Systems and Methods for Application Based Interception of SSL/VPN Traffic
First Claim
1. A method for an appliance to allow or deny a level of access by an application on a client to a resource via a virtual private network connection based on identification of the application, the method comprising the steps of:
- (a) establishing, by an appliance, a virtual private network connection between an application on a client on a first network and a server on a second network;
(b) receiving, by the appliance, an identifier of the application;
(c) associating, by the appliance, with the virtual private network connection an authorization policy based on the identifier of the application;
(d) receiving, by an appliance, a request from the application on the client to access via the virtual private network connection a resource on a second network; and
(e) determining, by the appliance, from the authorization policy to one of allow or deny access by the application to the resource based on the identifier of the application.
8 Assignments
0 Petitions
Accused Products
Abstract
A method for allowing or denying, by an appliance, access to a resource by an application on a client via a virtual private network connection includes basing the decision to allow or deny access on identification of the application. The appliance intercepts a request from an application on a client on a first network to access via a virtual private network connection a resource on a second network. The appliance identifies the application and associates with the intercepted request an authorization policy based on the identity of the application. The appliance determines, using the authorization policy and the identity of the application, to either allow or deny access by the application to the resource.
-
Citations
26 Claims
-
1. A method for an appliance to allow or deny a level of access by an application on a client to a resource via a virtual private network connection based on identification of the application, the method comprising the steps of:
-
(a) establishing, by an appliance, a virtual private network connection between an application on a client on a first network and a server on a second network; (b) receiving, by the appliance, an identifier of the application; (c) associating, by the appliance, with the virtual private network connection an authorization policy based on the identifier of the application; (d) receiving, by an appliance, a request from the application on the client to access via the virtual private network connection a resource on a second network; and (e) determining, by the appliance, from the authorization policy to one of allow or deny access by the application to the resource based on the identifier of the application. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A system for allowing or denying a level of access by an application on a client to a resource via a virtual private network connection based on identification of the application, the system comprising:
-
a means for establishing, by an appliance, a virtual private network connection between an application on a client on a first network and a server on a second network; a means for receiving, by the appliance, an identifier of the application; a means for associating, by the appliance, with the virtual private network connection an authorization policy based on the identifier of the application; a means for receiving, by an appliance, a request from the application on the client to access via the virtual private network connection a resource on a second network; and a means for determining, by the appliance, from the authorization policy to one of allow or deny access by the application to the resource based on the identifier of the application. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
-
Specification