Applying security policy to an application session
First Claim
1. A system for applying a security policy to an application session, the system comprising:
- a security gateway configured to;
inspect a data packet for the application session to determine a first user identity provided by a user when accessing the application session and store the first user identity in an application session record, the application session being accessed by the user during an access session, wherein the inspecting the data packet includes;
determining a first host identity and an application session time associated with the application session; and
storing the first host identity and the application session time in the application session record;
match the application session record against an access session record associated with the access session to determine a second user identity provided by the user when accessing the access session, wherein the matching the application session record against the access session record includes;
matching the first host identity stored in the application session record against a second host identity stored in the access session record, wherein the second host identity is associated with the second user identity, the second user identity being stored in the access session record; and
matching the application session time stored in the application session record against an access session time stored in the access session record;
obtain the security policy comprising network parameters mapped to the second user identity; and
apply the security policy to the application session; and
a database configured to store at least the security policy.
1 Assignment
0 Petitions
Accused Products
Abstract
Applying a security policy to an application session, includes recognizing the application session between a network and an application via a security gateway, determining by the security gateway a user identity of the application session using information about the application session, obtaining by the security gateway the security policy comprising network parameters mapped to the user identity, and applying the security policy to the application session by the security gateway. The user identity may be a network user identity or an application user identity recognized from packets of the application session. The security policy may comprise a network traffic policy mapped and/or a document access policy mapped to the user identity, where the network traffic policy is applied to the application session. The security gateway may further generate a security report concerning the application of the security policy to the application session.
258 Citations
15 Claims
-
1. A system for applying a security policy to an application session, the system comprising:
-
a security gateway configured to; inspect a data packet for the application session to determine a first user identity provided by a user when accessing the application session and store the first user identity in an application session record, the application session being accessed by the user during an access session, wherein the inspecting the data packet includes; determining a first host identity and an application session time associated with the application session; and storing the first host identity and the application session time in the application session record; match the application session record against an access session record associated with the access session to determine a second user identity provided by the user when accessing the access session, wherein the matching the application session record against the access session record includes; matching the first host identity stored in the application session record against a second host identity stored in the access session record, wherein the second host identity is associated with the second user identity, the second user identity being stored in the access session record; and matching the application session time stored in the application session record against an access session time stored in the access session record; obtain the security policy comprising network parameters mapped to the second user identity; and apply the security policy to the application session; and a database configured to store at least the security policy. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A method for applying a security policy to an application session, the method comprising:
-
inspecting, by a security gateway, a data packet for the application session to determine a first user identity provided by a user when accessing the application session and store the first user identity in an application session record, the application session being accessed by the user during an access session, wherein the inspecting the data packet includes; determining a first host identity and an application session time associated with the application session; and storing the first host identity and the application session time in the application session record; matching, by the security gateway, the application session record against an access session record associated with the access session to determine a second user identity provided by the user when accessing the access session, wherein the matching the application session record against the access session record includes; matching the first host identity stored in the application session record against a second host identity stored in the access session record, wherein the second host identity is associated with the second user identity, the second user identity being stored in the access session record; and matching the application session time stored in the application session record against an access session time stored in the access session record; obtaining, by the security gateway, the security policy comprising network parameters mapped to the second user identity; and applying, by the security gateway, the security policy to the application session. - View Dependent Claims (13, 14)
-
-
15. A non-transitory computer readable storage medium having embodied thereon a computer readable program code being executable by at least one processor to perform a method for applying a security policy to an application session, the method comprising:
-
inspecting, by a security gateway, a data packet for the application session to determine a first user identity provided by a user when accessing the application session and store the first user identity in an application session record, the application session being accessed by the user during an access session, wherein the inspecting the data packet includes; determining a first host identity and an application session time associated with the application session; and storing the first host identity and the application session time in the application session record; matching, by the security gateway, the application session record against an access session record associated with the access session to determine a second user identity provided by the user when accessing the access session, wherein the matching the application session record against the access session record includes; matching the first host identity stored in the application session record against a second host identity stored in the access session record, wherein the second host identity is associated with the second user identity, the second user identity being stored in the access session record; and matching the application session time stored in the application session record against an access session time stored in the access session record; obtaining, by the security gateway, the security policy comprising network parameters mapped to the second user identity; and applying, by the security gateway, the security policy to the application session.
-
Specification