Performing a security action with regard to an access token based on clustering of access requests
US-2024406160-A1 · Dec 5, 2024 · US
Securing Network Activity Managed by Operating Systems
US2016197909A1 · US · A1
| Field | Value |
|---|---|
| Publication number | US-2016197909-A1 |
| Application number | US-201614986971-A |
| Country | US |
| Kind code | A1 |
| Filing date | Jan 4, 2016 |
| Priority date | Jan 5, 2015 |
| Publication date | Jul 7, 2016 |
| Grant date | — |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Methods and systems are disclosed for providing approaches to receiving, by an enterprise framework device from an application executing on a computing device, a first request associated with accessing an enterprise resource and generating, by the data proxy device, a ticketed URL that is associated with resource device communications related to the first request. The methods and systems may include receiving, by the data proxy device from the operating system, a second request addressed to the ticketed URL, transmitting, by the data proxy device to the operating system, based on the second request addressed to the ticketed URL, a resource device response, and transmitting, by the enterprise framework device to the application, the resource device response.
First claim
Opening claim text (preview).
What is claimed is: 1 . A method comprising: receiving, by an enterprise framework device from an application executing on a computing device, a first request associated with accessing an enterprise resource; transmitting, by the enterprise framework device, the first request to a data proxy device via a foreground application programming interface of an operating system executing on the computing device; transmitting, by the data proxy device, the first request to an enterprise resource device; generating, by the data proxy device, a ticketed URL, the ticketed URL being associated with resource device communications related to the first request for the enterprise resource; transmitting, by the data proxy device, the ticketed URL to the enterprise framework device; transmitting, by the enterprise framework device, the ticketed URL to the operating system; receiving, by the data proxy device from the operating system, a second request addressed to the ticketed URL; transmitting, by the data proxy device to the operating system, based on the second request addressed to the ticketed URL, a resource device response related to the first request for the enterprise resource device; retrieving, by the enterprise framework device from the operating system, the resource device response related to the first request for the enterprise resource; and transmitting, by the enterprise framework device to the application, the resource device response related to the first request for the enterprise resource. 2 . The method of claim 1 , further comprising: generating, by the enterprise framework device, an encryption key associated with the data proxy device; encrypting, by the data proxy device, based on the encryption key, the resource device response related to the first request for the enterprise resource; and decrypting, by the enterprise framework device based on the encryption key, the encrypted resource device response related to the first request for the enterprise resource. 3 . The method of claim 1 , further comprising in response to receiving, by the data proxy device from the enterprise framework device, the first request associated with accessing the enterprise resource, initiating, by the data proxy device, an authentication session with the enterprise resource device using one or more credentials that are unfamiliar to the operating system. 4 . The method of claim 1 , further comprising: caching, by the data proxy device in a storage device, information associated with the first request; generating, by the data proxy device, the ticketed URL referencing a location of the cached information; in response to receiving, by the data proxy device from the operating system, the second request comprising the location of the cached information, transmitting, by the data proxy device to the enterprise resource device, the cached information associated with the first request; and receiving, by the data proxy device from the enterprise resource device, the resource device response. 5 . The method of claim 1 , further comprising in response to receiving, by the data proxy device from the enterprise resource device, the second request addressed to the ticketed URL, transmitting, by the data proxy device to the enterprise resource device, authentication credentials via an authentication session. 6 . The method of claim 1 , further comprising: buffering, by the data proxy device, a portion of the resource device response; and in response to receiving, by the data proxy device, a call from the operating system, transmitting, by the data proxy device to the operating system, the buffered portion of the resource device response. 7 . The method of claim 1 , wherein the first request comprises a request to download a file or upload a file. 8 . A system, comprising: at least one processor; and at least one memory storing computer-readable instructions that, when executed by the at least one processor, cause the system to perform: receiving, by an enterprise framework device from an application executing on a computing device, a first request associated with accessing an enterprise resource; transmitting, by the enterprise framework device, the first request to a data proxy device via a foreground application programming interface of an operating system executing on the computing device; transmitting, by the data proxy device, the first request to an enterprise resource device; generating, by the data proxy device, a ticketed URL, the ticketed URL being associated with resource device communications related to the first request for the enterprise resource; transmitting, by the data proxy device, the ticketed URL to the enterprise framework device; transmitting, by the enterprise framework device, the ticketed URL to the operating system; receiving, by the data proxy device from the operating system, a second request addressed to the ticketed URL; transmitting, by the data proxy device to the operating system, based on the second request addressed to the ticketed URL, a resource device response related to the first request for the enterprise resource device; retrieving, by the enterprise framework device from the operating system, the resource device response related to the first request for the enterprise resource; and transmitting, by the enterprise framework device to the application, the resource device response related to the first request for the enterprise resource. 9 . The system of claim 8 , wherein the computer-readable instructions further cause the system to perform: generating, by the enterprise framework device, an encryption key associated with the data proxy device; encrypting, by the data proxy device, based on the encryption key, the resource device response related to the first request for the enterprise resource; and decrypting, by the enterprise framework device based on the encryption key, the encrypted resource device response related to the first request for the enterprise resource. 10 . The system of claim 8 , wherein the computer-readable instructions further cause the system to perform in response to receiving, by the data proxy device from the enterprise framework device, the first request associated with accessing the enterprise resource, initiating, by the data proxy device, an authentication session with the enterprise resource device using one or more credentials that are unfamiliar to the operating system. 11 . The system of claim 8 , wherein the computer-readable instructions further cause the system to perform: caching, by the data proxy device in a storage device, information associated with the first request; generating, by the data proxy device, the ticketed URL referencing a location of the cached information; in response to receiving, by the data proxy device from the operating system, the second request comprising the location of the cached information, transmitting, by the data proxy device to the enterprise resource device, the cached information associated with the first request; and receiving, by the data proxy device from the enterprise resource device, the resource device response. 12 . The system of claim 8 , wherein the computer-readable instructions further cause the system to perform in response to receiving, by the data proxy device from the enterprise resource device, the second request addressed to the ticketed URL, transmitting, by the data proxy device to the enterprise resource device, authentication credentials via an authentication session. 13 . The system of claim 8 , wherein the computer-readable instructions further cause the system to perform: b
Assignees
Inventors
Classifications
for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS] · CPC title
Electricity · mapped topic
- H04L63/0807Primary
using tickets, e.g. Kerberos (cryptographic mechanisms or cryptographic arrangements for entity authentication using tickets or tokens H04L9/3213) · CPC title
specially adapted for file transfer, e.g. file transfer protocol [FTP] · CPC title
wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption (cryptographic mechanisms or cryptographic arrangements for symmetric key encryption H04L9/06) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US2016197909A1 cover?
- Methods and systems are disclosed for providing approaches to receiving, by an enterprise framework device from an application executing on a computing device, a first request associated with accessing an enterprise resource and generating, by the data proxy device, a ticketed URL that is associated with resource device communications related to the first request. The methods and systems may in…
- Who is the assignee on this patent?
- Citrix Systems Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/0807. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Thu Jul 07 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).