Systems and methods for managing a plurality of user sessions in a virtual private network environment

US 8,108,525 B2
Filed: 08/03/2006
Issued: 01/31/2012
Est. Priority Date: 08/03/2006
Status: Active Grant

First Claim

Patent Images

1. A method for establishing a virtual private network session on behalf of a user of a client where the user has a currently existing virtual private network session previously established on behalf of the user, the method comprising:

(a-a) receiving, by an appliance, a first request from a first client operated by a user to establish a virtual private network session;

(a-b) establishing, by the appliance in response to the first request, a first virtual private network session with the first client;

(b-a) receiving, by the appliance, a second request from a second client operated by the user to establish a virtual private network session;

(b-b) creating, by the appliance in response to the second request, a second virtual private network session with the second client, the second virtual private network session identified by the appliance as temporary and prevented from receiving data from the second client;

(c-a) identifying, by the appliance in response to the creation of the second virtual private network session, the first virtual private network session of the user as a currently existing virtual private network session previously established on behalf of the user;

(c-b) communicating, by the appliance to the second client, properties identified from the currently existing virtual private network session, the second client determining, on behalf of the user, to terminate the first virtual private network session based on the identified properties;

(d-a) receiving, by the appliance from the second client, a third request to terminate the first virtual private network session based on the determination;

(d-b) terminating, by the appliance responsive to the third request, the first virtual private network session; and

(e) establishing a third virtual private network session with the client using the second virtual private network session, the third virtual private network session enabled for receiving data from the client.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods for establishing an SSL/VPN session on behalf of a user of a client where the user has a previously existing session are described. Methods include receiving, by an appliance, a request from a first client operated by a user to establish a virtual private network session; creating, by the appliance, a temporary virtual private network session with the client; identifying, by the appliance, an existing virtual private network session previously established on behalf of the user; terminating the previous session; and creating a new virtual private network session with the client using the temporary session. Other methods may further include transmitting a request to a user corresponding to whether to terminate one or more previous sessions, and transferring session data from a previously existing session to a current session. Corresponding systems are also described.

71 Citations

View as Search Results

29 Claims

1. A method for establishing a virtual private network session on behalf of a user of a client where the user has a currently existing virtual private network session previously established on behalf of the user, the method comprising:
- (a-a) receiving, by an appliance, a first request from a first client operated by a user to establish a virtual private network session;
  
  (a-b) establishing, by the appliance in response to the first request, a first virtual private network session with the first client;
  
  (b-a) receiving, by the appliance, a second request from a second client operated by the user to establish a virtual private network session;
  
  (b-b) creating, by the appliance in response to the second request, a second virtual private network session with the second client, the second virtual private network session identified by the appliance as temporary and prevented from receiving data from the second client;
  
  (c-a) identifying, by the appliance in response to the creation of the second virtual private network session, the first virtual private network session of the user as a currently existing virtual private network session previously established on behalf of the user;
  
  (c-b) communicating, by the appliance to the second client, properties identified from the currently existing virtual private network session, the second client determining, on behalf of the user, to terminate the first virtual private network session based on the identified properties;
  
  (d-a) receiving, by the appliance from the second client, a third request to terminate the first virtual private network session based on the determination;
  
  (d-b) terminating, by the appliance responsive to the third request, the first virtual private network session; and
  
  (e) establishing a third virtual private network session with the client using the second virtual private network session, the third virtual private network session enabled for receiving data from the client.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 26, 27, 28)
- - 2. The method of claim 1, wherein step (a-a) comprises receiving, by the appliance, the request from the first client operated by the user to establish an SSL virtual private network session.
  - 3. The method of claim 1, wherein step (a-a) further comprises the step of:
    - authenticating, by the appliance, the user.
  - 4. The method of claim 1, wherein step (c-b) further comprises the step of:
    - receiving, by the appliance from the second client, a response comprising an indication to terminate the first virtual private network session.
  - 5. The method of claim 1, wherein step (c-a) further comprises the step of:
    - transmitting, from the appliance to the second client, a request for information corresponding to whether to terminate the first virtual private network session.
  - 6. The method of claim 1, wherein step (c-a) further comprisesdetermining, by the appliance, that the first virtual private network session comprising the currently existing virtual private network session is not fully established.
  - 7. The method of claim 1, wherein step (c-a) further comprises transferring, by the appliance, session data corresponding to the first virtual private network session to the second virtual private network session.
  - 8. The method of claim 1, wherein step (c-a) further comprises transferring, by the appliance, a virtual private network address corresponding to the first virtual private network session to the third virtual private network session.
  - 9. The method of claim 1, wherein step (c-a) comprises identifying, by the appliance, a plurality of currently existing virtual private network sessions previously established on behalf of the user.
  - 10. The method of claim 1, wherein step (c-b) comprises the steps of:
    - identifying, by the appliance, a plurality of currently existing virtual private network sessions previously established on behalf of the user; and
      
      receiving, by the appliance from the second client, a response comprising an indication to terminate one of the plurality of currently existing virtual private network sessions.
  - 11. The method of claim 10, further comprisingtransmitting, from the appliance to the second client, a request for information corresponding to whether to terminate one of the plurality of currently existing virtual private network sessions.
  - 12. The method of claim 1, wherein the request to establish the virtual private network session is received via a first transport layer connection, and the currently existing virtual private network session is associated with a second transport layer connection.
  - 26. The method of claim 1, wherein a client agent executing on the client determines to terminate the first virtual private network session based on the identified properties, the client agent downloaded from another computing device.
  - 27. The method of claim 1, wherein a client agent executing on the client determines to terminate the first virtual private network session based on the identified properties, the appliance establishing the third virtual private network session with the client agent.
  - 28. The method of claim 1, wherein the third request further comprises a request to transfer data associated with the currently existing virtual private network session to the second virtual private network session.

13. A system for establishing a virtual private network session on behalf of a user of a client where the user has a currently existing virtual private network session previously established on behalf of the user, the system comprising:
- an appliance connected to a network and having a hardware processor, which receives a first request from a first client operated by a user to establish a virtual private network session;
  
  establishes, in response to the first request, a first virtual private network session with the first client;
  
  receives a second request from a second client operated by the user to establish a virtual private network session;
  
  creates, by the appliance in response to the second request, a second virtual private network session with the second client , the second virtual private network session identified by the appliance as temporary and prevented from receiving data from the second client;
  
  identifies, in response to the creation of the second virtual private network session, the first virtual private network session of the user as a currently existing virtual private network session previously established on behalf of the user;
  
  communicates to the second client properties identified from the currently existing virtual private network session, the second client determining, on behalf of the user, to terminate the first virtual private network session based on the identified properties;
  
  receives, from the second client, a third request to terminate the first virtual private network session based on the determination;
  
  terminates the second virtual private network session responsive to the third request; and
  
  establishes a third virtual private network session with the second client using the second virtual private network session, the third virtual private network session enabled for receiving data from the second client.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
- - 14. The system of claim 13, wherein the appliance receives the request from the first client operated by the user to establish an SSL virtual private network session.
  - 15. The system of claim 13, wherein the appliance receives the request from the first client operated by the user to establish the virtual private network session;
    - and authenticates, by the appliance, the user.
  - 16. The system of claim 13, wherein the appliance receives, from the second client, a response comprising an indication to terminate the first virtual private network session.
  - 17. The system of claim 13, wherein the appliance transmits, to the second client, a request for information corresponding to whether to terminate the first virtual private network session;
    - and receives from the second client, a response comprising an indication to terminate the first virtual private network session.
  - 18. The system of claim 13, wherein the appliance determines, by the appliance, that the second virtual private network session comprising the currently existing virtual private network session is not fully established.
  - 19. The system of claim 13, wherein the appliance transfers session data corresponding to the currently existing session to the third virtual private network session.
  - 20. The system of claim 13, wherein the appliance transfers a virtual private network address corresponding to the currently existing session to the third virtual private network session.
  - 21. The system of claim 13, wherein the appliance identifies a plurality of currently existing virtual private network sessions previously established on behalf of the user.
  - 22. The system of claim 13, wherein the appliance identifies a plurality of currently existing virtual private network sessions previously established on behalf of the user;
    - and receives from the second client, a response comprising an indication to terminate one of the plurality of currently existing virtual private network sessions.
  - 23. The system of claim 13, wherein the appliance identifies a plurality of currently existing virtual private network sessions previously established on behalf of the user;
    - transmits, from the appliance to the second client, a request for information corresponding to whether to terminate one of the plurality of currently existing virtual private network sessions; and
      
      receives, by the appliance from the second client, a response comprising an indication to terminate one of the plurality of currently existing virtual private network sessions.
  - 24. The system of claim 13, wherein the request to establish the virtual private network session is received via a first transport layer connection, and the currently existing virtual private network session is associated with a second transport layer connection.

25. A method for establishing a virtual private network session on behalf of a user of a client where the user has a currently existing virtual private network session previously established on behalf of the user, the method comprising:
- (a) receiving, by an appliance, a first request from a first client operated by a user to establish a virtual private network session;
  
  (b) establishing, by the appliance in response to the first request, a first virtual private network session with the first client;
  
  (c) receiving, by the appliance, a second request from a second client operated by the user to establish a virtual private network session;
  
  (d) creating, by the appliance in response to the second request, a second virtual private network session with the second client, the second virtual private network session identified by the appliance as temporary and prevented from receiving data from the second client;
  
  (e) identifying, by the appliance in response to the creation of the second virtual private network session, the first virtual private network session as a currently existing virtual private network session previously established on behalf of the user;
  
  (f) identifying, by the appliance, properties from the currently existing virtual private network session;
  
  (g) requesting, by the appliance to the second client, whether to terminate the identified first virtual private network session based on the identified properties;
  
  (h) receiving by the appliance from the second client responsive to the request to the second client, an indication to terminate the first virtual private network session; and
  
  (i) establishing, responsive to the termination, a third virtual private network session with the client using the second virtual private network session, the third virtual private network session enabled for receiving data from the client.

29. A method for establishing a virtual private network session on behalf of a user of a client where the user has a currently existing virtual private network session previously established on behalf of the user, the method comprising:
- (a) receiving, by an appliance, a first request from a first client operated by a user to establish a virtual private network session;
  
  (b) establishing, by the appliance in response to the first request, a first virtual private network session with the first client;
  
  (c) receiving, by the appliance, a second request from a second client operated by the user to establish a virtual private network session;
  
  (d) creating, by the appliance in response to the second request, a second virtual private network session with the second client, the second virtual private network session identified by the appliance as temporary and prevented from receiving data from the second client;
  
  (e) identifying, by the appliance in response to the creation of the second virtual private network session, the first virtual private network session as a currently existing virtual private network session previously established on behalf of the user;
  
  (f) identifying, by the appliance, properties from the currently existing virtual private network session;
  
  (g) determining, by the appliance, to terminate the identified first virtual private network session based on the identified properties; and
  
  (h) establishing, responsive to the termination, a third virtual private network session with the client using the second virtual private network session, the third virtual private network session enabled for receiving data from the client.wherein the appliance determines to terminate the identified first virtual private network session if (i) the first virtual private network session is not fully established or (ii) a given period of time has passed since the last transmission via the first virtual private network session.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Citrix Systems, Inc. (Cloud Software Group)
Original Assignee
Citrix Systems, Inc. (Cloud Software Group)
Inventors
Kumar, Arkesh, Harris, James, Soni, Ajay
Primary Examiner(s)
Nguyen, Phuoc
Assistant Examiner(s)
SISON, JUNE Y

Application Number

US11/462,341
Publication Number

US 20080034057A1
Time in Patent Office

2,007 Days
Field of Search

709/227
US Class Current

709/227
CPC Class Codes

H04L 12/4641   Virtual LANs, VLANs, e.g. v...

H04L 63/0272   Virtual private networks

H04L 67/14   Session management for real...

Systems and methods for managing a plurality of user sessions in a virtual private network environment

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

71 Citations

29 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for managing a plurality of user sessions in a virtual private network environment

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

71 Citations

29 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links