Methods for adaptive organization of web application access points in webtops and devices thereof

US 10,404,698 B1
Filed: 09/30/2016
Issued: 09/03/2019
Est. Priority Date: 01/15/2016
Status: Active Grant

First Claim

Patent Images

1. A method implemented by an enterprise network system comprising one or more access management apparatuses, client devices, or web application server devices, the method comprising:

monitoring network traffic exchanged with web applications to generate and store historical application access pattern data;

identifying one or more of the web applications that are allowed for a client based on a stored access policy and in response to a login request received from the client;

analyzing the stored historical application access pattern data to determine, for at least a subset of the allowed web applications and prior to any of the allowed web applications being accessed by the client in a current session, an indication of whether each of the subset of the allowed web applications will be accessed by the client in the current session;

generating a webtop configured to, when rendered in a web browser, graphically organize access points for at least the subset of the allowed web applications based on the determined indication; and

providing the webtop to the client in response to the login request to facilitate access to the subset of the allowed web applications.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, non-transitory computer readable media, access policy management apparatuses, and enterprise network systems that facilitate adaptive organization of web application access points in webtops are disclosed. With this technology, access points for web applications are more effectively presented in webtops to facilitate more efficient access to web applications by clients. In particular, this technology utilizes historical application access pattern data to determine a subset of allowed web applications most likely to be accessed in a current session, and generates and provides a webtop with access points for web applications organized based on the determined subset of the allowed web applications. Thereby, this technology facilitates adaptive webtops that reduce the amount of time required to locate access points for web applications and improve user productivity.

1683 Citations

20 Claims

1. A method implemented by an enterprise network system comprising one or more access management apparatuses, client devices, or web application server devices, the method comprising:
- monitoring network traffic exchanged with web applications to generate and store historical application access pattern data;
  
  identifying one or more of the web applications that are allowed for a client based on a stored access policy and in response to a login request received from the client;
  
  analyzing the stored historical application access pattern data to determine, for at least a subset of the allowed web applications and prior to any of the allowed web applications being accessed by the client in a current session, an indication of whether each of the subset of the allowed web applications will be accessed by the client in the current session;
  
  generating a webtop configured to, when rendered in a web browser, graphically organize access points for at least the subset of the allowed web applications based on the determined indication; and
  
  providing the webtop to the client in response to the login request to facilitate access to the subset of the allowed web applications.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, further comprising:
    - monitoring usage of one or more of the allowed web applications by the client;
      
      determining when the current session has terminated, wherein the current session is initiated upon authentication of login credentials included in the login request; and
      
      updating the stored historical application access pattern data based on the monitoring, when the determining indicates that the current session has terminated.
  - 3. The method of claim 1, further comprising determining when login credentials for a user are received from the client for a first time, wherein:
    - the stored historical application access pattern data is for one or more users associated with a same enterprise as the user and sharing one or more of user data, client device data, or temporal data, when the determining indicates that the authenticated login credentials for the user are received for the first time; and
      
      the stored historical application access pattern data is for the user, when the determining indicates that the authenticated login credentials are not received for the first time.
  - 4. The method of claim 1, wherein the determination is based on a correlation of one or more of obtained temporal data, user data, or client device data, wherein the temporal data comprises one or more of a time, a day, or a date, the user data comprises one or more of a role, a group, or a location, or the client device data comprises one or more of a web browser type, an operating system type, or a standalone application type.
  - 5. The method of claim 1, wherein each of at least a subset of the access points comprises a graphical indication of one of the subset of the allowed web applications and is prioritized in the webtop based on an order or grouping and according to the determined indication.

6. An access management apparatus, comprising memory comprising programmed instructions stored thereon and one or more processors configured to be capable of executing the stored programmed instructions:
- monitor network traffic exchanged with web applications to generate and store historical application access pattern data;
  
  identify one or more of the web applications that are allowed for a client based on a stored access policy and in response to a login request received from the client;
  
  analyze the stored historical application access pattern data to determine, for at least a subset of the allowed web applications and prior to any of the allowed web applications being accessed by the client in a current session, an indication of whether each of the subset of the allowed web applications will be accessed by the client in the current session;
  
  generate a webtop configured to, when rendered in a web browser, graphically organize access points for at least the subset of the allowed web applications based on the determined indication; and
  
  provide the webtop to the client in response to the login request to facilitate access to the at least the subset of the allowed web applications.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The access management apparatus of claim 6, wherein the one or more processors are further configured to be capable of executing the stored programmed instructions to:
    - monitor usage of one or more of the allowed web applications by the client;
      
      determine when the current session has terminated, wherein the current session is initiated upon authentication of login credentials included in the login request; and
      
      update the stored historical application access pattern data based on the monitoring, when the determining indicates that the current session has terminated.
  - 8. The access management apparatus of claim 6, wherein the processors are further configured to be capable of executing the stored programmed instructions to determine when login credentials for a user are received from the client for a first time, wherein:
    - the stored historical application access pattern data is for one or more users associated with a same enterprise as the user and sharing one or more of user data, client device data, or temporal data, when the determining indicates that the authenticated login credentials for the user are received for the first time; and
      
      the stored historical application access pattern data is for the user, when the determining indicates that the authenticated login credentials are not received for the first time.
  - 9. The access management apparatus of claim 6, wherein the determination is based on a correlation of one or more of obtained temporal data, user data, or client device data, wherein the temporal data comprises one or more of a time, a day, or a date, the user data comprises one or more of a role, a group, or a location, or the client device data comprises one or more of a web browser type, an operating system type, or a standalone application type.
  - 10. The access management apparatus of claim 6, wherein each of at least a subset of the access points comprises a graphical indication of one of the subset of the allowed web applications and is prioritized in the webtop based on an order or grouping and according to the determined indication.

11. A non-transitory computer readable medium having stored thereon instructions comprising executable code which when executed by one or more processors, causes the processors to:
- monitor network traffic exchanged with web applications to generate and store historical application access pattern data;
  
  identify one or more of the web applications that are allowed for a client based on a stored access policy and in response to a login request received from the client;
  
  analyze the stored historical application access pattern data to determine, for at least a subset of the allowed web applications and prior to any of the allowed web applications being accessed by the client in a current session, an indication of whether each of the subset of the allowed web applications will be accessed by the client in the current session;
  
  generate a webtop configured to, when rendered in a web browser, graphically organize access points for at least the subset of the allowed web applications based on the determined indication; and
  
  provide the webtop to the client in response to the login request to facilitate access to the at least the subset of the allowed web applications.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The non-transitory computer readable medium of claim 11, wherein the executable code, when executed by the processors, further causes the processors to:
    - monitor usage of one or more of the allowed web applications by the client;
      
      determine when the current session has terminated, wherein the current session is initiated upon authentication of login credentials included in the login request; and
      
      update the stored historical application access pattern data based on the monitoring, when the determining indicates that the current session has terminated.
  - 13. The non-transitory computer readable medium of claim 11, wherein the executable code, when executed by the processors, further causes the processors to determine when login credentials for a user are received from the client for a first time, wherein:
    - the stored historical application access pattern data is for one or more users associated with a same enterprise as the user and sharing one or more of user data, client device data, or temporal data, when the determining indicates that the authenticated login credentials for the user are received for the first time; and
      
      the stored historical application access pattern data is for the user, when the determining indicates that the authenticated login credentials for the user are not received for the first time.
  - 14. The non-transitory computer readable medium of claim 11, wherein the determination is based on a correlation of one or more of obtained temporal data, user data, or client device data, wherein the temporal data comprises one or more of a time, a day, or a date, the user data comprises one or more of a role, a group, or a location, or the client device data comprises one or more of a web browser type, an operating system type, or a standalone application type.
  - 15. The non-transitory computer readable medium of claim 11, wherein each of at least a subset of the access points comprises a graphical indication of one of the subset of the allowed web applications and is prioritized in the webtop based on an order or grouping and according to the determined indication.

16. An enterprise network system comprising one or more access management apparatuses, client devices, or web application server devices, the enterprise network system comprising memory comprising programmed instructions stored thereon and one or more processors configured to be capable of executing the stored programmed instructions to:
- monitor network traffic exchanged with web applications to generate and store historical application access pattern data;
  
  identify one or more of the web applications that are allowed for a client based on a stored access policy and in response to a login request received from the client;
  
  analyze the stored historical application access pattern data to determine, for at least a subset of the allowed web applications and prior to any of the allowed web applications being accessed by the client in a current session, an indication of whether each of the subset of the allowed web applications will be accessed by the client in the current session;
  
  generate a webtop configured to, when rendered in a web browser, graphically organize access points for at least the subset of the allowed web applications based on the determined indication; and
  
  provide the webtop to the client in response to the login request to facilitate access to the at least the subset of the allowed web applications.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The enterprise network system of claim 16, wherein the processors are further configured to be capable of executing the stored programmed instructions to:
    - monitor usage of one or more of the allowed web applications by the client;
      
      determine when the current session has terminated, wherein the current session is initiated upon authentication of login credentials included in the login request; and
      
      updating the stored historical application access pattern data based on the monitoring, when the determining indicates that the current session has terminated.
  - 18. The enterprise network system of claim 16, wherein the processors are further configured to be capable of executing the stored programmed instructions to determine when login credentials for a user are received from the client for a first time, wherein:
    - the stored historical application access pattern data is for one or more users associated with a same enterprise as the user and sharing one or more of user data, client device data, or temporal data, when the determining indicates that the authenticated login credentials for the user are received for the first time; and
      
      the stored historical application access pattern data is for the user, when the determining indicates that the authenticated login credentials are not received for the first time from.
  - 19. The enterprise network system of claim 16, wherein the determination is based on a correlation of one or more of obtained temporal data, user data, or client device data, wherein the temporal data comprises one or more of a time, a day, or a date, the user data comprises one or more of a role, a group, or a location, or the client device data comprises one or more of a web browser type, an operating system type, or a standalone application type.
  - 20. The enterprise network system of claim 16, wherein each of at least a subset of the access points comprises a graphical indication of one of the subset of the allowed web applications and is prioritized in the webtop based on an order or grouping and according to the determined indication.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
F5 Networks, Inc. (F5 Incorporated)
Original Assignee
F5 Networks, Inc. (F5 Incorporated)
Inventors
Natarajan, Ravi, Bredelev, Konstantin
Primary Examiner(s)
Wright, Bryan F

Application Number

US15/282,110
Time in Patent Office

1,068 Days
Field of Search

726 22
US Class Current
CPC Class Codes

H04L 41/50   Network service management,...

H04L 63/0876   based on the identity of th...

H04L 67/01   Protocols

H04L 67/02   based on web technology, e....

H04L 67/143   Termination or inactivation...

H04L 67/306   User profiles

H04L 67/535   Tracking the activity of th...

Methods for adaptive organization of web application access points in webtops and devices thereof

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

1683 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Methods for adaptive organization of web application access points in webtops and devices thereof

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

1683 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links