AU2007281166B2 - Systems and methods for application-based interception and authorization of SSL/VPN traffic - Google Patents
Systems and methods for application-based interception and authorization of SSL/VPN traffic Download PDFInfo
- Publication number
- AU2007281166B2 AU2007281166B2 AU2007281166A AU2007281166A AU2007281166B2 AU 2007281166 B2 AU2007281166 B2 AU 2007281166B2 AU 2007281166 A AU2007281166 A AU 2007281166A AU 2007281166 A AU2007281166 A AU 2007281166A AU 2007281166 B2 AU2007281166 B2 AU 2007281166B2
- Authority
- AU
- Australia
- Prior art keywords
- application
- network
- client
- appliance
- agent
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Ceased
Links
- 238000000034 method Methods 0.000 title claims abstract description 87
- 238000013475 authorization Methods 0.000 title claims abstract description 26
- 238000004891 communication Methods 0.000 claims abstract description 148
- 230000005540 biological transmission Effects 0.000 claims description 14
- 239000003795 chemical substances by application Substances 0.000 description 183
- 238000012545 processing Methods 0.000 description 33
- 230000008569 process Effects 0.000 description 32
- 238000012384 transportation and delivery Methods 0.000 description 30
- 230000006870 function Effects 0.000 description 25
- 230000006835 compression Effects 0.000 description 23
- 238000007906 compression Methods 0.000 description 23
- 230000001133 acceleration Effects 0.000 description 17
- 230000007246 mechanism Effects 0.000 description 12
- 230000036541 health Effects 0.000 description 11
- 238000012546 transfer Methods 0.000 description 11
- 238000010586 diagram Methods 0.000 description 10
- 238000007726 management method Methods 0.000 description 8
- 230000004044 response Effects 0.000 description 8
- 238000011176 pooling Methods 0.000 description 4
- 230000005641 tunneling Effects 0.000 description 4
- 230000008901 benefit Effects 0.000 description 3
- 230000003139 buffering effect Effects 0.000 description 3
- 238000007689 inspection Methods 0.000 description 3
- 238000009434 installation Methods 0.000 description 3
- 230000000737 periodic effect Effects 0.000 description 3
- 230000001360 synchronised effect Effects 0.000 description 3
- 241000699666 Mus <mouse, genus> Species 0.000 description 2
- 238000012550 audit Methods 0.000 description 2
- 235000014510 cooky Nutrition 0.000 description 2
- 230000006837 decompression Effects 0.000 description 2
- 238000001514 detection method Methods 0.000 description 2
- 238000001914 filtration Methods 0.000 description 2
- 238000002347 injection Methods 0.000 description 2
- 239000007924 injection Substances 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 238000012544 monitoring process Methods 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 230000004224 protection Effects 0.000 description 2
- 230000002123 temporal effect Effects 0.000 description 2
- 241000501754 Astronotus ocellatus Species 0.000 description 1
- 241000699670 Mus sp. Species 0.000 description 1
- 230000009471 action Effects 0.000 description 1
- 238000004458 analytical method Methods 0.000 description 1
- 230000002155 anti-virotic effect Effects 0.000 description 1
- 238000003491 array Methods 0.000 description 1
- 230000000903 blocking effect Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000000802 evaporation-induced self-assembly Methods 0.000 description 1
- 231100000572 poisoning Toxicity 0.000 description 1
- 230000000607 poisoning effect Effects 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 238000010025 steaming Methods 0.000 description 1
- 238000000859 sublimation Methods 0.000 description 1
- 230000008022 sublimation Effects 0.000 description 1
- 230000007704 transition Effects 0.000 description 1
- 238000013519 translation Methods 0.000 description 1
- 230000014616 translation Effects 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0236—Filtering by address, protocol, port number or service, e.g. IP-address or URL
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0245—Filtering by information in the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0272—Virtual private networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/30—Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information
- H04L63/306—Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information intercepting packet switched data communications, e.g. Web, Internet or IMS communications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0263—Rule management
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/101—Access control lists [ACL]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/104—Grouping of entities
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Technology Law (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Information Transfer Between Computers (AREA)
- Telephonic Communication Services (AREA)
- Computer And Data Communications (AREA)
Applications Claiming Priority (5)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US11/462,321 US8495181B2 (en) | 2006-08-03 | 2006-08-03 | Systems and methods for application based interception SSI/VPN traffic |
| US11/462,329 | 2006-08-03 | ||
| US11/462,321 | 2006-08-03 | ||
| US11/462,329 US8869262B2 (en) | 2006-08-03 | 2006-08-03 | Systems and methods for application based interception of SSL/VPN traffic |
| PCT/US2007/075035 WO2008017011A2 (en) | 2006-08-03 | 2007-08-02 | Systems and methods for application-based interception and authorization of ssl/vpn traffic |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| AU2007281166A1 AU2007281166A1 (en) | 2008-02-07 |
| AU2007281166B2 true AU2007281166B2 (en) | 2011-12-15 |
Family
ID=38904791
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| AU2007281166A Ceased AU2007281166B2 (en) | 2006-08-03 | 2007-08-02 | Systems and methods for application-based interception and authorization of SSL/VPN traffic |
Country Status (4)
| Country | Link |
|---|---|
| CN (1) | CN103384250B (zh) |
| AU (1) | AU2007281166B2 (zh) |
| HK (1) | HK1140883A1 (zh) |
| WO (1) | WO2008017011A2 (zh) |
Families Citing this family (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101729543B (zh) * | 2009-12-04 | 2012-10-03 | 同济大学 | 利用异地Socks5技术改善移动SSL VPN性能的方法 |
| US9237168B2 (en) * | 2012-05-17 | 2016-01-12 | Cisco Technology, Inc. | Transport layer security traffic control using service name identification |
| CN104092691A (zh) * | 2014-07-15 | 2014-10-08 | 北京奇虎科技有限公司 | 免root权限的联网防火墙的实现方法及客户端 |
| CN104144126B (zh) * | 2014-08-19 | 2018-01-23 | 北京奇虎科技有限公司 | 通过图像处理实现流量优化的方法及系统、客户端 |
| US9560078B2 (en) | 2015-02-04 | 2017-01-31 | Intel Corporation | Technologies for scalable security architecture of virtualized networks |
| CN105049431B (zh) * | 2015-06-30 | 2019-02-15 | 深信服科技股份有限公司 | 数据访问控制方法和装置 |
| CN109150751B (zh) * | 2017-06-16 | 2022-05-27 | 阿里巴巴集团控股有限公司 | 一种网络控制方法及装置 |
| CN109951575B (zh) * | 2017-12-20 | 2022-06-10 | 新智数字科技有限公司 | 拦截指定域名的方法和系统 |
| CN109543470A (zh) * | 2018-11-01 | 2019-03-29 | 郑州云海信息技术有限公司 | 一种存储设备安全访问方法及系统 |
| CN114584334A (zh) * | 2020-11-30 | 2022-06-03 | 夏普株式会社 | 信息处理装置及控制方法 |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2002079949A2 (en) * | 2001-03-30 | 2002-10-10 | Netscreen Technologies, Inc. | Internet security system |
| EP1418730A2 (en) * | 2002-11-06 | 2004-05-12 | AT&T Corp. | Virtual private network crossovers based on certificates |
| US20040177359A1 (en) * | 2003-03-07 | 2004-09-09 | Bauch David James | Supporting the exchange of data by distributed applications |
| US20050132030A1 (en) * | 2003-12-10 | 2005-06-16 | Aventail Corporation | Network appliance |
| US20050265351A1 (en) * | 2004-05-27 | 2005-12-01 | Hewlett-Packard Development Company, L.P. | Network administration |
| US20060005240A1 (en) * | 2004-06-30 | 2006-01-05 | Prabakar Sundarrajan | System and method for establishing a virtual private network |
| US20060075464A1 (en) * | 2004-10-01 | 2006-04-06 | Microsoft Corporation | Access authorization API |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5987611A (en) * | 1996-12-31 | 1999-11-16 | Zone Labs, Inc. | System and methodology for managing internet access on a per application basis for client computers connected to the internet |
| US7096495B1 (en) * | 2000-03-31 | 2006-08-22 | Intel Corporation | Network session management |
| CA2521563C (en) * | 2004-09-28 | 2016-10-18 | Layer 7 Technologies Inc. | System and method for bridging identities in a service oriented archite cture |
| US20060130135A1 (en) * | 2004-12-10 | 2006-06-15 | Alcatel | Virtual private network connection methods and systems |
-
2007
- 2007-08-02 CN CN201310292412.2A patent/CN103384250B/zh active Active
- 2007-08-02 AU AU2007281166A patent/AU2007281166B2/en not_active Ceased
- 2007-08-02 WO PCT/US2007/075035 patent/WO2008017011A2/en active Application Filing
-
2010
- 2010-07-27 HK HK10107195.6A patent/HK1140883A1/xx not_active IP Right Cessation
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2002079949A2 (en) * | 2001-03-30 | 2002-10-10 | Netscreen Technologies, Inc. | Internet security system |
| EP1418730A2 (en) * | 2002-11-06 | 2004-05-12 | AT&T Corp. | Virtual private network crossovers based on certificates |
| US20040177359A1 (en) * | 2003-03-07 | 2004-09-09 | Bauch David James | Supporting the exchange of data by distributed applications |
| US20050132030A1 (en) * | 2003-12-10 | 2005-06-16 | Aventail Corporation | Network appliance |
| US20050265351A1 (en) * | 2004-05-27 | 2005-12-01 | Hewlett-Packard Development Company, L.P. | Network administration |
| US20060005240A1 (en) * | 2004-06-30 | 2006-01-05 | Prabakar Sundarrajan | System and method for establishing a virtual private network |
| US20060075464A1 (en) * | 2004-10-01 | 2006-04-06 | Microsoft Corporation | Access authorization API |
Also Published As
| Publication number | Publication date |
|---|---|
| AU2007281166A1 (en) | 2008-02-07 |
| CN103384250B (zh) | 2017-04-26 |
| WO2008017011A2 (en) | 2008-02-07 |
| WO2008017011A3 (en) | 2008-07-03 |
| HK1140883A1 (en) | 2010-10-22 |
| CN103384250A (zh) | 2013-11-06 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9497198B2 (en) | Systems and methods for application based interception of SSL/VPN traffic | |
| US9294439B2 (en) | Systems and methods for application-based interception of SSL/VPN traffic | |
| US7843912B2 (en) | Systems and methods of fine grained interception of network communications on a virtual private network | |
| US9253193B2 (en) | Systems and methods for policy based triggering of client-authentication at directory level granularity | |
| US8819809B2 (en) | Method and appliance for authenticating, by an appliance, a client to access a virtual private network connection, based on an attribute of a client-side certificate | |
| US8356101B2 (en) | Systems and methods for managing a plurality of user sessions in a virtual private network environment | |
| US9246878B2 (en) | Methods and systems for routing packets in a VPN-client-to-VPN-client connection via an SSL/VPN network appliance | |
| US8904475B2 (en) | Method and system for authorizing a level of access of a client to a virtual private network connection, based on a client-side attribute | |
| US7953889B2 (en) | Systems and methods for routing VPN traffic around network disruption | |
| US8484718B2 (en) | Systems and methods for enabling assured records using fine grained auditing of virtual private network traffic | |
| AU2007281166B2 (en) | Systems and methods for application-based interception and authorization of SSL/VPN traffic | |
| EP2070259B1 (en) | Systems and methods for using a client agent to manage icmp traffic in a virtual private network environment | |
| WO2008017030A2 (en) | System and method for routing traffic at a client via a first or a second transport layer connection |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| FGA | Letters patent sealed or granted (standard patent) | ||
| MK14 | Patent ceased section 143(a) (annual fees not paid) or expired |