Systems and methods for network user resolution

US 20050089048A1
Filed: 10/14/2004
Published: 04/28/2005
Est. Priority Date: 10/23/2003
Status: Active Grant

First Claim

Patent Images

2. The method of claim 1 further comprising resolving a user name from information contained in a network communication packet by extracting the network address and port number associated with the network packet.

View all claims

14 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and software that enable mapping of a particular network transaction with a specific computer and user in an organization. The network packet may be a live in-transit packet, or a packet that occurred at some time in the past. In a particular implementation, a database currently comprises a collection of records containing fields for username, computer name, IP address of the computer, and logon time. A name resolution is performed by taking an IP address and time as input, and determining from the records in the database what user'"'"'s computer owned the IP address at that time.

78 Citations

View as Search Results

23 Claims

2. The method of claim 1 further comprising resolving a user name from information contained in a network communication packet by extracting the network address and port number associated with the network packet.

10. A method for associating communication packets with a particular individual user on a multi-user device, the method comprising:
- maintaining a data structure that creates an association between each particular user and unique indicia of each particular user; and
  
  for each particular user, marking the communication packets with the unique indicia of the particular user.
- View Dependent Claims (11, 12)
- - 11. The method of claim 10 wherein the unique indicia comprises a port number that has been previously allocated to a particular user.
  - 12. The method of claim 10 wherein the act of maintaining a data structure comprises:
    - monitoring logon events and recording the time of a logon event in the data structure;
      
      monitoring a network address assigned to a machine and recording the time at which a network address is assigned to a machine in the data structure;
      
      monitoring a session ID associated with each particular user and recording the session ID in the data structure.

13. A user name resolution database comprising:
- a plurality of records, wherein each record corresponds to a particular user and each record comprises a logon time, network address and an indication of the set of port numbers allocated to that user.
- View Dependent Claims (14)
- - 14. The user name resolution database of claim 13 wherein the indication of the set of port numbers is a session ID associated with the user.

15. A network management device comprising:
- an interface for coupling to a network;
  
  a user name resolution data structure having a plurality of records, wherein each record comprises fields indicating logon time and network address for a particular user as well as an indication of the set of port numbers allocated to that user;
  
  a component for determining a particular user name from a given network address and port number obtained from a communication packet.
- View Dependent Claims (1, 3, 4, 5, 6, 7, 8, 9, 16, 17, 18, 19, 20, 21, 22)
- - 1. A method for performing user resolution using a network address that is shared by multiple users and a port number, the method comprising:
    - capturing a user name for each user when each user logs into a multi-user system;
      
      allocating a locally unique set of port numbers to each user;
      
      for each user, storing a user name resolution record comprising the user name, network address and an indication of the set of port numbers allocated to that user; and
      
      retrieving the user name from the user name resolution record using the network address and port number.
  - 3. The method of claim 1 wherein the user name resolution record further comprises time information indicating when the network session was initiated.
  - 4. The method of claim 1 wherein the user name is captured using security auditing information made available by a domain controller coupled to the network.
  - 5. The method of claim 1 wherein the range of port numbers assigned to each user is assigned by a transport layer process
  - 6. The method of claim 1 further comprising:
    - associating a session ID with each user;
      
      apportioning a range of available port numbers into a number of partitions, wherein the number of partitions is selected to provide a partition for each concurrent user of the multi-user system; and
      
      causing port number requests initiated by a processes within a particular users session to be assigned a port number from within a partition allocated to that particular user.
  - 7. The method of claim 1 further comprising retrieving the user name from the user name resolution record using the network address and time at which a particular network communication occurred.
  - 8. A network protocol interface implementing the method of claim 1.
  - 9. A network-coupled computing device implementing the method of claim 1.
  - 16. The network management device of claim 15 wherein the device is operable to identify a particular user associated with web (HTTP) traffic on the network.
  - 17. The network management device of claim 15 wherein the device is operable to identify a particular user associated with email (SMPT) traffic on the network.
  - 18. The network management device of claim 15 wherein the device is operable to identify a particular user associated with peer-to-peer (p2p) messaging traffic on the network.
  - 19. The network management device of claim 15 wherein the device is operable to identify a particular user associated with file transfer protocol (FTP) traffic on the network.
  - 20. The network management device of claim 15 wherein the device is operable to identify a particular user associated with instant messaging traffic on the network.
  - 21. The network management device of claim 15 wherein the device is operable to identify a particular user associated with online game traffic on the network.
  - 22. The network management device of claim 15 further comprising:
    - a blocking component operable to selectively block communication packets associated with a particular user.

22-1. The network management device of claim 15 further comprising:
- a bandwidth management component operable to enforce per-user bandwidth policy using the address and port number obtained from communication packets.

23. The network management device of claim 15 further comprising:
- a blocking component operable to selectively block communication packets associated with a first user and a particular network accessible resource while allowing communication packets from a second user and the particular network accessible resource.

23-2. A user identity resolution system comprising:
- a first component for mapping user identification to network address for single-user computers; and
  
  a second component for mapping user identification to a network address;
  
  port number combination for multi-user computers.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Sysxnet Ltd.
Original Assignee
Trustwave Holdings Incorporated (Singapore Telecommunications Limited)
Inventors
Madden, William, Chittenden, Bruce, Willis, Myk

Granted Patent

US 8,122,152 B2
Time in Patent Office

Days
Field of Search
US Class Current

370/395.540
CPC Class Codes

H04L 41/00   Arrangements for maintenanc...

H04L 41/0686   Additional information in t...

H04L 41/0893   Assignment of logical group...

H04L 41/0894   Policy-based network config...

H04L 41/0896   Bandwidth or capacity manag...

Systems and methods for network user resolution

First Claim

14 Assignments

0 Petitions

Accused Products

Abstract

78 Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for network user resolution

First Claim

14 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

78 Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links