Systems and methods for providing a smart group

US 9,363,292 B2
Filed: 08/25/2014
Issued: 06/07/2016
Est. Priority Date: 07/21/2010
Status: Active Grant

First Claim

Patent Images

1. A system comprising:

a device intermediary to a plurality of clients and one or more servers;

a policy manager configured on the device to establish a policy group to represent one or more access configurations for accessing one or more resources of the one or more servers,an interface of the policy manager configured to receive a configuration of a login point of the policy group that specifies a uniform resource locator to access the one or more resources;

wherein the interface of the policy manager is configured to receive a selected authentication method from a plurality of authentication methods to configure for the login point; and

wherein the interface of the policy manager is configured to provide a selection of one or more authorization methods assigned to the selected authentication method from a plurality of authorization methods configured on the device, the selection of one or more authorization methods assigned to the selected authentication method is different from a second selection of one or more authentication methods assigned to a second authentication method of the plurality of authentication methods.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention is directed towards systems and methods for establishing and applying a policy group to control a user'"'"'s access to an identified resource. A policy group representing an aggregate of one or more access configurations for a user to access one or more identified resources may be established via a policy manager. The policy group may include a login point component representing an entry point to access the identified resource. The login point may be configured via the policy manager to specify a uniform resource locator for the entry point. One or more authentication and authorization methods may be selected for the login point component. The device may receive a request to access the uniform resource locator. The device may initiate the policy group for evaluation. The device may initiate, with the user, one or more authentication and authorization methods specified by the login point component.

Citations

20 Claims

1. A system comprising:
- a device intermediary to a plurality of clients and one or more servers;
  
  a policy manager configured on the device to establish a policy group to represent one or more access configurations for accessing one or more resources of the one or more servers,an interface of the policy manager configured to receive a configuration of a login point of the policy group that specifies a uniform resource locator to access the one or more resources;
  
  wherein the interface of the policy manager is configured to receive a selected authentication method from a plurality of authentication methods to configure for the login point; and
  
  wherein the interface of the policy manager is configured to provide a selection of one or more authorization methods assigned to the selected authentication method from a plurality of authorization methods configured on the device, the selection of one or more authorization methods assigned to the selected authentication method is different from a second selection of one or more authentication methods assigned to a second authentication method of the plurality of authentication methods.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The system of claim 1, wherein the interface of the policy manager is further configured to receive the selection of an authorization method of the one or more authorization methods assigned to the selected authentication method.
  - 3. The system of claim 1, wherein the policy manager is further configured to limit the selection of an authorization method via the interface to the one or more authorization methods assigned to the selected authentication method.
  - 4. The system of claim 1, wherein each authentication method of the plurality of authentication methods is assigned at least one authorization method from the plurality of authorization methods.
  - 5. The system of claim 1, wherein the policy group comprises a device profile associated with the login point, the device profile identifying an end point analysis to perform for access via the login point.
  - 6. The system of claim 1, wherein the policy group comprises a second login point specifying a second uniform resource locator as a second entry point.
  - 7. The system of claim 1, wherein the interface of the policy manager is further configured to receive selections of two authentication methods for dual authentication of the login point.
  - 8. The system of claim 1, wherein the policy group specifies a type of resource of the one or more resources that is allowed access.
  - 9. The system of claim 1, wherein the policy group specifies a type of resource of the one or more resources that is denied access.
  - 10. The system of claim 1, wherein the policy group identifies the one or more resources.

11. A system comprisinga device intermediary to a plurality of clients and one or more servers;
- a policy group, configured on the device, to represent one or more access configurations for accessing one or more resources of the one or more servers, wherein configuration of a login point of the policy group specifies a uniform resource locator to access the one or more resources;
  
  wherein the device is configured to receive a request from a client to access a uniform resource locator of a server of the one or more servers corresponding to the login point of the policy group;
  
  wherein the device is configured to initiate, responsive to the request and the policy group, an authentication method specified by the login point from a plurality of different authentication methods configured on the device; and
  
  wherein the device is configured to select an authorization method from one or more authorization methods selected and assigned to the authentication method via configuration of the login point, selection of the one or more authorization methods assigned to the authentication method is different from a second selection of one or more authentication methods assigned to a second authentication method of the plurality of authentication methods.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The system of claim 11, wherein the device is further configured to identify a device profile of the policy group associated with the login point, the device profile identifying an end point analysis to perform for access via the login point.
  - 13. The system of claim 11, wherein the device is further configured to initiate the end point analysis on the client responsive to the request.
  - 14. The system of claim 11, wherein the device is further configured to initiate two authentication methods responsive to the requested based on the login point specifying dual authentication.
  - 15. The system of claim 11, wherein the device is further configured to receive a second request comprising a second uniform resource locator, the device further configured to identify the second uniform resource locator as a second entry point of the login group.
  - 16. The system of claim 11, wherein the device is further configured to identify from the policy group the one or more resources to which the client has access to.
  - 17. The system of claim 11, wherein the device is further configured to allow access by the client to a resource responsive to the policy group specifying a type of resource of the one or more resources that is allowed access.
  - 18. The system of claim 11, wherein the device is further configured to deny access by the client to a resource responsive to the policy group specifying a type of resource of the one or more resources that is allowed access.
  - 19. The system of claim 11, wherein the device is further configured to limit selection of an authorization method in the configuration of the login points to the one or more authorization methods assigned to the authentication method from a plurality of different authorization methods configured on the device.
  - 20. The system of claim 11, wherein each authentication method of the plurality of different authentication methods is assigned at least one authorization method from a plurality of different authorization methods configured on the device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Citrix Systems, Inc. (Cloud Software Group)
Original Assignee
Citrix Systems, Inc. (Cloud Software Group)
Inventors
Murgia, Marco, Tomlin, Larry, Bojer, Ivan, Kann, Jong, Rafiq, Pierre
Primary Examiner(s)
TRAN, ELLEN C

Application Number

US14/467,749
Publication Number

US 20140373090A1
Time in Patent Office

652 Days
Field of Search

726/1
US Class Current

1/1
CPC Class Codes

G06F 21/45   Structures or tools for the...

H04L 63/083   using passwords cryptograph...

H04L 63/102   Entity profiles

H04L 63/20   for managing network securi...

Systems and methods for providing a smart group

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for providing a smart group

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links