Detecting impossible travel in the on-premise settings
First Claim
1. A computer system comprising:
- one or more processors; and
one or more computer-readable media having stored thereon instructions that are executable by the one or more processors to configure the computer system to determine impossible travel for users connecting to on-premises sites of a multi-site distributed network, including instructions that are executable to configure the computer system to perform at least the following;
identify an estimated location of a given on-premises site associated with the multi-site distributed network, wherein the multi-site distributed network comprises a plurality of on-premises networks that share networking resources including a corpus of IP addresses each of which can be assigned to a user device connected to the distributed network without regard to which on-premises network the user device is connected, and wherein identifying the estimated location of the given on-premises site comprises inferring the geolocation of the given on-premises site by aggregating geolocation based on network address information of remote devices that are each logging into the given on-premises site using an external IP address, and wherein local devices that use an internal IP address from the given on-premises site but which are otherwise not locatable via geolocation are then assigned a geolocation equal to the given on-premises site'"'"'s estimated geolocation;
identify information related to a first on-premises connection event at the given on-premises site, wherein the identified information comprises the estimated location, time information, and a first user identification for an entity;
identify information related to a second different on-premises connection event, where the information related to the second different on-premises connection event comprises location information, time information and a second user identification for the entity;
compare the information related to the first on-premises connection event and the information related to the second different on-premises connection event, wherein the information related to at least one of the first and second on-premises connection events is based on the inferred location of the given on premises site, and based on the comparison detecting impossible travel for the entity irrespective of whether the impossible travel is based on i) travel from the given on-premises site to a remote location outside of the multi-site distributed network, ii) travel from the given on-premises site to another on-premises site of the multi-site distribution network, or iii) travel from a remote location outside of the multi-site distributed network to the given on-premises site; and
provide an alert indicating an impossible travel condition.
1 Assignment
0 Petitions
Accused Products
Abstract
Determining impossible travel for a specific user entity associated with an on-premises site. A method includes identifying an estimated location of an on-premises site associated with an organization network. Identifying the estimated location of an on-premises site comprises aggregating connection information of remote devices, remote from the on-premises site connecting to the on-premises site. Information related to an on-premises connection event is identified including the estimated location, time information, and a first user identification for an entity. Information is identified related to a different connection event. The information comprises location information, time information and a second user identification for the entity. The information related to the on-premises connection event and the information related to the different connection event are used to detect impossible travel for the entity. An alert indicating an impossible travel condition is provided.
11 Citations
20 Claims
-
1. A computer system comprising:
-
one or more processors; and one or more computer-readable media having stored thereon instructions that are executable by the one or more processors to configure the computer system to determine impossible travel for users connecting to on-premises sites of a multi-site distributed network, including instructions that are executable to configure the computer system to perform at least the following; identify an estimated location of a given on-premises site associated with the multi-site distributed network, wherein the multi-site distributed network comprises a plurality of on-premises networks that share networking resources including a corpus of IP addresses each of which can be assigned to a user device connected to the distributed network without regard to which on-premises network the user device is connected, and wherein identifying the estimated location of the given on-premises site comprises inferring the geolocation of the given on-premises site by aggregating geolocation based on network address information of remote devices that are each logging into the given on-premises site using an external IP address, and wherein local devices that use an internal IP address from the given on-premises site but which are otherwise not locatable via geolocation are then assigned a geolocation equal to the given on-premises site'"'"'s estimated geolocation; identify information related to a first on-premises connection event at the given on-premises site, wherein the identified information comprises the estimated location, time information, and a first user identification for an entity; identify information related to a second different on-premises connection event, where the information related to the second different on-premises connection event comprises location information, time information and a second user identification for the entity; compare the information related to the first on-premises connection event and the information related to the second different on-premises connection event, wherein the information related to at least one of the first and second on-premises connection events is based on the inferred location of the given on premises site, and based on the comparison detecting impossible travel for the entity irrespective of whether the impossible travel is based on i) travel from the given on-premises site to a remote location outside of the multi-site distributed network, ii) travel from the given on-premises site to another on-premises site of the multi-site distribution network, or iii) travel from a remote location outside of the multi-site distributed network to the given on-premises site; and provide an alert indicating an impossible travel condition. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A computer implemented method of determining impossible travel for users connecting to on-premises sites of a multi-site distributed network, the method comprising:
-
identifying an estimated location of a given on-premises site associated with the multi-site distributed network, wherein the multi-site distributed network comprises a plurality of on-premises networks that share networking resources including a corpus of IP addresses each of which can be assigned to a user device connected to the distributed network without regard to which on-premises network the user device is connected, and wherein identifying the estimated location of the given on-premises site comprises inferring the geolocation of the given on-premises site by aggregating geolocation based on network address information of remote devices that are each logging into the given on-premises site using an external IP address, and wherein local devices that use an internal IP address from the given on-premises site but which are otherwise not locatable via geolocation are then assigned a geolocation equal to the given on-premises site'"'"'s estimated geolocation; identifying information related to a first on-premises connection event at the given on-premises site, wherein the identified information comprises the estimated location, time information, and a first user identification for an entity; identifying information related to a second different on-premises connection event, where the information related to the second different on-premises connection event comprises location information, time information and a second user identification for the entity; comparing the information related to the first on-premises connection event and the information related to the second different on-premises connection event, wherein the information related to at least one of the first and second on-premises connection events is based on the inferred location of the given on premises site, and based on the comparison detecting impossible travel for the entity irrespective of whether the impossible travel is based on i) travel from the given on-premises site to a remote location outside of the multi-site distributed network, ii) travel from the given on-premises site to another on-premises site of the multi-site distribution network, or iii) travel from a remote location outside of the multi-site distributed network to the given on-premises site; and providing an alert indicating an impossible travel condition. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A computer system for determining impossible travel for users connecting to on-premises sites of a multi-site distributed network, the system comprising one or more processors executing instructions that configure the computer system with an architecture comprising:
-
a gateway that accepts communications from both remote and local devices connecting to a given on-premises site associated with the multi-site distributed network, wherein the multi-site distributed network comprises a plurality of on-premises networks that share networking resources including a corpus of IP addresses each of which can be assigned to a user device connected to the distributed network without regard to which on-premises network the user device is connected; a monitor coupled to the gateway, wherein the monitor performs at least the following; identifies an estimated location of the given on-premises site by inferring the geolocation of the given on-premises site by aggregating geolocation based on network address information of remote devices that are each logging into the given on-premises site using an external IP address, and wherein local devices that use an internal IP address from the given on-premises site but which are otherwise not locatable via geolocation are then assigned a geolocation equal to the given on-premises site'"'"'s estimated geolocation; identify information related to a first on-premises connection event at the given on-premises site, wherein the identified information comprises the estimated location, time information, and a first user identification for an entity; identify information related to a second different connection event, where the information related to the second different connection event comprises location information, time information and a second user identification for the entity; and compare the information related to the first on-premises connection event and the information related to the second different on-premises connection event, wherein the information related to at least one of the first and second on-premises connection events is based on the inferred location of the given on premises site, and based on the comparison detecting impossible travel for the entity irrespective of whether the impossible travel is based on i) travel from the given on-premises site to a remote location outside of the multi-site distributed network, ii) travel from the given on-premises site to another on-premises site of the multi-site distribution network, or iii) travel from a remote location outside of the multi-site distributed network to the given on-premises site; and provide an alert indicating an impossible travel condition. - View Dependent Claims (18, 19, 20)
-
Specification