公开(公告)号：US09253252B2

公开(公告)日：2016-02-02

申请号：US13464818

申请日：2012-05-04

申请人： Puneet Agarwal ,  Deepak Goel ,  Mugdha Agarwal ,  Anil Kumar Gavini ,  Jyotheesh Rao Kurma ,  Arkesh Kumar ,  Shaleen Sharma

发明人： Puneet Agarwal ,  Deepak Goel ,  Mugdha Agarwal ,  Anil Kumar Gavini ,  Jyotheesh Rao Kurma ,  Arkesh Kumar ,  Shaleen Sharma

IPC分类号： H04L12/46 ,  H04L29/08 ,  H04L29/06

CPC分类号： H04L67/1002 ,  H04L12/4625 ,  H04L12/4633 ,  H04L12/4641 ,  H04L63/0227 ,  H04L63/0272 ,  H04L63/164

摘要： Embodiments of the present solution provide a cloud bridge to bring network transparency between the otherwise disparate networks of the datacenter and cloud service provider. For example, appliances may be deployed in the datacenter and on the edge of the cloud. These appliances may be configured or designed and constructed to communicate with each other and recognize and understand the local IP and/or public IP network information of the on-premise datacenter of the enterprise and the cloud datacenter. These appliances may manage the flow of network traffic between the on-premise and cloud datacenters in a manner to appear and act seamlessly and transparently as a single network spanning both the on-premise and cloud data centers.

摘要翻译： 本解决方案的实施例提供了一种云桥，以在数据中心和云服务提供商的不同网络之间带来网络透明度。 例如，设备可能部署在数据中心和云端。 这些设备可以被配置或设计和构造成彼此通信，并且识别和理解企业和云数据中心的内部部署数据中心的本地IP和/或公共IP网络信息。 这些设备可以以内部和云数据中心的单一网络的方式无缝和透明地管理内部部署和云数据中心之间的网络流量流。

公开(公告)号：US20110277026A1

公开(公告)日：2011-11-10

申请号：US13102902

申请日：2011-05-06

申请人： Mugdha Agarwal ,  Akshat Choudhary ,  Puneet Agarwal ,  Arkesh Kumar ,  Nirdosh Shah ,  Ajay Soni

发明人： Mugdha Agarwal ,  Akshat Choudhary ,  Puneet Agarwal ,  Arkesh Kumar ,  Nirdosh Shah ,  Ajay Soni

IPC分类号： H04L9/32 ,  G06F21/00

CPC分类号： H04L63/0884 ,  G06F21/31 ,  G06F21/41 ,  G06F21/554 ,  H04L63/0815

摘要： The solution of the present application addresses the problem of authentication across disparately hosted systems by providing a single authentication domain across SaaS and cloud hosted applications as well as traditional enterprise hosted applications. An application delivery controller intermediary to a plurality of clients and the disparately hosted applications providing single sign on management, integration and control. A user may log in via an interface provided, controlled or managed by the ADC, which in turns, authenticates the user to the application in accordance with policy and the host of the application. As such, the user may login once to gain access to a plurality of disparately hosted applications. From the user's perspective, the user seamlessly and transparently gains access to different hosted systems with different passwords and authentication via the remote access provided by the system of the present solution

摘要翻译： 本应用程序的解决方案通过在SaaS和云托管应用程序以及传统的企业托管应用程序之间提供单个身份验证域来解决跨不同托管系统的身份验证问题。 多个客户端的应用交付控制器中介，以及提供单一登录管理，集成和控制的不同托管的应用。 用户可以通过由ADC提供，控制或管理的接口登录，该接口根据策略和应用的主机向用户认证用户。 因此，用户可以登录一次以访问多个不同的托管的应用。 从用户的角度来看，用户通过本解决方案系统提供的远程访问，无缝透明地访问具有不同密码和身份验证的不同托管系统

公开(公告)号：US09282097B2

公开(公告)日：2016-03-08

申请号：US13102902

申请日：2011-05-06

申请人： Mugdha Agarwal ,  Akshat Choudhary ,  Puneet Agarwal ,  Arkesh Kumar ,  Nirdosh Shah ,  Ajay Soni

发明人： Mugdha Agarwal ,  Akshat Choudhary ,  Puneet Agarwal ,  Arkesh Kumar ,  Nirdosh Shah ,  Ajay Soni

IPC分类号： G06F21/00 ,  H04L9/32 ,  H04L29/06 ,  G06F21/41 ,  G06F21/55 ,  G06F21/31

CPC分类号： H04L63/0884 ,  G06F21/31 ,  G06F21/41 ,  G06F21/554 ,  H04L63/0815

摘要： The solution of the present application addresses the problem of authentication across disparately hosted systems by providing a single authentication domain across SaaS and cloud hosted applications as well as traditional enterprise hosted applications. An application delivery controller intermediary to a plurality of clients and the disparately hosted applications providing single sign on management, integration and control. A user may log in via an interface provided, controlled or managed by the ADC, which in turns, authenticates the user to the application in accordance with policy and the host of the application. As such, the user may login once to gain access to a plurality of disparately hosted applications. From the user's perspective, the user seamlessly and transparently gains access to different hosted systems with different passwords and authentication via the remote access provided by the system of the present solution.

摘要翻译： 本应用程序的解决方案通过在SaaS和云托管应用程序以及传统的企业托管应用程序之间提供单个身份验证域来解决跨不同托管系统的身份验证问题。 多个客户端的应用交付控制器中介，以及提供单一登录管理，集成和控制的不同托管的应用。 用户可以通过由ADC提供，控制或管理的接口登录，该接口根据策略和应用的主机向用户认证用户。 因此，用户可以登录一次以访问多个不同的托管的应用。 从用户的角度来看，用户通过本解决方案的系统提供的远程访问，无缝和透明地访问具有不同密码和身份验证的不同托管系统。

公开(公告)号：US08484287B2

公开(公告)日：2013-07-09

申请号：US12851449

申请日：2010-08-05

申请人： Anil Kumar Gavini ,  Akshat Choudhary ,  Puneet Agarwal

发明人： Anil Kumar Gavini ,  Akshat Choudhary ,  Puneet Agarwal

IPC分类号： G06F15/16

CPC分类号： G06F9/5027 ,  G06F2209/5016 ,  H04L67/02 ,  H04L67/2804 ,  H04L67/2819

摘要： The present solution is directed towards systems and methods for managing cookies by a multi-core device. The device is intermediary to a client and one or more servers. A first core of a multi-core device receives a response from a server to a request of the client through a user session. The response comprises a cookie. The first core removes the cookie from the response and stores the cookie in a corresponding storage for the session. The first core forwards the response without the cookie to the client. A second core then receives via a session, a second request from the client. The second core determines the identification of the first core as owner of the session from the second request. The second core then communicates to the first core a third request for cookie information for the session.

摘要翻译： 目前的解决方案涉及用于通过多核设备管理Cookie的系统和方法。 该设备是客户端和一个或多个服务器的中介。 多核设备的第一核心通过用户会话接收从服务器到客户端的请求的响应。 响应包括一个cookie。 第一个核心从响应中删除cookie，并将cookie存储在会话的相应存储中。 第一个核心将没有cookie的响应转发给客户端。 然后，第二核心经由会话接收来自客户端的第二请求。 第二核确定第一个核心作为第二个请求中的会话的所有者的标识。 然后，第二个核心向第一个核心传达第三个会话Cookie信息请求。

公开(公告)号：US20120036178A1

公开(公告)日：2012-02-09

申请号：US12851449

申请日：2010-08-05

申请人： Anil Kumar Gavini ,  Akshat Choudhary ,  Puneet Agarwal

发明人： Anil Kumar Gavini ,  Akshat Choudhary ,  Puneet Agarwal

IPC分类号： G06F15/16

CPC分类号： G06F9/5027 ,  G06F2209/5016 ,  H04L67/02 ,  H04L67/2804 ,  H04L67/2819

摘要： The present solution is directed towards systems and methods for managing cookies by a multi-core device. The device is intermediary to a client and one or more servers. A first core of a multi-core device receives a response from a server to a request of the client through a user session. The response comprises a cookie. The first core removes the cookie from the response and stores the cookie in a corresponding storage for the session. The first core forwards the response without the cookie to the client. A second core then receives via a session, a second request from the client. The second core determines the identification of the first core as owner of the session from the second request. The second core then communicates to the first core a third request for cookie information for the session.

摘要翻译： 目前的解决方案涉及用于通过多核设备管理Cookie的系统和方法。 该设备是客户端和一个或多个服务器的中介。 多核设备的第一核心通过用户会话接收从服务器到客户端的请求的响应。 响应包括一个cookie。 第一个核心从响应中删除cookie，并将cookie存储在会话的相应存储中。 第一个核心将没有cookie的响应转发给客户端。 然后，第二核心经由会话接收来自客户端的第二请求。 第二核确定第一个核心作为第二个请求中的会话的所有者的标识。 然后，第二个核心向第一个核心传达第三个会话Cookie信息请求。

公开(公告)号：US20090193513A1

公开(公告)日：2009-07-30

申请号：US12359101

申请日：2009-01-23

申请人： Puneet Agarwal ,  Ravindra Nath Thakur ,  Anil Kumar Gavini

发明人： Puneet Agarwal ,  Ravindra Nath Thakur ,  Anil Kumar Gavini

IPC分类号： G06F21/00

CPC分类号： H04L63/0272 ,  H04L63/0227 ,  H04L63/105 ,  H04L63/1441 ,  H04L63/166

摘要： The present disclosure presents methods, systems and intermediaries which determine an encoding scheme of a uniform resource location (URL) from a plurality of encoding schemes for a clientless secure socket layer virtual private network (SSL VPN) via a proxy. An intermediary may receive a response from a server comprising a URL. The response from the server may be directed to a client via a SSL VPN session and via the intermediary. The intermediary may determine, responsive to an encoding policy, one of a transparent, opaque or encrypted encoding scheme for encoding the URL. The intermediary may rewrite the URL for transmission to the client in accordance with the determined encoding scheme.

摘要翻译： 本公开提供了通过代理从无客户端安全套接字层虚拟专用网（SSL VPN）的多个编码方案中确定统一资源位置（URL）的编码方案的方法，系统和中介​​。 中介可以从包含URL的服务器接收响应。 来自服务器的响应可以经由SSL VPN会话并且经由中介向客户端发送。 中介可以响应于编码策略来确定用于对URL进行编码的透明，不透明或加密的编码方案之一。 中介可以根据所确定的编码方案重写用于传送给客户端的URL。

公开(公告)号：US08646067B2

公开(公告)日：2014-02-04

申请号：US12359101

申请日：2009-01-23

申请人： Puneet Agarwal ,  Ravindra Nath Thakur ,  Anil Kumar Gavini

发明人： Puneet Agarwal ,  Ravindra Nath Thakur ,  Anil Kumar Gavini

IPC分类号： G06F9/00 ,  G06F15/16 ,  G06F17/00 ,  H04L29/06

CPC分类号： H04L63/0272 ,  H04L63/0227 ,  H04L63/105 ,  H04L63/1441 ,  H04L63/166

摘要： The present disclosure presents methods, systems and intermediaries which determine an encoding scheme of a uniform resource location (URL) from a plurality of encoding schemes for a clientless secure socket layer virtual private network (SSL VPN) via a proxy. An intermediary may receive a response from a server comprising a URL. The response from the server may be directed to a client via a SSL VPN session and via the intermediary. The intermediary may determine, responsive to an encoding policy, one of a transparent, opaque or encrypted encoding scheme for encoding the URL. The intermediary may rewrite the URL for transmission to the client in accordance with the determined encoding scheme.

摘要翻译： 本公开提供了通过代理从无客户端安全套接字层虚拟专用网（SSL VPN）的多个编码方案中确定统一资源位置（URL）的编码方案的方法，系统和中介​​。 中介可以从包含URL的服务器接收响应。 来自服务器的响应可以经由SSL VPN会话并且经由中介向客户端发送。 中介可以响应于编码策略来确定用于对URL进行编码的透明，不透明或加密的编码方案之一。 中介可以根据所确定的编码方案重写用于传送给客户端的URL。

公开(公告)号：US08453225B2

公开(公告)日：2013-05-28

申请号：US12976693

申请日：2010-12-22

申请人： Puneet Agarwal ,  Dileep Reddem ,  Anil Kumar Gavini

发明人： Puneet Agarwal ,  Dileep Reddem ,  Anil Kumar Gavini

IPC分类号： H04L29/06

CPC分类号： H04L63/0815 ,  H04L63/0281 ,  H04L63/0884

摘要： The present invention is directed towards systems and methods for form-based single sign-on by a user desiring access to one or more protected resources, e.g., protected web pages, protected web-served applications, etc. In various embodiments, a single sign-on (SSO) module is in operation on an intermediary device, which is disposed in a network to manage internet traffic between a plurality of clients and a plurality of servers. The intermediary device can identify an authentication response from a server and forward the authentication response to the SSO module. The SSO module can complete a login form in the authentication response with a client's authentication data, return the completed login form to the server and forward cookies associated with the authentication response to the client. In various embodiments, multiple login forms can be completed, transparently to the client, by the SSO module on a client's behalf and reduce time expended by a client in obtaining access to protected resources.

公开(公告)号：US20110154443A1

公开(公告)日：2011-06-23

申请号：US12976688

申请日：2010-12-22

申请人： RAVINDRANATH THAKUR ,  Puneet Agarwal ,  Arkesh Kumar ,  Rui Li

发明人： RAVINDRANATH THAKUR ,  Puneet Agarwal ,  Arkesh Kumar ,  Rui Li

IPC分类号： G06F21/00

CPC分类号： G06F21/41

摘要： A method for propagating authentication session information to a plurality of cores of a multi-core device includes establishing, by an authentication virtual server executing on a first core of a device intermediary to at least one client and server, a session for a user, the authentication virtual server authenticating the session. A traffic management virtual server executes on a second core of device, and receives a request to access a server via the session. The traffic management virtual server may identify, responsive to a determination that the session is not stored by the second core, from an identifier of the session that the first core established the session. The second core may send to the first core a request for data for the session identified by the identifier. The second core may receive from the first core a response to the second request identifying whether the session is valid.

摘要翻译： 用于将认证会话信息传播到多核设备的多个核心的方法包括：通过在至少一个客户端和服务器的中间设备的第一核心上执行的认证虚拟服务器建立用户的会话， 验证虚拟服务器认证会话。 流量管理虚拟服务器在设备的第二核心上执行，并且经由会话接收到访问服务器的请求。 业务管理虚拟服务器可以响应于确定该会话未被第二核心存储的第一核心建立会话的会话标识符。 第二核心可以向第一核心发送由标识符标识的会话的数据请求。 第二核心可以从第一核心接收对第二请求的响应，以识别会话是否有效。

公开(公告)号：US20100242106A1

公开(公告)日：2010-09-23

申请号：US12409322

申请日：2009-03-23

申请人： James Harris ,  Rui Li ,  Arkesh Kumar ,  Ravindranath Thakur ,  Puneet Agarwal ,  Akshat Choudhary ,  Punit Gupta

发明人： James Harris ,  Rui Li ,  Arkesh Kumar ,  Ravindranath Thakur ,  Puneet Agarwal ,  Akshat Choudhary ,  Punit Gupta

IPC分类号： G06F15/173 ,  G06F21/00

CPC分类号： H04L63/0876 ,  G06F21/31 ,  G06F21/53 ,  G06F2009/4557 ,  H04L63/08 ,  H04L63/0884 ,  H04L63/10 ,  H04L63/105 ,  H04L63/166 ,  H04L63/20 ,  H04L67/2814

摘要： The present invention provides a system and method of managing traffic traversing an intermediary based on a result of end point auditing. An authentication virtual server of an intermediary may determine a result of an end point analysis scan of a client. Responsive to the determination, the traffic management virtual server can obtain the result from the authentication virtual server. Further, the traffic management virtual server may apply the result in one or more traffic management policies to manage network traffic of a connection of the client traversing the intermediary. In some embodiments, the authentication virtual server may receive one or more expressions evaluated by the client. The one or more expressions identifies one or more attributes of the client. The traffic management virtual server can also determine a type of compression or encryption for the connection based on applying the one or more traffic management policies using the result.

摘要翻译： 本发明提供了一种基于终端审计结果来管理遍历中间人的流量的系统和方法。 中介的认证虚拟服务器可以确定客户端的终点分析扫描的结果。 响应确定，流量管理虚拟服务器可以从认证虚拟服务器获取结果。 此外，流量管理虚拟服务器可以将结果应用于一个或多个流量管理策略中，以管理遍历中间件的客户端的连接的网络流量。 在一些实施例中，认证虚拟服务器可以接收由客户端评估的一个或多个表达式。 一个或多个表达式标识客户端的一个或多个属性。 流量管理虚拟服务器还可以基于使用结果应用一个或多个流量管理策略来确定连接的压缩或加密的类型。