Efficient and secure user credential store for credentials enforcement using a firewall

US 10,298,610 B2
Filed: 07/09/2018
Issued: 05/21/2019
Est. Priority Date: 07/31/2015
Status: Active Grant

First Claim

Patent Images

1. A system for a credentials store for credentials enforcement using a firewall, comprising:

a processor of a network device configured to;

receive a bloom filter from an agent executed on an authentication server, wherein the bloom filter is generated by the agent based on a transformation of a plurality of user credentials extracted from the authentication server and/or intercepted at the authentication server, wherein one or more of the plurality of user credentials includes a username and a password;

store the bloom filter in a cache on the network device;

monitor network traffic at the network device to perform credentials enforcement using the bloom filter, wherein to monitor the network traffic comprises to monitor network communications between a client and an external site;

determine if the client sends a request that includes user credentials for authentication at the external site using the bloom filter; and

perform an action based on a security policy if a match is determined with one or more of the plurality of user credentials, wherein to perform the action comprises to perform the action in response to a determination that the client sent the request that includes the user credentials for authentication at the external site that match the one or more of the plurality of user credentials stored at the network device, wherein the action includes blocking the user from accessing the external site until a different user credential is created; and

a memory coupled to the processor and configured to provide the processor with instructions.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques for an efficient and secure store for credentials enforcement using a firewall are disclosed. In some embodiments, a system, process, and/or computer program product for an efficient and secure store for credentials enforcement using a firewall includes receiving a space-efficient and secure data structure, such as bloom filter, from an agent executed on an authentication server, in which the bloom filter is generated by the agent based on a transformation of a plurality of user credentials extracted from the authentication server and/or intercepted at the authentication server; storing the bloom filter on the network device (e.g., in a cache on the network device); and monitoring network traffic at the network device to perform credentials enforcement using the bloom filter.

Citations

19 Claims

1. A system for a credentials store for credentials enforcement using a firewall, comprising:
- a processor of a network device configured to;
  
  receive a bloom filter from an agent executed on an authentication server, wherein the bloom filter is generated by the agent based on a transformation of a plurality of user credentials extracted from the authentication server and/or intercepted at the authentication server, wherein one or more of the plurality of user credentials includes a username and a password;
  
  store the bloom filter in a cache on the network device;
  
  monitor network traffic at the network device to perform credentials enforcement using the bloom filter, wherein to monitor the network traffic comprises to monitor network communications between a client and an external site;
  
  determine if the client sends a request that includes user credentials for authentication at the external site using the bloom filter; and
  
  perform an action based on a security policy if a match is determined with one or more of the plurality of user credentials, wherein to perform the action comprises to perform the action in response to a determination that the client sent the request that includes the user credentials for authentication at the external site that match the one or more of the plurality of user credentials stored at the network device, wherein the action includes blocking the user from accessing the external site until a different user credential is created; and
  
  a memory coupled to the processor and configured to provide the processor with instructions.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The system recited in claim 1, wherein the network device includes a firewall that implements the security policy.
  - 3. The system recited in claim 1, wherein the agent executed on the authentication server collects the plurality of user credentials and transforms the plurality of user credentials into the bloom filter.
  - 4. The system recited in claim 1, wherein the agent executed on the authentication server collects the plurality of user credentials and transforms the plurality of user credentials into the bloom filter, and wherein the agent executed on the authentication server sends the bloom filter to the network device.
  - 5. The system recited in claim 1, wherein the bloom filter is stored in a low latency cache on the network device.
  - 6. The system recited in claim 1,wherein the action includes activating an additional authentication request based on a two-factor authentication when an attempt to access a protected resource is detected.
  - 7. The system recited in claim 1, wherein the processor is further configured to:
    - block the network communications if a violation of the security policy is determined, wherein the security policy includes a policy for credentials enforcement used in the external site authentication.
  - 8. The system recited in claim 1, wherein the processor is further configured to:
    - generate an alert if a violation of the security policy is determined, wherein the security policy includes a policy for credentials enforcement used in the external site authentication.
  - 9. The system recited in claim 1, wherein the processor is further configured to:
    - log the network communications if a violation of the security policy is determined, wherein the security policy includes a policy for credentials enforcement used in the external site authentication.
  - 10. The system recited in claim 1, wherein the processor is further configured to:
    - extract a username and/or password from user credentials submitted in the request to perform credentials enforcement using the bloom filter.
  - 11. The system recited in claim 1, wherein the processor is further configured to:
    - extract a username and/or password from user credentials submitted in the request; and
      
      determine if the extracted username and/or password from the user credentials matches one or more of the plurality of user credentials to perform credentials enforcement using the bloom filter.
  - 12. The system recited in claim 1, wherein the processor is further configured to:
    - extract a username and/or password from user credentials submitted in the request;
      
      determine if the extracted username and/or password from the user credentials matches one or more of the plurality of user credentials to perform credentials enforcement using the bloom filter; and
      
      if the username and/or password is determined to match one or more of the plurality of user credentials, then perform a responsive action.
  - 13. The system recited in claim 1, wherein the processor is further configured to:
    - extract a username and password from user credentials submitted in the request;
      
      determine if the extracted username and password from the user credentials match one or more of the plurality of user credentials to perform credentials enforcement using the bloom filter; and
      
      if the username and password are determined to match one or more of the plurality of user credentials, then verify whether the username and password match one or more of the plurality of user credentials by querying the authentication server using the username and password.

14. A method for a credentials store for credentials enforcement using a firewall, comprising:
- receiving a bloom filter from an agent executed on an authentication server, wherein the bloom filter is generated by the agent based on a transformation of a plurality of user credentials extracted from the authentication server and/or intercepted at the authentication server, wherein one or more of the plurality of user credentials includes a username and a password;
  
  storing the bloom filter in a cache on a network device;
  
  monitoring network traffic at the network device to perform credentials enforcement using the bloom filter, wherein the network traffic comprises monitoring network communications between a client and an external site;
  
  determining if the client sends a request that includes user credentials for authentication at the external site using the bloom filter; and
  
  performing an action based on a security policy if a match is determined with one or more of the plurality of user credentials, wherein the performing of the action comprises performing the action in response to a determination that the client sent the request that includes the user credentials for authentication at the external site that match the one or more of the plurality of user credentials stored at the network device, wherein the action includes blocking the user from accessing the external site until a different user credential is created.
- View Dependent Claims (15, 16, 17, 18)
- - 15. The method of claim 14, wherein the network device includes a firewall that implements the security policy.
  - 16. The method of claim 14, wherein the agent executed on the authentication server collects the plurality of user credentials and transforms the plurality of user credentials into the bloom filter.
  - 17. The method of claim 14, wherein the agent executed on the authentication server collects the plurality of user credentials and transforms the plurality of user credentials into the bloom filter, and wherein the agent executed on the authentication server sends the bloom filter to the network device.
  - 18. The method of claim 14, wherein the bloom filter is stored in a low latency cache on the network device.

19. A computer program product for a credentials store for credentials enforcement using a firewall, the computer program product being embodied in a tangible non-transitory computer readable storage medium and comprising computer instructions for:
- receiving a bloom filter from an agent executed on an authentication server, wherein the bloom filter is generated by the agent based on a transformation of a plurality of user credentials extracted from the authentication server and/or intercepted at the authentication server, wherein one or more of the plurality of user credentials includes a username and a password;
  
  storing the bloom filter in a cache on a network device;
  
  monitoring network traffic at the network device to perform credentials enforcement using the bloom filter, wherein the network traffic comprises monitoring network communications between a client and an external site;
  
  determining if the client sends a request that includes user credentials for authentication at the external site using the bloom filter, andperforming an action based on a security policy if a match is determined with one or more of the plurality of user credentials, wherein the performing of the action comprises performing the action in response to a determination that the client sent the request that includes the user credentials for authentication at the external site that match the one or more of the plurality of user credentials stored at the network device, wherein the action includes blocking the user from accessing the external site until a different user credential is created.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Palo Alto Networks Incorporated
Original Assignee
Palo Alto Networks Incorporated
Inventors
Ashley, Robert Earle, Lam, Ho Yu, Jin, Xuanyu, Deng, Suiqiang, Ettema, Taylor, Tesh, Robert
Primary Examiner(s)
Zee, Edward

Application Number

US16/030,594
Publication Number

US 20180332079A1
Time in Patent Office

316 Days
Field of Search
US Class Current
CPC Class Codes

G06F 16/951   Indexing; Web crawling tech...

G06F 16/9574   of access to content, e.g. ...

H04L 63/0227   Filtering policies mail mes...

H04L 63/083   using passwords cryptograph...

H04L 63/10   for controlling access to d...

H04L 63/14   for detecting or protecting...

H04L 63/1408   by monitoring network traff...

H04L 63/1433   Vulnerability analysis

H04L 63/20   for managing network securi...

Efficient and secure user credential store for credentials enforcement using a firewall

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Efficient and secure user credential store for credentials enforcement using a firewall

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links