Secure access to remote resources over a network

US 7,698,388 B2
Filed: 10/29/2007
Issued: 04/13/2010
Est. Priority Date: 12/10/2003
Status: Active Grant

First Claim

Patent Images

1. An apparatus for securely accessing remote resources over a network, the apparatus comprising:

a physical network adapter configured to interface with and communicate over a public network, the physical network adapter being associated with critical network information including an Internet Protocol address;

a virtual private network application stored in memory and executable by a processor at the apparatus to provide a secure communication channel for accessing remote resources in a private network via the physical network adapter and public network;

a virtual network adapter stored in memory and executable by a processor at the apparatus to simulate operation of the physical network adapter, the virtual network adapter being associated with a virtual Internet Protocol address that does not conflict with the Internet Protocol address of the physical network adapter; and

a routing table stored in memory, the routing table configured to maintain network address routes for accessing remote resources in the private network, wherein the network address routes maintained in the routing table are populated by execution of the virtual private network application.

View all claims

18 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A client computer hosts a virtual private network tool to establish a virtual private network connection with a remote network. Upon startup, the virtual private network tool collects critical network information for the client computer, and sends this critical network information to an address assignment server in the remote network. The address assignment server compares the critical network information with a pool of available addresses in the remote network, and assigns addresses for use by the client computer that do not conflict with the addresses for local resources. The address assignment server also provides routing information for resources in the remote network to the virtual private network tool. The virtual private network tool will postpone loading this routing information into the routing tables of the client computer until the client computer requests access to a specific resource in the remote network. When the client computer requests access to a specific resource in the remote network, the virtual private network tool will only provide the routing table with the routing information for that specific remote resource.

112 Citations

View as Search Results

14 Claims

1. An apparatus for securely accessing remote resources over a network, the apparatus comprising:
- a physical network adapter configured to interface with and communicate over a public network, the physical network adapter being associated with critical network information including an Internet Protocol address;
  
  a virtual private network application stored in memory and executable by a processor at the apparatus to provide a secure communication channel for accessing remote resources in a private network via the physical network adapter and public network;
  
  a virtual network adapter stored in memory and executable by a processor at the apparatus to simulate operation of the physical network adapter, the virtual network adapter being associated with a virtual Internet Protocol address that does not conflict with the Internet Protocol address of the physical network adapter; and
  
  a routing table stored in memory, the routing table configured to maintain network address routes for accessing remote resources in the private network, wherein the network address routes maintained in the routing table are populated by execution of the virtual private network application.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The apparatus of claim 1, wherein the virtual network adapter is instantiated by and as a part of the execution of the virtual private network application.
  - 3. The apparatus of claim 1, wherein the virtual private network application is further executable to establish a secure communication channel with an authentication server on the remote network.
  - 4. The apparatus of claim 3, wherein the virtual private network application establishes the secure communication channel with the authentication server after the authentication server has authenticated the identity of the apparatus.
  - 5. The apparatus of claim 4, wherein the virtual private network application establishes the secure communication channel with the authentication server after the operating environment of apparatus has been authenticated by the authentication server.
  - 6. The apparatus of claim 3, wherein the virtual private network application establishes the secure communication channel with the authentication server after the authentication server has established the identity of a user associated with the apparatus.
  - 7. The apparatus of claim 3, wherein the virtual private network application establishes a connection with a special purpose server prior to establishing the secure communication channel with the authentication server whereby the special purpose server facilitates establishment of the secure communication channel with the authentication server.
  - 8. The apparatus of claim 3, wherein the virtual private network application establishes the secure communication channel using a secure sockets layer protocol.
  - 9. The apparatus of claim 3, wherein the virtual private network application is further executable to collect critical network information associated with the physical network adapter.
  - 10. The apparatus of claim 9, wherein the critical network information is selected from a group consisting of a subnet of the physical network adapter, an Internet Protocol address of a default gateway used by a local area network communicatively coupled to the physical network adapter, an Internet Protocol address of a Domain Name Server or Windows Internet Name Service Server being used by the physical network adapter, the network address of a Dynamic Host Configuration Protocol Server being used by the physical network adapter, and a domain suffix for a local area network communicatively coupled to the physical network adapter.
  - 11. The apparatus of claim 9, wherein the virtual private network application is further executable to provide the critical network information to an address assignment server on the private network.
  - 12. The apparatus of claim 11, wherein the network address routes for accessing remote resources in the private network and maintained at the apparatus are received by the virtual private network application from the address assignment server.
  - 13. The apparatus of claim 12, wherein the network address routes correspond to a rule generated by the address assignment server based on one or more policy rules for the remote resources to be accessed.
  - 14. The apparatus of claim 13, wherein the rule generated by the address assignment server further includes results generated by the address assignment server having compared the critical network information to available addresses in an address pool database maintained on the private network, the available addresses having been generated by the authentication server following authentication of the apparatus.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Aventail LLC
Original Assignee
Aventail LLC
Inventors
Erickson, Rodger Del, Sauve, Bryan, Hoover, Paul Lawrence
Primary Examiner(s)
Hu; Jinsong

Application Number

US11/927,250
Publication Number

US 20080162726A1
Time in Patent Office

897 Days
Field of Search

709/219, 709/220, 709/222, 709/236, 709/237, 709/238, 370/351, 370/352
US Class Current

709/219
CPC Class Codes

G06F 21/6218   to a system of files or obj...

H04L 12/4633   Interconnection of networks...

H04L 12/4675   Dynamic sharing of VLAN inf...

H04L 45/021   Ensuring consistency of rou...

H04L 45/745   Address table lookup; Addre...

H04L 61/5046   Resolving address allocatio...

H04L 63/0227   Filtering policies mail mes...

H04L 63/0272   Virtual private networks

H04L 63/10   for controlling access to d...

H04L 67/01   Protocols

H04L 67/63   Routing a service request d...

Secure access to remote resources over a network

First Claim

18 Assignments

0 Petitions

Accused Products

Abstract

112 Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Secure access to remote resources over a network

First Claim

18 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

112 Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links