IDENTITY AND POLICY-BASED NETWORK SECURITY AND MANAGEMENT SYSTEM AND METHOD
First Claim
Patent Images
1. A method for managing a network connection between a source and a destination for the transmission of at least one data packet, the method comprising the steps of:
- receiving a login request from a user, wherein the login request comprises a user IP address, and login credentials;
identifying a profile associated with the user, wherein the profile comprises user data and at least one user-specific policy;
determining if the user is authentic by comparing the login credentials with the user data of the identified profile;
determining if the login request is authorized by applying the at least one user-specific policy of the identified profile;
creating and storing identity information related to the authorized user, wherein the identity information comprises the profile and the user IP address;
receiving the at least one data packet from the source, wherein the at least one packet comprises a source IP address and a destination IP address;
identifying a connection object associated with the connection based at least on the source IP address and the destination IP address;
associating the identified connection object with the at least one packet;
identifying the identity information associated with the authorized user based on the source IP address;
updating the identified connection object with the identified identity information; and
applying at least a portion of the identified identity information to the connection.
6 Assignments
0 Petitions
Accused Products
Abstract
A system and method for providing security for a network connecting a source and a destination. The system and method provide a security and management system between the source and the destination which is configured to apply rules and policies which are specific to the user to the connection between the source and the destination. The user-specific policies are used to govern.
174 Citations
26 Claims
-
1. A method for managing a network connection between a source and a destination for the transmission of at least one data packet, the method comprising the steps of:
-
receiving a login request from a user, wherein the login request comprises a user IP address, and login credentials; identifying a profile associated with the user, wherein the profile comprises user data and at least one user-specific policy; determining if the user is authentic by comparing the login credentials with the user data of the identified profile; determining if the login request is authorized by applying the at least one user-specific policy of the identified profile; creating and storing identity information related to the authorized user, wherein the identity information comprises the profile and the user IP address; receiving the at least one data packet from the source, wherein the at least one packet comprises a source IP address and a destination IP address; identifying a connection object associated with the connection based at least on the source IP address and the destination IP address; associating the identified connection object with the at least one packet; identifying the identity information associated with the authorized user based on the source IP address; updating the identified connection object with the identified identity information; and applying at least a portion of the identified identity information to the connection. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A system for managing a network connection between a source and a destination for the transmission of at least one data packet, the system comprising:
-
a login module configured to; receive a login request from a user, wherein the login request comprises a user IP address, and login credentials, identify a profile associated with the user, wherein the profile comprises user data and at least one user-specific policy, determine if the user is authentic by comparing the login credentials with the user data of the identified profile, determine if the login request is authorized by applying the at least one user-specific policy of the identified profile, and create identity information related to the authorized user, wherein the identity information comprises the profile and the user IP address; a user IP map communicatively connected to the login module, the user IP map configured to store the identity information; and a connection tracker communicatively connected to the source and the user IP map, the connection tracker configured to; receive the at least one data packet from the source, wherein the at least one packet comprises a source IP address and a destination IP address, identify a connection object associated with the connection based at least on the source IP address and the destination IP address, associate the connection object with the at least one packet, identify the identity information stored in the user TP map which is associated with the authorized user, update the connection object with the identified identity information, and apply at least a portion of the identified identity information to the connection. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
-
Specification