Method and system for a network management console

US 8,676,972 B2
Filed: 03/06/2003
Issued: 03/18/2014
Est. Priority Date: 03/06/2002
Status: Active Grant

First Claim

Patent Images

1. A data network management system for identifying unauthorized access to a data network service, provided at a service node in a data network, by a user node in said data network, said service node having an agent and having means for maintaining a user access list, said user access list having at least one data network address corresponding to at least one user node in said data network, said system comprising:

a data communication means for periodically polling said agent at said service node and for retrieving a user access list from said agent, said user access list specifying which users have accessed said service node;

a database for maintaining an authorized access list for said service node, said authorized access list specifying which users are authorized to access said service node; and

a data processing means for detecting unauthorized access to said service node by comparing said user access list to said authorized access list and for updating said authorized access list based on the user access list retrieved from said agent.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and a system for identifying unauthorized accesses to a data network service by a particular node in a data network is disclosed. The NMC communicates with an agent periodically to gather a list of users of the service node. An agent is installed on the service node to monitor all network accesses to the service. By configuring the agent to monitor all access to the service node, through SNMP or a similar protocol, the agent maintains a list of all accesses to that service node. This list is stored internally by the agent and queried for by the NMC periodically. The access information stored by the agent is periodically retrieved by the NMC for all monitored nodes and compared with the authorization list for the node. If unauthorized accesses are found, they are identified by the NMC. These unauthorized accesses can be notified to the appropriate entity in a number of ways such as through paging, email or a report viewable through the NMC.

Citations

20 Claims

1. A data network management system for identifying unauthorized access to a data network service, provided at a service node in a data network, by a user node in said data network, said service node having an agent and having means for maintaining a user access list, said user access list having at least one data network address corresponding to at least one user node in said data network, said system comprising:
- a data communication means for periodically polling said agent at said service node and for retrieving a user access list from said agent, said user access list specifying which users have accessed said service node;
  
  a database for maintaining an authorized access list for said service node, said authorized access list specifying which users are authorized to access said service node; and
  
  a data processing means for detecting unauthorized access to said service node by comparing said user access list to said authorized access list and for updating said authorized access list based on the user access list retrieved from said agent.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The data network management system as defined in claim 1, wherein said agent is a Simple Network Management Protocol agent.
  - 3. The data network management system as defined in claim 1, wherein said data communication means is a Simple Network Management Protocol communication means.
  - 4. The data network management system as defined in claim 1, further including means for installing said agent at said service node, said agent having means to communicate with said data communication means.
  - 5. The data network as defined in claim 1, wherein said authorized access list is a common authorized user access list that includes a range of user nodes for comparing to said user access list to determine if said user access list is a subset of said common authorization access list.
  - 6. The data network management system of claim 1 wherein said user access list identifies a plurality of accesses to said service node.

7. A method for identifying unauthorized access to a data network service, provided at a service node in a data network, by a user node in said data network, said service node having an agent and having means for maintaining a user access list, said user access list having at least one data network address corresponding to at least one user node in said data network, said method comprising:
- a) periodically polling an agent and retrieving said user access list, for a given period of time, from said service node in said data network;
  
  b) comparing said user access list to an authorized access list;
  
  c) determining if an access to said service node was unauthorized based on comparing said user access list to the authorized access list; and
  
  d) if said access was not authorized, initiating a notification process;
  
  wherein said user access list specifies which users have accessed said service node.
- View Dependent Claims (8, 9, 10, 11, 12, 13, 14)
- - 8. The method as defined in claim 7, further including updating said authorized access list based on said user access list retrieved from said service node.
  - 9. The method as defined in claim 7, further including installing said agent at said user node, prior to periodically polling and retrieving said user access list.
  - 10. The method as defined in claim 7, further including selecting said service node for identification based on a predetermined criteria, prior to retrieving said user access list.
  - 11. The method as defined in claim 7, wherein said notification process comprises notifying a Network Operations Console.
  - 12. The method as defined in claim 7, wherein a) through c) are repeated, and wherein said user node is selected from one of a plurality of user nodes in said data network.
  - 13. The method as defined in claim 7, wherein a) through d) are repeated, and wherein said user node is selected from one of a plurality of user nodes in said data network.
  - 14. The method as defined in claim 7, wherein said agent is a Simple Network Management Protocol agent.

15. A non-transitory computer-readable medium for identifying unauthorized access to a data network service, provided at a service node in a data network, by a user node in said data network, said service node having an agent and having means for maintaining a user access list, said user access list having at least one data network address corresponding to at least one user node in said data network, and said medium having stored thereon, computer-readable and computer-executable instructions which, when executed by a processor, cause said processor to perform steps comprising:
- a) periodically polling an agent and retrieving said user access list, for a given period of time, from said service node in a data network;
  
  b) comparing said user access list to an authorized access list;
  
  c) determining if an access to said data network service was authorized based on said comparison step b);
  
  d) if determined that said access was unauthorized, initiating a notification process;
  
  wherein said user access list specifies which users have accessed said service node.
- View Dependent Claims (16, 17, 18, 19)
- - 16. The non-transitory computer-readable medium as defined in claim 15, further containing computer-readable and computer-executable instructions which perform a step of updating said authorized access list based on user access information.
  - 17. The non-transitory computer-readable medium as defined in claim 15, further containing computer-readable and computer-executable instructions which perform a step of installing said agent at said user node, prior to retrieving said user access list in step a).
  - 18. The non-transitory computer-readable medium as defined in claim 15, further containing computer-readable and computer-executable instructions wherein said steps a) through c) are repeated, and wherein said user node is selected from one of a plurality of user nodes in said data network.
  - 19. The non-transitory computer-readable medium as defined in claim 15, wherein said agent is a Simple Network Management Protocol agent.

20. A computer for use in a data network for identifying unauthorized access to a data network service, provided at a service node in a data network, by a user node in said data network, said service node having an agent and having means for maintaining a user access list, said user access list having at least one data network address corresponding to at least one user node in said data network;
- said computer comprising;
  
  means for storing an authorized access list for said service node, said authorized access list specifying which users are authorized to access said service node;
  
  a central processing unit;
  
  data communication means for periodically polling said agent at said service node and retrieving a user access list from said agent said user access list specifying which users have accessed said service node; and
  
  data processing means for comparing said retrieved user access list to said authorized access list and for updating said authorized access list based on the user access list retrieved from said agent.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett Packard Enterprise Development LP (Hewlett-Packard Enterprise Company)
Original Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Inventors
Ramaswamy, Arvind, Schenkel, David, Slavitch, Michael
Primary Examiner(s)
Ferris, Derrick
Assistant Examiner(s)
Ali, Farhad

Application Number

US10/506,815
Publication Number

US 20050198323A1
Time in Patent Office

4,030 Days
Field of Search

709/223, 709/224, 709/225, 709/229
US Class Current

709/225
CPC Class Codes

H04L 41/00   Arrangements for maintenanc...

H04L 63/10   for controlling access to d...

H04L 63/102   Entity profiles

Method and system for a network management console

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for a network management console

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links