News Column

Patent Issued for Applying Network Traffic Policy to an Application Session

September 3, 2014

By a News Reporter-Staff News Editor at Journal of Engineering -- From Alexandria, Virginia, VerticalNews journalists report that a patent by the inventors Chen, Lee (Saratoga, CA); Chiong, John (San Jose, CA); Oshiba, Dennis I. (Freemont, CA), filed on October 23, 2013, was published online on August 19, 2014.

The patent's assignee for patent number 8813180 is A10 Networks, Inc. (San Jose, CA).

News editors obtained the following quote from the background information supplied by the inventors: "This invention relates generally to data networking, and more specifically, to a system and method to apply a network traffic policy based on a user identity during an application session.

"The secure data network of a company is a critical component for day-to-day functioning of company business activities. Company employees access the secure data network for communication within the company and with the outside world. Company information, oftentimes proprietary or confidential, is exchanged during the communication.

"Typically, an employee gains access to the company's secure data network by means of a network logon procedure using a private user identity, such as a user name 'Robert P. Williamson' or an employee number 'NG01-60410'. Subsequent information exchange using the company's office applications, such as email, file transfer or document control is traceable based on the private user identity through network event logs.

"Since the late 1990's, we have been witnessing the phenomenal rising popularity of public communication applications and services, such as email and Instant Messaging offered by Yahoo.TM., America Online.TM. (AOL), or Google.TM., conferencing and collaboration services offered by WebEx.TM. or Centra.TM., or peer-to-peer services for a variety of file sharing. Generally, a public communication service allows a user to exchange information through messaging, text chat or document exchange using a public user identity, such as 'butterdragon', 'fingemai11984', or 'peterrabbit'.

"However, in a company setting, when an employee connects to a public communication service with a public user identity over the company's secure data network, the information exchange is not easily traceable if at all since the public user identity is not tied to the private user identity.

"In one example, a company's information technology (IT) department notices that an employee Victor has been using the company's email system to send out proprietary documents, violating the company's security policy. After issuing a warning to Victor, the IT department finds no further violations. Unfortunately, they are not aware of the fact that Victor has continued this activity using Yahoo.TM. email with a public user identity ''.

"In another example, two weeks before a major trade show, a company implements a security measure to monitor communication activities of employees of director level and above to ensure confidentiality of competitive information. This security measure, covering company email, phone conversation and voice messaging, nevertheless proves to be a failure as sensitive information leaks out to a business reporter anyway prior to the trade show. The source of the leak may never be confirmed, but the business reporter privately discloses that he gets the information from an anonymous employee of the company using AOL Instant Messaging.TM. with screen name 'opensecret2006'.

"The above discussion illustrates the need for a security solution to associate a user identity to a public application."

As a supplement to the background information on this patent, VerticalNews correspondents also obtained the inventors' summary information for this patent: "Method for applying a security policy to an application session, includes: recognizing the application session between a network and an application via a security gateway; determining by the security gateway a user identity of the application session using information about the application session; obtaining by the security gateway the security policy comprising network parameters mapped to the user identity; and applying the security policy to the application session by the security gateway. The user identity may be a network user identity or an application user identity recognized from packets of the application session. The security policy may comprise a network traffic policy mapped and/or a document access policy mapped to the user identity, where the network traffic policy is applied to the application session. The security gateway may further generate a security report concerning the application of the security policy to the application session."

For additional information on this patent, see: Chen, Lee; Chiong, John; Oshiba, Dennis I.. Applying Network Traffic Policy to an Application Session. U.S. Patent Number 8813180, filed October 23, 2013, and published online on August 19, 2014. Patent URL:

Keywords for this news article include: Data Network, A10 Networks Inc..

Our reports deliver fact-based news of research and discoveries from around the world. Copyright 2014, NewsRx LLC

For more stories covering the world of technology, please see HispanicBusiness' Tech Channel

Source: Journal of Engineering

Story Tools Facebook Linkedin Twitter RSS Feed Email Alerts & Newsletters