SYSTEMS AND METHODS FOR USING A CLIENT AGENT TO MANAGE HTTP AUTHENTICATION COOKIES

US 20140109202A1
Filed: 09/30/2013
Published: 04/17/2014
Est. Priority Date: 08/03/2006
Status: Active Grant

First Claim

Patent Images

1-16. -16. (canceled)

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods are described for using a client agent to manage HTTP authentication cookies. One method includes intercepting, by a client agent executing on a client, a connection request from the client; establishing, by the client agent, a transport layer virtual private network connection with a network appliance; transmitting, by the client agent via the established connection, an HTTP request comprising an authentication cookie; and transmitting, by the client agent via the connection, the connection request. A second method includes intercepting, by a client agent executing on a client, an HTTP communication comprising a cookie from an appliance on a virtual private network to the client; removing, by the client agent, the cookie from the HTTP communication; storing, by the client agent, the received cookie; transmitting, by the client agent, the modified HTTP communication to an application executing on the client; intercepting, by the client agent, an HTTP request from the client; inserting, by the client agent in the HTTP request, the received cookie; and transmitting the modified HTTP request to the appliance. Corresponding systems are also described.

17 Citations

View as Search Results

36 Claims

1-16. -16. (canceled)

17. A method for using a Hypertext Transfer Protocol (HTTP) cookie to authenticate a transport layer connection, the method comprising:
- (a) establishing, by an agent executing on a client, a first transport layer connection with a device intermediary to the client and a server;
  
  (b) receiving, by an agent executing on the client, a first request from an application on the client to establish a second transport layer connection with a server;
  
  (c) transmitting, by the agent, to the device via the first transport layer connection a Hypertext Transfer Protocol (HTTP) request to authenticate the second transport layer connection request prior to transmitting the second request of the application to the device; and
  
  (d) transmitting, by the agent to the device responsive to receiving from the device an HTTP response indicating successful authentication, the first request to establish a second transport layer connection with the server via the first transport layer connection.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26, 28, 29, 30, 31, 32, 33, 34, 35, 36)
- - 18. The method of claim 17, wherein step (a) further comprises establishing, by the agent, the first transport layer connection comprising a secure virtual private network connection with the device.
  - 19. The method of claim 17, wherein step (b) further comprising intercepting, by the agent, the first request and establishing a third transport layer connection with the application.
  - 20. The method of claim 17, wherein step (c) further comprises queuing, by the agent while waiting for the HTTP response, data received from the application to be transmitted via the second transport layer connection.
  - 21. The method of claim 20, further comprising transmitting, by the agent responsive to acceptance of the cookie, the queued data via the first transport layer connection to be transmitted via the second transport layer connection to the server.
  - 22. The method of claim 21, further comprising transmitting, by the device, the queued data via the second transport layer connection established by the device with the server.
  - 23. The method of claim 17, further comprising establishing, by the device, the second transport layer connection with the server responsive to receiving the first request via the first transport layer connection.
  - 24. The method of claim 17, wherein step (c) further comprises transmitting, by the agent, the HTTP request comprising an authentication cookie having user authentication credentials.
  - 25. The method of claim 24, wherein step (d) further comprises receiving, by the agent, the HTTP response comprising an indication of acceptance of the authentication cookie.
  - 26. The method of claim 17, wherein the agent operates at or below a transport layer of a network stack of the client.
  - 28. The system of claim 17, wherein the agent is further configured to establish the first transport layer connection comprising a secure virtual private network connection with the device.
  - 29. The system of claim 17, wherein the agent is further configured to intercept the first request and establish a third transport layer connection with the application.
  - 30. The system of claim 17, wherein the agent is further configured to queue, while waiting for the HTTP response, data received from the application to be transmitted via the second transport layer connection.
  - 31. The system of claim 30, wherein the agent is further configured to transmit, responsive to acceptance of the cookie, the queued data via the first transport layer connection to be transmitted via the second transport layer connection to the server.
  - 32. The system of claim 31, wherein the agent is further configured to transmit the queued data via the second transport layer connection established by the device with the server.
  - 33. The system of claim 31, wherein the agent is further configured to establish the second transport layer connection with the server responsive to receiving the first request via the first transport layer connection.
  - 34. The system of claim 31, wherein the agent is further configured to transmit the HTTP request comprising an authentication cookie having user authentication credentials.
  - 35. The system of claim 34, wherein the agent is further configured to receive the HTTP response comprising an indication of acceptance of the authentication cookie.
  - 36. The system of claim 31, wherein the agent is further configured to operate at or below a transport layer of a network stack of the client.

27. A system for using a Hypertext Transfer Protocol (HTTP) cookie to authenticate a transport layer connection, the system comprising:
- an agent executable on a client and configured to establish a first transport layer connection with a device intermediary to the client and a server and receive a first request from an application on the client to establish a second transport layer connection with a server;
  
  wherein the agent is configured to transmit to the device via the first transport layer connection a Hypertext Transfer Protocol (HTTP) request to authenticate the second transport layer connection request prior to transmitting the second request of the application to the device, and responsive to receiving from the device an HTTP response indicating successful authentication, to transmit the first request to establish a second transport layer connection with the server via the first transport layer connection.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Citrix Systems, Inc. (Cloud Software Group)
Original Assignee
Citrix Systems, Inc. (Cloud Software Group)
Inventors
He, Junxiao, Soni, Ajay, Venkatraman, Charu

Granted Patent

US 9,544,285 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/5
CPC Class Codes

H04L 63/08   for authentication of entit...

H04L 63/145   the attack involving the pr...

H04L 67/02   based on web technology, e....

H04L 67/568   Storing data temporarily at...

SYSTEMS AND METHODS FOR USING A CLIENT AGENT TO MANAGE HTTP AUTHENTICATION COOKIES

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

17 Citations

36 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEMS AND METHODS FOR USING A CLIENT AGENT TO MANAGE HTTP AUTHENTICATION COOKIES

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

17 Citations

36 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links