SECURE ACCESS TO REMOTE RESOURCES OVER A NETWORK

US 20160323286A1
Filed: 07/12/2016
Published: 11/03/2016
Est. Priority Date: 12/10/2003
Status: Active Grant

First Claim

Patent Images

1. A method for securely accessing a remote resource on a remote network, the method comprising:

receiving a communication from a server of the remote resource corresponding to an application residing at a client device over a previously established virtual private network connection, the communication identifying network access information corresponding to the remote resource, wherein the network access information identifies at least one of a network address or a name associated with the remote resource;

intercepting the communication at the client device;

examining the network access information included in the communication from the remote resource server;

comparing the network access information included in the communication received from the remote resource server with information stored in a routing table at the client device;

identifying that the network access information included in the communication is not currently included in the routing table; and

adding the network access information to the routing table at the client.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A client computer hosts a virtual private network tool to establish a virtual private network connection with a remote network. Upon startup, the virtual private network tool collects critical network information for the client computer, and sends this critical network information to an address assignment server in the remote network. The address assignment server compares the critical network information with a pool of available addresses in the remote network, and assigns addresses for use by the client computer that do not conflict with the addresses for local resources. The address assignment server also provides routing information for resources in the remote network to the virtual private network tool. The virtual private network tool will postpone loading this routing information into the routing tables of the client computer until the client computer requests access to a specific resource in the remote network. When the client computer requests access to a specific resource in the remote network, the virtual private network tool will only provide the routing table with the routing information for that specific remote resource.

Citations

20 Claims

1. A method for securely accessing a remote resource on a remote network, the method comprising:
- receiving a communication from a server of the remote resource corresponding to an application residing at a client device over a previously established virtual private network connection, the communication identifying network access information corresponding to the remote resource, wherein the network access information identifies at least one of a network address or a name associated with the remote resource;
  
  intercepting the communication at the client device;
  
  examining the network access information included in the communication from the remote resource server;
  
  comparing the network access information included in the communication received from the remote resource server with information stored in a routing table at the client device;
  
  identifying that the network access information included in the communication is not currently included in the routing table; and
  
  adding the network access information to the routing table at the client.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein a virtual private network tool residing at the client device collects information identifying an internet protocol address for one or more network adapters at the client device.
  - 3. The method of claim 2, wherein the virtual private network tool also collects information regarding a subnet for the one or more network adapters at the client device.
  - 4. The method of claim 1, wherein the client device:
    - the routing table stored includes one or more initial routing rules for accessing a name server in the network, wherein the one or more initial routing rules are limited to one or more routing rules necessary for accessing the remote resource server;
      
      requests access to the remote resource by a client application stored in the memory of the client computing device using the name or the network address of the remote resource;
      
      transmits to the name server an address resolution query for the name of the remote resource based on the one or more initial routing rules;
      
      intercepts a reply from the remote resource server intended for the client application, the reply including a network address corresponding to the name or the network address of the remote resource;
      
      obtains from the memory the routing rule corresponding to the name of the requested resource;
      
      identifies that the client computing device is permitted to access the requested resource based on the routing rule;
      
      generates a routing rule for the network address identified in the reply;
      
      provides to the client application the routing rule for the network address generated from the intercepted reply; and
      
      opens by the client application a secure connection with the remote network based on the routing rule.
  - 5. The method of claim 1, wherein the remote resource server is at least one of is at least one of a Domain Name Server or a Windows Internet Naming Service server.
  - 6. The method of claim 1, wherein the network access information is collected by querying an application program interface (API) at the client device.
  - 7. The method of claim 1, wherein a virtual address is assigned by the remote access server that the client device may use when accessing the remote resource.
  - 8. The method of claim 7, wherein the assigned virtual address does not conflict with network addresses local to the client device.

9. A non-transitory computer readable storage medium having embodied thereon a program executable by a processor for implementing a method for securely accessing a remote resource on a remote network, the method comprising:
- receiving a communication from a server of the remote resource corresponding to an application residing at a client device over a previously established virtual private network connection, the communication identifying network access information corresponding to the remote resource, wherein the network access information identifies at least one of a network address or a name associated with the remote resource;
  
  intercepting the communication at the client device;
  
  examining the network access information included in the communication from the remote resource server;
  
  comparing the network access information included in the communication received from the remote resource server with information stored in a routing table at the client device;
  
  identifying that the network access information included in the communication is not currently included in the routing table; and
  
  adding the network access information to the routing table at the client.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The non-transitory computer readable storage medium of claim 9, wherein a virtual private network tool residing at the client device collects information identifying an internet protocol address for one or more network adapters at the client device.
  - 11. The non-transitory computer readable storage medium of claim 10, wherein the virtual private network tool also collects information regarding a subnet for the one or more network adapters at the client device.
  - 12. The non-transitory computer readable storage medium of claim 9, wherein the client device:
    - the routing table stored includes one or more initial routing rules for accessing a name server in the network, wherein the one or more initial routing rules are limited to one or more routing rules necessary for accessing the remote resource server;
      
      requests access to the remote resource by a client application stored in the memory of the client computing device using the name or the network address of the remote resource;
      
      transmits to the name server an address resolution query for the name of the remote resource based on the one or more initial routing rules;
      
      intercepts a reply from the remote resource server intended for the client application, the reply including a network address corresponding to the name or the network address of the remote resource;
      
      obtains from the memory the routing rule corresponding to the name of the requested resource;
      
      identifies that the client computing device is permitted to access the requested resource based on the routing rule;
      
      generates a routing rule for the network address identified in the reply;
      
      provides to the client application the routing rule for the network address generated from the intercepted reply; and
      
      opens by the client application a secure connection with the remote network based on the routing rule.
  - 13. The non-transitory computer readable storage medium of claim 9, wherein the remote resource server is at least one of is at least one of a Domain Name Server or a Windows Internet Naming Service server.
  - 14. The non-transitory computer readable storage medium of claim 9, wherein the network access information is collected by querying an application program interface (API) at the client device.
  - 15. The non-transitory computer readable storage medium of claim 9, wherein a virtual address is assigned by the remote access server that the client device may use when accessing the remote resource.
  - 16. The non-transitory computer readable storage medium of claim 15, wherein the assigned virtual address does not conflict with network addresses local to the client device.

17. An apparatus for securely accessing a remote resource on a remote network, the apparatus comprising:
- a network interface that receives communication from a server of the remote resource corresponding to an application residing at a client device over a previously established virtual private network connection, the communication identifying network access information corresponding to the remote resource, wherein the network access information identifies at least one of a network address or a name associated with the remote resource;
  
  a memory; and
  
  a processor, wherein the processor executing instructions out of the memory;
  
  intercepts the communication;
  
  examines the network access information included in the communication from the remote resource server;
  
  compares the network access information included in the communication received from the remote resource server with information stored in a routing table stored in the memory;
  
  identifies that the network access information included in the communication is not currently included in the routing table; and
  
  adds the network access information to the routing table at the client.
- View Dependent Claims (18, 19, 20)
- - 18. The apparatus of claim 17, wherein a virtual private network tool residing at the client device collects information identifying an internet protocol address for one or more network.
  - 19. The apparatus of claim 18, wherein the virtual private network tool also collects information regarding a subnet for the one or more network adapters.
  - 20. The apparatus of claim 18, wherein the remote resource server is at least one of is at least one of a Domain Name Server or a Windows Internet Naming Service server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SonicWALL US Holdings, Inc. (SonicWall Holdings Ltd.)
Original Assignee
Aventail LLC
Inventors
Sauve, Bryan, Hoover, Paul Lawrence, Erickson, Rodger Del

Granted Patent

US 10,135,827 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/6218   to a system of files or obj...

H04L 12/4633   Interconnection of networks...

H04L 12/4675   Dynamic sharing of VLAN inf...

H04L 45/021   Ensuring consistency of rou...

H04L 45/745   Address table lookup; Addre...

H04L 61/5046   Resolving address allocatio...

H04L 63/0227   Filtering policies mail mes...

H04L 63/0272   Virtual private networks

H04L 63/10   for controlling access to d...

H04L 67/01   Protocols

H04L 67/63   Routing a service request d...

SECURE ACCESS TO REMOTE RESOURCES OVER A NETWORK

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SECURE ACCESS TO REMOTE RESOURCES OVER A NETWORK

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links