公开(公告)号：US20140095725A1

公开(公告)日：2014-04-03

申请号：US13966681

申请日：2013-08-14

Applicant: Citrix Systems, Inc.

Inventor： Ravindranath Thakur ,  Pratap Ramachandra ,  Arkesh Kumar

IPC: H04L29/08

CPC classification number: H04L67/14 ,  H04L45/00 ,  H04L45/56

Abstract: The present application is directed towards systems and methods for managing server initiated connections via a multi-core system that provides VPN access between clients and servers. The solution described herein provides a mechanism by which server and client communications via the multi-core system for a server initiated connection may be received on different cores and for the system to manage these communications across different cores to provide an end-to-end connectivity between the client and the server.

Abstract translation: 本申请涉及用于通过在客户端和服务器之间提供VPN访问的多核系统来管理服务器发起的连接的系统和方法。 本文描述的解决方案提供了一种机制，通过该机制，可以在不同的核上接收用于服务器发起的连接的经由多核系统的服务器和客户端通信，并且系统可以跨不同核心管理这些通信以提供端到端连接 在客户端和服务器之间。

公开(公告)号：US20170126664A1

公开(公告)日：2017-05-04

申请号：US14925410

申请日：2015-10-28

Applicant: Citrix Systems, Inc.

Inventor： Jaydeep Khandelwal ,  Punit Gupta ,  Arkesh Kumar

IPC: H04L29/06

CPC classification number: H04L63/0823 ,  H04L63/0272

Abstract: The present disclosure is directed towards systems and methods for validation of a secure socket layer (SSL) certificate of a server for clientless SSL virtual private network (VPN) access. An intermediary device can receive a first request from a client for a clientless SSL VPN connection to a first server. The intermediary device can determine, using a preconfigured policy, that the first server in the first request meets a condition of the preconfigured policy. The intermediary device 801 can perform, responsive to the determination, an action to validate a SSL certificate of the first server using one or more certificate authority (CA) certificate files available to the intermediary device. The one or more CA certificate files can be specified by the preconfigured policy for the action.

公开(公告)号：US09246878B2

公开(公告)日：2016-01-26

申请号：US14045922

申请日：2013-10-04

Applicant: Citrix Systems, Inc.

Inventor： Arkesh Kumar ,  James Harris ,  Ajay Soni

IPC: H04L29/06 ,  H04L12/46

CPC classification number: H04L63/0272 ,  H04L12/4641 ,  H04L63/166

Abstract: In a method and system for routing packets between clients, a packet is received from a first client connected to a secure sockets layer virtual private network (an SSL/VPN) network appliance. An identification is made, responsive to an inspection of the received packet, of i) a type of connection required for transmission of the received packet to a destination address identified by the received packet and ii) a second client connected via an SSL/VPN connection to the SSL/VPN network appliance and associated with the identified destination address. A request is made for establishment by the second client of a connection of the identified type within the SSL/VPN connection. The received packet is transmitted to the second client via the established connection of the identified type.

公开(公告)号：US11082453B2

公开(公告)日：2021-08-03

申请号：US16591810

申请日：2019-10-03

Applicant: Citrix Systems, Inc.

Inventor： Dileep Reddem ,  Pratap Ranjan Tiwary ,  Arkesh Kumar ,  Naresh Babu Jampani

IPC: H04L29/06 ,  G06F21/31

Abstract: The present disclosure is directed towards systems and methods of authenticating a client. A device intermediary to clients servers that provide one or more resources can receive a request from a client to access a resource of the one or more resources. The device can select a login schema associated with the request that includes a definition of a login form. The login schema may correspond to an authentication protocol. The device can generate the login form responsive to the request. The login form can be constructed according to the definition provided by the selected login schema. The device can provide the login form for display via the client. The device can receive information inputted into the login form via the client. The device can establish access to the resource responsive to authentication of the client based on the information and the authentication protocol.

公开(公告)号：US10454974B2

公开(公告)日：2019-10-22

申请号：US14753636

申请日：2015-06-29

Applicant: Citrix Systems, Inc.

Inventor： Dileep Reddem ,  Pratap Ranjan Tiwary ,  Arkesh Kumar ,  Naresh Babu Jampani

IPC: H04L29/06 ,  G06F21/31

Abstract: The present disclosure is directed towards systems and methods of authenticating a client. A device intermediary to clients servers that provide one or more resources can receive a request from a client to access a resource of the one or more resources. The device can select a login schema associated with the request that includes a definition of a login form. The login schema may correspond to an authentication protocol. The device can generate the login form responsive to the request. The login form can be constructed according to the definition provided by the selected login schema. The device can provide the login form for display via the client. The device can receive information inputted into the login form via the client. The device can establish access to the resource responsive to authentication of the client based on the information and the authentication protocol.

公开(公告)号：US09992167B2

公开(公告)日：2018-06-05

申请号：US14733280

申请日：2015-06-08

Applicant: Citrix Systems, Inc.

Inventor： Arkesh Kumar ,  Pratap Ramachandra

IPC: H04L29/06 ,  H04L29/08 ,  G06F21/10 ,  G06F21/60

CPC classification number: H04L63/0272 ,  G06F21/10 ,  G06F21/105 ,  G06F21/604 ,  G06F2221/2141 ,  H04L63/0823 ,  H04L63/10 ,  H04L63/105 ,  H04L63/166 ,  H04L67/141

Abstract: The present invention is directed towards systems and methods for sharing licenses across resources via a multi-core intermediary device. A device intermediary to a plurality of clients and a server may grant a license for a virtual private network (VPN) session established by a first core of a plurality of cores of the device with a client. A second core of the plurality of cores may receive a first request from the client to establish an application connection between an application and a server via the VPN session. The second core may send a second request to the first core to share the license of the VPN session responsive to determining that the first core owns the VPN session. The second core may establish the application connection responsive to receiving from the first core a response accepting the second request to share the license of the VPN session.

公开(公告)号：US09491161B2

公开(公告)日：2016-11-08

申请号：US14502598

申请日：2014-09-30

Applicant: Citrix Systems, Inc.

Inventor： Viswanath Yarangatta Suresh ,  Dileep Reddem ,  Anil Kumar Gavini ,  Arkesh Kumar

IPC: H04L29/06 ,  H04L29/08

CPC classification number: H04L63/0815 ,  H04L63/0272 ,  H04L63/0281 ,  H04L67/025 ,  H04L67/141 ,  H04L67/40 ,  H04L67/42

Abstract: The present disclosure is directed to systems and methods for performing single sign on by an intermediary device for a remote desktop session of a client. A first device intermediary to a plurality of clients and a plurality of servers authenticates a user and establishes a connection to the user's client device. The device provides a homepage including links to one or more remote desktop hosts associated with the user. The device receives a request to launch an RDP session with a remote desktop host via the homepage and generates RDP content, including a security token, for the user. The device receives a second request that includes the security token to launch the RDP session. The device validates the user using the security token and establishes a connection to the remote desktop host. The device signs into the desktop host using session credentials.

Abstract translation: 本公开涉及用于由客户端的远程桌面会话的中间设备执行单点登录的系统和方法。 多个客户端和多个服务器的第一设备中介对用户进行认证，并建立与用户的客户端设备的连接。 该设备提供主页，其中包括与用户相关联的一个或多个远程桌面主机的链接。 设备通过主页接收与远程桌面主机启动RDP会话的请求，并为用户生成包括安全令牌的RDP内容。 设备接收到包含安全令牌的第二个请求，以启动RDP会话。 该设备使用安全令牌验证用户，并建立与远程桌面主机的连接。 设备使用会话凭据登录桌面主机。

公开(公告)号：US20160094539A1

公开(公告)日：2016-03-31

申请号：US14502598

申请日：2014-09-30

Applicant: Citrix Systems, Inc.

Inventor： Viswanath Yarangatta Suresh ,  Dileep Reddem ,  Anil Kumar Gavini ,  Arkesh Kumar

IPC: H04L29/06 ,  H04L29/08

CPC classification number: H04L63/0815 ,  H04L63/0272 ,  H04L63/0281 ,  H04L67/025 ,  H04L67/141 ,  H04L67/40 ,  H04L67/42

Abstract: The present disclosure is directed to systems and methods for performing single sign on by an intermediary device for a remote desktop session of a client. A first device intermediary to a plurality of clients and a plurality of servers authenticates a user and establishes a connection to the user's client device. The device provides a homepage including links to one or more remote desktop hosts associated with the user. The device receives a request to launch an RDP session with a remote desktop host via the homepage and generates RDP content, including a security token, for the user. The device receives a second request that includes the security token to launch the RDP session. The device validates the user using the security token and establishes a connection to the remote desktop host. The device signs into the desktop host using session credentials.

Abstract translation: 本公开涉及用于由客户端的远程桌面会话的中间设备执行单点登录的系统和方法。 多个客户端和多个服务器的第一设备中介对用户进行认证，并建立与用户的客户端设备的连接。 该设备提供主页，其中包括与用户相关联的一个或多个远程桌面主机的链接。 设备通过主页接收与远程桌面主机启动RDP会话的请求，并为用户生成包括安全令牌的RDP内容。 设备接收到包含安全令牌的第二个请求，以启动RDP会话。 该设备使用安全令牌验证用户，并建立与远程桌面主机的连接。 设备使用会话凭据登录桌面主机。

公开(公告)号：US08909756B2

公开(公告)日：2014-12-09

申请号：US13966681

申请日：2013-08-14

Applicant: Citrix Systems, Inc.

Inventor： Ravindranath Thakur ,  Pratap Ramachandra ,  Arkesh Kumar

IPC: H04L29/08 ,  H04L12/701 ,  H04L12/771

CPC classification number: H04L67/14 ,  H04L45/00 ,  H04L45/56

Abstract: The present application is directed towards systems and methods for managing server initiated connections via a multi-core system that provides VPN access between clients and servers. The solution described herein provides a mechanism by which server and client communications via the multi-core system for a server initiated connection may be received on different cores and for the system to manage these communications across different cores to provide an end-to-end connectivity between the client and the server.

Abstract translation: 本申请涉及用于通过在客户端和服务器之间提供VPN访问的多核系统来管理服务器发起的连接的系统和方法。 本文描述的解决方案提供了一种机制，通过该机制，可以在不同的核上接收用于服务器发起的连接的经由多核系统的服务器和客户端通信，并且系统可以跨不同核心管理这些通信以提供端到端连接 在客户端和服务器之间。

公开(公告)号：US12120226B2

公开(公告)日：2024-10-15

申请号：US17097255

申请日：2020-11-13

Applicant: Citrix Systems, Inc.

Inventor： Daniel G. Wing ,  Ratnesh Singh Thakur ,  Arkesh Kumar ,  Raghukrishna Hegde ,  Nivedita Jagdale ,  Ramachandra Kasyap Marmavula ,  Joseph Hoelbrandt ,  Girish Chandra Padhi

IPC: H04L9/08 ,  H04L9/40 ,  H04L67/02

CPC classification number: H04L9/0861 ,  H04L63/1466 ,  H04L67/02

Abstract: Described embodiments provide systems and methods for morphing or regenerating validation information. A client can receive, via a device, an authentication cookie for access to a server. The device may maintain a sequence number and a cryptographic secret. The client may use the cryptographic secret and a cookie engine to generate validation cookie information with an updated sequence number. The client may send the authentication cookie to the device via a hypertext transfer protocol (HTTP) message to validate the authentication cookie. The client may send the validation cookie information with the updated sequence number to the device via a HTTP message to validate the authentication cookie.