US 12,278,839 B2
Systems, methods, and storage media for assessment and discovery of identity resources in an identity infrastructure
Eric Olden, Niwot, CO (US); Christopher Marie, San Juan, PR (US); and Carl Eric Leach, Piedmont, CA (US)
Assigned to Strata Identity, Inc., Niwot, CO (US)
Filed by Strata Identity, Inc., Niwot, CO (US)
Filed on May 11, 2021, as Appl. No. 17/317,156.
Claims priority of provisional application 63/023,657, filed on May 12, 2020.
Prior Publication US 2021/0360034 A1, Nov. 18, 2021
Int. Cl. H04L 29/00 (2006.01); H04L 9/40 (2022.01)
CPC H04L 63/20 (2013.01) [H04L 63/306 (2013.01)] 18 Claims
OG exemplary drawing
 
1. A system configured for assessment of identity resources in an identity infrastructure, the system comprising:
hardware processors configured by machine-readable instructions to:
assess the identity infrastructure with a discovery agent element configured to assess authorized network traffic within the identity infrastructure, including monitored and unmonitored network traffic, wherein at least a portion of the identity infrastructure is known and a portion of the identity infrastructure is unknown, and wherein the known and unknown identity infrastructure comprises identity domains and identity infrastructure elements, wherein the discovery agent element is installed on or adjacent to the identity infrastructure elements, and wherein the identity domains comprise identity domain elements;
identify, by the discovery agent element, one or more infrastructure elements within the identity infrastructure;
intercept, by the discovery agent element, first authorized network traffic in the identity infrastructure, wherein the first authorized network traffic comprises requests for identity data or identity metadata from the one or more infrastructure elements within the identity infrastructure, wherein the identity data comprises a user identity, a user credential, or a user attribute for one or more users of the identity domains, and the identity metadata comprises a list of identity infrastructure elements, configuration, network location, identity policies, or identity session structure and content;
assess, by the discovery agent element, a status or a structure of the identity infrastructure, wherein the assessing is based at least in part on the identifying, the intercepting, or a combination thereof;
install, by a discovery agent element installment module, one or more new discovery agent elements based at least in part on assessing points of interest in said one or more infrastructure elements, wherein after the discovery agent element determines that additional information about the identity infrastructure may be gathered by installing the one or more new discovery agent elements, the discovery agent element installment module installs the one or more new discovery agent element at or near a proxy point; and
report, by the discovery agent element, the status or the structure of the identity infrastructure to an administrator or a centralized server, the reporting being based at least in part on the assessing.