×

Methods and systems for context-based application firewalls

  • US 9,160,710 B2
  • Filed: 12/30/2010
  • Issued: 10/13/2015
  • Est. Priority Date: 06/25/2010
  • Status: Active Grant
First Claim
Patent Images

1. A method comprising:

  • initiating a user session with a client device in a multitenant environment that stores data for multiple client entities each identified by a tenant identifier (ID) having one or more users associated with the tenant ID, wherein users of each of multiple client entities can only access data identified by a tenant ID associated with the respective client entity, and wherein the multitenant environment is provided by an entity separate from the client entities, and provides on-demand service to the client entities where resource identifiers are treated differently for different tenants, and wherein the multitenant environment can be modified on a per-tenant basis, the user session to access a remote resource on a server device coupled with the client device over a network, wherein the connection between the client device and the remote resource is through an application firewall, wherein the application firewall provides application level or higher analysis of network traffic;

    performing an application firewall context setup with the firewall in response to the user session, wherein the application firewall context comprises firewall context information to be used during the user session to perform network and application security operations with the application firewall, wherein the context is shared between the application firewall and one or more web-based applications to be used by both the application firewall and the one or more web-based applications to make security evaluations and wherein the application firewall and the one or more web-based applications reside on different network layers and wherein the context information is sent between peer systems within the multitenant environment;

    creating a response to provide information from the remote resource to the client device, wherein the response further comprises metadata to be used to update the firewall context information;

    updating the firewall context information using the application firewall based on the metadata; and

    transmitting the response to the client device.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×