公开(公告)号：US11063750B2

公开(公告)日：2021-07-13

申请号：US16774676

申请日：2020-01-28

Applicant: Citrix Systems, Inc.

Inventor： Keyoor Khristi ,  Mukul Agarwal ,  Ravi Ganesh, V ,  Saurabh Singh ,  Vishnu Prateek

IPC: H04L9/08 ,  H04L29/06 ,  H04L9/32 ,  H04L9/00

Abstract: Systems and methods for secured access to cloud-based applications or services include a service node that may receive a request from client including a URL associated with an application manager. The service node may send a URL prefix identifying a termination to the termination node. The service node may receive a client hello message from the client that includes a first field incorporating the URL prefix, and may send the client hello message to the termination node to initiate a handshake with the client using a wildcard certificate of server, for establishing a SSL channel between the client and the termination node for a session of the application. The service node can direct a communication of the session from the client to the predetermined termination node, for decryption, using the established SSL channel, according to the URL prefix incorporated in a server name indication (SNI) field of the communication.

公开(公告)号：US20230049690A1

公开(公告)日：2023-02-16

申请号：US17402125

申请日：2021-08-13

Applicant: Citrix Systems, Inc.

Inventor： Vishnu Prateek Ponaka ,  Pradeep Gaikwad ,  Jateen Mittal ,  Mukul Agarwal

IPC: H04L12/46

Abstract: Described embodiments provide systems and methods for tunneling data packets to a server. A computing device can include a processor and a network interface. The processor is configured to execute a network service, a local application, and a virtual private network (VPN) application. The network service can receive a packet from the local application for transmission via a VPN tunnel, the packet comprising a source address of the computing device and a source port associated with the local application. The network service can determine that the packet matches a first tunnel filter. The network service can encapsulate, responsive to the determination that the packet matches the first tunnel filter, the packet with the header comprising a localhost destination address and a destination port associated with the VPN application. The network service can provide the encapsulated packet to the VPN application.

公开(公告)号：US10574444B2

公开(公告)日：2020-02-25

申请号：US15876828

申请日：2018-01-22

Applicant: Citrix Systems, Inc.

Inventor： Keyoor Khristi ,  Mukul Agarwal ,  Ravi Ganesh, V ,  Saurabh Singh ,  Vishnu Prateek

IPC: H04L9/08 ,  H04L29/06 ,  H04L9/32 ,  H04L9/00

Abstract: Systems and methods for secured access to cloud-based applications or services include a service node that may receive a request from client including a URL associated with an application manager. The service node may send a URL prefix identifying a termination to the termination node. The service node may receive a client hello message from the client that includes a first field incorporating the URL prefix, and may send the client hello message to the termination node to initiate a handshake with the client using a wildcard certificate of server, for establishing a SSL channel between the client and the termination node for a session of the application. The service node can direct a communication of the session from the client to the predetermined termination node, for decryption, using the established SSL channel, according to the URL prefix incorporated in a server name indication (SNI) field of the communication.

公开(公告)号：US11677585B2

公开(公告)日：2023-06-13

申请号：US17402125

申请日：2021-08-13

Applicant: Citrix Systems, Inc.

Inventor： Vishnu Prateek Ponaka ,  Pradeep Gaikwad ,  Jateen Mittal ,  Mukul Agarwal

IPC: H04L12/46

CPC classification number: H04L12/4633 ,  H04L12/4641 ,  H04L2212/00

Abstract: Described embodiments provide systems and methods for tunneling data packets to a server. A computing device can include a processor and a network interface. The processor is configured to execute a network service, a local application, and a virtual private network (VPN) application. The network service can receive a packet from the local application for transmission via a VPN tunnel, the packet comprising a source address of the computing device and a source port associated with the local application. The network service can determine that the packet matches a first tunnel filter. The network service can encapsulate, responsive to the determination that the packet matches the first tunnel filter, the packet with the header comprising a localhost destination address and a destination port associated with the VPN application. The network service can provide the encapsulated packet to the VPN application.

公开(公告)号：US20200169394A1

公开(公告)日：2020-05-28

申请号：US16774676

申请日：2020-01-28

Applicant: Citrix Systems, Inc.

Inventor： Keyoor Khristi ,  Mukul Agarwal ,  Ravi Ganesh, V ,  Saurabh Singh ,  Vishnu Prateek

IPC: H04L9/08 ,  H04L29/06 ,  H04L9/32 ,  H04L9/00

Abstract: Systems and methods for secured access to cloud-based applications or services include a service node that may receive a request from client including a URL associated with an application manager. The service node may send a URL prefix identifying a termination to the termination node. The service node may receive a client hello message from the client that includes a first field incorporating the URL prefix, and may send the client hello message to the termination node to initiate a handshake with the client using a wildcard certificate of server, for establishing a SSL channel between the client and the termination node for a session of the application. The service node can direct a communication of the session from the client to the predetermined termination node, for decryption, using the established SSL channel, according to the URL prefix incorporated in a server name indication (SNI) field of the communication.

公开(公告)号：US20190229900A1

公开(公告)日：2019-07-25

申请号：US15876828

申请日：2018-01-22

Applicant: Citrix Systems, Inc.

Inventor： Keyoor Khristi ,  Mukul Agarwal ,  Ravi Ganesh, V ,  Saurabh Singh ,  Vishnu Prateek

IPC: H04L9/08 ,  H04L29/06 ,  H04L9/00 ,  H04L9/32

Abstract: Systems and methods for secured access to cloud-based applications or services include a service node that may receive a request from client including a URL associated with an application manager. The service node may send a URL prefix identifying a termination to the termination node. The service node may receive a client hello message from the client that includes a first field incorporating the URL prefix, and may send the client hello message to the termination node to initiate a handshake with the client using a wildcard certificate of server, for establishing a SSL channel between the client and the termination node for a session of the application. The service node can direct a communication of the session from the client to the predetermined termination node, for decryption, using the established SSL channel, according to the URL prefix incorporated in a server name indication (SNI) field of the communication.