Systems and methods for using a client agent to manage HTTP authentication cookies

US 9,544,285 B2
Filed: 09/30/2013
Issued: 01/10/2017
Est. Priority Date: 08/03/2006
Status: Active Grant

First Claim

Patent Images

1. A method for using an authentication cookie to authenticate a transport layer connection, the method comprising:

(a) establishing, by an agent executing on a processor of a client, a first transport layer connection with a device intermediary to the client and a server;

(b) receiving, by the agent, a first request from an application on the client to establish a second transport layer connection with the server;

(c) transmitting, by the agent, to the device via the first transport layer connection a Hypertext Transfer Protocol (HTTP) request to authenticate the first request to establish the second transport layer connection, prior to transmitting the first request of the application to the device, the HTTP request comprising an authentication cookie;

(d) transmitting, by the agent to the device responsive to receiving from the device an HTTP response indicating successful authentication using the authentication cookie, the first request to establish the second transport layer connection with the server via the first transport layer connection; and

(e) transmitting, by the agent, via the second transport layer connection to the server, data received from the application.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods are described for using a client agent to manage HTTP authentication cookies. One method includes intercepting, by a client agent executing on a client, a connection request from the client; establishing, by the client agent, a transport layer virtual private network connection with a network appliance; transmitting, by the client agent via the established connection, an HTTP request comprising an authentication cookie; and transmitting, by the client agent via the connection, the connection request. A second method includes intercepting, by a client agent executing on a client, an HTTP communication comprising a cookie from an appliance on a virtual private network to the client; removing, by the client agent, the cookie from the HTTP communication; storing, by the client agent, the received cookie; transmitting, by the client agent, the modified HTTP communication to an application executing on the client; intercepting, by the client agent, an HTTP request from the client; inserting, by the client agent in the HTTP request, the received cookie; and transmitting the modified HTTP request to the appliance. Corresponding systems are also described.

Citations

16 Claims

1. A method for using an authentication cookie to authenticate a transport layer connection, the method comprising:
- (a) establishing, by an agent executing on a processor of a client, a first transport layer connection with a device intermediary to the client and a server;
  
  (b) receiving, by the agent, a first request from an application on the client to establish a second transport layer connection with the server;
  
  (c) transmitting, by the agent, to the device via the first transport layer connection a Hypertext Transfer Protocol (HTTP) request to authenticate the first request to establish the second transport layer connection, prior to transmitting the first request of the application to the device, the HTTP request comprising an authentication cookie;
  
  (d) transmitting, by the agent to the device responsive to receiving from the device an HTTP response indicating successful authentication using the authentication cookie, the first request to establish the second transport layer connection with the server via the first transport layer connection; and
  
  (e) transmitting, by the agent, via the second transport layer connection to the server, data received from the application.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein step (a) further comprises establishing, by the agent, the first transport layer connection comprising a secure virtual private network connection with the device.
  - 3. The method of claim 1, wherein step (b) further comprising intercepting, by the agent, the first request and establishing a third transport layer connection with the application.
  - 4. The method of claim 1, wherein step (c) further comprises queuing, by the agent while waiting for the HTTP response, the data received from the application to be transmitted via the second transport layer connection.
  - 5. The method of claim 4, wherein step (e) comprises transmitting, by the agent responsive to receiving the HTTP response, the queued data via the first transport layer connection to be transmitted via the second transport layer connection to the server.
  - 6. The method of claim 1, further comprising establishing, by the device, the second transport layer connection with the server responsive to receiving the first request via the first transport layer connection.
  - 7. The method of claim 1, wherein step (c) further comprises transmitting, by the agent, the HTTP request comprising the authentication cookie having user authentication credentials.
  - 8. The method of claim 1, wherein the agent operates at or below a transport layer of a network stack of the client.

9. A system for using an authentication cookie to authenticate a transport layer connection, the system comprising:
- a processor of a client;
  
  an agent executable on the processor of the client configured to;
  
  establish a first transport layer connection with a device intermediary to the client and a server;
  
  receive a first request from an application on the client to establish a second transport layer connection with the server;
  
  transmit to the device via the first transport layer connection a Hypertext Transfer Protocol (HTTP) request to authenticate the first request to establish the second transport layer connection, prior to transmitting the first request of the application to the device, the HTTP request comprising an authentication cookie;
  
  responsive to receiving from the device an HTTP response indicating using the authentication cookie, to transmit the first request to establish the second transport layer connection with the server via the first transport layer connection; and
  
  transmit, via the second transport layer connection to the server, data received from the application.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The system of claim 9, wherein the agent is further configured to establish the first transport layer connection comprising a secure virtual private network connection with the device.
  - 11. The system of claim 9, wherein the agent is further configured to intercept the first request and establish a third transport layer connection with the application.
  - 12. The system of claim 9, wherein the agent is further configured to queue, while waiting for the HTTP response, the data received from the application to be transmitted via the second transport layer connection.
  - 13. The system of claim 12, wherein the agent is further configured to transmit, responsive to receiving the HTTP response, the queued data via the first transport layer connection to be transmitted via the second transport layer connection to the server.
  - 14. The system of claim 13, wherein the agent is further configured to establish the second transport layer connection with the server responsive to receiving the first request via the first transport layer connection.
  - 15. The system of claim 13, wherein the agent is further configured to transmit the HTTP request comprising the authentication cookie having user authentication credentials.
  - 16. The system of claim 13, wherein the agent is further configured to operate at or below a transport layer of a network stack of the client.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Citrix Systems, Inc. (Cloud Software Group)
Original Assignee
Citrix Systems, Inc. (Cloud Software Group)
Inventors
He, Junxiao, Venkatraman, Charu, Soni, Ajay
Primary Examiner(s)
Wang, Harris C

Application Number

US14/042,354
Publication Number

US 20140109202A1
Time in Patent Office

1,198 Days
Field of Search

726/5
US Class Current

1/1
CPC Class Codes

H04L 63/08   for authentication of entit...

H04L 63/145   the attack involving the pr...

H04L 67/02   based on web technology, e....

H04L 67/568   Storing data temporarily at...

Systems and methods for using a client agent to manage HTTP authentication cookies

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for using a client agent to manage HTTP authentication cookies

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links