Credentials enforcement using a firewall
First Claim
Patent Images
1. A system for credentials enforcement using a firewall, comprising:
- a processor of a network device configured to;
store a plurality of user credentials at the network device;
monitor network traffic at the network device to determine whether there is a match with one or more of the plurality of user credentials for external site authentication, wherein the determining of whether there is a match is based on a bloom filter, wherein the bloom filter is generated based at least in part on the plurality of user credentials, wherein the monitoring of the network traffic at the network device to determine whether there is a match with one or more of the plurality of user credentials for external site authentication comprises to;
determine whether a first hash of a first portion and a second portion of a first user credential of the plurality of user credentials included in the network traffic corresponds to a second hash of a third portion and a fourth portion of a second user credential of the bloom filter, the first portion and the second portion being non-overlapping and non-adjacent portions of the first user credential, the third portion and the fourth portion being non-overlapping and non-adjacent portions of the second user credential; and
in response to a determination that the first hash corresponds to the second hash, determine that there is a match; and
perform an action in response to a determination that the match is determined; and
a memory coupled to the processor and configured to provide the processor with instructions.
0 Assignments
0 Petitions
Accused Products
Abstract
Techniques for credentials enforcement using a firewall are disclosed. In some embodiments, a system, process, and/or computer program product for enforcement using a firewall includes storing a plurality of user credentials at a network device; monitoring network traffic at the network device to determine if there is a match with one or more of the plurality of user credentials; and performing an action if the match is determined.
-
Citations
20 Claims
-
1. A system for credentials enforcement using a firewall, comprising:
-
a processor of a network device configured to; store a plurality of user credentials at the network device; monitor network traffic at the network device to determine whether there is a match with one or more of the plurality of user credentials for external site authentication, wherein the determining of whether there is a match is based on a bloom filter, wherein the bloom filter is generated based at least in part on the plurality of user credentials, wherein the monitoring of the network traffic at the network device to determine whether there is a match with one or more of the plurality of user credentials for external site authentication comprises to; determine whether a first hash of a first portion and a second portion of a first user credential of the plurality of user credentials included in the network traffic corresponds to a second hash of a third portion and a fourth portion of a second user credential of the bloom filter, the first portion and the second portion being non-overlapping and non-adjacent portions of the first user credential, the third portion and the fourth portion being non-overlapping and non-adjacent portions of the second user credential; and in response to a determination that the first hash corresponds to the second hash, determine that there is a match; and perform an action in response to a determination that the match is determined; and a memory coupled to the processor and configured to provide the processor with instructions. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A method for credentials enforcement using a firewall, comprising:
-
storing a plurality of user credentials at a network device; monitoring network traffic at the network device to determine whether there is a match with one or more of the plurality of user credentials, wherein the determining of whether there is a match is based on a bloom filter, wherein the bloom filter is generated based at least in part on the plurality of user credentials, wherein the monitoring of the network traffic at the network device to determine whether there is a match with one or more of the plurality of user credentials for external site authentication comprises; determining whether a first hash of a first portion and a second portion of a first user credential of the plurality of user credentials included in the network traffic corresponds to a second hash of a third portion and a fourth portion of a second user credential of the bloom filter, the first portion and the second portion being non-overlapping and non-adjacent portions of the first user credential, the third portion and the fourth portion being non-overlapping and non-adjacent portions of the second user credential; and in response to a determination that the first hash corresponds to the second hash, determining that there is a match; and performing an action in response to a determination that the match is determined.
-
-
20. A computer program product for credentials enforcement using a firewall, the computer program product being embodied in a tangible non-transitory computer readable storage medium and comprising computer instructions for:
-
storing a plurality of user credentials at a network device; monitoring network traffic at the network device to determine whether there is a match with one or more of the plurality of user credentials, wherein the determining of whether there is a match is based on a bloom filter, wherein the bloom filter is generated based at least in part on the plurality of user credentials, wherein the monitoring of the network traffic at the network device to determine whether there is a match with one or more of the plurality of user credentials for external site authentication comprises; determining whether a first hash of a first portion and a second portion of a first user credential of the plurality of user credentials included in the network traffic corresponds to a second hash of a third portion and a fourth portion of a second user credential of the bloom filter, the first portion and the second portion being non-overlapping and non-adjacent portions of the first user credential, the third portion and the fourth portion being non-overlapping and non-adjacent portions of the second user credential; and in response to a determination that the first hash corresponds to the second hash, determining that there is a match; and performing an action in response to a determination that the match is determined.
-
Specification