METHODS AND APPARATUS FOR ESTABLISHING A DYNAMIC VIRTUAL PRIVATE NETWORK CONNECTION
First Claim
1. A method for managing VPN profiles external to a VPN client installed on an endpoint device, the method comprising:
- monitoring a security compliance status of the endpoint device with at least one security policy stored on the endpoint device;
copying, in response to detecting a change in the security compliance status, at least one archived VPN profile from an encrypted datastore to a storage location accessible to the VPN client, wherein the at least one archived VPN profile comprises first connection information; and
configuring the VPN client to connect to a network using the first connection information in the at least one archived VPN profile.
4 Assignments
0 Petitions
Accused Products
Abstract
Methods and apparatus for managing a dynamic virtual private network (VPN) connection of an endpoint device using locally-stored encrypted VPN profiles. The endpoint device comprises a VPN client configured to establish a secure connection with a computer via a network, an encrypted datastore for storing the encrypted VPN profiles, and a security agent for monitoring a security compliance status of the endpoint device with a security policy stored on the endpoint device. In response to detecting a change in the security compliance status of the endpoint device, the security agent copies VPN profiles from the encrypted datastore to a storage location accessible to the VPN client. The VPN client is configured to use the copied VPN profiles to securely connect to the computer. Periodic update requests from the security agent to an administrative server enable updated VPN profiles or security policies to be downloaded and stored in the encrypted datastore.
133 Citations
23 Claims
-
1. A method for managing VPN profiles external to a VPN client installed on an endpoint device, the method comprising:
-
monitoring a security compliance status of the endpoint device with at least one security policy stored on the endpoint device; copying, in response to detecting a change in the security compliance status, at least one archived VPN profile from an encrypted datastore to a storage location accessible to the VPN client, wherein the at least one archived VPN profile comprises first connection information; and configuring the VPN client to connect to a network using the first connection information in the at least one archived VPN profile. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A computer-readable medium encoded with a series of instructions that when executed by a endpoint device perform a method of updating VPN profiles stored on an endpoint device, the method comprising:
-
transmitting a profile update request from a security agent on the endpoint device to a profile server, the profile update request comprising authentication information including at least one set of security credentials; receiving, in response to the profile update request, a VPN profile file comprising a plurality of VPN profiles; parsing the VPN profile file to extract the plurality of VPN profiles; and storing the plurality of VPN profiles in an encrypted datastore on the endpoint device. - View Dependent Claims (11, 12, 13)
-
-
14. A method for providing an updated VPN profile file from a profile server to an endpoint device, the method comprising:
-
receiving a profile update request from a security agent on the endpoint device, the profile update request comprising authentication information including at least one set of security credentials; searching the profile server for the updated VPN profile file based at least in part on the authentication information; and transmitting, if found, the updated VPN profile file to the client on the endpoint device. - View Dependent Claims (15, 16, 17)
-
-
18. An apparatus for monitoring a compliance of a endpoint device with at least one security policy, the endpoint device comprising:
-
a VPN client configured to establish a secure connection with a computer via a network; an encrypted datastore for storing archived VPN profiles, wherein at least one of the archived VPN profiles comprises connection information used by the VPN client to establish the secure connection; and a security agent for monitoring the compliance of the endpoint device with the at least one security policy, wherein the security agent copies at least one VPN profile from the archived VPN profiles in the encrypted datastore to a storage location accessible to the VPN client, wherein the at least one VPN profile is copied based at least in part on the compliance of the endpoint device with the at least one security policy. - View Dependent Claims (19, 20, 21, 22, 23)
-
Specification