Defining and detecting network application business activities
First Claim
1. A method for detecting activities involving use of a software application, the method comprising the computer-implemented steps of:
- establishing a set of rules associating business signatures with business activities, in which each rule comprises an association of one of the business signatures with one of the business activities;
wherein said business activities are each an activity that involves one or more interactions between the application and application users;
wherein the set of rules comprises a rule associating an activity with a signature;
monitoring information that is generated based on at least one user'"'"'s use of the application;
comparing the information against at least a portion of at least some of the business signatures to determine which of the business activities have been initiated;
based on the comparing, determining that the activity has been initiated;
wherein determining that the activity has been initiated comprises identifying, in said information, a first signature that matches said signature;
wherein identifying the first signature comprises determining that a first set of one or more name-value pairs in a first stream of characters in said information matches the signature;
wherein the signature is a template for the first signature, said template comprising at least one non-literal parameter value capable of matching multiple different values; and
in response to determining that the activity has been initiated, triggering execution of an action or policy associated with the activity;
wherein the method is performed by one or more processors of a computer system.
8 Assignments
0 Petitions
Accused Products
Abstract
Network applications are monitored by defining and detecting activities associated with the applications. Such activities are referred to as “business activities” in the sense that the activities are performed in the process of conducting business using applications. Each business activity of interest is associated with a unique “business signature” which can be used to identify the activity from streams or collections of information. In one embodiment, each business signature of interest to a business is defined as a set of one or more parameter name-value pairs. Once defined, network traffic to and from an application is monitored to detect business signatures, to detect that a corresponding business activity was started. Detecting an activity is based on real-time matching of business signature character patterns within a stream of characters with a repository of character patterns that each represents a business signature defined for the application.
48 Citations
54 Claims
-
1. A method for detecting activities involving use of a software application, the method comprising the computer-implemented steps of:
-
establishing a set of rules associating business signatures with business activities, in which each rule comprises an association of one of the business signatures with one of the business activities; wherein said business activities are each an activity that involves one or more interactions between the application and application users; wherein the set of rules comprises a rule associating an activity with a signature; monitoring information that is generated based on at least one user'"'"'s use of the application; comparing the information against at least a portion of at least some of the business signatures to determine which of the business activities have been initiated; based on the comparing, determining that the activity has been initiated; wherein determining that the activity has been initiated comprises identifying, in said information, a first signature that matches said signature; wherein identifying the first signature comprises determining that a first set of one or more name-value pairs in a first stream of characters in said information matches the signature; wherein the signature is a template for the first signature, said template comprising at least one non-literal parameter value capable of matching multiple different values; and in response to determining that the activity has been initiated, triggering execution of an action or policy associated with the activity; wherein the method is performed by one or more processors of a computer system. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 25, 26, 27, 28, 37, 38, 39, 40, 41, 42, 43, 45, 46, 47)
-
-
15. A method for detecting activities involving use of a software application, the method comprising the computer-implemented steps of:
-
establishing a set of rules associating business signatures with business activities, in which each rule comprises an association of one of the business signatures with one of the business activities; wherein said business activities are each an activity that involves one or more interactions between the application and application users; wherein the business signatures collectively comprise a set of one or more parameter expressions; wherein each of the business signatures comprises a subset of the one or more parameter expressions; analyzing the set of rules to identify a set of selective parameter expressions from the set of parameter expressions and a set of non-selective parameter expressions from the set of parameter expressions, wherein the selective parameter expressions are expressions that are associated with fewer signatures than non-selective parameter expressions; monitoring information that is generated based on at least one user'"'"'s use of the application; comparing the information against at least a portion of at least some of the business signatures in the set of rules to determine which of said business activities have been initiated; wherein the step of comparing includes performing a first comparison stage by comparing the information against at least one of the selective parameter expressions, without comparing the information against any of the non-selective parameter expressions during the first comparison stage; based on said comparing, determining that one or more of the business activities has been initiated; in response to determining that one or more of the business activities has been initiated, triggering execution of one or more actions or one or more policies associated with the one or more of the business activities; wherein the method is performed by one or more processors of a computer system. - View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 29, 30, 31, 32, 33, 34, 35, 36, 49, 50)
-
-
23. A method for detecting, in a stream of information that represents an interaction between a software application and a user of the application, business activities conducted using the software application, the method comprising the computer-implemented steps of:
-
establishing a set of rules associating business signatures with business activities, in which each rule comprises an association of one of the business signatures with one of the business activities; wherein said business activities are each an activity that involves one or more interactions between the application and application users; wherein each of the business signatures comprises a set of one or more parameter expressions, wherein each parameter expression in a business signature must be present for the activity associated with that business signature to have occurred; monitoring at least one stream of information transmitted between the application and a user; comparing the at least one stream of information against at least a portion of the at least some of the signatures in the set of rules to detect whether any of the business activities have been initiated via the stream; detecting whether any of the business activities have been initiated based on said comparing, by determining whether a match to at least one of the parameter expressions in the business signatures is included in the at least one stream; in response to detecting that that an activity has been initiated, detecting whether the activity was completed successfully based on said comparing; and in response to detecting that performance of the activity that was initiated did not complete, triggering execution of an action or policy associated with a failure to complete the activity; and wherein the method is performed by one or more processors of a computer system. - View Dependent Claims (24, 44, 48, 51, 52, 53, 54)
-
Specification