公开(公告)号：US08966603B2

公开(公告)日：2015-02-24

申请号：US13902612

申请日：2013-05-24

Applicant: Citrix Systems, Inc.

Inventor： Puneet Agarwal ,  Dileep Reddem ,  Anil Kumar Gavini

IPC: H04L29/06

CPC classification number: H04L63/0815 ,  H04L63/0281 ,  H04L63/0884

Abstract: The present invention is directed towards systems and methods for form-based single sign-on by a user desiring access to one or more protected resources, e.g., protected web pages, protected web-served applications, etc. In various embodiments, a single sign-on (SSO) module is in operation on an intermediary device, which is disposed in a network to manage internet traffic between a plurality of clients and a plurality of servers. The intermediary device can identify an authentication response from a server and forward the authentication response to the SSO module. The SSO module can complete a login form in the authentication response with a client's authentication data, return the completed login form to the server and forward cookies associated with the authentication response to the client. In various embodiments, multiple login forms can be completed, transparently to the client, by the SSO module on a client's behalf and reduce time expended by a client in obtaining access to protected resources.

Abstract translation: 本发明涉及用于期望访问一个或多个受保护资源（例如受保护的网页，受保护的web服务应用程序等）的用户的基于表单的单一登录的系统和方法。在各种实施例中，单个符号 -on（SSO）模块在中间设备上运行，该中间设备被布置在网络中以管理多个客户端与多个服务器之间的互联网业务。 中间设备可以识别来自服务器的认证响应，并将认证响应转发给SSO模块。 SSO模块可以使用客户端的认证数据在认证响应中完成登录表单，将完成的登录表单返回到服务器，并将与认证响应相关联的cookie转发给客户端。 在各种实施例中，代表客户端的SSO模块可以透明地向客户端完成多个登录表单，并且减少客户端获得对受保护资源的访问所花费的时间。

公开(公告)号：US10924468B2

公开(公告)日：2021-02-16

申请号：US16047109

申请日：2018-07-27

Applicant: Citrix Systems, Inc.

Inventor： Viswanath Yarangatta Suresh ,  Arkesh Kumar ,  Dileep Reddem ,  Anil Kumar Gavini

IPC: H04L29/06 ,  H04L29/08

Abstract: Described embodiments provide systems and methods for launching a connection to a resource link from a client device. A device can authenticate the client device for access to a plurality of resource links accessible via one or more servers. The device can provide a list of the plurality of resource links responsive to the authentication, and receive a request from the client device, identifying a first resource link to access. The device can cause first authenticated credentials for the first resource link to be stored on the client device responsive to the request. The first authenticated credentials can correspond to the client device and provide access the first resource link. The client device can be configured to launch a connection to the first resource link from the client device using the first authenticated credentials stored on the client device.

公开(公告)号：US20200036699A1

公开(公告)日：2020-01-30

申请号：US16047109

申请日：2018-07-27

Applicant: Citrix Systems, Inc.

Inventor： Viswanath Yarangatta Suresh ,  Arkesh Kumar ,  Dileep Reddem ,  Anil Kumar Gavini

IPC: H04L29/06

Abstract: Described embodiments provide systems and methods for launching a connection to a resource link from a client device. A device can authenticate the client device for access to a plurality of resource links accessible via one or more servers. The device can provide a list of the plurality of resource links responsive to the authentication, and receive a request from the client device, identifying a first resource link to access. The device can cause first authenticated credentials for the first resource link to be stored on the client device responsive to the request. The first authenticated credentials can correspond to the client device and provide access the first resource link. The client device can be configured to launch a connection to the first resource link from the client device using the first authenticated credentials stored on the client device.

公开(公告)号：US20130263241A1

公开(公告)日：2013-10-03

申请号：US13902612

申请日：2013-05-24

Applicant: Citrix Systems, Inc.

Inventor： Puneet Agarwal ,  Dileep Reddem ,  Anil Kumar Gavini

IPC: H04L29/06

CPC classification number: H04L63/0815 ,  H04L63/0281 ,  H04L63/0884

Abstract: The present invention is directed towards systems and methods for form-based single sign-on by a user desiring access to one or more protected resources, e.g., protected web pages, protected web-served applications, etc. In various embodiments, a single sign-on (SSO) module is in operation on an intermediary device, which is disposed in a network to manage internet traffic between a plurality of clients and a plurality of servers. The intermediary device can identify an authentication response from a server and forward the authentication response to the SSO module. The SSO module can complete a login form in the authentication response with a client's authentication data, return the completed login form to the server and forward cookies associated with the authentication response to the client. In various embodiments, multiple login forms can be completed, transparently to the client, by the SSO module on a client's behalf and reduce time expended by a client in obtaining access to protected resources.

Abstract translation: 本发明涉及用于期望访问一个或多个受保护资源（例如受保护的网页，受保护的web服务应用程序等）的用户的基于表单的单一登录的系统和方法。在各种实施例中，单个符号 -on（SSO）模块在中间设备上运行，该中间设备被布置在网络中以管理多个客户端与多个服务器之间的互联网业务。 中间设备可以识别来自服务器的认证响应，并将认证响应转发给SSO模块。 SSO模块可以使用客户端的认证数据在认证响应中完成登录表单，将完成的登录表单返回到服务器，并将与认证响应相关联的cookie转发给客户端。 在各种实施例中，代表客户端的SSO模块可以透明地向客户端完成多个登录表单，并且减少客户端获得对受保护资源的访问所花费的时间。

公开(公告)号：US20210234919A1

公开(公告)日：2021-07-29

申请号：US16750727

申请日：2020-01-23

Applicant: Citrix Systems, Inc.

Inventor： Hrushikesh Shrinivas Paralikar ,  Kenneth Bell ,  Arkesh Kumar ,  Anil Kumar Gavini

IPC: H04L29/08 ,  H04L12/26

Abstract: Described implementations provide systems and methods generating and using live performance maps of a network environment for selecting combinations of proxies and servers for fulfilling client device requests. Proxy devices or connectors may gather network telemetry data from actual network flows between client devices and application servers or other resources traversing the proxy devices or connectors, when available, or by generating synthetic transactions to measure network telemetry data when actual flows are unavailable. The telemetry data may be provided to a management service, which may generate a performance map. The performance map may be provided to the proxy devices and/or a cloud proxy service for selection of optimal combinations of connectors and resources for client requests. Incoming client requests may be steered or redirected to the selected optimal combination. The performance map may be dynamically regenerated as network conditions change and/or as servers are deployed or undeployed.

公开(公告)号：US20210136055A1

公开(公告)日：2021-05-06

申请号：US17127393

申请日：2020-12-18

Applicant: Citrix Systems, Inc.

Inventor： Viswanath Yarangatta Suresh ,  Arkesh Kumar ,  Dileep Reddem ,  Anil Kumar Gavini

IPC: H04L29/06

Abstract: Described embodiments provide systems and methods for launching a connection to a resource link from a client device. A device can authenticate the client device for access to a plurality of resource links accessible via one or more servers. The device can provide a list of the plurality of resource links responsive to the authentication, and receive a request from the client device, identifying a first resource link to access. The device can cause first authenticated credentials for the first resource link to be stored on the client device responsive to the request. The first authenticated credentials can correspond to the client device and provide access the first resource link. The client device can be configured to launch a connection to the first resource link from the client device using the first authenticated credentials stored on the client device.

公开(公告)号：US11616772B2

公开(公告)日：2023-03-28

申请号：US17127393

申请日：2020-12-18

Applicant: Citrix Systems, Inc.

Inventor： Viswanath Yarangatta Suresh ,  Arkesh Kumar ,  Dileep Reddem ,  Anil Kumar Gavini

IPC: H04L9/40 ,  H04L67/08 ,  H04L67/131

Abstract: Described embodiments provide systems and methods for launching a connection to a resource link from a client device. A device can authenticate the client device for access to a plurality of resource links accessible via one or more servers. The device can provide a list of the plurality of resource links responsive to the authentication, and receive a request from the client device, identifying a first resource link to access. The device can cause first authenticated credentials for the first resource link to be stored on the client device responsive to the request. The first authenticated credentials can correspond to the client device and provide access the first resource link. The client device can be configured to launch a connection to the first resource link from the client device using the first authenticated credentials stored on the client device.

公开(公告)号：US20230012224A1

公开(公告)日：2023-01-12

申请号：US17370225

申请日：2021-07-08

Applicant: Citrix Systems, Inc.

Inventor： Krishna Kumar ,  Anil Kumar Gavini ,  Arkesh Kumar ,  Kiran Kumar Srinivasa ,  Srinivasa Maddipati

IPC: H04L29/06 ,  H04L29/12

Abstract: Described embodiments provide systems and methods for accessing a web application hosted in an intranet from outside said intranet. A server hosting a domain name service configured for the intranet can receive a request from a client that is outside the intranet to access the web application. The request may include a fully qualified domain name (FQDN) of the web application in the intranet. Responsive to the FQDN of the web application in the intranet, the server may send a notification to an access service, to cause the access service to pre-establish a connection to the intranet. Responsive to the FQDN of the web application in the intranet, the server may direct the client to send a handshake message to the access service to request access to the web application.

公开(公告)号：US20170070419A1

公开(公告)日：2017-03-09

申请号：US14846946

申请日：2015-09-07

Applicant: Citrix Systems, Inc.

Inventor： Pravin Singhal ,  Meghashree Vasista ,  Charumathy Venkatraman ,  Anil Kumar Gavini

IPC: H04L12/733 ,  H04L29/06

CPC classification number: H04L45/20 ,  H04L45/64 ,  H04L67/02 ,  H04L67/14 ,  H04L67/22 ,  H04L67/2814 ,  H04L67/42 ,  H04L69/16 ,  H04L69/22

Abstract: The present disclosure is directed towards systems and methods for associating multiple transport layer hops between a client and a server. A first intermediary device may receive a request for a transport layer connection between the client and the server. The first intermediary device may generate a unique identifier to identify a connection chain between the client and the server across a plurality of transport layer connections via the plurality of devices. The first intermediary device may set a hop count to a number of hops that the first device is between the client and the server. The first intermediary device may forward information about the unique identifier and the hop count to a next device of the plurality of devices.

Abstract translation: 本公开涉及用于在客户端和服务器之间关联多个传输层跳的系统和方法。 第一中间设备可以接收对客户端和服务器之间的传输层连接的请求。 第一中间设备可以生成唯一的标识符，以经由多个设备在多个传输层连接之间识别客户机和服务器之间的连接链。 第一中间设备可以将跳数设置为第一设备在客户端和服务器之间的跳数。 第一中间设备可以将关于唯一标识符和跳数的信息转发到多个设备中的下一个设备。

公开(公告)号：US20140157358A1

公开(公告)日：2014-06-05

申请号：US14172385

申请日：2014-02-04

Applicant: Citrix Systems, Inc.

Inventor： Puneet Agarwal ,  Ravindra Nath Thakur ,  Anil Kumar Gavini

IPC: H04L29/06

CPC classification number: H04L63/0272 ,  H04L63/0227 ,  H04L63/105 ,  H04L63/1441 ,  H04L63/166

Abstract: The present disclosure presents methods, systems and intermediaries which determine an encoding scheme of a uniform resource location (URL) from a plurality of encoding schemes for a clientless secure socket layer virtual private network (SSL VPN) via a proxy. An intermediary may receive a response from a server comprising a URL. The response from the server may be directed to a client via a SSL VPN session and via the intermediary. The intermediary may determine, responsive to an encoding policy, one of a transparent, opaque or encrypted encoding scheme for encoding the URL. The intermediary may rewrite the URL for transmission to the client in accordance with the determined encoding scheme.

Abstract translation: 本公开提供了通过代理从无客户端安全套接字层虚拟专用网（SSL VPN）的多个编码方案中确定统一资源位置（URL）的编码方案的方法，系统和中介​​。 中介可以从包含URL的服务器接收响应。 来自服务器的响应可以经由SSL VPN会话并且经由中介向客户端发送。 中介可以响应于编码策略来确定用于对URL进行编码的透明，不透明或加密的编码方案之一。 中介可以根据所确定的编码方案重写用于传送给客户端的URL。