Applying security policy to an application session
First Claim
Patent Images
1. A method for applying a security policy to an application session, comprising:
- inspecting, by a security gateway, a data packet for an application session and storing a host identity and application session time in an application session record;
determining, by the security gateway, from the data packet for the application session a user identity and storing the user identity in the application session record;
determining, by the security gateway, a second user identity by matching an access session record of an access session accessed during the application session that comprises the second user identity, a second host identity, and an access session time, wherein the second host identity and the access session time match the host identity and the application session time of the application session record;
storing the second user identity as a network user identity in the application session record;
determining, by the security gateway, at least one security policy applicable to the application session based on a group identity; and
applying the at least one security policy to the application session, by the security gateway, if the network user identity is a member of the group identity.
2 Assignments
0 Petitions
Accused Products
Abstract
Applying a security policy to an application session, includes: recognizing the application session between a network and an application via a security gateway; determining by the security gateway a user identity of the application session using information about the application session; obtaining by the security gateway the security policy comprising network parameters mapped to the user identity; and applying the security policy to the application session by the security gateway. The user identity may be a network user identity or an application user identity recognized from packets of the application session. The security policy may comprise a network traffic policy mapped and/or a document access policy mapped to the user identity, where the network traffic policy is applied to the application session. The security gateway may further generate a security report concerning the application of the security policy to the application session.
517 Citations
27 Claims
-
1. A method for applying a security policy to an application session, comprising:
inspecting, by a security gateway, a data packet for an application session and storing a host identity and application session time in an application session record; determining, by the security gateway, from the data packet for the application session a user identity and storing the user identity in the application session record; determining, by the security gateway, a second user identity by matching an access session record of an access session accessed during the application session that comprises the second user identity, a second host identity, and an access session time, wherein the second host identity and the access session time match the host identity and the application session time of the application session record; storing the second user identity as a network user identity in the application session record; determining, by the security gateway, at least one security policy applicable to the application session based on a group identity; and applying the at least one security policy to the application session, by the security gateway, if the network user identity is a member of the group identity. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
10. A computer program product for applying a security policy to an application session, the computer program product comprising:
a non-transitory computer readable storage medium having computer readable program code embodied thereon, the computer readable program code configured to; inspect, by a security gateway, a data packet for an application session and storing a host identity and application session time in an application session record; determine, by the security gateway, from the data packet for the application session a user identity and store the user identity in the application session record; determine, by the security gateway, a second user identity by matching an access session record of an access session accessed during the application session that comprises the second user identity, a second host identity, and an access session time, wherein the second host identity and the access session time match the host identity and the application session time of the application session record; store the second user identity as a network user identity in the application session record; determine, by the security gateway, at least one security policy applicable to the application session based on a group identity; and apply the at least one security policy to the application session, by the security gateway, if the network user identity is a member of the group identity. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
19. A system, comprising:
-
a corporate directory comprising at least one security policy; and a security gateway, wherein the security gateway; inspects a data packet for an application session and stores a host identity and application session time in an application session record; determines from the data packet for the application session a user identity and stores the user identity in the application session record; determines a second user identity by matching an access session record of an access session accessed during the application session that comprises the second user identity, a second host identity, and an access session time, wherein the second host identity and the access session time match the host identity and the application session time of the application session record; stores the second user identity as a network user identity in the application session record; determines at least one security policy applicable to the application session based on a group identity; and applies the at least one security policy to the application session if the network user identity is a member of the group identity. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27)
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeA10 Networks Incorporated
-
Original AssigneeA10 Networks Incorporated
-
InventorsChen, Lee, Oshiba, Dennis, Chiong, John
-
Primary Examiner(s)Colin, Carl
-
Assistant Examiner(s)LAVELLE, GARY E
-
Application NumberUS14/987,076Publication NumberTime in Patent Office316 DaysField of SearchUS Class Current1/1CPC Class CodesG06F 21/00 Security arrangements for p...G06F 21/44 Program or device authentic...H04L 12/66 Arrangements for connecting...H04L 51/04 Real-time or near real-time...H04L 63/02 for separating internal fro...H04L 63/0227 Filtering policies mail mes...H04L 63/0236 Filtering by address, proto...H04L 63/0245 Filtering by information in...H04L 63/0254 Stateful filteringH04L 63/0263 Rule managementH04L 63/029 Firewall traversal, e.g. tu...H04L 63/0407 wherein the identity of one...H04L 63/08 for authentication of entit...H04L 63/10 for controlling access to d...H04L 63/102 Entity profilesH04L 63/105 Multiple levels of securityH04L 63/164 at the network layerH04L 63/168 above the transport layerH04L 63/20 for managing network securi...H04L 63/30 for supporting lawful inter...View All
