Systems and methods for application-specific access to virtual private networks
First Claim
1. A method, performed at an electronic device that includes a processor, a memory, and a network interface, comprising:
- generating, by an application executing on the device, a request for a network data flow to a virtual private network (VPN);
comparing identification information associated with the application against a set of rules stored on the memory, wherein the set of rules identifies conditions for the application to be authorized to access the VPN;
establishing a connection for the network data flow upon the identification information satisfying the conditions for the application to access the VPN;
executing a VPN agent in user space, wherein the VPN agent includes a VPN plugin; and
diverting the network data flow to the VPN agent as opposed to entering a Transport Connection Protocol (TCP)/Internet Protocol (IP) stack, wherein the VPN plugin tunnels the network data flow over a VPN tunnel.
0 Assignments
0 Petitions
Accused Products
Abstract
Described herein are systems and methods utilizing application-specific access to a virtual private network (“VPN”). A method may comprise receiving, from an application executing on a device, a request for a network data flow to a private network, comparing identification information associated with the application against a set of rules stored on a memory of the device, wherein the set of rules identifies conditions for the application to be authorized to access the private network, and establishing a connection for the network data flow upon the identification information satisfying the conditions for the application to access the private network.
-
Citations
20 Claims
-
1. A method, performed at an electronic device that includes a processor, a memory, and a network interface, comprising:
-
generating, by an application executing on the device, a request for a network data flow to a virtual private network (VPN); comparing identification information associated with the application against a set of rules stored on the memory, wherein the set of rules identifies conditions for the application to be authorized to access the VPN; establishing a connection for the network data flow upon the identification information satisfying the conditions for the application to access the VPN; executing a VPN agent in user space, wherein the VPN agent includes a VPN plugin; and diverting the network data flow to the VPN agent as opposed to entering a Transport Connection Protocol (TCP)/Internet Protocol (IP) stack, wherein the VPN plugin tunnels the network data flow over a VPN tunnel. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A device, comprising:
-
a memory storing a plurality of rules; and a processor coupled to the memory and configured to perform actions that include; receiving a request for a network data flow to a virtual private network (VPN) from an application executing on the device; comparing identification information associated with the application against a set of rules stored on the device, wherein the set of rules identifies conditions for the application to be authorized to access the VPN; establishing a connection for the network data flow upon the identification information satisfying the conditions for the application to access the VPN; executing a VPN agent in user space, wherein the VPN agent includes a VPN plugin; and diverting the network data flow to the VPN agent as opposed to entering a Transport Connection Protocol (TCP)/Internet Protocol (IP) stack, wherein the VPN plugin tunnels the network data flow over a VPN tunnel. - View Dependent Claims (12, 13, 14, 15, 16)
-
-
17. A non-transitory computer readable storage medium with an executable program stored thereon, wherein the program instructs a processor to perform actions that include:
-
receiving, from an application executing on a device, a request for a network data flow to a virtual private network (VPN); comparing identification information associated with the application against a set of rules stored on the device, wherein the set of rules identifies conditions for the application to be authorized to access the VPN; establishing a connection for the network data flow upon the identification information satisfying the conditions for the application to access the VPN; executing a VPN agent in user space, wherein the VPN agent includes a VPN plugin; and diverting the network data flow from to the VPN agent as opposed to entering a Transport Connection Protocol (TCP)/Internet Protocol (IP) stack, wherein the VPN plugin tunnels the network data flow over a VPN tunnel. - View Dependent Claims (18, 19, 20)
-
Specification