UNINTERRUPTED VIRTUAL PRIVATE NETWORK (VPN) CONNECTION SERVICE WITH DYNAMIC POLICY ENFORCEMENT
First Claim
Patent Images
1. A machine-implemented method, comprising:
- receiving a request to change an Internet Protocol (IP) address for an existing Virtual Private Network (VPN) session between a VPN client and a VPN server, wherein the new IP address is to replace an existing IP address being used in the existing VPN session;
updating a VPN connection table entry for the VPN session with the new IP address; and
supplying a new credential for the VPN client to automatically re-authenticate during the existing VPN session to the new IP address without the VPN client losing service to the existing VPN session, wherein the new credential is to be used to replace an existing credential being used for authentication to the existing VPN session and the existing IP address, the new credential authenticates to the new IP address and the existing VPN session.
7 Assignments
0 Petitions
Accused Products
Abstract
Techniques for uninterrupted virtual private network (VPN) connection service with dynamic policy enforcement are provided. An existing VPN session between a VPN client and a VPN server detects a change in a VPN network being used for the existing VPN session. New credentials and new policies are received by the VPN client. The new credentials are automatically used to re-authenticate the VPN client to the change during the existing VPN session, and the new policies are dynamically used to enforce the new policies during the existing VPN session on the VPN client.
41 Citations
24 Claims
-
1. A machine-implemented method, comprising:
-
receiving a request to change an Internet Protocol (IP) address for an existing Virtual Private Network (VPN) session between a VPN client and a VPN server, wherein the new IP address is to replace an existing IP address being used in the existing VPN session; updating a VPN connection table entry for the VPN session with the new IP address; and supplying a new credential for the VPN client to automatically re-authenticate during the existing VPN session to the new IP address without the VPN client losing service to the existing VPN session, wherein the new credential is to be used to replace an existing credential being used for authentication to the existing VPN session and the existing IP address, the new credential authenticates to the new IP address and the existing VPN session. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A machine-implemented method, comprising:
-
receiving notification from a network change detection module on a Virtual Private Network (VPN) client that an Internet Protocol (IP) address being used in an existing authenticated Secure Socket Layer (SSL) VPN session between a data path manager of the VPN client and a VPN server has changed during the existing SSL VPN session; submitting a request to a VPN connection manager to change an existing IP address being used with the existing SSL VPN session to the IP address while maintaining the existing SSL VPN session; receiving new credentials from the VPN connection manager to make the change to the IP address during the existing SSL VPN session; and supplying the new credentials to the data path manager for use in automatically re-authenticating to the existing SSL VPN session and to the IP address while maintaining the existing SSL VPN session. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A machine-implemented method, comprising:
-
a Virtual Private Network (VPN) connection manager implemented in a computer-readable storage medium and to process on a server machine of a network; and a VPN connection table implemented in a computer-readable storage medium and accessible to the VPN manager on the server machine of the network; wherein the VPN connection manager authenticates a request from a VPN client to change VPN information for an existing VPN session while allowing the VPN client to maintain the existing VPN session, and wherein the VPN connection manager updates an entry for the existing VPN session within the VPN connection table to include new credentials that permit the VPN client to automatically and dynamically re-authenticate to the existing VPN session with changed VPN information, wherein the new credentials replace existing credentials being used with existing network information for the existing VPN session, and wherein the new credentials and new policies for the changed VPN information and the existing VPN session are provided to the VPN client for dynamic re-authentication to the existing VPN session. - View Dependent Claims (16, 17, 18, 19, 20)
-
-
21. A machine-implemented system, comprising:
-
a network detection module implemented in a computer-readable medium and to process on a Virtual Private Network (VPN) client over a network; a control channel manager implemented in a computer-readable medium and to process on the VPN client over the network; and a data channel manager implemented in a computer-readable medium and to process on the VPN client over the network; wherein the network detection module is to detect a change in an existing VPN session between the VPN client and a VPN server and sends a notification of the change to the control channel manager, the control channel manager reports the change to a VPN connection manager over the network and receives new credentials and new policies for the existing VPN session that are supplied to the data channel manager, the data channel manager uses the new credentials to automatically re-authenticate the existing VPN session without losing the VPN session and the data channel manager enforces the new policies within the existing VPN session. - View Dependent Claims (22, 23, 24)
-
Specification