SYSTEMS AND METHODS FOR ENABLING ASSURED RECORDS USING FINE GRAINED AUDITING OF VIRTUAL PRIVATE NETWORK TRAFFIC

US 20080034415A1
Filed: 08/03/2006
Published: 02/07/2008
Est. Priority Date: 08/03/2006
Status: Active Grant

First Claim

Patent Images

1. A method for enabling assured compliance records using fine grained auditing of network traffic, the method comprising:

(a) establishing, by an appliance, a transport layer virtual private network connection with a client operated by a user;

(b) receiving, by the appliance via the connection, a request from the client identifying a resource;

(c) determining, by the appliance, the request meets at least one security condition;

(d) transmitting, by the appliance to an audit log, a record of the request;

(e) receiving, by the appliance from the audit log, a confirmation that the record was received; and

(f) granting, responsive to the received confirmation, access to the identified resource.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods for enabling assured records using fine grained auditing of virtual private network traffic include establishing, by an appliance, a transport layer virtual private network connection with a client operated by a user; receiving, by the appliance via the connection, a request from the client identifying a resource; determining, by the appliance, the request meets at least one security condition; transmitting, by the appliance to an audit log, a record of the request; receiving, by the appliance from the audit log, a confirmation that the record was logged; and granting, responsive to the received confirmation, access to the identified resource. Security conditions may identify at least one user, at least one application, a network or group of networks, and one or more resources. Corresponding systems are also described.

141 Citations

View as Search Results

20 Claims

1. A method for enabling assured compliance records using fine grained auditing of network traffic, the method comprising:
- (a) establishing, by an appliance, a transport layer virtual private network connection with a client operated by a user;
  
  (b) receiving, by the appliance via the connection, a request from the client identifying a resource;
  
  (c) determining, by the appliance, the request meets at least one security condition;
  
  (d) transmitting, by the appliance to an audit log, a record of the request;
  
  (e) receiving, by the appliance from the audit log, a confirmation that the record was received; and
  
  (f) granting, responsive to the received confirmation, access to the identified resource.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein step (a) comprises establishing, by an appliance, an SSL virtual private network connection with a client operated by a user.
  - 3. The method of claim 1, wherein step (b) comprises receiving, by an appliance, a request from the client identifying a URL.
  - 4. The method of claim 1, wherein step (b) comprises receiving, by the appliance via the connection, a request from the client identifying a URL.
  - 5. The method of claim 1, wherein step (b) comprises, receiving, by the appliance via the connection, a request from the client identifying an application.
  - 6. The method of claim 1, wherein step (c) comprises determining, by the appliance, the request meets at least one security condition, the security condition identifying at least one user.
  - 7. The method of claim 1, wherein step (c) comprises determining, by the appliance, the request meets at least one security condition, the security condition identifying at least one networks.
  - 8. The method of claim 1, wherein step (c) comprises determining, by the appliance, the request meets at least one security condition, the security condition identifying at least one application.
  - 9. The method of claim 1, wherein step (c) comprises determining, by the appliance, the request meets at least one security condition, the security condition identifying at least one resource.
  - 10. The method of claim 1, wherein step (c) comprises determining, by the appliance, the request meets at least one security condition, the security condition identifying at least two of the following:
    - (i) at least one user, (ii) at least one application, (iii) a network or group of networks, (iv) one or more resources.

11. A computer implemented system for enabling assured compliance records using fine grained auditing of network traffic, the system comprising:
- an appliance which establishes a transport layer virtual private network connection with a client operated by a user;
  
  receives via the connection, a request from the client identifying a resource;
  
  determines the request meets at least one security condition;
  
  transmits, to an audit log, a record of the request;
  
  receives, from the audit log, a confirmation that the record was received; and
  
  grants, responsive to the received confirmation, access to the identified resource.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The system of claim 11 wherein the appliance establishes an SSL virtual private network connection with a client operated by a user.
  - 13. The system of claim 11 wherein the appliance receives a request from the client identifying a URL.
  - 14. The system of claim 11 wherein the appliance receives, via the connection, a request from the client identifying a URL.
  - 15. The system of claim 11 wherein the appliance receives, via the connection, a request from the client identifying an application.
  - 16. The system of claim 11 wherein the appliance determines the request meets at least one security condition, the security condition identifying at least one user.
  - 17. The system of claim 11 wherein the appliance determines the request meets at least one security condition, the security condition identifying at least one networks.
  - 18. The system of claim 11 wherein the appliance determines the request meets at least one security condition, the security condition identifying at least one application.
  - 19. The system of claim 11 wherein the appliance determines the request meets at least one security condition, the security condition identifying at least one resource.
  - 20. The system of claim 11 wherein the appliance determines the request meets at least one security condition, the security condition identifying at least two of the following:
    - (i) at least one user, (ii) at least one application, (iii) a network or group of networks, (iv) one or more resources.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Citrix Systems, Inc. (Cloud Software Group)
Original Assignee
Citrix Systems, Inc. (Cloud Software Group)
Inventors
Chacko, Vinoo, Nanjundaswamy, Shashi, Soni, Ajay, Agarwal, Puneet

Granted Patent

US 8,484,718 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/14
CPC Class Codes

G06F 21/552   involving long-term monitor...

G06F 21/6218   to a system of files or obj...

H04L 63/0272   Virtual private networks

H04L 63/08   for authentication of entit...

H04L 63/102   Entity profiles

SYSTEMS AND METHODS FOR ENABLING ASSURED RECORDS USING FINE GRAINED AUDITING OF VIRTUAL PRIVATE NETWORK TRAFFIC

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

141 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

SYSTEMS AND METHODS FOR ENABLING ASSURED RECORDS USING FINE GRAINED AUDITING OF VIRTUAL PRIVATE NETWORK TRAFFIC

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

141 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others