SYSTEM AND METHOD TO ASSOCIATE A PRIVATE USER IDENTITY WITH A PUBLIC USER IDENTITY
First Claim
1. A method for associating a user identity used for accessing a network, comprising:
- (a) recognizing an application session between the network and an application via a security gateway, wherein the recognizing comprises;
(a1) identifying a pattern of a data packet transmitted between the network and the application; and
(a2) matching the pattern with an application identifier for the application; and
(b) creating an application session record for the application session, wherein the application session record comprises an application session time and a user identity for using the application session via a host having a host identity, wherein the creating comprises;
(b1) sending a query to an identity server, wherein the query comprises the application session time and the host identity;
(b2) receiving a response from the identity server to the query, wherein the response comprises a second user identity; and
(b3) storing the second user identity as the user identity for using the application session in the application session record.
2 Assignments
0 Petitions
Accused Products
Abstract
The inventive system includes a host, a network including a security gateway, and a public application. Established are an access session between the network and the host and an application session between the public application and the network. An application session record is created for the application session, and includes the user'"'"'s public user identity used to access the public application, the user'"'"'s private user identity used to access the network, a host identity, and an application session time. To determine the private user identity for the application session, the security gateway sends a query with the host identity and the application session time. These are compared with the host identity and access session time in an access session record. If they match, then the private user identity in the access session record is returned, and it is stored as the private user identity in the application session record.
-
Citations
30 Claims
-
1. A method for associating a user identity used for accessing a network, comprising:
-
(a) recognizing an application session between the network and an application via a security gateway, wherein the recognizing comprises; (a1) identifying a pattern of a data packet transmitted between the network and the application; and (a2) matching the pattern with an application identifier for the application; and (b) creating an application session record for the application session, wherein the application session record comprises an application session time and a user identity for using the application session via a host having a host identity, wherein the creating comprises; (b1) sending a query to an identity server, wherein the query comprises the application session time and the host identity; (b2) receiving a response from the identity server to the query, wherein the response comprises a second user identity; and (b3) storing the second user identity as the user identity for using the application session in the application session record. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A system, comprising:
a security gateway comprising a processor and a memory containing instructions which, when executed by the processor, cause the processor to perform a method, comprising; (a) recognizing an application session between a network and an application via the security gateway, wherein the recognizing comprises; (a1) identifying a pattern of a data packet transmitted between the network and the application; and (a2) matching the pattern with an application identifier for the application; and (b) creating an application session record for the application session, wherein the application session record comprises an application session time and a user identity for using the application session via a host having a host identity, wherein the creating comprises; (b1) sending a query to an identity server, wherein the query comprises the application session time and the host identity; (b2) receiving a response from the identity server to the query, wherein the response comprises a second user identity; and (b3) storing the second user identity as the user identity for using the application session in the application session record. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
17. A method for associating a user identity used for accessing a network, comprising:
-
(a) recognizing an application session between the network and an application via a security gateway; (b) retrieving an application data field from a data packet transmitted over the application session; (c) creating an application session record for the application session, wherein the application session record comprises;
the application data field;
an application session time; and
a user identity for using the application session via a host having a host identity, wherein the creating comprises;(b1) sending a query to an identity server, wherein the query comprises the application session time and the host identity; (b2) receiving a response from the identity server to the query, wherein the response comprises a second user identity; and (b3) storing the second user identity as the user identity for using the application session in the application session record. - View Dependent Claims (18, 19, 20, 21, 22, 23)
-
-
24. A system, comprising:
-
a security gateway comprising a processor and a memory containing instructions which, when executed by the processor, cause the processor to perform a method, comprising; (a) recognizing an application session between the network and an application via security gateway; (b) retrieving an application data field from a data packet transmitted over the application session; (c) creating an application session record for the application session, wherein the application session record comprises;
the application data field;
an application session time; and
a user identity for using the application session via a host having a host identity, wherein the creating comprises;(b1) sending a query to an identity server, wherein the query comprises the application session time and the host identity; (b2) receiving a response from the identity server to the query, wherein the response comprises a second user identity; and (b3) storing the second user identity as the user identity for using the application session in the application session record. - View Dependent Claims (25, 26, 27, 28, 29, 30)
-
Specification