Systems and methods for providing a VPN solution

US 7,978,716 B2
Filed: 12/17/2008
Issued: 07/12/2011
Est. Priority Date: 11/24/2003
Status: Active Grant

First Claim

Patent Images

1. A method for securing, by a client, private network communications to a server via a gateway, the method comprising:

(a) establishing, by a pseudo server of a device, a secure communications link to a gateway in communication with a server on a private network, the pseudo server operating at a transport layer of a network stack of the device;

(b) receiving, by an address inspection driver of the device, network traffic generated by an application running on the device, the address inspection driver operating at a layer of the network stack below the transport layer;

(c) identifying, by the address inspection driver, that the network traffic is addressed to the server;

(d) communicating, by the address inspection driver, to the pseudo server the network traffic addressed to the server; and

(e) modifying, by the pseudo server, the network traffic for transmission via the transport layer to the gateway.

View all claims

10 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system, apparatus and a method for implementing a secured communications link at a layer other than that at which packets are filtered are disclosed. In one embodiment, a computer system is configured to form a virtual private network (“VPN”) and comprises an address inspection driver to identify initial target packet traffic addressed to a target server. Also, the computer system includes a pseudo server module to receive rerouted initial target packet traffic from the address inspection driver. The pseudo server module is configured to convey packet regeneration instructions to a VPN gateway. The address inspection driver functions to identify additional target packet traffic addressed to the target server and routes the additional target packet traffic to the pseudo server. In one embodiment, the pseudo server is configured to strip header information from the additional target packet traffic to form a payload, and thereafter, to route the payload to the target.

329 Citations

20 Claims

1. A method for securing, by a client, private network communications to a server via a gateway, the method comprising:
- (a) establishing, by a pseudo server of a device, a secure communications link to a gateway in communication with a server on a private network, the pseudo server operating at a transport layer of a network stack of the device;
  
  (b) receiving, by an address inspection driver of the device, network traffic generated by an application running on the device, the address inspection driver operating at a layer of the network stack below the transport layer;
  
  (c) identifying, by the address inspection driver, that the network traffic is addressed to the server;
  
  (d) communicating, by the address inspection driver, to the pseudo server the network traffic addressed to the server; and
  
  (e) modifying, by the pseudo server, the network traffic for transmission via the transport layer to the gateway.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein step (a) further comprises establishing by the pseudo server a secure tunnel over the transport layer to the gateway.
  - 3. The method of claim 1, wherein step (b) further comprises operating the address inspection driver at a network layer of the network stack.
  - 4. The method of claim 1, wherein step (b) further comprises operating the address inspection driver at a data link layer of the network stack.
  - 5. The method of claim 1, wherein step (b) further comprises intercepting, by the address inspection driver, the network traffic of the application.
  - 6. The method of claim 1, wherein step (c) further comprises identifying, by the address inspection driver, that the network traffic of the application is destined to the private network.
  - 7. The method of claim 1, wherein step (d) further comprises rerouting, by the address inspection driver, the network traffic to a port listened to by the pseudo server.
  - 8. The method of claim 7, further comprising sending, by the address inspection driver, control information via control packets to the pseudo server, the control information identifying one or more of the following:
    - a local device address, and modifications to a packet to form a rerouted packet.
  - 9. The method of claim 1, wherein step (e) further comprises stripping, by the pseudo server, header information to form the modified network traffic and transmitting the modified network traffic to the gateway.
  - 10. The method of claim 1, wherein step (e) further comprises adding, by the pseudo server, to the modified network traffic regeneration instructions to instruct the gateway on regenerating the stripped header information on the private network.

11. A system for securing by a client communications to a server on a private network via a gateway, the system comprising:
- a pseudo server of a device establishing a secure communications link to a gateway in communication with a server on a private network, the pseudo server operating at a transport layer of a network stack of the device;
  
  an address inspection driver of the device receiving network traffic generated by an application running on the device, the address inspection driver operating at a layer of the network stack below the transport layer;
  
  wherein the address inspection driver identifies that the network traffic is addressed to the server and communicates to the pseudo server the network traffic addressed to the server; and
  
  wherein the pseudo server modifies the network traffic for transmission via the transport layer to the gateway.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The system of claim 11, wherein the pseudo server establishes a secure tunnel over the transport layer to the gateway.
  - 13. The system of claim 11, wherein the address inspection driver operates at a network layer of the network stack.
  - 14. The system of claim 11, wherein the address inspection driver operates at a data link layer of the network stack.
  - 15. The system of claim 11, wherein the address inspection driver intercepts the network traffic of the application.
  - 16. The system of claim 11, wherein the address inspection driver identifies that the network traffic of the application is destined to the private network.
  - 17. The system of claim 11, wherein the address inspection driver reroutes the network traffic to a port listened to by the pseudo server.
  - 18. The system of claim 17, wherein the address inspection driver sends control information via control packets to the pseudo server, the control information identifying one or more of the following:
    - a local device address, and modifications to a packet to form a rerouted packet.
  - 19. The system of claim 11, wherein the pseudo server strips header information to form the modified network traffic and transmits the modified network traffic to the gateway.
  - 20. The system of claim 19, wherein the pseudo server adds to the modified network traffic regeneration instructions to instruct the gateway on regenerating the stripped header information on the private network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Citrix Systems, Inc. (Cloud Software Group)
Original Assignee
Citrix Systems, Inc. (Cloud Software Group)
Inventors
Rao, Goutham P., Brueggemann, Eric, Rodriguez, Robert
Primary Examiner(s)
HO, DUC CHI

Application Number

US12/336,795
Publication Number

US 20090158418A1
Time in Patent Office

937 Days
Field of Search

None
US Class Current

370/401
CPC Class Codes

H04L 63/0236   Filtering by address, proto...

H04L 63/0272   Virtual private networks

H04L 63/164   at the network layer

H04L 63/166   at the transport layer

H04L 69/324   in the data link layer [OSI...

H04L 69/325   in the network layer [OSI l...

H04L 69/326   in the transport layer [OSI...

Systems and methods for providing a VPN solution

First Claim

10 Assignments

0 Petitions

Accused Products

Abstract

329 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for providing a VPN solution

First Claim

10 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

329 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links