1. Technical Field
This application relates to validating association of client devices with sessions.
2. Description of Related Art
Computer networks, and in particular Wide Area Networks (WANs) such as the Internet, provide opportunities for the misuse and abuse of communications traveling over the network. For example, two users (e.g., a human user and an enterprise server) communicating via the WAN may have their communications intercepted and/or altered. Also, it is possible for one user to misrepresent his, her, or its identity to another user.
Malicious software (malware) is designed to harm or access a computer system without the informed consent of the owner. Malware is a serious threat to many computer systems, particularly in an online environment. Malware includes computer viruses, Trojan horses, worms and other malicious and unwanted software programs. Trojan horses, for example, install themselves on user machines without being perceived by the user. Trojan horses may then enable a controller to record data from an infected machine (e.g., key loggers), listen in on conversations (e.g., Man in The Middle or MiTM), or even hijack an HTTP session from within a browser (e.g., Man in The Browser or MiTB).
Thus, there is a need for both privacy and authentication between users of the network communicating with one another. In other words, users should be able to rely on the fact that their transmissions will not be intercepted or altered, and that transmissions from someone purporting to be a particular user do in fact originate from that user.
A typical internet or intranet web site must often evaluate whether a user should be granted access to a specific resource, or if the user should be allowed to perform a specific transaction. That decision is sometimes delegated to an authorization authority (such as RSA Access Manager product), or some other policy decision point. The policy decision point may include a number of factors in its authorization decision, and usually references a dedicated, locally maintained policy database of user, role, attribute, or permission data.
Uses for the Internet and the World Wide Web are continually increasing, and have expanded into “secure” areas. In web-based systems, such as electronic commerce systems, when data is requested by a client from a server, it is often the case that the web server must query a database to locate the requested data. In such a case, communications between a server and a web browser client typically require authorization of the client, to permit a client access only to certain data stored by the server. Such data may include, for example, contract information or pricing information which is exclusive to that client; other clients of the web server are not entitled to view this information.
Further, as the size and diversity of the Internet grows, so do the devices and applications that use the network. Originally, network applications such as web browsers, terminal clients, and e-mail readers were the only programs accessing the Internet. Now, almost every new device or application has a networking component, whether it is to obtain content, updates, manage licensing, or report usage statistics.