Monitoring remote access to an enterprise network

US 8,775,614 B2
Filed: 11/18/2011
Issued: 07/08/2014
Est. Priority Date: 09/12/2011
Status: Active Grant

First Claim

Patent Images

1. A method of operating a computing device comprising at least one processor for monitoring remote access by entities to resources through security associations in an enterprise network, the method comprising, with the at least one processor:

for each security association created between one of the entities and one of the resources, generating a session identifier;

associating security associations having matching session, identifiers with unique entity sessions, wherein each security association associated with a unique entity session has a same session identifier;

associating entity sessions with connections, based on at least identities of remote client computers related to the security associations, such that each entity session associated with a connection is related to a same remote client computer, such that each connection represents security associations created for resources on the enterprise network accessed through the same remote client computer; and

providing a representation of each connection, the representation indicating one or more of the resources accessed by one or more of the entities through the same remote client computer over the connection.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques to provide an improved representation of remote network access for a network administrator managing and controlling access to resources on an enterprise network. The representation indicates resources accessed by a remote computer or by a user of that computer and provides associated information useful for managing remote network access. To create the representation, multiple security associations formed between a remote client computer and resources on the enterprise network are associated with entity sessions, based on identical session identifiers generated for each security association within an entity session. The entity sessions may be aggregated into a to DirectAccess “connection” between the remote client computer and the enterprise network, based on an identity of the remote client computer. Resources accessed over the connection may be identified using a session identifier of each entity session so that security associations in that entity session may be matched with the resources.

14 Citations

View as Search Results

20 Claims

1. A method of operating a computing device comprising at least one processor for monitoring remote access by entities to resources through security associations in an enterprise network, the method comprising, with the at least one processor:
- for each security association created between one of the entities and one of the resources, generating a session identifier;
  
  associating security associations having matching session, identifiers with unique entity sessions, wherein each security association associated with a unique entity session has a same session identifier;
  
  associating entity sessions with connections, based on at least identities of remote client computers related to the security associations, such that each entity session associated with a connection is related to a same remote client computer, such that each connection represents security associations created for resources on the enterprise network accessed through the same remote client computer; and
  
  providing a representation of each connection, the representation indicating one or more of the resources accessed by one or more of the entities through the same remote client computer over the connection.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, further comprising:
    - generating the session identifier for a security association based on at least one parameter of the security association.
  - 3. The method of claim 2, wherein the entities include at least one selected from the group consisting of a user of the remote client computer that has a user account with the enterprise network and the remote client computer that has a computer account with the enterprise network.
  - 4. The method of claim 1, wherein:
    - at least one of the security associations is generated for an IPsec session between the remote client computer and the resource.
  - 5. The method of claim 1, wherein:
    - the connection comprises a remote network access connection; and
      
      the remote client computer is connected to the corporate network using DirectAccess.
  - 6. The method of claim 1, wherein providing the representation on the connection comprises:
    - determining, based on the first identifier, that the resource is accessed over the connection.
  - 7. The method of claim 1, wherein:
    - providing the representation comprises displaying the representation on a user interface.
  - 8. The method of claim 7, further comprising:
    - enabling a user to provide input with respect to the representation.
  - 9. The method of claim 1, further comprising:
    - providing information obtained in conjunction with the connection, the information comprising at least one parameter of the connection.
  - 10. The method of claim 9, wherein:
    - the information further comprises resource usage information on the connection.
  - 11. The method of claim 1, wherein:
    - an identity of the remote client computer comprises an IP address of the remote client computer.
  - 12. The method of claim 1, wherein associating entity sessions with connections further is based on user identifier.

13. A computer for monitoring remote access by entities to resources through security associations in an enterprise network, the computer comprising at least one processor, the computer adapted to, with the at least one processor:
- for each security association, generate a session identifier;
  
  associate security associations having matching session identifiers, with unique entity sessions, wherein each security association associated with one of the unique entity sessions has a same session identifier;
  
  associate entity sessions with connections, based on at least identities of remote client computers related to the security associations, such that each entity session associated with a connection is related to a same remote client computer, such that each connection represents security associations created for resources on the enterprise network accessed through the same remote client computer; and
  
  provide a representation of each connection, the representation indicating one or more of the resources accessed by one or more of the entities through the same remote client computer over the connection.
- View Dependent Claims (14, 15, 16)
- - 14. The computer of claim 13, wherein associating entity sessions with connections further is based on user identifier.
  - 15. The computer of claim 13, wherein:
    - the remote client computer is connected to the enterprise network using DirectAccess.
  - 16. The computer of claim 13, further adapted to:
    - provide the representation by displaying the representation on a user interface.

17. At least one computer-readable storage medium, being at least one of memory and nonvolatile storage, comprising computer-executable instructions that, when executed by at least one processor, implement a method of monitoring remote access by entities to resources through security associations in an enterprise network, the method comprising:
- for each security associated created between one of the entities and one of the resources, generating a session identifier;
  
  associating security associations having matching session identifiers with unique entity sessions, wherein each security association associated with a unique entity session has a same session identifier;
  
  associating entity sessions with connections, based on at least identities of remote client computers related to the security associations, such that each entity session associated with a connection is related to a same remote client computer, such that each connection represents security associations created for resources on the enterprise network accessed through the same remote client computer connected; and
  
  providing information on each connection, the information indicating one or more of the resources accessed by one or more of the entities through the same remote client computer over the connection.
- View Dependent Claims (18, 19, 20)
- - 18. The at least one computer-readable storage medium of claim 17, wherein:
    - the remote client computer is connected to the enterprise network using DirectAccess.
  - 19. The at least one computer-readable storage medium of claim 17, wherein:
    - the resource comprises at least one application server.
  - 20. The at least one computer-readable storage medium of claim 17, wherein associating entity sessions with connections further is based on user identifier.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Gupta, Dhiraj K., Diaz-Cuellar, Gerardo, Saxena, Ashish, Tiwari, Abhishek
Primary Examiner(s)
WANG, LIANG CHE A

Application Number

US13/299,975
Publication Number

US 20130067072A1
Time in Patent Office

963 Days
Field of Search

709/223, 709/224, 709/225, 709/227, 709/229
US Class Current

709/224
CPC Class Codes

G06F 11/3006   where the computing system ...

G06F 11/3065   Monitoring arrangements det...

H04L 63/0428   wherein the data content is...

H04L 63/08   for authentication of entit...

H04L 63/10   for controlling access to d...

H04L 63/20   for managing network securi...

H04L 67/133   Protocols for remote proced...

Monitoring remote access to an enterprise network

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

14 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Monitoring remote access to an enterprise network

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

14 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links