Systems and methods for using a client agent to manage HTTP authentication cookies

US 8,561,155 B2
Filed: 08/03/2006
Issued: 10/15/2013
Est. Priority Date: 08/03/2006
Status: Active Grant

First Claim

Patent Images

1. A method for using a client agent to enable HTTP cookie authentication in non-HTTP communications from a client, the method comprising:

(a) intercepting, by a client agent executing on a client, a non-HTTP connection request to a server from an application executing on the client, the non-HTTP connection request comprising a request to establish a transport layer connection with the server;

(b) establishing, by the client agent, a transport layer virtual private network connection between the client agent and a network appliance intermediary to the client and the server;

(c) transmitting, from the client agent via the established transport layer virtual private network connection responsive to the interception of the non-HTTP connection request, an HTTP request comprising an authentication cookie to the network appliance to authenticate the non-HTTP connection request prior to transmitting the non-HTTP connection request of the application to the network appliance; and

(d) transmitting, by the client agent via the transport layer virtual private network connection responsive to receiving from the network appliance an HTTP response comprising acceptance of the authentication cookie by the network appliance, the non-HTTP connection request to the server via the network appliance and any data for the non-HTTP connection queued by the client agent while waiting for receipt of the HTTP response indicating acceptance of the authentication cookie by the network appliance.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods are described for using a client agent to manage HTTP authentication cookies. One method includes intercepting, by a client agent executing on a client, a connection request from the client; establishing, by the client agent, a transport layer virtual private network connection with a network appliance; transmitting, by the client agent via the established connection, an HTTP request comprising an authentication cookie; and transmitting, by the client agent via the connection, the connection request. A second method includes intercepting, by a client agent executing on a client, an HTTP communication comprising a cookie from an appliance on a virtual private network to the client; removing, by the client agent, the cookie from the HTTP communication; storing, by the client agent, the received cookie; transmitting, by the client agent, the modified HTTP communication to an application executing on the client; intercepting, by the client agent, an HTTP request from the client; inserting, by the client agent in the HTTP request, the received cookie; and transmitting the modified HTTP request to the appliance. Corresponding systems are also described.

Citations

17 Claims

1. A method for using a client agent to enable HTTP cookie authentication in non-HTTP communications from a client, the method comprising:
- (a) intercepting, by a client agent executing on a client, a non-HTTP connection request to a server from an application executing on the client, the non-HTTP connection request comprising a request to establish a transport layer connection with the server;
  
  (b) establishing, by the client agent, a transport layer virtual private network connection between the client agent and a network appliance intermediary to the client and the server;
  
  (c) transmitting, from the client agent via the established transport layer virtual private network connection responsive to the interception of the non-HTTP connection request, an HTTP request comprising an authentication cookie to the network appliance to authenticate the non-HTTP connection request prior to transmitting the non-HTTP connection request of the application to the network appliance; and
  
  (d) transmitting, by the client agent via the transport layer virtual private network connection responsive to receiving from the network appliance an HTTP response comprising acceptance of the authentication cookie by the network appliance, the non-HTTP connection request to the server via the network appliance and any data for the non-HTTP connection queued by the client agent while waiting for receipt of the HTTP response indicating acceptance of the authentication cookie by the network appliance.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the client agent executes transparently with respect to one of the following network layers:
    - the application layer, the presentation layer, the session layer, or the transport layer.
  - 3. The method of claim 1, wherein step (a) comprises intercepting, by a client agent executing on a client, a transport layer connection request from the client, wherein the interception occurs at one of the following network layers:
    - the transport layer, the network layer, or the data layer.
  - 4. The method of claim 1, wherein step (a) comprises intercepting, by a client agent executing on a client, a TCP SYN packet.
  - 5. The method of claim 1, wherein step (c) comprises transmitting, by the client agent via the established connection, an HTTP request comprising an authentication cookie prior to any data being transmitted via the connection.
  - 6. The method of claim 1, wherein step (c) comprises transmitting by the client agent, in response to the determination that the connection has been established, an HTTP request comprising an authentication cookie, the cookie comprising user authentication credentials.
  - 7. The method of claim 1, wherein step (c) comprises transmitting, by the client agent via the established connection, an HTTP request comprising an authentication cookie, the cookie comprising application-specific authentication credentials.
  - 8. The method of claim 1, wherein step (c) further comprises receiving, by the client agent, an HTTP response, the HTTP response comprising an acceptance of the authentication cookie.

9. A computer implemented system for using a client agent to enable HTTP cookie authentication in non-HTTP communications from a client, the system comprising:
- a client computing device; and
  
  a client agent executing on the client, which intercepts a non-HTTP connection request to a server from an application on the client;
  
  establishes a transport layer virtual private network connection between the client agent and a network appliance intermediary to the client and the server, the non-HTTP connection request comprising a request to establish a transport layer connection with the server;
  
  transmits, from the client agent via the established transport layer virtual private network connection responsive to the interception of the non-HTTP connection request, an HTTP request comprising an authentication cookie to the network appliance to authenticate the non-HTTP connection request prior to transmitting the non-HTTP connection request of the application to the network appliance; and
  
  transmits, by the client agent via the transport layer virtual private network connection, responsive to receiving from the network appliance an HTTP response comprising acceptance of the authentication cookie by the network appliance, the non-HTTP connection request to the server via the network appliance and any data for the non-HTTP connection queued by the client agent while waiting for receipt of the HTTP response indicating acceptance of the authentication cookie by the network appliance.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The system of claim 9, wherein the client agent executes transparently with respect to one of the following network layers:
    - the application layer, the presentation layer, the session layer, or the transport layer.
  - 11. The system of claim 9, wherein the client agent intercepts a transport-layer connection request from the client, wherein the interception occurs at one of the following network layers:
    - the transport layer, the network layer, or the data layer.
  - 12. The system of claim 9, wherein the client agent intercepts a TCP SYN packet.
  - 13. The system of claim 9, wherein the client agent transmits, via the established connection, an HTTP request comprising an authentication cookie prior to any data being transmitted via the connection.
  - 14. The system of claim 9, wherein the client agent transmits, via the established connection, an HTTP request comprising an authentication cookie, the cookie comprising user authentication credentials.
  - 15. The system of claim 9, wherein the client agent transmits, via the established connection, an HTTP request comprising an authentication cookie, the cookie comprising application-specific authentication credentials.
  - 16. The system of claim 9, wherein the client agent receives an HTTP response, the HTTP response comprising an acceptance of the authentication cookie.

17. A method for using a client agent to enable HTTP cookie authentication in non-HTTP communications from a client, the method comprising:
- (a) receiving, by a client agent executing on a client, an authentication cookie from a network appliance intermediary to the client and a server;
  
  (b) intercepting, by the client agent, a first request of an application on the client to establish a non-HTTP connection with the server, the non-HTTP connection comprising a transport layer connection with the server;
  
  (c) transmitting, from the client agent via an established transport layer connection between the client agent and the network appliance, responsive to the interception of the first request of the application, a HTTP request comprising the authentication cookie to authenticate the non-HTTP connection for the first request by the network appliance prior to transmitting the first request of the application via the network appliance to the server; and
  
  (d) transmitting, by the client agent via the established transport layer connection, responsive to receiving a HTTP response identifying acceptance of the authentication cookie by the network appliance, the first request for the non-HTTP connection to the server via the network appliance and any data for the non-HTTP connection queued by the client agent while waiting for the receipt of the HTTP response.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Citrix Systems, Inc. (Cloud Software Group)
Original Assignee
Citrix Systems, Inc. (Cloud Software Group)
Inventors
He, Junxiao, Venkatraman, Charu, Soni, Ajay
Primary Examiner(s)
SHAW, YIN CHEN

Application Number

US11/462,300
Publication Number

US 20080034198A1
Time in Patent Office

2,630 Days
Field of Search

713150-153, 713/168, 726/2, 726/3, 726/5
US Class Current

726/5
CPC Class Codes

H04L 63/08   for authentication of entit...

H04L 63/145   the attack involving the pr...

H04L 67/02   based on web technology, e....

H04L 67/568   Storing data temporarily at...

Systems and methods for using a client agent to manage HTTP authentication cookies

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for using a client agent to manage HTTP authentication cookies

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links