专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US08667146B2 Systems and methods for configuration driven rewrite of SSL VPN clientless sessions 有权
标题翻译：用于配置驱动重写SSL VPN无客户端会话的系统和方法
公开(公告)号：US08667146B2
公开(公告)日：2014-03-04
申请号：US12359998
申请日：2009-01-26
申请人： Puneet Agarwal , Srinivasan Thirunarayanan , Vamsi Korrapati , Prakash Khemani , Rajiv Mirani , Anoop Reddy
发明人： Puneet Agarwal , Srinivasan Thirunarayanan , Vamsi Korrapati , Prakash Khemani , Rajiv Mirani , Anoop Reddy
IPC分类号： G06F15/16
CPC分类号： H04L63/0272 , H04L29/08846 , H04L63/0281 , H04L63/105 , H04L63/166 , H04L63/20 , H04L67/02 , H04L67/14 , H04L67/2814
摘要： The present disclosure provides solutions for an enterprise providing services to a variety of clients to enable the client to use the resources provided by the enterprise by modifying URLs received and the URLs from the responses from the servers to the client's requests before forwarding the requests and the responses to the intended destinations. An intermediary may identify an access profile for a clients' request to access a server via a clientless SSL VPN session. The intermediary may detect one or more URLs in content served by the server in response to the request using one or more regular expressions of the access profile. The intermediary may rewrite or modify, responsive to detecting, the one or more detected URLs in accordance with a URL transformation specified by one or more rewrite policies of the access profile. The response with modified URLs may be forwarded to the client.
摘要翻译：本公开提供了向各种客户端提供服务的企业的解决方案，以使得客户端能够在转发请求之前，通过修改从服务器的响应到客户端请求的接收到的URL和URL来使用企业提供的资源，并且对预期目的地的回应。中介可以识别客户端通过无客户端SSL VPN会话访问服务器的请求的访问配置文件。响应于使用访问简档的一个或多个正则表达式的请求，中介可以检测服务器所服务的内容中的一个或多个URL。根据由访问简档的一个或多个重写策略指定的URL变换，中介可以响应于检测到一个或多个检测到的URL来重写或修改。具有修改的URL的响应可以转发给客户端。

2. 发明申请

US20090193126A1 SYSTEMS AND METHODS FOR CONFIGURATION DRIVEN REWRITE OF SSL VPN CLIENTLESS SESSIONS 有权
标题翻译：用于配置驱动SSL VPN客户端会话的系统和方法
公开(公告)号：US20090193126A1
公开(公告)日：2009-07-30
申请号：US12359998
申请日：2009-01-26
申请人： Puneet Agarwal , Srinivasan Thirunarayanan , Vamsi Korrapatti , Prakash Khemani , Rajiv Mirani , Anoop Reddy
发明人： Puneet Agarwal , Srinivasan Thirunarayanan , Vamsi Korrapatti , Prakash Khemani , Rajiv Mirani , Anoop Reddy
IPC分类号： G06F15/173
CPC分类号： H04L63/0272 , H04L29/08846 , H04L63/0281 , H04L63/105 , H04L63/166 , H04L63/20 , H04L67/02 , H04L67/14 , H04L67/2814
摘要： The present disclosure provides solutions for an enterprise providing services to a variety of clients to enable the client to use the resources provided by the enterprise by modifying URLs received and the URLs from the responses from the servers to the client's requests before forwarding the requests and the responses to the intended destinations. An intermediary may identify an access profile for a clients' request to access a server via a clientless SSL VPN session. The intermediary may detect one or more URLs in content served by the server in response to the request using one or more regular expressions of the access profile. The intermediary may rewrite or modify, responsive to detecting, the one or more detected URLs in accordance with a URL transformation specified by one or more rewrite policies of the access profile. The response with modified URLs may be forwarded to the client.
摘要翻译：本公开提供了向各种客户端提供服务的企业的解决方案，以使得客户端能够在转发请求之前通过修改所接收的URL和从服务器的响应到客户端的请求来使用由企业提供的资源，并且对预期目的地的回应。中介可以识别客户端通过无客户端SSL VPN会话访问服务器的请求的访问配置文件。响应于使用访问简档的一个或多个正则表达式的请求，中介可以检测服务器所服务的内容中的一个或多个URL。根据由访问简档的一个或多个重写策略指定的URL变换，中介可以响应于检测到一个或多个检测到的URL来重写或修改。具有修改的URL的响应可以转发给客户端。

3. 发明授权

US07870277B2 Systems and methods for using object oriented expressions to configure application security policies 有权
标题翻译：使用面向对象表达式配置应用程序安全策略的系统和方法
公开(公告)号：US07870277B2
公开(公告)日：2011-01-11
申请号：US11685167
申请日：2007-03-12
申请人： Vamsi Korrapati , Prakash Khemani , Rajiv Mirani , Abhishek Chauhan
发明人： Vamsi Korrapati , Prakash Khemani , Rajiv Mirani , Abhishek Chauhan
IPC分类号： G06F15/16
CPC分类号： H04L41/0233 , H04L41/08 , H04L41/0893 , H04L43/0817 , H04L63/102 , H04L67/02
摘要： Systems and methods for configuring and evaluating policies that direct processing of one or more data streams are described. A configuration interface is described for allowing users to specify object oriented policies. These object oriented policies may allow any data structures to be applied with respect to a payload of a received packet stream, including any portions of HTTP traffic. A configuration interface may also allow the user to control the order in which policies and policy groups are executed, in addition to specifying actions to be taken if one or more policies are undefined. Systems and methods for processing the policies may allow efficient processing of object-oriented policies by applying potentially complex data structures to unstructured data streams. A device may also interpret and process a number of flow control commands and policy group invocation statements to determine an order of execution among a number of policies and policy groups. These policy configurations and processing may allow configuration and processing of complex network behaviors relating to load balancing, VPNs, SSL offloading, content switching, application security, acceleration, and caching.
摘要翻译：描述用于配置和评估直接处理一个或多个数据流的策略的系统和方法。描述了用于允许用户指定面向对象策略的配置界面。这些面向对象的策略可以允许针对所接收的分组流的有效载荷（包括HTTP流量的任何部分）应用任何数据结构。配置界面还可以允许用户控制执行策略和策略组的顺序，以及如果未定义一个或多个策略，则指定要采取的操作。用于处理策略的系统和方法可以允许通过将潜在的复杂数据结构应用于非结构化数据流来有效地处理面向对象的策略。设备还可以解释和处理多个流控制命令和策略组调用语句以确定多个策略和策略组中的执行顺序。这些策略配置和处理可能允许配置和处理与负载均衡，VPN，SSL卸载，内容切换，应用安全，加速和缓存相关的复杂网络行为。

4. 发明申请

US20080225719A1 SYSTEMS AND METHODS FOR USING OBJECT ORIENTED EXPRESSIONS TO CONFIGURE APPLICATION SECURITY POLICIES 有权
标题翻译：使用面向对象的表达式配置应用程序安全策略的系统和方法
公开(公告)号：US20080225719A1
公开(公告)日：2008-09-18
申请号：US11685167
申请日：2007-03-12
申请人： Vamsi Korrapati , Prakash Khemani , Rajiv Mirani , Abhishek Chauhan
发明人： Vamsi Korrapati , Prakash Khemani , Rajiv Mirani , Abhishek Chauhan
IPC分类号： G06F11/00
CPC分类号： H04L41/0233 , H04L41/08 , H04L41/0893 , H04L43/0817 , H04L63/102 , H04L67/02
摘要： Systems and methods for configuring and evaluating policies that direct processing of one or more data streams are described. A configuration interface is described for allowing users to specify object oriented policies. These object oriented policies may allow any data structures to be applied with respect to a payload of a received packet stream, including any portions of HTTP traffic. A configuration interface may also allow the user to control the order in which policies and policy groups are executed, in addition to specifying actions to be taken if one or more policies are undefined. Systems and methods for processing the policies may allow efficient processing of object-oriented policies by applying potentially complex data structures to unstructured data streams. A device may also interpret and process a number of flow control commands and policy group invocation statements to determine an order of execution among a number of policies and policy groups. These policy configurations and processing may allow configuration and processing of complex network behaviors relating to load balancing, VPNs, SSL offloading, content switching, application security, acceleration, and caching.
摘要翻译：描述用于配置和评估直接处理一个或多个数据流的策略的系统和方法。描述了用于允许用户指定面向对象策略的配置界面。这些面向对象的策略可以允许针对所接收的分组流的有效载荷（包括HTTP流量的任何部分）应用任何数据结构。配置界面还可以允许用户控制执行策略和策略组的顺序，以及如果未定义一个或多个策略，则指定要采取的操作。用于处理策略的系统和方法可以允许通过将潜在的复杂数据结构应用于非结构化数据流来有效地处理面向对象的策略。设备还可以解释和处理多个流控制命令和策略组调用语句以确定多个策略和策略组中的执行顺序。这些策略配置和处理可能允许配置和处理与负载均衡，VPN，SSL卸载，内容切换，应用安全，加速和缓存相关的复杂网络行为。

5. 发明授权

US08438626B2 Systems and methods for processing application firewall session information on owner core in multiple core system 有权
标题翻译：用于处理多核心系统中所有者核心应用程序防火墙会话信息的系统和方法
公开(公告)号：US08438626B2
公开(公告)日：2013-05-07
申请号：US12645845
申请日：2009-12-23
申请人： Craig Anderson , Anoop Reddy , Rajiv Mirani , Abhishek Chauhan
发明人： Craig Anderson , Anoop Reddy , Rajiv Mirani , Abhishek Chauhan
IPC分类号： G06F9/00
CPC分类号： G06F9/54 , G06F21/41 , H04L63/0236 , H04L63/0272
摘要： The present invention is directed towards systems and methods for sharing session data among cores in a multi-core system. A first application firewall module executes on a core of a multi-core intermediary device which establishes a user session. The first application firewall module stores application firewall session data to memory accessible by the first core. A second application firewall module executes on a second core of the multi-core intermediary device. The second application firewall module receives a request from the user via the established user session. The request includes a session identifier identifying that the user session was established by the first core. The second application firewall module determines to perform one or more security checks on the request and communicates a portion of the request the first core. The second application firewall module receives and processes the security check results and instructions from the first core.
摘要翻译：本发明涉及用于在多核系统中的核之间共享会话数据的系统和方法。第一应用防火墙模块在建立用户会话的多核中间设备的核心上执行。第一个应用防火墙模块将应用程序防火墙会话数据存储到第一个内核可访问的存储器中第二应用防火墙模块在多核中间设备的第二核上执行。第二应用防火墙模块经由建立的用户会话从用户接收请求。该请求包括标识用户会话由第一核建立的会话标识符。第二应用防火墙模块确定对请求执行一个或多个安全检查，并将请求的一部分传送给第一核。第二个应用程序防火墙模块接收并处理来自第一个核心的安全检查结果和指令。

6. 发明申请

US20080229381A1 SYSTEMS AND METHODS FOR MANAGING APPLICATION SECURITY PROFILES 有权
标题翻译：用于管理应用程序安全性配置文件的系统和方法
公开(公告)号：US20080229381A1
公开(公告)日：2008-09-18
申请号：US11685177
申请日：2007-03-12
申请人： Namit Sikka , Anoop Reddy , Rajiv Mirani , Abhishek Chauhan
发明人： Namit Sikka , Anoop Reddy , Rajiv Mirani , Abhishek Chauhan
IPC分类号： G06F17/00
CPC分类号： H04L63/20 , H04L63/102
摘要： Systems and methods for configuring and evaluating policies that direct processing of one or more data streams are described. A configuration interface is described for allowing users to specify object oriented policies. These object oriented policies may allow any data structures to be applied with respect to a payload of a received packet stream, including any portions of HTTP traffic. A configuration interface may also allow the user to control the order in which policies and policy groups are executed, in addition to specifying actions to be taken if one or more policies are undefined. Systems and methods for processing the policies may allow efficient processing of object-oriented policies by applying potentially complex data structures to unstructured data streams. A device may also interpret and process a number of flow control commands and policy group invocation statements to determine an order of execution among a number of policies and policy groups. These policy configurations and processing may allow configuration and processing of complex network behaviors relating to load balancing, VPNs, SSL offloading, content switching, application security, acceleration, and caching.
摘要翻译：描述了用于配置和评估直接处理一个或多个数据流的策略的系统和方法。描述了用于允许用户指定面向对象策略的配置界面。这些面向对象的策略可以允许针对所接收的分组流的有效载荷（包括HTTP流量的任何部分）应用任何数据结构。配置界面还可以允许用户控制执行策略和策略组的顺序，以及如果未定义一个或多个策略，则指定要采取的操作。用于处理策略的系统和方法可以允许通过将潜在的复杂数据结构应用于非结构化数据流来有效地处理面向对象的策略。设备还可以解释和处理多个流控制命令和策略组调用语句以确定多个策略和策略组中的执行顺序。这些策略配置和处理可能允许配置和处理与负载均衡，VPN，SSL卸载，内容切换，应用安全，加速和缓存相关的复杂网络行为。

7. 发明授权

US08490148B2 Systems and methods for managing application security profiles 有权
公开(公告)号：US08490148B2
公开(公告)日：2013-07-16
申请号：US11685177
申请日：2007-03-12
申请人： Namit Sikka , Anoop Reddy , Rajiv Mirani , Abhishek Chauhan
发明人： Namit Sikka , Anoop Reddy , Rajiv Mirani , Abhishek Chauhan
IPC分类号： G06F17/00
CPC分类号： H04L63/20 , H04L63/102
摘要： Systems and methods for configuring and evaluating policies that direct processing of one or more data streams are described. A configuration interface is described for allowing users to specify object oriented policies. These object oriented policies may allow any data structures to be applied with respect to a payload of a received packet stream, including any portions of HTTP traffic. A configuration interface may also allow the user to control the order in which policies and policy groups are executed, in addition to specifying actions to be taken if one or more policies are undefined. Systems and methods for processing the policies may allow efficient processing of object-oriented policies by applying potentially complex data structures to unstructured data streams. A device may also interpret and process a number of flow control commands and policy group invocation statements to determine an order of execution among a number of policies and policy groups. These policy configurations and processing may allow configuration and processing of complex network behaviors relating to load balancing, VPNs, SSL offloading, content switching, application security, acceleration, and caching.

8. 发明申请

US20110154471A1 SYSTEMS AND METHODS FOR PROCESSING APPLICATION FIREWALL SESSION INFORMATION ON OWNER CORE IN MULTIPLE CORE SYSTEM 有权
标题翻译：用于处理多核心系统中所有者核心的应用程序防火墙会话信息的系统和方法
公开(公告)号：US20110154471A1
公开(公告)日：2011-06-23
申请号：US12645845
申请日：2009-12-23
申请人： Craig Anderson , Anoop Reddy , Rajiv Mirani , Abhishek Chauhan
发明人： Craig Anderson , Anoop Reddy , Rajiv Mirani , Abhishek Chauhan
IPC分类号： G06F17/00 , G06F9/00
CPC分类号： G06F9/54 , G06F21/41 , H04L63/0236 , H04L63/0272
摘要： The present invention is directed towards systems and methods for sharing session data among cores in a multi-core system. A first application firewall module executes on a core of a multi-core intermediary device which establishes a user session. The first application firewall module stores application firewall session data to memory accessible by the first core. A second application firewall module executes on a second core of the multi-core intermediary device. The second application firewall module receives a request from the user via the established user session. The request includes a session identifier identifying that the user session was established by the first core. The second application firewall module determines to perform one or more security checks on the request and communicates a portion of the request the first core. The second application firewall module receives and processes the security check results and instructions from the first core.
摘要翻译：本发明涉及用于在多核系统中的核之间共享会话数据的系统和方法。第一应用防火墙模块在建立用户会话的多核中间设备的核心上执行。第一个应用程序防火墙模块将应用程序防火墙会话数据存储到第一个内核可访问的存储器中。第二应用防火墙模块在多核中间设备的第二核上执行。第二应用防火墙模块经由建立的用户会话从用户接收请求。该请求包括标识用户会话由第一核建立的会话标识符。第二应用防火墙模块确定对请求执行一个或多个安全检查，并将请求的一部分传送给第一核。第二个应用程序防火墙模块接收并处理来自第一个核心的安全检查结果和指令。

9. 发明申请

US20110154461A1 SYSTEMS AND METHODS FOR MANAGEMENT OF COMMON APPLICATION FIREWALL SESSION DATA IN A MULTIPLE CORE SYSTEM 有权
标题翻译：用于在多个核心系统中管理共享应用程序防火墙会话数据的系统和方法
公开(公告)号：US20110154461A1
公开(公告)日：2011-06-23
申请号：US12976678
申请日：2010-12-22
申请人： CRAIG ANDERSON , Anoop Reddy , Rajiv Mirani , Abhishek Chauhan
发明人： CRAIG ANDERSON , Anoop Reddy , Rajiv Mirani , Abhishek Chauhan
IPC分类号： G06F21/20
CPC分类号： H04L63/0227 , H04L63/168
摘要： The present invention is directed towards systems and methods for efficiently an intermediary device processing strings in web pages across a plurality of user sessions. A device intermediary to a plurality of clients and a server identifies a plurality of strings in forms and uniform resource locators (URLs) of web pages traversing the device across a plurality of user sessions. The device stores each string of the plurality of strings to one or more allocation arenas shared among a plurality of user session. Each string is indexed using a hash key generated from the string. The device recognizes that a received string transmitted from a webpage of a session of a user is eligible to be shared among the plurality of user sessions. The device determines that a copy of the received string is stored in an allocation arena using a hash generated from the received string. The device uses the copy of the received string stored in the allocation arena in place of the string in the web page of the session of the user to process the web page.
摘要翻译：本发明涉及用于在多个用户会话中有效地中间设备处理网页中的字符串的系统和方法。多个客户端的设备中介和服务器通过多个用户会话跨越该设备的网页的形式和统一的资源定位符（URL）来识别多个字符串。该设备将多个字符串的每个字符串存储在多个用户会话之间共享的一个或多个分配区域中。每个字符串都使用从字符串生成的哈希密钥进行索引。该设备识别出从用户的会话的网页发送的接收到的字符串有资格在多个用户会话之间共享。设备确定使用从接收到的字符串生成的散列来将所接收的字符串的副本存储在分配竞技场中。该设备使用存储在分配竞技场中的接收到的字符串的副本来代替用户的会话的网页中的字符串来处理网页。

10. 发明授权

US08413225B2 Systems and methods for management of common application firewall session data in a multiple core system 有权
标题翻译：在多核系统中管理通用应用防火墙会话数据的系统和方法
公开(公告)号：US08413225B2
公开(公告)日：2013-04-02
申请号：US12976678
申请日：2010-12-22
申请人： Craig Anderson , Anoop Reddy , Rajiv Mirani , Abhishek Chauhan
发明人： Craig Anderson , Anoop Reddy , Rajiv Mirani , Abhishek Chauhan
IPC分类号： H04L29/02
CPC分类号： H04L63/0227 , H04L63/168
摘要： The present invention is directed towards systems and methods for efficiently an intermediary device processing strings in web pages across a plurality of user sessions. A device intermediary to a plurality of clients and a server identifies a plurality of strings in forms and uniform resource locators (URLs) of web pages traversing the device across a plurality of user sessions. The device stores each string of the plurality of strings to one or more allocation arenas shared among a plurality of user session. Each string is indexed using a hash key generated from the string. The device recognizes that a received string transmitted from a webpage of a session of a user is eligible to be shared among the plurality of user sessions. The device determines that a copy of the received string is stored in an allocation arena using a hash generated from the received string. The device uses the copy of the received string stored in the allocation arena in place of the string in the web page of the session of the user to process the web page.
摘要翻译：本发明涉及用于在多个用户会话中有效地中间设备处理网页中的字符串的系统和方法。多个客户端的设备中介和服务器通过多个用户会话跨越该设备的网页的形式和统一的资源定位符（URL）来识别多个字符串。该设备将多个字符串的每个字符串存储在多个用户会话之间共享的一个或多个分配区域中。每个字符串都使用从字符串生成的哈希密钥进行索引。该设备识别出从用户的会话的网页发送的接收到的字符串有资格在多个用户会话之间共享。设备确定使用从接收到的字符串生成的散列来将所接收的字符串的副本存储在分配竞技场中。该设备使用存储在分配竞技场中的接收到的字符串的副本来代替用户的会话的网页中的字符串来处理网页。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式