SYSTEMS AND METHODS FOR ESTABLISHING SECURE VIRTUAL PRIVATE NETWORK COMMUNICATIONS USING NON-PRIVILEGED VPN CLIENT

US 20120278878A1
Filed: 04/27/2011
Published: 11/01/2012
Est. Priority Date: 04/27/2011
Status: Abandoned Application

First Claim

Patent Images

1. A method for establishing a secure VPN (virtual private network) connection, comprising:

launching a VPN client running in non-privileged user space of a computing device;

launching a network protocol stack running in non-privileged user space of the computing device; and

establishing a secure VPN communication between an application running in non-privileged user space of the computing device and a remote server using the VPN client and network protocol stack running in non-privileged user space.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods are provided for establishing secure VPN communications using processes executing in unprivileged user space. For example, systems and methods for establishing secure VPN communications implement user mode VPN clients and user mode network protocol stacks (e.g., TCP/IP stacks) that operate in user space without root access to an operating system of a computing device.

39 Citations

View as Search Results

25 Claims

1. A method for establishing a secure VPN (virtual private network) connection, comprising:
- launching a VPN client running in non-privileged user space of a computing device;
  
  launching a network protocol stack running in non-privileged user space of the computing device; and
  
  establishing a secure VPN communication between an application running in non-privileged user space of the computing device and a remote server using the VPN client and network protocol stack running in non-privileged user space.
- View Dependent Claims (2, 3, 4, 5, 6, 11, 12, 13)
- - 2. The method of claim 1, wherein launching a VPN client and network protocol stack comprises making functions calls to a VPN library accessible in non-privileged user space of the computing device.
  - 3. The method of claim 2, wherein the VPN library comprises embedded code of the application.
  - 4. The method of claim 1, wherein launching a network protocol stack comprises initializing a user mode TCP/IP protocol stack in non-privileged user space.
  - 5. The method of claim 1, wherein establishing a secure VPN communication comprises forwarding traffic associated with the secure VPN communication through ports on a local loopback interface of an operating system of the computing device to VPN library functions.
  - 6. The method of claim 1, further comprising implementing a communication protocol for communication between the VPN client and the network protocol stack in non-privileged user space.
  - 11. The method of claim 1, further comprising launching a port forwarder process running in non-privileged user space of the computing device, which controls forwarding and rerouting of secure VPN traffic through a loopback process.
  - 12. The method of claim 11, wherein the loopback process comprises TCP port forwarding secure VPN traffic through a loopback interface of a native TCP/IP stack.
  - 13. The method of claim 11, wherein the loopback process comprises a DNS (domain name server) interception process.

7. The method of claim 7, wherein the communication protocol is implemented using sockets.
- View Dependent Claims (8, 9, 10)
- - 8. The method of claim 7, wherein the communication protocol is implemented using pipes.
  - 9. The method of claim 7, wherein the communication protocol is implemented using transport layer interface communications using data streams.
  - 10. The method of claim 7, wherein the communication protocol is implemented using interprocess messaging primitives.

14. An article of manufacture comprising a computer readable storage medium comprising program code embodied thereon, which when executed by a computer, performs a method for establishing a secure VPN (virtual private network) connection, the method comprising:
- launching a VPN client running in non-privileged user space of a computing device;
  
  launching a network protocol stack running in non-privileged user space of the computing device; and
  
  establishing a secure VPN communication between an application running in non-privileged user space of the computing device and a remote server using the VPN client and network protocol stack running in non-privileged user space.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21)
- - 15. The article of manufacture of claim 14, wherein launching a VPN client and network protocol stack comprises making functions calls to a VPN library accessible in non-privileged user space of the computing device.
  - 16. The article of manufacture of claim 15, wherein the VPN library comprises embedded code of the application.
  - 17. The article of manufacture of claim 14, wherein launching a network protocol stack comprises initializing a user mode TCP/IP protocol stack in non-privileged user space.
  - 18. The article of manufacture of claim 14, wherein establishing a secure VPN communication comprises forwarding traffic associated with the secure VPN communication through ports on a local loopback interface of an operating system of the computing device to VPN library functions.
  - 19. The article of manufacture of claim 14, further comprising program code which is executable for implementing a communication protocol for communication between the VPN client and the network protocol stack in non-privileged user space.
  - 20. The article of manufacture of claim 14, further comprising program code which is executable for launching a port forwarder process running in non-privileged user space of the computing device, which controls forwarding and rerouting of secure VPN traffic through a loopback process.
  - 21. The article of manufacture of claim 14, wherein the loopback process comprises TCP port forwarding secure VPN traffic through a loopback interface of a native TCP/IP stack.

22. A system for establishing a secure VPN (virtual private network) connection, comprising:
- a memory; and
  
  a processor coupled to the memory and configured to execute code stored in the memory for;
  
  launching a VPN client running in non-privileged user space of a computing device;
  
  launching a network protocol stack running in non-privileged user space of the computing device; and
  
  establishing a secure VPN communication between an application running in non-privileged user space of the computing device and a remote server using the VPN client and network protocol stack running in non-privileged user space.
- View Dependent Claims (23, 24, 25)
- - 23. The system of claim 22, wherein launching a user mode VPN client and user mode network protocol stack comprises making functions calls to a VPN library accessible in non-privileged user space of the computing device.
  - 24. The system of claim 22, wherein the VPN library comprises embedded code of the application.
  - 25. The system of claim 22, wherein establishing a secure VPN communication comprises forwarding traffic associated with the secure VPN communication through ports on a local loopback interface of an operating system of the computing device to VPN library functions.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Fletcher, Benjamin L., Barkie, Eric J., Wyskida, Andrew P.

Application Number

US13/095,437
Publication Number

US 20120278878A1
Time in Patent Office

Days
Field of Search
US Class Current

726/15
CPC Class Codes

H04L 63/0272 Virtual private networks

H04L 63/0485 Networking architectures fo...

SYSTEMS AND METHODS FOR ESTABLISHING SECURE VIRTUAL PRIVATE NETWORK COMMUNICATIONS USING NON-PRIVILEGED VPN CLIENT

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

39 Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEMS AND METHODS FOR ESTABLISHING SECURE VIRTUAL PRIVATE NETWORK COMMUNICATIONS USING NON-PRIVILEGED VPN CLIENT

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

39 Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links