Systems and methods for application based interception SSI/VPN traffic

US 8,495,181 B2
Filed: 08/03/2006
Issued: 07/23/2013
Est. Priority Date: 08/03/2006
Status: Active Grant

First Claim

Patent Images

1. A method for an agent of a client to intercept communications from the client to be transmitted via a virtual private network connection based on identification of the application, the method comprising the steps of:

(a) receiving, by an agent of a client of a first network, an application routing table identifying a first application authorized for access to a second network via a virtual private network connection established by an appliance and from which to intercept network communications for transmission via the virtual private network connection to the second network based on the application routing table, the first application identified via a name of an executable of the first application;

(b) determining, by the agent responsive to the identification, that a network communication from a plurality of network communications transmitted by the client originates from the first application identified by the name of the executable;

(c) intercepting, by the agent responsive to the determination, the network communication of the first application;

(d) transmitting, by the agent, the network communication of the first application via the virtual private network connection to the second network based on the application routing table;

(e) determining, by the agent, that at least one network communication from the plurality of network communications transmitted by the client originates from a second application not identified in the application routing table via a name of an executable of the second application; and

(f) allowing, by the agent, the at least one network communication to pass via a network stack of the client instead of the virtual private network connection.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for intercepting, by an agent of a client, communications from the client to be transmitted via a virtual private network connection includes the step of intercepting communications based on identification of an application from which the communication originates. The agent receives information identifying a first application. The agent determines a network communication transmitted by the client originates from the first application and intercepts that communication. The agent transmits the intercepted communication via the virtual private network connection.

249 Citations

18 Claims

1. A method for an agent of a client to intercept communications from the client to be transmitted via a virtual private network connection based on identification of the application, the method comprising the steps of:
- (a) receiving, by an agent of a client of a first network, an application routing table identifying a first application authorized for access to a second network via a virtual private network connection established by an appliance and from which to intercept network communications for transmission via the virtual private network connection to the second network based on the application routing table, the first application identified via a name of an executable of the first application;
  
  (b) determining, by the agent responsive to the identification, that a network communication from a plurality of network communications transmitted by the client originates from the first application identified by the name of the executable;
  
  (c) intercepting, by the agent responsive to the determination, the network communication of the first application;
  
  (d) transmitting, by the agent, the network communication of the first application via the virtual private network connection to the second network based on the application routing table;
  
  (e) determining, by the agent, that at least one network communication from the plurality of network communications transmitted by the client originates from a second application not identified in the application routing table via a name of an executable of the second application; and
  
  (f) allowing, by the agent, the at least one network communication to pass via a network stack of the client instead of the virtual private network connection.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, comprising determining, by the agent, a second network communication from the plurality of network communications originates from a second application on the client, and not intercepting the network communication.
  - 3. The method of claim 2, comprising transmitting, by the client, the second network communication via the first network.
  - 4. The method of claim 1, comprising transmitting, by the appliance, the application routing table to the agent.
  - 5. The method of claim 1, comprising transmitting, by the appliance, to the agent a name of the first application.
  - 6. The method of claim 1, comprising intercepting, by agent, network communications of a first set of applications on the client identified for transmission via the virtual private network connection, and not intercepting, by the agent, network communications of a second set of one or more applications on the client.
  - 7. The method of claim 1, comprising establishing, by the agent, the virtual private network connection to the second network via an appliance.
  - 8. The method of claim 7, comprising one of granting or denying, by the appliance, a level of access to the first application based on identification of the first application.
  - 9. The method of claim 8, comprising transmitting, by the agent, to the appliance an identification of the first application.

10. A system for an agent of a client to intercept communications from the client to be transmitted via a virtual private network connection based on identification of the application, the system comprising:
- a means for receiving, by an agent of a client of a first network, an application routing table identifying a first application authorized for access to a second network via a virtual private network connection established by an appliance and from which to intercept network communications for transmission via the virtual private network connection to the second network based on the application routing table, the first application identified via a name of an executable of the first application;
  
  a means for determining, by the agent responsive to the identification, that a network communication from a plurality of network communications transmitted by the client originates from the first application identified by the name of the executable;
  
  a means for intercepting, by the agent, responsive to the determination the network communication of the first application;
  
  a means for transmitting, by the agent, the network communication of the first application via the virtual private network connection to the second network based on the application routing table;
  
  a means for determining, by the agent, that at least one network communication from the plurality of network communications transmitted by the client originates from a second application not identified in the application routing table via a name of an executable of the second application; and
  
  a means for allowing, by the agent, the at least one network communication to pass via a network stack of the client instead of the virtual private network connection.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The system of claim 10, comprising a means for determining, by the agent, a second network communication from the plurality of network communications originates from a second application on the client, and not intercepting the network communication.
  - 12. The system of claim 11, comprising a means for transmitting, by the client, the second network communication via the first network.
  - 13. The system of claim 10, comprising a means for transmitting, by the appliance, the information to the agent.
  - 14. The system of claim 10, comprising a means for transmitting, by the appliance, to the agent a name of the first application.
  - 15. The system of claim 10, comprising a means for intercepting, by agent, network communications of a first set of applications on the client identified for transmission via the virtual private network connection, and not intercepting, by the agent, network communications of a second set of one or more applications on the client.
  - 16. The system of claim 10, comprising a means for establishing, by the agent, the virtual private network connection to the second network via an appliance.
  - 17. The system of claim 16, comprising a means for one of granting or denying, by the appliance, a level of access to the first application based on identification of the first application.
  - 18. The system of claim 17, comprising a means for transmitting, by the agent, to the appliance an identification of the first application.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Citrix Systems, Inc. (Cloud Software Group)
Original Assignee
Citrix Systems, Inc. (Cloud Software Group)
Inventors
Venkatraman, Charu, He, Junxiao, Mullick, Amarnath, Nanjundaswamy, Shashi, Harris, James, Soni, Ajay
Primary Examiner(s)
Backer, Firmin
Assistant Examiner(s)
COX, NATISHA D

Application Number

US11/462,321
Publication Number

US 20080034418A1
Time in Patent Office

2,546 Days
Field of Search

709/200
US Class Current

709/220
CPC Class Codes

H04L 63/0227   Filtering policies mail mes...

H04L 63/0272   Virtual private networks

H04L 63/0876   based on the identity of th...

H04L 63/102   Entity profiles

Systems and methods for application based interception SSI/VPN traffic

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

249 Citations

18 Claims

Specification

Use Cases

Quick Links

Others

Systems and methods for application based interception SSI/VPN traffic

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

249 Citations

18 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others