Patent application number | Description | Published |
20080222363 | SYSTEMS AND METHODS OF MAINTAINING FRESHNESS OF A CACHED OBJECT BASED ON DEMAND AND EXPIRATION TIME - A device that implements a method for performing integrated caching in a data communication network. The device is configured to receive a packet from a client over the data communication network, wherein the packet includes a request for an object. At the operating system/kernel level of the device, one or more of decryption processing of the packet, authentication and/or authorization of the client, and decompression of the request occurs prior to and integrated with caching operations. The caching operations include determining if the object resides within a cache, serving the request from the cache in response to a determination that the object is stored within the cache, and sending the request to a server in response to a determination that the object is not stored within the cache. | 09-11-2008 |
20100241846 | SYSTEM AND METHOD FOR ESTABLISHING A VIRTUAL PRIVATE NETWORK - A system and method for establishing a virtual private network (VPN) between a client and a private data communication network. An encrypted data communication session, such as a—Secure Sockets Layer (SSL) data communication session, is established between a gateway and the client over a public data communication network. The gateway then sends a programming component to the client for automatic installation and execution thereon. The programming component operates to intercept communications from client applications destined for resources on the private data communication network and to send the intercepted communications to the gateway via the encrypted data communication session instead of to the resources on the private data communication network. | 09-23-2010 |
20100281162 | SYSTEMS AND METHODS OF PROVIDING SERVER INITIATED CONNECTIONS ON A VIRTUAL PRIVATE NETWORK - The present invention is related to a method for establishing via an appliance a transport layer protocol connection initiated by a server on a first network to a client connected from a second network to the first network via a secure socket layer virtual private network (SSL VPN) connection. The method includes the step of receiving, by an appliance, a transport layer connection request from a server on a first network to connect to a client connected to the first network via a SSL VPN connection from a second network. The transport layer connection request identifies a client destination internet protocol address and a client destination port on the first network. The method includes establishing, by the appliance, a first transport layer connection to the server on the first network, determining, by the appliance, the client on the second network associated with the client destination internet protocol address on the first network, and transmitting, by the appliance, connection information identifying the client destination port to an agent on the client. The agent establishes a second transport layer connection to the client destination port using a local internet protocol address of the client on the second network and establishes a third transport layer connection to the appliance, which it associates with the second transport layer connection. | 11-04-2010 |
20100281217 | SYSTEM AND METHOD FOR PERFORMING ENTITY TAG AND CACHE CONTROL OF A DYNAMICALLY GENERATED OBJECT NOT IDENTIFIED AS CACHEABLE IN A NETWORK - The present invention is directed towards a method and system for modifying by a cache responses from a server that do not identify a dynamically generated object as cacheable to identify the dynamically generated object to a client as cacheable in the response. In some embodiments, such as an embodiment handling HTTP requests and responses for objects, the techniques of the present invention insert an entity tag, or “etag” into the response to provide cache control for objects provided without entity tags and/or cache control information from an originating server. This technique of the present invention provides an increase in cache hit rates by inserting information, such as entity tag and cache control information for an object, in a response to a client to enable the cache to check for a hit in a subsequent request. | 11-04-2010 |
20110145330 | SYSTEM AND METHOD FOR PERFORMING FLASH CROWD CACHING OF DYNAMICALLY GENERATED OBJECTS IN A DATA COMMUNICATION NETWORK - The present invention is directed towards a “flash crowd” technique for handling situations where the cache receives additional requests, e.g., nearly simultaneous requests, for the same object during the time the server is processing and returning the response object for a first requestor. Once all such nearly simultaneous requests are responded to by the cache, the object is flushed from the cache, with no additional expiry time or invalidation action needed. This technique of the present invention enables data to be cached and served for very small amounts of time for objects that would otherwise be considered non-cacheable. As such, this technique yields a significant improvement in applications that serve fast changing data to a large volume of concurrent users, such, for example, as real time stock quotes, or a fast evolving news story. | 06-16-2011 |
20110153721 | SYSTEMS AND METHODS FOR POLICY BASED INTEGRATION TO HORIZONTALLY DEPLOYED WAN OPTIMIZATION APPLIANCES - The present disclosure presents systems and methods for policy based redirection of network traffic, by an intermediary device, to a horizontally deployed WAN device. An intermediary receives a request from a client to access a server. The request was previously modified by a first WAN device to include information in a first option field of a transport layer. The intermediary may determine, responsive to a redirection policy, to send the request to a second WAN optimization device deployed horizontally from the intermediary, instead of the server. The intermediary transmits the request to the second WAN optimization device, while maintaining the information from the first option field. The intermediary device receives the request including the information in the first option field identifying the first WAN optimization device to the second WAN optimization device. The intermediary receives a modified request from the second WAN device, the modified request determined by the intermediary to be sent to the destination server. | 06-23-2011 |
20110277027 | Systems and Methods for Providing a Single Click Access to Enterprise, SAAS and Cloud Hosted Application - The present disclosure is directed to methods and systems of providing a user-selectable list of disparately hosted applications. A device intermediary to a client and one or more servers may receive a user request to access a list of applications published to the user. The device may communicate to the client the list of published applications available to the user, the list comprising graphical icons corresponding to disparately hosted applications, at least one graphical icon corresponding to a third-party hosted application of the disparately hosted applications, the third party hosted application served by a remote third-party server. The device may receive a selection from the user of the at least one graphical icon. The device may communicate, from the remote third party server to the client of the user, execution of the third party hosted application responsive to the selection by the user. | 11-10-2011 |
20120131208 | SYSTEMS AND METHODS FOR MANAGING A PLURALITY OF USER SESSIONS IN A VIRTUAL PRIVATE NETWORK ENVIRONMENT - Methods for establishing an SSL/VPN session on behalf of a user of a client where the user has a previously existing session are described. Methods include receiving, by an appliance, a request from a first client operated by a user to establish a virtual private network session; creating, by the appliance, a temporary virtual private network session with the client; identifying, by the appliance, an existing virtual private network session previously established on behalf of the user; terminating the previous session; and creating a new virtual private network session with the client using the temporary session. Other methods may further include transmitting a request to a user corresponding to whether to terminate one or more previous sessions, and transferring session data from a previously existing session to a current session. Corresponding systems are also described. | 05-24-2012 |
20120317411 | SYSTEM AND METHOD FOR ESTABLISHING A VIRTUAL PRIVATE NETWORK - A system and method for establishing a virtual private network (VPN) between a client and a private data communication network. An encrypted data communication session, such as a-Secure Sockets Layer (SSL) data communication session, is established between a gateway and the client over a public data communication network. The gateway then sends a programming component to the client for automatic installation and execution thereon. The programming component operates to intercept communications from client applications destined for resources on the private data communication network and to send the intercepted communications to the gateway via the encrypted data communication session instead of to the resources on the private data communication network. | 12-13-2012 |
20130132472 | METHOD AND DEVICE FOR PERFORMING CACHING OF DYNAMICALLY GENERATED OBJECTS IN A DATA COMMUNICATION NETWORK - A method for maintaining a cache of dynamically generated objects. The method includes storing in the cache dynamically generated objects previously served from an originating server to a client. A communication between the client and server is intercepted by the cache. The cache parses the communication to identify an object determinant and to determine whether the object determinant indicates whether a change has occurred or will occur in an object at the originating server. The cache marks the object stored in the cache as invalid if the object determinant so indicates. If the object has been marked as invalid, the cache retrieves the object from the originating server. | 05-23-2013 |
20130152162 | METHOD AND SYSTEM FOR AUTHORIZING A LEVEL OF ACCESS OF A CLIENT TO A VIRTUAL PRIVATE NETWORK CONNECTION, BASED ON A CLIENT-SIDE ATTRIBUTE - An appliance and method for authorizing a level of access of a client to a virtual private network connection, based on a client-side attribute includes the step of establishing, by an appliance, a control connection with a client upon receiving a client request to establish a virtual private network connection with a network. The appliance transmits, via the control connection, a request to the client to evaluate at least one clause of a security string, the at least one clause including an expression associated with a client-side attribute. The client transmits, via the control connection, a response to the appliance comprising a result of evaluating the at least one clause by the client. The appliance assigns the client to an authorization group based on the result of evaluation of the at least one clause. | 06-13-2013 |
20130212667 | METHOD AND APPLIANCE FOR AUTHENTICATING, BY AN APPLIANCE, A CLIENT TO ACCESS A VIRTUAL PRIVATE NETWORK CONNECTION, BASED ON AN ATTRIBUTE OF A CLIENT-SIDE CERTIFICATE - In a method and appliance for authenticating, by an appliance, a client to access a virtual network connection, based on an attribute of a client-side certificate, a client authentication certificate is requested from a client. A value of at least one field in the client authentication certificate received from the client is identified. One of a plurality of types of access is assigned responsive to an application of a policy to the identified value of the at least one field, each of the plurality of access types associated with at least one connection characteristic. | 08-15-2013 |
20130304881 | SYSTEMS AND METHODS FOR MANAGING APPLICATION SECURITY PROFILES - A method for intercepting, by an agent of a client, communications from the client to be transmitted via a virtual private network connection includes the step of intercepting communications based on identification of an application from which the communication originates. The agent receives information identifying a first application. The agent determines a network communication transmitted by the client originates from the first application and intercepts that communication. The agent transmits the intercepted communication via the virtual private network connection. | 11-14-2013 |
20140109202 | SYSTEMS AND METHODS FOR USING A CLIENT AGENT TO MANAGE HTTP AUTHENTICATION COOKIES - Systems and methods are described for using a client agent to manage HTTP authentication cookies. One method includes intercepting, by a client agent executing on a client, a connection request from the client; establishing, by the client agent, a transport layer virtual private network connection with a network appliance; transmitting, by the client agent via the established connection, an HTTP request comprising an authentication cookie; and transmitting, by the client agent via the connection, the connection request. A second method includes intercepting, by a client agent executing on a client, an HTTP communication comprising a cookie from an appliance on a virtual private network to the client; removing, by the client agent, the cookie from the HTTP communication; storing, by the client agent, the received cookie; transmitting, by the client agent, the modified HTTP communication to an application executing on the client; intercepting, by the client agent, an HTTP request from the client; inserting, by the client agent in the HTTP request, the received cookie; and transmitting the modified HTTP request to the appliance. Corresponding systems are also described. | 04-17-2014 |
20140344345 | SYSTEMS AND METHODS FOR USING AN HTTP-AWARE CLIENT AGENT - Systems and methods are described for using a client agent operating in a virtual private network environment to intercept HTTP communications. Methods include: intercepting at the network layer, by a client agent executing on a client, an HTTP request from an application executing on the client; modifying the HTTP request; and transmitting, via a transport layer connection, the modified HTTP request to a server. Additional methods may comprise adding, removing, or modifying at least one cookie in the HTTP request. Still other methods may comprise modifying at least one name-value pair contained in the HTTP request. Corresponding systems are also described. | 11-20-2014 |
20140344891 | SYSTEMS AND METHODS FOR ENHANCED CLIENT SIDE POLICY - An appliance and method for authorizing a level of access of a client to a virtual private network connection, based on a client-side attribute includes the step of establishing, by an appliance, a control connection with a client upon receiving a client request to establish a virtual private network connection with a network. The appliance transmits, via the control connection, a request to the client to evaluate at least one clause of a security string, the at least one clause including an expression associated with a client-side attribute. The client transmits, via the control connection, a response to the appliance comprising a result of evaluating the at least one clause by the client. The appliance assigns the client to an authorization group based on the result of evaluation of the at least one clause. | 11-20-2014 |
20150020220 | SYSTEMS AND METHODS FOR APPLICATION BASED INTERCEPTION OF SSL/VPN TRAFFIC - A method for allowing or denying, by an appliance, access to a resource by an application on a client via a virtual private network connection includes basing the decision to allow or deny access on identification of the application. The appliance intercepts a request from an application on a client on a first network to access via a virtual private network connection a resource on a second network. The appliance identifies the application and associates with the intercepted request an authorization policy based on the identity of the application. The appliance determines, using the authorization policy and the identity of the application, to either allow or deny access by the application to the resource. | 01-15-2015 |
20150128227 | SYSTEMS AND METHODS FOR USING AN HTTP-AWARE CLIENT AGENT - Systems and methods are described for using a client agent operating in a virtual private network environment to intercept HTTP communications. Methods include: intercepting at the network layer, by a client agent executing on a client, an HTTP request from an application executing on the client; modifying the HTTP request; and transmitting, via a transport layer connection, the modified HTTP request to a server. Additional methods may comprise adding, removing, or modifying at least one cookie in the HTTP request. Still other methods may comprise modifying at least one name-value pair contained in the HTTP request. Corresponding systems are also described. | 05-07-2015 |
20150244781 | SYSTEMS AND METHODS FOR POLICY BASED INTEGRATION TO HORIZONTALLY DEPLOYED WAN OPTIMIZATION APPLIANCES - The present disclosure presents systems and methods for policy based redirection of network traffic, by an intermediary device, to a horizontally deployed WAN device. An intermediary receives a request from a client to access a server. The request was previously modified by a first WAN device to include information in a first option field of a transport layer. The intermediary may determine, responsive to a redirection policy, to send the request to a second WAN optimization device deployed horizontally from the intermediary, instead of the server. The intermediary transmits the request to the second WAN optimization device, while maintaining the information from the first option field. The intermediary device receives the request including the information in the first option field identifying the first WAN optimization device to the second WAN optimization device. The intermediary receives a modified request from the second WAN device, the modified request determined by the intermediary to be sent to the destination server. | 08-27-2015 |
Patent application number | Description | Published |
20090301363 | Self-contained Heating Unit and Drug-Supply Unit Employing Same - Heating units, drug supply units and drug delivery articles capable of rapid heating are disclosed. Heating units comprising a substrate and a solid fuel capable of undergoing an exothermic metal oxidation reaction disposed within the substrate are disclosed. These heating units can be actuated by electrical resistance, by optical ignition or by percussion. Drug supply units and drug delivery articles wherein a solid fuel is configured to heat a substrate to a temperature sufficient to rapidly thermally vaporize a drug disposed thereon are also disclosed. | 12-10-2009 |
20100065052 | Heating Units - A heating unit comprises a substrate having a first surface and a second surface. A chemical reactant material capable of undergoing an exothermic reaction is disposed on at least a portion of the first surface of the substrate. An igniter is in proximity with the chemical reactant material. A layer of adhesive material overlays at least a portion of at least one of the chemical reactant material and the first surface of the substrate. Other embodiments of the heating unit include a first and a second substrate, each having first and second surfaces positioned with the first surfaces opposing each other in a sandwich construction. A chemical reactant material is disposed on at least a portion of the first surface of at least one of the substrates. The first and the second substrates are sealed together to define a cavity containing the chemical reactant material and an igniter is provided in proximity with the chemical reactant material. | 03-18-2010 |
20130180516 | Self-contained Heating Unit and Drug-Supply Unit Employing Same - Heating units, drug supply units and drug delivery articles capable of rapid heating are disclosed. Heating units comprising a substrate and a solid fuel capable of undergoing an exothermic metal oxidation reaction disposed within the substrate are disclosed. These heating units can be actuated by electrical resistance, by optical ignition or by percussion. Drug supply units and drug delivery articles wherein a solid fuel is configured to heat a substrate to a temperature sufficient to rapidly thermally vaporize a drug disposed thereon are also disclosed. | 07-18-2013 |
20140079777 | DRY POWDER VANCOMYCIN COMPOSITIONS AND ASSOCIATED METHODS - Dry powder vancomycin compositions and methods for administering and preparing such compositions are provided. | 03-20-2014 |
20150224077 | Methods for the Treatment of Systemic Disorders Treatable with Mast Cell Stabilizers, including Mast Cell Related Disorders - Methods for the treatment of systemic disorders treatable with mast cell stabilizers, including mast cell related disorders, are provided. | 08-13-2015 |
20150224078 | Methods for the Treatment of Lung Diseases with Mast Cell Stabilizers - Methods for the treatment of lung diseases with mast cell stabilizers are provided. | 08-13-2015 |
20150265783 | Self-Contained Heating Unit and Drug-Supply Unit Employing Same - Heating units, drug supply units and drug delivery articles capable of rapid heating are disclosed. Heating units comprising a substrate and a solid fuel capable of undergoing an exothermic metal oxidation reaction disposed within the substrate are disclosed. These heating units can be actuated by electrical resistance, by optical ignition or by percussion. Drug supply units and drug delivery articles wherein a solid fuel is configured to heat a substrate to a temperature sufficient to rapidly thermally vaporize a drug disposed thereon are also disclosed. | 09-24-2015 |
20150297557 | Methods for the Treatment of Systemic Disorders Treatable with Mast Cell Stabilizers, Including Mast Cell Related Disorders - Methods for the treatment of systemic disorders treatable with mast cell stabilizers, including mast cell related disorders, are provided. | 10-22-2015 |
20160089330 | DRY POWDER VANCOMYCIN COMPOSITIONS AND ASSOCIATED METHODS - Dry powder vancomycin compositions and methods for administering and preparing such compositions are provided. | 03-31-2016 |