SYSTEMS AND METHODS FOR USING END POINT AUDITING IN CONNECTION WITH TRAFFIC MANAGEMENT

US 20140359728A1
Filed: 08/18/2014
Published: 12/04/2014
Est. Priority Date: 03/20/2009
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

a) determining, by a first virtual server of a device intermediary to a client device and a server, a result of an end point scan of the client device, the first virtual server configured to perform authentication of client devices to allow access to the server;

b) establishing, by the first virtual server, an authentication session responsive to authentication of the client;

c) receiving, by a second virtual server of the device configured to manage traffic of client devices, a request from the client, the request identifying the authentication session; and

d) using, by the second virtual server, information from the authentication session to make a decision on controlling traffic of a connection of the client device.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention provides a system and method of managing traffic traversing an intermediary based on a result of end point auditing. An authentication virtual server of an intermediary may determine a result of an end point analysis scan of a client. Responsive to the determination, the traffic management virtual server can obtain the result from the authentication virtual server. Further, the traffic management virtual server may apply the result in one or more traffic management policies to manage network traffic of a connection of the client traversing the intermediary. In some embodiments, the authentication virtual server may receive one or more expressions evaluated by the client. The one or more expressions identifies one or more attributes of the client. The traffic management virtual server can also determine a type of compression or encryption for the connection based on applying the one or more traffic management policies using the result.

1 Citation

20 Claims

1. A method comprising:
- a) determining, by a first virtual server of a device intermediary to a client device and a server, a result of an end point scan of the client device, the first virtual server configured to perform authentication of client devices to allow access to the server;
  
  b) establishing, by the first virtual server, an authentication session responsive to authentication of the client;
  
  c) receiving, by a second virtual server of the device configured to manage traffic of client devices, a request from the client, the request identifying the authentication session; and
  
  d) using, by the second virtual server, information from the authentication session to make a decision on controlling traffic of a connection of the client device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein (a) further comprises initiating, by the first virtual server, the end point scan of the client device responsive to the client device requesting access to the server via the device.
  - 3. The method of claim 1, wherein (b) further comprises storing, by the first virtual server, in the authentication session one of a uniform resource locator or domain of the second virtual server.
  - 4. The method of claim 1, wherein (b) further comprises storing, by the first virtual server, the result of the end point scan in the authentication session.
  - 5. The method of claim 1, wherein (c) further comprises receiving, by the second virtual server, a cookie with the request, the cookie created by the first virtual server and configured to identify the authentication session.
  - 6. The method of claim 1, wherein (d) further comprises applying, by the second virtual server, the result of the end point scan stored in the authentication session in one or more policies to control traffic of the connection of the client device.
  - 7. The method of claim 1, wherein (d) further comprises identifying, by the second virtual server, a policy from the authentication session from which to make the decision on controlling traffic.
  - 8. The method of claim 7, further comprising applying, by the second virtual server, the policy identified from the authentication session to control traffic of the connection of the client device.
  - 9. The method of claim 1, wherein (d) further comprises determining, by the second virtual server based on information in the authentication session, one of a type of encryption or type of compression to use for the connection of the client device
  - 10. The method of claim 1, wherein (d) further comprises using, by the second virtual server, the result of the end point scan stored in the authentication session in one or more policies to control traffic of the connection of the client device.

11. A system comprising:
- a device intermediary to a client and a server,a first virtual server configured on the device to perform authentication of clients to allow access to the server and configured to determine a result of an end point scan of the client and establish an authentication session responsive to authentication of the client;
  
  a second virtual server configured on the device to manage traffic of clients, the second virtual server configured to receive a request from the client, the request identifying the authentication session; and
  
  wherein the second virtual server is configured to use information from the authentication session to make a decision on controlling traffic of a connection of the client device.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The system of claim 11, wherein the first virtual server is further configured to initiate the end point scan of the client responsive to the client requesting access to the server via the device.
  - 13. The system of claim 11, wherein the first virtual server is further configured store in the authentication session one of a uniform resource locator or domain of the second virtual server.
  - 14. The system of claim 11, wherein the first virtual server is further configured to store the result of the end point scan in the authentication session.
  - 15. The system of claim 11, wherein the second virtual server is further configured to receive a cookie with the request, the cookie established by the first virtual server and configured to identify the authentication session.
  - 16. The system of claim 11, wherein the second virtual server is further configured to apply the result of the end point scan stored in the authentication session in one or more policies to control traffic of the connection of the client.
  - 17. The system of claim 11, wherein the second virtual server is further configured identify a policy from the authentication session from which to make the decision on controlling traffic.
  - 18. The system of claim 17, wherein the second virtual server is further configured to apply the policy identified from the authentication session to control traffic of the connection of the client.
  - 19. The system of claim 11, wherein the second virtual server is further configured to determine one of a type of encryption or type of compression to use for the connection of the client.
  - 20. The system of claim 11, wherein the second virtual server is further configured to use the result of the end point scan stored in the authentication session in one or more policies to control traffic of the connection of the client.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Citrix Systems, Inc. (Cloud Software Group)
Original Assignee
Citrix Systems, Inc. (Cloud Software Group)
Inventors
Harris, James, Thakur, Ravindranath, Agarwal, Puneet, Gupta, Punit, Li, Raymond

Granted Patent

US 9,264,429 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/5
CPC Class Codes

G06F 2009/4557   Distribution of virtual mac...

G06F 21/31   User authentication

G06F 21/53   by executing in a restricte...

H04L 63/08   for authentication of entit...

H04L 63/0876   based on the identity of th...

H04L 63/0884   by delegation of authentica...

H04L 63/10   for controlling access to d...

H04L 63/105   Multiple levels of security

H04L 63/166   at the transport layer

H04L 63/20   for managing network securi...

H04L 67/563   Data redirection of data ne...

SYSTEMS AND METHODS FOR USING END POINT AUDITING IN CONNECTION WITH TRAFFIC MANAGEMENT

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

1 Citation

20 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEMS AND METHODS FOR USING END POINT AUDITING IN CONNECTION WITH TRAFFIC MANAGEMENT

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

1 Citation

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links