System and method to associate a private user identity with a public user identity
원문보기
IPC분류정보
국가/구분
United States(US) Patent
등록
국제특허분류(IPC7판)
H04L-029/06
H04L-029/08
출원번호
US-0056785
(2013-10-17)
등록번호
US-9060003
(2015-06-16)
발명자
/ 주소
Wang, Xin
Chen, Lee
Chiong, John
출원인 / 주소
A10 Networks, Inc.
대리인 / 주소
Carr & Ferrell LLP
인용정보
피인용 횟수 :
19인용 특허 :
40
초록▼
The inventive system includes a host, a network including a security gateway, and a public application. Established are an access session between the network and the host and an application session between the public application and the network. An application session record is created for the appli
The inventive system includes a host, a network including a security gateway, and a public application. Established are an access session between the network and the host and an application session between the public application and the network. An application session record is created for the application session, and includes the user's public user identity used to access the public application, the user's private user identity used to access the network, a host identity, and an application session time, To determine the private user identity for the application session, the security gateway sends a query with the host identity and the application session time. These are compared with the host identity and access session time in an access session record, if they match, then the private user identity in the access session record is returned, and it is stored as the private user identity in the application session record.
대표청구항▼
1. A processor-implemented method comprising: provisioning an application session between a first host and an application server;providing to an identity server a first host identity associated with the first host, a first user identity associated with the application session, and an application ses
1. A processor-implemented method comprising: provisioning an application session between a first host and an application server;providing to an identity server a first host identity associated with the first host, a first user identity associated with the application session, and an application session time associated with the application session;establishing an access session for a second host;furnishing to an identity server a second host identity associated with the second host, a second user identity associated with the access session, and an access session time associated with the access session; andreceiving an indication from the identity server in response to the identity server comparing the access session time to the application session time and determining the first host identity corresponds to the second host identity and the access session time corresponds, determined in response to the application session time being between a starting time and an ending time associated with the access session, to the application session time, the indication associating the first and second user identities. 2. The method of claim 1 wherein the providing the application session time includes providing at least one of a starting time associated with the application session and a time stamp associated with the application session. 3. The method of claim 1 wherein the second user identity includes at least one of a name of the user, an internet service subscription identity, and a network log-in. 4. The method of claim 1 wherein the first host identity and the second host identity each include at least one of an Internet Protocol (IP) address and a Media Access Control (MAC) address. 5. The method of claim 1 wherein furnishing an application session time includes furnishing at least one of a starting time associated with the access session and information indicating an ending time of the access session. 6. The method of claim 1 further comprising: storing application session information, the application session information including at least one of the first user identity, the second user identity associated with the first user identity, the first host identity, and the application session time. 7. The method of claim 1 further comprising: receiving user information associated with the second user identity, the user information including at least one of contact information, location information, and departmental information. 8. The method of claim 1 further comprising: producing a security report using the second user identity associated with the first user identity. 9. A system comprising: a processor; anda memory communicatively coupled to the processor, the memory storing instructions executable by the processor to perform a method including: provisioning an application session between a first host and an application server;providing to an identity server a first host identity associated with the first host, a first user identity associated with the application session, and an application session time associated with the application session;establishing an access session for a second host;furnishing to an identity server a second host identity associated with the second host, a second user identity associated with the access session, and an access session time associated with the access session; andreceiving an indication from the identity server in response to the identity server comparing the access session time to the application session time and determining the first host identity corresponds to the second host identity and the access session time corresponds, determined in response to the application session time being between a starting time and an ending time associated with the access session, to the application session time, the indication associating the first and second user identities. 10. The system of claim 9 wherein the providing the application session time includes providing at least one of a starting time associated with the application session and a time stamp associated with the application session. 11. The system of claim 9 wherein the second user identity includes at least one of a name of the user, an internet service subscription identity, and a network log-in. 12. The system of claim 9 wherein the first host identity and the second host identity each include at least one of an Internet Protocol (IP) address and a Media Access Control (MAC) address. 13. The system of claim 9 wherein furnishing an application session time includes furnishing at least one of a starting time associated with the access session and information indicating an ending time of the access session. 14. The system of claim 9 wherein the method further includes: storing application session information, the application session information including at least one of the first user identity, the second user identity associated with the first user identity, the first host identity, and the application session time. 15. The system of claim 9 wherein the method further includes: receiving user information associated with the second user identity, the user information including at least one of contact information, location information, and departmental information. 16. The system of claim 9 wherein the method further includes: producing a security report using the second user identity associated with the first user identity. 17. A non-transitory computer-readable medium having embodied thereon a program, the program being executable by a processor to perform a method, the method comprising: provisioning an application session between a first host and an application server;providing to an identity server a first host identity associated with the first host, a first user identity associated with the application session, and an application session time associated with the application session;establishing an access session for a second host;furnishing to an identity server a second host identity associated with the second host, a second user identity associated with the access session, and an access session time associated with the access session; andreceiving an indication from the identity server in response to the identity server comparing the access session time to the application session time and determining the first host identity corresponds to the second host identity and the access session time corresponds, determined in response to the application session time being between a starting time and an ending time associated with the access session, to the application session time, the indication associating the first and second user identities.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (40)
Chen, Lee; Chiong, John; Kwan, Phillip, Access record gateway.
Bohannon, Philip L.; Jakobsson, Bjorn Markus; Monrose, Fabian; Reiter, Michael Kendrick; Wetzel, Susanne Gudrun, Generation of repeatable cryptographic key based on varying parameters.
MacDoran Peter F. ; Mathews Michael B. ; Ziel Fred A. ; Gold Kenn L. ; Anderson Steven M. ; Coffey Mark A. ; Denning Dorothy E., Method and apparatus for authenticating the location of remote users of networked computing systems.
Peden, II, Jeffrey J.; Gray, Matthew K.; Parker, Coleman P., Method and apparatus for controlling wireless network access privileges based on wireless client location.
Papierniak, Karen A.; Thaisz, James E.; Chiang, Luo-Jen; Diwekar, Anjali M., Method and apparatus for forming user sessions and presenting internet data according to the user sessions.
Tomko George J.,CAX ; Stoianov Alexei,CAX, Method and apparatus for securely handling a personal identification number or cryptographic key using biometric techniq.
Qin, Xiangping; Shao, Huai-Rong; Singh, Harkirat; Ngo, Chiu, System and method for wireless communication network having proximity control based on authorization token.
Cullinane, Brian Douglas; Lu, David Tse-Zhou; Aula, Anne Kristiina; Arden, Jennifer; Fairfield, Nathaniel; Herbach, Joshua Seth; Johnson, Calvin Karl; Hubert, Renaud-Roland, Attempting to pull over for autonomous vehicles.
Cullinane, Brian Douglas; Lu, David Tse-Zhou; Aula, Anne Kristiina; Arden, Jennifer; Fairfield, Nathaniel; Herbach, Joshua Seth; Johnson, Calvin Karl; Hubert, Renaud-Roland, Attempting to pull over for autonomous vehicles.
Aula, Anne Kristiina; Cullinane, Brian Douglas; Switkin, Daniel Jules; Arden, Jennifer; Hubert, Renaud-Roland, Specifying unavailable locations for autonomous vehicles.
Aula, Anne Kristiina; Cullinane, Brian Douglas; Switkin, Daniel Jules; Arden, Jennifer; Hubert, Renaud-Roland, Specifying unavailable locations for autonomous vehicles.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.