POLICY DRIVEN FINE GRAIN URL ENCODING MECHANISM FOR SSL VPN CLIENTLESS ACCESS

US 20090193513A1
Filed: 01/23/2009
Published: 07/30/2009
Est. Priority Date: 01/26/2008
Status: Active Grant

First Claim

Patent Images

1. A method for determining an encoding scheme of a uniform resource location (URL) from a plurality of encoding schemes for a clientless secure socket layer virtual private network (SSL VPN) via a proxy, the method comprising:

a) receiving, by an intermediary, a response from a server to a client via a SSL VPN session, the intermediary establishing the SSL VPN session between the client and the server, the response comprising a URL;

b) determining, by the intermediary, responsive to an encoding policy, an encoding scheme from a plurality of encoding schemes for encoding the URL; and

c) rewriting, by the intermediary, the URL for transmission to the client in accordance with the determined encoding scheme.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present disclosure presents methods, systems and intermediaries which determine an encoding scheme of a uniform resource location (URL) from a plurality of encoding schemes for a clientless secure socket layer virtual private network (SSL VPN) via a proxy. An intermediary may receive a response from a server comprising a URL. The response from the server may be directed to a client via a SSL VPN session and via the intermediary. The intermediary may determine, responsive to an encoding policy, one of a transparent, opaque or encrypted encoding scheme for encoding the URL. The intermediary may rewrite the URL for transmission to the client in accordance with the determined encoding scheme.

239 Citations

26 Claims

1. A method for determining an encoding scheme of a uniform resource location (URL) from a plurality of encoding schemes for a clientless secure socket layer virtual private network (SSL VPN) via a proxy, the method comprising:
- a) receiving, by an intermediary, a response from a server to a client via a SSL VPN session, the intermediary establishing the SSL VPN session between the client and the server, the response comprising a URL;
  
  b) determining, by the intermediary, responsive to an encoding policy, an encoding scheme from a plurality of encoding schemes for encoding the URL; and
  
  c) rewriting, by the intermediary, the URL for transmission to the client in accordance with the determined encoding scheme.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1, wherein the policy is a session policy determining at least one rule to trigger at least one action with respect to the established session.
  - 3. The method of claim 1, wherein the encoding scheme removes a portion of the URL.
  - 4. The method of claim 1, wherein the encoding scheme rewrites a portion of the URL with a portion of another URL.
  - 5. The method of claim 1, wherein the encoding scheme encrypts a portion of the URL using one or more encryption keys.
  - 6. The method of claim 1, wherein the encoding scheme is a transparent encoding scheme.
  - 7. The method of claim 1, wherein the encoding scheme is an opaque encoding scheme.
  - 8. The method of claim 1, wherein the encoding scheme transforms the URL using a reversible transformation mechanism.
  - 9. The method of claim 1, wherein the encoding scheme is an encrypted encoding scheme encrypting a portion of the URL.
  - 10. The method of claim 1, wherein the encoding scheme rewrites the URL to a unique identifier, the unique identifier uniquely identifying the URL.
  - 11. The method of claim 1, wherein the encoding scheme obfuscates an information relating a directory structure of the server from the URL.
  - 12. The method of claim 1, further comprising the steps of:
    - d) receiving, by the intermediary, a second response from the server to a second client via a second SSL VPN session, the intermediary establishing the second SSL VPN session between the second client and the server, the second response comprising a second URL;
      
      e) determining, by the intermediary, responsive to the encoding policy, a second encoding scheme from a plurality of encoding schemes for encoding the URL; and
      
      f) rewriting, by the intermediary, the second URL for transmission to the second client in accordance with the determined second encoding scheme.
  - 13. The method of claim 12, wherein the policy is a second SSL VPN session policy determining at least one rule to trigger at least one action with respect to the established SSL VPN session.

14. An intermediary for determining an encoding scheme of a uniform resource location (URL) from a plurality of encoding schemes for a clientless secure socket layer virtual private network (SSL VPN) via a proxy, the intermediary comprising:
- a packet engine for receiving a response from a server to a client via a SSL VPN session, the intermediary establishing the SSL VPN session between the client and the server, the response comprising a URL;
  
  a policy engine determining, responsive to an encoding policy, an encoding scheme from a plurality of encoding schemes for encoding the URL; and
  
  a rewriter, responsive to the policy engine, rewriting the URL for transmission to the client in accordance with the determined encoding scheme.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
- - 15. The intermediary of claim 14, wherein the policy is a session policy determining at least one rule to trigger at least one action with respect to the established SSL VPN session.
  - 16. The intermediary of claim 14, wherein the encoding scheme removes a portion of the URL.
  - 17. The intermediary of claim 14, wherein the encoding scheme rewrites a portion of the URL with a portion of another URL.
  - 18. The intermediary of claim 14, wherein the encoding scheme encrypts a portion of the URL using one or more encryption keys.
  - 19. The intermediary of claim 14, wherein the encoding scheme is a transparent encoding scheme.
  - 20. The intermediary of claim 14, wherein the encoding scheme is an opaque encoding scheme.
  - 21. The intermediary of claim 14, wherein the encoding scheme transforms the URL using a reversible transformation mechanism.
  - 22. The intermediary of claim 14, wherein the encoding scheme is an encrypted encoding scheme encrypting a portion of the URL.
  - 23. The intermediary of claim 14, wherein the encoding scheme rewrites the URL to a unique identifier, the unique identifier uniquely identifying the URL.
  - 24. The intermediary of claim 14, wherein the encoding scheme obfuscates an information relating a directory structure of the server from the URL.
  - 25. The intermediary of claim 14, further comprising the steps of:
    - the packet engine for receiving a second response from a server to a second client via a second SSL VPN session, the intermediary establishing the second SSL VPN session between the second client and the server, the second response comprising a second URL;
      
      the policy engine determining, responsive to an encoding policy, a second encoding scheme from the plurality of encoding schemes for encoding the second URL; and
      
      the rewriter, responsive to the policy engine, rewriting the second URL for transmission to the client in accordance with the determined second encoding scheme.
  - 26. The intermediary of claim 25, wherein the policy is a second SSL VPN session policy determining at least one rule to trigger at least one action with respect to the established second SSL VPN session.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Citrix Systems, Inc. (Cloud Software Group)
Original Assignee
Citrix Systems, Inc. (Cloud Software Group)
Inventors
Gavini, Anil Kumar, Thakur, Ravindra Nath, Agarwal, Puneet

Granted Patent

US 8,646,067 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/15
CPC Class Codes

H04L 63/0227   Filtering policies mail mes...

H04L 63/0272   Virtual private networks

H04L 63/105   Multiple levels of security

H04L 63/1441   Countermeasures against mal...

H04L 63/166   at the transport layer

POLICY DRIVEN FINE GRAIN URL ENCODING MECHANISM FOR SSL VPN CLIENTLESS ACCESS

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

239 Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

POLICY DRIVEN FINE GRAIN URL ENCODING MECHANISM FOR SSL VPN CLIENTLESS ACCESS

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

239 Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links