Methods, systems and computer program products for monitoring user login activity for a server application
First Claim
1. A method for monitoring user login activity for a server application, the method comprising:
- (a) receiving communication data between a server application and a client;
(b) monitoring user login failures between the server application and the client during an established session; and
(c) detecting when the number of user login failures exceeds a predetermined number.
3 Assignments
0 Petitions
Accused Products
Abstract
Methods, systems and computer program products are disclosed for monitoring user login activity for a server application in a computer network. The methods, systems, and computer program products can monitor communication data between a server application and a client. The methods, systems, and computer program products can also include applying one or more detectors to the communication data to identify a variety of predetermined activity. Further, the methods, systems, and computer program products can include generating a threat score associated with the predetermined activity by comparing the identified predetermined activity with a security threshold criteria.
-
Citations
134 Claims
-
1. A method for monitoring user login activity for a server application, the method comprising:
-
(a) receiving communication data between a server application and a client;
(b) monitoring user login failures between the server application and the client during an established session; and
(c) detecting when the number of user login failures exceeds a predetermined number. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A system for monitoring user login activity for a server application, the system comprising:
-
(a) a network interface operable to receive communication data between a server application and a client; and
(b) a detector operable to monitor user login failures between the server application and the client during an established session, and operable to detect when the number of user login failures exceeds a predetermined number. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A computer program product comprising computer-executable instructions embodied in a computer-readable medium for performing steps comprising:
-
(a) receiving communication data between a server application and a client;
(d) monitoring user login failures between the server application and the client during an established session; and
(e) detecting when the number of user login failures exceeds a predetermined number. - View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28, 29)
-
-
30. A method for monitoring user login activity for a server application, the method comprising:
-
(a) receiving communication data between a server application and a client;
(b) monitoring user login failures between the server application and the client during a predetermined time; and
(c) detecting when the number of user login failures exceeds a predetermined number. - View Dependent Claims (31, 32, 33, 34, 35, 36)
-
-
37. A system for monitoring user login activity for a server application, the method comprising:
-
(a) a network interface operable to receive communication data between a server application and a client;
(b) a detector operable to monitor user login failures between the server application and the client during a predetermined time, and operable to detect when the number of user login failures exceeds a predetermined number. - View Dependent Claims (38, 39, 40, 41, 42, 43)
-
-
44. A computer program product comprising computer-executable instructions embodied in a computer-readable medium for performing steps comprising:
-
(a) receiving communication data between a server application and a client;
(b) monitoring user login failures between the server application and the client during a predetermined time; and
(c) detecting when the number of user login failures exceeds a predetermined number. - View Dependent Claims (45, 46, 47, 48, 49, 50)
-
-
51. A method for monitoring user login activity for a server application, the method comprising:
-
(a) receiving communication data between a server application and an first authenticated user;
(b) monitoring a login session between the server application and the first authenticated user during a time interval; and
(c) detecting whether the first authenticated user logs into the server application as a second authenticated user during the time interval. - View Dependent Claims (52, 53, 54, 55, 56, 57)
-
-
58. A system for monitoring user login activity for a server application, the method comprising:
-
(a) a network interface operable to receive communication data between a server application and an first authenticated user; and
(b) a detector operable to monitor a login session between the server application and the first authenticated user during a time interval, and operable to detect whether the first authenticated user logs into the server application as a second authenticated user during the time interval. - View Dependent Claims (59, 60, 61, 62, 63, 64)
-
-
65. A computer program product comprising computer-executable instructions embodied in a computer-readable medium for performing steps comprising:
-
(a) receiving communication data between a server application and a client;
(b) monitoring user login failures between the server application and the client during a predetermined time; and
(c) detecting when the number of user login failures exceeds a predetermined number. - View Dependent Claims (66, 67, 68, 69, 70, 71)
-
-
72. A method for monitoring user logoff activity for a server application, the method comprising:
-
(a) receiving communication data of a login session between a server application and a client;
(b) monitoring user logoff between the server application and the client;
(c) monitoring automatic session expiration between the server application and the client; and
(d) determining whether the client completes logoff before the session automatically expires. - View Dependent Claims (73, 74, 75, 76, 77, 78)
-
-
79. A system for monitoring user logoff activity for a server application, the method comprising:
-
(a) a network interface operable to receive communication data of a login session between a server application and a client;
(b) a detector operable to monitor user logoff between the server application and the client, operable to monitor automatic session expiration between the server application and the client, and operable to determine whether the client completes logoff before the session automatically expires. - View Dependent Claims (80, 81, 82, 83, 84, 85)
-
-
86. A computer program product comprising computer-executable instructions embodied in a computer-readable medium for performing steps comprising:
-
(a) receiving communication data of a login session between a server application and a client;
(b) monitoring user logoff between the server application and the client;
(c) monitoring automatic session expiration between the server application and the client; and
(d) determining whether the client completes logoff before the session automatically expires. - View Dependent Claims (87, 88, 89, 90, 91, 92)
-
-
93. A method for monitoring simultaneous logins for a server application, the method comprising:
-
(a) monitoring a first user login session for a first user of a server application;
(b) monitoring a second user login session for a second user of the server application; and
(c) determining whether the second user login session occurs during the first user login session when the user of the first and second login session are identical. - View Dependent Claims (94, 95, 96, 97, 98)
-
-
99. A system for monitoring simultaneous logins for a server application, the method comprising:
-
(a) a network interface operable to monitor communication data between a server application and a client; and
(b) a detector operable to monitor a first user login session for a first user of the server application, operable to monitor a second user login session for a second user of the server application, and operable to determine whether the second user login session occurs during the first user login session when the user of the first and second login session are identical. - View Dependent Claims (100, 101, 102, 103, 104)
-
-
105. A computer program product comprising computer-executable instructions embodied in a computer-readable medium for performing steps comprising:
-
(a) monitoring a first user login session for a first user of a server application;
(b) monitoring a second user login session for a second user of the server application; and
(c) determining whether the second user login session occurs during the first user login session when the user of the first and second login session are identical. - View Dependent Claims (106, 107, 108, 109, 110)
-
-
111. A method of monitoring logins for a server application, the method comprising:
-
(a) designating a first login time for a client as a disallowed login time;
(b) determining a second login time for the client in communication data with a server application;
(c) determining whether the second login time matches the first login time; and
(d) if the first and second login times match, indicating that the client in data communication with the server application is logging in at a disallowed login time. - View Dependent Claims (112, 113, 114, 115, 116, 117, 118)
-
-
119. A system for monitoring logins for a server application, the method comprising:
-
(a) a network interface operable to monitor communication data between a server application and a client; and
(b) a detector operable to designate a first login time for a client as a disallowed login time, operable to determine a second login time for the client in communication data with a server application, operable to determine whether the second login time matches the first login time, and operable to indicating that the client in data communication with the server application is logging in at a disallowed login time, if the first and second login times match. - View Dependent Claims (120, 121, 122, 123, 124, 125, 126)
-
-
127. A computer program product comprising computer-executable instructions embodied in a computer-readable medium for performing steps comprising:
-
(a) designating a first login time for a client as a disallowed login time;
(b) determining a second login time for the client in data communication with a server application;
(c) determining whether the second login time matches the first login time; and
(d) if the first and second login times match, indicating that the client in data communication with the server application is logging in at a disallowed login time. - View Dependent Claims (128, 129, 130, 131, 132, 133, 134)
-
Specification