Systems and Methods of Fine Grained Interception of Network Communications on a Virtual Private Network

US 20080031235A1
Filed: 08/03/2006
Published: 02/07/2008
Est. Priority Date: 08/03/2006
Status: Active Grant

First Claim

Patent Images

1. A method for intercepting a communication of a client to a destination on a virtual private network based on a network destination description of an application authorized to be accessed via the virtual private network, the method comprising the steps of:

(a) intercepting, by an agent of the client, a network communication of the client, the agent establishing a virtual private network connection via an appliance from a first network to a second network;

(b) determining, by the agent, a destination of the network communication corresponds to a network identifier and a port of a network destination description of an application on the second network authorized for access via the virtual private network; and

(c) transmitting, by the agent in response to the determination, the network communication via the virtual private network connection.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for intercepting communication of a client to a destination on a virtual private network includes an agent executing on the client that intercepts a network communication of the client. The agent provides a virtual private network connection from a first network to a second network. The decision to intercept is based on a network destination description or an identification of an application authorized to be accessed via the virtual private network. In one case, the agent determines that a destination specified by the intercepted communication corresponds to a network identifier and a port of a network destination description of an application on the second network authorized for access via the virtual private network. In response to this determination, the agent transmits the intercepted communication.

135 Citations

View as Search Results

20 Claims

1. A method for intercepting a communication of a client to a destination on a virtual private network based on a network destination description of an application authorized to be accessed via the virtual private network, the method comprising the steps of:
- (a) intercepting, by an agent of the client, a network communication of the client, the agent establishing a virtual private network connection via an appliance from a first network to a second network;
  
  (b) determining, by the agent, a destination of the network communication corresponds to a network identifier and a port of a network destination description of an application on the second network authorized for access via the virtual private network; and
  
  (c) transmitting, by the agent in response to the determination, the network communication via the virtual private network connection.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, comprising determining, by the agent, the network communication does not correspond to the network destination description of the application, and transmitting the network communication via the first network.
  - 3. The method of claim 1, comprising determining, by the agent, the network communication does not correspond to the network destination description of the application, and dropping the network communication.
  - 4. The method of claim 1, wherein the network destination description comprises one of an internet protocol address and netmask, a single internet protocol address, or an internet protocol address range associated with the application.
  - 5. The method of claim 1, wherein the network identifier comprises a host name of a computing device hosting the application.
  - 6. The method of claim 1, comprising determining, by the agent, the network identifier and the port of the client corresponds to a source internet protocol address and a source port of the network destination description of the application.
  - 7. The method of claim 1, comprising determining, by the agent, a type of protocol of the network communication corresponds to a protocol specified by the network destination description of the application.
  - 8. The method of claim 1, comprising determining, by the agent, not to intercept a second network communication of the client destined to a second application not authorized for access to the second network via the virtual private network connection.
  - 9. The method of claim 1, wherein step (a) comprises intercepting, by the agent, transparently to one of the application or a user of the client.
  - 10. The method of claim 1, comprising receiving, by the agent, the network destination description from the appliance.

11. A system for intercepting a communication of a client to a destination on a virtual private network based on a network destination description of an application authorized to be accessed via the virtual private network, the system comprising:
- a means for intercepting, by an agent of the client, a network communication of the client, the agent establishing a virtual private network connection via an appliance from a first network to a second network;
  
  a means for determining, by the agent, a destination of the network communication corresponds to a network identifier and a port of a network destination description of an application on the second network authorized for access via the virtual private network; and
  
  a means for transmitting, by the agent in response to the determination, the network communication via the virtual private network connection.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The system of claim 11, comprising a means for determining, by the agent, the network communication does not correspond to the network destination description of the application, and transmitting the network communication via the first network.
  - 13. The system of claim 11, comprising a means for determining, by the agent, the network communication does not correspond to the network destination description of the application, and dropping the network communication.
  - 14. The system of claim 11, wherein the network destination description comprises one of an internet protocol address and netmask, a single internet protocol address, or an internet protocol address range associated with the application.
  - 15. The system of claim 11, wherein the network identifier comprises a host name of a computing device hosting the application.
  - 16. The system of claim 11, comprising a means for determining, by the agent, the network identifier and the port of the client corresponds to a source internet protocol address and a source port of the network destination description of the application.
  - 17. The system of claim 11, comprising a means for determining, by the agent, a type of protocol of the network communication corresponds to a protocol specified by the network destination description of the application.
  - 18. The system of claim 11, comprising a means for determining, by the agent, not to intercept a second network communication of the client destined to a second application not authorized for access to the second network via the virtual private network connection.
  - 19. The system of claim 11, comprising a means for intercepting, by the agent, transparently to one of the application or a user of the client.
  - 20. The system of claim 11, comprising a means for receiving, by the agent, the network destination description from the appliance.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Citrix Systems, Inc. (Cloud Software Group)
Original Assignee
Citrix Systems, Inc. (Cloud Software Group)
Inventors
Nanjundaswamy, Shashi, Soni, Ajay, Venkatraman, Charu, Harris, James, He, Junxiao, Mullick, Amarnath

Granted Patent

US 7,843,912 B2
Time in Patent Office

Days
Field of Search
US Class Current

370/389
CPC Class Codes

H04L 12/4679   Arrangements for the regist...

H04L 63/0272   Virtual private networks

H04L 63/102   Entity profiles

H04L 69/16   Implementation or adaptatio...

H04L 69/163   In-band adaptation of TCP d...

Systems and Methods of Fine Grained Interception of Network Communications on a Virtual Private Network

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

135 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and Methods of Fine Grained Interception of Network Communications on a Virtual Private Network

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

135 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links