Patents by Inventor Punit Gupta
Punit Gupta has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11533289Abstract: Described embodiments provide systems and methods for rewriting an URL in a message transmitted via a clientless SSL VPN session. An intermediary device may identify, in a HTTP response transmitted via the session, an absolute URL that includes a hostname of the server. The device may determine that the absolute URL includes an intranet domain name. The device may generate, responsive to the determination, a URL segment by combining a unique string corresponding to the hostname of the server, with a hostname of the device. The device may rewrite, responsive to the determination, the absolute URL by replacing the server hostname in the absolute URL with the generated URL segment. A DNS server for the client may be configured with a DNS entry comprising a wildcard combined with the device hostname, to cause the DNS server to resolve the rewritten absolute URL to an IP address of the device.Type: GrantFiled: September 23, 2020Date of Patent: December 20, 2022Assignee: Citrix Systems, Inc.Inventors: Punit Gupta, Pintu Kumar
-
Patent number: 11470076Abstract: The present disclosure is directed towards systems and methods for validation of a secure socket layer (SSL) certificate of a server for clientless SSL virtual private network (VPN) access. An intermediary device can receive a first request from a client for a clientless SSL VPN connection to a first server. The intermediary device can determine, using a preconfigured policy, that the first server in the first request meets a condition of the preconfigured policy. The intermediary device 801 can perform, responsive to the determination, an action to validate a SSL certificate of the first server using one or more certificate authority (CA) certificate files available to the intermediary device. The one or more CA certificate files can be specified by the preconfigured policy for the action.Type: GrantFiled: May 11, 2020Date of Patent: October 11, 2022Assignee: Citrix Systems, Inc.Inventors: Jaydeep Khandelwal, Punit Gupta, Arkesh Kumar
-
Publication number: 20210377294Abstract: Implementations of the systems and methods discussed herein provide for distributed HTTP proxy services with synchronization of per-server or per-tenant resource allocation counters amongst the proxy devices, allowing devices to quickly identify denial of service attacks or other malicious or erroneous behavior. In some implementations, a database server may receive resource consumption notifications from each of a plurality of proxy devices and may aggregate the notifications or increment a counter on a per-server or per-tenant basis, and provide updated counter values to proxy devices via callbacks. Each proxy device may check the counter value before utilizing resources, and may disable or block proxy processing responsive to the counter exceeding a threshold.Type: ApplicationFiled: October 5, 2020Publication date: December 2, 2021Applicant: Citrix Systems, Inc.Inventors: Punit Gupta, Sandilya Sangabathula, Kenneth Bell
-
Publication number: 20210006537Abstract: Described embodiments provide systems and methods for rewriting an URL in a message transmitted via a clientless SSL VPN session. An intermediary device may identify, in a HTTP response transmitted via the session, an absolute URL that includes a hostname of the server. The device may determine that the absolute URL includes an intranet domain name. The device may generate, responsive to the determination, a URL segment by combining a unique string corresponding to the hostname of the server, with a hostname of the device. The device may rewrite, responsive to the determination, the absolute URL by replacing the server hostname in the absolute URL with the generated URL segment. A DNS server for the client may be configured with a DNS entry comprising a wildcard combined with the device hostname, to cause the DNS server to resolve the rewritten absolute URL to an IP address of the device.Type: ApplicationFiled: September 23, 2020Publication date: January 7, 2021Applicant: Citrix Systems, Inc.Inventors: Punit GUPTA, Pintu KUMAR
-
Patent number: 10812448Abstract: Described embodiments provide systems and methods for rewriting an URL in a message transmitted via a clientless SSL VPN session. An intermediary device may identify, in a HTTP response transmitted via the session, an absolute URL that includes a hostname of the server. The device may determine that the absolute URL includes an intranet domain name. The device may generate, responsive to the determination, a URL segment by combining a unique string corresponding to the hostname of the server, with a hostname of the device. The device may rewrite, responsive to the determination, the absolute URL by replacing the server hostname in the absolute URL with the generated URL segment. A DNS server for the client may be configured with a DNS entry comprising a wildcard combined with the device hostname, to cause the DNS server to resolve the rewritten absolute URL to an IP address of the device.Type: GrantFiled: January 26, 2018Date of Patent: October 20, 2020Assignee: Citrix Systems, Inc.Inventors: Punit Gupta, Pintu Kumar
-
Patent number: 10778684Abstract: Disclosed embodiments provide access to an application. An intermediary device may provide access to an application hosted by the server. The access may be provided to the client via a link that generates a first HTTP request for the application. The device may receive, from the client, the first HTTP request generated via the provided link. The device may rewrite an absolute URL of the application indicated in the first HTTP request, by replacing a first hostname of the server included in the absolute URL, with a URL segment generated by combining a unique string assigned to the first hostname with a second hostname of the device. The device may redirect the client to the rewritten absolute URL of the application.Type: GrantFiled: April 7, 2017Date of Patent: September 15, 2020Assignee: Citrix Systems, Inc.Inventors: Punit Gupta, Saurabh Singh, Ravi Ganesh, V, Jong Kann
-
Publication number: 20200274867Abstract: The present disclosure is directed towards systems and methods for validation of a secure socket layer (SSL) certificate of a server for clientless SSL virtual private network (VPN) access. An intermediary device can receive a first request from a client for a clientless SSL VPN connection to a first server. The intermediary device can determine, using a preconfigured policy, that the first server in the first request meets a condition of the preconfigured policy. The intermediary device 801 can perform, responsive to the determination, an action to validate a SSL certificate of the first server using one or more certificate authority (CA) certificate files available to the intermediary device. The one or more CA certificate files can be specified by the preconfigured policy for the action.Type: ApplicationFiled: May 11, 2020Publication date: August 27, 2020Inventors: Jaydeep Khandelwal, Punit Gupta, Arkesh Kumar
-
Patent number: 10652229Abstract: The present disclosure is directed towards systems and methods for validation of a secure socket layer (SSL) certificate of a server for clientless SSL virtual private network (VPN) access. An intermediary device can receive a first request from a client for a clientless SSL VPN connection to a first server. The intermediary device can determine, using a preconfigured policy, that the first server in the first request meets a condition of the preconfigured policy. The intermediary device 801 can perform, responsive to the determination, an action to validate a SSL certificate of the first server using one or more certificate authority (CA) certificate files available to the intermediary device. The one or more CA certificate files can be specified by the preconfigured policy for the action.Type: GrantFiled: March 16, 2018Date of Patent: May 12, 2020Assignee: Citrix Systems, Inc.Inventors: Jaydeep Khandelwal, Punit Gupta, Arkesh Kumar
-
Patent number: 10484336Abstract: The present disclosure is directed towards systems and methods for rewriting a HTTP response transmitted via a clientless SSL VPN session. An intermediary device may identify, in a HTTP response transmitted via a clientless SSL VPN session, an absolute URL that includes a first hostname of the server. The device may provide a unique string corresponding to the first hostname of the server. The device may generate a URL segment by combining the unique string with a second hostname of the device. The device may rewrite the absolute URL by replacing the first hostname in the absolute URL with the generated URL segment. A domain name system (DNS) server for the client may be configured with a DNS entry comprising a wildcard combined with the second hostname, to cause the DNS server to resolve the rewritten absolute URL to an IP address of the device.Type: GrantFiled: May 13, 2016Date of Patent: November 19, 2019Assignee: CITRIX SYSTEMS, INC.Inventors: Pintu Kumar, Punit Gupta, Vignesh Rajendran
-
Publication number: 20190238504Abstract: Described embodiments provide systems and methods for rewriting an URL in a message transmitted via a clientless SSL VPN session. An intermediary device may identify, in a HTTP response transmitted via the session, an absolute URL that includes a hostname of the server. The device may determine that the absolute URL includes an intranet domain name. The device may generate, responsive to the determination, a URL segment by combining a unique string corresponding to the hostname of the server, with a hostname of the device. The device may rewrite, responsive to the determination, the absolute URL by replacing the server hostname in the absolute URL with the generated URL segment. A DNS server for the client may be configured with a DNS entry comprising a wildcard combined with the device hostname, to cause the DNS server to resolve the rewritten absolute URL to an IP address of the device.Type: ApplicationFiled: January 26, 2018Publication date: August 1, 2019Inventors: Punit GUPTA, Pintu KUMAR
-
Publication number: 20180295134Abstract: Disclosed embodiments provide access to an application. An intermediary device may provide access to an application hosted by the server. The access may be provided to the client via a link that generates a first HTTP request for the application. The device may receive, from the client, the first HTTP request generated via the provided link. The device may rewrite an absolute URL of the application indicated in the first HTTP request, by replacing a first hostname of the server included in the absolute URL, with a URL segment generated by combining a unique string assigned to the first hostname with a second hostname of the device. The device may redirect the client to the rewritten absolute URL of the application.Type: ApplicationFiled: April 7, 2017Publication date: October 11, 2018Inventors: Punit Gupta, Saurabh Singh, Ravi Ganesh, V, Jong Kann
-
Publication number: 20180212953Abstract: The present disclosure is directed towards systems and methods for validation of a secure socket layer (SSL) certificate of a server for clientless SSL virtual private network (VPN) access. An intermediary device can receive a first request from a client for a clientless SSL VPN connection to a first server. The intermediary device can determine, using a preconfigured policy, that the first server in the first request meets a condition of the preconfigured policy. The intermediary device 801 can perform, responsive to the determination, an action to validate a SSL certificate of the first server using one or more certificate authority (CA) certificate files available to the intermediary device. The one or more CA certificate files can be specified by the preconfigured policy for the action.Type: ApplicationFiled: March 16, 2018Publication date: July 26, 2018Inventors: Jaydeep Khandelwal, Punit Gupta, Arkesh Kumar
-
Patent number: 9948633Abstract: The present disclosure is directed towards systems and methods for validation of a secure socket layer (SSL) certificate of a server for clientless SSL virtual private network (VPN) access. An intermediary device can receive a first request from a client for a clientless SSL VPN connection to a first server. The intermediary device can determine, using a preconfigured policy, that the first server in the first request meets a condition of the preconfigured policy. The intermediary device 801 can perform, responsive to the determination, an action to validate a SSL certificate of the first server using one or more certificate authority (CA) certificate files available to the intermediary device. The one or more CA certificate files can be specified by the preconfigured policy for the action.Type: GrantFiled: October 28, 2015Date of Patent: April 17, 2018Assignee: Citrix Systems, Inc.Inventors: Jaydeep Khandelwal, Punit Gupta, Arkesh Kumar
-
Publication number: 20170331789Abstract: The present disclosure is directed towards systems and methods for rewriting a HTTP response transmitted via a clientless SSL VPN session. An intermediary device may identify, in a HTTP response transmitted via a clientless SSL VPN session, an absolute URL that includes a first hostname of the server. The device may provide a unique string corresponding to the first hostname of the server. The device may generate a URL segment by combining the unique string with a second hostname of the device. The device may rewrite the absolute URL by replacing the first hostname in the absolute URL with the generated URL segment. A domain name system (DNS) server for the client may be configured with a DNS entry comprising a wildcard combined with the second hostname, to cause the DNS server to resolve the rewritten absolute URL to an IP address of the device.Type: ApplicationFiled: May 13, 2016Publication date: November 16, 2017Inventors: Pintu Kumar, Punit Gupta, Vignesh Rajendran
-
Publication number: 20170126664Abstract: The present disclosure is directed towards systems and methods for validation of a secure socket layer (SSL) certificate of a server for clientless SSL virtual private network (VPN) access. An intermediary device can receive a first request from a client for a clientless SSL VPN connection to a first server. The intermediary device can determine, using a preconfigured policy, that the first server in the first request meets a condition of the preconfigured policy. The intermediary device 801 can perform, responsive to the determination, an action to validate a SSL certificate of the first server using one or more certificate authority (CA) certificate files available to the intermediary device. The one or more CA certificate files can be specified by the preconfigured policy for the action.Type: ApplicationFiled: October 28, 2015Publication date: May 4, 2017Inventors: Jaydeep Khandelwal, Punit Gupta, Arkesh Kumar
-
Patent number: 9344426Abstract: Techniques for accessing enterprise resources while providing denial-of-service attack protection may include receiving, at a gateway from a client device, a request for a resource, the request including a location identifier associated with the resource. Techniques may further include redirecting, by a redirection message, the request to an authentication device that requests credentials for authentication, the redirection message including the location identifier. Techniques may also include retrieving, after authentication of the credentials, the location identifier from the client device. Techniques may additionally include providing access to the resource based on the location identifier.Type: GrantFiled: December 26, 2013Date of Patent: May 17, 2016Assignee: Citrix Systems, Inc.Inventors: Punit Gupta, Bharat Bhushan, Jong Kann, Pierre Rafiq
-
Patent number: 9264429Abstract: The present invention provides a system and method of managing traffic traversing an intermediary based on a result of end point auditing. An authentication virtual server of an intermediary may determine a result of an end point analysis scan of a client. Responsive to the determination, the traffic management virtual server can obtain the result from the authentication virtual server. Further, the traffic management virtual server may apply the result in one or more traffic management policies to manage network traffic of a connection of the client traversing the intermediary. In some embodiments, the authentication virtual server may receive one or more expressions evaluated by the client. The one or more expressions identifies one or more attributes of the client. The traffic management virtual server can also determine a type of compression or encryption for the connection based on applying the one or more traffic management policies using the result.Type: GrantFiled: August 18, 2014Date of Patent: February 16, 2016Assignee: CITRIX SYSTEMS, INC.Inventors: James Harris, Rui Li, Arkesh Kumar, Ravindranath Thakur, Puneet Agarwal, Akshat Choudhary, Punit Gupta
-
Publication number: 20150046997Abstract: A method for accessing enterprise resources while providing denial-of-service attack protection. The method may include receiving, at a gateway from a client device, a request for a resource, the request comprising a location identifier associated with the resource. The method may further include redirecting, by a redirection message, the request to an authentication device that requests credentials for authentication, the redirection message comprising the location identifier. The method may also include retrieving, after authentication of the credentials, the location identifier from the client device. The method may additionally include providing access to the resource based on the location identifier.Type: ApplicationFiled: December 26, 2013Publication date: February 12, 2015Applicant: Citrix Systems, Inc.Inventors: Punit Gupta, Bharat Bhushan, Jong Kann, Pierre Rafiq
-
Publication number: 20140366080Abstract: A method for providing secure remote access to an enterprise application store with enterprise applications for a service running on a mobile device includes receiving an authentication request with user credentials from an access manager on the mobile device. Authentication and a valid session cookie are provided if user credentials are valid. An access token request is received and an access token is provided in response to the token request if the token request includes the valid session cookie. An access request from the service is received and access to the enterprise application store by the service is allowed if the request includes the access token. The service may then download applications or receive applications delivered via the enterprise application store. The application management service can also access a publicly available application store.Type: ApplicationFiled: June 5, 2013Publication date: December 11, 2014Inventors: Punit Gupta, Bharat Bhushan, Jong Kann, Pierre Rafiq
-
Publication number: 20140359728Abstract: The present invention provides a system and method of managing traffic traversing an intermediary based on a result of end point auditing. An authentication virtual server of an intermediary may determine a result of an end point analysis scan of a client. Responsive to the determination, the traffic management virtual server can obtain the result from the authentication virtual server. Further, the traffic management virtual server may apply the result in one or more traffic management policies to manage network traffic of a connection of the client traversing the intermediary. In some embodiments, the authentication virtual server may receive one or more expressions evaluated by the client. The one or more expressions identifies one or more attributes of the client. The traffic management virtual server can also determine a type of compression or encryption for the connection based on applying the one or more traffic management policies using the result.Type: ApplicationFiled: August 18, 2014Publication date: December 4, 2014Applicant: Citrix Systems, Inc.Inventors: James Harris, Raymond Li, Ravindranath Thakur, Puneet Agarwal, Punit Gupta