公开(公告)号：US08904475B2

公开(公告)日：2014-12-02

申请号：US13760898

申请日：2013-02-06

Applicant: Citrix Systems, Inc.

Inventor： Amarnath Mullick ,  Charu Venkatraman ,  Shashi Nanjundaswamy ,  Junxiao He ,  Ajay Soni

IPC: G06F17/00 ,  G06F7/04 ,  H04L29/06

CPC classification number: H04L63/20 ,  H04L63/0272 ,  H04L63/102 ,  H04L63/105

Abstract: An appliance and method for authorizing a level of access of a client to a virtual private network connection, based on a client-side attribute includes the step of establishing, by an appliance, a control connection with a client upon receiving a client request to establish a virtual private network connection with a network. The appliance transmits, via the control connection, a request to the client to evaluate at least one clause of a security string, the at least one clause including an expression associated with a client-side attribute. The client transmits, via the control connection, a response to the appliance comprising a result of evaluating the at least one clause by the client. The appliance assigns the client to an authorization group based on the result of evaluation of the at least one clause.

Abstract translation: 基于客户端属性来授权客户端访问虚拟专用网络连接的级别的设备和方法包括以下步骤：当设备在接收到建立客户端请求时建立与客户端的控制连接 与网络的虚拟专用网络连接。 该设备经由控制连接向客户端发送请求以评估安全字符串的至少一个子句，所述至少一个子句包括与客户端属性相关联的表达式。 客户端经由控制连接发送对设备的响应，包括由客户端评估至少一个子句的结果。 该设备基于至少一个子句的评估结果将客户端分配给授权组。

公开(公告)号：US11627200B2

公开(公告)日：2023-04-11

申请号：US17159789

申请日：2021-01-27

Applicant: Citrix Systems, Inc.

Inventor： Mugdha Agarwal ,  Rama Praveen ,  Ajay Soni ,  Minoo Gupta ,  Ram Goda

IPC: H04L67/568 ,  H04L67/563 ,  H04L67/02

Abstract: The present disclosure relates to methods and systems for performing response based cache redirection to a cache proxy. A device intermediary to a plurality of clients and a plurality of servers and in communication with a plurality of cache proxies, receives a request for content from a client. The request is for content from a server of the plurality of servers. The device forwards the request to the server. The device identifies a cache redirection policy that specifies an amount of bytes of a response to buffer to calculate a signature of the content of the response. The device computes the signature of the content of the response based on the amount of bytes of the response received from the server and buffered by the device. The device selects a cache proxy based on the computed signature and forwards the request of the client to the selected cache proxy.

公开(公告)号：US10050966B2

公开(公告)日：2018-08-14

申请号：US15255640

申请日：2016-09-02

Applicant: Citrix Systems, Inc.

Inventor： Richard Hayton ,  Ajay Soni ,  Abhishek Chauhan ,  Rajiv Sinha ,  Minoo Gupta

IPC: H04L29/06 ,  G06F21/00 ,  G06F21/31 ,  G06F21/41 ,  G06F21/55

Abstract: The present disclosure is directed to methods and systems of providing a user-selectable list of disparately hosted applications. A device intermediary to a client and one or more servers may receive a user request to access a list of applications published to the user. The device may communicate to the client the list of published applications available to the user, the list comprising graphical icons corresponding to disparately hosted applications, at least one graphical icon corresponding to a third-party hosted application of the disparately hosted applications, the third party hosted application served by a remote third-party server. The device may receive a selection from the user of the at least one graphical icon. The device may communicate, from the remote third party server to the client of the user, execution of the third party hosted application responsive to the selection by the user.

公开(公告)号：US20160373445A1

公开(公告)日：2016-12-22

申请号：US15255640

申请日：2016-09-02

Applicant: Citrix Systems, Inc.

Inventor： Richard Hayton ,  Ajay Soni ,  Abhishek Chauhan ,  Rajiv Sinha ,  Minoo Gupta

IPC: H04L29/06 ,  G06F21/41

CPC classification number: H04L63/0884 ,  G06F21/00 ,  G06F21/31 ,  G06F21/41 ,  G06F21/554 ,  H04L63/0815

Abstract: The present disclosure is directed to methods and systems of providing a user-selectable list of disparately hosted applications. A device intermediary to a client and one or more servers may receive a user request to access a list of applications published to the user. The device may communicate to the client the list of published applications available to the user, the list comprising graphical icons corresponding to disparately hosted applications, at least one graphical icon corresponding to a third-party hosted application of the disparately hosted applications, the third party hosted application served by a remote third-party server. The device may receive a selection from the user of the at least one graphical icon. The device may communicate, from the remote third party server to the client of the user, execution of the third party hosted application responsive to the selection by the user.

Abstract translation: 本公开涉及提供不同地托管的应用的用户可选列表的方法和系统。 客户端和一个或多个服务器的设备中介可以接收访问发布给用户的应用的列表的用户请求。 设备可以向客户端通知可用于用户的已发布应用的列表，该列表包括对应于不同托管的应用的图形图标，对应于不同托管的应用的第三方托管应用的至少一个图形图标，第三方 由远程第三方服务器提供的托管应用程序。 设备可以从用户接收至少一个图形图标的选择。 设备可以响应于用户的选择，从远程第三方服务器向用户的客户端通信第三方托管应用的执行。

公开(公告)号：US20150128227A1

公开(公告)日：2015-05-07

申请号：US14594963

申请日：2015-01-12

Applicant: Citrix Systems, Inc.

Inventor： Junxiao He ,  Charu Venkatraman ,  Ajay Soni

IPC: H04L29/06 ,  H04L29/08

CPC classification number: H04L63/0272 ,  H04L63/0227 ,  H04L63/08 ,  H04L67/02 ,  H04L67/42

Abstract: Systems and methods are described for using a client agent operating in a virtual private network environment to intercept HTTP communications. Methods include: intercepting at the network layer, by a client agent executing on a client, an HTTP request from an application executing on the client; modifying the HTTP request; and transmitting, via a transport layer connection, the modified HTTP request to a server. Additional methods may comprise adding, removing, or modifying at least one cookie in the HTTP request. Still other methods may comprise modifying at least one name-value pair contained in the HTTP request. Corresponding systems are also described.

Abstract translation: 描述了使用在虚拟专用网络环境中操作的客户端代理拦截HTTP通信的系统和方法。 方法包括：在客户端上执行的客户端代理在网络层拦截来自在客户机上执行的应用的HTTP请求; 修改HTTP请求; 以及经由传输层连接将经修改的HTTP请求发送到服务器。 附加方法可以包括在HTTP请求中添加，删除或修改至少一个cookie。 还有其他方法可以包括修改包含在HTTP请求中的至少一个名称 - 值对。 还描述了相应的系统。

公开(公告)号：US20140344891A1

公开(公告)日：2014-11-20

申请号：US14448298

申请日：2014-07-31

Applicant: Citrix Systems, Inc.

Inventor： Amarnath Mullick ,  Charu Venkatraman ,  Shashi Nanjundaswamy ,  Junxiao He ,  Ajay Soni ,  Nicholas Stavrakos ,  Chris Koopmans

IPC: H04L29/06

CPC classification number: H04L63/0272 ,  G06F17/00 ,  H04L63/102 ,  H04L63/105 ,  H04L63/20

Abstract: An appliance and method for authorizing a level of access of a client to a virtual private network connection, based on a client-side attribute includes the step of establishing, by an appliance, a control connection with a client upon receiving a client request to establish a virtual private network connection with a network. The appliance transmits, via the control connection, a request to the client to evaluate at least one clause of a security string, the at least one clause including an expression associated with a client-side attribute. The client transmits, via the control connection, a response to the appliance comprising a result of evaluating the at least one clause by the client. The appliance assigns the client to an authorization group based on the result of evaluation of the at least one clause.

Abstract translation: 基于客户端属性来授权客户端访问虚拟专用网络连接的级别的设备和方法包括以下步骤：当设备在接收到建立客户端请求时建立与客户端的控制连接 与网络的虚拟专用网络连接。 该设备经由控制连接向客户端发送请求以评估安全字符串的至少一个子句，所述至少一个子句包括与客户端属性相关联的表达式。 客户端经由控制连接发送对设备的响应，包括由客户端评估至少一个子句的结果。 该设备基于至少一个子句的评估结果将客户端分配给授权组。

公开(公告)号：US08819809B2

公开(公告)日：2014-08-26

申请号：US13850848

申请日：2013-03-26

Applicant: Citrix Systems, Inc.

Inventor： Amarnath Mullick ,  Shashi Nanjundaswamy ,  Ajay Soni

IPC: H04L29/00

CPC classification number: H04L63/0823 ,  H04L63/0272 ,  H04L63/10 ,  H04L67/1002 ,  H04L67/1008 ,  H04L67/1012 ,  H04L67/1029

Abstract: In a method and appliance for authenticating, by an appliance, a client to access a virtual network connection, based on an attribute of a client-side certificate, a client authentication certificate is requested from a client. A value of at least one field in the client authentication certificate received from the client is identified. One of a plurality of types of access is assigned responsive to an application of a policy to the identified value of the at least one field, each of the plurality of access types associated with at least one connection characteristic.

Abstract translation: 在用于通过设备认证客户端以访问虚拟网络连接的方法和设备中，基于客户端证书的属性，从客户端请求客户端认证证书。 识别从客户端接收的客户端认证证书中至少一个字段的值。 响应于对至少一个字段的标识值的策略的应用来分配多种类型的访问中的一种，所述多个访问类型中的每一个与至少一个连接特征相关联。

公开(公告)号：US09531714B2

公开(公告)日：2016-12-27

申请号：US14317795

申请日：2014-06-27

Applicant: Citrix Systems, Inc.

Inventor： Andrew Innes ,  Chris Mayers ,  Ajay Soni

IPC: G06F7/04 ,  G06F17/30 ,  H04L29/06 ,  G06F21/31 ,  G06F21/44 ,  H04L9/32 ,  H04W12/06

CPC classification number: H04L63/0884 ,  G06F21/31 ,  G06F21/44 ,  H04L9/0866 ,  H04L9/321 ,  H04L9/3213 ,  H04L9/3231 ,  H04L9/3271 ,  H04L63/08 ,  H04W12/06

Abstract: Methods and systems are disclosed for providing approaches to enterprise authentication via third party authentication support. The methods and systems may include transmitting, by a computing device to an authentication device, a request to authenticate a client device application via a forms login protocol, and transmitting, by the computing device to the client device application, a first credential form retrieved from an authentication device generated by an extension device. The methods and systems may also include receiving, by the computing device from the client device application, a first authentication credential, and transmitting, by the computing device to the authentication service via the extension device, the first authentication credential. The methods and systems may also include transmitting, by the computing device and in response to a successful validation of the first authentication credential, an approval of the request made by the client device application to authenticate via the forms login protocol.

Abstract translation: 公开了用于通过第三方认证支持为企业认证提供方法的方法和系统。 所述方法和系统可以包括由计算设备向认证设备发送通过表单登录协议来认证客户端设备应用的请求，并且由计算设备向客户端设备应用发送从第一认证表单 由扩展设备生成的认证设备。 所述方法和系统还可以包括由计算设备从客户端设备应用接收第一认证凭证，并且由计算设备通过扩展设备将认证服务发送给第一认证凭证。 方法和系统还可以包括由计算设备发送并且响应第一认证证书的成功验证，通过客户端设备应用程序通过表单登录协议进行认证的请求的批准。

公开(公告)号：US09246878B2

公开(公告)日：2016-01-26

申请号：US14045922

申请日：2013-10-04

Applicant: Citrix Systems, Inc.

Inventor： Arkesh Kumar ,  James Harris ,  Ajay Soni

IPC: H04L29/06 ,  H04L12/46

CPC classification number: H04L63/0272 ,  H04L12/4641 ,  H04L63/166

Abstract: In a method and system for routing packets between clients, a packet is received from a first client connected to a secure sockets layer virtual private network (an SSL/VPN) network appliance. An identification is made, responsive to an inspection of the received packet, of i) a type of connection required for transmission of the received packet to a destination address identified by the received packet and ii) a second client connected via an SSL/VPN connection to the SSL/VPN network appliance and associated with the identified destination address. A request is made for establishment by the second client of a connection of the identified type within the SSL/VPN connection. The received packet is transmitted to the second client via the established connection of the identified type.

公开(公告)号：US20150381621A1

公开(公告)日：2015-12-31

申请号：US14317795

申请日：2014-06-27

Applicant: Citrix Systems, Inc.

Inventor： Andrew Innes ,  Chris Mayers ,  Ajay Soni

IPC: H04L29/06 ,  G06F21/31 ,  G06F21/44

CPC classification number: H04L63/0884 ,  G06F21/31 ,  G06F21/44 ,  H04L9/0866 ,  H04L9/321 ,  H04L9/3213 ,  H04L9/3231 ,  H04L9/3271 ,  H04L63/08 ,  H04W12/06

Abstract: Methods and systems are disclosed for providing approaches to enterprise authentication via third party authentication support. The methods and systems may include transmitting, by a computing device to an authentication device, a request to authenticate a client device application via a forms login protocol, and transmitting, by the computing device to the client device application, a first credential form retrieved from an authentication device generated by an extension device. The methods and systems may also include receiving, by the computing device from the client device application, a first authentication credential, and transmitting, by the computing device to the authentication service via the extension device, the first authentication credential. The methods and systems may also include transmitting, by the computing device and in response to a successful validation of the first authentication credential, an approval of the request made by the client device application to authenticate via the forms login protocol.

Abstract translation: 公开了用于通过第三方认证支持为企业认证提供方法的方法和系统。 所述方法和系统可以包括由计算设备向认证设备发送通过表单登录协议来认证客户端设备应用的请求，并且由计算设备向客户端设备应用发送从第一认证表单 由扩展设备生成的认证设备。 所述方法和系统还可以包括由计算设备从客户端设备应用接收第一认证凭证，并且由计算设备通过扩展设备将认证服务发送给第一认证凭证。 方法和系统还可以包括由计算设备发送并且响应第一认证证书的成功验证，通过客户端设备应用程序通过表单登录协议进行认证的请求的批准。