APPLYING FORWARDING POLICY TO AN APPLICATION SESSION

US 20160105446A1
Filed: 12/17/2015
Published: 04/14/2016
Est. Priority Date: 10/17/2006
Status: Active Grant

First Claim

Patent Images

1. A method for applying a forwarding policy by a network gateway comprising:

recognizing an application session between a first host having a first host identity and an application server;

determining an application identifier, application session time, and first user identity associated with the application session;

querying an identity server by providing the first host identity and the application session time;

receiving, from the identity server, a second user identity from an access session record in response to the query, wherein the receiving comprises;

determining a correlation between the first host identity and a second host identity associated with a second host in the access session record;

determining a correlation between the application session time and an access session time in the access session record;

associating the second user identity with the first user identity;

receiving a forwarding policy based on the second user identity or the first user identity; and

applying the forwarding policy to the application session.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for applying a security policy to an application session, includes recognizing the application session between a network and an application via a security gateway; determining by the security gateway a user identity of the application session using information about the application session; obtaining by the security gateway the security policy comprising network parameters mapped to the user identity; and applying the security policy to the application session by the security gateway. The user identity may be a network user identity or an application user identity recognized from packets of the application session. The security policy may comprise a network traffic policy mapped and/or a document access policy mapped to the user identity, where the network traffic policy is applied to the application session. The security gateway may further generate a security report concerning the application of the security policy to the application session.

44 Citations

22 Claims

1. A method for applying a forwarding policy by a network gateway comprising:
- recognizing an application session between a first host having a first host identity and an application server;
  
  determining an application identifier, application session time, and first user identity associated with the application session;
  
  querying an identity server by providing the first host identity and the application session time;
  
  receiving, from the identity server, a second user identity from an access session record in response to the query, wherein the receiving comprises;
  
  determining a correlation between the first host identity and a second host identity associated with a second host in the access session record;
  
  determining a correlation between the application session time and an access session time in the access session record;
  
  associating the second user identity with the first user identity;
  
  receiving a forwarding policy based on the second user identity or the first user identity; and
  
  applying the forwarding policy to the application session.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1 further comprising storing the forwarding policy.
  - 3. The method of claim 1 wherein the forwarding policy comprises forwarding information comprising at least one of a forwarding path, a link interface preference, a server load balancing preference, and a routing policy;
    - and the applying the forwarding policy to the application session is based on the forwarding information.
  - 4. The method of claim 1 wherein the forwarding policy comprises a network traffic processing information comprising at least one of bandwidth management, rate control, queuing delay, quality of service, and Differentiated Services Code Point (DSCP) marking;
    - and the applying the forwarding policy to the application session is based on the network traffic processing information.
  - 5. The method of claim 1 wherein the forwarding policy comprises a security information comprising at least one of access control, packet monitoring, file and document transfer monitoring, application user identity monitoring;
    - and the applying the forwarding policy to the application session is based on the security information.
  - 6. The method of claim 1 comprising:
    - retrieving an application data field from the application session; and
      
      creating an application session record for the application including the application data field.
  - 7. The method of claim 6 wherein the application data field comprises at least one of a file name, document information, a URL, a user name, an email, a voice mail, and an identity.
  - 8. The method of claim 1, wherein the network gateway comprises the identity server.

9. A system for applying a forwarding policy by a network gateway comprising:
- a network gateway that;
  
  recognizes an application session between a first host having a first host identity and an application server;
  
  determines an application identifier, application session time, and first user identity associated with the application session;
  
  queries an identity server by providing the first host identity and the application session time;
  
  receives, from the identity server, a second user identity from an access session record in response to the query, wherein the identity server further;
  
  determines a correlation between the first host identity and a second host identity associated with a second host in the access session record;
  
  determines a correlation between the application session time and an access session time in the access session record;
  
  associates the second user identity with the first user identity;
  
  receives a forwarding policy based on the second user identity or the first user identity; and
  
  applies the forwarding policy to the application session.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The system of claim 9 wherein the network gateway further stores the forwarding policy.
  - 11. The system of claim 9 wherein the forwarding policy comprises a forwarding information comprising at least one of a forwarding path, a link interface preference, a server load balancing preference, and a routing policy;
    - and the network gateway applies the forwarding policy to the application session based on the forwarding information.
  - 12. The system of claim 9 wherein the forwarding policy comprises a network traffic processing information comprising at least one of bandwidth management, rate control, queuing delay, quality of service, and Differentiated Services Code Point (DSCP) marking;
    - and network gateway applies the forwarding policy to the application session based on the network traffic processing information.
  - 13. The system of claim 9 wherein the forwarding policy comprises a security information comprising at least one of access control, packet monitoring, file and document transfer monitoring, application user identity monitoring;
    - and the network gateway applies the forwarding policy to the application session based on the security information.
  - 14. The system of claim 11 wherein the network gateway further:
    - retrieves an application data field from the application session; and
      
      creates an application session record for the application session including the application data field.
  - 15. The system of claim 14 wherein the application data field comprises at least one of a file name, document information, a URL, a user name, an email, a voice mail, and an identity.
  - 16. The system of claim 9 wherein the network gateway comprises the identity server.

17. A non-transitory computer-readable medium having instructions stored thereon, the instructions being executable by at least one processor to perform a method, the method comprising:
- recognizing an application session between a first host having a first host identity and an application server;
  
  determining an application identifier, application session time, and first user identity associated with the application session;
  
  querying an identity server by providing the first host identity and the application session time;
  
  receiving, from the identity server, a second user identity from an access session record in response to the query, wherein the receiving comprises;
  
  determining a correlation between the first host identity and a second host identity associated with a second host in the access session record;
  
  determining a correlation between the application session time and an access session time in the access session record;
  
  associating the second user identity with the first user identity;
  
  receiving a forwarding policy based on the second user identity or the first user identity; and
  
  applying the forwarding policy to the application session.
- View Dependent Claims (18, 19, 20, 21, 22)
- - 18. The non-transitory computer-readable medium of claim 17 wherein the method further comprises storing the forwarding policy.
  - 19. The non-transitory computer-readable medium of claim 17 wherein the forwarding policy comprises forwarding information comprising at least one of a forwarding path, a link interface preference, a server load balancing preference, and a routing policy;
    - and the applying the forwarding policy to the application session is based on the forwarding information.
  - 20. The non-transitory computer-readable medium of claim 17 wherein the forwarding policy comprises a network traffic processing information comprising at least one of bandwidth management, rate control, queuing delay, quality of service, and Differentiated Services Code Point (DSCP) marking;
    - and the applying the forwarding policy to the application session is based on the network traffic processing information.
  - 21. The non-transitory computer-readable medium of claim 17 wherein the forwarding policy comprises a security information comprising at least one of access control, packet monitoring, file and document transfer monitoring, application user identity monitoring;
    - and the applying the forwarding policy to the application session is based on the security information.
  - 22. The non-transitory computer-readable medium of claim 17 wherein the method further comprises:
    - retrieving an application data field from the application session; and
      
      creating an application session record for the application session including the application data field.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
A10 Networks Incorporated
Original Assignee
A10 Networks Incorporated
Inventors
Chen, Lee, Chiong, John, Oshiba, Dennis

Granted Patent

US 9,350,744 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/00   Security arrangements for p...

G06F 21/44   Program or device authentic...

H04L 12/66   Arrangements for connecting...

H04L 51/04   Real-time or near real-time...

H04L 63/02   for separating internal fro...

H04L 63/0227   Filtering policies mail mes...

H04L 63/0236   Filtering by address, proto...

H04L 63/0245   Filtering by information in...

H04L 63/0254   Stateful filtering

H04L 63/0263   Rule management

H04L 63/029   Firewall traversal, e.g. tu...

H04L 63/0407   wherein the identity of one...

H04L 63/08   for authentication of entit...

H04L 63/10   for controlling access to d...

H04L 63/102   Entity profiles

H04L 63/105   Multiple levels of security

H04L 63/164   at the network layer

H04L 63/168   above the transport layer

H04L 63/20   for managing network securi...

H04L 63/30   for supporting lawful inter...

H04L 65/1026 : at the edge

H04L 67/01 : Protocols

H04L 67/10 : in which an application is ...

H04L 67/1004 : Server selection for load b...

H04L 67/104 : Peer-to-peer [P2P] networks

H04L 67/141 : Setup of application sessio...

H04L 67/306 : User profiles

H04L 67/535 : Tracking the activity of th...

H04L 69/28 : Timers or timing mechanisms...

H04L 69/329 : in the application layer [O...

H04M 1/7243 : with interactive means for ...

H04W 12/084 : using delegated authorisati...

H04W 12/37 : Managing security policies ...

H04W 12/61 : Time-dependent

View All

APPLYING FORWARDING POLICY TO AN APPLICATION SESSION

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

44 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

APPLYING FORWARDING POLICY TO AN APPLICATION SESSION

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

44 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links