What technology area does this patent fall under?

Primary CPC classification G06F21/554. Mapped technology areas include Physics.

When was this patent published?

Publication date Tue Apr 07 2026 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 2 related publications on this page (citations in our corpus or others sharing the same primary CPC).

Systems and methods for adaptive action with distributed enforcement points

US12596794B2 · US · B2

Patent metadata
Field	Value
Publication number	US-12596794-B2
Application number	US-202117582660-A
Country	US
Kind code	B2
Filing date	Dec 22, 2021
Priority date	Dec 22, 2021
Publication date	Apr 7, 2026
Grant date	Apr 7, 2026

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

Described embodiments provide systems and methods for performing actions based on data of devices. A controller executing on at least one server may receive a first dataset from a first agent of a first device intermediary between a first plurality of client devices and a first plurality of servers. The first dataset may comprise a subset of data tracked at the first device and available to the first agent. The controller may receive a second dataset from a second agent of a second device intermediary between a second plurality of client devices and a second plurality of servers. The second dataset may comprise a subset of data tracked at the second device and available to the second agent. According to the first dataset and the second dataset, the controller may send an instruction to at least one of the first device, the second device or a third device.

First claim

Opening claim text (preview).

We claim: 1 . A method comprising: receiving, by a controller executing on at least one server, a first dataset from a first agent of a first device intermediary between a first plurality of client devices and a first plurality of servers, the first dataset comprising a subset of data tracked at the first device and available to the first agent; receiving, by the controller, a second dataset from a second agent of a second device intermediary between a second plurality of client devices and a second plurality of servers, the second plurality of client devices and the second plurality of servers being distinct from the first plurality of client devices and the first plurality of servers, the second dataset comprising a subset of data tracked at the second device and available to the second agent; identifying, by the controller, a security threat indicated in the first data set or the second data set; sending, a communication to the first device and the second device, the communication comprising an instruction to mitigate the security threat; initiating a first action on the first device to mitigate the security threat based on a type of the first device; and initiating a second action on the second device to mitigate the security threat based on a type of the second device; wherein the type of the first device is different than the type of the second device and the first action on the first device is different than the second action on the second device. 2 . The method of claim 1 , wherein the first dataset comprises metrics of traffic or transactions between the first plurality of client devices and the first plurality of servers. 3 . The method of claim 1 , wherein the first dataset comprises information or events logged at the first device. 4 . The method of claim 1 , wherein the first dataset comprises the subset of the data tracked at the first device that is determined by the first agent according to a criteria, to send to the controller. 5 . The method of claim 1 , comprising: determining, by the controller, the instruction by using a portion of the first dataset and the second dataset that correspond to a specific segment of devices or applications. 6 . The method of claim 5 , wherein the third device corresponds to the specific segment of devices or applications, and is intermediary between a third plurality of client devices and a third plurality of servers. 7 . The method of claim 1 , comprising: receiving, by the controller, the first dataset and the second dataset over a defined time duration; storing, by the controller, the first dataset and the second dataset; and determining, by the controller, the instruction using the stored first dataset and the stored second dataset. 8 . The method of claim 1 , comprising: performing, by the controller, machine or statistical learning using the first dataset and the second dataset. 9 . The method of claim 8 , comprising: sending, by the controller according to the machine or statistical learning, a criteria or an update to the first agent to control sending of an additional dataset of the first device to the controller. 10 . A system comprising: at least one processor and a transceiver configured to: receive a first dataset from a first agent of a first device intermediary between a first plurality of client devices and a first plurality of servers, the first dataset comprising a subset of data tracked at the first device and available to the first agent; receive a second dataset from a second agent of a second device intermediary between a second plurality of client devices and a second plurality of servers, the second plurality of client devices and the second plurality of servers being distinct from the first plurality of client devices and the first plurality of servers, the second dataset comprising a subset of data tracked at the second device and available to the second agent; identify a security threat indicated in the first data set or the second data set; send a communication to the first device and the second device, the communication comprising an instruction to mitigate the security threat; initiate a first action on the first device to mitigate the security threat based on a type of the first device; and initiate a second action on the second device to mitigate the security threat based on a type of the second device; wherein the type of the first device is different than the type of the second device and the first action on the first device is different than the second action on the second device. 11 . The system of claim 10 , wherein the first dataset comprises metrics of traffic or transactions between the first plurality of client devices and the first plurality of servers. 12 . The system of claim 10 , wherein the first dataset comprises information or events logged at the first device. 13 . The system of claim 10 , wherein the first dataset comprises the subset of the data tracked at the first device that is determined by the agent according to a criteria, to send to the controller. 14 . The system of claim 10 , wherein the at least one processor is further configured to: determine the instruction by using a portion of the first dataset and the second dataset that corresponds to a specific segment of devices or applications. 15 . The system of claim 14 , wherein the third device corresponds to the specific segment of devices or applications, and is intermediary between a third plurality of client devices and a third plurality of servers. 16 . The system of claim 10 , wherein the at least one processor is further configured to: receive, via the transceiver, the first dataset and the second dataset over a defined time duration; store the first dataset and the second dataset; and determine the instruction using the stored first dataset and the stored second dataset. 17 . The system of claim 10 , wherein the at least one processor is further configured to: perform machine or statistical learning using the first dataset and the second dataset; and send, via the transceiver according to the machine or statistical learning, a criteria or an update to the first agent to control sending of an additional dataset of the first device to the system. 18 . A non-transitory computer-readable medium storing instructions that, when executed by at least one processor, cause the at least one processor to: receive, via a transceiver, a first dataset from a first agent of a first device intermediary between a first plurality of client devices and a first plurality of servers, the first dataset comprising a subset of data tracked at the first device and available to the first agent; receive, via the transceiver, a second dataset from a second agent of a second device intermediary between a second plurality of client devices and a second plurality of servers, the second plurality of device devices and the second plurality of servers being distinct from the first plurality of client devices and the first plurality of servers, the second dataset comprising a subset of data tracked at the second device and available to the second agent; and identify a security threat indicated in the first data set or the second data set; send, via the transmitter, a communication to the first device and the second device, the communication comprising an instruction to mitigate the security threat; initiate a first action on the first device to mitigate the security threat based on a type of the first device; and initiate a second action on

Assignees

Citrix Systems Inc

Inventors

Classifications

G06F2221/034
Test or assess a computer or a system · CPC title
H04L63/1408
by monitoring network traffic (monitoring network traffic per se H04L43/00) · CPC title
G06F21/554Primary
involving event detection and direct action · CPC title
H04L63/1441Primary
Countermeasures against malicious traffic (countermeasures against attacks on cryptographic mechanisms H04L9/002) · CPC title

Patent family

Related publications grouped by family.

View patent family 80225988

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US12596794B2 cover?: Described embodiments provide systems and methods for performing actions based on data of devices. A controller executing on at least one server may receive a first dataset from a first agent of a first device intermediary between a first plurality of client devices and a first plurality of servers. The first dataset may comprise a subset of data tracked at the first device and available to the…
Who is the assignee on this patent?: Citrix Systems Inc
What technology area does this patent fall under?: Primary CPC classification G06F21/554. Mapped technology areas include Physics.
When was this patent published?: Publication date Tue Apr 07 2026 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 2 related publications on this page (citations in our corpus or others sharing the same primary CPC).