System and method for interlocking a host and a gateway
First Claim
Patent Images
1. A method, comprising:
- receiving a session descriptor by a processor at a network gateway, the session descriptor received from a host with a process attempting to establish a network connection via the network gateway, wherein the process is running on the host with a particular set of one or more user credentials, wherein the session descriptor includes a universally unique identifier (UUID) associated with the host and the particular set of one or more user credentials, wherein the host is configured to permit user authentication by any one of a plurality of sets of one or more user credentials, and wherein each set of the plurality of sets of one or more user credentials is associated with a different UUID;
pairing the network connection with the particular set of one or more user credentials, wherein the pairing is based on the session descriptor;
correlating the session descriptor with a network policy; and
applying the network policy to the network connection, wherein the network policy is implemented based, at least in part, on the particular set of one or more user credentials paired with the network connection.
11 Assignments
0 Petitions
Accused Products
Abstract
A method is provided in one example embodiment and includes exchanging a session descriptor associated with a network connection and an application on a host, correlating the session descriptor with a network policy, and applying the network policy to the network connection. In alternative embodiments, the session descriptor may be exchanged through an out-of-band communication channel or an in-band communication channel.
341 Citations
37 Claims
-
1. A method, comprising:
-
receiving a session descriptor by a processor at a network gateway, the session descriptor received from a host with a process attempting to establish a network connection via the network gateway, wherein the process is running on the host with a particular set of one or more user credentials, wherein the session descriptor includes a universally unique identifier (UUID) associated with the host and the particular set of one or more user credentials, wherein the host is configured to permit user authentication by any one of a plurality of sets of one or more user credentials, and wherein each set of the plurality of sets of one or more user credentials is associated with a different UUID; pairing the network connection with the particular set of one or more user credentials, wherein the pairing is based on the session descriptor; correlating the session descriptor with a network policy; and applying the network policy to the network connection, wherein the network policy is implemented based, at least in part, on the particular set of one or more user credentials paired with the network connection. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. At least one non-transitory computer readable medium having logic encoded therein, wherein the logic, when executed by one or more processors, is operable to perform operations comprising:
-
receiving a session descriptor at a network gateway, the session descriptor received from a host with a process attempting to establish a network connection via the network gateway, wherein the process is running on the host with a particular set of one or more user credentials, wherein the session descriptor includes a universally unique identifier (UUID) associated with the host and the particular set of one or more user credentials, wherein the host is configured to permit user authentication by any one of a plurality of sets of one or more user credentials, and wherein each set of the plurality of sets of one or more user credentials is associated with a different UUID; pairing the network connection with the particular set of one or more user credentials, wherein the pairing is based on the session descriptor; correlating the session descriptor with a network policy; and applying the network policy to the network connection, wherein the network policy is implemented based, at least in part, on the particular set of one or more user credentials paired with the network connection. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. An apparatus, comprising:
-
a firewall module; and one or more processors operable to execute instructions associated with the firewall module, wherein the one or more processors are hardware processors, the one or more processors being operable to; receive a session descriptor from a host with a process attempting to establish a network connection via the apparatus, wherein the process is running on the host with a particular set of one or more user credentials, wherein the session descriptor includes a universally unique identifier (UUID) associated with the host and the particular set of one or more user credentials, wherein the host is configured to permit user authentication by any one of a plurality of sets of one or more user credentials, and wherein each set of the plurality of sets of one or more user credentials is associated with a different UUID; pair the network connection with the particular set of one or more user credentials, wherein the pairing is based on the session descriptor; correlate the session descriptor with a network policy; and apply the network policy to the network connection, wherein the network policy is implemented based, at least in part, on the particular set of one or more user credentials paired with the network connection. - View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37)
-
Specification