METHOD AND SYSTEMS FOR SECURING REMOTE ACCESS TO PRIVATE NETWORKS

US 20130014206A1
Filed: 09/14/2012
Published: 01/10/2013
Est. Priority Date: 07/23/2004
Status: Active Grant

First Claim

Patent Images

1-24. -24. (canceled)

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for securing remote access to private networks includes a receiver intercepting from a data link layer a packet in a first plurality of packets destined for a first system on a private network. A filter intercepts from the data link layer a packet in a second plurality of packets transmitted from a second system on the private network, destined for an system on a second network. A transmitter in communication with the receiver and the filter performing a network address translation on at least one intercepted packet and transmitting the at least one intercepted packet to a destination.

17 Citations

View as Search Results

44 Claims

1-24. -24. (canceled)

25. A method of accessing a server via an intermediary device between a client in a first network and the server in a second network, the method comprising:
- (a) establishing a secure application layer tunnel over a first transport layer connection between a client application executing on a client on a first network and a device intermediary between a server of a second network and the client, the device having a second transport layer connection between the device and the server;
  
  (b) receiving, by the device from the client application via the secure application layer tunnel, a request of an application of the client to access the server, the client application receiving the request intercepted from a third transport layer connection of the application by a driver of the client,(c) forwarding, by the device via the second transport layer connection, the request to the server; and
  
  (d) intercepting, by the device at a data link layer of the device, a response to the request transmitted from the server to the client.
- View Dependent Claims (26, 27, 28, 29, 30, 31, 32, 33, 34)
- - 26. The method of claim 25, wherein step (a) further comprises establishing the secure application layer tunnel comprising one of a secure socket layer (SSL) session or a Secure HypterText Transfer Protocol (HTTPS) session.
  - 27. The method of claim 25, wherein step (b) further comprises terminating, by the driver, the third transport layer connection of the application, the application transmitting requests to the server via the third transport layer connection.
  - 28. The method of claim 25, wherein step (a) further comprising transmitting, by the device to the client responsive to a communication of the client to the device, a remote process comprising the client application and the driver, the client automatically installing the client application and the driver of the remote process upon receipt.
  - 29. The method of claim 25, wherein step (b) further comprising receiving, by the client application, the request from the driver via a port of the client monitored by the client application.
  - 30. The method of claim 25, wherein step (b) further comprises intercepting, by the driver at a data link layer of the client, network traffic of the application destined for the server and forwards the intercepted network traffic to the client application.
  - 31. The method of claim 25, wherein step (c) further comprises performing, by the device, network address translation of a public internet protocol address of the request to a private internet protocol address of the client established by the device.
  - 32. The method of claim 25, wherein step (d) further comprises performing, by the device, network address translation of a private internet protocol address of the response to a public internet protocol address of the client.
  - 33. The method of claim 25, wherein step (d) further comprises intercepting, by a second driver of the device, the response and providing the response to a policy engine executing at an application layer of the device for applying one or more policies to the response before transmitting the response to the client.
  - 34. The method of claim 33, further comprising transmitting, by the device, responsive to the policy engine, the response to the client application via the secure application layer tunnel.

35. A system of accessing a server via an intermediary device between a client in a first network and the server in a second network, the system comprising:
- a client application executing on a client on a first network;
  
  a device intermediary between a server of a second network and the clienta secure application layer tunnel established over a first transport layer connection between the client and the device, the device having a second transport layer connection between the device and the server;
  
  wherein the device receives from the client application via the secure application layer tunnel a request of an application of the client to access the server, the client application receiving the request intercepted from a third transport layer connection of the application by a driver of the client, and forwards the request to the server via the second transport layer connection; and
  
  wherein the device intercepts, at a data link layer of the device, a response to the request transmitted from the server to the client.
- View Dependent Claims (36, 37, 38, 39, 40, 41, 42, 43, 44)
- - 36. The system of claim 35, wherein the secure application layer tunnel comprises one of a secure socket layer (SSL) session or a Secure HypterText Transfer Protocol (HTTPS) session.
  - 37. The system of claim 35, wherein the driver of the client terminates the third transport layer connection of the application, the application transmitting requests to the server via the third transport layer connection.
  - 38. The system of claim 35, wherein the device transmits to the client, responsive to a communication of the client to the device, a remote process comprising the client application and the driver, the client automatically installing the client application and the driver of the remote process upon receipt.
  - 39. The system of claim 35, wherein the client application receives the request from the driver via a port of the client monitored by the client application.
  - 40. The system of claim 35, wherein the driver intercepts at a data link layer of the client network traffic of the application destined for the server and forwards the intercepted network traffic to the client application.
  - 41. The system of claim 35, wherein the device performs network address translation of a public internet protocol address of the request to a private internet protocol address of the client established by the device.
  - 42. The system of claim 35, wherein the device performs network address translation of a private internet protocol address of the response to a public internet protocol address of the client.
  - 43. The system of claim 35, wherein a second driver of the device intercepts the response and provides the response to a policy engine executing at an application layer of the device for applying one or more policies to the response before transmitting the response to the client.
  - 44. The system of claim 43, wherein the device, responsive to the policy engine, transmits the response to the client application via the secure application layer tunnel.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Citrix Systems, Inc. (Cloud Software Group)
Original Assignee
Citrix Systems, Inc. (Cloud Software Group)
Inventors
Rao, Goutham P., Rodriguez, Robert A., Brueggemann, Eric R.

Granted Patent

US 8,892,778 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/1
CPC Class Codes

H04L 12/2856   Access arrangements, e.g. I...

H04L 12/2898   Subscriber equipments DSL m...

H04L 45/00   Routing or path finding of ...

H04L 45/72   Routing based on the source...

H04L 47/20   Traffic policing

H04L 61/00   Network arrangements, proto...

H04L 61/2514   between local and global IP...

H04L 61/2557   Translation policies or rules

H04L 63/0227   Filtering policies mail mes...

H04L 63/0272   Virtual private networks

H04L 63/101   Access control lists [ACL]

H04L 63/164   at the network layer

H04L 63/166   at the transport layer

H04L 63/20   for managing network securi...

METHOD AND SYSTEMS FOR SECURING REMOTE ACCESS TO PRIVATE NETWORKS

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

17 Citations

44 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD AND SYSTEMS FOR SECURING REMOTE ACCESS TO PRIVATE NETWORKS

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

17 Citations

44 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links