Establishing a secure connection with a private corporate network over a public network

US 7,127,742 B2
Filed: 01/24/2001
Issued: 10/24/2006
Est. Priority Date: 01/24/2001
Status: Active Grant

First Claim

Patent Images

1. In a network environment that includes a public network and a private network, the public network including a client external to the private network, a method of a communications device of the external client establishing a secure connection over a public network to the private network without restricting the communications device to working through the private network, the method comprising the following:

a specific act of the external client establishing a connection with a virtual private network access server of the private network over the public network using the communication device, the virtual private network server providing the external client access to the private network as though the external client is part of the private network;

a specific act of the external client providing security to the connection through a communication protocol that resides at or above a socket layer in a protocol stack the external client uses to communicate data;

a specific act of the external client maintaining a session that uses the secure connection to communicate with the private network; and

during at least a portion of the specific act of the external client maintaining a session that uses the secure connection, a specific act of the communication device retaining the ability to establish a separate and distinct connection with another resource outside of the private network.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An external client securely accesses a private corporate network using a communications device, but without the communications device being required to communicate through the private corporate network when communicating with resources external to the private corporate network. The external client establishes a connection with the private corporate network over the public network such as the Internet using, for example, Transmission Control Protocol (TCP). The external client then provides security to the connection by running, for example, the Secure Socket Layer (SSL) protocol over the TCP protocol. During the ensuing session with the private corporate network, the communications device establishes a subsequent connection(s) with the external resource.

Citations

23 Claims

1. In a network environment that includes a public network and a private network, the public network including a client external to the private network, a method of a communications device of the external client establishing a secure connection over a public network to the private network without restricting the communications device to working through the private network, the method comprising the following:
- a specific act of the external client establishing a connection with a virtual private network access server of the private network over the public network using the communication device, the virtual private network server providing the external client access to the private network as though the external client is part of the private network;
  
  a specific act of the external client providing security to the connection through a communication protocol that resides at or above a socket layer in a protocol stack the external client uses to communicate data;
  
  a specific act of the external client maintaining a session that uses the secure connection to communicate with the private network; and
  
  during at least a portion of the specific act of the external client maintaining a session that uses the secure connection, a specific act of the communication device retaining the ability to establish a separate and distinct connection with another resource outside of the private network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 18)
- - 2. A method in accordance with claim 1, further comprising:
    - during at least a portion of the specific act of the external client maintaining a session that uses the secure connection, a specific act of establishing a connection with the resource outside of the private network.
  - 3. A method in accordance with claim 1, wherein the specific act of the external client establishing a connection with the private network comprises:
    - a specific act of using Transmission Control Protocol (TCP) to establish a connection with the private network.
  - 4. A method in accordance with claim 3, wherein the specific act of the external client providing security to the connection comprises:
    - a specific act of the external client using a Secure Socket Layer (SSL) protocol to provide security to the connection.
  - 5. A method in accordance with claim 1, wherein the specific act of the external client providing security to the connection comprises:
    - a specific act of the external client using a Secure Socket Layer (SSL) protocol to provide security to the connection.
  - 6. A method in accordance with claim 1, wherein the specific act of the external client providing security to the connection comprises:
    - a specific act of the external client using a Wireless Transport Layer Security (WTLS) to provide security to the connection.
  - 7. A method in accordance with claim 1, wherein the Virtual Private Network (VPN) access server is implemented on the same server machine as a proxy server that serves the private network.
  - 8. A method in accordance with claim 1, wherein the Virtual Private Network (VPN) access server is implemented on a different server machine than a proxy server that serves the private network.
  - 9. A method in accordance with claim 1, wherein the public network comprises portions of the Internet.
  - 18. A method in accordance with claim 9, wherein the public network comprises portions of the Internet.

10. In a computer program product for use in a network environment that includes a public network and a private network, the public network including a client external to the private network, the computer program product for implementing a method of a communications device of the external client establishing a secure connection over a public network to the private network without restricting the communications device to working through the private network, the computer program product including a computer-readable medium having stored thereon computer-executable instructions for performing the following:
- a specific act of the external client establishing a connection with a virtual private network access server of the private network, over the public network using the communication device, the virtual private network server providing the external client access to the private network as though the external client is part of the private network;
  
  a specific act of the external client providing security to the connection through a communication protocol that resides at or above a socket layer in a protocol stack the external client uses to communicate data;
  
  a specific act of the external client maintaining a session that uses the secure connection to communicate with the private network; and
  
  during at least a portion of the specific act of the external client maintaining a session that uses the secure connection, a specific act of the communication device retaining the ability to establish a separate and distinct connection with another resource outside of the private network.
- View Dependent Claims (11, 12, 13, 14, 15)
- - 11. A computer program product in accordance with claim 10, wherein the computer-readable media comprises a tangible computer readable medium.
  - 12. A computer program product in accordance with claim 10, wherein the computer-executable instructions for performing the specific act of the external client establishing a connection with the private network comprises a Transmission Control Protocol (TCP) module.
  - 13. A computer program product in accordance with claim 12, wherein the computer-executable instructions for performing a specific act of the external client providing security to the connection comprises a Secure Socket Layer (SSL) module.
  - 14. A computer program product in accordance with claim 10, wherein the computer-executable instructions for performing a specific act of the external client providing security to the connection comprises a Secure Socket Layer (SSL) module.
  - 15. A computer program product in accordance with claim 10, wherein the computer-executable instructions for performing a specific act of the external client providing security to the connection comprises a Wireless Transport Layer Security (WTLS) module.

16. In a network environment that includes a public network and a private network, the public network including a client external to the private network, a method of a communications device of the external client establishing a secure connection over a public network to the private network without restricting the communications device to working through the private network, the method comprising the following:
- a step for securely connecting to a virtual private network access server of the private network through a communication protocol that resides at or above a socket layer in a protocol stack that the external client uses to communicate data in order to retain the ability to establish a separate and distinct connection with a resource outside of the private network, the virtual private network access server providing the external client access to the private network as though the external client is part of the private network; and
  
  while securely connected to the virtual private network access server, a specific act of accessing the resource outside, of the private network.
- View Dependent Claims (17)
- - 17. A method in accordance with claim 16, wherein the step for securely connecting to the private network comprises the following:
    - a specific act of the external client establishing a connection with the private network over the public network using the communication device;
      
      a specific act of the external client providing security to the connection; and
      
      a specific act of the external client maintaining a session that uses the secure connection to communicate with the private network.

19. In a network environment that includes a public network and a private network connected to the public network, the public network including a client external to the private network, a method of a server computer system within a private network establishing a secure connection with a communications device of the external client without restricting the communications device to working through the private network, the method comprising the following:
- a specific act of a virtual private network access server within the private network facilitating the establishment of a connection with the external client over the public network, the virtual private network server providing the external client access to the private network as though the external client is part of the private network; and
  
  a specific act of the server computer system facilitating the providing of security to the connection through a communication protocol that resides at or above a socket layer in a protocol stack used to communicate data, wherein the secure connection is established while allowing the external client to maintain the ability to establish a separate and distinct connection directly with one or more external resources rather than having to route communication with the one or more external resources through the private network.
- View Dependent Claims (20, 21, 22, 23)
- - 20. A method in accordance with claim 19, wherein the public network comprises portions of the Internet.
  - 21. A method in accordance with claim 19, wherein the specific act of the server computer system facilitating the establishment of a connection with the external client comprises:
    - a specific act of using Transmission Control Protocol (TCP), to facilitate the establishment of a connection with the external client.
  - 22. A method in accordance with claim 19, wherein the specific act of the server computer system facilitating the providing of security to the connection comprises:
    - a specific act of using Secure Socket Layer (SSL), to facilitate the providing of security to the connection.
  - 23. A method in accordance with claim 19, wherein the specific act of the server computer system facilitating the providing of security to the connection comprises:
    - a specific act of using Wireless Transport Layer Security (WTLS), to facilitate the providing of security to the connection.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Fishman, Neil S., Kramer, Michael, Kadyk, Donald J.
Primary Examiner(s)
Smithers, Matthew
Assistant Examiner(s)
Fields, Courtney D.

Application Number

US09/768,673
Publication Number

US 20020099957A1
Time in Patent Office

2,099 Days
Field of Search

713/201, 713/150, 713/152, 713/154, 713/160, 713/161, 713/162, 713/163, 380/255, 380/256, 380/270, 380/272, 380/274, 709/250, 709/227, 709/228, 709/229, 726/15, 726/12, 726/14
US Class Current

726/15
CPC Class Codes

H04L 63/0272   Virtual private networks

H04L 63/0281   Proxies

H04L 63/029   Firewall traversal, e.g. tu...

H04L 63/166   at the transport layer

Establishing a secure connection with a private corporate network over a public network

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Establishing a secure connection with a private corporate network over a public network

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links