Accessing Enterprise Resources While Providing Denial-of-Service Attack Protection

US 20150046997A1
Filed: 12/26/2013
Published: 02/12/2015
Est. Priority Date: 05/14/2013
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving, at a gateway from a client device, a request for a resource, the request comprising a location identifier associated with the resource;

redirecting, by a redirection message, the request to an authentication device that requests credentials for authentication, the redirection message comprising the location identifier;

retrieving, after authentication of the credentials, the location identifier from the client device; and

providing access to the resource based on the location identifier.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for accessing enterprise resources while providing denial-of-service attack protection. The method may include receiving, at a gateway from a client device, a request for a resource, the request comprising a location identifier associated with the resource. The method may further include redirecting, by a redirection message, the request to an authentication device that requests credentials for authentication, the redirection message comprising the location identifier. The method may also include retrieving, after authentication of the credentials, the location identifier from the client device. The method may additionally include providing access to the resource based on the location identifier.

75 Citations

View as Search Results

20 Claims

1. A method comprising:
- receiving, at a gateway from a client device, a request for a resource, the request comprising a location identifier associated with the resource;
  
  redirecting, by a redirection message, the request to an authentication device that requests credentials for authentication, the redirection message comprising the location identifier;
  
  retrieving, after authentication of the credentials, the location identifier from the client device; and
  
  providing access to the resource based on the location identifier.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, further comprising:
    - sending, to the client device, the location identifier in an identification cookie.
  - 3. The method of claim 2, further comprising:
    - expiring the identification cookie upon authentication of the credentials.
  - 4. The method of claim 3, further comprising:
    - providing a session cookie upon authentication of the credentials.
  - 5. The method of claim 2, wherein the retrieving comprises retrieving the location identifier from the identification cookie.
  - 6. The method of claim 2, wherein a value of the identification cookie is the location identifier.
  - 7. The method of claim 1, wherein the location identifier comprises a URL of the resource.
  - 8. The method of claim 1, wherein the gateway comprises a secure-sockets-layer virtual-private-network (SSLVPN) gateway.
  - 9. The method of claim 1, wherein the resource comprises an application store.
  - 10. The method of claim 1, wherein the client device uses a browser for communication and the request comprises an HTTP request.
  - 11. The method of claim 1, wherein the client device uses a secure application for communication.

12. A method comprising:
- receiving, at a gateway from a client device, a request for a resource, the client device being unauthenticated to the gateway, the request comprising a location identifier associated with the resource;
  
  sending, in response to the request, a redirection message comprising a redirect to an authentication device that requests credentials for authentication, the redirection message comprising a resource-identification cookie that comprises the location identifier;
  
  receiving, at the authentication device, user credentials and the resource-identification cookie;
  
  authenticating the user credentials;
  
  retrieving the location identifier;
  
  setting a session cookie in response to authenticating the user credentials;
  
  receiving a different request from the client device, the different request comprising the session cookie; and
  
  providing access to the requested resource in response to the different request.
- View Dependent Claims (13, 14, 15, 16, 17, 18)
- - 13. The method of claim 12, wherein authenticating the user credentials acts as a single sign on for accessing a plurality of enterprise resources.
  - 14. The method of claim 12, wherein receiving a request occurs via an application-specific VPN.
  - 15. The method of claim 12, further comprising:
    - storing the requested resource on a secure area of the client device.
  - 16. The method of claim 12, wherein the location identifier comprises a URL associated with the resource.
  - 17. The method of claim 12, wherein the location identifier is retrieved from the resource-identification cookie.
  - 18. The method of claim 12, further comprising:
    - redirecting the client device to the location identifier,wherein setting the session cookie is in response to authenticating the user credentials and redirecting the client device to the location identifier.

19. A method comprising:
- sending, to a gateway from a client device, a request for a resource, the client device being unauthenticated to the gateway, the request comprising a uniform resource locator (URL) identifying a location of the resource, access to the resource controlled by the gateway;
  
  receiving, in response to the request, a redirection message comprising a redirect to an authentication gateway that requests credentials for authentication, the redirection message comprising a resource-identification cookie that comprises the URL;
  
  sending, to the authentication gateway, the credentials for authentication and the resource-identification cookie;
  
  receiving, from the authentication gateway, a session cookie in response to the authentication gateway authenticating the credentials;
  
  expiring, upon receiving the session cookie, the resource-identification cookie;
  
  sending a different request from the client device, the different request comprising the session cookie;
  
  receiving access to the resource in response to the different request; and
  
  storing the requested resource on a secure area of the client device.
- View Dependent Claims (20)
- - 20. The method of claim 19, wherein a computing device comprises the gateway and the authentication gateway.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Citrix Systems, Inc. (Cloud Software Group)
Original Assignee
Citrix Systems, Inc. (Cloud Software Group)
Inventors
Bhushan, Bharat, Kann, Jong, Rafiq, Pierre, Gupta, Punit

Granted Patent

US 9,344,426 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/7
CPC Class Codes

G06F 21/31   User authentication

H04L 63/0272   Virtual private networks

H04L 63/08   for authentication of entit...

H04L 63/0815   providing single-sign-on or...

H04L 63/083   using passwords cryptograph...

H04L 63/1458   Denial of Service

H04L 9/32   including means for verifyi...

Accessing Enterprise Resources While Providing Denial-of-Service Attack Protection

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

75 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Accessing Enterprise Resources While Providing Denial-of-Service Attack Protection

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

75 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links