Application identification

US 9,049,128 B1
Filed: 07/08/2013
Issued: 06/02/2015
Est. Priority Date: 03/07/2007
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

storing, by a network device, information identifying applications executed by a plurality of devices,the information identifying the applications being stored in a first data structure,storing the information identifying the applications including;

storing, as part of the information identifying the applications, information included in one or more packets from a device of the plurality of devices,a particular application, of the applications, executed by the device being identified based on the one or more packets;

storing, by the network device, signature information associated with one or more applications,the signature information being stored in a second data structure;

receiving, by the network device, a packet from another network device,the packet being associated with a request to access a resource in a network associated with the network device;

searching, by the network device, at least one of the first data structure or the second data structure to identify information identifying an application associated with the other network device,the at least one of the first data structure or the second data structure being searched based on information included in the packet;

identifying, by the network device, particular information relating to accessing the resource in the network,the particular information being identified based on the information identifying the application; and

selectively granting, to the other network device and based on the particular information, access to the resource.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method may include receiving a communication from a client device and identifying a port number, a protocol and a destination associated with the communication. The method may also include identifying a first application being executed by the first client device based on the port number, the protocol and the destination associated with the first communication.

78 Citations

View as Search Results

18 Claims

1. A method comprising:
- storing, by a network device, information identifying applications executed by a plurality of devices,the information identifying the applications being stored in a first data structure,storing the information identifying the applications including;
  
  storing, as part of the information identifying the applications, information included in one or more packets from a device of the plurality of devices,a particular application, of the applications, executed by the device being identified based on the one or more packets;
  
  storing, by the network device, signature information associated with one or more applications,the signature information being stored in a second data structure;
  
  receiving, by the network device, a packet from another network device,the packet being associated with a request to access a resource in a network associated with the network device;
  
  searching, by the network device, at least one of the first data structure or the second data structure to identify information identifying an application associated with the other network device,the at least one of the first data structure or the second data structure being searched based on information included in the packet;
  
  identifying, by the network device, particular information relating to accessing the resource in the network,the particular information being identified based on the information identifying the application; and
  
  selectively granting, to the other network device and based on the particular information, access to the resource.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, where the information, included in the one or more packets, includes:
    - information identifying a protocol associated with the one or more packets,information identifying a destination device, andinformation identifying a port of the destination device.
  - 3. The method of claim 1, where the information, included in the packet, includes:
    - information identifying a protocol associated with the packet, andinformation relating to a particular network device,where the resource includes the particular network device.
  - 4. The method of claim 3, where searching the at least one of the first data structure or the second data structure includes:
    - searching the first data structure using the information identifying the protocol associated with the packet and the information relating to the particular network device.
  - 5. The method of claim 4, where searching the at least one of the first data structure or the second data structure further includes:
    - searching the second data structure using the information identifying the protocol associated with the packet and the information relating to the particular network device, after searching the first data structure.
  - 6. The method of claim 1, where the network device includes a firewall device or an intrusion detection system.
  - 7. The method of claim 1, where selectively granting the access includes one of:
    - granting access to the resource based on the particular information;
      
      denying access to the resource based on the particular information;
      
      orlimiting access to the resource based on the particular information.

8. A device comprising:
- a memory to store instructions; and
  
  a processor to execute the instructions to;
  
  receive a packet from another device,the packet being associated with a request to access a resource in a network associated with the device,search at least one of a first data structure or a second data structure to identify information identifying an application associated with the other device,the at least one of the first data structure or the second data structure being searched based on information included in the packet,the first data structure storing information identifying applications executed by a plurality of devices,a particular application, of the applications, executed by a device, of the plurality of devices being identified based on one or more packets from the device, andthe information identifying the applications including information included in the one or more packets, andthe second data structure storing signature information associated with one or more applications,identify particular information relating to accessing the resource in the network,the particular information being identified based on the information identifying the application, andselectively grant, to the other device and based on the particular information, access to the resource.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The device of claim 8, where, when selectively granting the access, the processor is to one of:
    - grant access to the resource based on the particular information;
      
      deny access to the resource based on the particular information;
      
      orlimit access to the resource based on the particular information.
  - 10. The device of claim 8, where the information, included in the packet, includes a plurality of:
    - information identifying a protocol associated with the packet,information identifying another particular device, orinformation identifying a port of the other particular device,where the other particular device corresponds to the resource.
  - 11. The device of claim 10, where, when searching the at least one of the first data structure or the second data structure, the processor is to:
    - search the first data structure using the plurality of the information identifying the protocol associated with the packet, the information identifying the particular device, or the information identifying the port of the particular device.
  - 12. The device of claim 11, where, when searching the at least one of the first data structure or the second data structure, the processor is further to:
    - search the second data structure using the plurality of the information identifying the protocol associated with the packet, the information identifying the particular device, or the information identifying the port of the particular device, when the information identifying the application is not identified in the first data structure.
  - 13. The device of claim 8, where the information, included in the one or more packets, includes:
    - information identifying a protocol associated with the one or more packets, information identifying a destination port, anda destination address associated with the destination port.

14. A non-transitory computer-readable medium storing instructions, the instructions comprising:
- a plurality of instructions which, when executed by a device, cause the device to;
  
  receive a packet from another device,the packet being associated with a request to access a resource in a network associated with the device;
  
  search a data structure to identify information identifying an application associated with the other device,the data structure being searched based on information included in the packet,the data structure storing signature information associated with one or more applications,the data structure being searched when the information identifying the application is not identified in another data structure;
  
  identify particular information relating to accessing the resource in the network,the particular information being identified based on the information identifying the application; and
  
  selectively grant, to the other device and based on the particular information, access to the resource.
- View Dependent Claims (15, 16, 17, 18)
- - 15. The non-transitory computer-readable medium of claim 14, where the instructions further comprise:
    - one or more instructions to search the other data structure, based on the information included in the packet, to identify the information identifying the application,the other data structure storing information identifying applications executed by a plurality of devices,the other data structure being searched before searching the data structure.
  - 16. The non-transitory computer-readable medium of claim 15, where the one or more instructions to search the other data structure include:
    - one or more instructions to search the other data structure using information identifying a protocol associated with the packet and information relating to the resource.
  - 17. The non-transitory computer-readable medium of claim 14, where the information, included in the packet, includes a plurality of:
    - information identifying a protocol associated with the packet,information identifying a particular device, orinformation identifying a port of the particular device,where the particular device corresponds to the resource.
  - 18. The non-transitory computer-readable medium of claim 14, where the device includes a firewall device or an intrusion detection system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Juniper Networks Incorporated
Original Assignee
Juniper Networks Incorporated
Inventors
Narayanaswamy, Krishna, Yang, Siying
Primary Examiner(s)
Yohannes, Tesfay

Application Number

US13/936,800
Time in Patent Office

694 Days
Field of Search

709/223, 709/238, 709/250, 370/229, 370/289
US Class Current

1/1
CPC Class Codes

H04L 43/10   Active monitoring, e.g. hea...

H04L 63/0236   Filtering by address, proto...

H04L 63/0245   Filtering by information in...

H04L 63/10   for controlling access to d...

H04L 63/1408   by monitoring network traff...

Application identification

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

78 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Application identification

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

78 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links