Patents by Inventor Arkesh Kumar

Arkesh Kumar has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 8572721
    Abstract: In a method and system for routing packets between clients, a packet is received from a first client connected to a secure sockets layer virtual private network (an SSL/VPN) network appliance. An identification is made, responsive to an inspection of the received packet, of i) a type of connection required for transmission of the received packet to a destination address identified by the received packet and ii) a second client connected via an SSL/VPN connection to the SSL/VPN network appliance and associated with the identified destination address. A request is made for establishment by the second client of a connection of the identified type within the SSL/VPN connection. The received packet is transmitted to the second client via the established connection of the identified type.
    Type: Grant
    Filed: August 3, 2006
    Date of Patent: October 29, 2013
    Assignee: Citrix Systems, Inc.
    Inventors: Arkesh Kumar, James Harris, Ajay Soni
  • Patent number: 8533312
    Abstract: The present application is directed towards systems and methods for managing server initiated connections via a multi-core system that provides VPN access between clients and servers. The solution described herein provides a mechanism by which server and client communications via the multi-core system for a server initiated connection may be received on different cores and for the system to manage these communications across different cores to provide an end-to-end connectivity between the client and the server.
    Type: Grant
    Filed: August 5, 2010
    Date of Patent: September 10, 2013
    Assignee: Citrix Systems, Inc.
    Inventors: Ravindranath Thakur, Pratap Ramachandra, Arkesh Kumar
  • Patent number: 8451806
    Abstract: The intranet IP address management solution of the appliance and/or client described herein provides an environment for efficiently assigning, managing and querying virtual private network addresses, referred to as intranet IP (IIP) addresses of virtual private network users, such as a multitude of SSL VPN users on an enterprise network. The appliance provides techniques and policies for assigning previously assigned virtual private network addresses of a user to subsequent sessions of the user as the user logs in multiple times or roams between access points. This technique is referred to IIP stickiness as the appliance attempts to provide the same IIP address to a roaming VPN user. The appliance also provides a configurable user domain naming policy so that one can ping or query the virtual private network address of a user by an easily referenceable host name identifying the user.
    Type: Grant
    Filed: August 21, 2006
    Date of Patent: May 28, 2013
    Assignee: Citrix Sysrems, Inc.
    Inventors: Arkesh Kumar, James Harris
  • Patent number: 8392982
    Abstract: The present invention provides a system and method for authentication of network traffic managed by a traffic management virtual server. A traffic management virtual server may determine that a client has not been authenticated from a request of the client to access a server. Responsive to the request, the traffic management virtual server may transmit a response to the client with instructions to redirect to an authentication virtual server. The authentication virtual server may receive a second request from the client. The authentication virtual server may then authenticate credentials received from the client and establish an authentication session for the client. Further, the authentication virtual server may transmit a second response to redirect the client to the traffic management virtual server. The second response identifies the authentication session. The traffic management virtual server then receives a request from the client with an identifier to the authentication session.
    Type: Grant
    Filed: March 23, 2009
    Date of Patent: March 5, 2013
    Assignee: Citrix Systems, Inc.
    Inventors: James Harris, Rui Li, Arkesh Kumar, Ravindranath Thakur, Puneet Agarwal, Akshat Choudhary
  • Patent number: 8356101
    Abstract: Methods for establishing an SSL/VPN session on behalf of a user of a client where the user has a previously existing session are described. Methods include receiving, by an appliance, a request from a first client operated by a user to establish a virtual private network session; creating, by the appliance, a temporary virtual private network session with the client; identifying, by the appliance, an existing virtual private network session previously established on behalf of the user; terminating the previous session; and creating a new virtual private network session with the client using the temporary session. Other methods may further include transmitting a request to a user corresponding to whether to terminate one or more previous sessions, and transferring session data from a previously existing session to a current session. Corresponding systems are also described.
    Type: Grant
    Filed: January 31, 2012
    Date of Patent: January 15, 2013
    Assignee: Citrix Systems, Inc.
    Inventors: Arkesh Kumar, James Harris, Ajay Soni
  • Publication number: 20120317411
    Abstract: A system and method for establishing a virtual private network (VPN) between a client and a private data communication network. An encrypted data communication session, such as a-Secure Sockets Layer (SSL) data communication session, is established between a gateway and the client over a public data communication network. The gateway then sends a programming component to the client for automatic installation and execution thereon. The programming component operates to intercept communications from client applications destined for resources on the private data communication network and to send the intercepted communications to the gateway via the encrypted data communication session instead of to the resources on the private data communication network.
    Type: Application
    Filed: August 21, 2012
    Publication date: December 13, 2012
    Inventors: PRABAKAR SUNDARRAJAN, Junxiao HE, Ajay SONI, Shashidhara NANJUNDASWARMY, Arkesh KUMAR
  • Publication number: 20120290732
    Abstract: The present disclosure describes methods and systems for efficiently assigning, managing and querying virtual private network (VPN) addresses intranet IP (IIP) addresses of users, such as SSL VPN users on an enterprise network. The disclosure describes techniques and policies for assigning previously-assigned VPN addresses of a user to subsequent sessions of the user as the user logs in multiple times or roams between access points. The disclosure also describes a configurable user domain naming policy so that one can query the VPN address of a user by an easily referable host name identifying the user. The appliance and/or client agent provides techniques for applications to seamlessly and transparently communicate on the VPN using the VPN address of the user or client on the private network.
    Type: Application
    Filed: June 1, 2012
    Publication date: November 15, 2012
    Inventors: Josephine Suganthi, Shashi Nanjundaswamy, Manjunath Rajashekhar, Arkesh Kumar
  • Publication number: 20120281706
    Abstract: Embodiments of the present solution provide a cloud bridge to bring network transparency between the otherwise disparate networks of the datacenter and cloud service provider. For example, appliances may be deployed in the datacenter and on the edge of the cloud. These appliances may be configured or designed and constructed to communicate with each other and recognize and understand the local IP and/or public IP network information of the on-premise datacenter of the enterprise and the cloud datacenter. These appliances may manage the flow of network traffic between the on-premise and cloud datacenters in a manner to appear and act seamlessly and transparently as a single network spanning both the on-premise and cloud data centers.
    Type: Application
    Filed: May 4, 2012
    Publication date: November 8, 2012
    Inventors: PUNEET AGARWAL, Deepak Goel, Mugdha Agarwal, Anil Kumar Gavini, Jyotheesh Rao Kurma, Arkesh Kumar, Shaleen Sharma
  • Patent number: 8271661
    Abstract: The present invention is related to a method for establishing via an appliance a transport layer protocol connection initiated by a server on a first network to a client connected from a second network to the first network via a secure socket layer virtual private network (SSL VPN) connection. The method includes the step of receiving, by an appliance, a transport layer connection request from a server on a first network to connect to a client connected to the first network via a SSL VPN connection from a second network. The transport layer connection request identifies a client destination internet protocol address and a client destination port on the first network.
    Type: Grant
    Filed: June 25, 2010
    Date of Patent: September 18, 2012
    Assignee: Citrix Systems, Inc.
    Inventors: James Harris, Arkesh Kumar, Charu Venkatraman, Ajay Soni, Junxiao He
  • Patent number: 8261057
    Abstract: A system and method for establishing a virtual private network (VPN) between a client and a private data communication network. An encrypted data communication session, such as a—Secure Sockets Layer (SSL) data communication session, is established between a gateway and the client over a public data communication network. The gateway then sends a programming component to the client for automatic installation and execution thereon. The programming component operates to intercept communications from client applications destined for resources on the private data communication network and to send the intercepted communications to the gateway via the encrypted data communication session instead of to the resources on the private data communication network.
    Type: Grant
    Filed: June 4, 2010
    Date of Patent: September 4, 2012
    Assignee: Citrix Systems, Inc.
    Inventors: Prabakar Sundarrajan, Junxiao He, Ajay Soni, Shashidhara Nanjundaswamy, Arkesh Kumar
  • Patent number: 8213393
    Abstract: The intranet IP address management solution of the appliance and/or client described herein provides an environment for efficiently assigning, managing and querying virtual private network addresses, referred to as intranet IP (IIP) addresses of virtual private network users, such as a multitude of SSL VPN users on an enterprise network. The appliance provides techniques and policies for assigning previously assigned virtual private network addresses of a user to subsequent sessions of the user as the user logs in multiple times or roams between access points. This technique is referred to IIP stickiness as the appliance attempts to provide the same IIP address to a roaming VPN user. The appliance also provides a configurable user domain naming policy so that one can ping or query the virtual private network address of a user by an easily referenceable host name identifying the user.
    Type: Grant
    Filed: August 21, 2006
    Date of Patent: July 3, 2012
    Assignee: Citrix Systems, Inc.
    Inventors: Josephine Suganthi, Shashi Nanjundaswamy, Manjunath Rajashekhar, Arkesh Kumar
  • Publication number: 20120131208
    Abstract: Methods for establishing an SSL/VPN session on behalf of a user of a client where the user has a previously existing session are described. Methods include receiving, by an appliance, a request from a first client operated by a user to establish a virtual private network session; creating, by the appliance, a temporary virtual private network session with the client; identifying, by the appliance, an existing virtual private network session previously established on behalf of the user; terminating the previous session; and creating a new virtual private network session with the client using the temporary session. Other methods may further include transmitting a request to a user corresponding to whether to terminate one or more previous sessions, and transferring session data from a previously existing session to a current session. Corresponding systems are also described.
    Type: Application
    Filed: January 31, 2012
    Publication date: May 24, 2012
    Inventors: ARKESH KUMAR, James Harris, Ajay Soni
  • Patent number: 8151323
    Abstract: The present invention relates to systems and methods to identify a level of access for a resource being accessed via a secure socket layer virtual private network (SSL VPN) connection to a network, and to control the action on the resource based on the identified level of access. The appliance described herein provides intelligent secure access and action control to resources based on a sense and respond mechanism. When a user requests access to a resource via the SSL VPN connection of the appliance, the appliance obtains information about the client to determine the user access scenario—the location, device, connection and identify of the user or client.
    Type: Grant
    Filed: December 5, 2006
    Date of Patent: April 3, 2012
    Assignee: Citrix Systems, Inc.
    Inventors: James Harris, Max He, Arkesh Kumar, Ajay Soni, Charu Venkatraman, Shashi Najundaswamy, Amarnath Mullick
  • Patent number: 8132247
    Abstract: The SSL VPN session failover solution of the appliance and/or client agent described herein provides an environment for handling IP address assignment and end point re-authorization upon failover. The appliances may be deployed to provide a session failover environment in which a second appliance is a backup to a first appliance when a failover condition is detected, such as failure in operation of the first appliance. The backup appliance takes over responsibility for SSL VPN sessions provided by the first appliance. In the failover environment, the first appliance propagates SSL VPN session information including user IP address assignment and end point authorization information to the backup appliance. The backup appliance maintains this information. Upon detection of failover of the first appliance, the backup appliance activates the transferred SSL VPN session and maintains the user assigned IP addresses. The backup appliance may also re-authorize the client for the transferred SSL VPN session.
    Type: Grant
    Filed: August 3, 2007
    Date of Patent: March 6, 2012
    Assignee: Citrix Systems, Inc.
    Inventors: Saibal Adhya, Akshat Choudhary, Sergey Verzunov, Amarnath Mullick, Shashi Nanjundaswamy, Arkesh Kumar
  • Publication number: 20120036231
    Abstract: The present application is directed towards systems and methods for managing server initiated connections via a multi-core system that provides VPN access between clients and servers. The solution described herein provides a mechanism by which server and client communications via the multi-core system for a server initiated connection may be received on different cores and for the system to manage these communications across different cores to provide an end-to-end connectivity between the client and the server.
    Type: Application
    Filed: August 5, 2010
    Publication date: February 9, 2012
    Inventors: Ravindranath Thakur, Pratap Ramachandra, Arkesh Kumar
  • Publication number: 20120036244
    Abstract: In a multi-core system, multiple packet engines across corresponding cores may be working concurrently processing data packets from data flows of SSL VPN sessions. For example, a first core may establish a SSL VPN session with a client. Any one of the other cores, such as a second core, may received packets related to the session owned by the first core. Embodiments of the systems and method described below provide management of IIP addresses for the multi-core/multi-packet engine approach to providing SSL VPN service. In some embodiments, the approach to managing IIP addresses is to have one packet engine on a core act as a master or controller of the IIPs for the remaining packet engines and cores. The packet engines/cores use a protocol for communications regarding IIP management.
    Type: Application
    Filed: August 5, 2010
    Publication date: February 9, 2012
    Inventors: Pratap Ramachandra, Akshat Choudhary, Mugdha Agarwal, Arkesh Kumar
  • Patent number: 8108525
    Abstract: Methods for establishing an SSL/VPN session on behalf of a user of a client where the user has a previously existing session are described. Methods include receiving, by an appliance, a request from a first client operated by a user to establish a virtual private network session; creating, by the appliance, a temporary virtual private network session with the client; identifying, by the appliance, an existing virtual private network session previously established on behalf of the user; terminating the previous session; and creating a new virtual private network session with the client using the temporary session. Other methods may further include transmitting a request to a user corresponding to whether to terminate one or more previous sessions, and transferring session data from a previously existing session to a current session. Corresponding systems are also described.
    Type: Grant
    Filed: August 3, 2006
    Date of Patent: January 31, 2012
    Assignee: Citrix Systems, Inc.
    Inventors: Arkesh Kumar, James Harris, Ajay Soni
  • Publication number: 20110277026
    Abstract: The solution of the present application addresses the problem of authentication across disparately hosted systems by providing a single authentication domain across SaaS and cloud hosted applications as well as traditional enterprise hosted applications. An application delivery controller intermediary to a plurality of clients and the disparately hosted applications providing single sign on management, integration and control. A user may log in via an interface provided, controlled or managed by the ADC, which in turns, authenticates the user to the application in accordance with policy and the host of the application. As such, the user may login once to gain access to a plurality of disparately hosted applications.
    Type: Application
    Filed: May 6, 2011
    Publication date: November 10, 2011
    Inventors: Mugdha Agarwal, Akshat Choudhary, Puneet Agarwal, Arkesh Kumar, Nirdosh Shah, Ajay Soni
  • Publication number: 20110162062
    Abstract: The present invention is directed towards systems and methods for sharing licenses across resources via a multi-core intermediary device. A device intermediary to a plurality of clients and a server may grant a license for a virtual private network (VPN) session established by a first core of a plurality of cores of the device with a client. A second core of the plurality of cores may receive a first request from the client to establish an application connection between an application and a server via the VPN session. The second core may send a second request to the first core to share the license of the VPN session responsive to determining that the first core owns the VPN session. The second core may establish the application connection responsive to receiving from the first core a response accepting the second request to share the license of the VPN session.
    Type: Application
    Filed: December 23, 2010
    Publication date: June 30, 2011
    Inventors: ARKESH KUMAR, Pratap Ramachandra
  • Publication number: 20110154443
    Abstract: A method for propagating authentication session information to a plurality of cores of a multi-core device includes establishing, by an authentication virtual server executing on a first core of a device intermediary to at least one client and server, a session for a user, the authentication virtual server authenticating the session. A traffic management virtual server executes on a second core of device, and receives a request to access a server via the session. The traffic management virtual server may identify, responsive to a determination that the session is not stored by the second core, from an identifier of the session that the first core established the session. The second core may send to the first core a request for data for the session identified by the identifier. The second core may receive from the first core a response to the second request identifying whether the session is valid.
    Type: Application
    Filed: December 22, 2010
    Publication date: June 23, 2011
    Inventors: RAVINDRANATH THAKUR, Puneet Agarwal, Arkesh Kumar, Rui Li