Uninterrupted virtual private network (VPN) connection service with dynamic policy enforcement

US 8,209,749 B2
Filed: 09/17/2008
Issued: 06/26/2012
Est. Priority Date: 09/17/2008
Status: Active Grant

First Claim

Patent Images

1. A machine-implemented method, comprising:

receiving a request to change an Internet Protocol (IP) address for an existing Virtual Private Network (VPN) session between a VPN client and a VPN server, wherein the new IP address is to replace an existing IP address being used in the existing VPN session;

updating a VPN connection table entry for the VPN session with the new IP address; and

supplying a new credential for the VPN client to automatically re-authenticate during the existing VPN session to the new IP address without the VPN client losing service to the existing VPN session, wherein the new credential is to be used to replace an existing credential being used for authentication to the existing VPN session and the existing IP address, the new credential authenticates to the new IP address and the existing VPN session.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques for uninterrupted virtual private network (VPN) connection service with dynamic policy enforcement are provided. An existing VPN session between a VPN client and a VPN server detects a change in a VPN network being used for the existing VPN session. New credentials and new policies are received by the VPN client. The new credentials are automatically used to re-authenticate the VPN client to the change during the existing VPN session, and the new policies are dynamically used to enforce the new policies during the existing VPN session on the VPN client.

42 Citations

View as Search Results

14 Claims

1. A machine-implemented method, comprising:
- receiving a request to change an Internet Protocol (IP) address for an existing Virtual Private Network (VPN) session between a VPN client and a VPN server, wherein the new IP address is to replace an existing IP address being used in the existing VPN session;
  
  updating a VPN connection table entry for the VPN session with the new IP address; and
  
  supplying a new credential for the VPN client to automatically re-authenticate during the existing VPN session to the new IP address without the VPN client losing service to the existing VPN session, wherein the new credential is to be used to replace an existing credential being used for authentication to the existing VPN session and the existing IP address, the new credential authenticates to the new IP address and the existing VPN session.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein receiving further includes receiving the request from a control path manager that manages a control path of the VPN session on the VPN client.
  - 3. The method of claim 2, wherein receiving further includes verifying the request from control path manager using one or more cookies retrieved from the VPN client.
  - 4. The method of claim 1, wherein supplying further includes generating a random username and password as the new credential.
  - 5. The method of claim 1, wherein supplying further includes also supplying new dynamic policies for the new IP address that are to be enforced during the existing VPN session on the VPN client.
  - 6. The method of claim 1 further comprising, recognizing and managing the existing VPN session as a Secure Socket Layer (SSL) VPN session.
  - 7. The method of claim 1 further comprising, setting a second VPN connection entry for the existing VPN session to uninitialized to ensure that previous issued credentials for the existing VPN session cannot be used to re-authenticate to the existing VPN session rather the new credential when supplied back from a data path manager of the VPN client permits re-authentication to the existing VPN session and the new IP address and at that point the second VPN connection entry for the existing VPN session is set to connected.

8. A machine-implemented method, comprising:
- receiving notification from a network change detection module on a Virtual Private Network (VPN) client that an Internet Protocol (IP) address being used in an existing authenticated Secure Socket Layer (SSL) VPN session between a data path manager of the VPN client and a VPN server has changed during the existing SSL VPN session;
  
  submitting a request to a VPN connection manager to change an existing IP address being used with the existing SSL VPN session to the IP address while maintaining the existing SSL VPN session;
  
  receiving new credentials from the VPN connection manager to make the change to the IP address during the existing SSL VPN session; and
  
  supplying the new credentials to the data path manager for use in automatically re-authenticating to the existing SSL VPN session and to the IP address while maintaining the existing SSL VPN session.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The method of claim 8 further comprising, submitting the new credentials to the VPN connection manager to automatically re-authenticate on behalf of the VPN client to the existing SSL VPN session and the IP address while maintaining the existing SSL VPN session.
  - 10. The method of claim 8 further comprising, processing the method within a control path manager on the VPN client for the existing SSL VPN session.
  - 11. The method of claim 10 further comprising, maintaining a connection between the control path manager on the VPN client and the VPN connection manager when the existing IP address changes to the IP address via a Hypertext Transfer Protocol (HTTP) connection or a HTTP over SSL (HTTPS) connection.
  - 12. The method of claim 8, wherein receiving further includes acquiring new policies from the VPN connection manager that are to be enforced during the existing SSL VPN session.
  - 13. The method of claim 12 further comprising, supplying the new policies to the data path manager for enforcement within the existing SSL VPN session once the data path manager automatically re-authenticates to the existing SSL VPN session and to the IP address.
  - 14. The method of claim 8, wherein submitting further includes authenticating to the VPN connection manner for purposes of having the request honored by the VPN connection manager.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Apple Inc.
Original Assignee
Apple Inc.
Inventors
Babula, Allu, Attur, Vishnu Govind, Ananda, Gautham Chambrakana
Primary Examiner(s)
Dinh, Minh

Application Number

US12/211,912
Publication Number

US 20100071043A1
Time in Patent Office

1,378 Days
Field of Search

None
US Class Current

726/15
CPC Class Codes

H04L 63/0272   Virtual private networks

H04L 63/083   using passwords cryptograph...

H04L 63/102   Entity profiles

Uninterrupted virtual private network (VPN) connection service with dynamic policy enforcement

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

42 Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Uninterrupted virtual private network (VPN) connection service with dynamic policy enforcement

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

42 Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links