SYSTEM AND METHOD TO ASSOCIATE A PRIVATE USER IDENTITY WITH A PUBLIC USER IDENTITY

US 20170295185A1
Filed: 06/23/2017
Published: 10/12/2017
Est. Priority Date: 10/17/2006
Status: Active Grant

First Claim

Patent Images

1. A system for associating a private user identity with a public user identity, the system comprising:

a security gateway that tracks public application access sessions for a public application accessed by a user through a secure network established for a host device; and

an identity server that;

stores information indicative of the public application access sessions in one or more access session records; and

stores the private user identity for the user.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The system includes a host, a network including a security gateway, and a public application. Established are an access session between the network and the host and an application session between the public application and the network. An application session record is created for the application session, and includes the user'"'"'s public user identity used to access the public application, the user'"'"'s private user identity used to access the network, a host identity, and an application session time. To determine the private user identity for the application session, the security gateway sends a query with the host identity and the application session time. These are compared with the host identity and access session time in an access session record, if they match, then the private user identity in the access session record is returned, and it is stored as the private user identity in the application session record.

0 Citations

20 Claims

1. A system for associating a private user identity with a public user identity, the system comprising:
- a security gateway that tracks public application access sessions for a public application accessed by a user through a secure network established for a host device; and
  
  an identity server that;
  
  stores information indicative of the public application access sessions in one or more access session records; and
  
  stores the private user identity for the user.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The system according to claim 1, wherein the information indicative of the public application access sessions is stored in an access session record in association with the private user identity of the user that is used by the user to gain access to the secure network.
  - 3. The system according to claim 2, wherein the private user identity and the public user identity of the user that is used to access the public application are different from one another.
  - 4. The system according to claim 2, wherein the access session record is created by the security gateway upon the user accessing the public application.
  - 5. The system according to claim 4, wherein the access session record is stored by the security gateway on the identity server.
  - 6. The system according to claim 1, wherein the information indicative of the public application access sessions is stored in an access session record on the identity server, in association with the public user identity of the user that is used by the user to gain access to the public application.
  - 7. The system according to claim 1, wherein the information indicative of the public application access sessions comprises a host identity for the host device and an application session time for an application session.
  - 8. The system according to claim 7, wherein a host device identifier of the host device is linked to a private user identity managed by the identity server.
  - 9. The system according to claim 1, wherein, for each public application access session, the security gateway is configured to track a host device identifier and an application session time frame.
  - 10. The system according to claim 1, wherein the security gateway is further configured to:
    - receive a request for a private user identity associated with a public application access session, the request comprising at least a time frame;
      
      locate the public application access session by searching the one or more access session records having an application session time frame that corresponds to the time frame of the request; and
      
      return the private user identity associated with one or more matching access session records.

11. A method for associating a private user identity with public user identities, the method being executed by a security gateway that comprises a processor and memory for storing instructions, the processor executing the instructions to perform the method, the method comprising:
- interfacing a secure network with one or more public applications, the secure network being established for a user in response to receiving the private user identity from the user, the security gateway being a proxy between the one or more public applications and the secure network;
  
  monitoring application sessions for the one or more public applications for messages that are indicative of a logon process for the one or more public applications;
  
  capturing the public user identities used by the user to access the one or more public applications during the logon process; and
  
  creating application session records that comprise the private user identity and any public user identities.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
- - 12. The method according to claim 11, wherein the one or more public applications are hosted on one or more application servers and the one or more application servers are located outside of the secure network.
  - 13. The method according to claim 11, wherein the capturing the public user identities used by the user to access the one or more public applications during the logon process occurs after detecting a log-on approval indication by the one or more public applications.
  - 14. The method according to claim 11, wherein the private user identity is different from the public user identities of the user.
  - 15. The method according to claim 11, further comprising:
    - receiving a request for the private user identity associated with a public application access session associated with the one or more public applications, the request comprising at least a time frame;
      
      locating the public application access session by searching the application session records having an application session time frame that corresponds to the time frame of the request; and
      
      returning the private user identity associated with one or more matching application session records.
  - 16. The method according to claim 11, wherein the creating the application session records includes creating the application session records upon the user accessing the one or more public applications.
  - 17. The method according to claim 11, wherein the creating the application session records comprises storing a host identity for a host device and an application session time for each of the application sessions.
  - 18. The method according to claim 17, further comprising tracking, for each public application access session, a host device identifier of the host device and an application session time frame.
  - 19. The method according to claim 18, wherein the host device identifier of the host device is linked to a private user identity managed by an identity server.

20. A system for associating a private user identity with a public user identity, the system comprising:
- a security gateway that;
  
  tracks public application access sessions for a public application accessed by a user through a secure network established for a host device;
  
  receives a request for a private user identity associated with a public application access session, the request comprising at least a time frame;
  
  locates the public application access session by searching the one or more access session records having an application session time frame that corresponds to the time frame of the request; and
  
  returns the private user identity associated with one or more matching access session records; and
  
  an identity server that;
  
  stores information indicative of the public application access sessions in one or more access session records; and
  
  stores the private user identity for the user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
A10 Networks Incorporated
Original Assignee
A10 Networks Incorporated
Inventors
Wang, Xin, Chen, Lee, Chiong, John

Granted Patent

US 9,954,868 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

H04L 12/66   Arrangements for connecting...

H04L 2101/622   Layer-2 addresses, e.g. med...

H04L 2101/668   Internet protocol [IP] addr...

H04L 63/02   for separating internal fro...

H04L 63/0281   Proxies

H04L 63/04   for providing a confidentia...

H04L 63/08   for authentication of entit...

H04L 63/0853   using an additional device,...

H04L 63/10   for controlling access to d...

H04L 63/102   Entity profiles

H04L 63/30   for supporting lawful inter...

H04L 63/308   retaining data, e.g. retain...

H04L 65/1069   Session establishment or de...

H04L 65/1101   Session protocols

H04L 65/1104   Session initiation protocol...

H04L 65/401   wherein the services involv...

H04L 67/14   Session management for real...

H04L 67/141   Setup of application sessio...

H04L 67/146   Markers for unambiguous ide...

H04L 9/40   Network security protocols

SYSTEM AND METHOD TO ASSOCIATE A PRIVATE USER IDENTITY WITH A PUBLIC USER IDENTITY

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

0 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM AND METHOD TO ASSOCIATE A PRIVATE USER IDENTITY WITH A PUBLIC USER IDENTITY

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

0 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links