公开(公告)号：US20100217819A1

公开(公告)日：2010-08-26

申请号：US12771491

申请日：2010-04-30

申请人： Lee Chen ,  John Chiong ,  Xin Wang

发明人： Lee Chen ,  John Chiong ,  Xin Wang

IPC分类号： G06F15/16

CPC分类号： H04L63/102 ,  H04L12/66 ,  H04L29/06 ,  H04L61/6022 ,  H04L61/6068 ,  H04L63/02 ,  H04L63/0281 ,  H04L63/04 ,  H04L63/08 ,  H04L63/0853 ,  H04L63/10 ,  H04L63/30 ,  H04L63/308 ,  H04L65/1003 ,  H04L65/1006 ,  H04L65/1069 ,  H04L65/4007 ,  H04L67/14 ,  H04L67/141 ,  H04L67/146

摘要： The inventive system includes a host, a network including a security gateway, and a public application. Established are an access session between the network and the host and an application session between the public application and the network. An application session record is created for the application session, and includes the user's public user identity used to access the public application, the user's private user identity used to access the network, a host identity, and an application session time. To determine the private user identity for the application session, the security gateway sends a query with the host identity and the application session time. These are compared with the host identity and access session time in an access session record. If they match, then the private user identity in the access session record is returned, and it is stored as the private user identity in the application session record.

摘要翻译： 本发明的系统包括主机，包括安全网关的网络和公共应用。 建立在网络和主机之间的访问会话以及公共应用程序和网络之间的应用程序会话。 为应用会话创建应用会话记录，并且包括用于访问公共应用的用户的公共用户标识，用于访问网络的用户的私有用户标识，主机标识和应用会话时间。 为了确定应用程序会话的私有用户身份，安全网关发送具有主机标识和应用程序会话时间的查询。 这些与访问会话记录中的主机身份和访问会话时间进行比较。 如果匹配，则返回访问会话记录中的私有用户身份，并将其作为私有用户身份存储在应用程序会话记录中。

公开(公告)号：US07716378B2

公开(公告)日：2010-05-11

申请号：US11582613

申请日：2006-10-17

申请人： Lee Chen ,  John Chiong ,  Xin Wang

发明人： Lee Chen ,  John Chiong ,  Xin Wang

IPC分类号： G06F15/16 ,  G06F15/173 ,  H04W4/00

CPC分类号： H04L63/102 ,  H04L12/66 ,  H04L29/06 ,  H04L61/6022 ,  H04L61/6068 ,  H04L63/02 ,  H04L63/0281 ,  H04L63/04 ,  H04L63/08 ,  H04L63/0853 ,  H04L63/10 ,  H04L63/30 ,  H04L63/308 ,  H04L65/1003 ,  H04L65/1006 ,  H04L65/1069 ,  H04L65/4007 ,  H04L67/14 ,  H04L67/141 ,  H04L67/146

摘要： The inventive system includes a host, a network including a security gateway, and a public application. Established are an access session between the network and the host and an application session between the public application and the network. An application session record is created for the application session, and includes the user's public user identity used to access the public application, the user's private user identity used to access the network, a host identity, and an application session time. To determine the private user identity for the application session, the security gateway sends a query with the host identity and the application session time. These are compared with the host identity and access session time in an access session record. If they match, then the private user identity in the access session record is returned, and it is stored as the private user identity in the application session record.

摘要翻译： 本发明的系统包括主机，包括安全网关的网络和公共应用。 建立在网络和主机之间的访问会话以及公共应用程序和网络之间的应用程序会话。 为应用会话创建应用会话记录，并且包括用于访问公共应用的用户的公共用户标识，用于访问网络的用户的私有用户标识，主机标识和应用会话时间。 为了确定应用程序会话的私有用户身份，安全网关发送具有主机标识和应用程序会话时间的查询。 这些与访问会话记录中的主机身份和访问会话时间进行比较。 如果匹配，则返回访问会话记录中的私有用户身份，并将其作为私有用户身份存储在应用程序会话记录中。

公开(公告)号：US09060003B2

公开(公告)日：2015-06-16

申请号：US14056785

申请日：2013-10-17

申请人： Xin Wang ,  Lee Chen ,  John Chiong

发明人： Xin Wang ,  Lee Chen ,  John Chiong

IPC分类号： H04L29/06 ,  H04L29/08

CPC分类号： H04L63/102 ,  H04L12/66 ,  H04L29/06 ,  H04L61/6022 ,  H04L61/6068 ,  H04L63/02 ,  H04L63/0281 ,  H04L63/04 ,  H04L63/08 ,  H04L63/0853 ,  H04L63/10 ,  H04L63/30 ,  H04L63/308 ,  H04L65/1003 ,  H04L65/1006 ,  H04L65/1069 ,  H04L65/4007 ,  H04L67/14 ,  H04L67/141 ,  H04L67/146

摘要： The inventive system includes a host, a network including a security gateway, and a public application. Established are an access session between the network and the host and an application session between the public application and the network. An application session record is created for the application session, and includes the user's public user identity used to access the public application, the user's private user identity used to access the network, a host identity, and an application session time, To determine the private user identity for the application session, the security gateway sends a query with the host identity and the application session time. These are compared with the host identity and access session time in an access session record, if they match, then the private user identity in the access session record is returned, and it is stored as the private user identity in the application session record.

摘要翻译： 本发明的系统包括主机，包括安全网关的网络和公共应用。 建立在网络和主机之间的访问会话以及公共应用程序和网络之间的应用程序会话。 为应用程序会话创建应用程序会话记录，并且包括用于访问公共应用程序的用户的公共用户身份，用于访问网络的用户的私人用户身份，主机身份和应用程序会话时间。要确定私人 应用程序会话的用户身份，安全网关发送具有主机身份和应用程序会话时间的查询。 将这些与访问会话记录中的主机身份和访问会话时间进行比较，如果匹配，则返回访问会话记录中的私有用户身份，并将其作为私有用户身份存储在应用程序会话记录中。

公开(公告)号：US07979585B2

公开(公告)日：2011-07-12

申请号：US12771491

申请日：2010-04-30

申请人： Lee Chen ,  John Chiong ,  Xin Wang

发明人： Lee Chen ,  John Chiong ,  Xin Wang

IPC分类号： G06F15/16 ,  G06F15/173 ,  H04W4/00

CPC分类号： H04L63/102 ,  H04L12/66 ,  H04L29/06 ,  H04L61/6022 ,  H04L61/6068 ,  H04L63/02 ,  H04L63/0281 ,  H04L63/04 ,  H04L63/08 ,  H04L63/0853 ,  H04L63/10 ,  H04L63/30 ,  H04L63/308 ,  H04L65/1003 ,  H04L65/1006 ,  H04L65/1069 ,  H04L65/4007 ,  H04L67/14 ,  H04L67/141 ,  H04L67/146

摘要： The inventive system includes a host, a network including a security gateway, and a public application. Established are an access session between the network and the host and an application session between the public application and the network. An application session record is created for the application session, and includes the user's public user identity used to access the public application, the user's private user identity used to access the network, a host identity, and an application session time. To determine the private user identity for the application session, the security gateway sends a query with the host identity and the application session time. These are compared with the host identity and access session time in an access session record. If they match, then the private user identity in the access session record is returned, and it is stored as the private user identity in the application session record.

摘要翻译： 本发明的系统包括主机，包括安全网关的网络和公共应用。 建立在网络和主机之间的访问会话以及公共应用程序和网络之间的应用程序会话。 为应用会话创建应用会话记录，并且包括用于访问公共应用的用户的公共用户标识，用于访问网络的用户的私有用户标识，主机标识和应用会话时间。 为了确定应用程序会话的私有用户身份，安全网关发送具有主机标识和应用程序会话时间的查询。 这些与访问会话记录中的主机身份和访问会话时间进行比较。 如果匹配，则返回访问会话记录中的私有用户身份，并将其作为私有用户身份存储在应用程序会话记录中。

公开(公告)号：US08423676B2

公开(公告)日：2013-04-16

申请号：US13462822

申请日：2012-05-03

申请人： Lee Chen ,  John Chiong ,  Xin Wang

发明人： Lee Chen ,  John Chiong ,  Xin Wang

IPC分类号： G06F15/16 ,  G06F15/173

CPC分类号： H04L63/102 ,  H04L12/66 ,  H04L29/06 ,  H04L61/6022 ,  H04L61/6068 ,  H04L63/02 ,  H04L63/0281 ,  H04L63/04 ,  H04L63/08 ,  H04L63/0853 ,  H04L63/10 ,  H04L63/30 ,  H04L63/308 ,  H04L65/1003 ,  H04L65/1006 ,  H04L65/1069 ,  H04L65/4007 ,  H04L67/14 ,  H04L67/141 ,  H04L67/146

摘要： The inventive system includes a host, a network including a security gateway, and a public application. Established are an access session between the network and the host and an application session between the public application and the network. An application session record is created for the application session, and includes the user's public user identity used to access the public application, the user's private user identity used to access the network, a host identity, and an application session time. To determine the private user identity for the application session, the security gateway sends a query with the host identity and the application session time. These are compared with the host identity and access session time in an access session record. If they match, then the private user identity in the access session record is returned, and it is stored as the private user identity in the application session record.

摘要翻译： 本发明的系统包括主机，包括安全网关的网络和公共应用。 建立在网络和主机之间的访问会话以及公共应用程序和网络之间的应用程序会话。 为应用会话创建应用会话记录，并且包括用于访问公共应用的用户的公共用户标识，用于访问网络的用户的私有用户标识，主机标识和应用会话时间。 为了确定应用程序会话的私有用户身份，安全网关发送具有主机标识和应用程序会话时间的查询。 这些与访问会话记录中的主机身份和访问会话时间进行比较。 如果匹配，则返回访问会话记录中的私有用户身份，并将其作为私有用户身份存储在应用程序会话记录中。

公开(公告)号：US20080148357A1

公开(公告)日：2008-06-19

申请号：US11582613

申请日：2006-10-17

申请人： Lee Chen ,  John Chiong ,  Xin Wang

发明人： Lee Chen ,  John Chiong ,  Xin Wang

IPC分类号： H04L9/32 ,  G06F21/00

CPC分类号： H04L63/102 ,  H04L12/66 ,  H04L29/06 ,  H04L61/6022 ,  H04L61/6068 ,  H04L63/02 ,  H04L63/0281 ,  H04L63/04 ,  H04L63/08 ,  H04L63/0853 ,  H04L63/10 ,  H04L63/30 ,  H04L63/308 ,  H04L65/1003 ,  H04L65/1006 ,  H04L65/1069 ,  H04L65/4007 ,  H04L67/14 ,  H04L67/141 ,  H04L67/146

摘要： The inventive system includes a host, a network including a security gateway, and a public application. Established are an access session between the network and the host and an application session between the public application and the network. An application session record is created for the application session, and includes the user's public user identity used to access the public application, the user's private user identity used to access the network, a host identity, and an application session time. To determine the private user identity for the application session, the security gateway sends a query with the host identity and the application session time. These are compared with the host identity and access session time in an access session record. If they match, then the private user identity in the access session record is returned, and it is stored as the private user identity in the application session record.

摘要翻译： 本发明的系统包括主机，包括安全网关的网络和公共应用。 建立在网络和主机之间的访问会话以及公共应用程序和网络之间的应用程序会话。 为应用会话创建应用会话记录，并且包括用于访问公共应用的用户的公共用户标识，用于访问网络的用户的私有用户标识，主机标识和应用会话时间。 为了确定应用程序会话的私有用户身份，安全网关发送具有主机标识和应用程序会话时间的查询。 这些与访问会话记录中的主机身份和访问会话时间进行比较。 如果匹配，则返回访问会话记录中的私有用户身份，并将其作为私有用户身份存储在应用程序会话记录中。

公开(公告)号：US20140059702A1

公开(公告)日：2014-02-27

申请号：US14056785

申请日：2013-10-17

申请人： Xin Wang ,  Lee Chen ,  John Chiong

发明人： Xin Wang ,  Lee Chen ,  John Chiong

IPC分类号： H04L29/06

CPC分类号： H04L63/102 ,  H04L12/66 ,  H04L29/06 ,  H04L61/6022 ,  H04L61/6068 ,  H04L63/02 ,  H04L63/0281 ,  H04L63/04 ,  H04L63/08 ,  H04L63/0853 ,  H04L63/10 ,  H04L63/30 ,  H04L63/308 ,  H04L65/1003 ,  H04L65/1006 ,  H04L65/1069 ,  H04L65/4007 ,  H04L67/14 ,  H04L67/141 ,  H04L67/146

摘要： The inventive system includes a host, a network including a security gateway, and a public application. Established are an access session between the network and the host and an application session between the public application and the network. An application session record is created for the application session, and includes the user's public user identity used to access the public application, the user's private user identity used to access the network, a host identity, and an application session time, To determine the private user identity for the application session, the security gateway sends a query with the host identity and the application session time. These are compared with the host identity and access session time in an access session record, if they match, then the private user identity in the access session record is returned, and it is stored as the private user identity in the application session record.

摘要翻译： 本发明的系统包括主机，包括安全网关的网络和公共应用。 建立在网络和主机之间的访问会话以及公共应用程序和网络之间的应用程序会话。 为应用程序会话创建应用程序会话记录，并且包括用于访问公共应用程序的用户的公共用户身份，用于访问网络的用户的私人用户身份，主机身份和应用程序会话时间。要确定私人 应用程序会话的用户身份，安全网关发送具有主机身份和应用程序会话时间的查询。 将这些与访问会话记录中的主机身份和访问会话时间进行比较，如果匹配，则返回访问会话记录中的私有用户身份，并将其作为私有用户身份存储在应用程序会话记录中。

公开(公告)号：US08595383B2

公开(公告)日：2013-11-26

申请号：US13153385

申请日：2011-06-03

申请人： Lee Chen ,  John Chiong ,  Xin Wang

发明人： Lee Chen ,  John Chiong ,  Xin Wang

IPC分类号： G06F15/16 ,  H04L29/06

CPC分类号： H04L63/102 ,  H04L12/66 ,  H04L29/06 ,  H04L61/6022 ,  H04L61/6068 ,  H04L63/02 ,  H04L63/0281 ,  H04L63/04 ,  H04L63/08 ,  H04L63/0853 ,  H04L63/10 ,  H04L63/30 ,  H04L63/308 ,  H04L65/1003 ,  H04L65/1006 ,  H04L65/1069 ,  H04L65/4007 ,  H04L67/14 ,  H04L67/141 ,  H04L67/146

摘要： The inventive system includes a host, a network including a security gateway, and a public application. Established are an access session between the network and the host and an application session between the public application and the network. An application session record is created for the application session, and includes the user's public user identity used to access the public application, the user's private user identity used to access the network, a host identity, and an application session time. To determine the private user identity for the application session, the security gateway sends a query with the host identity and the application session time. These are compared with the host identity and access session time in an access session record. If they match, then the private user identity in the access session record is returned, and it is stored as the private user identity in the application session record.

公开(公告)号：US20110239289A1

公开(公告)日：2011-09-29

申请号：US13153385

申请日：2011-06-03

申请人： Xin Wang ,  Lee Chen ,  John Chiong

发明人： Xin Wang ,  Lee Chen ,  John Chiong

IPC分类号： G06F15/173 ,  G06F21/00

CPC分类号： H04L63/102 ,  H04L12/66 ,  H04L29/06 ,  H04L61/6022 ,  H04L61/6068 ,  H04L63/02 ,  H04L63/0281 ,  H04L63/04 ,  H04L63/08 ,  H04L63/0853 ,  H04L63/10 ,  H04L63/30 ,  H04L63/308 ,  H04L65/1003 ,  H04L65/1006 ,  H04L65/1069 ,  H04L65/4007 ,  H04L67/14 ,  H04L67/141 ,  H04L67/146

摘要： The inventive system includes a host, a network including a security gateway, and a public application. Established are an access session between the network and the host and an application session between the public application and the network. An application session record is created for the application session, and includes the user's public user identity used to access the public application, the user's private user identity used to access the network, a host identity, and an application session time. To determine the private user identity for the application session, the security gateway sends a query with the host identity and the application session time. These are compared with the host identity and access session time in an access session record. If they match, then the private user identity in the access session record is returned, and it is stored as the private user identity in the application session record.

摘要翻译： 本发明的系统包括主机，包括安全网关的网络和公共应用。 建立在网络和主机之间的访问会话以及公共应用程序和网络之间的应用程序会话。 为应用会话创建应用会话记录，并且包括用于访问公共应用的用户的公共用户标识，用于访问网络的用户的私有用户标识，主机标识和应用会话时间。 为了确定应用程序会话的私有用户身份，安全网关发送具有主机标识和应用程序会话时间的查询。 这些与访问会话记录中的主机身份和访问会话时间进行比较。 如果匹配，则返回访问会话记录中的私有用户身份，并将其作为私有用户身份存储在应用程序会话记录中。

公开(公告)号：US20070271598A1

公开(公告)日：2007-11-22

申请号：US11435043

申请日：2006-05-16

申请人： Lee Chen ,  John Chiong ,  Yang Yu

发明人： Lee Chen ,  John Chiong ,  Yang Yu

IPC分类号： H04L9/32 ,  G06F15/16 ,  G06F12/14 ,  H04L9/00 ,  H04K1/00 ,  G06K9/00 ,  G06F17/00 ,  G06F17/30 ,  G06F9/00 ,  G06F12/00 ,  G06F13/00 ,  G06F7/04 ,  G06F7/58 ,  G06K19/00 ,  G11C7/00

CPC分类号： H04L63/08 ,  G11C7/24 ,  H04L63/107 ,  H04W12/06 ,  H04W12/08

摘要： Systems and methods of authenticating user access based on an access point to a secure data network include a secure data network having a plurality of a network access points serving as entry points for a user to access the secure data network using a user device. The user is associated with a user identity, each network access point with a network access point identity. The user uses a user device to send an access request, requesting access to the secure data network, to the network access point, which then sends an authentication request to an identity server. The identity server processes the authentication request, by validating the combination of the user identity and the network access point identity, and responds with an authentication response, granting or denying access, as communicated to the user device via an access response. The secure data network may comprise an application level secure data network, in which the user uses the user device to request access to a network application. Furthermore, the identity server may validate the combined user identity and network access point identity data in conjunction with time information, access allowance data, and/or traffic volume data.

摘要翻译： 基于对安全数据网络的接入点认证用户接入的系统和方法包括具有多个网络接入点的安全数据网络，该网络接入点用作用户使用用户设备访问安全数据网络的入口点。 用户与用户身份相关联，每个网络接入点具有网络接入点身份。 用户使用用户设备向网络接入点发送访问安全数据网络的访问请求，网络接入点然后向认证服务器发送认证请求。 身份服务器通过验证用户身份和网络接入点身份的组合来处理身份验证请求，并通过访问响应传达给用户设备的认证响应，授予或拒绝访问进行响应。 安全数据网络可以包括应用级安全数据网络，其中用户使用用户设备来请求对网络应用的访问。 此外，身份服务器可以结合时间信息，访问允许数据和/或业务量数据来验证组合的用户身份和网络接入点身份数据。