Methods and systems for identifying data sessions at a VPN gateway
First Claim
1. A method for transmitting data packets from a host to a destination via a virtual private network (VPN) connection at a first VPN gateway, the method comprising:
- A) receiving encapsulated packets via the VPN connection, wherein the encapsulated packets encapsulate the data packets originated from the host;
B) decapsulating the encapsulated packets to retrieve the data packets;
C) determining whether the data packets originated from an IoT device based on a control message received from a second VPN gateway;
D) when the host is the IoT device;
i) performing deep packet inspection (DPI) on the data packets;
ii) determining whether the data packets are allowed to be transmitted to the destination;
iii) transmitting the data packets when the data packets are allowed to be transmitted to the destination;
iv) storing the data packets for further processing when the data packets are not allowed to be transmitted to the destination;
E) when the host is not an IoT device;
i) performing deep packet inspection (DPI) on the data packets for collecting information on the data packets to update a DPI database; and
ii) transmitting the data packets to the destination.
2 Assignments
0 Petitions
Accused Products
Abstract
Methods and systems for transmitting data packets from a host to a destination via a virtual private network (VPN) connection at a VPN gateway. VPN gateway receives encapsulated packets via the VPN connection. The encapsulated packets encapsulate the data packets originated from the host. VPN gateway decapsulates the encapsulated packets to retrieve the data packets. VPN gateway determines whether the data packets originated from an IoT device based on IP address of the host. When the host is the IoT device, VPN gateway performs deep packet inspection (DPI) on the data packets. VPN gateway determines whether the data packets are allowed to be transmitted to the destination. When the data packets are allowed to be transmitted to the destination, VPN gateway transmits the data packets to the destination.
-
Citations
20 Claims
-
1. A method for transmitting data packets from a host to a destination via a virtual private network (VPN) connection at a first VPN gateway, the method comprising:
-
A) receiving encapsulated packets via the VPN connection, wherein the encapsulated packets encapsulate the data packets originated from the host; B) decapsulating the encapsulated packets to retrieve the data packets; C) determining whether the data packets originated from an IoT device based on a control message received from a second VPN gateway; D) when the host is the IoT device; i) performing deep packet inspection (DPI) on the data packets; ii) determining whether the data packets are allowed to be transmitted to the destination; iii) transmitting the data packets when the data packets are allowed to be transmitted to the destination; iv) storing the data packets for further processing when the data packets are not allowed to be transmitted to the destination; E) when the host is not an IoT device; i) performing deep packet inspection (DPI) on the data packets for collecting information on the data packets to update a DPI database; and ii) transmitting the data packets to the destination. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 10)
-
-
9. A method for transmitting data packets from a host to a destination via a virtual private network (VPN) connection at a first VPN gateway, the method comprising:
-
E) receiving encapsulated packets via the VPN connection, wherein the encapsulated packets encapsulate the data packets originated from the host; F) decapsulating the encapsulated packets to retrieve the data packets; G) determining whether the data packets originated from an IoT device based on a control message received from a second VPN gateway; H) wherein when the host is the IoT device; i) determining whether an address of the destination is on a whitelist; ii) transmitting the data packets when the address of the destination is on the whitelist; iii) storing the data packets for further processing when the address of the destination is not on the whitelist; and I) when the host is not an IoT device; i) transmitting the data packets to the destination.
-
-
11. A first VPN gateway for transmitting data packets transmitted from a host to a destination via a VPN connection, comprising:
-
at least one network interface; at least one processing unit; at least one main memory; and at least one computer readable storage medium comprising program instructions executable by the at least one processing unit for; A) receiving encapsulated packets via the VPN connection, wherein the encapsulated packets encapsulate the data packets originated from the host; B) decapsulating the encapsulated packets to retrieve the data packets; C) determining whether the data packets originated from an IoT device based on a control message received from a second VPN gateway; D) when the host is the IoT device; i) performing deep packet inspection (DPI) on the data packets; ii) determining whether the data packets are allowed to be transmitted to the destination; iii) transmitting the data packets when the data packets are allowed to be transmitted to the destination; iv) storing the data packets for further processing when the data packets are not allowed to be transmitted to the destination; E) when the host is not an IoT device; i) performing deep packet inspection (DPI) on the data packets for collecting information on the data packets to update a DPI database; and ii) transmitting the data packets to the destination. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 20)
-
-
19. A first VPN gateway for transmitting data packets transmitted from a host to a destination via a VPN connection, comprising:
-
at least one network interface; at least one processing unit; at least one main memory; and at least one computer readable storage medium comprising program instructions executable by the at least one processing unit for; E) receiving encapsulated packets via the VPN connection, wherein the encapsulated packets encapsulate the data packets originated from the host; F) decapsulating the encapsulated packets to retrieve the data packets; G) determining whether the data packets originated from an IoT device based on a control message received from a second VPN gateway; H) wherein when the host is the IoT device; i) determining whether an address of the destination is on a whitelist; ii) transmitting the data packets when the address of the destination is on the whitelist; iii) storing the data packets for further processing when the address of the destination is not on the whitelist, and I) when the host is not an IoT device; i) transmitting the data packets to the destination.
-
Specification