Systems and methods for using end point auditing in connection with traffic management

US 9,264,429 B2
Filed: 08/18/2014
Issued: 02/16/2016
Est. Priority Date: 03/20/2009
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

a) determining, by a first virtual server of an intermediary device external to a client device and a target server, a result of an end point scan of the client device initiated by the first virtual server responsive to an access request from the client device to the target server, the first virtual server configured to perform authentication of client device to allow access to the target server;

b) establishing, by the first virtual server, an authentication session upon authentication of the client device;

c) receiving, by a second virtual server of the intermediary device different from the first virtual server, a request from the client that identifies the authentication session, wherein the second virtual server is configured to manage traffic of the client device; and

d) using, by the second virtual server, information from the authentication session to make a decision on controlling traffic of a connection of the client device based on one or more traffic management policies.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention provides a system and method of managing traffic traversing an intermediary based on a result of end point auditing. An authentication virtual server of an intermediary may determine a result of an end point analysis scan of a client. Responsive to the determination, the traffic management virtual server can obtain the result from the authentication virtual server. Further, the traffic management virtual server may apply the result in one or more traffic management policies to manage network traffic of a connection of the client traversing the intermediary. In some embodiments, the authentication virtual server may receive one or more expressions evaluated by the client. The one or more expressions identifies one or more attributes of the client. The traffic management virtual server can also determine a type of compression or encryption for the connection based on applying the one or more traffic management policies using the result.

47 Citations

View as Search Results

20 Claims

1. A method comprising:
- a) determining, by a first virtual server of an intermediary device external to a client device and a target server, a result of an end point scan of the client device initiated by the first virtual server responsive to an access request from the client device to the target server, the first virtual server configured to perform authentication of client device to allow access to the target server;
  
  b) establishing, by the first virtual server, an authentication session upon authentication of the client device;
  
  c) receiving, by a second virtual server of the intermediary device different from the first virtual server, a request from the client that identifies the authentication session, wherein the second virtual server is configured to manage traffic of the client device; and
  
  d) using, by the second virtual server, information from the authentication session to make a decision on controlling traffic of a connection of the client device based on one or more traffic management policies.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein (a) further comprises initiating, by the first virtual server, the end point scan of the client device responsive to the client device requesting access to the server via the intermediary device.
  - 3. The method of claim 1, wherein (b) further comprises storing, by the first virtual server, in the authentication session one of a uniform resource locator or domain of the second virtual server.
  - 4. The method of claim 1, wherein (b) further comprises storing, by the first virtual server, the result of the end point scan in the authentication session.
  - 5. The method of claim 1, wherein (c) further comprises receiving, by the second virtual server, a cookie with the request, the cookie created by the first virtual server and configured to identify the authentication session.
  - 6. The method of claim 1, wherein (d) further comprises applying, by the second virtual server, the result of the end point scan stored in the authentication session in one or more policies to control traffic of the connection of the client device.
  - 7. The method of claim 1, wherein (d) further comprises identifying, by the second virtual server, a policy from the authentication session from which to make the decision on controlling traffic.
  - 8. The method of claim 7, further comprising applying, by the second virtual server, the policy identified from the authentication session to control traffic of the connection of the client device.
  - 9. The method of claim 1, wherein (d) further comprises determining, by the second virtual server based on information in the authentication session, one of a type of encryption or type of compression to use for the connection of the client device.
  - 10. The method of claim 1, wherein (d) further comprises using, by the second virtual server, the result of the end point scan stored in the authentication session in one or more policies to control traffic of the connection of the client device.

11. A system comprising:
- An intermediary device external to a client device and a target server,a first virtual server configured on the intermediary device to perform authentication of the client device to allow access to the target server and further configured to determine a result of an end point scan of the client device initiated by the first virtual server responsive to an access request from the client device to the target server and establish an authentication session upon authentication of the client;
  
  a second virtual server, different from the first virtual server, configured on the intermediary, wherein the second virtual server is configured to manage traffic of the client device and to receive a request from the client device that identifies the authentication session; and
  
  wherein the second virtual server is configured to use information from the authentication session to make a decision on controlling traffic of a connection of the client device based on one or more traffic management policies.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The system of claim 11, wherein the first virtual server is further configured to initiate the end point scan of the client device responsive to the client device requesting access to the target server via the intermediary device.
  - 13. The system of claim 11, wherein the first virtual server is further configured store in the authentication session one of a uniform resource locator or domain of the second virtual server.
  - 14. The system of claim 11, wherein the first virtual server is further configured to store the result of the end point scan in the authentication session.
  - 15. The system of claim 11, wherein the second virtual server is further configured to receive a cookie with the request, the cookie established by the first virtual server and configured to identify the authentication session.
  - 16. The system of claim 11, wherein the second virtual server is further configured to apply the result of the end point scan stored in the authentication session in one or more policies to control traffic of the connection of the client device.
  - 17. The system of claim 11, wherein the second virtual server is further configured identify a policy from the authentication session from which to make the decision on controlling traffic.
  - 18. The system of claim 17, wherein the second virtual server is further configured to apply the policy identified from the authentication session to control traffic of the connection of the client device.
  - 19. The system of claim 11, wherein the second virtual server is further configured to determine one of a type of encryption or type of compression to use for the connection of the client device.
  - 20. The system of claim 11, wherein the second virtual server is further configured to use the result of the end point scan stored in the authentication session in one or more policies to control traffic of the connection of the client device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Citrix Systems, Inc. (Cloud Software Group)
Original Assignee
Citrix Systems, Inc. (Cloud Software Group)
Inventors
Harris, James, Li, Rui, Kumar, Arkesh, Thakur, Ravindranath, Agarwal, Puneet, Choudhary, Akshat, Gupta, Punit
Primary Examiner(s)
Chai, Longbit

Application Number

US14/462,204
Publication Number

US 20140359728A1
Time in Patent Office

547 Days
Field of Search

726/25
US Class Current

1/1
CPC Class Codes

G06F 2009/4557   Distribution of virtual mac...

G06F 21/31   User authentication

G06F 21/53   by executing in a restricte...

H04L 63/08   for authentication of entit...

H04L 63/0876   based on the identity of th...

H04L 63/0884   by delegation of authentica...

H04L 63/10   for controlling access to d...

H04L 63/105   Multiple levels of security

H04L 63/166   at the transport layer

H04L 63/20   for managing network securi...

H04L 67/563   Data redirection of data ne...

Systems and methods for using end point auditing in connection with traffic management

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

47 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for using end point auditing in connection with traffic management

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

47 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links