Cloud-based security for identity imposter
US-2022385677-A1 · Dec 1, 2022 · US
Identity intelligence in cloud-based services
US2023129466A1 · US · A1
| Field | Value |
|---|---|
| Publication number | US-2023129466-A1 |
| Application number | US-202117509154-A |
| Country | US |
| Kind code | A1 |
| Filing date | Oct 25, 2021 |
| Priority date | Oct 25, 2021 |
| Publication date | Apr 27, 2023 |
| Grant date | — |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
The present disclosure relates to systems and methods for tying activity of a user or group in a cloud service with an identity provider (IDP). This intelligence from the cloud service can be used to continuously authenticate a user or group as they are using the cloud service, thus confirming authentication beyond the initial identity (ID) determination or login process. By gathering a baseline for the access of users and groups, it is possible to detect when a user or user device shows anomalous behavior. Responsive to detecting anomalous behavior, the IDP can be notified, and remediation can be quickly initiated with the utilization of security measures such as access denial, account disabling, requiring a user to change a password, and/or other actions of the like. Such security actions may be preset in a playbook built for response to various security risks.
First claim
Opening claim text (preview).
What is claimed is: 1 . A non-transitory computer-readable medium comprising instructions that, when executed, cause a processor to perform the steps of: receiving authentication from an Identity Provider (IDP) for a user and a user device; providing the user and the user device access to a cloud service based on the authentication; monitoring the access to the cloud service; and responsive to detecting anomalous behavior in the access, notifying the IDP for remediation. 2 . The non-transitory computer-readable medium of claim 1 , wherein the remediation includes disabling an account of the user. 3 . The non-transitory computer-readable medium of claim 1 , wherein the remediation includes disabling access by the user device. 4 . The non-transitory computer-readable medium of claim 1 , wherein the remediation includes requiring the user to change a password. 5 . The non-transitory computer-readable medium of claim 1 , wherein the remediation is performed while the user and the user device is accessing the cloud service. 6 . The non-transitory computer-readable medium of claim 1 , wherein the anomalous behavior is based on an Internet Protocol (IP) address and type of the user device changing more frequently than a baseline. 7 . The non-transitory computer-readable medium of claim 1 , further comprising the steps of; gathering a baseline for the access over a period of time to develop a profile, wherein the detecting is based on activity in the access that falls outside of normalized behavior on a per human and device basis, in the profile. 8 . A server comprising: a processing device; a memory device configured to store a computer program having instructions that, when executed, cause a processing device to perform the steps of; receiving authentication from an Identity Provider (IDP) for a user and a user device; providing the user and the user device access to a cloud service based on the authentication; monitoring the access to the cloud service; and responsive to detecting anomalous behavior in the access, notifying the IDP for remediation. 9 . The server of claim 8 , wherein the remediation includes disabling an account of the user. 10 . The server of claim 8 , wherein the remediation includes disabling access by the user device. 11 . The server of claim 8 , wherein the remediation includes requiring the user to change a password. 12 . The server of claim 8 , wherein the remediation is performed while the user and the user device is accessing the cloud service. 13 . The server of claim 8 , wherein the anomalous behavior is based on an Internet Protocol (IP) address and type of the user device changing more frequently than a baseline. 14 . The server of claim 8 , further comprising gathering a baseline for the access over a period of time to develop a profile, wherein the detecting is based on activity in the access that falls outside of normalized behavior on a per human and device basis, in the profile. 15 . A method comprising receiving authentication from an Identity Provider (IDP) for a user and a user device; providing the user and the user device access to a cloud service based on the authentication; monitoring the access to the cloud service; and responsive to detecting anomalous behavior in the access, notifying the IDP for remediation. 16 . The method of claim 15 , wherein the remediation includes disabling an account of the user. 17 . The method of claim 15 , wherein the remediation includes disabling access by the user device. 18 . The method of claim 15 , wherein the remediation includes requiring the user to change a password. 19 . The method of claim 15 , wherein the remediation is performed while the user and the user device is accessing the cloud service. 20 . The method of claim 15 , further comprising; gathering a baseline for the access over a period of time to develop a profile, wherein the detecting is based on activity in the access that falls outside of normalized behavior on a per human and device basis, in the profile.
Assignees
Inventors
Classifications
involving long-term monitoring or reporting · CPC title
- G06F21/316Primary
by observing the pattern of computer usage, e.g. typical user behaviour · CPC title
monitoring of user actions (tracking the activity of the user H04L67/535) · CPC title
Access rights, e.g. capability lists, access control lists, access tables, access matrices · CPC title
Grid computing · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US2023129466A1 cover?
- The present disclosure relates to systems and methods for tying activity of a user or group in a cloud service with an identity provider (IDP). This intelligence from the cloud service can be used to continuously authenticate a user or group as they are using the cloud service, thus confirming authentication beyond the initial identity (ID) determination or login process. By gathering a baselin…
- Who is the assignee on this patent?
- Zscaler Inc
- What technology area does this patent fall under?
- Primary CPC classification G06F21/316. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Thu Apr 27 2023 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 3 related publications on this page (citations in our corpus or others sharing the same primary CPC).