Verifying user authentication
First Claim
1. A system for verifying the authentication of a real user attempting to log onto a networked environment by using a computing device, the real user entering a user name as part of said attempt to log on, wherein the networked environment includes a directory service that maintains objects representing network entities, said network entities including the computing device and the real user, the system comprising:
- a monitor for extracting user information from an authentication exchange packet transmitted on the networked environment, said selected information including a user name;
a collector for determining whether said user name matches a user name attribute of an object maintained by the directory service; and
means for indicating that the authentication of the real user has been verified if said user name matches said user name attribute.
7 Assignments
0 Petitions
Accused Products
Abstract
A solution for transparently verifying the authentication of a real user includes a monitor that receives network packets and a collector. The monitor identifies an authentication exchange packet from network traffic, extracts information from the packet and sends it to the collector, which obtains objects from a directory service and determines if the information includes a user name equivalent to a name attribute in an object. If so, authentication is deemed verified. For additional verification, the monitor extracts from the packet a destination address if it is an response packet, or a source address if it is a request packet. Monitor sends the extracted address to the collector, which uses the extracted address to obtain a hostname and determines whether a user account associated with the name attribute is active on a computing device having the hostname. If so, the authentication of the real user is deemed further verified.
-
Citations
48 Claims
-
1. A system for verifying the authentication of a real user attempting to log onto a networked environment by using a computing device, the real user entering a user name as part of said attempt to log on, wherein the networked environment includes a directory service that maintains objects representing network entities, said network entities including the computing device and the real user, the system comprising:
-
a monitor for extracting user information from an authentication exchange packet transmitted on the networked environment, said selected information including a user name;
a collector for determining whether said user name matches a user name attribute of an object maintained by the directory service; and
means for indicating that the authentication of the real user has been verified if said user name matches said user name attribute. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A computer program embodied on at least one computer-readable medium for executing a method for verifying the authentication of a real user attempting to log onto a networked environment by using a computing device, the real user entering a user name as part of said attempt to log on, the method comprising:
-
extracting selected information from an authentication exchange packet transmitted on the networked environment, said selected information including a user name;
determining whether said user name from said selected information matches a name attribute maintained by a directory service;
initiating a routine if said user name matches said user name attribute; and
wherein the networked environment includes said directory service, said directory service for storing and maintaining objects and attributes that represent network entities on the networked environment, said network entities including the computing device and real users. - View Dependent Claims (9, 10, 11, 12, 13)
-
-
14. A system for verifying the authentication of a real user seeking to log onto a networked environment, wherein the networked environment includes at least one computing device, a directory service, an authentication service and a name service, and wherein the directory service maintains user objects, the system comprising:
-
a monitor that receives network packets traversing through the networked environment;
a collector having a connection to said monitor and the networked environment;
wherein said monitor includes program code that identifies an authentication exchange packet from said network packets and if found, extracts user information from said authentication exchange packet, and sends the users information to said collector; and
wherein said collector includes program code that obtains at least one user object from the directory service and that determines whether the user information includes a user name that is equivalent to a name attribute from at least one user object, and that performs a predetermined routine if said name attribute is found equivalent to said user name. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
-
-
25. A system for verifying the authentication of a real user having a user account defined on a networked environment, wherein the networked environment includes at least one computing device, a directory service, an authentication service and a name service, and wherein the directory service maintains user objects, the system comprising:
-
a monitor that receives network packets traversing through the networked environment;
a collector having a connection to said monitor and the networked environment;
wherein said monitor includes program code that identifies an authentication exchange request packet from said network packets and if found, extracts user information from said authentication exchange request packet, and sends said user information to said collector; and
wherein said collector includes program code that obtains at least one user object from the directory service and that determines whether said user information includes a user name that is equivalent to a name attribute from at least one user object, and that performs a predetermined routine if said name attribute is found equivalent to said user name. - View Dependent Claims (26, 27, 28, 29, 30, 31, 32, 33)
-
-
34. A system for verifying the authentication of a real user seeking to log onto a networked environment, wherein the networked environment includes at least one computing device, a directory service, an authentication service and a name service, and wherein the directory service maintains user objects, the system comprising:
-
a monitor that receives network packets traversing through the networked environment;
a collector having a connection to said monitor and the networked environment;
wherein said monitor includes management software that identifies an authentication exchange response packet from said network packets and if found, extracts user information and a destination network address from said authentication exchange response packet and sends the user information and said destination network address to said collector;
wherein said collector includes control software that obtains at least one user object from the directory service, determines whether said user information includes a user name that is equivalent to a name attribute from one of said at least one user object, and determines whether a user account associated with said user name is currently active on a computing device on the networked environment; and
wherein said control software indicates the successful verification of the authentication of the real user if said name attribute is found equivalent to said user name and said user account is found active on said computing device. - View Dependent Claims (35, 36, 37, 38, 39, 40)
-
-
41. A system for verifying the authentication of a user on a networked environment, wherein the networked environment provides directory, authentication and name services to devices connected thereto, the system comprising:
-
a monitor that receives and inspects network packets transmitted on the networked environment, said monitor identifying at least one authentication exchange response packet from said network packets, said authentication exchange response packet containing at least a principal name; and
a collector that uses information managed by the directory service to verify said user principal name. - View Dependent Claims (42, 43, 44, 45, 46, 47, 48)
-
Specification