REAL-TIME AUTOMATED VIRTUAL PRIVATE NETWORK (VPN) ACCESS MANAGEMENT

US 20110225286A1
Filed: 03/12/2010
Published: 09/15/2011
Est. Priority Date: 03/12/2010
Status: Active Grant

First Claim

Patent Images

1. A method of managing virtual private network (VPN) access to a network partitioned into a plurality of subnetworks (subnets), the method comprising:

providing first information associated with hardware hosted on one or more subnets of the network;

providing second information associated with users for VPN access, wherein the VPN access for each user is determined by a list of hardware each user has permission to access;

detecting a hardware triggering event corresponding to a modification of the first information; and

responsive to the detection of the hardware triggering event, automatically updating the second information based on the modification of the first information.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Provided is a method for managing virtual private network (VPN) access to a network that is partitioned into a plurality of subnetworks (subnets). The method includes providing first information associated with hardware hosted on one or more subnets of the network; providing second information associated with users for VPN access, where the VPN access for each user is determined by a list of hardware each user has permission to access; detecting a hardware triggering event corresponding to a modification of the first information; and responsive to the detection of the hardware triggering event, automatically updating the second information based on the modification of the first information.

Citations

20 Claims

1. A method of managing virtual private network (VPN) access to a network partitioned into a plurality of subnetworks (subnets), the method comprising:
- providing first information associated with hardware hosted on one or more subnets of the network;
  
  providing second information associated with users for VPN access, wherein the VPN access for each user is determined by a list of hardware each user has permission to access;
  
  detecting a hardware triggering event corresponding to a modification of the first information; and
  
  responsive to the detection of the hardware triggering event, automatically updating the second information based on the modification of the first information.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein detecting the hardware triggering event includes detecting an event of a type selected from the group consisting of:
    - addition of new hardware on the network;
      
      removal of existing hardware from the network; and
      
      relocation of existing hardware to a different subnet.
  - 3. The method of claim 1, wherein automatically updating the second information includes readjusting relevant permissions for a user.
  - 4. The method of claim 1, wherein providing second information includes dynamically generating each user'"'"'s subnet requirements based on the list of hardware each user has permission to access.
  - 5. The method of claim 1, wherein providing the first information includes providing IP addresses or host names associated with the hardware on the network.
  - 6. The method of claim 5, wherein providing the first information includes providing hardware inventory information in a hardware inventory database, wherein the hardware inventory database is updated in real-time when hardware is added or removed from the network.
  - 7. The method of claim 6, wherein providing the hardware inventory information includes providing information for physical devices, virtual devices, or combination thereof.
  - 8. The method of claim 1, wherein providing the second information includes providing authentication information for each user in an authentication database.

9. A method of managing virtual private network (VPN) access to a private network divided into a plurality of subnetworks (subnets), the method comprising:
- providing address information associated with a plurality of devices hosted on the plurality of subnets;
  
  providing authentication information associated with a plurality of users for VPN access, wherein the VPN access for each user is determined based on the devices each user has permission to access;
  
  responsive to a triggering event, evaluating the address information to determine a subnet relevant to the triggering event; and
  
  automatically updating the authentication information based on the determination of the relevant subnet.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The method of claim 9, wherein the triggering event includes a type selected from the group consisting of:
    - addition of a new user;
      
      removal of an existing user;
      
      modification of permission of an existing user;
      
      addition of a new device;
      
      removal of an existing device; and
      
      relocation of an existing device to a different subnet.
  - 11. The method of claim 9, wherein providing the address information includes providing a host name or an IP address associated with each device on the private network.
  - 12. The method of claim 11, further comprising providing subnet information including host names or IP addresses hosted on each subnet;
    - wherein evaluating the address information includes evaluating the host names or IP addresses associated with the devices on the private network to determine the relevant subnet that host an IP address of a device corresponding to the triggering event.
  - 13. The method of claim 9, wherein automatically updating the authentication information includes readjusting relevant permissions for a user.
  - 14. The method of claim 13, further comprising dynamically creating a list of subnets for VPN access based on the devices each user has permission to access.
  - 15. The method of claim 9, wherein providing the address information includes providing hardware inventory information in a hardware inventory database, wherein the hardware inventory database is updated in real-time when a device is added or removed from the private network.

16. A system for managing VPN access to a network partitioned into a plurality of subnetworks (subnets), the system comprising:
- a first database having first information associated with hardware hosted on one or more subnets;
  
  a second database having second information associated with users for VPN access, wherein the VPN access for each user is determined by a list of hardware each user has permission to access; and
  
  a management module coupled to the first and second databases and operable to;
  
  detect a hardware triggering event corresponding to a modification of the first information of the first database; and
  
  responsive to the detection of the hardware triggering event, automatically update the second information of the second database based on the modification of the first information.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The system of claim 16, wherein the management module is operable to detect the hardware triggering event of a type selected from the group consisting of:
    - addition of new hardware;
      
      removal of existing hardware; and
      
      relocation of existing hardware to a different subnet.
  - 18. The system of claim 16, wherein the first information includes IP addresses or host names associated with the hardware on the network;
    - wherein the first database includes a hardware inventory database that is updated in real-time when hardware is added or removed from the network.
  - 19. The system of claim 16, wherein the management module is operable to dynamically generate each user'"'"'s subnet requirements based on the list of hardware each user has permission to access.
  - 20. The system of claim 16, wherein the management module is operable to automatically update the second information by readjusting relevant permissions for a user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Kyndryl Incorporated (Kyndryl Holdings, Inc.)
Original Assignee
Softlayer Technologies Incorporated (International Business Machines Corporation)
Inventors
Francis, William J., McAloon, Daniel

Granted Patent

US 8,639,801 B2
Time in Patent Office

Days
Field of Search
US Class Current

709/224
CPC Class Codes

H04L 41/50   Network service management,...

H04L 63/0272   Virtual private networks

H04L 63/101   Access control lists [ACL]

REAL-TIME AUTOMATED VIRTUAL PRIVATE NETWORK (VPN) ACCESS MANAGEMENT

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

REAL-TIME AUTOMATED VIRTUAL PRIVATE NETWORK (VPN) ACCESS MANAGEMENT

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links