Policy driven fine grain URL encoding mechanism for SSL VPN clientless access

US 9,009,813 B2
Filed: 02/04/2014
Issued: 04/14/2015
Est. Priority Date: 01/26/2008
Status: Active Grant

First Claim

Patent Images

1. A method for determining an encoding scheme of a uniform resource locator (URL) from a plurality of encoding schemes, the method comprising:

(a) receiving, by a device, a communication from a server, the communication comprising a uniform resource locator (URL);

(b) selecting, by the device, an encoding scheme from a plurality of encoding schemes to modify the URL, each of the plurality of encoding schemes providing a different type of obfuscation of at least a portion of the URL;

(c) modifying, by the device, the URL to obfuscate at least the portion of the URL according to the selected encoding scheme; and

(d) maintaining, by the device, a mapping of the URL to the modified URL.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present disclosure presents methods, systems and intermediaries which determine an encoding scheme of a uniform resource location (URL) from a plurality of encoding schemes for a clientless secure socket layer virtual private network (SSL VPN) via a proxy. An intermediary may receive a response from a server comprising a URL. The response from the server may be directed to a client via a SSL VPN session and via the intermediary. The intermediary may determine, responsive to an encoding policy, one of a transparent, opaque or encrypted encoding scheme for encoding the URL. The intermediary may rewrite the URL for transmission to the client in accordance with the determined encoding scheme.

9 Citations

View as Search Results

20 Claims

1. A method for determining an encoding scheme of a uniform resource locator (URL) from a plurality of encoding schemes, the method comprising:
- (a) receiving, by a device, a communication from a server, the communication comprising a uniform resource locator (URL);
  
  (b) selecting, by the device, an encoding scheme from a plurality of encoding schemes to modify the URL, each of the plurality of encoding schemes providing a different type of obfuscation of at least a portion of the URL;
  
  (c) modifying, by the device, the URL to obfuscate at least the portion of the URL according to the selected encoding scheme; and
  
  (d) maintaining, by the device, a mapping of the URL to the modified URL.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, further comprising forwarding, by the device, the communication with the modified URL instead of the URL.
  - 3. The method of claim 1, further comprising receiving, by the device, a second communication from a client, the second communication comprising the modified URL.
  - 4. The method of claim 3, further comprising identifying, by the device via the mapping, the URL for the modified URL, modifying the second communication to have the URL instead of the modified URL and forwarding the modified second communication to the server.
  - 5. The method of claim 1, wherein step (b) further comprises selecting, by the device, the encoding scheme based on applying a policy to the communication.
  - 6. The method of claim 1, wherein step (b) further comprises selecting, by the device, the encoding scheme for a session between the client and the server.
  - 7. The method of claim 1, wherein modifying the URL to obfuscate at least the portion of the URL further comprises replacing the portion of the URL with a different URL in accordance with the selected encoding scheme.
  - 8. The method of claim 1, wherein modifying the URL to obfuscate at least the portion of the URL further comprises encrypting at least the portion of the URL in accordance with the selected encoding scheme.
  - 9. The method of claim 1, wherein modifying the URL to obfuscate at least the portion of the URL further comprises transforming at least the portion of the URL using a reversible transformation function in accordance with the selected encoding scheme.
  - 10. The method of claim 1, wherein modifying the URL to obfuscate at least the portion of the URL further comprises rewriting at least the portion of the URL to have a unique identifier generated by the device and in accordance with the selected encoding scheme.

11. A system for determining an encoding scheme of a uniform resource locator (URL) from a plurality of encoding schemes, the system comprising:
- a device configure to receive a communication from a server, the communication comprising a uniform resource locator (URL);
  
  a plurality of encoding schemes configured on the device, each of the plurality of encoding schemes providing a different type of obfuscation of at least a portion of the URL; and
  
  wherein the device is configured to select an encoding scheme from the plurality of encoding schemes to modify the URL modify, the URL to obfuscate at least the portion of the URL according to the selected encoding scheme, and maintain a mapping of the URL to the modified URL.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The system of claim 11, wherein the device is further configured to forward the communication with the modified URL instead of the URL.
  - 13. The system of claim 11, wherein the device is further configured to receive a second communication from a client, the second communication comprising the modified URL.
  - 14. The system of claim 13, wherein the device is further configured to identify, via the mapping, the URL for the modified URL, modify the second communication to have the URL instead of the modified URL and forward the modified second communication to the server.
  - 15. The system of claim 11, wherein the device is further configured to select the encoding scheme based on applying a policy to the communication.
  - 16. The system of claim 11, wherein the device is further configured to select the encoding scheme for a session between the client and the server.
  - 17. The system of claim 11, wherein the device is further configured to modify the URL to obfuscate at least the portion of the URL by replacing the portion of the URL with a different URL in accordance with the selected encoding scheme.
  - 18. The system of claim 11, wherein the device is further configured to modify the URL to obfuscate at least the portion of the URL by encrypting at least the portion of the URL in accordance with the selected encoding scheme.
  - 19. The system of claim 11, wherein the device is further configured to modify the URL to obfuscate at least the portion of the URL further by transforming at least the portion of the URL using a reversible transformation function in accordance with the selected encoding scheme.
  - 20. The system of claim 11, wherein the device is further configured to modify the URL to obfuscate at least the portion of the URL further by rewriting at least the portion of the URL to have a unique identifier generated by the device and in accordance with the selected encoding scheme.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Citrix Systems, Inc. (Cloud Software Group)
Original Assignee
Citrix Systems, Inc. (Cloud Software Group)
Inventors
Agarwal, Puneet, Thakur, Ravindra Nath, Gavini, Anil Kumar
Primary Examiner(s)
Zand, Kambiz
Assistant Examiner(s)
KAPLAN, BENJAMIN A

Application Number

US14/172,385
Publication Number

US 20140157358A1
Time in Patent Office

434 Days
Field of Search

713/160, 716/15, 726/15
US Class Current

726/15
CPC Class Codes

H04L 63/0227   Filtering policies mail mes...

H04L 63/0272   Virtual private networks

H04L 63/105   Multiple levels of security

H04L 63/1441   Countermeasures against mal...

H04L 63/166   at the transport layer

Policy driven fine grain URL encoding mechanism for SSL VPN clientless access

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

9 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Policy driven fine grain URL encoding mechanism for SSL VPN clientless access

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

9 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links