US20090287788A1 - Network asset tracker - Google Patents

Network asset tracker Download PDF

Info

Publication number
US20090287788A1
US20090287788A1 US12/468,603 US46860309A US2009287788A1 US 20090287788 A1 US20090287788 A1 US 20090287788A1 US 46860309 A US46860309 A US 46860309A US 2009287788 A1 US2009287788 A1 US 2009287788A1
Authority
US
United States
Prior art keywords
computer
data
network
users
nds
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US12/468,603
Inventor
Alan J. Schunemann
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
eTelemetry
ETELEMETY
Original Assignee
ETELEMETY
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ETELEMETY filed Critical ETELEMETY
Priority to US12/468,603 priority Critical patent/US20090287788A1/en
Publication of US20090287788A1 publication Critical patent/US20090287788A1/en
Assigned to eTelemetry reassignment eTelemetry ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: SCHUNEMANN, ALAN
Abandoned legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/02Details
    • H04L12/14Charging, metering or billing arrangements for data wireline or wireless communications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/02Details
    • H04L12/14Charging, metering or billing arrangements for data wireline or wireless communications
    • H04L12/1403Architecture for metering, charging or billing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/06Generation of reports
    • H04L43/065Generation of reports related to network devices
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/08Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
    • H04L43/0805Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters by checking availability
    • H04L43/0811Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters by checking availability by checking connectivity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L51/00User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L51/00User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
    • H04L51/07User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail characterised by the inclusion of specific contents
    • H04L51/08Annexed information, e.g. attachments
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L51/00User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
    • H04L51/21Monitoring or handling of messages
    • H04L51/234Monitoring or handling of messages for tracking messages
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/30Managing network names, e.g. use of aliases or nicknames

Definitions

  • the present invention generally relates to computer networks, and more particularly to apparatus, systems, methods and computer program products that provide security within such computer networks.
  • LANs local area networks
  • LANs local area networks
  • unauthorized users Regardless of the implementation of login/password schemes, unauthorized users inevitably obtain access to computer networks. In fact, even those users to whom access of computer networks are authorized (e.g., employees, independent contractors, sub-contractors and the like), may often use such networks in an unauthorized manner. Further, a great deal of unauthorized activity centers around electronic mail (“e-mail”). For example, an unauthorized user, or an authorized user acting in an unauthorized manner, may send an enterprise's confidential data to unauthorized persons or unauthorized computer systems via the world-wide, public Internet using e-mail.
  • e-mail electronic mail
  • the present invention meets the above identified needs by providing an apparatus, system, method and computer program product for identifying users of networked computers. That is, in an embodiment, the present invention provides a network asset tracking system that maps end users to workstation Internet Protocol (IP) addresses by passively analyzing (existing) network traffic. The network asset tracking system of the present invention also provides, in an embodiment, a reporting of end user-to-IP address mappings via a database-backed Web application.
  • IP Internet Protocol
  • the network asset tracking system of the present invention includes two components—a name discovery system “back end” and an administrative Web application “front end.”
  • the name discovery system (“NDS”) is a “sniffer” apparatus (i.e., hardware) connected to the primary switch of the enterprise's LAN.
  • the NDS apparatus captures and analyzes network traffic.
  • the Web application is provided for administrators of the computer network to manage and correlate the data captured by the NDS and cross-correlates such data with the enterprise's directory data to map IP addresses to end users.
  • An advantage of the present invention is that it allows users of computers that pose a security threat to be identified with lowered response time for locating and disabling the suspect computer.
  • Another advantage of the present invention is that it maps a computer user's identity to an organization's directory information (e.g., building, room, phone, etc.), allowing the physical location of a computer to be determined (i.e., identifying a specific building and/or room).
  • security threats addressed by the present invention not only include those by unauthorized users, but also Trojan horse-type attacks where physically locating such attacks are critical.
  • Another advantage of the present invention is that it provides identification of computer users who are using a computer network's assets inappropriately and it can also identify computer users and their organization within a company for Information Technology (IT) infrastructure accounting purposes. This advantage becomes clearer when considering the accounting problem faced by large enterprises who share a large common network infrastructure, yet attempt to allocate the costs of network maintenance and support to separate divisions or departments.
  • IT Information Technology
  • Yet another advantage of the present invention is that it can identify errors in existing cable plant (network) documentation.
  • the present invention enables documenting the last “hop” and auditing of such existing network documentation.
  • FIG. 1 is a block diagram illustrating an enterprise's local area computer network in which the present invention may be implemented according to one embodiment.
  • FIGS. 2 and 3 A-D are flowcharts illustrating network asset tracking processes according to alternate embodiments of the present invention.
  • FIG. 4 is a block diagram of an exemplary computer system useful for implementing the present invention.
  • the present invention is directed to an apparatus, system, method and computer program product for identifying users of networked computers.
  • the present invention is provided to an enterprise as a solution for mapping Internet Protocol (IP) addresses to an organization's personnel using directory data and the contents of network traffic.
  • IP Internet Protocol
  • the enterprise's local area network (e.g., Ethernet, FDDI or the like) traffic is captured and analyzed by installing a name discovery system apparatus (i.e., “NDS” hardware) on the primary switch of the enterprise's local area network (LAN).
  • NDS name discovery system apparatus
  • the network asset tracking solution of the present invention also provides access and manipulation of the collected network traffic data through a database-backed Web application for use by the enterprise's IT administrative personnel.
  • the apparatus, system, method and computer program of the present invention allow users of computers that pose a security threat to be identified with lowered response time for locating and disabling the suspect computer. Further, the present invention also allows an enterprise to perform accounting functions. For example, an enterprise may be interested in determining the network usage (e.g., number of network connections) for a subset of computer users (e.g., sub-contractors versus employees) for billing and other accounting purposes (e.g., shared/allocated network infrastructure cost models employed by certain enterprises such as government agencies).
  • network usage e.g., number of network connections
  • subset of computer users e.g., sub-contractors versus employees
  • billing and other accounting purposes e.g., shared/allocated network infrastructure cost models employed by certain enterprises such as government agencies.
  • NAT network asset tracking
  • System 100 includes an enterprise's local area network (e.g., Ethernet) backbone 102 which interconnects a plurality of end-user computers 104 .
  • computers 104 are terminals, workstations (e.g., Sun® SPARCTM or NTTM workstation running the Sun® SolarisTM, Microsoft® Windows 2000TM or XPTM, or IBM® AIXTM operating system) or personal computers (PC) (e.g., an IBMTM or compatible PC running the Microsoft® Windows 95/98TM or Windows NTTM operating system, Macintosh® computer running the Mac® OS operating system, or the like).
  • FIG. 1 shows computers 104 a - n ).
  • users may access LAN 102 using any processing device 104 including, but not limited to, a desktop computer, laptop, palmtop, set-top box, personal digital assistant (PDA) and the like.
  • PDA personal digital assistant
  • the backbone of LAN 102 is connected to a primary switch (i.e., the LAN's primary Internet link) 106 .
  • Switch 106 is connected to a router 108 which in turn provides users of computers 104 with a connection to the public, global Internet 112 .
  • a name discovery system (“NDS”) apparatus 110 is connected to primary switch 106 .
  • NDS 110 functions as a “sniffer” hardware (i.e., a collection node) for capturing LAN 102 inbound and outbound traffic.
  • NDS 110 is a one rack unit (IU) box with a power plug.
  • NDS 110 has two 100 Mbps network connections to primary switch 106 .
  • one link is a mirrored uplink, via one NDS 110 port to collect data from LAN 102 .
  • a second NDS 110 port is utilized for sending periodic data files and permitting regular access via a Web application.
  • NDS 110 requires two valid IP addresses.
  • an NDS 110 can be installed at each core network uplink point (i.e., primary switch) in an alternate embodiment.
  • LAN 102 administrators of LAN 102 are given access to NDS 110 via a “front end” Web application which includes a login/password scheme.
  • a front end is provided by Web server computer 114 having LAN 102 connectivity to NDS 110 .
  • Web server 114 provides the “front-end” for NAT system 100 . That is, server 114 contains a Web server process which sends out Web pages in response to Hypertext Transfer Protocol (HTTP) or Hypertext Transfer Protocol (HTTPS) requests from remote browsers (e.g., administrators of LAN 102 ). More specifically, it provides graphical user interface (GUI) “front-end” screens to such administrative users of NAT system 100 in the form of Web pages. These Web pages, when sent to the users' respective computers 104 , result in GUI screens being displayed.
  • GUI graphical user interface
  • administrators of LAN 102 are also given remote access to NDS 110 via the Secure Shell (SSH) program on port 22 of the NDS 110 .
  • SSH Secure Shell
  • NDS 110 would contain, or have access to within NATS system 100 , a central repository for storing all LAN 102 traffic data collected. Such a repository would also be accessible to the “front end” Web application to allow administrators of LAN 102 to collect statistics, view reports and the like.
  • NAT system 100 More detailed descriptions of NAT system 100 components, as well their functionality, are provided below.
  • FIG. 2 a flowchart illustrating the data flow of a network asset tracking process 200 according to an embodiment of the present invention is shown.
  • inbound and outbound e-mail traffic data 202 (e.g., IP addresses and e-mail addresses) within LAN 102 are collected (i.e., extracted) and stored by NDS 110 .
  • the Tethereal (“dump and analyze network traffic”) network protocol analyzer utility (developed as open source for Unix and Windows and available under the GNU General Public License) is used by NDS 110 to extract data from LAN 102 .
  • other widely-available utilities such as Snoop, Tcpdump or the like, or custom code logic may be used by NDS 110 to extract data from LAN 102 .
  • Web server computer 114 (providing the above-mentioned database-backed Web application), having LAN 102 connectivity to NDS 110 would join the NDS 110 collected data and the enterprise's personnel directory information 206 in order to identify the users of computers 104 within LAN 102 (i.e., map users to IP addresses). More specifically, server 114 provides GUI 208 “front-end” screens to such administrative users of NAT system 100 in the form of Web pages. These Web pages, when sent to the users' respective computers, result in GUI screens 208 being displayed.
  • the enterprise's personnel directory information 206 is organized as an ITU-T X.500 or other formatted database containing data about the enterprise's personnel (i.e., those authorized to use computers 104 within LAN 102 ).
  • a database is a comma or tab delimited text file containing the exemplary fields listed in Table 1.
  • NAT system 100 would generate, on a periodic time interval basis (e.g., hourly, daily, weekly, etc.), an output data file containing all LAN 102 traffic data collected.
  • a periodic time interval basis e.g., hourly, daily, weekly, etc.
  • the processing of data within NAT system 100 creates a text data file that is comma delimited for easy importing into other software application products (e.g., Microsoft® Excel and the like).
  • the NAT system 100 output data file contains a subset or all of the exemplary fields listed in Table 2:
  • the Web application GUI screens 208 provide the capability of sorting the tabular results on any returned field from Table 2.
  • the fields from Table 2 that can actually be presented in NAT system 100 output data files, and the resulting mapping of users to IP addresses, is dependent on the quality of the data found within the enterprise's personnel directory 206 .
  • Table 1 and Table 2 can be joined together using the E-mail Address field common to both tables.
  • FIG. 2 which highlights the functionality and other advantages of NAT system 100 , is presented for example purposes only.
  • the architecture of the present invention is sufficiently flexible and configurable such that data collection and processing within NAT system 100 may take place in ways other than that shown in FIG. 2 (e.g., one or more data processing functions shown to take place on Web server 114 may take place on NDS 110 and vice versa).
  • NDS 110 is able to extract e-mail addresses and IP addresses from LAN 102 traffic data by analyzing port 25 of switch 106 for Simple Mail Transfer Protocol (SMTP) data, port 110 of switch 106 for Post Office Protocol, version 3 (POP3) data and port 143 of switch 106 for Internet Message Access Protocol, version 4 (IMAP) data.
  • SMTP Simple Mail Transfer Protocol
  • POP3 Post Office Protocol
  • IMAP Internet Message Access Protocol
  • FIG. 3A a flowchart illustrating the data flow of network asset tracking process 200 according to one embodiment of the present invention is shown. More specifically, in FIG. 3A , computer 104 users are identified by NDS 110 from SMTP data traffic 202 exchanged between an enterprise's internal (SMTP) mail server 302 and external users 306 accessing outside (e.g., public Internet) SMTP mail servers 308 .
  • SMTP enterprise's internal
  • outside e.g., public Internet
  • the initial SMTP greeting will identify the domain from which the e-mail is originating.
  • extracted data 304 i.e., e-mail traffic data extracted by NDS 110
  • process 200 The command “MAIL FROM:” will identify the full e-mail address of the sender, and the command “RCPT TO:” will identify the full e-mail address of the recipient.
  • FIG. 3B a flowchart illustrating the data flow of network asset tracking process 200 according to one embodiment of the present invention is shown. More specifically, in FIG. 3B , computer 104 users are identified by NDS 110 from POP3 traffic 202 exchanged between an enterprise's internal (POP) mail server 302 and external users accessing outside (e.g., public Internet) mail servers.
  • POP internal
  • outside e.g., public Internet
  • the POP3 protocol does not use data encryption or compression.
  • extracted data 304 i.e., e-mail traffic data extracted by NDS 110
  • process 200 is analyzed by process 200 .
  • a “USER” command is followed a space then the user identity (normally the username part of an e-mail address).
  • Most implementations of the POP3 will usually have the “PASS” command follow the “USER” command.
  • a “PASS” command will be followed by a space then the user's password in clear (i.e., unencrypted text).
  • a server response of “OK” will confirm the user's authenticity.
  • a real-time analysis on the POP3 protocol is done using code logic to perform pattern matching for the following:
  • Request Arg: will be followed by a username string that will identify a user's identity. With this information, the packet header will include source and destination IP addresses to clearly identify the system the user is using. The inventor has found that, generally, less than 64 bytes of data is needed to capture the user's identifier.
  • FIG. 3C a flowchart illustrating the data flow of network asset tracking process 200 according to one embodiment of the present invention is shown. More specifically, in FIG. 3C , computer 104 users are identified by NDS 110 from MAP traffic 202 exchanged between an enterprise's internal (IMAP) mail server 302 and external users accessing outside (e.g., public Internet) e-mail.
  • IMAP enterprise's internal
  • outside e.g., public Internet
  • IMAP does not have data encryption or compression by default.
  • extracted data 304 i.e., e-mail traffic data extracted by NDS 110
  • process 200 a pattern match for the string “LOGIN” (case insensitive) will be used to identify a user's identity.
  • a response of “OK LOGIN completed” or “FAIL” will confirm the user's identity.
  • FIG. 3D a flowchart illustrating the data flow of network asset tracking process 200 according to one embodiment of the present invention is shown. More specifically, in FIG. 3D , computer 104 users are identified from Microsoft® Exchange e-mail data traffic 202 exchanged between an enterprise's internal (Exchange) mail server 302 and external users 306 accessing outside (e.g., public Internet) e-mail servers (not shown in FIG. 3D ).
  • Microsoft® Exchange e-mail data traffic 202 exchanged between an enterprise's internal (Exchange) mail server 302 and external users 306 accessing outside (e.g., public Internet) e-mail servers (not shown in FIG. 3D ).
  • a small script loaded on Exchange server 302 is utilized to obtain extracted data 304 . That is, the script is executed at a pre-configured, regular interval, and leverages the Exchange Server 2000 Message Tracking Center (i.e., enabling the message tracking feature on server 302 ) and its associated tracking log files (e.g., yyyymmdd.txt) which reside on a server 302 share to extract IP and e-mail addresses of senders of e-mail within the network.
  • the Exchange Server 2000 Message Tracking Center i.e., enabling the message tracking feature on server 302
  • its associated tracking log files e.g., yyyymmdd.txt
  • the Microsoft Exchange tracking log files can be remotely accessed using a script that leverages the filesystem object to open the log files and parse them to obtain IP and e-mail addresses of e-mail senders within the network.
  • extracted data 304 can then analyzed by process 200 as explained above.
  • the two above-described alternate embodiments leverage Exchange log files and thus allow NDS 110 to remain unutilized in such embodiments.
  • FIGS. 3A-D which highlight the functionality and other advantages of NAT system 100 , are presented for example purposes only.
  • the architecture of the present invention is sufficiently flexible and configurable such that data collection and processing within NAT system 100 may take place in ways other than that shown in FIGS. 3A-D .
  • the present invention may be implemented using hardware, software or a combination thereof and may be implemented in one or more computer systems or other processing systems. In fact, in one embodiment, the invention is directed toward one or more computer systems capable of carrying out the functionality described herein.
  • An example of a computer system 400 is shown in FIG. 4 .
  • the computer system 400 includes one or more processors, such as processor 404 .
  • the processor 404 is connected to a communication infrastructure 406 (e.g., a communications bus, cross-over bar, or network).
  • a communication infrastructure 406 e.g., a communications bus, cross-over bar, or network.
  • Computer system 400 can include a display interface 402 that forwards graphics, text, and other data from the communication infrastructure 406 (or from a frame buffer not shown) for display on the display unit 430 .
  • Computer system 400 also includes a main memory 408 , preferably random access memory (RAM), and may also include a secondary memory 410 .
  • the secondary memory 410 may include, for example, a hard disk drive 412 and/or a removable storage drive 414 , representing a floppy disk drive, a magnetic tape drive, an optical disk drive, etc.
  • the removable storage drive 414 reads from and/or writes to a removable storage unit 418 in a well known manner.
  • Removable storage unit 418 represents a floppy disk, magnetic tape, optical disk, etc. which is read by and written to by removable storage drive 414 .
  • the removable storage unit 418 includes a computer usable storage medium having stored therein computer software and/or data.
  • secondary memory 410 may include other similar devices for allowing computer programs or other instructions to be loaded into computer system 400 .
  • Such devices may include, for example, a removable storage unit 422 and an interface 420 .
  • Examples of such may include a program cartridge and cartridge interface (such as that found in video game devices), a removable memory chip (such as an erasable programmable read only memory (EPROM), or programmable read only memory (PROM)) and associated socket, and other removable storage units 422 and interfaces 420 , which allow software and data to be transferred from the removable storage unit 422 to computer system 400 .
  • EPROM erasable programmable read only memory
  • PROM programmable read only memory
  • Computer system 400 may also include a communications interface 424 .
  • Communications interface 424 allows software and data to be transferred between computer system 400 and external devices. Examples of communications interface 424 may include a modem, a network interface (such as an Ethernet card), a communications port, a Personal Computer Memory Card International Association (PCMCIA) slot and card, etc.
  • Software and data transferred via communications interface 424 are in the form of signals 428 which may be electronic, electromagnetic, optical or other signals capable of being received by communications interface 424 . These signals 428 are provided to communications interface 424 via a communications path (e.g., channel) 426 . This channel 426 carries signals 428 and may be implemented using wire or cable, fiber optics, a telephone line, a cellular link, an radio frequency (RF) link and other communications channels.
  • RF radio frequency
  • computer program medium and “computer usable medium” are used to generally refer to media such as removable storage drive 414 , a hard disk installed in hard disk drive 412 , and signals 428 .
  • These computer program products provide software to computer system 400 .
  • the invention is directed to such computer program products.
  • Computer programs are stored in main memory 408 and/or secondary memory 410 . Computer programs may also be received via communications interface 424 . Such computer programs, when executed, enable the computer system 400 to perform the features of the present invention, as discussed herein. In particular, the computer programs, when executed, enable the processor 404 to perform the features of the present invention. Accordingly, such computer programs represent controllers of the computer system 400 .
  • the software may be stored in a computer program product and loaded into computer system 400 using removable storage drive 414 , hard drive 412 or communications interface 424 .
  • the control logic when executed by the processor 404 , causes the processor 404 to perform the functions of the invention as described herein.
  • the invention is implemented primarily in hardware using, for example, hardware components such as application specific integrated circuits (ASICs).
  • ASICs application specific integrated circuits
  • the invention is implemented using a combination of both hardware and software.

Abstract

A network attached apparatus, system, method and computer program product for identifying users of networked computers is provided. The apparatus is installed at core network uplink points and analyzes packets as they traverse the network and intelligently correlates the contents of the traffic with user contact and system access information. The resulting information is used to identify the user of the networked computer for security or accounting purposes.

Description

    CROSS REFERENCE TO RELATED APPLICATIONS
  • This application is a continuation of U.S. patent application Ser. No. 11/470,871, filed Sep. 7, 2006, which is a continuation of U.S. patent application Ser. No. 10/627,672, filed on Jul. 28, 2003 (now U.S. Pat. No. 7,133,916 issued Nov. 7, 2006), the disclosures of which are incorporated herein by reference in their entirety.
  • BACKGROUND OF THE INVENTION
  • 1. Field of the Invention
  • The present invention generally relates to computer networks, and more particularly to apparatus, systems, methods and computer program products that provide security within such computer networks.
  • 2. Related Art
  • In today's technological climate it is typical for an enterprise (i.e., a business concern, corporation, institution, organization, government agency or the like) to own and operate one or more computer networks (e.g., local area networks (LANs) and the like). These computer networks may be spread out over several offices, floors and/or buildings. Within these computer networks are large amounts of sensitive, proprietary (and sometimes, confidential) data. Thus, it is understandable that such enterprises are concerned with the security of their computer networks.
  • Regardless of the implementation of login/password schemes, unauthorized users inevitably obtain access to computer networks. In fact, even those users to whom access of computer networks are authorized (e.g., employees, independent contractors, sub-contractors and the like), may often use such networks in an unauthorized manner. Further, a great deal of unauthorized activity centers around electronic mail (“e-mail”). For example, an unauthorized user, or an authorized user acting in an unauthorized manner, may send an enterprise's confidential data to unauthorized persons or unauthorized computer systems via the world-wide, public Internet using e-mail.
  • Given the above-described problem, what is needed is an apparatus, system, method and computer program product for identifying users of networked computers. Today, the problem is typically solved by first referring to any existing cable plant documentation (if available) or physically tracing the cable to a physical location. Then, security or IT personnel must arrive at the physical location in order to physically identifying the offending user. The needed apparatus, system, method and computer program product, however, should analyze network e-mail traffic and map Internet Protocol (IP) addresses to end users (i.e., identify the user of a specific IP address within the network). The needed apparatus, system, method and computer program product would result in lowered response time for identifying, locating and disabling computers that pose a security threat.
  • SUMMARY OF THE INVENTION
  • The present invention meets the above identified needs by providing an apparatus, system, method and computer program product for identifying users of networked computers. That is, in an embodiment, the present invention provides a network asset tracking system that maps end users to workstation Internet Protocol (IP) addresses by passively analyzing (existing) network traffic. The network asset tracking system of the present invention also provides, in an embodiment, a reporting of end user-to-IP address mappings via a database-backed Web application.
  • In an embodiment, the network asset tracking system of the present invention includes two components—a name discovery system “back end” and an administrative Web application “front end.” The name discovery system (“NDS”) is a “sniffer” apparatus (i.e., hardware) connected to the primary switch of the enterprise's LAN. The NDS apparatus captures and analyzes network traffic. The Web application is provided for administrators of the computer network to manage and correlate the data captured by the NDS and cross-correlates such data with the enterprise's directory data to map IP addresses to end users.
  • An advantage of the present invention is that it allows users of computers that pose a security threat to be identified with lowered response time for locating and disabling the suspect computer.
  • Another advantage of the present invention is that it maps a computer user's identity to an organization's directory information (e.g., building, room, phone, etc.), allowing the physical location of a computer to be determined (i.e., identifying a specific building and/or room). Thus, security threats addressed by the present invention not only include those by unauthorized users, but also Trojan horse-type attacks where physically locating such attacks are critical.
  • Another advantage of the present invention is that it provides identification of computer users who are using a computer network's assets inappropriately and it can also identify computer users and their organization within a company for Information Technology (IT) infrastructure accounting purposes. This advantage becomes clearer when considering the accounting problem faced by large enterprises who share a large common network infrastructure, yet attempt to allocate the costs of network maintenance and support to separate divisions or departments.
  • Yet another advantage of the present invention is that it can identify errors in existing cable plant (network) documentation. By providing the physical location of a network connection, combined with the IP address on the switch port in the network closet, the present invention enables documenting the last “hop” and auditing of such existing network documentation.
  • Further features and advantages of the present invention as well as the structure and operation of various embodiments of the present invention are described in detail below with reference to the accompanying drawings.
  • BRIEF DESCRIPTION OF THE FIGURES
  • The features and advantages of the present invention will become more apparent from the detailed description set forth below when taken in conjunction with the drawings.
  • FIG. 1 is a block diagram illustrating an enterprise's local area computer network in which the present invention may be implemented according to one embodiment.
  • FIGS. 2 and 3A-D are flowcharts illustrating network asset tracking processes according to alternate embodiments of the present invention.
  • FIG. 4 is a block diagram of an exemplary computer system useful for implementing the present invention.
  • DETAILED DESCRIPTION I. Overview
  • The present invention is directed to an apparatus, system, method and computer program product for identifying users of networked computers.
  • In an embodiment, the present invention is provided to an enterprise as a solution for mapping Internet Protocol (IP) addresses to an organization's personnel using directory data and the contents of network traffic. First, the enterprise's local area network (e.g., Ethernet, FDDI or the like) traffic is captured and analyzed by installing a name discovery system apparatus (i.e., “NDS” hardware) on the primary switch of the enterprise's local area network (LAN). The captured data is cross-correlated with list data to map IP addresses to end users. Second, the network asset tracking solution of the present invention also provides access and manipulation of the collected network traffic data through a database-backed Web application for use by the enterprise's IT administrative personnel.
  • The apparatus, system, method and computer program of the present invention allow users of computers that pose a security threat to be identified with lowered response time for locating and disabling the suspect computer. Further, the present invention also allows an enterprise to perform accounting functions. For example, an enterprise may be interested in determining the network usage (e.g., number of network connections) for a subset of computer users (e.g., sub-contractors versus employees) for billing and other accounting purposes (e.g., shared/allocated network infrastructure cost models employed by certain enterprises such as government agencies).
  • The present invention is now described in detail below in terms of the above examples. This is for convenience only and is not intended to limit the application of the present invention. In fact, after reading the following description, it will be apparent to one skilled in the relevant art(s) how to implement the following invention in alternative embodiments (e.g., the analysis of different types of network traffic within different types of computer networks).
  • The terms “user,” “entity,” “personnel,” “staff,” “organization,” “enterprise” and the plural form of these terms are used interchangeably throughout herein to refer to those who would access, use, be identified by and/or benefit from the tool that the present invention provides for identifying users of networked computers.
  • II. Apparatus and System Architecture
  • Referring to FIG. 1, a network asset tracking (“NAT”) system 100 according to an embodiment of the present invention is shown.
  • System 100 includes an enterprise's local area network (e.g., Ethernet) backbone 102 which interconnects a plurality of end-user computers 104. In alternate embodiments, computers 104 are terminals, workstations (e.g., Sun® SPARC™ or NT™ workstation running the Sun® Solaris™, Microsoft® Windows 2000™ or XP™, or IBM® AIX™ operating system) or personal computers (PC) (e.g., an IBM™ or compatible PC running the Microsoft® Windows 95/98™ or Windows NT™ operating system, Macintosh® computer running the Mac® OS operating system, or the like). (For simplicity, FIG. 1 shows computers 104 a-n). In alternative embodiments, users may access LAN 102 using any processing device 104 including, but not limited to, a desktop computer, laptop, palmtop, set-top box, personal digital assistant (PDA) and the like.
  • The backbone of LAN 102 is connected to a primary switch (i.e., the LAN's primary Internet link) 106. Switch 106 is connected to a router 108 which in turn provides users of computers 104 with a connection to the public, global Internet 112.
  • In an embodiment, a name discovery system (“NDS”) apparatus 110 is connected to primary switch 106. NDS 110 functions as a “sniffer” hardware (i.e., a collection node) for capturing LAN 102 inbound and outbound traffic.
  • In one embodiment, NDS 110 is a one rack unit (IU) box with a power plug. In such an embodiment, NDS 110 has two 100 Mbps network connections to primary switch 106. As shown in FIG. 1, one link is a mirrored uplink, via one NDS 110 port to collect data from LAN 102. A second NDS 110 port is utilized for sending periodic data files and permitting regular access via a Web application. As will be appreciated by one skilled in the relevant art(s) after reading the description herein, in such an embodiment, NDS 110 requires two valid IP addresses. As will also be appreciated by those skilled in the relevant art(s) after reading the description herein, for larger networks, an NDS 110 can be installed at each core network uplink point (i.e., primary switch) in an alternate embodiment.
  • In an embodiment, administrators of LAN 102 are given access to NDS 110 via a “front end” Web application which includes a login/password scheme. Such a front end is provided by Web server computer 114 having LAN 102 connectivity to NDS 110. As will be appreciated by one skilled in the relevant art(s), Web server 114 provides the “front-end” for NAT system 100. That is, server 114 contains a Web server process which sends out Web pages in response to Hypertext Transfer Protocol (HTTP) or Hypertext Transfer Protocol (HTTPS) requests from remote browsers (e.g., administrators of LAN 102). More specifically, it provides graphical user interface (GUI) “front-end” screens to such administrative users of NAT system 100 in the form of Web pages. These Web pages, when sent to the users' respective computers 104, result in GUI screens being displayed.
  • In an alternate embodiment, administrators of LAN 102 are also given remote access to NDS 110 via the Secure Shell (SSH) program on port 22 of the NDS 110.
  • As will also be appreciated by one skilled in the relevant art(s) after reading the description herein, in alternate embodiments, NDS 110 would contain, or have access to within NATS system 100, a central repository for storing all LAN 102 traffic data collected. Such a repository would also be accessible to the “front end” Web application to allow administrators of LAN 102 to collect statistics, view reports and the like.
  • More detailed descriptions of NAT system 100 components, as well their functionality, are provided below.
  • III. Operation
  • Referring to FIG. 2, a flowchart illustrating the data flow of a network asset tracking process 200 according to an embodiment of the present invention is shown.
  • First, inbound and outbound e-mail traffic data 202 (e.g., IP addresses and e-mail addresses) within LAN 102 are collected (i.e., extracted) and stored by NDS 110. In an embodiment, the Tethereal (“dump and analyze network traffic”) network protocol analyzer utility (developed as open source for Unix and Windows and available under the GNU General Public License) is used by NDS 110 to extract data from LAN 102. In alternate embodiments, as will be appreciated by those skilled in the relevant art(s) after reading the description herein, other widely-available utilities (such as Snoop, Tcpdump or the like, or custom code logic) may be used by NDS 110 to extract data from LAN 102.
  • Next, Web server computer 114 (providing the above-mentioned database-backed Web application), having LAN 102 connectivity to NDS 110 would join the NDS 110 collected data and the enterprise's personnel directory information 206 in order to identify the users of computers 104 within LAN 102 (i.e., map users to IP addresses). More specifically, server 114 provides GUI 208 “front-end” screens to such administrative users of NAT system 100 in the form of Web pages. These Web pages, when sent to the users' respective computers, result in GUI screens 208 being displayed.
  • In an embodiment, the enterprise's personnel directory information 206 is organized as an ITU-T X.500 or other formatted database containing data about the enterprise's personnel (i.e., those authorized to use computers 104 within LAN 102). In an embodiment, such a database is a comma or tab delimited text file containing the exemplary fields listed in Table 1.
  • 1TABLE 1 Enterprise Personnel Directory 206 Example Fields First Name Last Name Middle Initial Nick Names Name Aliases Building Room Permanent E-mail Temporary E-mail User Name E-mail Address Affiliation/Organization.
  • In an embodiment, NAT system 100 would generate, on a periodic time interval basis (e.g., hourly, daily, weekly, etc.), an output data file containing all LAN 102 traffic data collected. In such an embodiment, the processing of data within NAT system 100 creates a text data file that is comma delimited for easy importing into other software application products (e.g., Microsoft® Excel and the like). In alternate embodiments, the NAT system 100 output data file contains a subset or all of the exemplary fields listed in Table 2:
  • 2TABLE 2 Example NAT Output File Fields IP address Hostname First Name Middle Initial Last Name E-mail Address Location Phone Number
  • In an embodiment, the Web application GUI screens 208 provide the capability of sorting the tabular results on any returned field from Table 2. As will be appreciated by one skilled in the relevant art(s) after reading the description herein, the fields from Table 2 that can actually be presented in NAT system 100 output data files, and the resulting mapping of users to IP addresses, is dependent on the quality of the data found within the enterprise's personnel directory 206. As will also be appreciated by one skilled in the relevant art(s) after reading the description herein, Table 1 and Table 2 can be joined together using the E-mail Address field common to both tables.
  • It should be understood that FIG. 2, which highlights the functionality and other advantages of NAT system 100, is presented for example purposes only. The architecture of the present invention is sufficiently flexible and configurable such that data collection and processing within NAT system 100 may take place in ways other than that shown in FIG. 2 (e.g., one or more data processing functions shown to take place on Web server 114 may take place on NDS 110 and vice versa).
  • VI. NDS Data Extraction
  • In an embodiment, NDS 110 is able to extract e-mail addresses and IP addresses from LAN 102 traffic data by analyzing port 25 of switch 106 for Simple Mail Transfer Protocol (SMTP) data, port 110 of switch 106 for Post Office Protocol, version 3 (POP3) data and port 143 of switch 106 for Internet Message Access Protocol, version 4 (IMAP) data.
  • Referring to FIG. 3A, a flowchart illustrating the data flow of network asset tracking process 200 according to one embodiment of the present invention is shown. More specifically, in FIG. 3A, computer 104 users are identified by NDS 110 from SMTP data traffic 202 exchanged between an enterprise's internal (SMTP) mail server 302 and external users 306 accessing outside (e.g., public Internet) SMTP mail servers 308.
  • Most installations of SMTP servers do not implement data compression or encryption. The initial SMTP greeting will identify the domain from which the e-mail is originating. As seen in FIG. 3A, extracted data 304 (i.e., e-mail traffic data extracted by NDS 110) is analyzed by process 200. The command “MAIL FROM:” will identify the full e-mail address of the sender, and the command “RCPT TO:” will identify the full e-mail address of the recipient. Once NDS 110 extracts data from LAN 102, code logic stored therein is utilized to search for the following patterns to obtain user identifiers:
  • Command: MAIL
  • Request parameter: FROM.
  • or:
  • Command: RCPT
  • Request parameter: TO:
  • User identifiers will follow “FROM:” and “TO:” with the identifiers possibly contained with-in “<” and “>” characters. Words after the “:” and before a “<” will usually be some string of the user identifiers. (“FROM:” and “TO:” refer to sender and recipient, respectively.)
  • Referring to FIG. 3B, a flowchart illustrating the data flow of network asset tracking process 200 according to one embodiment of the present invention is shown. More specifically, in FIG. 3B, computer 104 users are identified by NDS 110 from POP3 traffic 202 exchanged between an enterprise's internal (POP) mail server 302 and external users accessing outside (e.g., public Internet) mail servers.
  • The POP3 protocol does not use data encryption or compression. As seen in FIG. 3B, extracted data 304 (i.e., e-mail traffic data extracted by NDS 110) is analyzed by process 200. In POP3, a “USER” command is followed a space then the user identity (normally the username part of an e-mail address). Most implementations of the POP3 will usually have the “PASS” command follow the “USER” command. A “PASS” command will be followed by a space then the user's password in clear (i.e., unencrypted text). A server response of “OK” will confirm the user's authenticity. Thus, in such an embodiment, a real-time analysis on the POP3 protocol is done using code logic to perform pattern matching for the following:
  • Request: USER
  • Request Arg:
  • “Request Arg:” will be followed by a username string that will identify a user's identity. With this information, the packet header will include source and destination IP addresses to clearly identify the system the user is using. The inventor has found that, generally, less than 64 bytes of data is needed to capture the user's identifier.
  • Referring to FIG. 3C, a flowchart illustrating the data flow of network asset tracking process 200 according to one embodiment of the present invention is shown. More specifically, in FIG. 3C, computer 104 users are identified by NDS 110 from MAP traffic 202 exchanged between an enterprise's internal (IMAP) mail server 302 and external users accessing outside (e.g., public Internet) e-mail.
  • Like POP3, IMAP does not have data encryption or compression by default. As seen in FIG. 3C, extracted data 304 (i.e., e-mail traffic data extracted by NDS 110) is analyzed by process 200. Thus, a pattern match for the string “LOGIN” (case insensitive) will be used to identify a user's identity. After a “LOGIN” command has been issued to the server, a response of “OK LOGIN completed” or “FAIL” will confirm the user's identity. Obtaining a user's username for an IMAP system is similar to that of POP3 by examining for a pattern:
  • Request Tag: 000A
  • Request. LOGIN
  • Following the keyword “LOGIN” will be two arguments (username and password) wrapped in double quotes. Extracting only the necessary information, username, is done at this step. Similar to POP3, the inventor has found that less than 64 bytes of data is needed to be captured to obtain the user identifier. Depending on the client, the LOGIN command is normally within the first five IMAP packets sent.
  • Referring to FIG. 3D, a flowchart illustrating the data flow of network asset tracking process 200 according to one embodiment of the present invention is shown. More specifically, in FIG. 3D, computer 104 users are identified from Microsoft® Exchange e-mail data traffic 202 exchanged between an enterprise's internal (Exchange) mail server 302 and external users 306 accessing outside (e.g., public Internet) e-mail servers (not shown in FIG. 3D).
  • Microsoft® Exchange Server 2000, and subsequent updates, encrypt traffic between Microsoft® Outlook clients (executing on the client computers 104) and the Exchange mail server 302. Thus, in an alternate embodiment of the present invention, a small script loaded on Exchange server 302 is utilized to obtain extracted data 304. That is, the script is executed at a pre-configured, regular interval, and leverages the Exchange Server 2000 Message Tracking Center (i.e., enabling the message tracking feature on server 302) and its associated tracking log files (e.g., yyyymmdd.txt) which reside on a server 302 share to extract IP and e-mail addresses of senders of e-mail within the network.
  • In an alternate embodiment, the Microsoft Exchange tracking log files can be remotely accessed using a script that leverages the filesystem object to open the log files and parse them to obtain IP and e-mail addresses of e-mail senders within the network.
  • In either of the two above-described embodiments, as seen in FIG. 3D, extracted data 304 can then analyzed by process 200 as explained above. As will be appreciated by those skilled in the relevant art(s) after reading the description herein, the two above-described alternate embodiments leverage Exchange log files and thus allow NDS 110 to remain unutilized in such embodiments.
  • It should be understood that FIGS. 3A-D, which highlight the functionality and other advantages of NAT system 100, are presented for example purposes only. The architecture of the present invention is sufficiently flexible and configurable such that data collection and processing within NAT system 100 may take place in ways other than that shown in FIGS. 3A-D.
  • V. Example Implementations
  • The present invention (system 100, process 200 or any part(s) or function(s) thereof) may be implemented using hardware, software or a combination thereof and may be implemented in one or more computer systems or other processing systems. In fact, in one embodiment, the invention is directed toward one or more computer systems capable of carrying out the functionality described herein. An example of a computer system 400 is shown in FIG. 4. The computer system 400 includes one or more processors, such as processor 404. The processor 404 is connected to a communication infrastructure 406 (e.g., a communications bus, cross-over bar, or network). Various software embodiments are described in terms of this exemplary computer system. After reading this description, it will become apparent to a person skilled in the relevant art(s) how to implement the invention using other computer systems and/or architectures.
  • Computer system 400 can include a display interface 402 that forwards graphics, text, and other data from the communication infrastructure 406 (or from a frame buffer not shown) for display on the display unit 430.
  • Computer system 400 also includes a main memory 408, preferably random access memory (RAM), and may also include a secondary memory 410. The secondary memory 410 may include, for example, a hard disk drive 412 and/or a removable storage drive 414, representing a floppy disk drive, a magnetic tape drive, an optical disk drive, etc. The removable storage drive 414 reads from and/or writes to a removable storage unit 418 in a well known manner. Removable storage unit 418 represents a floppy disk, magnetic tape, optical disk, etc. which is read by and written to by removable storage drive 414. As will be appreciated, the removable storage unit 418 includes a computer usable storage medium having stored therein computer software and/or data.
  • In alternative embodiments, secondary memory 410 may include other similar devices for allowing computer programs or other instructions to be loaded into computer system 400. Such devices may include, for example, a removable storage unit 422 and an interface 420. Examples of such may include a program cartridge and cartridge interface (such as that found in video game devices), a removable memory chip (such as an erasable programmable read only memory (EPROM), or programmable read only memory (PROM)) and associated socket, and other removable storage units 422 and interfaces 420, which allow software and data to be transferred from the removable storage unit 422 to computer system 400.
  • Computer system 400 may also include a communications interface 424. Communications interface 424 allows software and data to be transferred between computer system 400 and external devices. Examples of communications interface 424 may include a modem, a network interface (such as an Ethernet card), a communications port, a Personal Computer Memory Card International Association (PCMCIA) slot and card, etc. Software and data transferred via communications interface 424 are in the form of signals 428 which may be electronic, electromagnetic, optical or other signals capable of being received by communications interface 424. These signals 428 are provided to communications interface 424 via a communications path (e.g., channel) 426. This channel 426 carries signals 428 and may be implemented using wire or cable, fiber optics, a telephone line, a cellular link, an radio frequency (RF) link and other communications channels.
  • In this document, the terms “computer program medium” and “computer usable medium” are used to generally refer to media such as removable storage drive 414, a hard disk installed in hard disk drive 412, and signals 428. These computer program products provide software to computer system 400. The invention is directed to such computer program products.
  • Computer programs (also referred to as computer control logic) are stored in main memory 408 and/or secondary memory 410. Computer programs may also be received via communications interface 424. Such computer programs, when executed, enable the computer system 400 to perform the features of the present invention, as discussed herein. In particular, the computer programs, when executed, enable the processor 404 to perform the features of the present invention. Accordingly, such computer programs represent controllers of the computer system 400.
  • In an embodiment where the invention is implemented using software, the software may be stored in a computer program product and loaded into computer system 400 using removable storage drive 414, hard drive 412 or communications interface 424. The control logic (software), when executed by the processor 404, causes the processor 404 to perform the functions of the invention as described herein.
  • In another embodiment, the invention is implemented primarily in hardware using, for example, hardware components such as application specific integrated circuits (ASICs). Implementation of the hardware state machine so as to perform the functions described herein will be apparent to persons skilled in the relevant art(s).
  • In yet another embodiment, the invention is implemented using a combination of both hardware and software.
  • VI. Conclusion
  • While various embodiments of the present invention have been described above, it should be understood that they have been presented by way of example, and not limitation. It will be apparent to persons skilled in the relevant art(s) that various changes in form and detail can be made therein without departing from the spirit and scope of the present invention. Thus, the present invention should not be limited by any of the above-described exemplary embodiments, but should be defined only in accordance with the following claims and their equivalents.

Claims (1)

1. A system for identifying users of a plurality of computers within a communications network, comprising: a database storing directory information for a plurality of users authorized to use the plurality of computers within the communications network; a name discovery apparatus having at least one connection to a primary switch in the communications network for capturing inbound and outbound electronic mail traffic; and a server, connected to said name discovery apparatus and having access to said database via the communications network, said server having a server process capable of joining said inbound and outbound electronic mail traffic captured by said name discovery apparatus and said directory information stored in said database, thereby identifying which of said plurality of users is using which of the plurality of computers.
US12/468,603 2003-07-28 2009-05-19 Network asset tracker Abandoned US20090287788A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US12/468,603 US20090287788A1 (en) 2003-07-28 2009-05-19 Network asset tracker

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US10/627,672 US7133916B2 (en) 2003-07-28 2003-07-28 Asset tracker for identifying user of current internet protocol addresses within an organization's communications network
US11/470,871 US7555550B2 (en) 2003-07-28 2006-09-07 Asset tracker for identifying user of current internet protocol addresses within an organization's communications network
US12/468,603 US20090287788A1 (en) 2003-07-28 2009-05-19 Network asset tracker

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
US11/470,871 Continuation US7555550B2 (en) 2003-07-28 2006-09-07 Asset tracker for identifying user of current internet protocol addresses within an organization's communications network

Publications (1)

Publication Number Publication Date
US20090287788A1 true US20090287788A1 (en) 2009-11-19

Family

ID=34103269

Family Applications (3)

Application Number Title Priority Date Filing Date
US10/627,672 Expired - Fee Related US7133916B2 (en) 2003-07-28 2003-07-28 Asset tracker for identifying user of current internet protocol addresses within an organization's communications network
US11/470,871 Expired - Fee Related US7555550B2 (en) 2003-07-28 2006-09-07 Asset tracker for identifying user of current internet protocol addresses within an organization's communications network
US12/468,603 Abandoned US20090287788A1 (en) 2003-07-28 2009-05-19 Network asset tracker

Family Applications Before (2)

Application Number Title Priority Date Filing Date
US10/627,672 Expired - Fee Related US7133916B2 (en) 2003-07-28 2003-07-28 Asset tracker for identifying user of current internet protocol addresses within an organization's communications network
US11/470,871 Expired - Fee Related US7555550B2 (en) 2003-07-28 2006-09-07 Asset tracker for identifying user of current internet protocol addresses within an organization's communications network

Country Status (5)

Country Link
US (3) US7133916B2 (en)
EP (1) EP1654667A4 (en)
JP (1) JP4554609B2 (en)
CA (1) CA2534121A1 (en)
WO (1) WO2005015086A2 (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090012760A1 (en) * 2007-04-30 2009-01-08 Schunemann Alan J Method and system for activity monitoring and forecasting
US20100088358A1 (en) * 2004-11-19 2010-04-08 Etelemetry, Inc. Inserted contextual web content derived from intercepted web viewing content
US20100085971A1 (en) * 2004-11-19 2010-04-08 Etelemetry, Inc. Computer tracking and locking
US20130060932A1 (en) * 2011-09-06 2013-03-07 Shachar Ofek Discovering tiers within an application

Families Citing this family (63)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7737134B2 (en) * 2002-03-13 2010-06-15 The Texas A & M University System Anticancer agents and use
US7885190B1 (en) 2003-05-12 2011-02-08 Sourcefire, Inc. Systems and methods for determining characteristics of a network based on flow analysis
US7133916B2 (en) * 2003-07-28 2006-11-07 Etelemetry, Inc. Asset tracker for identifying user of current internet protocol addresses within an organization's communications network
US8166554B2 (en) 2004-02-26 2012-04-24 Vmware, Inc. Secure enterprise network
US8024779B2 (en) * 2004-02-26 2011-09-20 Packetmotion, Inc. Verifying user authentication
US8214875B2 (en) * 2004-02-26 2012-07-03 Vmware, Inc. Network security policy enforcement using application session information and object attributes
US9584522B2 (en) 2004-02-26 2017-02-28 Vmware, Inc. Monitoring network traffic by using event log information
US7941827B2 (en) * 2004-02-26 2011-05-10 Packetmotion, Inc. Monitoring network traffic by using a monitor device
US7539681B2 (en) 2004-07-26 2009-05-26 Sourcefire, Inc. Methods and systems for multi-pattern searching
US7496962B2 (en) * 2004-07-29 2009-02-24 Sourcefire, Inc. Intrusion detection strategies for hypertext transport protocol
US7472189B2 (en) * 2005-07-21 2008-12-30 Sbc Knowledge Ventures, L.P. Method of collecting data from network elements
US8230491B2 (en) * 2005-08-19 2012-07-24 Opnet Technologies, Inc. Automatic access to network devices using various authentication schemes
US7890752B2 (en) * 2005-10-31 2011-02-15 Scenera Technologies, Llc Methods, systems, and computer program products for associating an originator of a network packet with the network packet using biometric information
US8046833B2 (en) 2005-11-14 2011-10-25 Sourcefire, Inc. Intrusion event correlation with network discovery information
US7733803B2 (en) 2005-11-14 2010-06-08 Sourcefire, Inc. Systems and methods for modifying network map attributes
US8477910B2 (en) * 2006-02-23 2013-07-02 Microsemi Corp.—Analog Mixed Signal Group Ltd. System and method for location identification
TW200746783A (en) * 2006-02-23 2007-12-16 Powerdsine Ltd System and method for location identification
US8151322B2 (en) 2006-05-16 2012-04-03 A10 Networks, Inc. Systems and methods for user access authentication based on network access point
US7948988B2 (en) 2006-07-27 2011-05-24 Sourcefire, Inc. Device, system and method for analysis of fragments in a fragment train
US7701945B2 (en) 2006-08-10 2010-04-20 Sourcefire, Inc. Device, system and method for analysis of segments in a transmission control protocol (TCP) session
US8312507B2 (en) 2006-10-17 2012-11-13 A10 Networks, Inc. System and method to apply network traffic policy to an application session
US7716378B2 (en) 2006-10-17 2010-05-11 A10 Networks, Inc. System and method to associate a private user identity with a public user identity
US7979494B1 (en) * 2006-11-03 2011-07-12 Quest Software, Inc. Systems and methods for monitoring messaging systems
US8069352B2 (en) 2007-02-28 2011-11-29 Sourcefire, Inc. Device, system and method for timestamp analysis of segments in a transmission control protocol (TCP) session
US8127353B2 (en) 2007-04-30 2012-02-28 Sourcefire, Inc. Real-time user awareness for a computer network
US8474043B2 (en) 2008-04-17 2013-06-25 Sourcefire, Inc. Speed and memory optimization of intrusion detection system (IDS) and intrusion prevention system (IPS) rule processing
US8279852B2 (en) 2008-10-01 2012-10-02 The Nielsen Company (Us), Llc Method and system for measuring market share for voice over internet protocol carriers
US8837699B2 (en) 2008-10-01 2014-09-16 The Nielsen Company (Us), Llc Methods and apparatus to monitor subscriber activity
US8272055B2 (en) 2008-10-08 2012-09-18 Sourcefire, Inc. Target-based SMB and DCE/RPC processing for an intrusion detection system or intrusion prevention system
US8549327B2 (en) 2008-10-27 2013-10-01 Bank Of America Corporation Background service process for local collection of data in an electronic discovery system
US20100250455A1 (en) * 2009-03-27 2010-09-30 Bank Of America Corporation Suggesting potential custodians for cases in an enterprise-wide electronic discovery system
US8417716B2 (en) * 2009-03-27 2013-04-09 Bank Of America Corporation Profile scanner
US8572376B2 (en) * 2009-03-27 2013-10-29 Bank Of America Corporation Decryption of electronic communication in an electronic discovery enterprise system
US20100250456A1 (en) * 2009-03-27 2010-09-30 Bank Of America Corporation Suggesting preservation notice and survey recipients in an electronic discovery system
US20100250509A1 (en) * 2009-03-27 2010-09-30 Bank Of America Corporation File scanning tool
US8364681B2 (en) 2009-03-27 2013-01-29 Bank Of America Corporation Electronic discovery system
US8572227B2 (en) * 2009-03-27 2013-10-29 Bank Of America Corporation Methods and apparatuses for communicating preservation notices and surveys
US8250037B2 (en) 2009-03-27 2012-08-21 Bank Of America Corporation Shared drive data collection tool for an electronic discovery system
US9330374B2 (en) 2009-03-27 2016-05-03 Bank Of America Corporation Source-to-processing file conversion in an electronic discovery enterprise system
US20100250266A1 (en) * 2009-03-27 2010-09-30 Bank Of America Corporation Cost estimations in an electronic discovery system
US8224924B2 (en) * 2009-03-27 2012-07-17 Bank Of America Corporation Active email collector
US9721227B2 (en) 2009-03-27 2017-08-01 Bank Of America Corporation Custodian management system
US8806358B2 (en) * 2009-03-27 2014-08-12 Bank Of America Corporation Positive identification and bulk addition of custodians to a case within an electronic discovery system
US8504489B2 (en) 2009-03-27 2013-08-06 Bank Of America Corporation Predictive coding of documents in an electronic discovery system
US8200635B2 (en) 2009-03-27 2012-06-12 Bank Of America Corporation Labeling electronic data in an electronic discovery enterprise system
US8412847B2 (en) * 2009-11-02 2013-04-02 Demandbase, Inc. Mapping network addresses to organizations
US9053454B2 (en) 2009-11-30 2015-06-09 Bank Of America Corporation Automated straight-through processing in an electronic discovery system
WO2011130510A1 (en) 2010-04-16 2011-10-20 Sourcefire, Inc. System and method for near-real time network attack detection, and system and method for unified detection via detection routing
US8433790B2 (en) 2010-06-11 2013-04-30 Sourcefire, Inc. System and method for assigning network blocks to sensors
US8671182B2 (en) 2010-06-22 2014-03-11 Sourcefire, Inc. System and method for resolving operating system or service identity conflicts
US8601034B2 (en) 2011-03-11 2013-12-03 Sourcefire, Inc. System and method for real time data awareness
US9660992B1 (en) * 2011-05-23 2017-05-23 Palo Alto Networks, Inc. User-ID information propagation among appliances
US9215235B1 (en) * 2011-05-23 2015-12-15 Palo Alto Networks, Inc. Using events to identify a user and enforce policies
US10560478B1 (en) * 2011-05-23 2020-02-11 Palo Alto Networks, Inc. Using log event messages to identify a user and enforce policies
US8677447B1 (en) 2011-05-25 2014-03-18 Palo Alto Networks, Inc. Identifying user names and enforcing policies
US9159056B2 (en) 2012-07-10 2015-10-13 Spigit, Inc. System and method for determining the value of a crowd network
US9122853B2 (en) 2013-06-24 2015-09-01 A10 Networks, Inc. Location determination for user authentication
US10545938B2 (en) 2013-09-30 2020-01-28 Spigit, Inc. Scoring members of a set dependent on eliciting preference data amongst subsets selected according to a height-balanced tree
US11165770B1 (en) 2013-12-06 2021-11-02 A10 Networks, Inc. Biometric verification of a human internet user
CA2926505A1 (en) * 2015-05-04 2016-11-04 Wal-Mart Stores, Inc. System and method for mapping product locations
US20180209921A1 (en) * 2017-01-20 2018-07-26 Mallinckrodt Nuclear Medicine Llc Systems and methods for assaying an eluate of a radionuclide generator
CN108306818A (en) * 2018-01-29 2018-07-20 上海星谷信息科技有限公司 Network user's method for tracing and system
CN111343167B (en) * 2020-02-19 2022-08-12 北京天融信网络安全技术有限公司 Information processing method based on network and electronic equipment

Citations (76)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5696702A (en) * 1995-04-17 1997-12-09 Skinner; Gary R. Time and work tracker
US5712979A (en) * 1995-09-20 1998-01-27 Infonautics Corporation Method and apparatus for attaching navigational history information to universal resource locator links on a world wide web page
US5794235A (en) * 1996-04-12 1998-08-11 International Business Machines Corporation System and method for dynamic retrieval of relevant information by monitoring active data streams
US5944787A (en) * 1997-04-21 1999-08-31 Sift, Inc. Method for automatically finding postal addresses from e-mail addresses
US5948061A (en) * 1996-10-29 1999-09-07 Double Click, Inc. Method of delivery, targeting, and measuring advertising over networks
US5963914A (en) * 1995-04-17 1999-10-05 Skinner; Gary R. Network time and work tracker
US5983270A (en) * 1997-03-11 1999-11-09 Sequel Technology Corporation Method and apparatus for managing internetwork and intranetwork activity
US5982270A (en) * 1998-12-03 1999-11-09 Shop Vac Corporation Thermal fuse
US6044376A (en) * 1997-04-24 2000-03-28 Imgis, Inc. Content stream analysis
US6138162A (en) * 1997-02-11 2000-10-24 Pointcast, Inc. Method and apparatus for configuring a client to redirect requests to a caching proxy server based on a category ID with the request
US6185184B1 (en) * 1995-09-25 2001-02-06 Netspeak Corporation Directory server for providing dynamically assigned network protocol addresses
US6366913B1 (en) * 1998-10-21 2002-04-02 Netscape Communications Corporation Centralized directory services supporting dynamic group membership
US6405251B1 (en) * 1999-03-25 2002-06-11 Nortel Networks Limited Enhancement of network accounting records
US6442577B1 (en) * 1998-11-03 2002-08-27 Front Porch, Inc. Method and apparatus for dynamically forming customized web pages for web sites
US20020169873A1 (en) * 2001-01-29 2002-11-14 Richard Zodnik Locator for physically locating a peripheral device in a communication network
US20020178370A1 (en) * 1999-12-30 2002-11-28 Gurevich Michael N. Method and apparatus for secure authentication and sensitive data management
US20020178382A1 (en) * 2001-03-02 2002-11-28 Toru Mukai Security administration server and its host server
US6516311B1 (en) * 2000-02-24 2003-02-04 Tau (Tony) Qiu & Howard Hoffenberg, As Tenants In Common Method for linking on the internet with an advertising feature
US20030037163A1 (en) * 2001-08-15 2003-02-20 Atsushi Kitada Method and system for enabling layer 2 transmission of IP data frame between user terminal and service provider
US20030088629A1 (en) * 2001-11-08 2003-05-08 Martin Berkowitz Email management system and method
US6594763B1 (en) * 1998-10-27 2003-07-15 Sprint Communications Company L.P. Object-based security system
US20030158855A1 (en) * 2002-02-20 2003-08-21 Farnham Shelly D. Computer system architecture for automatic context associations
US20030172167A1 (en) * 2002-03-08 2003-09-11 Paul Judge Systems and methods for secure communication delivery
US20030200272A1 (en) * 2002-04-18 2003-10-23 Leon Campise System and method for data collection and update utilizing surrogate e-mail addresses using a server
US20030216144A1 (en) * 2002-03-01 2003-11-20 Roese John J. Using signal characteristics to locate devices in a data network
US20030237002A1 (en) * 2002-06-25 2003-12-25 Hitachi, Ltd. Network node and communication system
US20040057425A1 (en) * 2002-09-25 2004-03-25 Brouwer Wim L. Location identification for IP telephony to support emergency services
US20040133641A1 (en) * 2003-01-03 2004-07-08 Nortel Networks Limited Distributed services based on presence technology
US6804659B1 (en) * 2000-01-14 2004-10-12 Ricoh Company Ltd. Content based web advertising
US6810363B2 (en) * 2002-12-12 2004-10-26 Xerox Corporation Methods, apparatus, and program products for analyzing context in a networked computing environment
US20050002380A1 (en) * 2003-05-09 2005-01-06 Miller Robert S. Automated IT asset location system
US6847969B1 (en) * 1999-05-03 2005-01-25 Streetspace, Inc. Method and system for providing personalized online services and advertisements in public spaces
US6850892B1 (en) * 1992-07-15 2005-02-01 James G. Shaw Apparatus and method for allocating resources to improve quality of an organization
US20050027593A1 (en) * 2003-08-01 2005-02-03 Wilson Joseph G. System and method for segmenting and targeting audience members
US20050027806A1 (en) * 2003-07-28 2005-02-03 Schunemann Alan J. Network asset tracker for identifying users of networked computers
US20050030955A1 (en) * 2000-12-05 2005-02-10 Liam Galin System for automatically identifying the physical location of network end devices
US6862594B1 (en) * 2000-05-09 2005-03-01 Sun Microsystems, Inc. Method and apparatus to discover services using flexible search criteria
US20050050027A1 (en) * 2003-09-03 2005-03-03 Leslie Yeh Determining and/or using location information in an ad system
US20050125289A1 (en) * 2003-08-01 2005-06-09 Gil Beyda Audience targeting system with segment management
US6912230B1 (en) * 1999-02-05 2005-06-28 Tecore Multi-protocol wireless communication apparatus and method
US20050166233A1 (en) * 2003-08-01 2005-07-28 Gil Beyda Network for matching an audience with deliverable content
US6947598B2 (en) * 2001-04-20 2005-09-20 Front Porch Digital Inc. Methods and apparatus for generating, including and using information relating to archived audio/video data
US20050232164A1 (en) * 2004-04-19 2005-10-20 Mitel Networks Corporation Method for recognizing location move of VoIP phones
US6970871B1 (en) * 2002-04-11 2005-11-29 Sprint Spectrum L.P. System and method of sorting information based on a location of a mobile station
US6978470B2 (en) * 2001-12-26 2005-12-20 Bellsouth Intellectual Property Corporation System and method for inserting advertising content in broadcast programming
US6983379B1 (en) * 2000-06-30 2006-01-03 Hitwise Pty. Ltd. Method and system for monitoring online behavior at a remote site and creating online behavior profiles
US6982379B2 (en) * 2004-02-13 2006-01-03 Sumitomo Wiring Systems, Ltd. Automotive electrical connection box and a method of mounting it
US20060004627A1 (en) * 2004-06-30 2006-01-05 Shumeet Baluja Advertisements for devices with call functionality, such as mobile phones
US7000015B2 (en) * 2000-04-24 2006-02-14 Microsoft Corporation System and methods for providing physical location information and a location method used in discovering the physical location information to an application on a computing device
US20060047800A1 (en) * 2004-08-24 2006-03-02 Panduit Corporation Systems and methods for network management
US7010492B1 (en) * 1999-09-30 2006-03-07 International Business Machines Corporation Method and apparatus for dynamic distribution of controlled and additional selective overlays in a streaming media
US20060056388A1 (en) * 2004-08-24 2006-03-16 Comcast Cable Holdings, Llc Method and system for locating a voice over internet protocol (VoIP) device connected to a network
US7035468B2 (en) * 2001-04-20 2006-04-25 Front Porch Digital Inc. Methods and apparatus for archiving, indexing and accessing audio and video data
US20060136372A1 (en) * 2004-11-19 2006-06-22 Schunemann Alan J Inserted contextual web content derived from intercepted web viewing content
US20060149624A1 (en) * 2004-12-30 2006-07-06 Shumeet Baluja Generating and/or serving local area advertisements, such as advertisements for devices with call functionality
US7076244B2 (en) * 2001-07-23 2006-07-11 Research In Motion Limited System and method for pushing information to a mobile device
US20060153167A1 (en) * 2004-11-19 2006-07-13 Schunemann Alan J Computer tracking and locking
US7089194B1 (en) * 1999-06-17 2006-08-08 International Business Machines Corporation Method and apparatus for providing reduced cost online service and adaptive targeting of advertisements
US7110664B2 (en) * 2001-04-20 2006-09-19 Front Porch Digital, Inc. Methods and apparatus for indexing and archiving encoded audio-video data
US7124093B1 (en) * 1997-12-22 2006-10-17 Ricoh Company, Ltd. Method, system and computer code for content based web advertising
US20060265283A1 (en) * 2005-05-20 2006-11-23 Anchorfree, Inc. System and method for monetizing internet usage
US20060265501A1 (en) * 2005-05-20 2006-11-23 Anchorfree Wireless System and method for enabling wireless internet access in public areas
US20060293962A1 (en) * 2005-05-20 2006-12-28 Anchorfree, Inc. Computerized networking device with embedded advanced content and web traffic monetization functionality
US20070005654A1 (en) * 2005-05-20 2007-01-04 Avichai Schachar Systems and methods for analyzing relationships between entities
US7167910B2 (en) * 2002-02-20 2007-01-23 Microsoft Corporation Social mapping of contacts from computer communication information
US20070162598A1 (en) * 2005-05-20 2007-07-12 Anchorfree, Inc. Method and system for advanced messaging
US20070162954A1 (en) * 2003-04-07 2007-07-12 Pela Peter L Network security system based on physical location
US7320070B2 (en) * 2002-01-08 2008-01-15 Verizon Services Corp. Methods and apparatus for protecting against IP address assignments based on a false MAC address
US7373389B2 (en) * 2003-08-27 2008-05-13 Spoke Software Periodic update of data in a relationship system
US7503070B1 (en) * 2003-09-19 2009-03-10 Marshall Van Alstyne Methods and systems for enabling analysis of communication content while preserving confidentiality
US7539697B1 (en) * 2002-08-08 2009-05-26 Spoke Software Creation and maintenance of social relationship network graphs
US7707122B2 (en) * 2004-01-29 2010-04-27 Yahoo ! Inc. System and method of information filtering using measures of affinity of a relationship
US7739210B2 (en) * 2001-06-28 2010-06-15 Microsoft Corporation Methods and architecture for cross-device activity monitoring, reasoning, and visualization for providing status and forecasts of a users' presence and availability
US7844671B1 (en) * 2004-04-07 2010-11-30 Cisco Technology, Inc. Communication systems and methods with social network filtering
US7849103B2 (en) * 2003-09-10 2010-12-07 West Services, Inc. Relationship collaboration system
US8095597B2 (en) * 2001-05-01 2012-01-10 Aol Inc. Method and system of automating data capture from electronic correspondence

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5654A (en) * 1848-06-27 Door-spring
US158855A (en) * 1875-01-19 Improvement in axles for vehicles
US5978568A (en) * 1997-03-11 1999-11-02 Sequel Technology Corporation Method and apparatus for resolving network users to network computers
EP1054529A3 (en) * 1999-05-20 2003-01-08 Lucent Technologies Inc. Method and apparatus for associating network usage with particular users
AU2001297539A1 (en) * 2000-10-23 2002-10-03 Xacct Technologies, Ltd. System, method and computer program product for network record synthesis
JP2002259219A (en) * 2001-02-28 2002-09-13 Crayfish Co Ltd Method and system for identifying user on communication network

Patent Citations (86)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6850892B1 (en) * 1992-07-15 2005-02-01 James G. Shaw Apparatus and method for allocating resources to improve quality of an organization
US5963914A (en) * 1995-04-17 1999-10-05 Skinner; Gary R. Network time and work tracker
US5696702A (en) * 1995-04-17 1997-12-09 Skinner; Gary R. Time and work tracker
US5712979A (en) * 1995-09-20 1998-01-27 Infonautics Corporation Method and apparatus for attaching navigational history information to universal resource locator links on a world wide web page
US6185184B1 (en) * 1995-09-25 2001-02-06 Netspeak Corporation Directory server for providing dynamically assigned network protocol addresses
US5794235A (en) * 1996-04-12 1998-08-11 International Business Machines Corporation System and method for dynamic retrieval of relevant information by monitoring active data streams
US5948061A (en) * 1996-10-29 1999-09-07 Double Click, Inc. Method of delivery, targeting, and measuring advertising over networks
US6138162A (en) * 1997-02-11 2000-10-24 Pointcast, Inc. Method and apparatus for configuring a client to redirect requests to a caching proxy server based on a category ID with the request
US5983270A (en) * 1997-03-11 1999-11-09 Sequel Technology Corporation Method and apparatus for managing internetwork and intranetwork activity
US5944787A (en) * 1997-04-21 1999-08-31 Sift, Inc. Method for automatically finding postal addresses from e-mail addresses
US6044376A (en) * 1997-04-24 2000-03-28 Imgis, Inc. Content stream analysis
US7124093B1 (en) * 1997-12-22 2006-10-17 Ricoh Company, Ltd. Method, system and computer code for content based web advertising
US6366913B1 (en) * 1998-10-21 2002-04-02 Netscape Communications Corporation Centralized directory services supporting dynamic group membership
US6594763B1 (en) * 1998-10-27 2003-07-15 Sprint Communications Company L.P. Object-based security system
US6442577B1 (en) * 1998-11-03 2002-08-27 Front Porch, Inc. Method and apparatus for dynamically forming customized web pages for web sites
US5982270A (en) * 1998-12-03 1999-11-09 Shop Vac Corporation Thermal fuse
US6912230B1 (en) * 1999-02-05 2005-06-28 Tecore Multi-protocol wireless communication apparatus and method
US6405251B1 (en) * 1999-03-25 2002-06-11 Nortel Networks Limited Enhancement of network accounting records
US6847969B1 (en) * 1999-05-03 2005-01-25 Streetspace, Inc. Method and system for providing personalized online services and advertisements in public spaces
US7089194B1 (en) * 1999-06-17 2006-08-08 International Business Machines Corporation Method and apparatus for providing reduced cost online service and adaptive targeting of advertisements
US7010492B1 (en) * 1999-09-30 2006-03-07 International Business Machines Corporation Method and apparatus for dynamic distribution of controlled and additional selective overlays in a streaming media
US20020178370A1 (en) * 1999-12-30 2002-11-28 Gurevich Michael N. Method and apparatus for secure authentication and sensitive data management
US6804659B1 (en) * 2000-01-14 2004-10-12 Ricoh Company Ltd. Content based web advertising
US6516311B1 (en) * 2000-02-24 2003-02-04 Tau (Tony) Qiu & Howard Hoffenberg, As Tenants In Common Method for linking on the internet with an advertising feature
US7000015B2 (en) * 2000-04-24 2006-02-14 Microsoft Corporation System and methods for providing physical location information and a location method used in discovering the physical location information to an application on a computing device
US6862594B1 (en) * 2000-05-09 2005-03-01 Sun Microsystems, Inc. Method and apparatus to discover services using flexible search criteria
US6983379B1 (en) * 2000-06-30 2006-01-03 Hitwise Pty. Ltd. Method and system for monitoring online behavior at a remote site and creating online behavior profiles
US20050030955A1 (en) * 2000-12-05 2005-02-10 Liam Galin System for automatically identifying the physical location of network end devices
US20020169873A1 (en) * 2001-01-29 2002-11-14 Richard Zodnik Locator for physically locating a peripheral device in a communication network
US20020178382A1 (en) * 2001-03-02 2002-11-28 Toru Mukai Security administration server and its host server
US6947598B2 (en) * 2001-04-20 2005-09-20 Front Porch Digital Inc. Methods and apparatus for generating, including and using information relating to archived audio/video data
US7035468B2 (en) * 2001-04-20 2006-04-25 Front Porch Digital Inc. Methods and apparatus for archiving, indexing and accessing audio and video data
US20070166013A1 (en) * 2001-04-20 2007-07-19 Jay Yogeshwar Methods and apparatus for indexing and archiving encoded audio/video data
US20080262996A1 (en) * 2001-04-20 2008-10-23 Front Porch Digital, Inc. Methods and apparatus for indexing and archiving encoded audio/video data
US7110664B2 (en) * 2001-04-20 2006-09-19 Front Porch Digital, Inc. Methods and apparatus for indexing and archiving encoded audio-video data
US8095597B2 (en) * 2001-05-01 2012-01-10 Aol Inc. Method and system of automating data capture from electronic correspondence
US7739210B2 (en) * 2001-06-28 2010-06-15 Microsoft Corporation Methods and architecture for cross-device activity monitoring, reasoning, and visualization for providing status and forecasts of a users' presence and availability
US7076244B2 (en) * 2001-07-23 2006-07-11 Research In Motion Limited System and method for pushing information to a mobile device
US20030037163A1 (en) * 2001-08-15 2003-02-20 Atsushi Kitada Method and system for enabling layer 2 transmission of IP data frame between user terminal and service provider
US20030088629A1 (en) * 2001-11-08 2003-05-08 Martin Berkowitz Email management system and method
US6978470B2 (en) * 2001-12-26 2005-12-20 Bellsouth Intellectual Property Corporation System and method for inserting advertising content in broadcast programming
US7320070B2 (en) * 2002-01-08 2008-01-15 Verizon Services Corp. Methods and apparatus for protecting against IP address assignments based on a false MAC address
US20030158855A1 (en) * 2002-02-20 2003-08-21 Farnham Shelly D. Computer system architecture for automatic context associations
US7167910B2 (en) * 2002-02-20 2007-01-23 Microsoft Corporation Social mapping of contacts from computer communication information
US20030216143A1 (en) * 2002-03-01 2003-11-20 Roese John J. Location discovery in a data network
US7092943B2 (en) * 2002-03-01 2006-08-15 Enterasys Networks, Inc. Location based data
US20030216144A1 (en) * 2002-03-01 2003-11-20 Roese John J. Using signal characteristics to locate devices in a data network
US20030217122A1 (en) * 2002-03-01 2003-11-20 Roese John J. Location-based access control in a data network
US20030225893A1 (en) * 2002-03-01 2003-12-04 Roese John J. Locating devices in a data network
US20030172167A1 (en) * 2002-03-08 2003-09-11 Paul Judge Systems and methods for secure communication delivery
US6970871B1 (en) * 2002-04-11 2005-11-29 Sprint Spectrum L.P. System and method of sorting information based on a location of a mobile station
US20030200272A1 (en) * 2002-04-18 2003-10-23 Leon Campise System and method for data collection and update utilizing surrogate e-mail addresses using a server
US20030237002A1 (en) * 2002-06-25 2003-12-25 Hitachi, Ltd. Network node and communication system
US7539697B1 (en) * 2002-08-08 2009-05-26 Spoke Software Creation and maintenance of social relationship network graphs
US20040057425A1 (en) * 2002-09-25 2004-03-25 Brouwer Wim L. Location identification for IP telephony to support emergency services
US6810363B2 (en) * 2002-12-12 2004-10-26 Xerox Corporation Methods, apparatus, and program products for analyzing context in a networked computing environment
US20040133641A1 (en) * 2003-01-03 2004-07-08 Nortel Networks Limited Distributed services based on presence technology
US20070162954A1 (en) * 2003-04-07 2007-07-12 Pela Peter L Network security system based on physical location
US20050002380A1 (en) * 2003-05-09 2005-01-06 Miller Robert S. Automated IT asset location system
US7133916B2 (en) * 2003-07-28 2006-11-07 Etelemetry, Inc. Asset tracker for identifying user of current internet protocol addresses within an organization's communications network
US20050027806A1 (en) * 2003-07-28 2005-02-03 Schunemann Alan J. Network asset tracker for identifying users of networked computers
US20070288579A1 (en) * 2003-07-28 2007-12-13 Schunemann Alan J Network asset tracker for identifying users of networked computers
US20050027593A1 (en) * 2003-08-01 2005-02-03 Wilson Joseph G. System and method for segmenting and targeting audience members
US20050125289A1 (en) * 2003-08-01 2005-06-09 Gil Beyda Audience targeting system with segment management
US20050166233A1 (en) * 2003-08-01 2005-07-28 Gil Beyda Network for matching an audience with deliverable content
US7373389B2 (en) * 2003-08-27 2008-05-13 Spoke Software Periodic update of data in a relationship system
US20050050027A1 (en) * 2003-09-03 2005-03-03 Leslie Yeh Determining and/or using location information in an ad system
US7849103B2 (en) * 2003-09-10 2010-12-07 West Services, Inc. Relationship collaboration system
US7503070B1 (en) * 2003-09-19 2009-03-10 Marshall Van Alstyne Methods and systems for enabling analysis of communication content while preserving confidentiality
US7707122B2 (en) * 2004-01-29 2010-04-27 Yahoo ! Inc. System and method of information filtering using measures of affinity of a relationship
US6982379B2 (en) * 2004-02-13 2006-01-03 Sumitomo Wiring Systems, Ltd. Automotive electrical connection box and a method of mounting it
US7844671B1 (en) * 2004-04-07 2010-11-30 Cisco Technology, Inc. Communication systems and methods with social network filtering
US20050232164A1 (en) * 2004-04-19 2005-10-20 Mitel Networks Corporation Method for recognizing location move of VoIP phones
US20060004627A1 (en) * 2004-06-30 2006-01-05 Shumeet Baluja Advertisements for devices with call functionality, such as mobile phones
US20060047800A1 (en) * 2004-08-24 2006-03-02 Panduit Corporation Systems and methods for network management
US20060056388A1 (en) * 2004-08-24 2006-03-16 Comcast Cable Holdings, Llc Method and system for locating a voice over internet protocol (VoIP) device connected to a network
US20060153167A1 (en) * 2004-11-19 2006-07-13 Schunemann Alan J Computer tracking and locking
US20100085971A1 (en) * 2004-11-19 2010-04-08 Etelemetry, Inc. Computer tracking and locking
US20100088358A1 (en) * 2004-11-19 2010-04-08 Etelemetry, Inc. Inserted contextual web content derived from intercepted web viewing content
US20060136372A1 (en) * 2004-11-19 2006-06-22 Schunemann Alan J Inserted contextual web content derived from intercepted web viewing content
US20060149624A1 (en) * 2004-12-30 2006-07-06 Shumeet Baluja Generating and/or serving local area advertisements, such as advertisements for devices with call functionality
US20060265283A1 (en) * 2005-05-20 2006-11-23 Anchorfree, Inc. System and method for monetizing internet usage
US20060265501A1 (en) * 2005-05-20 2006-11-23 Anchorfree Wireless System and method for enabling wireless internet access in public areas
US20060293962A1 (en) * 2005-05-20 2006-12-28 Anchorfree, Inc. Computerized networking device with embedded advanced content and web traffic monetization functionality
US20070005654A1 (en) * 2005-05-20 2007-01-04 Avichai Schachar Systems and methods for analyzing relationships between entities
US20070162598A1 (en) * 2005-05-20 2007-07-12 Anchorfree, Inc. Method and system for advanced messaging

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100088358A1 (en) * 2004-11-19 2010-04-08 Etelemetry, Inc. Inserted contextual web content derived from intercepted web viewing content
US20100085971A1 (en) * 2004-11-19 2010-04-08 Etelemetry, Inc. Computer tracking and locking
US20090012760A1 (en) * 2007-04-30 2009-01-08 Schunemann Alan J Method and system for activity monitoring and forecasting
US20130060932A1 (en) * 2011-09-06 2013-03-07 Shachar Ofek Discovering tiers within an application

Also Published As

Publication number Publication date
EP1654667A2 (en) 2006-05-10
WO2005015086A3 (en) 2005-07-14
US20050027806A1 (en) 2005-02-03
US7133916B2 (en) 2006-11-07
CA2534121A1 (en) 2005-02-17
EP1654667A4 (en) 2008-06-18
US7555550B2 (en) 2009-06-30
US20070288579A1 (en) 2007-12-13
JP2007502554A (en) 2007-02-08
JP4554609B2 (en) 2010-09-29
WO2005015086A2 (en) 2005-02-17

Similar Documents

Publication Publication Date Title
US7555550B2 (en) Asset tracker for identifying user of current internet protocol addresses within an organization&#39;s communications network
US10841326B2 (en) Cybersecurity system
US10178112B2 (en) Systems and methods for automated retrieval, processing, and distribution of cyber-threat information
TW470879B (en) Information security analysis system
US7634557B2 (en) Apparatus and method for network analysis
US6557036B1 (en) Methods and apparatus for site wide monitoring of electronic mail systems
US7047423B1 (en) Information security analysis system
TW476204B (en) Information security analysis system
US20160191549A1 (en) Rich metadata-based network security monitoring and analysis
US8074279B1 (en) Detecting rogue access points in a computer network
US20100027430A1 (en) Apparatus and Method for Network Analysis
US20070180101A1 (en) System and method for storing data-network activity information
US7584506B2 (en) Method and apparatus for controlling packet transmission and generating packet billing data on wired and wireless network
US8195750B1 (en) Method and system for tracking botnets
US10116538B2 (en) Attributing network address translation device processed traffic to individual hosts
KR100513911B1 (en) Information security analysis system
US20040267557A1 (en) [electronic data management system and method using remote synchronized backup technique for specialized outsourcing]
US8296425B2 (en) Method and system for lawful interception of internet service
JP4699893B2 (en) Packet analysis system, packet analysis program, packet analysis method, and packet acquisition device
EP1427134A2 (en) System and method for management of communications resources
KR100891713B1 (en) Gateway, method and computer program recording medium for making ip address transparent
O’Reilly Availability of required data to support criminal investigations involving large-scale ip address–sharing technologies
Tanutama Frequency count attribute oriented induction of corporate network data for mapping business activity
Tanutama Characterizing corporate network traffic beyond bandwidth
CN102684897A (en) Method for discovering transmission control protocol/Internet protocol (TCP/IP) network private access equipment

Legal Events

Date Code Title Description
AS Assignment

Owner name: ETELEMETRY, MARYLAND

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:SCHUNEMANN, ALAN;REEL/FRAME:031943/0082

Effective date: 20060914

STCB Information on status: application discontinuation

Free format text: ABANDONED -- FAILURE TO PAY ISSUE FEE