-
公开(公告)号:US20230004668A1
公开(公告)日:2023-01-05
申请号:US17365721
申请日:2021-07-01
Applicant: Citrix Systems, Inc.
Inventor: Ratnesh Singh Thakur , Rama Rao Katta , Raghukrishna Hegde
IPC: G06F21/62 , G06F16/955 , G06F21/60
Abstract: Described embodiments provide systems and methods for validating a request to access a resource. A device can receive a first request from a client that includes a first uniform resource locator (URL) of the server. The device may receive a response from the server that includes a second URL. The device may update the response by including the client identifier in a set-cookie field, and adding to the second URL a first value of a query parameter determined according to: a client identifier assigned by the device, a key, and the second URL. The device may receive a second request that includes the client identifier, and a third URL having the first value. The device may determine to allow the server to receive the second request when the first value matches a second value determined according to the client identifier from the second request, the third URL and the key.
-
公开(公告)号:US11811760B2
公开(公告)日:2023-11-07
申请号:US17230334
申请日:2021-04-14
Applicant: Citrix Systems, Inc.
Inventor: Ratnesh Singh Thakur , Raghukrishna Hegde
CPC classification number: H04L63/0876 , H04L63/083
Abstract: Described embodiments provide systems and methods for validating connections while mitigating cookie hijack attacks. A device intermediary between a client and a server can receive a request from the client to establish a connection. The device may send a cookie to the client, the cookie generated according to a connection identifier and a shared counter. The device may receive a response from the client that includes a client validation cookie for validating the request. The client validation cookie may be generated according to the cookie. The device may determine a candidate validation cookie according to a value of a counter range of the shared counter, that matches the client validation cookie. The device may validate the request responsive to the determination.
-
公开(公告)号:US12120226B2
公开(公告)日:2024-10-15
申请号:US17097255
申请日:2020-11-13
Applicant: Citrix Systems, Inc.
Inventor: Daniel G. Wing , Ratnesh Singh Thakur , Arkesh Kumar , Raghukrishna Hegde , Nivedita Jagdale , Ramachandra Kasyap Marmavula , Joseph Hoelbrandt , Girish Chandra Padhi
CPC classification number: H04L9/0861 , H04L63/1466 , H04L67/02
Abstract: Described embodiments provide systems and methods for morphing or regenerating validation information. A client can receive, via a device, an authentication cookie for access to a server. The device may maintain a sequence number and a cryptographic secret. The client may use the cryptographic secret and a cookie engine to generate validation cookie information with an updated sequence number. The client may send the authentication cookie to the device via a hypertext transfer protocol (HTTP) message to validate the authentication cookie. The client may send the validation cookie information with the updated sequence number to the device via a HTTP message to validate the authentication cookie.
-
公开(公告)号:US20220337587A1
公开(公告)日:2022-10-20
申请号:US17230334
申请日:2021-04-14
Applicant: Citrix Systems, Inc.
Inventor: Ratnesh Singh Thakur , Raghukrishna Hegde
IPC: H04L29/06
Abstract: Described embodiments provide systems and methods for validating connections while mitigating cookie hijack attacks. A device intermediary between a client and a server can receive a request from the client to establish a connection. The device may send a cookie to the client, the cookie generated according to a connection identifier and a shared counter. The device may receive a response from the client that includes a client validation cookie for validating the request. The client validation cookie may be generated according to the cookie. The device may determine a candidate validation cookie according to a value of a counter range of the shared counter, that matches the client validation cookie. The device may validate the request responsive to the determination.
-
公开(公告)号:US20220158831A1
公开(公告)日:2022-05-19
申请号:US17097255
申请日:2020-11-13
Applicant: Citrix Systems, Inc.
Inventor: Daniel G. Wing , Ratnesh Singh Thakur , Arkesh Kumar , Raghukrishna Hegde , Nivedita Jagdale , Ramachandra Kasyap Marmavula , Joseph Hoelbrandt , Girish Chandra Padhi
Abstract: Described embodiments provide systems and methods for morphing or regenerating validation information. A client can receive, via a device, an authentication cookie for access to a server. The device may maintain a sequence number and a cryptographic secret. The client may use the cryptographic secret and a cookie engine to generate validation cookie information with an updated sequence number. The client may send the authentication cookie to the device via a hypertext transfer protocol (HTTP) message to validate the authentication cookie. The client may send the validation cookie information with the updated sequence number to the device via a HTTP message to validate the authentication cookie
-
-
-
-