Electrical computers and digital processing systems: multicomput – Computer network managing – Computer network monitoring
Reexamination Certificate
2000-02-22
2001-08-14
Vu, Viet D. (Department: 2154)
Electrical computers and digital processing systems: multicomput
Computer network managing
Computer network monitoring
C709S220000, C709S223000, C709S238000
Reexamination Certificate
active
06275856
ABSTRACT:
BACKGROUND OF THE INVENTION
The present invention relates to a method for searching for a connecting path from a computer as a logical-connection demand originator to another computer as a logical-connection destination in a network system which comprises a plurality of such computers shared by a plurality of users and in which a logical-connection between ones of the computers is established through a pair of communication ports associated with associated users and more particularly, to a method for suitably searching for a connecting path from a computer as a logical-connection demand originator to another computer as a logical-connection destination when the computer originator is connected with the computer destination through one or more logical connections and a user in front of the computer destination conducts an illegal action on the computer.
In a prior art network system, there has been employed such a path searching method that respective computers use such as, e.g., an operating system known as HP-UX manufactured by Hewlett Packard Co. or use software ‘TCP wrapper’ to record, as an access log, information on when a logical connections was made and the connection was made from which computer. This method has so far been widely employed.
In this case, more in detail, with respect to the computers belonging to the network, when my computer is requested by an establishment demand computer to have an establishment of a logical connection with the my computer and the logical connection was established between the computers in question; the computers record the then connection establishment time, the user identifier of a user of the establishment originator computer existing in my computer and managed by my computer, and the computer identifier of the establishment originator computer in the form of an access log. And even when the logical connection was released, the computers in question record similar contents as an access log.
SUMMARY OF THE INVENTION
It is therefore an object of the present invention to provide a method for easily searching for a connecting path from a computer as a logical connection demand originator to a computer as a logical connection demand destination in a network system comprising a plurality of such computers shared by a plurality of users.
Another object of the present invention is to provide, even when a network is made on a large scale, a method for efficiently searching for a connecting path from a computer as a logical connection demand originator to a computer as a logical connection demand destination in the network.
A user identifier is an user identifier of a user allowed to use its own computer and to be managed uniquely thereby. Thus, for example, when a computer detects a user who conducted an illegal action on the computer, the user identifier of the user in question can be recognized by referring to an access log recorded in my computer. However, when the illegal user uses an establishment request originator computer which required establishment of a logical connection to my computer, it is impossible to know user identifiers managed by the establishment request originator computer.
By the way, such an illegal user, for the purpose of making its connecting path complex, tends, in many case, to logically connect a computer used by the illegal user to a target computer through a plurality of logical connections of one or more computers.
Since it is usually often to commonly use each computer by a plurality of users, such a case is considered that one computer establishes logical connections with a plurality of computers at a time.
In view of aforementioned all respects, it will be seen that, for example, in the case where my computer is logically connected to another computer through one or more computers and there exists a user who conducted an illegal action on a logical connection destination computer, the logical connection destination computer which detected the illegal user can search for the logical connection originator computer which the illegal user actually used and for a connecting path from the logical connection originator computer in a reverse order, when the logical connection destination computer is designed to be able to know the user identifier of the illegal user managed by the logical connection originator computer.
This can be realized by informing user identifiers managed by my computer to hand the user identifiers over from the logical connection originator computer to the logical connection destination computer each time each computer establishes a logical connection with another computer. However, this searching method is not preferable because this requires significant modification of the entire network system, including modification of a protocol at the time of establishing the logical connection.
In practical situations, it is preferable to use only access logs generally recorded to search for the logical connection originator computer and its connecting path. The present invention provides such a searching method. In such a searching method, however, since each computer is shared by a plurality of users, it becomes, in some cases, impossible to uniquely specify the logical connection originator computer. In actuality, candidates of the logical connection originator computer and connecting path can be obtained as a research result.
The object of the present invention is, in other words, to provide a searching method for obtaining candidates of the logical connection originator computer which a user (who conducted an illegal action on the logical connection destination computer) who logically connected it with another computer through one or more logical connections and obtaining candidates of the connecting path to the illegal-user detection computer, with use of only widely employed and available information (more concretely, access logs) and without using any special information.
When such searching is carried out in a large-scale network system, it is considered that the number of candidates obtained as a search result becomes large because of its large searching range of the network system.
To avoid this, it is an other object of the present invention to reduce the number of candidates obtained as a search result to realize effective searching by narrowing down a searching range.
In accordance with a first aspect of the present invention, the above object is attained by providing, in a network system which includes a plurality of computers capable of being shared by a plurality of users and in which a logical connection between two of the computers is established by a pair of communication ports associated with users of the two computers to manage a computer identifier of an establishment request originator computer which required the establishment of the logical connection, user identifiers of the users associated with the logical connection in my computer, and use time information of the users; a method for searching for a network connecting path from a logical connection originator computer to a logical connection destination computer with respect to users who logically connected to another computer through one or more logical connections, comprising the steps of:
transferring a search request containing the use time information of the search objective user, from the computer which detected the search objective user to the computers which established the logical connections associated with the search objective user;
selecting users who used my computer in a use time of the use time information of the search objective user contained in the search request;
in the present of the computer which established the logical connection associated with the users selected in the selection step, transferring to the computer a search request containing the use time information of the search objective user;
in the absence of the computer which established the logical connection associated with the users selected in the selection step, using as its search result the computer identifier of my computer and the
Fujino Shuji
Hirata Toshiaki
Miyazaki Satoshi
Morita Shinji
Nakano Hidetomo
Antonelli Terry Stout & Kraus LLP
Hitachi , Ltd.
Vu Viet D.
LandOfFree
Method for searching for network connection path does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method for searching for network connection path, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method for searching for network connection path will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2472693