公开(公告)号：US20230004668A1

公开(公告)日：2023-01-05

申请号：US17365721

申请日：2021-07-01

Applicant: Citrix Systems, Inc.

Inventor： Ratnesh Singh Thakur ,  Rama Rao Katta ,  Raghukrishna Hegde

IPC: G06F21/62 ,  G06F16/955 ,  G06F21/60

Abstract: Described embodiments provide systems and methods for validating a request to access a resource. A device can receive a first request from a client that includes a first uniform resource locator (URL) of the server. The device may receive a response from the server that includes a second URL. The device may update the response by including the client identifier in a set-cookie field, and adding to the second URL a first value of a query parameter determined according to: a client identifier assigned by the device, a key, and the second URL. The device may receive a second request that includes the client identifier, and a third URL having the first value. The device may determine to allow the server to receive the second request when the first value matches a second value determined according to the client identifier from the second request, the third URL and the key.

公开(公告)号：US11811760B2

公开(公告)日：2023-11-07

申请号：US17230334

申请日：2021-04-14

Applicant: Citrix Systems, Inc.

Inventor： Ratnesh Singh Thakur ,  Raghukrishna Hegde

IPC: G06F7/04 ,  H04L9/40

CPC classification number: H04L63/0876 ,  H04L63/083

Abstract: Described embodiments provide systems and methods for validating connections while mitigating cookie hijack attacks. A device intermediary between a client and a server can receive a request from the client to establish a connection. The device may send a cookie to the client, the cookie generated according to a connection identifier and a shared counter. The device may receive a response from the client that includes a client validation cookie for validating the request. The client validation cookie may be generated according to the cookie. The device may determine a candidate validation cookie according to a value of a counter range of the shared counter, that matches the client validation cookie. The device may validate the request responsive to the determination.

公开(公告)号：US12120226B2

公开(公告)日：2024-10-15

申请号：US17097255

申请日：2020-11-13

Applicant: Citrix Systems, Inc.

Inventor： Daniel G. Wing ,  Ratnesh Singh Thakur ,  Arkesh Kumar ,  Raghukrishna Hegde ,  Nivedita Jagdale ,  Ramachandra Kasyap Marmavula ,  Joseph Hoelbrandt ,  Girish Chandra Padhi

IPC: H04L9/08 ,  H04L9/40 ,  H04L67/02

CPC classification number: H04L9/0861 ,  H04L63/1466 ,  H04L67/02

Abstract: Described embodiments provide systems and methods for morphing or regenerating validation information. A client can receive, via a device, an authentication cookie for access to a server. The device may maintain a sequence number and a cryptographic secret. The client may use the cryptographic secret and a cookie engine to generate validation cookie information with an updated sequence number. The client may send the authentication cookie to the device via a hypertext transfer protocol (HTTP) message to validate the authentication cookie. The client may send the validation cookie information with the updated sequence number to the device via a HTTP message to validate the authentication cookie.

公开(公告)号：US20220337587A1

公开(公告)日：2022-10-20

申请号：US17230334

申请日：2021-04-14

Applicant: Citrix Systems, Inc.

Inventor： Ratnesh Singh Thakur ,  Raghukrishna Hegde

IPC: H04L29/06

Abstract: Described embodiments provide systems and methods for validating connections while mitigating cookie hijack attacks. A device intermediary between a client and a server can receive a request from the client to establish a connection. The device may send a cookie to the client, the cookie generated according to a connection identifier and a shared counter. The device may receive a response from the client that includes a client validation cookie for validating the request. The client validation cookie may be generated according to the cookie. The device may determine a candidate validation cookie according to a value of a counter range of the shared counter, that matches the client validation cookie. The device may validate the request responsive to the determination.

公开(公告)号：US20220158831A1

公开(公告)日：2022-05-19

申请号：US17097255

申请日：2020-11-13

Applicant: Citrix Systems, Inc.

Inventor： Daniel G. Wing ,  Ratnesh Singh Thakur ,  Arkesh Kumar ,  Raghukrishna Hegde ,  Nivedita Jagdale ,  Ramachandra Kasyap Marmavula ,  Joseph Hoelbrandt ,  Girish Chandra Padhi

IPC: H04L9/08 ,  H04L29/08

Abstract: Described embodiments provide systems and methods for morphing or regenerating validation information. A client can receive, via a device, an authentication cookie for access to a server. The device may maintain a sequence number and a cryptographic secret. The client may use the cryptographic secret and a cookie engine to generate validation cookie information with an updated sequence number. The client may send the authentication cookie to the device via a hypertext transfer protocol (HTTP) message to validate the authentication cookie. The client may send the validation cookie information with the updated sequence number to the device via a HTTP message to validate the authentication cookie