公开(公告)号：US20100242092A1

公开(公告)日：2010-09-23

申请号：US12409223

申请日：2009-03-23

申请人： James Harris ,  Rui R.L. ,  Arkesh Kumar ,  Ravindranath Thakur ,  Puneet Agarwal ,  Akshat Choudhary

发明人： James Harris ,  Rui R.L. ,  Arkesh Kumar ,  Ravindranath Thakur ,  Puneet Agarwal ,  Akshat Choudhary

IPC分类号： G06F21/00

CPC分类号： H04L63/0876 ,  G06F21/31 ,  G06F21/53 ,  G06F2009/4557 ,  H04L63/08 ,  H04L63/0884 ,  H04L63/10 ,  H04L63/105 ,  H04L63/166 ,  H04L63/20 ,  H04L67/2814

摘要： The present invention provides a system and method for dynamically selecting an authentication virtual server from a plurality of authentication virtual servers. A traffic management virtual server may determine from a request received from a client to access content of a server that the client has not been authenticated. The traffic management virtual server can identify a policy for selecting an authentication virtual server to provide authentication of the client. Responsive to the identification, the traffic management virtual server can select, via the policy, an authentication virtual server of the plurality of authentication virtual servers to authenticate the client. Responsive to the request, the traffic management virtual server may transmit a response to the client The response includes an instruction to redirect to the selected authentication virtual server.

摘要翻译： 本发明提供一种用于从多个认证虚拟服务器动态选择认证虚拟服务器的系统和方法。 流量管理虚拟服务器可以根据从客户端接收的请求来确定访问客户端尚未认证的服务器的内容。 流量管理虚拟服务器可以识别用于选择认证虚拟服务器以提供客户端认证的策略。 响应于识别，流量管理虚拟服务器可以通过策略选择多个认证虚拟服务器的认证虚拟服务器来认证客户端。 响应于该请求，流量管理虚拟服务器可以向客户端发送响应。响应包括重定向到所选择的认证虚拟服务器的指令。

公开(公告)号：US20100242106A1

公开(公告)日：2010-09-23

申请号：US12409322

申请日：2009-03-23

申请人： James Harris ,  Rui Li ,  Arkesh Kumar ,  Ravindranath Thakur ,  Puneet Agarwal ,  Akshat Choudhary ,  Punit Gupta

发明人： James Harris ,  Rui Li ,  Arkesh Kumar ,  Ravindranath Thakur ,  Puneet Agarwal ,  Akshat Choudhary ,  Punit Gupta

IPC分类号： G06F15/173 ,  G06F21/00

CPC分类号： H04L63/0876 ,  G06F21/31 ,  G06F21/53 ,  G06F2009/4557 ,  H04L63/08 ,  H04L63/0884 ,  H04L63/10 ,  H04L63/105 ,  H04L63/166 ,  H04L63/20 ,  H04L67/2814

摘要： The present invention provides a system and method of managing traffic traversing an intermediary based on a result of end point auditing. An authentication virtual server of an intermediary may determine a result of an end point analysis scan of a client. Responsive to the determination, the traffic management virtual server can obtain the result from the authentication virtual server. Further, the traffic management virtual server may apply the result in one or more traffic management policies to manage network traffic of a connection of the client traversing the intermediary. In some embodiments, the authentication virtual server may receive one or more expressions evaluated by the client. The one or more expressions identifies one or more attributes of the client. The traffic management virtual server can also determine a type of compression or encryption for the connection based on applying the one or more traffic management policies using the result.

摘要翻译： 本发明提供了一种基于终端审计结果来管理遍历中间人的流量的系统和方法。 中介的认证虚拟服务器可以确定客户端的终点分析扫描的结果。 响应确定，流量管理虚拟服务器可以从认证虚拟服务器获取结果。 此外，流量管理虚拟服务器可以将结果应用于一个或多个流量管理策略中，以管理遍历中间件的客户端的连接的网络流量。 在一些实施例中，认证虚拟服务器可以接收由客户端评估的一个或多个表达式。 一个或多个表达式标识客户端的一个或多个属性。 流量管理虚拟服务器还可以基于使用结果应用一个或多个流量管理策略来确定连接的压缩或加密的类型。

公开(公告)号：US08844040B2

公开(公告)日：2014-09-23

申请号：US12409322

申请日：2009-03-23

申请人： James Harris ,  Rui Li ,  Arkesh Kumar ,  Ravindranath Thakur ,  Puneet Agarwal ,  Akshat Choudhary ,  Punit Gupta

发明人： James Harris ,  Rui Li ,  Arkesh Kumar ,  Ravindranath Thakur ,  Puneet Agarwal ,  Akshat Choudhary ,  Punit Gupta

IPC分类号： H04L29/06

CPC分类号： H04L63/0876 ,  G06F21/31 ,  G06F21/53 ,  G06F2009/4557 ,  H04L63/08 ,  H04L63/0884 ,  H04L63/10 ,  H04L63/105 ,  H04L63/166 ,  H04L63/20 ,  H04L67/2814

摘要： The present invention provides a system and method of managing traffic traversing an intermediary based on a result of end point auditing. An authentication virtual server of an intermediary may determine a result of an end point analysis scan of a client. Responsive to the determination, the traffic management virtual server can obtain the result from the authentication virtual server. Further, the traffic management virtual server may apply the result in one or more traffic management policies to manage network traffic of a connection of the client traversing the intermediary. In some embodiments, the authentication virtual server may receive one or more expressions evaluated by the client. The one or more expressions identifies one or more attributes of the client. The traffic management virtual server can also determine a type of compression or encryption for the connection based on applying the one or more traffic management policies using the result.

摘要翻译： 本发明提供了一种基于终端审计结果来管理遍历中间人的流量的系统和方法。 中介的认证虚拟服务器可以确定客户端的终点分析扫描的结果。 响应确定，流量管理虚拟服务器可以从认证虚拟服务器获取结果。 此外，流量管理虚拟服务器可以将结果应用于一个或多个流量管理策略中，以管理遍历中间件的客户端的连接的网络流量。 在一些实施例中，认证虚拟服务器可以接收由客户端评估的一个或多个表达式。 一个或多个表达式标识客户端的一个或多个属性。 流量管理虚拟服务器还可以基于使用结果应用一个或多个流量管理策略来确定连接的压缩或加密的类型。

公开(公告)号：US20100242105A1

公开(公告)日：2010-09-23

申请号：US12409216

申请日：2009-03-23

申请人： James Harris ,  Rui Li ,  Arkesh Kumar ,  Ravindranath Thakur ,  Puneet Agarwal ,  Akshat Choudhary

发明人： James Harris ,  Rui Li ,  Arkesh Kumar ,  Ravindranath Thakur ,  Puneet Agarwal ,  Akshat Choudhary

IPC分类号： H04L9/32 ,  G06F15/173

CPC分类号： H04L63/0876 ,  G06F21/31 ,  G06F21/53 ,  G06F2009/4557 ,  H04L63/08 ,  H04L63/0884 ,  H04L63/10 ,  H04L63/105 ,  H04L63/166 ,  H04L63/20 ,  H04L67/2814

摘要： The present invention provides a system and method for authentication of network traffic managed by a traffic management virtual server. A traffic management virtual server may determine that a client has not been authenticated from a request of the client to access a server. Responsive to the request, the traffic management virtual server may transmit a response to the client with instructions to redirect to an authentication virtual server. The authentication virtual server may receive a second request from the client. The authentication virtual server may then authenticate credentials received from the client and establish an authentication session for the client. Further, the authentication virtual server may transmit a second response to redirect the client to the traffic management virtual server. The second response identifies the authentication session. The traffic management virtual server then receives a request from the client with an identifier to the authentication session.

摘要翻译： 本发明提供了一种用于由流量管理虚拟服务器管理的网络流量的认证的系统和方法。 流量管理虚拟服务器可以确定客户端尚未从客户端访问服务器的请求进行身份验证。 响应于该请求，流量管理虚拟服务器可以向客户端发送响应以重定向到认证虚拟服务器的指令。 验证虚拟服务器可以从客户端接收第二请求。 然后，认证虚拟服务器可以验证从客户端接收到的凭证，并为客户端建立认证会话。 此外，认证虚拟服务器可以发送第二响应以将客户端重定向到流量管理虚拟服务器。 第二个响应标识认证会话。 然后，流量管理虚拟服务器从客户端接收到具有识别会话的标识符的请求。

公开(公告)号：US08782755B2

公开(公告)日：2014-07-15

申请号：US12409223

申请日：2009-03-23

申请人： James Harris ,  Rui Li ,  Arkesh Kumar ,  Ravindranath Thakur ,  Puneet Agarwal ,  Akshat Choudhary

发明人： James Harris ,  Rui Li ,  Arkesh Kumar ,  Ravindranath Thakur ,  Puneet Agarwal ,  Akshat Choudhary

IPC分类号： G06F15/16 ,  G06F9/455 ,  G06F21/53 ,  G06F21/31 ,  H04L29/06 ,  H04L29/08

CPC分类号： H04L63/0876 ,  G06F21/31 ,  G06F21/53 ,  G06F2009/4557 ,  H04L63/08 ,  H04L63/0884 ,  H04L63/10 ,  H04L63/105 ,  H04L63/166 ,  H04L63/20 ,  H04L67/2814

摘要： The present invention provides a system and method for dynamically selecting an authentication virtual server from a plurality of authentication virtual servers. A traffic management virtual server may determine from a request received from a client to access content of a server that the client has not been authenticated. The traffic management virtual server can identify a policy for selecting an authentication virtual server to provide authentication of the client. Responsive to the identification, the traffic management virtual server can select, via the policy, an authentication virtual server of the plurality of authentication virtual servers to authenticate the client. Responsive to the request, the traffic management virtual server may transmit a response to the client The response includes an instruction to redirect to the selected authentication virtual server.

摘要翻译： 本发明提供一种用于从多个认证虚拟服务器动态选择认证虚拟服务器的系统和方法。 流量管理虚拟服务器可以根据从客户端接收的请求来确定访问客户端尚未认证的服务器的内容。 流量管理虚拟服务器可以识别用于选择认证虚拟服务器以提供客户端认证的策略。 响应于识别，流量管理虚拟服务器可以通过策略选择多个认证虚拟服务器的认证虚拟服务器来认证客户端。 响应于该请求，流量管理虚拟服务器可以向客户端发送响应。该响应包括重定向到所选择的认证虚拟服务器的指令。

公开(公告)号：US08392982B2

公开(公告)日：2013-03-05

申请号：US12409216

申请日：2009-03-23

申请人： James Harris ,  Rui Li ,  Arkesh Kumar ,  Ravindranath Thakur ,  Puneet Agarwal ,  Akshat Choudhary

发明人： James Harris ,  Rui Li ,  Arkesh Kumar ,  Ravindranath Thakur ,  Puneet Agarwal ,  Akshat Choudhary

IPC分类号： H04L29/00 ,  H04L29/06 ,  G06F15/16

CPC分类号： H04L63/0876 ,  G06F21/31 ,  G06F21/53 ,  G06F2009/4557 ,  H04L63/08 ,  H04L63/0884 ,  H04L63/10 ,  H04L63/105 ,  H04L63/166 ,  H04L63/20 ,  H04L67/2814

摘要： The present invention provides a system and method for authentication of network traffic managed by a traffic management virtual server. A traffic management virtual server may determine that a client has not been authenticated from a request of the client to access a server. Responsive to the request, the traffic management virtual server may transmit a response to the client with instructions to redirect to an authentication virtual server. The authentication virtual server may receive a second request from the client. The authentication virtual server may then authenticate credentials received from the client and establish an authentication session for the client. Further, the authentication virtual server may transmit a second response to redirect the client to the traffic management virtual server. The second response identifies the authentication session. The traffic management virtual server then receives a request from the client with an identifier to the authentication session.

摘要翻译： 本发明提供了一种用于由流量管理虚拟服务器管理的网络流量的认证的系统和方法。 流量管理虚拟服务器可以确定客户端尚未从客户端访问服务器的请求进行身份验证。 响应于该请求，流量管理虚拟服务器可以向客户端发送响应以重定向到认证虚拟服务器的指令。 验证虚拟服务器可以从客户端接收第二请求。 然后，认证虚拟服务器可以验证从客户端接收到的凭证，并为客户端建立认证会话。 此外，认证虚拟服务器可以发送第二响应以将客户端重定向到流量管理虚拟服务器。 第二个响应标识认证会话。 然后，流量管理虚拟服务器从客户端接收到具有识别会话的标识符的请求。

公开(公告)号：US09282097B2

公开(公告)日：2016-03-08

申请号：US13102902

申请日：2011-05-06

申请人： Mugdha Agarwal ,  Akshat Choudhary ,  Puneet Agarwal ,  Arkesh Kumar ,  Nirdosh Shah ,  Ajay Soni

发明人： Mugdha Agarwal ,  Akshat Choudhary ,  Puneet Agarwal ,  Arkesh Kumar ,  Nirdosh Shah ,  Ajay Soni

IPC分类号： G06F21/00 ,  H04L9/32 ,  H04L29/06 ,  G06F21/41 ,  G06F21/55 ,  G06F21/31

CPC分类号： H04L63/0884 ,  G06F21/31 ,  G06F21/41 ,  G06F21/554 ,  H04L63/0815

摘要： The solution of the present application addresses the problem of authentication across disparately hosted systems by providing a single authentication domain across SaaS and cloud hosted applications as well as traditional enterprise hosted applications. An application delivery controller intermediary to a plurality of clients and the disparately hosted applications providing single sign on management, integration and control. A user may log in via an interface provided, controlled or managed by the ADC, which in turns, authenticates the user to the application in accordance with policy and the host of the application. As such, the user may login once to gain access to a plurality of disparately hosted applications. From the user's perspective, the user seamlessly and transparently gains access to different hosted systems with different passwords and authentication via the remote access provided by the system of the present solution.

摘要翻译： 本应用程序的解决方案通过在SaaS和云托管应用程序以及传统的企业托管应用程序之间提供单个身份验证域来解决跨不同托管系统的身份验证问题。 多个客户端的应用交付控制器中介，以及提供单一登录管理，集成和控制的不同托管的应用。 用户可以通过由ADC提供，控制或管理的接口登录，该接口根据策略和应用的主机向用户认证用户。 因此，用户可以登录一次以访问多个不同的托管的应用。 从用户的角度来看，用户通过本解决方案的系统提供的远程访问，无缝和透明地访问具有不同密码和身份验证的不同托管系统。

公开(公告)号：US20110277026A1

公开(公告)日：2011-11-10

申请号：US13102902

申请日：2011-05-06

申请人： Mugdha Agarwal ,  Akshat Choudhary ,  Puneet Agarwal ,  Arkesh Kumar ,  Nirdosh Shah ,  Ajay Soni

发明人： Mugdha Agarwal ,  Akshat Choudhary ,  Puneet Agarwal ,  Arkesh Kumar ,  Nirdosh Shah ,  Ajay Soni

IPC分类号： H04L9/32 ,  G06F21/00

CPC分类号： H04L63/0884 ,  G06F21/31 ,  G06F21/41 ,  G06F21/554 ,  H04L63/0815

摘要： The solution of the present application addresses the problem of authentication across disparately hosted systems by providing a single authentication domain across SaaS and cloud hosted applications as well as traditional enterprise hosted applications. An application delivery controller intermediary to a plurality of clients and the disparately hosted applications providing single sign on management, integration and control. A user may log in via an interface provided, controlled or managed by the ADC, which in turns, authenticates the user to the application in accordance with policy and the host of the application. As such, the user may login once to gain access to a plurality of disparately hosted applications. From the user's perspective, the user seamlessly and transparently gains access to different hosted systems with different passwords and authentication via the remote access provided by the system of the present solution

摘要翻译： 本应用程序的解决方案通过在SaaS和云托管应用程序以及传统的企业托管应用程序之间提供单个身份验证域来解决跨不同托管系统的身份验证问题。 多个客户端的应用交付控制器中介，以及提供单一登录管理，集成和控制的不同托管的应用。 用户可以通过由ADC提供，控制或管理的接口登录，该接口根据策略和应用的主机向用户认证用户。 因此，用户可以登录一次以访问多个不同的托管的应用。 从用户的角度来看，用户通过本解决方案系统提供的远程访问，无缝透明地访问具有不同密码和身份验证的不同托管系统

公开(公告)号：US20110154443A1

公开(公告)日：2011-06-23

申请号：US12976688

申请日：2010-12-22

申请人： RAVINDRANATH THAKUR ,  Puneet Agarwal ,  Arkesh Kumar ,  Rui Li

发明人： RAVINDRANATH THAKUR ,  Puneet Agarwal ,  Arkesh Kumar ,  Rui Li

IPC分类号： G06F21/00

CPC分类号： G06F21/41

摘要： A method for propagating authentication session information to a plurality of cores of a multi-core device includes establishing, by an authentication virtual server executing on a first core of a device intermediary to at least one client and server, a session for a user, the authentication virtual server authenticating the session. A traffic management virtual server executes on a second core of device, and receives a request to access a server via the session. The traffic management virtual server may identify, responsive to a determination that the session is not stored by the second core, from an identifier of the session that the first core established the session. The second core may send to the first core a request for data for the session identified by the identifier. The second core may receive from the first core a response to the second request identifying whether the session is valid.

摘要翻译： 用于将认证会话信息传播到多核设备的多个核心的方法包括：通过在至少一个客户端和服务器的中间设备的第一核心上执行的认证虚拟服务器建立用户的会话， 验证虚拟服务器认证会话。 流量管理虚拟服务器在设备的第二核心上执行，并且经由会话接收到访问服务器的请求。 业务管理虚拟服务器可以响应于确定该会话未被第二核心存储的第一核心建立会话的会话标识符。 第二核心可以向第一核心发送由标识符标识的会话的数据请求。 第二核心可以从第一核心接收对第二请求的响应，以识别会话是否有效。

公开(公告)号：US08667575B2

公开(公告)日：2014-03-04

申请号：US12976688

申请日：2010-12-22

申请人： Ravindranath Thakur ,  Puneet Agarwal ,  Arkesh Kumar ,  Rui Li

发明人： Ravindranath Thakur ,  Puneet Agarwal ,  Arkesh Kumar ,  Rui Li

IPC分类号： G06F9/00 ,  G06F15/16 ,  G06F17/00 ,  G06F7/04 ,  G06F17/30 ,  H04L29/06

CPC分类号： G06F21/41

摘要： A method for propagating authentication session information to a plurality of cores of a multi-core device includes establishing, by an authentication virtual server executing on a first core of a device intermediary to at least one client and server, a session for a user, the authentication virtual server authenticating the session. A traffic management virtual server executes on a second core of device, and receives a request to access a server via the session. The traffic management virtual server may identify, responsive to a determination that the session is not stored by the second core, from an identifier of the session that the first core established the session. The second core may send to the first core a request for data for the session identified by the identifier. The second core may receive from the first core a response to the second request identifying whether the session is valid.

摘要翻译： 用于将认证会话信息传播到多核设备的多个核心的方法包括：通过在至少一个客户端和服务器的中间设备的第一核心上执行的认证虚拟服务器建立用户的会话， 验证虚拟服务器认证会话。 流量管理虚拟服务器在设备的第二核心上执行，并且经由会话接收到访问服务器的请求。 业务管理虚拟服务器可以响应于确定该会话未被第二核心存储的第一核心建立会话的会话标识符。 第二核心可以向第一核心发送由标识符标识的会话的数据请求。 第二核心可以从第一核心接收对第二请求的响应，以识别会话是否有效。