TECHNIQUES FOR VIRTUAL PRIVATE NETWORK (VPN) ACCESS

US 20090089874A1
Filed: 01/18/2008
Published: 04/02/2009
Est. Priority Date: 09/27/2007
Status: Active Grant

First Claim

Patent Images

1. A machine-implemented method, comprising:

authenticating a principal for access to a remote site;

downloading a control module to process within a device associated with the principal for facilitating establishment of a virtual private network (VPN) session between the principal and resources of the remote site;

dynamically and in real-time receiving an indication from the control module as to whether the principal is to be associated with a thin client installation for the VPN session or whether the principal is to be associated with a clientless access for the VPN session.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques for virtual private network (VPN) access are provided. A dynamic determination, in response to privileges, is made as to whether a principal and a device of a principal are to receive a thin client virtual private network (VPN) installation for a thin client VPN session between the principal and a remote site or whether a clientless VPN session is appropriate. Dynamic switching between the clientless VPN session and thin client VPN session is permissible when the principal supplies the appropriate credentials for such a switch.

76 Citations

View as Search Results

24 Claims

1. A machine-implemented method, comprising:
- authenticating a principal for access to a remote site;
  
  downloading a control module to process within a device associated with the principal for facilitating establishment of a virtual private network (VPN) session between the principal and resources of the remote site;
  
  dynamically and in real-time receiving an indication from the control module as to whether the principal is to be associated with a thin client installation for the VPN session or whether the principal is to be associated with a clientless access for the VPN session.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1 further comprising, downloading VPN modules that act as a proxy for the principal on the device for purposes of accessing the remote site and its resources by establishing a thin client VPN session as the VPN session when the control module indicates the principal has privileges for the thin client installation.
  - 3. The method of claim 2 further comprising:
    - detecting a termination in the thin client VPN session between the principal and the remote site;
      
      receiving another subsequent authentication of the principal via the device;
      
      acquiring a notification from the control module that the proxy is running on the device; and
      
      establishing another thin client VPN session between the principal and the resources.
  - 4. The method of claim 1 further comprising, permitting limited access to the remote site by establishing a clientless VPN session as the VPN session between a browser of the device that uses secure socket layer (SSL) communication, when the control module indicates the principal lacks privileges for the thin client installation and is to use the clientless VPN session.
  - 5. The method of claim 1 further comprising, receiving a request from the control module to perform additional authentication on the principal in response to a principal'"'"'s dynamic and real-time request on the device to use the thin client installation for the VPN session.
  - 6. The method of claim 5, wherein receiving further includes acquiring new credentials from the principal directly or indirectly via the control module for the additional authentication, wherein the new credentials represent an administrator or root access level.
  - 7. The method of claim 1 further comprising:
    - instructing the control module to dynamically configure the thin client installation on the device of the principal in response to a privilege level assigned to the principal; and
      
      dynamically providing VPN resources from the remote site to assist the control module in establishing the VPN session as a thin client VPN session with access to the resources of the remote site.

8. A machine-implemented method, comprising:
- dynamically checking a device associated with a principal for a thin client virtual private network (VPN) installation;
  
  dynamically downloading modules from a remote site to establish a thin client VPN session between the principal and the device when the thin client installation is present;
  
  dynamically searching for additional credentials of the principal when the thin client installation is missing from the device and when successful credentials are found downloading the thin client installation and the modules from the remote site to establish the thin client VPN session; and
  
  permitting a clientless VPN session to be established between the principal and the remote site when the thin client VPN session fails to be established.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The method of claim 8, wherein dynamically searching further includes, checking the device for the additional credentials.
  - 10. The method of claim 9, wherein dynamically searching further includes, dynamically requesting that the principal supply the additional credentials when the searching fails to discover the additional credentials.
  - 11. The method of claim 10, wherein dynamically requesting further includes presenting a dialogue box on a display of the device for the principal to enter the additional credentials.
  - 12. The method of claim 11, wherein presenting further includes including an option within the dialogue box that permits the principal to bypass supplying the additional credentials and select the clientless VPN session.
  - 13. The method of claim 11, wherein dynamically requesting further includes limiting a total number of attempts that the principal can make to enter the additional credentials to three attempts and when after three failed attempts determining that the clientless VPN session is to be established.
  - 14. The method of claim 8, wherein dynamically checking further includes determining the thin client installation is present but in a locked state on the device or a no executing state on the device and in treating this as a condition in which the thin client installation is not to be considered present on the device until the additional credentials are successfully obtained and verified.

15. A machine-implemented method, comprising:
- authenticating a principal for access to resources of a remote site via a first set of credentials supplied by the principal via a World-Wide Web (WWW) browser over an Internet connection between a device of the principal and a server device of the remote site;
  
  dynamically downloading over the Internet to the WWW browser a control module from the remote site and executing the control module on the device of the principal;
  
  checking, by the control module, whether a thin client virtual private network (VPN) installation is already installed on the device of the principal and configured for use on that device;
  
  dynamically downloading, by the control module, VPN components from the remote site to dynamically establish a thin client VPN session between the principal and the remote site when the thin client VPN installation is installed and is configured for use on the device;
  
  dynamically downloading, by the control module, the VPN components, dynamically configuring the thin client VPN installation for use, and dynamically establishing the thin client VPN session when the thin client installation is present but not configured and when detected privileges for the principal indicate the thin client VPN session is permissible; and
  
  dynamically downloading, by the control module, the thin client VPN installation and the VPN components, dynamically configuring the thin client VPN installation for use, and dynamically establishing the thin client VPN session when the thin client VPN installation is not present and when detected privileges for the principal indicate that the thin client VPN session is permissible.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The system of claim 15 further comprising, dynamically detecting, by the control module, the privileges within the device without interaction with the principal.
  - 17. The system of claim 15 further comprising, detecting, by the control module, the privileges after prompting the principal to supply a second set of credentials, which are authenticated as the privileges.
  - 18. The system of claim 15, further comprising, permitting the principal to access the remote site via a clientless VPN session when the control module is unable to establish the thin client VPN session or when the principal specifically requests the clientless VPN session.
  - 19. The system of claim 18 further comprising, using secure socket layer (SSL) communication capabilities of the WWW browser to establish the clientless VPN session.
  - 20. The system of claim 15 further comprising, executing the control module as an ActiveX module or an Applet within the WWW browser.

21. A machine-implemented system, comprising:
- a control module implemented in a machine-accessible and readable medium and to process on a client machine of a principal; and
  
  a virtual private network (VPN) establishment service implemented in a machine-accessible and readable medium and to process on a server machine, wherein the client machine and the server machine are remote from one another over a wide-area network (WAN) connection;
  
  wherein the control module is dynamically installed to the client machine via the VPN establishment service when the principal authenticates to the server machine successfully, and wherein the control module dynamically and in real-time determines in response to privileges of the principal whether a thin client VPN installation on the client machine is to be used and dynamically establishes a thin client VPN session between the principal and a remote site associated with the server or whether a clientless VPN session is to be established, and wherein modules for establishing the thin client VPN session are provided via dynamically download from the VPN establishment service to the control module.
- View Dependent Claims (22, 23, 24)
- - 22. The system of claim 21, wherein after a successful thin client installation occurs on the client machine a first time, the control module re-establishes subsequent thin client VPN sessions for the principal when the principal returns and re-authenticates to the remote site.
  - 23. The system of claim 21, wherein the control module dynamically prompts the principal for credentials that support the privileges before establishing the thin client VPN session, and wherein the credentials are authenticated successfully before that thin client VPN session is established.
  - 24. The system of claim 21, wherein the control module dynamically switches from the clientless VPN session to the thin client VPN session in response to a dynamic request of the principal and in response to the principal supplying the privileges used for the thin client VPN session.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
Ananda, Gautham Chambrakana, Attur, Vishnu Govind, Mohanty, Surendranath, KS, Girish

Granted Patent

US 7,954,145 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/15
CPC Class Codes

H04L 12/4641   Virtual LANs, VLANs, e.g. v...

H04L 63/0272   Virtual private networks

H04L 63/105   Multiple levels of security

H04L 63/168   above the transport layer

TECHNIQUES FOR VIRTUAL PRIVATE NETWORK (VPN) ACCESS

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

76 Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

TECHNIQUES FOR VIRTUAL PRIVATE NETWORK (VPN) ACCESS

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

76 Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links