公开(公告)号：US11063750B2

公开(公告)日：2021-07-13

申请号：US16774676

申请日：2020-01-28

Applicant: Citrix Systems, Inc.

Inventor： Keyoor Khristi ,  Mukul Agarwal ,  Ravi Ganesh, V ,  Saurabh Singh ,  Vishnu Prateek

IPC: H04L9/08 ,  H04L29/06 ,  H04L9/32 ,  H04L9/00

Abstract: Systems and methods for secured access to cloud-based applications or services include a service node that may receive a request from client including a URL associated with an application manager. The service node may send a URL prefix identifying a termination to the termination node. The service node may receive a client hello message from the client that includes a first field incorporating the URL prefix, and may send the client hello message to the termination node to initiate a handshake with the client using a wildcard certificate of server, for establishing a SSL channel between the client and the termination node for a session of the application. The service node can direct a communication of the session from the client to the predetermined termination node, for decryption, using the established SSL channel, according to the URL prefix incorporated in a server name indication (SNI) field of the communication.

公开(公告)号：US20200169394A1

公开(公告)日：2020-05-28

申请号：US16774676

申请日：2020-01-28

Applicant: Citrix Systems, Inc.

Inventor： Keyoor Khristi ,  Mukul Agarwal ,  Ravi Ganesh, V ,  Saurabh Singh ,  Vishnu Prateek

IPC: H04L9/08 ,  H04L29/06 ,  H04L9/32 ,  H04L9/00

Abstract: Systems and methods for secured access to cloud-based applications or services include a service node that may receive a request from client including a URL associated with an application manager. The service node may send a URL prefix identifying a termination to the termination node. The service node may receive a client hello message from the client that includes a first field incorporating the URL prefix, and may send the client hello message to the termination node to initiate a handshake with the client using a wildcard certificate of server, for establishing a SSL channel between the client and the termination node for a session of the application. The service node can direct a communication of the session from the client to the predetermined termination node, for decryption, using the established SSL channel, according to the URL prefix incorporated in a server name indication (SNI) field of the communication.

公开(公告)号：US20190229900A1

公开(公告)日：2019-07-25

申请号：US15876828

申请日：2018-01-22

Applicant: Citrix Systems, Inc.

Inventor： Keyoor Khristi ,  Mukul Agarwal ,  Ravi Ganesh, V ,  Saurabh Singh ,  Vishnu Prateek

IPC: H04L9/08 ,  H04L29/06 ,  H04L9/00 ,  H04L9/32

Abstract: Systems and methods for secured access to cloud-based applications or services include a service node that may receive a request from client including a URL associated with an application manager. The service node may send a URL prefix identifying a termination to the termination node. The service node may receive a client hello message from the client that includes a first field incorporating the URL prefix, and may send the client hello message to the termination node to initiate a handshake with the client using a wildcard certificate of server, for establishing a SSL channel between the client and the termination node for a session of the application. The service node can direct a communication of the session from the client to the predetermined termination node, for decryption, using the established SSL channel, according to the URL prefix incorporated in a server name indication (SNI) field of the communication.

公开(公告)号：US20180295134A1

公开(公告)日：2018-10-11

申请号：US15482423

申请日：2017-04-07

Applicant: Citrix Systems, Inc.

Inventor： Punit Gupta ,  Saurabh Singh ,  Ravi Ganesh, V ,  Jong Kann

IPC: H04L29/06 ,  H04L29/08

Abstract: Disclosed embodiments provide access to an application. An intermediary device may provide access to an application hosted by the server. The access may be provided to the client via a link that generates a first HTTP request for the application. The device may receive, from the client, the first HTTP request generated via the provided link. The device may rewrite an absolute URL of the application indicated in the first HTTP request, by replacing a first hostname of the server included in the absolute URL, with a URL segment generated by combining a unique string assigned to the first hostname with a second hostname of the device. The device may redirect the client to the rewritten absolute URL of the application.

公开(公告)号：US10778684B2

公开(公告)日：2020-09-15

申请号：US15482423

申请日：2017-04-07

Applicant: Citrix Systems, Inc.

Inventor： Punit Gupta ,  Saurabh Singh ,  Ravi Ganesh, V ,  Jong Kann

IPC: H04L9/32 ,  H04W12/06 ,  H04W12/08 ,  G06F16/95 ,  G06F21/41 ,  H04L29/06 ,  H04L29/08

Abstract: Disclosed embodiments provide access to an application. An intermediary device may provide access to an application hosted by the server. The access may be provided to the client via a link that generates a first HTTP request for the application. The device may receive, from the client, the first HTTP request generated via the provided link. The device may rewrite an absolute URL of the application indicated in the first HTTP request, by replacing a first hostname of the server included in the absolute URL, with a URL segment generated by combining a unique string assigned to the first hostname with a second hostname of the device. The device may redirect the client to the rewritten absolute URL of the application.

公开(公告)号：US10574444B2

公开(公告)日：2020-02-25

申请号：US15876828

申请日：2018-01-22

Applicant: Citrix Systems, Inc.

Inventor： Keyoor Khristi ,  Mukul Agarwal ,  Ravi Ganesh, V ,  Saurabh Singh ,  Vishnu Prateek

IPC: H04L9/08 ,  H04L29/06 ,  H04L9/32 ,  H04L9/00

Abstract: Systems and methods for secured access to cloud-based applications or services include a service node that may receive a request from client including a URL associated with an application manager. The service node may send a URL prefix identifying a termination to the termination node. The service node may receive a client hello message from the client that includes a first field incorporating the URL prefix, and may send the client hello message to the termination node to initiate a handshake with the client using a wildcard certificate of server, for establishing a SSL channel between the client and the termination node for a session of the application. The service node can direct a communication of the session from the client to the predetermined termination node, for decryption, using the established SSL channel, according to the URL prefix incorporated in a server name indication (SNI) field of the communication.