SYSTEM AND METHOD FOR ESTABLISHING A VIRTUAL PRIVATE NETWORK

US 20100241846A1
Filed: 06/04/2010
Published: 09/23/2010
Est. Priority Date: 06/30/2004
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

(a) establishing, by a network device, a connection with a client requesting access to a network via the network device;

(b) transmitting, by the network device, a first program to the client for automatic installation and execution thereon in response to the establishment;

(c) installing, by the first program upon execution, a second program in a network stack of the client, the second program redirecting to the first program a packet from a client application destined for the network;

(d) encapsulating, by the first program, payload from the redirected packet; and

(e) transmitting, by the first program, the encapsulated payload to the network device.

View all claims

11 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for establishing a virtual private network (VPN) between a client and a private data communication network. An encrypted data communication session, such as a—Secure Sockets Layer (SSL) data communication session, is established between a gateway and the client over a public data communication network. The gateway then sends a programming component to the client for automatic installation and execution thereon. The programming component operates to intercept communications from client applications destined for resources on the private data communication network and to send the intercepted communications to the gateway via the encrypted data communication session instead of to the resources on the private data communication network.

Citations

20 Claims

1. A method comprising:
- (a) establishing, by a network device, a connection with a client requesting access to a network via the network device;
  
  (b) transmitting, by the network device, a first program to the client for automatic installation and execution thereon in response to the establishment;
  
  (c) installing, by the first program upon execution, a second program in a network stack of the client, the second program redirecting to the first program a packet from a client application destined for the network;
  
  (d) encapsulating, by the first program, payload from the redirected packet; and
  
  (e) transmitting, by the first program, the encapsulated payload to the network device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein step (a) further comprises requesting, by the client, access from a public network to a private network via the network device.
  - 3. The method of claim 1, wherein step (a) further comprises establishing the connection with the client in response to the client application requesting access to the network.
  - 4. The method of claim 1, wherein establishing the connection further comprises establishing a secure sockets layer (SSL) connection with the client.
  - 5. The method of claim 1, wherein transmitting the first program further comprises transmitting an ActiveX control or a Java applet.
  - 6. The method of claim 1, further comprising providing, by the first program, a first endpoint for communications over the established connection and providing, by the network device, a second endpoint for the communications over the established connection.
  - 7. The method of claim 1, wherein installing the second program further comprises installing a filter at the transport layer of the network stack.
  - 8. The method of claim 1, wherein step (c) further comprises determining whether to redirect the packet to the first program.
  - 9. The method of claim 1, wherein step (d) further comprises encrypting the payload from the redirected packet.
  - 10. The method of claim 1, further comprising transmitting, by the network device, the payload to a destination in the network.

11. A method comprising:
- (a) establishing a connection between a client on a first network and a network device intermediary to the first network and a second network;
  
  (b) intercepting, by a filter operating at a transport layer of the client, a packet from an application of the client responsive to the establishment, the packet destined for the second network;
  
  (c) forwarding, by the filter, the intercepted packet to a program executing on the client, the program terminating an end of the connection at the client; and
  
  (d) transmitting, by the program, payload from the intercepted packet to the network device via the connection.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The method of claim 11, wherein step (a) further comprises establishing the connection with the client in response to the application requesting access to the second network.
  - 13. The method of claim 11, wherein the program executes in an application layer of the client.
  - 14. The method of claim 11, wherein a web browser of the client executes the program.
  - 15. The method of claim 11, further comprising providing, by the program, a first endpoint for the connection and providing, by the network device, a second endpoint for the connection.
  - 16. The method of claim 11, wherein step (c) further comprises determining whether to forward the packet to the program.
  - 17. The method of claim 11, wherein step (d) further comprises encrypting the payload from the intercepted packet prior to transmission to the network device.
  - 18. The method of claim 11, further comprising transmitting, by the network device, the payload to a destination in the second network.
  - 19. The method of claim 11, further comprising establishing, by the application, a connection to the transport layer of the client to activate the filter for intercepting packets.
  - 20. The method of claim 11, further comprising installing, by the program, the filter at the transport layer of the client.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Citrix Systems, Inc. (Cloud Software Group)
Original Assignee
Citrix Application Networking LLC (Cloud Software Group)
Inventors
Nanjundaswamy, Shashidhara, Soni, Ajay, He, Junxiao, Sundarrajan, Prabakar, Kumar, Arkesh

Granted Patent

US 8,261,057 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/151
CPC Class Codes

H04L 63/0272   Virtual private networks

H04L 63/029   Firewall traversal, e.g. tu...

H04L 63/0428   wherein the data content is...

H04L 63/164   at the network layer

H04L 63/166   at the transport layer

H04L 67/289   Intermediate processing fun...

H04L 67/34   involving the movement of s...

H04L 67/563   Data redirection of data ne...

SYSTEM AND METHOD FOR ESTABLISHING A VIRTUAL PRIVATE NETWORK

First Claim

11 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM AND METHOD FOR ESTABLISHING A VIRTUAL PRIVATE NETWORK

First Claim

11 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links