second set of credentials entered by the SaaS usage proxy on behalf of the user are used to log into the SaaS application regardless of which of the plurality of network-accessible devices is used to access the authentication system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Flexera Software LLC
Original Assignee
Flexera Software LLC
Inventors
Hughes, Paul, Westhorp, Peter, Allfrey, Peter, Sholl, Eddie
Primary Examiner(s)
Zoubair, Noura

Application Number

US14/736,153
Publication Number

US 20160366134A1
Time in Patent Office

895 Days
Field of Search

726 4, 726 8, 726 22- 24, 709226, 709227
US Class Current
CPC Class Codes

H04L 63/08   for authentication of entit...

H04M 15/00   Arrangements for metering, ...

H04M 15/48   Secure or trusted billing, ...

H04M 15/58   based on statistics of usag...

H04W 4/24   Accounting or billing

Usage tracking for software as a service (SaaS) applications

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

12 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Usage tracking for software as a service (SaaS) applications

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

12 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links