Automated sensing of network conditions for dynamically provisioning efficient VPN tunnels

US 10,084,642 B2
Filed: 08/11/2017
Issued: 09/25/2018
Est. Priority Date: 06/02/2015
Status: Active Grant

First Claim

Patent Images

1. A tangible, non-transitory, machine-readable medium storing instructions that when executed by one or more processors effectuate operations comprising:

executing, with one or more processors, a virtual private network client application on a client computing device;

connecting, with one or more processors, the client computing device to a virtual private network server via one or more virtual private network connections, wherein;

the one or more virtual private network connection each form an encrypted tunnel between the client computing device and the virtual private network server;

the one or more virtual private network connections apply different respective sets of configuration settings to configure the respective virtual private network connection;

the different respective sets of configuration settings are applied concurrently on different virtual private network connections, on the same virtual private network connection at different times, or both;

the different respective sets of configuration settings each include a plurality of different adjustable parameters by which virtual private network connections between the client computing device and the virtual private network server are configured; and

each of the parameters takes a different value between at least one pair of the different respective sets of configuration settings;

communicating or attempting to communicate, with one or more processors, between the client computing device and the virtual private network server via each of the one or more virtual private network connections while the different sets of configuration settings are applied;

sensing, with one or more processors, a plurality of sets of one or more metrics of network conditions of the one or more virtual private network connections during communicating or attempting to communicate while the different sets of configuration settings are applied;

selecting, with one or more processors, a set of configuration settings from among the different respective sets of configuration settings based on the plurality of sets of one or more metrics;

communicating, with one or more processors, between the virtual private network server and the client computing device with a virtual private network connection configured with the selected set of configuration settings; and

logging data descriptive of at least some communication between the virtual private network server and the client computing device in tamper-evident, immutable data repository having a directed acyclic graph with edges defined at least in part by cryptographic hash pointers, wherein;

virtual private network connection settings are automatically configured based on sensed network conditions;

a plurality of different virtual private network connections are formed concurrently between the client computing device and the virtual private server and a plurality of different sets of configuration settings are tested concurrently;

the virtual private network client, the virtual private network server, or both, are configured to;

iterate through different ones of the configuration settings;

calculate respective network condition scores based on the sensed metrics of network conditions; and

select the set of configuration settings based on a set of configuration settings producing a highest or lowest score;

the sensed network conditions include metrics indicative of each of the following;

ability to communicate any data, packet loss, latency, and bandwidth;

the plurality of different adjustable parameters of each set of configuration settings comprise each of the following;

port number, transport layer protocol, destination address, and virtual private network protocol; and

the adjustable parameters are optimized;

with a brute force search of every permutation in a parameter space of the adjustable parameters;

orone at a time with greedy optimization algorithm.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Provided is a process including: executing a virtual private network client application on a client computing device; communicating between the client computing device and a virtual private network server; sensing network conditions of a virtual private network connection; and selecting a set of configuration settings from among the different respective sets of configuration settings based on the network conditions.

23 Citations

View as Search Results

26 Claims

1. A tangible, non-transitory, machine-readable medium storing instructions that when executed by one or more processors effectuate operations comprising:
- executing, with one or more processors, a virtual private network client application on a client computing device;
  
  connecting, with one or more processors, the client computing device to a virtual private network server via one or more virtual private network connections, wherein;
  
  the one or more virtual private network connection each form an encrypted tunnel between the client computing device and the virtual private network server;
  
  the one or more virtual private network connections apply different respective sets of configuration settings to configure the respective virtual private network connection;
  
  the different respective sets of configuration settings are applied concurrently on different virtual private network connections, on the same virtual private network connection at different times, or both;
  
  the different respective sets of configuration settings each include a plurality of different adjustable parameters by which virtual private network connections between the client computing device and the virtual private network server are configured; and
  
  each of the parameters takes a different value between at least one pair of the different respective sets of configuration settings;
  
  communicating or attempting to communicate, with one or more processors, between the client computing device and the virtual private network server via each of the one or more virtual private network connections while the different sets of configuration settings are applied;
  
  sensing, with one or more processors, a plurality of sets of one or more metrics of network conditions of the one or more virtual private network connections during communicating or attempting to communicate while the different sets of configuration settings are applied;
  
  selecting, with one or more processors, a set of configuration settings from among the different respective sets of configuration settings based on the plurality of sets of one or more metrics;
  
  communicating, with one or more processors, between the virtual private network server and the client computing device with a virtual private network connection configured with the selected set of configuration settings; and
  
  logging data descriptive of at least some communication between the virtual private network server and the client computing device in tamper-evident, immutable data repository having a directed acyclic graph with edges defined at least in part by cryptographic hash pointers, wherein;
  
  virtual private network connection settings are automatically configured based on sensed network conditions;
  
  a plurality of different virtual private network connections are formed concurrently between the client computing device and the virtual private server and a plurality of different sets of configuration settings are tested concurrently;
  
  the virtual private network client, the virtual private network server, or both, are configured to;
  
  iterate through different ones of the configuration settings;
  
  calculate respective network condition scores based on the sensed metrics of network conditions; and
  
  select the set of configuration settings based on a set of configuration settings producing a highest or lowest score;
  
  the sensed network conditions include metrics indicative of each of the following;
  
  ability to communicate any data, packet loss, latency, and bandwidth;
  
  the plurality of different adjustable parameters of each set of configuration settings comprise each of the following;
  
  port number, transport layer protocol, destination address, and virtual private network protocol; and
  
  the adjustable parameters are optimized;
  
  with a brute force search of every permutation in a parameter space of the adjustable parameters;
  
  orone at a time with greedy optimization algorithm.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The medium of claim 1, wherein:
    - the different respective sets of configuration settings each include more than three different adjustable parameters by which virtual private network connections between the client computing device and the virtual private network server are configured; and
      
      each of the variable parameters has three or more different respective options among the different respective sets of configuration settings.
  - 3. The medium of claim 1, wherein:
    - the virtual private network connection settings are automatically configured based on sensed network conditions within a parameter space of more than 20 different permutations of configuration settings; and
      
      subsequent connections are initialized to a last-used connection stored in local memory or a remote data store.
  - 4. The medium of claim 1, wherein:
    - the virtual private network connection settings are automatically configured based on sensed network conditions within a parameter space of more than 10,000 different permutations of configuration settings.
  - 5. The medium of claim 1, wherein:
    - the virtual private network client, the virtual private network server, or both, are configured to iterate through different ones of the configuration settings until sensed metrics of network conditions satisfy a threshold.
  - 6. The medium of claim 1, wherein:
    - the sensed network conditions include metrics indicative of two or more of the following;
      
      ability to communicate any data, packet loss, latency, or bandwidth.
  - 7. The medium of claim 1, wherein:
    - the plurality of different adjustable parameters of each set of configuration settings comprise at least two of the following;
      
      port number, transport layer protocol, destination address, or virtual private network protocol.
  - 8. The medium of claim 1, wherein:
    - the virtual private network server is configured to concurrently participate in virtual private network connections with more than 256 different computing devices.
  - 9. The medium of claim 1, wherein:
    - the adjustable parameters are optimized one at a time with an optimization algorithm.
  - 10. The medium of claim 1, wherein the operations comprise:
    - storing a security credential, or cryptographic hash value based on the security credential, by which the client computing device is authenticated to the virtual private network server in a tamper-evident, immutable data repository.
  - 11. The medium of claim 1, wherein the operations comprise:
    - receiving a request with a network controller to quarantine the client computing device or a user of the client computing device; and
      
      in response to the request, communicating a message between the network controller and the virtual private network server that causes the virtual private network server to prevent at least some communications from the client computing device from reaching a destination network address.
  - 12. The medium of claim 1, wherein the operations comprise:
    - applying a plurality of rules with an internal controls engine to network traffic from the client computing device communicated via the virtual private network connection configured with the selected set of configuration settings; and
      
      detecting that the network traffic satisfies criteria of a given rule and, in response, effectuating an action specified, at least in part, by the given rule.
  - 13. The medium of claim 1, wherein the operations comprise:
    - executing an operating system on the client computing device;
      
      executing an operating system on the virtual private network server;
      
      communicating via a local area network; and
      
      executing a plurality of enterprise software applications accessed via the virtual private network connection formed with selected set of configuration settings.

14. A method, comprising:
- executing, with one or more processors, a virtual private network client application on a client computing device;
  
  connecting, with one or more processors, the client computing device to a virtual private network server via one or more virtual private network connections, wherein;
  
  the one or more virtual private network connection each form an encrypted tunnel between the client computing device and the virtual private network server;
  
  the one or more virtual private network connections apply different respective sets of configuration settings to configure the respective virtual private network connection;
  
  the different respective sets of configuration settings are applied concurrently on different virtual private network connections, on the same virtual private network connection at different times, or both;
  
  the different respective sets of configuration settings each include a plurality of different adjustable parameters by which virtual private network connections between the client computing device and the virtual private network server are configured; and
  
  each of the parameters takes a different value between at least one pair of the different respective sets of configuration settings;
  
  communicating or attempting to communicate, with one or more processors, between the client computing device and the virtual private network server via each of the one or more virtual private network connections while the different sets of configuration settings are applied;
  
  sensing, with one or more processors, a plurality of sets of one or more metrics of network conditions of the one or more virtual private network connections during communicating or attempting to communicate while the different sets of configuration settings are applied;
  
  selecting, with one or more processors, a set of configuration settings from among the different respective sets of configuration settings based on the plurality of sets of one or more metrics;
  
  communicating, with one or more processors, between the virtual private network server and the client computing device with a virtual private network connection configured with the selected set of configuration settings; and
  
  logging data descriptive of at least some communication between the virtual private network server and the client computing device in tamper-evident, immutable data repository having a directed acyclic graph with edges defined at least in part by cryptographic hash pointers, wherein;
  
  virtual private network connection settings are automatically configured based on sensed network conditions;
  
  a plurality of different virtual private network connections are formed concurrently between the client computing device and the virtual private server and a plurality of different sets of configuration settings are tested concurrently;
  
  the virtual private network client, the virtual private network server, or both, are configured to;
  
  iterate through different ones of the configuration settings;
  
  calculate respective network condition scores based on the sensed metrics of network conditions; and
  
  select the set of configuration settings based on a set of configuration settings producing a highest or lowest score;
  
  the sensed network conditions include metrics indicative of each of the following;
  
  ability to communicate any data, packet loss, latency, and bandwidth;
  
  the plurality of different adjustable parameters of each set of configuration settings comprise each of the following;
  
  port number, transport layer protocol, destination address, and virtual private network protocol; and
  
  the adjustable parameters are optimized;
  
  with a brute force search of every permutation in a parameter space of the adjustable parameters;
  
  orone at a time with greedy optimization algorithm.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
- - 15. The method of claim 14, wherein:
    - the different respective sets of configuration settings each include more than three different adjustable parameters by which virtual private network connections between the client computing device and the virtual private network server are configured; and
      
      each of the variable parameters has three or more different respective options among the different respective sets of configuration settings.
  - 16. The method of claim 14, wherein:
    - the virtual private network connection settings are automatically configured based on sensed network conditions within a parameter space of more than 20 different permutations of configuration settings; and
      
      subsequent connections are initialized to a last-used connection stored in local memory or a remote data store.
  - 17. The method of claim 14, wherein:
    - the virtual private network connection settings are automatically configured based on sensed network conditions within a parameter space of more than 10,000 different permutations of configuration settings.
  - 18. The method of claim 14, wherein:
    - the virtual private network client, the virtual private network server, or both, are configured to iterate through different ones of the configuration settings until sensed metrics of network conditions satisfy a threshold.
  - 19. The method of claim 14, wherein:
    - the sensed network conditions include metrics indicative of two or more of the following;
      
      ability to communicate any data, packet loss, latency, or bandwidth.
  - 20. The method of claim 14, wherein:
    - the plurality of different adjustable parameters of each set of configuration settings comprise at least two of the following;
      
      port number, transport layer protocol, destination address, or virtual private network protocol.
  - 21. The method of claim 14, wherein:
    - the virtual private network server is configured to concurrently participate in virtual private network connections with more than 256 different computing devices.
  - 22. The method of claim 14, wherein:
    - the adjustable parameters are optimized one at a time with an optimization algorithm.
  - 23. The method of claim 14, comprising:
    - storing a security credential, or cryptographic hash value based on the security credential, by which the client computing device is authenticated to the virtual private network server in a tamper-evident, immutable data repository.
  - 24. The method of claim 14, comprising:
    - receiving a request with a network controller to quarantine the client computing device or a user of the client computing device; and
      
      in response to the request, communicating a message between the network controller and the virtual private network server that causes the virtual private network server to prevent at least some communications from the client computing device from reaching a destination network address.
  - 25. The method of claim 14, comprising:
    - applying a plurality of rules with an internal controls engine to network traffic from the client computing device communicated via the virtual private network connection configured with the selected set of configuration settings; and
      
      detecting that the network traffic satisfies criteria of a given rule and, in response, effectuating an action specified, at least in part, by the given rule.
  - 26. The method of claim 14, comprising:
    - executing an operating system on the client computing device;
      
      executing an operating system on the virtual private network server;
      
      communicating via a local area network; and
      
      executing a plurality of enterprise software applications accessed via the virtual private network connection formed with selected set of configuration settings.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Altr Solutions, Inc.
Original Assignee
Altr Solutions, Inc.
Inventors
Goldfarb, Scott Nathaniel, Struttmann, Christopher Edward
Primary Examiner(s)
Srivastava, Vivek
Assistant Examiner(s)
Raza, Muhammad

Application Number

US15/675,554
Publication Number

US 20170366395A1
Time in Patent Office

410 Days
Field of Search
US Class Current
CPC Class Codes

H04L 12/4633   Interconnection of networks...

H04L 12/4641   Virtual LANs, VLANs, e.g. v...

H04L 41/0803   Configuration setting

H04L 41/12   Discovery or management of ...

H04L 41/22   comprising specially adapte...

H04L 41/40   using virtualisation of net...

H04L 43/08   Monitoring or testing based...

H04L 43/0811   by checking connectivity

H04L 43/0829   Packet loss

H04L 43/0852   Delays

H04L 43/0894   Packet rate

H04L 43/16   Threshold monitoring

H04L 43/20   the monitoring system or th...

H04L 63/0272   Virtual private networks

H04L 67/01   Protocols

H04L 67/10   in which an application is ...

H04L 69/22   Parsing or analysis of headers

Automated sensing of network conditions for dynamically provisioning efficient VPN tunnels

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

23 Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

Automated sensing of network conditions for dynamically provisioning efficient VPN tunnels

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

23 Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links