Methods, systems and computer program products for monitoring user access for a server application

US 20050188080A1
Filed: 02/24/2004
Published: 08/25/2005
Est. Priority Date: 02/24/2004
Status: Abandoned Application

First Claim

Patent Images

1. A method of flagging a client of a server application for a computer network, the method comprising:

(a) identifying a client;

(b) determining whether the client is in data communication with a server application over a computer network; and

(c) subsequent to step (b), flagging the client.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, systems and computer program products are disclosed for monitoring user access for a server application in a computer network. The methods, systems, and computer program products can monitor communication data between a server application and a client. The methods, systems, and computer program products can also include applying one or more detectors to the communication data to identify a variety of predetermined activity. Further, the methods, systems, and computer program products can include generating a threat score associated with the predetermined activity by comparing the identified predetermined activity with a security threshold criteria.

183 Citations

55 Claims

1. A method of flagging a client of a server application for a computer network, the method comprising:
- (a) identifying a client;
  
  (b) determining whether the client is in data communication with a server application over a computer network; and
  
  (c) subsequent to step (b), flagging the client.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, comprising selectively generating an alert that the client has been flagged.
  - 3. The method of claim 1, wherein steps (a)-(c) are performed transparent to the communication of data between the client and the client.
  - 4. The method of claim 1, wherein the communication data is communication over a network selected from the group consisting of a global communication network, a wide area network, a local area network, and a wireless network.
  - 5. The method of claim 1, wherein the communication data comprises an application protocol selected from the group consisting of hypertext transfer protocols, simple object access protocols, web distributed authoring and versioning protocols, simple mail transfer protocols, wireless application protocols, file transfer protocols, Internet message access protocols, post office protocols, web services protocols, simple mail transfer protocols, structured hypertext transfer protocols, and web-mail protocols.
  - 6. The method of claim 1, wherein the communication data can comprise HTTP requests from the client and HTTP responses from the server application.
  - 7. The method of claim 1, wherein the server application is implemented by a web server.
  - 8. The method of claim 1, wherein the communication data comprises only transmission control protocol packets.
  - 9. The method of claim 1, wherein step (a) comprises determining whether the client attempts to login to the server application.
  - 10. The method of claim 9, wherein if the client attempts to login to the server application, determining whether the login attempt succeeds.

11. A computer program product comprising computer-executable instructions embodied in a computer-readable medium for performing steps comprising:
- (a) identifying a client;
  
  (b) determining whether the client is in data communication with a server application over a computer network; and
  
  (c) subsequent to step (b), flagging the client.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The computer program product of claim 11, comprising selectively generating an alert that the client has been flagged.
  - 13. The computer program product of claim 11, wherein steps (a)-(c) are performed transparent to the communication of data between the client and the client.
  - 14. The computer program product of claim 11, wherein the communication data is communicated over a network selected from the group consisting of a global communication network, a wide area network, a local area network, and a wireless network.
  - 15. The computer program product of claim 11, wherein the communication data comprises an application protocol selected from the group consisting of hypertext transfer protocols, simple object access protocols, web distributed authoring and versioning protocols, simple mail transfer protocols, wireless application protocols, file transfer protocols, Internet message access protocols, post office protocols, web services protocols, simple mail transfer protocols, structured hypertext transfer protocols, and web-mail protocols.
  - 16. The computer program product of claim 11, wherein the communication data can comprise HTTP requests from the client and HTTP responses from the server application.
  - 17. The computer program product of claim 11, wherein the server application is implemented by a web server.
  - 18. The computer program product of claim 11, wherein the communication data comprises only transmission control protocol packets.
  - 19. The computer program product of claim 11, wherein step (a) comprises determining whether the client attempts to login to the server application.
  - 20. The computer program product of claim 19, if the client attempts to login to the server application, determining whether the login attempt succeeds.

21. A system for flagging a client of a server application for a computer network, the system comprising:
- (a) a network interface operable to monitor communication data between a server application and a client; and
  
  (b) a detector operable to determine whether the client is in data communication occurs between a client and a server application over a computer network, and operable to flag the client.
- View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29)
- - 22. The system of claim 21, wherein the detector is operable to selectively generate an alert that the client has been flagged.
  - 23. The system of claim 21, wherein the communication data is communicated over a network selected from the group consisting of a global communication network, a wide area network, a local area network, and a wireless network.
  - 24. The system of claim 21, wherein the communication data comprises an application protocol selected from the group consisting of hypertext transfer protocols, simple object access protocols, web distributed authoring and versioning protocols, simple mail transfer protocols, wireless application protocols, file transfer protocols, Internet message access protocols, post office protocols, web services protocols, simple mail transfer protocols, structured hypertext transfer protocols, and web-mail protocols.
  - 25. The system of claim 21, wherein the communication data can comprise HTTP requests from the client and HTTP responses from the server application.
  - 26. The system of claim 21, wherein the server application is implemented by a web server.
  - 27. The system of claim 21, wherein the communication data comprises only transmission control protocol packets.
  - 28. The system of claim 21, wherein the detector is operable to determine whether the client attempts to login to the server application.
  - 29. The system of claim 28, wherein the detector is operable to determine whether the login attempt succeeds, if the client attempts to login to the server application.

30. A method of detecting an unauthorized use of a server application, the method comprising:
- (a) designating a first address for a client as a disallowed address;
  
  (b) determining a second address for a client in data communication with a server application;
  
  (c) determining whether the second address matches the first address; and
  
  (d) if the first and second addresses match, indicating that the second address is in data communication with the server application as a disallowed address.
- View Dependent Claims (31, 32, 33, 34, 35, 36, 37, 38)
- - 31. The method of claim 30, if the address for the client is disallowed, generating an alert.
  - 32. The method of claim 30, wherein steps (a)-(d) are performed transparent to the communication of data between the server application and the client.
  - 33. The method of claim 30, wherein the communication data is communicated over a network selected from the group consisting of a global communication network, a wide area network, a local area network, and a wireless network.
  - 34. The method of claim 30, wherein the communication data comprises an application protocol selected from the group consisting of hypertext transfer protocols, simple object access protocols, web distributed authoring and versioning protocols, simple mail transfer protocols, wireless application protocols, file transfer protocols, Internet message access protocols, post office protocols, web services protocols, simple mail transfer protocols, structured hypertext transfer protocols, and web-mail protocols.
  - 35. The method of claim 30, wherein the communication data can comprise HTTP requests from the client and HTTP responses from the server application.
  - 36. The method of claim 30, wherein the server application is implemented by a web server.
  - 37. The method of claim 30, wherein the client is implemented by a web-enabled device including a unique Internet protocol (IP) address.
  - 38. The method of claim 30, wherein the communication data comprises only transmission control protocol packets.

39. A system for detecting an unauthorized use of a server application, the system comprising:
- (a) a network interface operable to monitor communication data between a server application and a client; and
  
  (b) a detector operable to designate a first address for a client as a disallowed address, operable to determine a second address for a client in data communication with a server application, operable to determine whether the second address matches the first address, and operable to indicate indicating that the second address is in data communication with the server application as a disallowed address, if the first and second addresses match.
- View Dependent Claims (40, 41, 42, 43, 44, 45, 46)
- - 40. The system of claim 39, comprising a user interface for generating an alert if the address for the client is disallowed.
  - 41. The method of claim 39, wherein the communication data is communicated over a network selected from the group consisting of a global communication network, a wide area network, a local area network, and a wireless network.
  - 42. The method of claim 39, wherein the communication data comprises an application protocol selected from the group consisting of hypertext transfer protocols, simple object access protocols, web distributed authoring and versioning protocols, simple mail transfer protocols, wireless application protocols, file transfer protocols, Internet message access protocols, post office protocols, web services protocols, simple mail transfer protocols, structured hypertext transfer protocols, and web-mail protocols.
  - 43. The method of claim 39, wherein the communication data can comprise HTTP requests from the client and HTTP responses from the server application.
  - 44. The method of claim 39, wherein the server application is implemented by a web server.
  - 45. The method of claim 39, wherein the client is implemented by a web-enabled device including a unique Internet protocol (IP) address.
  - 46. The method of claim 39, wherein the communication data comprises only transmission control protocol packets.

47. A computer program product comprising computer-executable instructions embodied in a computer-readable medium for performing steps comprising:
- (a) designating a first address for a client as a disallowed address;
  
  (b) determining a second address for a client in data communication with a server application;
  
  (c) determining whether the second address matches the first address; and
  
  (d) if the first and second addresses match, indicating that the second address is in data communication with the server application as a disallowed address.
- View Dependent Claims (48, 49, 50, 51, 52, 53, 54)
- - 48. The computer program product of claim 47, if the address for the client is disallowed, generating an alert.
  - 49. The computer program product of claim 47, wherein steps (a)-(d) are performed transparent to the communication of data between the server application and the client.
  - 50. The computer program product of claim 47, wherein the communication data is communicated over a network selected from the group consisting of a global communication network, a wide area network, a local area network, and a wireless network.
  - 51. The computer program product of claim 47, wherein the communication data comprises an application protocol selected from the group consisting of hypertext transfer protocols, simple object access protocols, web distributed authoring and versioning protocols, simple mail transfer protocols, wireless application protocols, file transfer protocols, Internet message access protocols, post office protocols, web services protocols, simple mail transfer protocols, structured hypertext transfer protocols, and web-mail protocols.
  - 52. The computer program product of claim 47, wherein the communication data can comprise HTTP requests from the client and HTTP responses from the server application.
  - 53. The computer program product of claim 47, wherein the server application is implemented by a web server.
  - 54. The computer program product of claim 47, wherein the client is implemented by a web-enabled device including a unique Internet protocol (IP) address.

55. The computer program product of claim 56, wherein the communication data comprises only transmission control protocol packets.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Covelight Systems, Inc. (Radware Limited)
Original Assignee
Covelight Systems, Inc. (Radware Limited)
Inventors
Hargett, Byron Lee, Somerville, Garth Douglas, Hester, Douglas Wayne, Logan, David Byron, Motsinger, David Lee, Wall, Virgil Montgomery Jr., Gramley, Kenneth Robert, Choy, Albert Ming

Application Number

US10/785,843
Publication Number

US 20050188080A1
Time in Patent Office

Days
Field of Search
US Class Current

709/224
CPC Class Codes

G06F 2221/2101   Auditing as a secondary aspect

H04L 63/1408   by monitoring network traff...

H04L 67/02   based on web technology, e....

H04L 67/535   Tracking the activity of th...

H04L 69/329   in the application layer [O...

Methods, systems and computer program products for monitoring user access for a server application

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

183 Citations

55 Claims

Specification

Solutions

Use Cases

Quick Links

Methods, systems and computer program products for monitoring user access for a server application

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

183 Citations

55 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links