Application identification

US 8,484,385 B2
Filed: 09/14/2012
Issued: 07/09/2013
Est. Priority Date: 03/07/2007
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving, by a network device, one or more packets from a client device;

determining, by the network device and using particular information in the one or more packets, whether a first data structure stores an entry that includes information matching the particular information,the first data structure storing information identifying applications executed by client devices;

identifying, by the network device and in the entry, information identifying a particular application being executed by the client device when the first data structure stores the entry that includes the information matching the particular information;

comparing, by the network device, the particular information to information in a second data structure to identify the particular application being executed by the client device when the first data structure does not store the entry that includes the information matching the particular information,the second data structure storing signature information associated with one or more applications,comparing the particular information to the information in the second data structure including;

searching for a pattern, in the second data structure, that matches a pattern in the one or more packets; and

applying, by the network device, an access policy to determine whether to grant, to the client device, access to a resource in a network associated with the network device,the access policy being based on the particular application.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method may include receiving a communication from a client device and identifying a port number, a protocol and a destination associated with the communication. The method may also include identifying a first application being executed by the first client device based on the port number, the protocol and the destination associated with the first communication.

69 Citations

View as Search Results

20 Claims

1. A method comprising:
- receiving, by a network device, one or more packets from a client device;
  
  determining, by the network device and using particular information in the one or more packets, whether a first data structure stores an entry that includes information matching the particular information,the first data structure storing information identifying applications executed by client devices;
  
  identifying, by the network device and in the entry, information identifying a particular application being executed by the client device when the first data structure stores the entry that includes the information matching the particular information;
  
  comparing, by the network device, the particular information to information in a second data structure to identify the particular application being executed by the client device when the first data structure does not store the entry that includes the information matching the particular information,the second data structure storing signature information associated with one or more applications,comparing the particular information to the information in the second data structure including;
  
  searching for a pattern, in the second data structure, that matches a pattern in the one or more packets; and
  
  applying, by the network device, an access policy to determine whether to grant, to the client device, access to a resource in a network associated with the network device,the access policy being based on the particular application.
- View Dependent Claims (2, 3, 4, 5, 6, 19)
- - 2. The method of claim 1, where receiving the one or more packets from the client device comprises:
    - receiving, from the client device, a request to access the resource in the network, the one or more packets being associated with the request.
  - 3. The method of claim 1, further comprising:
    - identifying, as the particular information, a destination port number associated with the one or more packets, a protocol associated with the one or more packets, and a destination address associated with the one or more packets.
  - 4. The method of claim 3, where determining whether the first data structure stores the entry that includes information matching the particular information includes:
    - searching the first data structure using information identifying the destination port number, the protocol, and the destination address.
  - 5. The method of claim 1, where the network device includes a firewall device or an intrusion detection system.
  - 6. The method of claim 1, further comprising:
    - identifying, in a third data structure, the access policy based on the particular application,the third data structure storing at least one of;
      
      one or more policies associated with accessing one or more resources that include the resource, orone or more rules associated with accessing the one or more resources.
  - 19. The method of claim 1, further comprising one of:
    - granting access to the resource based on applying the access policy;
      
      denying access to the resource based on applying the access policy;
      
      orlimiting access to the resource based on applying the access policy.

7. A non-transitory computer-readable medium storing instructions, the instructions comprising:
- one or more instructions which, when executed by a first device, cause the first device to receive a packet from a second device,the first device being different than the second device;
  
  one or more instructions which, when executed by the first device, cause the first device to search a first data structure, using particular information in the packet, to determine whether the first data structure stores an entry that includes information matching the particular information,the first data structure storing information identifying applications executed by devices;
  
  one or more instructions which, when executed by the first device, cause the first device to identify, in the entry, information identifying a particular application being executed by the second device when the first data structure stores the entry that includes the information matching the particular information;
  
  one or more instructions which, when executed by the first device, cause the first device to compare the particular information to information in a second data structure to identify the particular application being executed by the second device when the first data structure does not store the entry that includes the information matching the particular information,the second data structure being different than the first data structure, andthe second data structure storing signature information associated with one or more applications;
  
  one or more instructions which, when executed by the first device, cause the first device to identify, in a third data structure and based on the particular application, a rule associated with accessing a resource in a network associated with the first device; and
  
  one or more instructions which, when executed by the first device, cause the first device to selectively grant, to the second device and based on the rule, access to the resource in the network associated with the first device.
- View Dependent Claims (8, 9, 10, 11, 12, 20)
- - 8. The non-transitory computer-readable medium of claim 7, where the third data structure stores at least one of:
    - one or more policies associated with accessing one or more resources, in the network, that include the resource, orone or more rules associated with accessing the one or more resources.
  - 9. The non-transitory computer-readable medium of claim 7, the instructions further including:
    - one or more instructions which, when executed by the first device, cause the first device to identify, as the particular information, a plurality of;
      
      a destination port number associated with the packet,a protocol associated with the packet, ora destination address associated with the packet.
  - 10. The non-transitory computer-readable medium of claim 9, where the one or more instructions to search the first data structure include:
    - one or more instructions which, when executed by the first device, cause the first device to search the first data structure using information identifying the plurality of the destination port number, the protocol, or the destination address.
  - 11. The non-transitory computer-readable medium of claim 7, where the one or more instructions to receive the packet include:
    - one or more instructions which, when executed by the first device, cause the first device to receive, from the second device, a request to access the resource in the network, the packet being associated with the request.
  - 12. The non-transitory computer-readable medium of claim 7, where the one or more instructions to compare the particular information to the information in the second data structure include:
    - one or more instructions which, when executed by the first device, cause the first device to search for a pattern, in the second data structure, that matches a pattern in the packet.
  - 20. The non-transitory computer-readable medium of claim 7, the one or more instructions to selectively grant access to the resource comprising one of:
    - one or more instructions to grant access to the resource;
      
      one or more instructions to deny access to the resource;
      
      orone or more instructions to limit access to the resource.

13. A device comprising:
- a memory to store instructions; and
  
  a processor to execute the instructions to;
  
  receive a packet from another device different than the device,the packet being associated with a request to access a resource in a network associated with the device,search a first data structure, using particular information in the packet, to determine whether the first data structure stores an entry that includes information matching the particular information,identify, in the entry, information identifying a particular application being executed by the other device when the first data structure stores the entry that includes the information matching the particular information,the first data structure storing information identifying applications executed by devices,compare the particular information to information in a second data structure to identify the particular application being executed by the other device when the first data structure does not store the entry that includes the information matching the particular information,the second data structure being different than the first data structure, andthe second data structure storing signature information associated with one or more applications,identify, based on the particular application, information associated with accessing the resource in the network, andselectively grant, to the other device and based on the information associated with accessing the resource, access to the resource.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The device of claim 13, where, when identifying, based on the particular application, the information associated with accessing the resource in the network, the processor is to:
    - identify, in a third data structure and based on the particular application, a policy or a rule associated with accessing the resource in the network,the third data structure being different than the first data structure and the second data structure,where the third data structure stores at least one of;
      
      one or more policies associated with accessing one or more resources, in the network, that include the resource, orone or more rules associated with accessing the one or more resources.
  - 15. The device of claim 13,where, when comparing the particular information to the information in the second data structure, the processor is to:
    - search for a pattern, in the second data structure, that matches a pattern in the packet.
  - 16. The device of claim 13, where the processor is further to:
    - identify, as the particular information, a destination port number associated with the packet, a protocol associated with the packet, and a destination address associated with the packet.
  - 17. The device of claim 16, where, when searching the first data structure, the processor is further to:
    - search the first data structure using information identifying the destination port number, the protocol, and the destination address,andwhere the entry stores information identifying the destination port number, information identifying the protocol, information identifying the destination address, and the information identifying the particular application.
  - 18. The device of claim 13, where, when selectively granting the access to the resource, the processor is to one of:
    - grant access to the resource,deny access to the resource, orlimit access to the resource.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Juniper Networks Incorporated
Original Assignee
Juniper Networks Incorporated
Inventors
Narayanaswamy, Krishna, Yang, Siying
Primary Examiner(s)
Chan, Wing F
Assistant Examiner(s)
Yohannes, Tesfay

Application Number

US13/616,333
Publication Number

US 20130074144A1
Time in Patent Office

298 Days
Field of Search

709/224, 709/230, 709/250, 370/230, 370/389
US Class Current

709/250
CPC Class Codes

H04L 43/10   Active monitoring, e.g. hea...

H04L 63/0236   Filtering by address, proto...

H04L 63/0245   Filtering by information in...

H04L 63/10   for controlling access to d...

H04L 63/1408   by monitoring network traff...

Application identification

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

69 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Application identification

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

69 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others