Systems and methods for authentication of target protocol screen names

US 7,664,822 B2
Filed: 06/10/2003
Issued: 02/16/2010
Est. Priority Date: 06/10/2002
Status: Active Grant

First Claim

Patent Images

1. A method for managing communication policy in a network, the method comprising:

receiving a first message from a client device over a network, the client device associated with a user having at least two different screen names, each of the screen names being an alias of the user, the first message being generated according to a first instant messaging protocol, the first message being associated with a first one of the at least two screen names;

determining a unique name of the user in response to receiving the first message, said determining comprising interrogating a registry of the client device;

selecting a policy rule for controlling the user'"'"'s usage of instant messaging within an enterprise network based at least partly on the user'"'"'s unique name, wherein the policy rule comprises a rule for restricting the user from sending or receiving a predefined number of messages within a given time period;

applying the policy rule to the first message;

receiving a second message from the client device, the second message being generated according to a second instant messaging protocol different than the first instant messaging protocol, the second message being associated with a second one of the at least two screen names, the second screen name being different than the first screen name;

determining the user'"'"'s unique name in response to receiving the second message; and

applying the policy rule to the second message, such that the same policy rule is applied to instant message communications by the user whether the user uses the first or second screen name.

View all claims

28 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A protocol management system is capable of detecting certain message protocols and applying policy rules to the detected message protocols that prevent intrusion, or abuse, of a network'"'"'s resources. In one aspect, a protocol message gateway is configured to apply policy rules to high level message protocols, such as those that reside at layer 7 of the ISO protocol stack.

109 Citations

27 Claims

1. A method for managing communication policy in a network, the method comprising:
- receiving a first message from a client device over a network, the client device associated with a user having at least two different screen names, each of the screen names being an alias of the user, the first message being generated according to a first instant messaging protocol, the first message being associated with a first one of the at least two screen names;
  
  determining a unique name of the user in response to receiving the first message, said determining comprising interrogating a registry of the client device;
  
  selecting a policy rule for controlling the user'"'"'s usage of instant messaging within an enterprise network based at least partly on the user'"'"'s unique name, wherein the policy rule comprises a rule for restricting the user from sending or receiving a predefined number of messages within a given time period;
  
  applying the policy rule to the first message;
  
  receiving a second message from the client device, the second message being generated according to a second instant messaging protocol different than the first instant messaging protocol, the second message being associated with a second one of the at least two screen names, the second screen name being different than the first screen name;
  
  determining the user'"'"'s unique name in response to receiving the second message; and
  
  applying the policy rule to the second message, such that the same policy rule is applied to instant message communications by the user whether the user uses the first or second screen name.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1, wherein the policy rule comprises a policy for resetting a communication connection associated with the first or second message.
  - 3. The method of claim 1, wherein the policy rule is based on information included in the first or second message.
  - 4. The method of claim 1, wherein the policy rule is based on when the first or second message is sent or intended to be received.
  - 5. The method of claim 1, wherein the policy rule is based on the size of the first or second message.
  - 6. The method of claim 1, wherein the policy rule is based on whether the first or second message includes an attachment.
  - 7. The method of claim 1, wherein the policy rule is based on whether the first or second message includes a virus.
  - 8. The method of claim 1, further comprising determining if a session associated with the first or second message is still in progress before applying the policy rule.
  - 9. The method of claim 1, further comprising recording information associated with the first or second message.
  - 10. The method of claim 1, further comprising creating a log comprising information associated with the first or second message and any related messages.
  - 11. The method of claim 1, wherein the first message is associated with a network address, and wherein determining the unique user name further comprises identifying the client device using the network address.
  - 12. The method of claim 11, wherein interrogating the registry of the client device further comprises determining a global user identification associated with the client device.
  - 13. The method of claim 12, further comprising associating the first screen name with the unique user name and storing the association between the first screen name and the unique user name in a database.

14. A user authentication module, comprising:
- a network interface configured to receive first and second messages from a client device associated with a user over a network, the first and second messages generated according to different instant messaging protocols, the first message being associated with a first screen name of the user, the second message being associated with a second screen name of the user, the second screen name being different than the first screen name; and
  
  the user authentication module configured to;
  
  access a user database stored in a computer memory to determine whether the first screen name is associated with a unique name of the user,in response to a determination that the first screen name is associated with the unique user name, forward the unique user name to a policy enforcement module operative to process the message according to a policy rule for restricting the user from sending or receiving a predefined number of messages within a given time period,determine whether the second screen name is stored in the user database,in response to a determination that the second screen name is not stored in the user database, interrogate a registry at the client device to obtain a user identifier,use the user identifier to obtain the unique user name,associate the second screen name with the unique user name,store the association between the second screen name and the unique user name in the user database, andforward the unique user name to the policy enforcement module, the policy enforcement module being operative to process the second message according to the same policy rule, such that the same policy rule is applied to instant message communications by the user whether the user uses the first or second screen name.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27)
- - 15. The user authentication module of claim 14, wherein the policy rule comprises a policy for resetting a communication connection associated with the first or second message.
  - 16. The user authentication module of claim 14, wherein the policy rule is based on the intended destination of the first or second message.
  - 17. The user authentication module of claim 14, wherein the policy rule is based on information included in the first or second message.
  - 18. The user authentication module of claim 14, wherein the policy rule is based on when the first or second message is sent or intended to be received.
  - 19. The user authentication module of claim 14, wherein the policy rule is based on the size of the first or second message.
  - 20. The user authentication module of claim 14, wherein the policy rule is based on whether the first or second message includes an attachment.
  - 21. The user authentication module of claim 14, wherein the policy rule is based on whether the first or second message includes a virus.
  - 22. The user authentication module of claim 14, further configured to determine if a session associated with the first or second message is still in progress before applying the policy rule.
  - 23. The user authentication module of claim 14, further configured to record information associated with the first or second message.
  - 24. The user authentication module of claim 14, further configured to create a log comprising information associated with the first or second message and any related messages.
  - 25. The user authentication module of claim 14, wherein the first or second message is associated with a network address, and wherein determining a unique user name comprises identifying the source using the network address.
  - 26. The user authentication module of claim 25, wherein determining a unique user name further comprises determining a global user identification associated with the client device.
  - 27. The user authentication module of claim 26, further configured to use the global user identification to request the unique user name from a domain controller.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Quest Software, Inc.
Original Assignee
Quest Software, Inc.
Inventors
Shapiro, Dmitry, Miller, Randy, Poling, Robert, Pugh, Richard S.
Primary Examiner(s)
Donaghue; Larry D
Assistant Examiner(s)
TAYLOR, NICHOLAS R

Application Number

US10/459,421
Publication Number

US 20040088423A1
Time in Patent Office

2,443 Days
Field of Search

709/207, 709/224
US Class Current

709/207
CPC Class Codes

H04L 41/0893   Assignment of logical group...

H04L 41/0894   Policy-based network config...

H04L 51/212   using filtering or selectiv...

H04L 63/0245   Filtering by information in...

H04L 63/1416   Event detection, e.g. attac...

H04L 67/14   Session management for real...

H04L 67/56   Provisioning of proxy servi...

H04L 67/563   Data redirection of data ne...

H04L 69/329   in the application layer [O...

Systems and methods for authentication of target protocol screen names

First Claim

28 Assignments

0 Petitions

Accused Products

Abstract

109 Citations

27 Claims

Specification

Use Cases

Quick Links

Others

Systems and methods for authentication of target protocol screen names

First Claim

28 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

109 Citations

27 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others