Federated identity management for data repositories
US-2024348610-A1 · Oct 17, 2024 · US
Applying application layer policy to transport layer security requests systems and methods
US2020169584A1 · US · A1
| Field | Value |
|---|---|
| Publication number | US-2020169584-A1 |
| Application number | US-201816203120-A |
| Country | US |
| Kind code | A1 |
| Filing date | Nov 28, 2018 |
| Priority date | Nov 28, 2018 |
| Publication date | May 28, 2020 |
| Grant date | — |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Systems and methods for applying an application layer policy to a transport layer security request are provided. A device, intermediary to one or more clients and one or more servers, can receive a transport layer security (TLS) request to establish a TLS connection between a client of the one or more clients and a server of the one or more servers. The TLS request can include an application layer request to a resource of the server. The device can apply an application layer policy to the application layer request of the TLS request. The device can determine, responsive to applying the application layer policy, whether to one of accept or reject at least the application layer request of the TLS request.
First claim
Opening claim text (preview).
What is claimed is: 1 . A method for applying an application layer policy to a transport layer security request, the method comprising: (a) receiving, by a device intermediary to one or more clients and one or more servers, a transport layer security (TLS) request to establish a TLS connection between a client of the one or more clients and a server of the one or more servers, the TLS request including an application layer request to a resource of the server; (b) applying, by the device, an application layer policy to the application layer request of the TLS request; and (c) determining, by the device responsive to applying the application layer policy, whether to one of accept or reject at least the application layer request of the TLS request. 2 . The method of claim 1 , wherein (c) further comprises rejecting the application layer request but accepting the TLS request. 3 . The method of claim 2 , further comprising omitting, by the device, an extension for early data during a TLS handshake with the client to indicate rejection of the application layer request. 4 . The method of claim 1 , wherein (c) further comprises accepting both the TLS request and the application layer request. 5 . The method of claim 4 , further comprising including, by the device, an extension for early data during a TLS handshake with the client to indicate allowing the application layer request. 6 . The method of claim 1 , wherein (b) further comprises decrypting, by the device, the application layer request using at least one key included within the TLS request. 7 . The method of claim 1 , further comprising identifying, by the device based at least on the TLS request, the application layer policy for accessing the resource. 8 . The method of claim 1 , wherein the application layer policy specifies a pattern for matching against at least a portion of the application layer request. 9 . The method of claim 1 , wherein the application layer request comprises a HyperText Transfer Protocol (HTTP) request. 10 . The method of claim 1 , further comprising terminating, at the device, the TLS connection with the client and establishing a communication channel between the device and the server. 11 . A system for applying an application layer policy to a transport layer security request, the system comprising: a device intermediary to one or more clients and one or more servers, wherein the device is configured to: receive a transport layer security (TLS) request to establish a TLS connection between a client of the one or more clients and a server of the one or more servers, wherein the TLS request includes an application layer request to a resource of the server; apply an application layer policy to the application layer request of the TLS request; and determine responsive to applying the application layer policy, whether to one of accept or reject at least the application layer request of the TLS request. 12 . The system of claim 11 , wherein the device is further configured to reject the application layer request but accept the TLS request. 13 . The system of claim 12 , wherein the device is further configured to omit an extension for early data during a TLS handshake with the client to indicate rejection of the application layer request. 14 . The system of claim 11 , wherein the device is further configured to accept both the TLS request and the application layer request. 15 . The system of claim 14 , wherein the device is further configured to include an extension for early data during a TLS handshake with the client to indicate allowing the application layer request. 16 . The system of claim 11 , wherein the device is further configured to decrypt the application layer request using at least one key included within the TLS request. 17 . The system of claim 11 , wherein the device is further configured to identify, based at least on the TLS request, the application layer policy for accessing the resource. 18 . The system of claim 11 , wherein the application layer policy is configured with a pattern for matching against at least a portion of the application layer request. 19 . The system of claim 11 , wherein the application layer request comprises a HyperText Transfer Protocol (HTTP) request. 20 . The system of claim 11 , wherein the device is further configured to terminate the TLS connection with the client and establishing a communication channel between the device and the server.
Assignees
Inventors
Classifications
- H04L63/168Primary
above the transport layer · CPC title
Filtering by information in the payload · CPC title
at the transport layer · CPC title
- H04L63/20Primary
for managing network security; network security policies in general (filtering policies H04L63/0227) · CPC title
Hypervisors; Virtual machine monitors · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US2020169584A1 cover?
- Systems and methods for applying an application layer policy to a transport layer security request are provided. A device, intermediary to one or more clients and one or more servers, can receive a transport layer security (TLS) request to establish a TLS connection between a client of the one or more clients and a server of the one or more servers. The TLS request can include an application la…
- Who is the assignee on this patent?
- Citrix Systems Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/168. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Thu May 28 2020 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).