Systems and methods for managing a plurality of user sessions in a virtual private network environment

US 8,356,101 B2
Filed: 01/31/2012
Issued: 01/15/2013
Est. Priority Date: 08/03/2006
Status: Active Grant

First Claim

Patent Images

1. A method for establishing a virtual private network session on behalf of a user of a client where the user has a currently existing virtual private network session previously established on behalf of the user, the method comprising:

(a) receiving, by a receiver of a device intermediary to a client operated by the user and one or more servers, a request from the client to establish a second virtual private network session, the user having a currently existing first virtual private network session previously established on behalf of the user;

(b) creating, by a packet engine of the device, a second virtual private network session with the client, the second virtual private network session prevented from receiving data from the client;

(c) communicating, by the packet engine to the client, properties identified from the currently existing virtual private network session, the client determining, on behalf of the user, to terminate the first virtual private network session based on the identified properties;

(d) receiving, by the receiver from the client, a second request to terminate the first virtual private network session based on the determination; and

(e) establishing a third virtual private network session with the client using the second virtual private network session, the third virtual private network session enabled for receiving data from the client.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods for establishing an SSL/VPN session on behalf of a user of a client where the user has a previously existing session are described. Methods include receiving, by an appliance, a request from a first client operated by a user to establish a virtual private network session; creating, by the appliance, a temporary virtual private network session with the client; identifying, by the appliance, an existing virtual private network session previously established on behalf of the user; terminating the previous session; and creating a new virtual private network session with the client using the temporary session. Other methods may further include transmitting a request to a user corresponding to whether to terminate one or more previous sessions, and transferring session data from a previously existing session to a current session. Corresponding systems are also described.

47 Citations

View as Search Results

20 Claims

1. A method for establishing a virtual private network session on behalf of a user of a client where the user has a currently existing virtual private network session previously established on behalf of the user, the method comprising:
- (a) receiving, by a receiver of a device intermediary to a client operated by the user and one or more servers, a request from the client to establish a second virtual private network session, the user having a currently existing first virtual private network session previously established on behalf of the user;
  
  (b) creating, by a packet engine of the device, a second virtual private network session with the client, the second virtual private network session prevented from receiving data from the client;
  
  (c) communicating, by the packet engine to the client, properties identified from the currently existing virtual private network session, the client determining, on behalf of the user, to terminate the first virtual private network session based on the identified properties;
  
  (d) receiving, by the receiver from the client, a second request to terminate the first virtual private network session based on the determination; and
  
  (e) establishing a third virtual private network session with the client using the second virtual private network session, the third virtual private network session enabled for receiving data from the client.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein step (a) further comprises authenticating, by the packet engine, the user.
  - 3. The method of claim 1, wherein step (c) further comprises transmitting, from the packet engine to the client, a request for information on whether to terminate the first virtual private network session.
  - 4. The method of claim 1, wherein step (c) further comprises determining, by the packet engine, that the first virtual private network session comprises a virtual private network session that is not fully established.
  - 5. The method of claim 1, wherein step (c) further comprises transferring, by the packet engine, data corresponding to the first virtual private network session, comprising one or more of:
    - a session key, an internal address, an authentication credential, and a client address, to the second virtual private network session.
  - 6. The method of claim 1, wherein step (c) further comprises transferring, by the packet engine, a virtual private network address corresponding to the first virtual private network session to the third virtual private network session.
  - 7. The method of claim 1, wherein step (a) comprises identifying, by the packet engine, a plurality of currently existing virtual private network sessions previously established on behalf of the user.
  - 8. The method of claim 7, wherein step (d) comprises receiving, by the receiver from the client, a response comprising an indication to terminate one of the plurality of currently existing virtual private network sessions.
  - 9. The method of claim 7, wherein step (c) comprises transmitting, from the packet engine to the client, a request for information on whether to terminate one of the plurality of currently existing virtual private network sessions.
  - 10. The method of claim 1, wherein step (a) comprises receiving the request to establish the virtual private network session via a first transport layer connection, the currently existing virtual private network session associated with a second transport layer connection.

11. A system for establishing a virtual private network session on behalf of a user of a client where the user has a currently existing virtual private network session previously established on behalf of the user, the system comprising:
- a receiver of a device intermediary between a client and a server, receiving a request from the client operated by a user to establish a second virtual private network session, the user having a currently existing first virtual private network session previously established on behalf of the user; and
  
  a packet engine of the device creating a second virtual private network session with the client, the second virtual private network session prevented from receiving data from the client, and communicating to the client properties identified from the currently existing virtual private network session, the client determining, on behalf of the user, to terminate the first virtual private network session based on the identified properties,wherein the packet engine receives from the client a second request to terminate the first virtual private network session based on the determination, and establishes a third virtual private network session with the client using the second virtual private network session, the third virtual private network session enabled for receiving data from the client.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The system of claim 11, wherein the packet engine further authenticates the user.
  - 13. The system of claim 11, wherein the packet engine transmits to the client a request for information on whether to terminate the first virtual private network session.
  - 14. The system of claim 11, wherein the packet engine determines that the first virtual private network session comprises a virtual private network session that is not fully established.
  - 15. The system of claim 11, wherein the packet engine transfers data corresponding to the first virtual private network session, comprising one or more of:
    - a session key, an internal address, an authentication credential, and a client address, to the second virtual private network session.
  - 16. The system of claim 11, wherein the packet engine transfers a virtual private network address corresponding to the first virtual private network session to the third virtual private network session.
  - 17. The system of claim 11, wherein the packet engine identifies a plurality of currently existing virtual private network sessions previously established on behalf of the user.
  - 18. The system of claim 17, wherein the receiver receives from the client a response comprising an indication to terminate one of the plurality of currently existing virtual private network sessions.
  - 19. The system of claim 17, wherein the packet engine transmits to the client a request for information on whether to terminate the one of the plurality of currently existing virtual private network sessions.
  - 20. The system of claim 11, wherein the receiver receives the request to establish the virtual private network session via a first transport layer connection, the currently existing virtual private network session associated with a second transport layer connection.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Citrix Systems, Inc. (Cloud Software Group)
Original Assignee
Citrix Systems, Inc. (Cloud Software Group)
Inventors
Kumar, Arkesh, Harris, James, Soni, Ajay
Primary Examiner(s)
Nguyen, Phuoc
Assistant Examiner(s)
SISON, JUNE Y

Application Number

US13/362,346
Publication Number

US 20120131208A1
Time in Patent Office

350 Days
Field of Search

709/227
US Class Current

709/227
CPC Class Codes

H04L 12/4641   Virtual LANs, VLANs, e.g. v...

H04L 63/0272   Virtual private networks

H04L 67/14   Session management for real...

Systems and methods for managing a plurality of user sessions in a virtual private network environment

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

47 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for managing a plurality of user sessions in a virtual private network environment

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

47 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links