公开(公告)号：US20100281162A1

公开(公告)日：2010-11-04

申请号：US12823643

申请日：2010-06-25

申请人： Charu Venkatraman ,  Junxiao He ,  Ajay Soni ,  James Harris ,  Arkesh Kumar

发明人： Charu Venkatraman ,  Junxiao He ,  Ajay Soni ,  James Harris ,  Arkesh Kumar

IPC分类号： G06F15/16 ,  G06F15/173

CPC分类号： H04L12/4641 ,  H04L63/0272 ,  H04L63/166 ,  H04L69/16 ,  H04L69/161 ,  H04L69/163 ,  H04L69/164

摘要： The present invention is related to a method for establishing via an appliance a transport layer protocol connection initiated by a server on a first network to a client connected from a second network to the first network via a secure socket layer virtual private network (SSL VPN) connection. The method includes the step of receiving, by an appliance, a transport layer connection request from a server on a first network to connect to a client connected to the first network via a SSL VPN connection from a second network. The transport layer connection request identifies a client destination internet protocol address and a client destination port on the first network. The method includes establishing, by the appliance, a first transport layer connection to the server on the first network, determining, by the appliance, the client on the second network associated with the client destination internet protocol address on the first network, and transmitting, by the appliance, connection information identifying the client destination port to an agent on the client. The agent establishes a second transport layer connection to the client destination port using a local internet protocol address of the client on the second network and establishes a third transport layer connection to the appliance, which it associates with the second transport layer connection.

摘要翻译： 本发明涉及一种用于经由设备建立由第一网络上的服务器通过安全套接层虚拟专用网（SSL VPN）从第二网络连接到第一网络的客户端发起的传输层协议连接的方法， 连接。 该方法包括以下步骤：通过设备从第一网络的服务器接收传输层连接请求，以经由来自第二网络的SSL VPN连接连接到连接到第一网络的客户端。 传输层连接请求标识第一网络上的客户端目标网络协议地址和客户端目的端口。 该方法包括由设备建立与第一网络上的服务器的第一传输层连接，由设备确定与第一网络上的客户端目的地网际协议地址相关联的第二网络上的客户端， 由设备将连接信息标识到客户机上的代理的客户端目的地端口。 代理使用第二网络上的客户端的本地互联网协议地址建立与客户端目的地端口的第二传输层连接，并建立与设备相关联的第三传输层连接，其与第二传输层连接相关联。

公开(公告)号：US07769869B2

公开(公告)日：2010-08-03

申请号：US11465950

申请日：2006-08-21

申请人： Charu Venkatraman ,  Arkesh Kumar ,  James Harris ,  Ajay Soni ,  Junxiao He

发明人： Charu Venkatraman ,  Arkesh Kumar ,  James Harris ,  Ajay Soni ,  Junxiao He

IPC分类号： G06F15/16

CPC分类号： H04L12/4641 ,  H04L63/0272 ,  H04L63/166 ,  H04L69/16 ,  H04L69/161 ,  H04L69/163 ,  H04L69/164

摘要： The present invention is related to a method for establishing via an appliance a transport layer protocol connection initiated by a server on a first network to a client connected from a second network to the first network via a secure socket layer virtual private network (SSL VPN) connection. The method includes the step of receiving, by an appliance, a transport layer connection request from a server on a first network to connect to a client connected to the first network via a SSL VPN connection from a second network. The transport layer connection request identifies a client destination internet protocol address and a client destination port on the first network. The method includes establishing, by the appliance, a first transport layer connection to the server on the first network, determining, by the appliance, the client on the second network associated with the client destination internet protocol address on the first network, and transmitting, by the appliance, connection information identifying the client destination port to an agent on the client. The agent establishes a second transport layer connection to the client destination port using a local internet protocol address of the client on the second network and establishes a third transport layer connection to the appliance, which it associates with the second transport layer connection.

摘要翻译： 本发明涉及一种用于经由设备建立由第一网络上的服务器通过安全套接层虚拟专用网（SSL VPN）从第二网络连接到第一网络的客户端发起的传输层协议连接的方法， 连接。 该方法包括以下步骤：通过设备从第一网络的服务器接收传输层连接请求，以经由来自第二网络的SSL VPN连接连接到连接到第一网络的客户端。 传输层连接请求标识第一网络上的客户端目标网络协议地址和客户端目的端口。 该方法包括由设备建立与第一网络上的服务器的第一传输层连接，由设备确定与第一网络上的客户端目的地网际协议地址相关联的第二网络上的客户端， 由设备将连接信息标识到客户机上的代理的客户端目的地端口。 代理使用第二网络上的客户端的本地互联网协议地址建立与客户端目的地端口的第二传输层连接，并建立与设备相关联的第三传输层连接，其与第二传输层连接相关联。

公开(公告)号：US08271661B2

公开(公告)日：2012-09-18

申请号：US12823643

申请日：2010-06-25

申请人： James Harris ,  Arkesh Kumar ,  Charu Venkatraman ,  Ajay Soni ,  Junxiao He

发明人： James Harris ,  Arkesh Kumar ,  Charu Venkatraman ,  Ajay Soni ,  Junxiao He

IPC分类号： G06F15/16

CPC分类号： H04L12/4641 ,  H04L63/0272 ,  H04L63/166 ,  H04L69/16 ,  H04L69/161 ,  H04L69/163 ,  H04L69/164

摘要： The present invention is related to a method for establishing via an appliance a transport layer protocol connection initiated by a server on a first network to a client connected from a second network to the first network via a secure socket layer virtual private network (SSL VPN) connection. The method includes the step of receiving, by an appliance, a transport layer connection request from a server on a first network to connect to a client connected to the first network via a SSL VPN connection from a second network. The transport layer connection request identifies a client destination internet protocol address and a client destination port on the first network. The method includes establishing, by the appliance, a first transport layer connection to the server on the first network, determining, by the appliance, the client on the second network associated with the client destination internet protocol address on the first network, and transmitting, by the appliance, connection information identifying the client destination port to an agent on the client. The agent establishes a second transport layer connection to the client destination port using a local internet protocol address of the client on the second network and establishes a third transport layer connection to the appliance, which it associates with the second transport layer connection.

摘要翻译： 本发明涉及一种用于经由设备建立由第一网络上的服务器发起的传输层协议连接到通过安全套接层虚拟专用网（SSL VPN）从第二网络连接到第一网络的客户端的方法， 连接。 该方法包括以下步骤：通过设备从第一网络的服务器接收传输层连接请求，以经由来自第二网络的SSL VPN连接连接到连接到第一网络的客户端。 传输层连接请求标识第一网络上的客户端目标网络协议地址和客户端目的端口。 该方法包括由设备建立与第一网络上的服务器的第一传输层连接，由设备确定与第一网络上的客户端目的地网际协议地址相关联的第二网络上的客户端， 由设备将连接信息标识到客户机上的代理的客户端目的地端口。 代理使用第二网络上的客户端的本地互联网协议地址建立与客户端目的地端口的第二传输层连接，并建立与设备相关联的第三传输层连接，其与第二传输层连接相关联。

公开(公告)号：US20080043760A1

公开(公告)日：2008-02-21

申请号：US11465950

申请日：2006-08-21

申请人： Charu Venkatraman ,  Junxiao He ,  Ajay Soni ,  James Harris ,  Arkesh Kumar

发明人： Charu Venkatraman ,  Junxiao He ,  Ajay Soni ,  James Harris ,  Arkesh Kumar

IPC分类号： H04L12/56

CPC分类号： H04L12/4641 ,  H04L63/0272 ,  H04L63/166 ,  H04L69/16 ,  H04L69/161 ,  H04L69/163 ,  H04L69/164

摘要： The present invention is related to a method for establishing via an appliance a transport layer protocol connection initiated by a server on a first network to a client connected from a second network to the first network via a secure socket layer virtual private network (SSL VPN) connection. The method includes the step of receiving, by an appliance, a transport layer connection request from a server on a first network to connect to a client connected to the first network via a SSL VPN connection from a second network. The transport layer connection request identifies a client destination internet protocol address and a client destination port on the first network. The method includes establishing, by the appliance, a first transport layer connection to the server on the first network, determining, by the appliance, the client on the second network associated with the client destination internet protocol address on the first network, and transmitting, by the appliance, connection information identifying the client destination port to an agent on the client. The agent establishes a second transport layer connection to the client destination port using a local internet protocol address of the client on the second network and establishes a third transport layer connection to the appliance, which it associates with the second transport layer connection.

摘要翻译： 本发明涉及一种用于经由设备建立由第一网络上的服务器通过安全套接层虚拟专用网（SSL VPN）从第二网络连接到第一网络的客户端发起的传输层协议连接的方法， 连接。 该方法包括以下步骤：通过设备从第一网络的服务器接收传输层连接请求，以经由来自第二网络的SSL VPN连接连接到连接到第一网络的客户端。 传输层连接请求标识第一网络上的客户端目标网络协议地址和客户端目的端口。 该方法包括由设备建立与第一网络上的服务器的第一传输层连接，由设备确定与第一网络上的客户端目的地网际协议地址相关联的第二网络上的客户端， 由设备将连接信息标识到客户机上的代理的客户端目的地端口。 代理使用第二网络上的客户端的本地互联网协议地址建立与客户端目的地端口的第二传输层连接，并建立与设备相关联的第三传输层连接，其与第二传输层连接相关联。

公开(公告)号：US20080046371A1

公开(公告)日：2008-02-21

申请号：US11465948

申请日：2006-08-21

申请人： Junxiao He ,  Charu Venkatraman ,  Arkesh Kumar ,  Ajay Soni

发明人： Junxiao He ,  Charu Venkatraman ,  Arkesh Kumar ,  Ajay Soni

IPC分类号： H04L9/00

CPC分类号： H04L67/34 ,  G06F8/65 ,  H04L63/0272 ,  H04L63/104 ,  H04L63/166

摘要： A method for automatically changing a version of a client agent for a non-administrative user account without rebooting the user's machine uses a service having installation privileges. The service executes on the client and installs a client agent. The client agent communicates with a network appliance. The client agent detects a difference between its version and a version of the client agent identified by the network appliance. The agent signals the service that it has detected the difference and, in response, the service executes an installation program that installs, without rebooting the client, the version of the client agent identified by the appliance. A corresponding system is also described.

摘要翻译： 用于自动更改非管理用户帐户的客户端代理的版本而不重新启动用户的计算机的方法将使用具有安装权限的服务。 服务在客户端上执行并安装客户端代理。 客户端代理与网络设备进行通信。 客户端代理检测其版本与由网络设备识别的客户端代理的版本之间的差异。 该代理向该服务发出信号，它检测到该差异，作为响应，该服务执行安装程序，而不重新启动客户机，该设备将由该设备识别的客户端代理的版本。 还描述了相应的系统。

公开(公告)号：US08769522B2

公开(公告)日：2014-07-01

申请号：US11465948

申请日：2006-08-21

申请人： Charu Venkatraman ,  Arkesh Kumar ,  Junxiao He ,  Ajay Soni

发明人： Charu Venkatraman ,  Arkesh Kumar ,  Junxiao He ,  Ajay Soni

IPC分类号： G06F9/44

CPC分类号： H04L67/34 ,  G06F8/65 ,  H04L63/0272 ,  H04L63/104 ,  H04L63/166

摘要： A method for automatically changing a version of a client agent for a non-administrative user account without rebooting the user's machine uses a service having installation privileges. The service executes on the client and installs a client agent. The client agent communicates with a network appliance. The client agent detects a difference between its version and a version of the client agent identified by the network appliance. The agent signals the service that it has detected the difference and, in response, the service executes an installation program that installs, without rebooting the client, the version of the client agent identified by the appliance. A corresponding system is also described.

摘要翻译： 用于自动更改非管理用户帐户的客户端代理的版本而不重新启动用户的计算机的方法将使用具有安装权限的服务。 服务在客户端上执行并安装客户端代理。 客户端代理与网络设备进行通信。 客户端代理检测其版本与由网络设备识别的客户端代理的版本之间的差异。 该代理向该服务发出信号，它检测到该差异，作为响应，该服务执行安装程序，而不重新启动客户机，该设备将由该设备识别的客户端代理的版本。 还描述了相应的系统。

公开(公告)号：US08151323B2

公开(公告)日：2012-04-03

申请号：US11566975

申请日：2006-12-05

申请人： James Harris ,  Max He ,  Arkesh Kumar ,  Ajay Soni ,  Charu Venkatraman ,  Shashi Najundaswamy ,  Amarnath Mullick

发明人： James Harris ,  Max He ,  Arkesh Kumar ,  Ajay Soni ,  Charu Venkatraman ,  Shashi Najundaswamy ,  Amarnath Mullick

IPC分类号： H04L29/06

CPC分类号： H04L67/06 ,  H04L63/0272 ,  H04L63/105 ,  H04L63/166 ,  H04L67/02 ,  H04L67/2842 ,  H04L67/34 ,  H04L69/10 ,  H04L69/16 ,  H04L69/165

摘要： The present invention relates to systems and methods to identify a level of access for a resource being accessed via a secure socket layer virtual private network (SSL VPN) connection to a network, and to control the action on the resource based on the identified level of access. The appliance described herein provides intelligent secure access and action control to resources based on a sense and respond mechanism. When a user requests access to a resource via the SSL VPN connection of the appliance, the appliance obtains information about the client to determine the user access scenario—the location, device, connection and identify of the user or client. Based on the collected information, the appliance responds to the detected user scenario by identifying a level of access to the resource for the user/client, such as rights to view, print, edit or save a document, Based on the identified level of access, the appliance controls the actions performs on the resource by various techniques described herein so that the user can only perform the allowed action n accordance with the level of access. As such, the present invention allows organization to control and provide the appropriate level of access to valuable, confidential or business critical information accessed remotely or via a pubic network while protecting such information by controlling the types of actions performed or allowed to be performed remotely on the information.

摘要翻译： 本发明涉及用于识别经由到网络的安全套接字层虚拟专用网（SSL VPN）连接被访问的资源的访问级别的系统和方法，并且基于所识别的级别来控制对资源的动作 访问。 本文所述的设备基于感测和响应机制来提供对资源的智能安全访问和动作控制。 当用户通过设备的SSL VPN连接请求访问资源时，设备将获取有关客户端的信息，以确定用户访问场景 - 用户或客户端的位置，设备，连接和标识。 基于收集的信息，设备通过识别用户/客户端对资源的访问级别（例如查看，打印，编辑或保存文档的权限）来响应所检测的用户场景。基于所识别的访问级别 ，设备通过本文描述的各种技术控制对资源执行的操作，使得用户只能根据访问级别执行允许的动作。 因此，本发明允许组织控制并提供对远程访问或通过公共网络访问的有价值的，机密的或业务关键信息的适当级别的访问，同时通过控制远程执行或允许执行的动作的类型来保护这些信息， 信息。

公开(公告)号：US20070245409A1

公开(公告)日：2007-10-18

申请号：US11566975

申请日：2006-12-05

申请人： James Harris ,  Max He ,  Arkesh Kumar ,  Ajay Soni ,  Charu Venkatraman ,  Shashi Najundaswamy ,  Amarnath Mullick

发明人： James Harris ,  Max He ,  Arkesh Kumar ,  Ajay Soni ,  Charu Venkatraman ,  Shashi Najundaswamy ,  Amarnath Mullick

IPC分类号： H04L9/32

CPC分类号： H04L67/06 ,  H04L63/0272 ,  H04L63/105 ,  H04L63/166 ,  H04L67/02 ,  H04L67/2842 ,  H04L67/34 ,  H04L69/10 ,  H04L69/16 ,  H04L69/165

摘要： The present invention relates to systems and methods to identify a level of access for a resource being accessed via a secure socket layer virtual private network (SSL VPN) connection to a network, and to control the action on the resource based on the identified level of access. The appliance described herein provides intelligent secure access and action control to resources based on a sense and respond mechanism. When a user requests access to a resource via the SSL VPN connection of the appliance, the appliance obtains information about the client to determine the user access scenario—the location, device, connection and identify of the user or client. Based on the collected information, the appliance responds to the detected user scenario by identifying a level of access to the resource for the user/client, such as rights to view, print, edit or save a document, Based on the identified level of access, the appliance controls the actions performs on the resource by various techniques described herein so that the user can only perform the allowed action n accordance with the level of access. As such, the present invention allows organization to control and provide the appropriate level of access to valuable, confidential or business critical information accessed remotely or via a pubic network while protecting such information by controlling the types of actions performed or allowed to be performed remotely on the information.

摘要翻译： 本发明涉及用于识别经由到网络的安全套接字层虚拟专用网（SSL VPN）连接被访问的资源的访问级别的系统和方法，并且基于所识别的级别来控制对资源的动作 访问。 本文所述的设备基于感测和响应机制来提供对资源的智能安全访问和动作控制。 当用户通过设备的SSL VPN连接请求访问资源时，设备将获取有关客户端的信息，以确定用户访问场景 - 用户或客户端的位置，设备，连接和标识。 基于收集的信息，设备通过识别用户/客户端对资源的访问级别（例如查看，打印，编辑或保存文档的权限）来响应所检测的用户场景。基于所识别的访问级别 ，设备通过本文描述的各种技术控制对资源执行的操作，使得用户只能根据访问级别执行允许的动作。 因此，本发明允许组织控制并提供对远程访问或通过公共网络访问的有价值的，机密的或业务关键信息的适当级别的访问，同时通过控制远程执行或允许执行的动作的类型来保护这些信息， 信息。

公开(公告)号：US20100241846A1

公开(公告)日：2010-09-23

申请号：US12794446

申请日：2010-06-04

申请人： Prabakar Sundarrajan ,  Junxiao He ,  Ajay Soni ,  Shashidhara Nanjundaswamy ,  Arkesh Kumar

发明人： Prabakar Sundarrajan ,  Junxiao He ,  Ajay Soni ,  Shashidhara Nanjundaswamy ,  Arkesh Kumar

IPC分类号： G06F9/00 ,  G06F15/16

CPC分类号： H04L63/0272 ,  H04L63/029 ,  H04L63/0428 ,  H04L63/164 ,  H04L63/166 ,  H04L67/2814 ,  H04L67/289 ,  H04L67/34

摘要： A system and method for establishing a virtual private network (VPN) between a client and a private data communication network. An encrypted data communication session, such as a—Secure Sockets Layer (SSL) data communication session, is established between a gateway and the client over a public data communication network. The gateway then sends a programming component to the client for automatic installation and execution thereon. The programming component operates to intercept communications from client applications destined for resources on the private data communication network and to send the intercepted communications to the gateway via the encrypted data communication session instead of to the resources on the private data communication network.

摘要翻译： 一种用于在客户机和专用数据通信网络之间建立虚拟专用网络（VPN）的系统和方法。 通过公共数据通信网络在网关和客户端之间建立诸如安全套接层（SSL）数据通信会话之类的加密数据通信会话。 网关然后将编程组件发送到客户端，以便在其上进行自动安装和执行。 编程组件用于截取来自专用于专用数据通信网络上的资源的客户端应用程序的通信，并通过加密的数据通信会话而不是私有数据通信网络上的资源将拦截的通信发送到网关。

公开(公告)号：US08261057B2

公开(公告)日：2012-09-04

申请号：US12794446

申请日：2010-06-04

申请人： Prabakar Sundarrajan ,  Junxiao He ,  Ajay Soni ,  Shashidhara Nanjundaswamy ,  Arkesh Kumar

发明人： Prabakar Sundarrajan ,  Junxiao He ,  Ajay Soni ,  Shashidhara Nanjundaswamy ,  Arkesh Kumar

IPC分类号： G06F9/00

CPC分类号： H04L63/0272 ,  H04L63/029 ,  H04L63/0428 ,  H04L63/164 ,  H04L63/166 ,  H04L67/2814 ,  H04L67/289 ,  H04L67/34

摘要： A system and method for establishing a virtual private network (VPN) between a client and a private data communication network. An encrypted data communication session, such as a—Secure Sockets Layer (SSL) data communication session, is established between a gateway and the client over a public data communication network. The gateway then sends a programming component to the client for automatic installation and execution thereon. The programming component operates to intercept communications from client applications destined for resources on the private data communication network and to send the intercepted communications to the gateway via the encrypted data communication session instead of to the resources on the private data communication network.

摘要翻译： 一种用于在客户机和专用数据通信网络之间建立虚拟专用网络（VPN）的系统和方法。 通过公共数据通信网络在网关和客户端之间建立诸如安全套接层（SSL）数据通信会话之类的加密数据通信会话。 网关然后将编程组件发送到客户端，以便在其上进行自动安装和执行。 编程组件用于截取来自专用于专用数据通信网络上的资源的客户端应用程序的通信，并通过加密的数据通信会话而不是私有数据通信网络上的资源将拦截的通信发送到网关。