User Mapping Mechanisms

US 20100064353A1
Filed: 09/09/2008
Published: 03/11/2010
Est. Priority Date: 09/09/2008
Status: Abandoned Application

First Claim

Patent Images

1. A method performed by a network appliance for identifying users associated with network traffic, the method comprising:

receiving a first type of network traffic;

determining a source network address of the first type of network traffic;

determining information associating a user with a source network address of a second type of network traffic; and

performing an action with the first type of network traffic based on the source network address of the first type of network traffic and the information associating the user with the source network address of the second type of network traffic.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In various embodiments, techniques can be provided for identifying a user or group of users who initiated network traffic. The user or group of users may be identified as an employee who can be found in corporate or organizational directory. In some embodiments, different authentication mechanisms may be used for various types of network traffic. For example, by proxying instant messaging (IM) communications, a proxy server can know which users are associated with what network traffic. In another example, transparent and non-transparent mechanisms may be provided to authenticate HTTP URL traffic. For other types of traffic, such as non-proxied IM, P2P, and spyware, an existing authentication cache or credential cache may be used to identify the user who generated the traffic.

55 Citations

View as Search Results

27 Claims

1. A method performed by a network appliance for identifying users associated with network traffic, the method comprising:
- receiving a first type of network traffic;
  
  determining a source network address of the first type of network traffic;
  
  determining information associating a user with a source network address of a second type of network traffic; and
  
  performing an action with the first type of network traffic based on the source network address of the first type of network traffic and the information associating the user with the source network address of the second type of network traffic.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1 wherein determining information associating a user with a second type of network traffic comprises determining a mapping between the user and the source network address of the second type of network traffic.
  - 3. The method of claim 1 wherein determining information associating a user with a second type of network traffic comprises obtaining information associating user credentials of the user with the source network address of the second type of network traffic
  - 4. The method of claim 1 wherein performing the action with the first type of network traffic comprises:
    - determining a match between the source network address of the first type of network traffic and the source address of the second type of network traffic.
  - 5. The method of claim 1 wherein performing the action with the first type of network traffic comprises logging the first type of network traffic as being associated with the user.
  - 6. The method of claim 1 wherein performing the action with the first type of network traffic comprises blocking the first type of network traffic.
  - 7. The method of claim 1 further comprising:
    - receiving the second type of network traffic;
      
      determining the source network address of the second type of network traffic;
      
      identifying the user as being associated with a network host having the source address of the second type of network traffic; and
      
      generating and storing the information associating the user with the source network address of the second type of network traffic.
  - 8. The method of claim 1 further comprising:
    - receiving the second type of network traffic comprising HTTP traffic;
      
      requesting user credentials from a browser that originated the HTTP traffic;
      
      generating a request to validate the user credentials;
      
      receiving a response validating the user credentials; and
      
      generating the information associating the user with the source network address of the second type of network traffic based on the response validating the user credentials.
  - 9. The method of claim 8 further comprising:
    - transparently receiving the user credentials from the browser using NTLM.
  - 10. The method of claim 8 wherein requesting user credentials from the browser comprises redirecting the browser to a web page that enables the user to enter a username and password.
  - 11. The method of claim 1 further comprising:
    - receiving the second type of network traffic comprising IM traffic indicative of a request from an IM client associated with the user to access an IM network;
      
      receiving an indication that the user is allowed to access the IM network; and
      
      generating the information associating the user with the source network address of the second type of network traffic based on the indication that the user is allowed to access the IM network.

12. A computer-readable storage medium configured to store program code of a network appliance for identifying users associated with network traffic, the computer-readable storage medium comprising:
- code for receiving a first type of network traffic;
  
  code for determining a source network address of the first type of network traffic;
  
  code for determining information associating a user with a source network address of a second type of network traffic; and
  
  code for performing an action with the first type of network traffic based on the source network address of the first type of network traffic and the information associating the user with the source network address of the second type of network traffic.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 13. The computer-readable storage medium of claim 12 wherein the code for determining information associating a user with a second type of network traffic comprises code for determining a mapping between the user and the source network address of the second type of network traffic.
  - 14. The computer-readable storage medium of claim 12 wherein the code for determining information associating a user with a second type of network traffic comprises code for obtaining information associating user credentials of the user with the source network address of the second type of network traffic
  - 15. The computer-readable storage medium of claim 12 wherein the code for performing the action with the first type of network traffic comprises:
    - code for determining a match between the source network address of the first type of network traffic and the source address of the second type of network traffic.
  - 16. The computer-readable storage medium of claim 12 wherein the code for performing the action with the first type of network traffic comprises code for logging the first type of network traffic as being associated with the user.
  - 17. The computer-readable storage medium of claim 12 wherein the code for performing the action with the first type of network traffic comprises code for blocking the first type of network traffic.
  - 18. The computer-readable storage medium of claim 12 further comprising:
    - code for receiving the second type of network traffic;
      
      code for determining the source network address of the second type of network traffic;
      
      code for identifying the user as being associated with a network host having the source address of the second type of network traffic; and
      
      code for generating and storing the information associating the user with the source network address of the second type of network traffic.
  - 19. The computer-readable storage medium of claim 12 further comprising:
    - code for receiving the second type of network traffic comprising HTTP traffic;
      
      code for requesting user credentials from a browser that originated the HTTP traffic;
      
      code for generating a request to validate the user credentials;
      
      code for receiving a response validating the user credentials; and
      
      code for generating the information associating the user with the source network address of the second type of network traffic based on the response validating the user credentials.
  - 20. The computer-readable storage medium of claim 19 further comprising:
    - code for transparently receiving the user credentials from the browser using NTLM.
  - 21. The computer-readable storage medium of claim 19 wherein the code for requesting user credentials from the browser comprises code for redirecting the browser to a web page that enables the user to enter a username and password.
  - 22. The computer-readable storage medium of claim 12 further comprising:
    - code for receiving the second type of network traffic comprising IM traffic indicative of a request from an IM client associated with the user to access an IM network;
      
      code for receiving an indication that the user is allowed to access the IM network; and
      
      code for generating the information associating the user with the source network address of the second type of network traffic based on the indication that the user is allowed to access the IM network.

23. A network appliance for identifying users associated with network traffic, the network appliance comprising:
- a communications interface configured to exchange data with a communications network; and
  
  a processor configured to;
  
  determine a source network address of a first type of network traffic;
  
  determine information associating a user with a source network address of a second type of network traffic; and
  
  perform an action with the first type of network traffic based on the source network address of the first type of network traffic and the information associating the user with the source network address of the second type of network traffic.
- View Dependent Claims (24, 25, 26, 27)
- - 24. The network appliance of claim 23 wherein the processor is further configured to:
    - receive the second type of network traffic comprising HTTP traffic;
      
      request user credentials from a browser that originated the HTTP traffic;
      
      generate a request to validate the user credentials;
      
      receive a response validating the user credentials; and
      
      generate the information associating the user with the source network address of the second type of network traffic based on the response validating the user credentials.
  - 25. The network appliance of claim 24 wherein the processor is further configured to:
    - transparently receive the user credentials from the browser using NTLM.
  - 26. The network appliance of claim 24 wherein the processor is further configured to:
    - redirecting the browser to a web page that enables the user to enter a username and password.
  - 27. The network appliance of claim 23 wherein the processor is further configured to:
    - receive the second type of network traffic comprising IM traffic indicative of a request from an IM client associated with the user to access an IM network;
      
      receive an indication that the user is allowed to access the IM network; and
      
      generate the information associating the user with the source network address of the second type of network traffic based on the indication that the user is allowed to access the IM network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Facetime Communications Incorporated
Original Assignee
Facetime Communications Incorporated
Inventors
Kim, Jae, Kan, Dan, Vallachira, Vivek

Application Number

US12/206,929
Publication Number

US 20100064353A1
Time in Patent Office

Days
Field of Search
US Class Current

726/5
CPC Class Codes

H04L 63/1408 by monitoring network traff...

H04L 63/20 for managing network securi...

User Mapping Mechanisms

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

55 Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

User Mapping Mechanisms

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

55 Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links