Systems and methods for application-based interception of SSL/VPN traffic

US 9,294,439 B2
Filed: 07/16/2013
Issued: 03/22/2016
Est. Priority Date: 08/03/2006
Status: Active Grant

First Claim

Patent Images

1. A method for intercepting application communications for transmission via a virtual private network connection, the method comprising:

(a) receiving, by an agent of a client, an application routing table identifying one or more applications authorized for access via a virtual private network connection established with an device intermediary to the client and at least one server, each of the one or more applications identified via a name of an executable of the corresponding application;

(b) determining, by the agent, whether a first communication from the client is from a first application with a name of an executable identified by the received application routing table; and

(c) transmitting, by the agent based on the determination, the first communication via the virtual private network connection established with the device.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for intercepting, by an agent of a client, communications from the client to be transmitted via a virtual private network connection includes the step of intercepting communications based on identification of an application from which the communication originates. The agent receives information identifying a first application. The agent determines a network communication transmitted by the client originates from the first application and intercepts that communication. The agent transmits the intercepted communication via the virtual private network connection.

102 Citations

View as Search Results

20 Claims

1. A method for intercepting application communications for transmission via a virtual private network connection, the method comprising:
- (a) receiving, by an agent of a client, an application routing table identifying one or more applications authorized for access via a virtual private network connection established with an device intermediary to the client and at least one server, each of the one or more applications identified via a name of an executable of the corresponding application;
  
  (b) determining, by the agent, whether a first communication from the client is from a first application with a name of an executable identified by the received application routing table; and
  
  (c) transmitting, by the agent based on the determination, the first communication via the virtual private network connection established with the device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, comprising transmitting, by the device, the application routing table to the agent.
  - 3. The method of claim 1, comprising establishing, by the agent, the virtual private network connection with the device.
  - 4. The method of claim 1, comprising determining, by the agent, that a second communication is from a second application not identified in the application routing table, and allowing the second communication to pass via the client'"'"'s network stack.
  - 5. The method of claim 1, comprising determining, by the agent, that a second communication is from a second application not identified in the application routing table, and not intercepting the network communication.
  - 6. The method of claim 1, comprising determining, by the agent, the name of the executable of the first application via a system level or kernel level call.
  - 7. The method of claim 1, comprising determining, by the agent, the name of the executable of the first application via an application programming interface.
  - 8. The method of claim 1, comprising comparing, by the agent, information from the first communication with information in the application routing table.
  - 9. The method of claim 1, comprising one of granting or denying, by the device, a level of access to the first application based on identification of the first application.
  - 10. The method of claim 1, comprising transmitting, by the agent, to the device an identification of the first application.

11. A system for intercepting application communications for transmission via a virtual private network connection, the system comprising:
- an application routing table identifying one or more applications authorized for access via a virtual private network connection established with an device intermediary to a client and at least one server, each of the first one or more applications identified via a name of an executable of the corresponding application; and
  
  an agent of a client, configured for receiving the application routing table, determining, based on the identification, whether a first communication from the client is from an application with a name of an executable identified by the received application routing table, and transmitting, based on the determination, the first communication via the virtual private network connection established with the device.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The system of claim 11, wherein the application routing table is transmitted by the device to the agent.
  - 13. The system of claim 11, wherein the agent establishes the virtual private network connection with the device.
  - 14. The system of claim 11, wherein the agent determines that a second communication is from a second application not identified in the application routing table, and allows the second communication to pass via the client'"'"'s network stack.
  - 15. The system of claim 11, wherein the agent determines that a second communication is from a second application not identified in the application routing table, and does not intercept the network communication.
  - 16. The system of claim 11, wherein the agent determines the name of the executable of the first application via a system level or kernel level call.
  - 17. The system of claim 11, wherein the agent determines the name of the executable of the first application via an application programming interface.
  - 18. The system of claim 11, wherein the agent compares information from the first communication with information in the application routing table.
  - 19. The system of claim 11, wherein the device grants or denies a level of access to the first application based on identification of the first application.
  - 20. The system of claim 11, wherein the agent transmits to the device an identification of the first application.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Citrix Systems, Inc. (Cloud Software Group)
Original Assignee
Citrix Systems, Inc. (Cloud Software Group)
Inventors
Venkatraman, Charu, He, Junxiao, Mullick, Amarnath, Nanjundaswamy, Shashi, Harris, James, Soni, Ajay
Primary Examiner(s)
COX, NATISHA D

Application Number

US13/943,662
Publication Number

US 20130304881A1
Time in Patent Office

980 Days
Field of Search

726/15
US Class Current

1/1
CPC Class Codes

H04L 63/0227   Filtering policies mail mes...

H04L 63/0272   Virtual private networks

H04L 63/0876   based on the identity of th...

H04L 63/102   Entity profiles

Systems and methods for application-based interception of SSL/VPN traffic

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

102 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for application-based interception of SSL/VPN traffic

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

102 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links