System and method for identifying real users behind application servers

US 8,635,332 B2
Filed: 09/21/2009
Issued: 01/21/2014
Est. Priority Date: 11/12/2008
Status: Active Grant

First Claim

Patent Images

1. A method for identifying the user identity of an application client accessing a database server by a monitoring device, the monitoring device being connected to a plurality of monitoring points, the monitoring device having at least one monitoring port, a parser, a comparator, and a storage unit, comprising the steps of:

capturing a data request from an application client by at least one monitoring port at a first monitoring point, the data request having a data portion and no identifier being inserted by the application client for monitoring purpose;

parsing the data request by the parser;

translating the data request into at least one structure query language (SQL) instruction;

capturing an SQL instruction from an application server by the at least one monitoring port at a second monitoring point, the SQL instruction having a data portion;

parsing the SQL instruction by the parser;

comparing, without using any identifier inserted by the application client for the monitoring purpose, the data portion of the parsed data request with the data portion of the parsed SQL instruction; and

if there is a match between the data portion of the parsed data request and the data portion of the parsed SQL instruction, associating the parsed SQL instruction with the user identity associated with the parsed data request without using any identifier inserted by the application client for the monitoring purpose.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention provides a monitoring device and method for identifying the identity of users requesting database accesses. The data request from application servers to an application server are monitored and parsed. The SQL statements associated with the data request from the application server are also monitored and parsed, so are the SQL responses from the database server. The SQL responses are sent back to the user as data responses. The data responses are also monitored and parsed. The monitoring device matches the parsed data request with the parsed SQL statements, the parsed SQL responses, and the parsed data responses. By matching the string portion of these parsed data, the monitoring device can then identity the identity of the user making such data base quest.

8 Citations

18 Claims

1. A method for identifying the user identity of an application client accessing a database server by a monitoring device, the monitoring device being connected to a plurality of monitoring points, the monitoring device having at least one monitoring port, a parser, a comparator, and a storage unit, comprising the steps of:
- capturing a data request from an application client by at least one monitoring port at a first monitoring point, the data request having a data portion and no identifier being inserted by the application client for monitoring purpose;
  
  parsing the data request by the parser;
  
  translating the data request into at least one structure query language (SQL) instruction;
  
  capturing an SQL instruction from an application server by the at least one monitoring port at a second monitoring point, the SQL instruction having a data portion;
  
  parsing the SQL instruction by the parser;
  
  comparing, without using any identifier inserted by the application client for the monitoring purpose, the data portion of the parsed data request with the data portion of the parsed SQL instruction; and
  
  if there is a match between the data portion of the parsed data request and the data portion of the parsed SQL instruction, associating the parsed SQL instruction with the user identity associated with the parsed data request without using any identifier inserted by the application client for the monitoring purpose.
- View Dependent Claims (2, 3, 4, 5, 6, 16)
- - 2. The method of claim 1, further comprising the steps of:
    - storing the parsed data request in the storage unit; and
      
      storing the parsed SQL instruction in the storage unit.
  - 3. The method of claim 1, further comprising the step of associating the data request with the user identity identified by a network address.
  - 4. The method of claim 1, further comprising the step of associating the data request with the user identity identified by a login account.
  - 5. The method of claim 1, further comprising the steps of:
    - capturing an SQL response from a database server by the at least one monitoring port, the SQL response having a data portion and no identifier being inserted by the application client for monitoring purpose;
      
      parsing the SQL response by the parser;
      
      capturing a data response from the application server by the at least one monitoring port, the data response having a data portion;
      
      parsing the data response by the parser;
      
      comparing, without using any identifier inserted by the application client for the monitoring purpose, the data portion of the parsed data response with the data portion of the parsed SQL response; and
      
      if there is a match between the data portion of the parsed data response and the data portion of the parsed SQL response, associating the parsed SQL response with the user identity associated with the data response without using any identifier inserted by the application client for the monitoring purpose.
  - 6. The method of claim 5, further comprising the step of associating the data response with a user identity identified by a network address.
  - 16. The method of claim 5, further comprising the step of associating the data request with a user identity identified by a login account.

7. A monitoring device for identifying the user identity of an application client accessing a database server, comprising:
- at least one monitoring port for connecting to a plurality of monitoring points and monitoring data at the plurality of monitoring points;
  
  a parser for parsing data captured by the at least one monitoring port;
  
  a comparator for comparing the parsed data; and
  
  a storage unit for storing the captured data and the parsed data, whereinthe at least one monitoring port captures a data request from an application client at a first monitoring point, the data request having a data portion;
  
  translating the data request into at least one structure query language (SQL) instruction;
  
  capturing an SQL instruction from an application server by the at least one monitoring port at a second monitoring point, the SQL instruction having a data portion;
  
  the parser parses the data request from an application client and the SQL instruction from the application server captured by the at least one monitoring port, the data request and the SQL instruction containing no identifier inserted for monitoring purpose, andif there is a match between the data portion of the parsed data request and the data portion the parsed SQL instruction, the comparator associates the parsed SQL instruction with the user identity associated with the data request without using any identifier inserted by the application client for the monitoring purpose.
- View Dependent Claims (8, 9)
- - 8. The monitoring device of claim 7, wherein there are two monitoring ports connected to two separate monitoring points.
  - 9. The monitoring device of claim 7, whereinthe at least one monitoring port captures a SQL response from the database server, the SQL response having no identifier inserted for the monitoring purpose,the parser parses the SQL response,the at least one monitoring port captures a data response from the application server, the data response having no identifier inserted for the monitoring purpose,the parser parses the data response,the comparator compares the parsed SQL response with the parsed data response without using an identifier inserted for the monitoring purpose;
    - andif there is a match between a data portion of the parsed data response and a data portion of the parsed SQL response, the comparator associates the parsed SQL response with the user identity associated with the data response without using any identifier inserted by the application client for the monitoring purpose.

10. A non-transitory computer-readable medium containing a computer program for identifying the user identity of an application client accessing a database server through a monitoring device, the monitoring device being connected to a plurality of monitoring points, the monitoring device having at least one monitoring port, a parser, a comparator, and a storage unit, the computer program when executed by the monitoring device causes the monitoring device to perform the following steps:
- capturing a data request from the application client by at least one monitoring port at a first monitoring point, the data request having a data portion and no identifier inserted by the application client for monitoring purpose;
  
  parsing the data request by the parser;
  
  translating the data request into at least one structure query language (SQL) instruction;
  
  capturing a SQL instruction from an application server by the at least one monitoring port at a second monitoring point, the SQL instruction having a data portion;
  
  parsing the SQL instruction by the parser;
  
  comparing, without using any identifier inserted by the application client for the monitoring purpose, the parsed data request with the parsed SQL instruction; and
  
  if there is a match between the data portion of the parsed data request and the data portion of the parsed SQL instruction, associating the parsed SQL instruction with the user identity associated with the data request without using any identifier inserted by the application client for the monitoring purpose.
- View Dependent Claims (11, 12, 13, 14, 15, 17, 18)
- - 11. The computer program in the non-transitory computer-readable medium of claim 10, further causing the monitoring device to perform the steps of:
    - storing the parsed data request in the storage unit; and
      
      storing the parsed SQL instruction in the storage unit.
  - 12. The computer program in the non-transitory computer-readable medium of claim 10, further causing the monitoring device to perform the step of associating the data request with a user identity identified by a network address.
  - 13. The computer program in the non-transitory computer-readable medium of claim 10, further causing the monitoring device to perform the step of associating the data request with a user identity identified by a login account.
  - 14. The computer program in the non-transitory computer-readable medium of claim 10, further causing the monitoring device to perform the steps of:
    - capturing a SQL response from the database server by the at least one monitoring port, the SQL response having a data portion and no identifier inserted for the monitoring purpose;
      
      parsing the SQL response by the parser;
      
      capturing a data response from the application server by the at least one monitoring port, the SQL response having a data portion and no identifier inserted for the monitoring purpose;
      
      parsing the data response by the parser;
      
      comparing the parsed SQL response with the parsed data response without using an identifier inserted for the monitoring purpose; and
      
      if there is a match between the data portion of the parsed data response and the data portion of the parsed SQL response, associating the parsed SQL response with the user identity associated with the data response without using any identifier inserted by the application client for the monitoring purpose.
  - 15. The computer program in the non-transitory computer-readable medium of claim 14, further causing the monitoring device to perform the step of associating the data response with a user identity identified by a network address.
  - 17. The computer program in the non-transitory computer-readable medium of claim 14, further causing the monitoring device to perform the step of associating the data request with a user identity identified by a network address.
  - 18. The computer program in the non-transitory computer-readable medium of claim 14, further causing the monitoring device to perform the step of associating the data request with a user identity identified by a login account.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Datiphy Inc.
Original Assignee
Yeejang James Lin
Inventors
Lin, YeeJang James
Primary Examiner(s)
Dharia, Rupal
Assistant Examiner(s)
MCADAMS, BRAD

Application Number

US12/563,424
Publication Number

US 20100121950A1
Time in Patent Office

1,583 Days
Field of Search

709/224
US Class Current

709/224
CPC Class Codes

G06F 21/316 by observing the pattern of...

H04L 43/04 Processing captured monitor...

System and method for identifying real users behind application servers

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

8 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for identifying real users behind application servers

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

8 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links