System and method for establishing a virtual private network
First Claim
1. A method for establishing an encrypted virtual private network between a client and a private data communication network, wherein the client is connected to the private data communication network via a public data communication network, comprising:
- establishing an encrypted data communication session with a client over the public data communication network; and
sending a programming component to the client for automatic installation and execution thereon in response to establishment of the encrypted data communication session;
wherein upon execution the programming component installs a device driver in a network stack of the client, the device driver configured to intercept communications from client applications destined for resources on the private data communication network and to send the intercepted communications to the programming component, the programming component encapsulating payload from the intercepted communications and sending the encapsulated payload to a gateway via the encrypted data communication session instead of to the resources on the private data communication network.
10 Assignments
0 Petitions
Accused Products
Abstract
A system and method for establishing a virtual private network (VPN) between a client and a private data communication network. An encrypted data communication session, such as a Secure Sockets Layer (SSL) data communication session, is established between a gateway and the client over a public data communication network. The gateway then sends a programming component to the client for automatic installation and execution thereon. The programming component operates to intercept communications from client applications destined for resources on the private data communication network and to send the intercepted communications to the gateway via the encrypted data communication session instead of to the resources on the private data communication network.
340 Citations
45 Claims
-
1. A method for establishing an encrypted virtual private network between a client and a private data communication network, wherein the client is connected to the private data communication network via a public data communication network, comprising:
-
establishing an encrypted data communication session with a client over the public data communication network; and sending a programming component to the client for automatic installation and execution thereon in response to establishment of the encrypted data communication session; wherein upon execution the programming component installs a device driver in a network stack of the client, the device driver configured to intercept communications from client applications destined for resources on the private data communication network and to send the intercepted communications to the programming component, the programming component encapsulating payload from the intercepted communications and sending the encapsulated payload to a gateway via the encrypted data communication session instead of to the resources on the private data communication network. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 44, 45)
-
-
11. A method for establishing a virtual private network between a client and a private data communication network, wherein the private data communication network is connected to the client via a public data communication network, comprising:
-
establishing an encrypted data communication session with a gateway over the public data communication network; sending a first program to a client for automatic installation thereon in response to establishment of the encrypted data communication session, wherein upon execution the first program installs a second program in a network stack of the client, the second program configured to intercept communications from client applications destined for resources on the private data communication network and to send the intercepted communications to the first program; intercepting, by the second program operating as a filter in the network stack of a client, a communication from a client application destined for a resource on the private data communication network; and sending, by the second program, the intercepted communication to the first program; encapsulating, by the first program, payload from the intercepted communication; and sending, by the first program, the encapsulated payload via the encrypted data communication session to the gateway instead of to the resource on the private data communication network. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
-
-
22. A gateway, comprising:
-
means for establishing an encrypted data communication session with a client over a public data communication network; and means for sending a programming component to the client for automatic installation and execution thereon in response to establishment of the encrypted data communication session; wherein upon execution the programming component installs a device driver in a network stack of the client, the device driver configured to intercept communications from client applications destined for resources on a private data communication network and send the intercepted communications to the programming component, the programming component encapsulating payload from the intercepted communications and sending the encapsulated payload to a gateway via the encrypted data communication session instead of to the resources on the private data communication network. - View Dependent Claims (23, 24, 25, 26, 27, 28, 29, 30, 31)
-
-
32. A client, comprising:
-
means for establishing an encrypted data communication session with a gateway over a public data communication network; means for sending a first program to a client for automatic installation thereon in response to establishment of the encrypted data communication session, wherein upon execution the first program installs a second program in a network stack of the client, the second program configured to intercept communications from client applications destined for resources on a private data communication network and to send the intercepted communications to the first program; means for intercepting a communication by the second program of the network stack from a client application destined for a resource on a private data communication network; means for sending the intercepted communication to the first program; means for encapsulating payload from the intercepted communication; and means for sending the encapsulated payload to the gateway instead of to the resource on the private data communication network. - View Dependent Claims (33, 34, 35, 36, 37, 38, 39, 40, 41, 42)
-
-
43. A method for establishing an encrypted virtual private network between a client and a private data communication network, wherein the client is connected to the private data communication network via a public data communication network, comprising:
-
establishing, by a client, an encrypted data communication session with a gateway over a network; and receiving, by the client, a programming component from the gateway in response to the establishment of the encrypted data communication session, the programming component configured for automatic installation and execution on an application layer of the client, the programming component comprising a device driver; wherein upon execution the programming component installs the device driver in a transport layer of the client, the device driver configured to intercept communications from client applications destined for resources on the private data communication network and to send the intercepted communications to the programming component, the programming component encapsulating payload from the intercepted communications and sending the encapsulated payload to the gateway via the encrypted data communication session instead of to the resources on the private data communication network.
-
Specification