Client-side network access policies and management applications

US 8,200,773 B2
Filed: 09/30/2002
Issued: 06/12/2012
Est. Priority Date: 09/28/2001
Status: Active Grant

First Claim

Patent Images

1. A remote access client for enabling communication between a remote data terminal configured to access a public network;

and an enterprise network, the communication being by way of a VPN tunnel through the public network, the remote access client comprising;

a connection agent on the remote data terminal configured to establish, in accordance with a selected carrier of the public network, a connection to a point of presence on the public network; and

at least one application program interface (API) on the remote data terminal, the remote access client employing the at least one API to exchange data with a predetermined application on the remote data terminal to receive verification of a predetermined status of said predetermined application, wherein said predetermined application is launched by the remote access client in accordance with a client policy of the remote access client, the remote access client enabling the connection agent to establish the connection to the point of presence upon receipt of said verification;

wherein the connection to the point of presence enables establishment of the VPN tunnel in accordance with a VPN client on the remote data terminal for transporting data between the remote data terminal and the enterprise network across the public network.

View all claims

13 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A remote access client is provided for enabling communication between a remote data terminal configured to access a public network, and an enterprise network by way of a VPN tunnel through the public network. The remote access client includes at least one application program interface (API) to receive a first verification of the operating state of a predetermined application of the remote data terminal to enable a connection agent for establishing a point of presence on the public network. Upon connection to the point of presence, the API exchanges data between the remote access client and the predetermined application of the remote data terminal. The remote access client receives a second periodic verification of the operating state of the predetermined application via the API for terminating the connection to the point of presence upon the absence of the second verification. The point of presence enables the VPN tunnel for transporting data from the remote data terminal to the enterprise network across the public network.

121 Citations

View as Search Results

21 Claims

1. A remote access client for enabling communication between a remote data terminal configured to access a public network;
- and an enterprise network, the communication being by way of a VPN tunnel through the public network, the remote access client comprising;
  
  a connection agent on the remote data terminal configured to establish, in accordance with a selected carrier of the public network, a connection to a point of presence on the public network; and
  
  at least one application program interface (API) on the remote data terminal, the remote access client employing the at least one API to exchange data with a predetermined application on the remote data terminal to receive verification of a predetermined status of said predetermined application, wherein said predetermined application is launched by the remote access client in accordance with a client policy of the remote access client, the remote access client enabling the connection agent to establish the connection to the point of presence upon receipt of said verification;
  
  wherein the connection to the point of presence enables establishment of the VPN tunnel in accordance with a VPN client on the remote data terminal for transporting data between the remote data terminal and the enterprise network across the public network.
- View Dependent Claims (2, 3)
- - 2. The remote access client of claim 1, wherein the selected carrier of the public network is one of a plurality of available carriers.
  - 3. The remote access client of claim 1, wherein the client policy is resident in a memory of the remote data terminal and identifies a firewall program as the predetermined application.

4. A remote access client for enabling communication between a remote data terminal configured to access a public network;
- and an enterprise network, the communication being by way of a VPN tunnel through the public network, the remote access client comprising;
  
  a connection agent on the remote data terminal configured to establish, in accordance with a selected carrier of the public network, a connection to a point of presence on the public network; and
  
  at least one application program interface (API) on the remote data terminal, the remote access client employing the at least one API to exchange data with a predetermined application of the remote data terminal upon connection to the point of presence, the predetermined application having been launched by the remote access client prior to the connection to the point of presence in accordance with a client policy of the remote access client, and the at least one API receiving periodic verification of a predetermined status of the predetermined application;
  
  wherein the connection to the point of presence enables establishment of the VPN tunnel in accordance with a VPN client on the remote data terminal for transporting data between the remote data terminal and the enterprise network across the public network andwherein the connection agent terminates the connection to the point of presence upon the absence of said verification.
- View Dependent Claims (5, 6, 7)
- - 5. The remote access client of claim 4, further comprising a daemon for actively monitoring the operating state of the predetermined application.
  - 6. The remote access client of claim 4, wherein the selected carrier of the public network is one of a plurality of available roaming carriers.
  - 7. The remote access client of claim 4, wherein the client policy is resident in a memory of the remote data terminal and identifies a firewall program as the predetermined application.

8. A method of enabling communication between a remote data terminal configured to access a public network;
- and an enterprise network, the communication being by way of a VPN tunnel through the public network, the method comprising;
  
  launching a remote access client of the remote data terminal, the remote access client having at least one application program interface (API);
  
  launching a predetermined application of the remote data terminal in accordance with a client policy of the remote access client, the remote access client employing the at least one API to exchange data with the predetermined application to receive verification of a predetermined status of the predetermined application; and
  
  enabling a connection agent to establish a connection to a point of presence upon receipt of said verification;
  
  wherein the connection to the point of presence enables establishment of the VPN tunnel in accordance with a VPN client on the remote data terminal for transporting data between the remote data terminal and the enterprise network across the public network.
- View Dependent Claims (9)
- - 9. The method of claim 8, further comprising:
    - updating the client policy upon connection to the point of presence.

10. A method of enabling communication between a remote data terminal configured to access a public network;
- and an enterprise network, the communication being by way of a VPN tunnel through the public network, the method comprising;
  
  launching a remote access client of the remote data terminal, the remote access client having at least one application program interface (API);
  
  launching a predetermined application of the remote data terminal in accordance with a client policy of the remote access client, the remote access client employing the at least one API to receive a first verification of a first predetermined status of the predetermined application and to exchange data with the predetermined application;
  
  enabling a connection agent to establish a connection to the point of presence upon receipt of said first verification, the connection to the point of presence enabling establishment of the VPN tunnel in accordance with a VPN client on the remote data terminal for transporting data between the remote data terminal and the enterprise network across the public network;
  
  periodically receiving a second verification of a second predetermined status of the predetermined application via the at least one API; and
  
  terminating the connection to the point of presence upon the absence of said second verification.

11. A non-transitory computer readable recording medium including computer program instructions that cause a computer to implement a method to access a public network;
- and an enterprise network by way of a VPN tunnel through the public network, the method comprising;
  
  launching a remote access client of the remote data terminal, the remote access client having at least one application program interface (API);
  
  launching a predetermined application of the remote data terminal in accordance with a client policy of the remote access client, the remote access client employing the at least one API to receive a first verification of a first predetermined status of the predetermined application and to exchange data with the predetermined application;
  
  enabling a connection agent to establish a connection to a point of presence upon receipt of said first verification, the connection to the point of presence enabling establishment of the VPN tunnel in accordance with a VPN client on the remote data terminal for transporting data between the remote data terminal and the enterprise network across the public network;
  
  periodically receiving a second verification of the a second predetermined status operating state of the predetermined application via the at least one API; and
  
  terminating the connection to the point of presence upon the absence of said second verification.

12. A virtual private network system for accessing a public network;
- and an enterprise network by way of a VPN tunnel through the public network, the system comprising;
  
  a remote data terminal including;
  
  i. a remote access client for enabling establishment of a data communications link for transporting data over a VPN link in accordance with a VPN protocol of a VPN client on the remote data terminal, the remote access client having a connection agent for establishing, in accordance with a selected carrier of the public network, a connection to a point of presence on the public network, and at least one application program interface (API), the remote access client employing the at least one API to exchange data with a predetermined application of the remote data terminal to receive a verification of a predetermined status of said predetermined application, the remote access client enabling the connection agent to establish the connection to the point of presence upon receipt of said verification,ii. a policy profile for identifying the predetermined application and the predetermined status, the predetermined application being launched by the remote access client in accordance with a policy in the policy profile, andiii. a user experience log for storing at least one connection parameter detailing a connection history between the remote data terminal and a point of presence of an access provider, the connection to the point of presence being established in response to commands from the connection agent for providing the connection upon receipt of said verification, the access provider receiving the contents of the user experience log from the remote data terminal upon connection;
  
  wherein the connection to the point of presence enables establishment of the VPN tunnel in accordance with the VPN client for transporting data between the remote data terminal to and the enterprise network across the public network.
- View Dependent Claims (13, 14, 15, 16)
- - 13. The system of claim 12 wherein upon receipt of said verification, the remote data terminal receives updates from the access provider for altering the contents of the policy profile.
  - 14. The system of claim 12 further comprising:
    - a phone book for providing information of at least one of a country, region, city, phone number, login method, and internet service provider to the connection agent of the remote access client.
  - 15. The system of claim 14, wherein;
    - upon receipt of said verification, the remote data terminal receives updates from the access provider for altering the contents of the phone book.
  - 16. The system of claim 15, wherein the phonebook updates are in accordance with the connection parameters uploaded in the user experience logs.

17. A method of providing access to an enterprise network by way of a public network, for enabling a virtual private network connection between the private network and a remote data terminal via the public network, comprising:
- providing an application suite to a remote user of the remote data terminal, the application suite including;
  
  i. a remote access client configuring a VPN link between the enterprise network and the remote data terminal in accordance with a VPN client on the remote data terminal,ii. at least one policy-compliant application,iii. at least one application program interface (API) for use by the remote access client to exchange data with the at least one policy-compliant application to receive verification of a predetermined status of the at least one policy-compliant application, andiv. a phone book including contact indicia for establishing connection to the public network via the remote access client,wherein a policy profile of the remote data terminal is employed for detailing the cooperative execution of the at least one policy-compliant application relative to the remote access client, the at least one policy-compliant application being launched by the remote access client and the predetermined status of the at least one policy-complaint application being verified before establishment of the connection to the public network.
- View Dependent Claims (18, 19, 20, 21)
- - 18. The method of claim 17, wherein the application suite includes a utility for uploading user experience data to the public network.
  - 19. The method of claim 17, wherein the application includes a utility for receiving updates to the policy profile from the public network.
  - 20. The method of claim 17, wherein the method further comprises:
    - providing updates to the policy profile to the remote data terminal upon connection to the public network.
  - 21. The method of claim 17, wherein a second predetermined status of the predetermined application is verified before the VPN client is initialized and a VPN tunnel between the VPN client and the enterprise network is established.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Ginegar LLC (K.Mizra LLC)
Original Assignee
Fiberlink Communications Corporation (International Business Machines Corporation)
Inventors
Bluestone, Derek, Adams, Clint, Lebel, Pierre-Philippe, Yalamarti, Srinivas
Primary Examiner(s)
Lazaro, David
Assistant Examiner(s)
HENRY, MARIEGEORGES A

Application Number

US10/490,103
Publication Number

US 20050022012A1
Time in Patent Office

3,543 Days
Field of Search

709/203, 709217-220, 709/223, 709/229, 709/227
US Class Current

709/217
CPC Class Codes

G06F 21/53   by executing in a restricte...

H04L 12/2856   Access arrangements, e.g. I...

H04L 12/2859   Point-to-point connection b...

H04L 12/2876   Handling of subscriber poli...

H04L 12/4641   Virtual LANs, VLANs, e.g. v...

H04L 63/0272   Virtual private networks

H04L 63/104   Grouping of entities

H04L 63/20   for managing network securi...

Client-side network access policies and management applications

First Claim

13 Assignments

0 Petitions

Accused Products

Abstract

121 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Client-side network access policies and management applications

First Claim

13 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

121 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links