Processing

Please wait...

Settings

Settings

Goto Application

1. WO2008017011 - SYSTEMS AND METHODS FOR APPLICATION-BASED INTERCEPTION AND AUTHORIZATION OF SSL/VPN TRAFFIC

Publication Number WO/2008/017011
Publication Date 07.02.2008
International Application No. PCT/US2007/075035
International Filing Date 02.08.2007
IPC
H04L 29/06 2006.01
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
29Arrangements, apparatus, circuits or systems, not covered by a single one of groups H04L1/-H04L27/136
02Communication control; Communication processing
06characterised by a protocol
H04L 12/46 2006.01
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
12Data switching networks
28characterised by path configuration, e.g. LAN or WAN
46Interconnection of networks
CPC
H04L 63/0236
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
63Network architectures or network communication protocols for network security
02for separating internal from external traffic, e.g. firewalls
0227Filtering policies
0236Filtering by address, protocol, port number or service, e.g. IP-address or URL
H04L 63/0245
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
63Network architectures or network communication protocols for network security
02for separating internal from external traffic, e.g. firewalls
0227Filtering policies
0245Filtering by information in the payload
H04L 63/0263
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
63Network architectures or network communication protocols for network security
02for separating internal from external traffic, e.g. firewalls
0227Filtering policies
0263Rule management
H04L 63/0272
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
63Network architectures or network communication protocols for network security
02for separating internal from external traffic, e.g. firewalls
0272Virtual private networks
H04L 63/101
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
63Network architectures or network communication protocols for network security
10for controlling access to network resources
101Access control lists [ACL]
H04L 63/104
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
63Network architectures or network communication protocols for network security
10for controlling access to network resources
104Grouping of entities
Applicants
  • CITRIX SYSTEMS, INC. [US]/[US] (AllExceptUS)
  • MULLICK, Amarnath [IN]/[IN] (UsOnly)
  • VENKATRAMAN, Charu [IN]/[IN] (UsOnly)
  • HE, Junxiao [CN]/[US] (UsOnly)
  • NANJUNDASWAMI, Shashi [IN]/[IN] (UsOnly)
  • HARRIS, James [US]/[US] (UsOnly)
  • SONI, Ajay [US]/[US] (UsOnly)
Inventors
  • MULLICK, Amarnath
  • VENKATRAMAN, Charu
  • HE, Junxiao
  • NANJUNDASWAMI, Shashi
  • HARRIS, James
  • SONI, Ajay
Agents
  • MCKENNA, Christopher, J.
Priority Data
11/462,32103.08.2006US
11/462,32903.08.2006US
Publication Language English (EN)
Filing Language English (EN)
Designated States
Title
(EN) SYSTEMS AND METHODS FOR APPLICATION-BASED INTERCEPTION AND AUTHORIZATION OF SSL/VPN TRAFFIC
(FR) SYSTÈMES ET PROCÉDÉS POUR L'INTERCEPTION ET L'AUTORISATION DE TRAFIC SSL/VPN FONDÉES SUR UNE APPLICATION
Abstract
(EN)
A method for intercepting, by an agent of a client, communications from the client to be transmitted via a virtual private network connection includes the step of intercepting communications based on identification of an application from which the communication originates. The agent receives information identifying a first application. The agent determines a network communication transmitted by the client originates from the first application and intercepts that communication. The agent transmits the intercepted communication via the virtual private network connection. Another method is described for allowing or denying, by an appliance, access to a resource by an application on a client via a virtual private network connection includes basing the decision to allow or deny access on identification of the application. The appliance associates with the intercepted request an authorization policy based on the identity of the application. The appliance determines, using the authorization policy and the identity of the application, to either allow or deny access by the application to the resource.
(FR)
L'invention porte sur un procédé qui permet à l'agent d'un client d'intercepter des communications émises par le client sur une connexion de réseau privé virtuel. Le procédé de l'invention consiste à intercepter les communications sur la base de l'identification d'une application à l'origine de la communication. L'agent reçoit des informations identifiant une première application. L'agent détermine qu'une communication de réseau transmise par le client provient de la première application et intercepte cette communication. L'agent transmet la communication interceptée via la connexion de réseau privé virtuel. Un autre procédé de l'invention permet à un appareil d'octroyer ou de refuser à une application exécutée sur un client l'accès à une ressource via une connexion de réseau privé virtuel, lequel procédé consiste à fonder la décision d'octroyer ou de refuser l'accès sur une identification de l'application. L'appareil associe à la demande interceptée une politique d'autorisation reposant sur l'identité de l'application. L'appareil détermine, au moyen de la politique d'autorisation et de l'identité de l'application, si l'accès de l'application à la ressource doit être octroyé ou refusé.
Latest bibliographic data on file with the International Bureau