System and method for establishing a virtual private network

US 20060005240A1
Filed: 01/24/2005
Published: 01/05/2006
Est. Priority Date: 06/30/2004
Status: Active Grant

First Claim

Patent Images

1. A method for establishing an encrypted virtual private network between a client and a private data communication network, wherein the client is connected to the private data communication network via a public data communication network, comprising:

establishing an encrypted data communication session with a client over the public data communication network; and

sending a programming component to the client for automatic installation and execution thereon in response to establishment of the encrypted data communication session;

wherein the programming component is configured to intercept communications from client applications destined for resources on the private data communication network and to send the intercepted communications to a gateway via the encrypted data communication session instead of to the resources on the private data communication network.

View all claims

10 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for establishing a virtual private network (VPN) between a client and a private data communication network. An encrypted data communication session, such as a Secure Sockets Layer (SSL) data communication session, is established between a gateway and the client over a public data communication network. The gateway then sends a programming component to the client for automatic installation and execution thereon. The programming component operates to intercept communications from client applications destined for resources on the private data communication network and to send the intercepted communications to the gateway via the encrypted data communication session instead of to the resources on the private data communication network.

298 Citations

42 Claims

1. A method for establishing an encrypted virtual private network between a client and a private data communication network, wherein the client is connected to the private data communication network via a public data communication network, comprising:
- establishing an encrypted data communication session with a client over the public data communication network; and
  
  sending a programming component to the client for automatic installation and execution thereon in response to establishment of the encrypted data communication session;
  
  wherein the programming component is configured to intercept communications from client applications destined for resources on the private data communication network and to send the intercepted communications to a gateway via the encrypted data communication session instead of to the resources on the private data communication network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein establishing an encrypted data communication session with a client comprises establishing a Secure Sockets Layer data communication session with a client.
  - 3. The method of claim 1, wherein sending a programming component to the client comprises:
    - sending a first program to the client, the first program configured to install a second program on the client;
      
      wherein the second program is configured to intercept communications from client applications destined for resources on the private data communication network and to provide the intercepted communications to the first program for sending to a gateway via the encrypted data communication session instead of to the resources on the private data communication network.
  - 4. The method of claim 3, wherein sending a first program to the client comprises sending an ActiveX control to the client.
  - 5. The method of claim 3, wherein sending a first program to the client comprises sending a Java applet to the client.
  - 6. The method of claim 1, wherein sending a first program to the client that is configured to install a second program on the client comprises:
    - sending a first program to the client that is configured to install a dynamic interceptor at a layer of an operating system of the client.
  - 7. The method of claim 1, further comprising:
    - receiving an encrypted communication from the client via the encrypted data communication session;
      
      decrypting the encrypted communication; and
      
      providing the decrypted communication to a resource on the private data communication network.
  - 8. The method of claim 7, further comprising:
    - processing the decrypted communication prior to providing the decrypted communication to a resource on the private data communication network.
  - 9. The method of claim 8, wherein processing the decrypted communication comprises performing at least one of:
    - re-encryption;
      
      data compression;
      
      load balancing;
      
      Authentication, Authorization, and Accounting;
      
      or caching.
  - 10. The method of claim 1, further comprising:
    - receiving a communication from a resource on the private data communication network destined for the client; and
      
      sending the communication from the resource on the private data communication network to the client via the encrypted data communication session.

11. A method for establishing a virtual private network between a client and a private data communication network, wherein the private data communication network is connected to the client via a public data communication network, comprising:
- establishing an encrypted data communication session with a gateway over the public data communication network;
  
  intercepting a communication from a client application destined for a resource on the private data communication network; and
  
  sending the intercepted communication to the gateway instead of to the resource on the private data communication network, wherein the intercepted communication is sent to the gateway via the encrypted data communication session.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
- - 12. The method of claim 11, wherein establishing an encrypted data communication session with a gateway comprises establishing a Secure Sockets Layer data communication session with a gateway.
  - 13. The method of claim 11, wherein sending the intercepted communication to the gateway via the encrypted data communication session comprises:
    - encrypting the intercepted communication; and
      
      sending the encrypted intercepted communication to the gateway over the public data communication network.
  - 14. The method of claim 11, further comprising:
    - receiving a programming component from the gateway in response to establishing the encrypted data communication session; and
      
      executing the programming component, wherein the programming component is configured to intercept communications from client applications destined for resources on the private data communication network and to provide the intercepted communications to the first program for sending to the gateway via the encrypted data communication session.
  - 15. The method of claim 14, wherein receiving and executing the programming component comprises:
    - receiving a first program from the gateway; and
      
      executing the first program, wherein executing the first program comprises installing a second program;
      
      wherein the second program is configured to intercept communications from client applications destined for resources on the private data communication network and to provide the intercepted communications to the first program for sending to the gateway via the encrypted data communication session.
  - 16. The method of claim 15, wherein receiving a first program from the gateway comprises receiving an ActiveX control from the gateway.
  - 17. The method of claim 15, wherein receiving a first program from the gateway comprises receiving a Java applet from the gateway.
  - 18. The method of claim 15, wherein installing a second program comprises installing a dynamic interceptor at a layer of an operating system of the client.
  - 19. The method of claim 11, further comprising:
    - receiving an encrypted communication from the gateway via the encrypted data communication session, wherein the encrypted communication comprises a communication originating from a resource on the private data communication network;
      
      decrypting the encrypted communication from the gateway; and
      
      providing the decrypted communication to a client application.
  - 20. The method of claim 11, further comprising:
    - processing the intercepted communication prior to sending the intercepted communication to the gateway.
  - 21. The method of claim 20, wherein processing the intercepted communication comprises performing domain name server (DNS) name resolution.

22. A gateway, comprising:
- means for establishing an encrypted data communication session with a client over a public data communication network; and
  
  means for sending a programming component to the client for automatic installation and execution thereon in response to establishment of the encrypted data communication session;
  
  wherein the programming component is configured to intercept communications from client applications destined for resources on a private data communication network and send the intercepted communications to the gateway via the encrypted data communication session instead of to the resources on the private data communication network.
- View Dependent Claims (23, 24, 25, 26, 27, 28, 29, 30, 31)
- - 23. The gateway of claim 22, wherein the means for establishing an encrypted data communication session with a client comprises means for establishing a Secure Sockets Layer data communication session with a client.
  - 24. The gateway of claim 22, wherein the means for sending a programming component to the client comprises means for sending a first program to the client, the first program configured to install a second program on the client;
    - wherein the second program is configured to intercept communications from client applications destined for resources on the private data communication network and to provide the intercepted communications to the first program for sending to the gateway via the encrypted data communication session instead of to the resources on the private data communication network.
  - 25. The gateway of claim 24, wherein the means for sending a first program to the client comprises means for sending an ActiveX control to the client.
  - 26. The gateway of claim 24, wherein the means for sending a first program to the client comprises means for sending a Java applet to the client.
  - 27. The gateway of claim 24, wherein the means for sending a first program to the client that is configured to install a second program on the client comprises means for sending a first program to the client that is configured to install a dynamic interceptor at a layer of an operating system of the client.
  - 28. The gateway of claim 22, further comprising:
    - means for receiving an encrypted communication from the client via the encrypted data communication session;
      
      means for decrypting the encrypted communication; and
      
      means for providing the decrypted communication to a resource on the private data communication network.
  - 29. The gateway of claim 28, further comprising:
    - means for processing the decrypted communication prior to providing the decrypted communication to a resource on the private data communication network.
  - 30. The gateway of claim 29, wherein the means for processing the decrypted communication comprises means for performing at least one of:
    - re-encryption;
      
      data compression;
      
      load balancing;
      
      Authentication, Authorization, and Accounting;
      
      or caching.
  - 31. The gateway of claim 22, further comprising:
    - means for receiving a communication from a resource on the private data communication network destined for the client; and
      
      means for sending the communication from the resource on the private data communication network to the client via the encrypted data communication session.

32. A client, comprising:
- means for establishing an encrypted data communication session with a gateway over a public data communication network;
  
  means for intercepting a communication from a client application destined for a resource on a private data communication network; and
  
  means for sending the intercepted communication to the gateway instead of to the resource on the private data communication network, wherein the intercepted communication is sent to the gateway via the encrypted data communication session.
- View Dependent Claims (33, 34, 35, 36, 37, 38, 39, 40, 41, 42)
- - 33. The client of claim 32, wherein the means for establishing an encrypted data communication session with a gateway comprises means for establishing a Secure Sockets Layer data communication session with a gateway.
  - 34. The client of claim 32, wherein the means for sending the intercepted communication to the gateway via the encrypted data communication session comprises:
    - means for encrypting the intercepted communication; and
      
      means for sending the encrypted intercepted communication to the gateway over the public data communication network.
  - 35. The client of claim 32, further comprising:
    - means for receiving a programming component from the gateway in response to establishing the encrypted data communication session; and
      
      means for executing the programming component, wherein the programming component is configured to intercept communications from client applications destined for resources on the private data communication network and to provide the intercepted communications to the first program for sending to the gateway via the encrypted data communication session.
  - 36. The client of claim 35, wherein the means for receiving a programming component from the gateway comprises means for receiving a first program from the gateway, and wherein the means for executing the programming component comprises means for executing the first program, wherein executing the first program comprises installing a second program, the second program configured to intercept communications from client applications destined for resources on the private data communication network and to provide the intercepted communications to the first program for sending to the gateway via the encrypted data communication session.
  - 37. The client of claim 36, wherein the means for receiving a first program from the gateway comprises means for receiving an ActiveX control from the gateway.
  - 38. The client of claim 36, wherein the means for receiving a first program from the gateway comprises means for receiving a Java applet from the gateway.
  - 39. The client of claim 36, wherein installing a second program comprises installing a dynamic interceptor at a layer of an operating system of the client.
  - 40. The client of claim 32, further comprising:
    - means for receiving an encrypted communication from the gateway via the encrypted data communication session, wherein the encrypted communication comprises a communication originating from a resource on the private data communication network;
      
      means for decrypting the encrypted communication from the gateway; and
      
      means for providing the decrypted communication to a client application.
  - 41. The client of claim 32, further comprising:
    - means for processing the intercepted communication prior to sending the intercepted communication to the gateway.
  - 42. The client of claim 41, wherein the means for processing the intercepted communication comprises means for performing domain name server (DNS) name resolution.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Citrix Systems, Inc. (Cloud Software Group)
Original Assignee
Citrix Application Networking LLC (Cloud Software Group)
Inventors
Soni, Ajay, He, Junxiao, Sundarrajan, Prabakar, Kumar, Arkesh, Nanjundaswamy, Shashidhara

Granted Patent

US 7,757,074 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/15
CPC Class Codes

H04L 63/0272   Virtual private networks

H04L 63/029   Firewall traversal, e.g. tu...

H04L 63/0428   wherein the data content is...

H04L 63/164   at the network layer

H04L 63/166   at the transport layer

H04L 67/289   Intermediate processing fun...

H04L 67/34   involving the movement of s...

H04L 67/563   Data redirection of data ne...

System and method for establishing a virtual private network

First Claim

10 Assignments

0 Petitions

Accused Products

Abstract

298 Citations

42 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for establishing a virtual private network

First Claim

10 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

298 Citations

42 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links