APPLYING FORWARDING POLICY TO AN APPLICATION SESSION
First Claim
1. A method for applying a forwarding policy by a network gateway comprising:
- recognizing an application session between a first host having a first host identity and an application server;
determining an application identifier, application session time, and first user identity associated with the application session;
querying an identity server by providing the first host identity and the application session time;
receiving, from the identity server, a second user identity from an access session record in response to the query, wherein the receiving comprises;
determining a correlation between the first host identity and a second host identity associated with a second host in the access session record;
determining a correlation between the application session time and an access session time in the access session record;
associating the second user identity with the first user identity;
receiving a forwarding policy based on the second user identity or the first user identity; and
applying the forwarding policy to the application session.
1 Assignment
0 Petitions
Accused Products
Abstract
A method for applying a security policy to an application session, includes recognizing the application session between a network and an application via a security gateway; determining by the security gateway a user identity of the application session using information about the application session; obtaining by the security gateway the security policy comprising network parameters mapped to the user identity; and applying the security policy to the application session by the security gateway. The user identity may be a network user identity or an application user identity recognized from packets of the application session. The security policy may comprise a network traffic policy mapped and/or a document access policy mapped to the user identity, where the network traffic policy is applied to the application session. The security gateway may further generate a security report concerning the application of the security policy to the application session.
44 Citations
22 Claims
-
1. A method for applying a forwarding policy by a network gateway comprising:
-
recognizing an application session between a first host having a first host identity and an application server; determining an application identifier, application session time, and first user identity associated with the application session; querying an identity server by providing the first host identity and the application session time; receiving, from the identity server, a second user identity from an access session record in response to the query, wherein the receiving comprises; determining a correlation between the first host identity and a second host identity associated with a second host in the access session record; determining a correlation between the application session time and an access session time in the access session record; associating the second user identity with the first user identity; receiving a forwarding policy based on the second user identity or the first user identity; and applying the forwarding policy to the application session. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A system for applying a forwarding policy by a network gateway comprising:
a network gateway that; recognizes an application session between a first host having a first host identity and an application server; determines an application identifier, application session time, and first user identity associated with the application session; queries an identity server by providing the first host identity and the application session time; receives, from the identity server, a second user identity from an access session record in response to the query, wherein the identity server further; determines a correlation between the first host identity and a second host identity associated with a second host in the access session record; determines a correlation between the application session time and an access session time in the access session record; associates the second user identity with the first user identity; receives a forwarding policy based on the second user identity or the first user identity; and applies the forwarding policy to the application session. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
17. A non-transitory computer-readable medium having instructions stored thereon, the instructions being executable by at least one processor to perform a method, the method comprising:
-
recognizing an application session between a first host having a first host identity and an application server; determining an application identifier, application session time, and first user identity associated with the application session; querying an identity server by providing the first host identity and the application session time; receiving, from the identity server, a second user identity from an access session record in response to the query, wherein the receiving comprises; determining a correlation between the first host identity and a second host identity associated with a second host in the access session record; determining a correlation between the application session time and an access session time in the access session record; associating the second user identity with the first user identity; receiving a forwarding policy based on the second user identity or the first user identity; and applying the forwarding policy to the application session. - View Dependent Claims (18, 19, 20, 21, 22)
-
Specification