SYSTEMS AND METHODS FOR PROVIDING A VPN SOLUTION

US 20110231929A1
Filed: 05/31/2011
Published: 09/22/2011
Est. Priority Date: 11/11/2003
Status: Active Grant

First Claim

Patent Images

1. A method for securing a private network communications to a server, the method comprising:

(a) filtering, by an address inspection driver of a device, packets from outgoing network traffic generated by an application of the device, the filtered packets identified as destined for a server on a private network;

(b) reconfiguring, by the address inspection driver, the filtered packets as incoming packets that are rerouted to a port;

(c) receiving, by a pseudo server of the device, the filtered packets via the port; and

(d) transmitting, by the pseudo server, a payload of the filtered packets via a secure communications link to a gateway in communication with the server on a private network.

View all claims

10 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system, apparatus and a method for implementing a secured communications link at a layer other than that at which packets are filtered are disclosed. In one embodiment, a computer system is configured to form a virtual private network (“VPN”) and comprises an address inspection driver to identify initial target packet traffic addressed to a target server. Also, the computer system includes a pseudo server module to receive rerouted initial target packet traffic from the address inspection driver. The pseudo server module is configured to convey packet regeneration instructions to a VPN gateway. The address inspection driver functions to identify additional target packet traffic addressed to the target server and routes the additional target packet traffic to the pseudo server. In one embodiment, the pseudo server is configured to strip header information from the additional target packet traffic to form a payload, and thereafter, to route the payload to the target.

114 Citations

View as Search Results

20 Claims

1. A method for securing a private network communications to a server, the method comprising:
- (a) filtering, by an address inspection driver of a device, packets from outgoing network traffic generated by an application of the device, the filtered packets identified as destined for a server on a private network;
  
  (b) reconfiguring, by the address inspection driver, the filtered packets as incoming packets that are rerouted to a port;
  
  (c) receiving, by a pseudo server of the device, the filtered packets via the port; and
  
  (d) transmitting, by the pseudo server, a payload of the filtered packets via a secure communications link to a gateway in communication with the server on a private network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein step (a) further comprises intercepting, by the address inspection driver, network traffic of the application.
  - 3. The method of claim 1, wherein step (a) further comprises filtering, by the address inspection driver, network traffic at a network layer of a network stack of the device.
  - 4. The method of claim 1, wherein step (a) further comprises filtering, by the address inspection driver, network traffic at a data link layer of a network stack of the device.
  - 5. The method of claim 1, wherein step (b) further comprises reconfiguring, by the address inspection driver, the filtered packets to identify a destination address of a local host.
  - 6. The method of claim 1, wherein step (b) further comprises reconfiguring, by the address inspection driver, the filtered packets to identify a loop back address of a network stack of the device.
  - 7. The method of claim 1, wherein step (c) further comprises listening, by the pseudo server, on the port for filtered packets.
  - 8. The method of claim 1, wherein step (d) further comprises stripping, by the pseudo server, header information from the filtered packets.
  - 9. The method of claim 1, wherein step (e) further comprises transmitting, by the pseudo server to the gateway, instructions on regenerating the stripped header information on the private network.
  - 10. The method of claim 1, wherein step (e) further comprises encrypting, by the pseudo server, the payload of the filtered packets.

11. A method for communicating packets from real time applications via a secure communications link, the method comprising:
- (a) intercepting, by an address inspection driver of a device, packets from outgoing real-time packet traffic generated by a real-time application of the device, the packets comprising user datagram protocol (UDP) packets identified as destined for a server on a private network;
  
  (b) communicating, by the address inspection driver, the packets to a pseudo server executing on the device and having a secure communications link to a gateway in communication with the server on the private network(c) modifying, by a pseudo server, the packets to comprise UDP packets flagged as transport control protocol (TCP) packets; and
  
  (d) transmitting, by the pseudo server, the modified packets via the secure communications link to the gateway.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The method of claim 11, wherein step (a) further comprises intercepting, by the address inspection driver, packets from outgoing real-time packet traffic comprising one of video or audio data.
  - 13. The method of claim 11, wherein step (a) further comprises filtering, by the address inspection driver, network traffic at a network layer of a network stack of the device.
  - 14. The method of claim 11, wherein step (a) further comprises filtering, by the address inspection driver, network traffic at a data link layer of a network stack of the device.
  - 15. The method of claim 11, wherein step (b) further comprises reconfiguring, by the address inspection driver, the packets to identify a destination address of a local host.
  - 16. The method of claim 11, wherein step (b) further comprises reconfiguring, by the address inspection driver, the packets to identify a loop back address of a network stack of the device.
  - 17. The method of claim 11, wherein step (b) further comprises listening, by the pseudo server, on a port for packets communicated by the address inspection driver.
  - 18. The method of claim 11, wherein step (c) further comprises flagging, by the pseudo server, UDP packets as TCP packets by setting a flag in an Internet Protocol header of the UDP packets.
  - 19. The method of claim 11, wherein step (c) further comprises modifying, by the pseudo server, an Internet Protocol header of the UDP packets to masquerade the UDP packets as TCP packets.
  - 20. The method of claim 11, wherein step (d) further comprises transmitting, by the pseudo server, the modified packets via a raw socket connection.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Citrix Systems, Inc. (Cloud Software Group)
Original Assignee
Citrix Systems, Inc. (Cloud Software Group)
Inventors
BRUEGGEMANN, ERIC, RODRIGUEZ, ROBERT, RAO, GOUTHAM P.

Granted Patent

US 8,559,449 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/13
CPC Class Codes

H04L 63/0236   Filtering by address, proto...

H04L 63/0272   Virtual private networks

H04L 63/164   at the network layer

H04L 63/166   at the transport layer

H04L 69/324   in the data link layer [OSI...

H04L 69/325   in the network layer [OSI l...

H04L 69/326   in the transport layer [OSI...

SYSTEMS AND METHODS FOR PROVIDING A VPN SOLUTION

First Claim

10 Assignments

0 Petitions

Accused Products

Abstract

114 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEMS AND METHODS FOR PROVIDING A VPN SOLUTION

First Claim

10 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

114 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links