Who is the assignee on this patent?

Microsoft Technology Licensing Llc

What technology area does this patent fall under?

Primary CPC classification H04L63/0281. Mapped technology areas include Electricity.

When was this patent published?

Publication date Tue Aug 20 2024 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 2 related publications on this page (citations in our corpus or others sharing the same primary CPC).

Persistency of resource requests and responses in proxied communications

US12069031B2 · US · B2

Patent metadata
Field	Value
Publication number	US-12069031-B2
Application number	US-202217589550-A
Country	US
Kind code	B2
Filing date	Jan 31, 2022
Priority date	Jan 31, 2022
Publication date	Aug 20, 2024
Grant date	Aug 20, 2024

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

The disclosure is generally directed towards a client device agent (e.g., a network agent) learning that a service domain is authenticated via a corresponding suffix proxy domain. The network agent may then direct a service domain request to the suffix proxy domain. The learning process generally involves evaluating headers in URL redirection communications between the client device and an authentication service, such as an identity provider (IDP). Based on a session control policy, the IDP may “bounce” the user to a proxy service (e.g., a suffix proxy). Accordingly, the IDP may include a “bouncer”. The network agent generally learns from the headers that a request to a service domain gets redirected (e.g., bounced) to a suffix proxy domain. The agent intercepts subsequent requests to the service domain, updates the request URL, and sends the updated request to the suffix proxy domain.

First claim

Opening claim text (preview).

What is claimed is: 1. A computer-implemented method comprising: intercepting, by a network agent, a request for a resource, the request for the resource associated with a service domain and comprising: an identifier of a client device; and a first uniform resource locator (URL) that includes a URL prefix that encodes a first indication of the service domain and a first URL suffix that encodes a second indication of a location within the service domain associated with the resource; determining, at the network agent, that the request is associated with a proxy service; in response to determining that the request is associated with the proxy service, generating, by the network agent, a second URL that includes: the URL prefix that encodes the first indication of the service domain; the first URL suffix that encodes the second indication of the location within the service domain; and a second URL suffix that encodes an indication of the proxy service, wherein the second URL suffix is determined based on a second URL prefix of a third URL associated with the proxy service; and causing the request for the resource to be transmitted to the proxy service based on the second URL prior to the request being obtained by the service domain. 2. The method of claim 1 , further comprising: monitoring, by the network agent, communications transmitted to and from the client device; based on monitoring the communications, employing the network agent to determine a plurality of service domains that are associated with the proxy service, determining the plurality of service domains based on analyzing URLs associated with the communications, wherein the plurality of service domains includes the service domain. 3. The method of claim 2 , further comprising: based on monitoring the communications, employing the network agent to determine that the association of the service domain with the proxy service has been terminated; and in response to determining that the association has been terminated, removing the service domain from the plurality of service domains. 4. The method of claim 2 , wherein determining the plurality of service domains includes the service domain is based on at least one of: monitoring communications, received at the client device from the service domain; monitoring requests to the service domain originating from the client device; and monitoring communications, received at the client device from the proxy service. 5. The method of claim 1 , wherein determining that the request is associated with the proxy service includes determining that at least one of the client device, a user of the client device, or the service domain is associated with the proxy service. 6. The method of claim 1 , wherein employing the second URL to transmit the request for the resource further comprises providing stable and persistent response to the request for the resource in a proxied communication between the client device and the service domain. 7. The method of claim 1 , wherein the network agent is implemented on the client device, to intercept the request, prior to the client device transmitting the request. 8. The method of claim 1 , wherein the network agent is implemented on the client device to intercept the request, prior to the client device transmitting the request. 9. A system comprising: one or more hardware processors; and one or more computer-readable media having executable instructions embodied thereon, which, when executed by the one or more processors, cause the one or more hardware processors to execute actions comprising: prior to a request for a resource being received at a service domain, intercepting the request, wherein the request comprises: an identifier of a client device; a first uniform resource locator (URL) that includes a URL prefix that encodes a first indication of the service domain; and a first URL suffix that encodes a second indication of a location within the service domain associated with the resource; in response to determining that the request is associated with a proxy service, generating a second URL by at least: combining the URL prefix that encodes the first indication of the service domain; the first URL suffix the encodes the second indication of the location within the service domain; and a second URL suffix that encodes an indication of the proxy service and is determined based on a second URL prefix of a third URL associated with the proxy service; and employing the second URL to transmit the request for the resource, wherein based on the indication of the proxy service encoded in the second URL, the request is directed to the proxy service prior to being transmitted to the service domain. 10. The system of claim 9 , wherein a network agent is implemented on the client device to intercept the request, prior to the client device transmitting the request. 11. The system of claim 10 , wherein the actions further comprise: employing the network agent, implemented on the client device, to monitor communications transmitted to and from the client device; based on monitoring the communications, employing the network agent to determine a plurality of service domains that are associated with the proxy service based on analyzing URLs associated with the communications, wherein the plurality of service domains includes the service domain. 12. The system of claim 11 , wherein the actions further comprise: based on monitoring the communications, employing the network agent to determine that the association of the service domain with the proxy service has been terminated; and in response to determining that the association has been terminated, removing the service domain from the plurality of service domains. 13. The system of claim 11 , wherein determining the plurality of service domains includes the service domain is based on at least one of: monitoring communications, received at the client device from the service domain; monitoring requests to the service domain originating from the client device; and monitoring communications, received at the client device from the proxy service. 14. The system of claim 9 , wherein employing the second URL to transmit the request for the resource further comprises providing stable and persistent response to the request for the resource in a proxied communication between the client device and the service domain. 15. One or more computer storage media storing computer-useable instructions that, when used by one or more computing devices, cause the one or more computing devices to perform actions comprising: prior to a request for a resource being received at a service domain, intercepting the request, which originated at a client device, wherein the request is encoded in a first uniform resource locator (URL) that encodes: a URL prefix that encodes a first indication of the service domain; and a first URL suffix that encodes a second indication of a location within the service domain associated with the resource; in response to determining that the request is associated with a proxy service, generating a second URL that encodes: the URL prefix encoding the first indication of the service domain; the first URL suffix encoding the second indication of the location within the service domain; and a second URL suffix encoding an indication of the proxy service, wherein the second URL suffix that encodes the indication of the proxy service is determined based on a second URL prefix of a third URL associated with the proxy service; and employing the second URL to transmit the request for the resource, wherein

Assignees

Microsoft Technology Licensing Llc

Inventors

Classifications

H04L67/563
Data redirection of data network streams · CPC title
H04L67/02
based on web technology, e.g. hypertext transfer protocol [HTTP] · CPC title
H04L63/1408
by monitoring network traffic (monitoring network traffic per se H04L43/00) · CPC title
G06F16/955
using information identifiers, e.g. uniform resource locators [URL] · CPC title
H04L63/0281Primary
Proxies · CPC title

Patent family

Related publications grouped by family.

View patent family 85198998

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US12069031B2 cover?: The disclosure is generally directed towards a client device agent (e.g., a network agent) learning that a service domain is authenticated via a corresponding suffix proxy domain. The network agent may then direct a service domain request to the suffix proxy domain. The learning process generally involves evaluating headers in URL redirection communications between the client device and an auth…
Who is the assignee on this patent?: Microsoft Technology Licensing Llc
What technology area does this patent fall under?: Primary CPC classification H04L63/0281. Mapped technology areas include Electricity.
When was this patent published?: Publication date Tue Aug 20 2024 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 2 related publications on this page (citations in our corpus or others sharing the same primary CPC).