System and method for remote network access
First Claim
Patent Images
1. A system to provide a remote computing client access to resources provided by at least one server in at least one target computing network, comprising:
- a point of presence node communicatively configured to connect to the at least one target computing network; and
at least one Internet Protocol Security concentrator resident in the point of presence node;
at least one access server resident in the point of presence node, wherein the at least one access server comprises a virtual private network module configured to implement a secure communication channel between the remote computing client and the at least one server in the at least one target communication network,wherein the remote computing client comprises a virtual private network module configured to cooperate with the virtual private network module resident in the point of presence node,wherein the virtual private network module in the remote computing client and the virtual private module in the at least one access server are configured to establish an encrypted communication channel between a specific application executing on the remote computing client and the point of presence node,wherein the virtual private network module in the remote computing client is configured to;
generate a first encryption data set comprising a public portion and a private portion, andtransmit the public portion of the first encryption data set to the virtual private network module in the at least one access server in a first session set-up message,wherein the virtual private network module in the at least one access server is configured to;
receive the public portion of the first encryption data set in the first session set-up message,generate a second encryption data set corresponding to the first session set-up message, the second encryption data set comprising a public portion and a private portion,encrypt the public portion of the second encryption data set with a private key of the at least one access server, andtransmit the encrypted public portion of the second encryption data set in a second session set-up message,wherein the virtual private network module in the remote computing client further is configured to;
receive the encrypted public portion of the second encryption data set in the second session set-up message,decrypt the encrypted public portion of the second encryption data set, andif decryption is successful, establish a session between the virtual private network module in the remote computing client and the virtual private network module in the at least one access server,wherein the virtual private network module in the at least one access server further is configured to;
upon establishment of the session between the virtual private network module in the remote computing client and the virtual private network module in the at least one access server, receive an encapsulated network packet, the encapsulated network packet including addressing and network routing information to the server in the target computing network,unwrap the encapsulated network packet,transmit the unwrapped network packet to the server in the target computing network, the unwrapped network packet being transmitted directly to the server in the target computing network,receive a return packet from the target computing network,encapsulating the return packet in a tunnel mode message to be sent to the remote computing client, andtransmit the encapsulated return packet to the remote computing client.
2 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for remote network access are provided. The described methods may be implemented in a computer-readable-medium and executed on a processing device. Software modules resident on one or more networks servers and one or more client computing devices cooperate to provide the client computing device(s) with remote network access.
124 Citations
13 Claims
-
1. A system to provide a remote computing client access to resources provided by at least one server in at least one target computing network, comprising:
-
a point of presence node communicatively configured to connect to the at least one target computing network; and at least one Internet Protocol Security concentrator resident in the point of presence node; at least one access server resident in the point of presence node, wherein the at least one access server comprises a virtual private network module configured to implement a secure communication channel between the remote computing client and the at least one server in the at least one target communication network, wherein the remote computing client comprises a virtual private network module configured to cooperate with the virtual private network module resident in the point of presence node, wherein the virtual private network module in the remote computing client and the virtual private module in the at least one access server are configured to establish an encrypted communication channel between a specific application executing on the remote computing client and the point of presence node, wherein the virtual private network module in the remote computing client is configured to; generate a first encryption data set comprising a public portion and a private portion, and transmit the public portion of the first encryption data set to the virtual private network module in the at least one access server in a first session set-up message, wherein the virtual private network module in the at least one access server is configured to; receive the public portion of the first encryption data set in the first session set-up message, generate a second encryption data set corresponding to the first session set-up message, the second encryption data set comprising a public portion and a private portion, encrypt the public portion of the second encryption data set with a private key of the at least one access server, and transmit the encrypted public portion of the second encryption data set in a second session set-up message, wherein the virtual private network module in the remote computing client further is configured to; receive the encrypted public portion of the second encryption data set in the second session set-up message, decrypt the encrypted public portion of the second encryption data set, and if decryption is successful, establish a session between the virtual private network module in the remote computing client and the virtual private network module in the at least one access server, wherein the virtual private network module in the at least one access server further is configured to; upon establishment of the session between the virtual private network module in the remote computing client and the virtual private network module in the at least one access server, receive an encapsulated network packet, the encapsulated network packet including addressing and network routing information to the server in the target computing network, unwrap the encapsulated network packet, transmit the unwrapped network packet to the server in the target computing network, the unwrapped network packet being transmitted directly to the server in the target computing network, receive a return packet from the target computing network, encapsulating the return packet in a tunnel mode message to be sent to the remote computing client, and transmit the encapsulated return packet to the remote computing client. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A system comprising:
-
at least one access server including a virtual private network module configured to implement a secure communication channel between a virtual private network module resident in a remote computing client and the at least one access server, wherein the virtual private network module in the at least one access server is configured to; receive, from the virtual private network module resident in the remote computing client, a public portion of a first encryption data set in a first session set-up message, generate a second encryption data set corresponding to the first session set-up message, the second encryption data set comprising a public portion and a private portion, encrypt the public portion of the second encryption data set with a private key of the at least one access server, and transmit, to the virtual private network module resident in the remote computing client, the encrypted public portion of the second encryption data set in a second session set-up message, and if decryption of the encrypted second public portion of the second encryption data set is successful, establish a session with the virtual private network module in the remote computing client, upon establishment of the session with the virtual private network module in the remote computing client, receive an encapsulated network packet, the encapsulated network packet including addressing and network routing information to a server in the target computing network, unwrap the encapsulated network packet, transmit the unwrapped network packet to the server in the target computing network, the unwrapped network packet being transmitted directly to the server in the target computing network, receive a return packet from the target computing network, encapsulating the return packet in a tunnel mode message to be sent to the remote computing client, and transmit the encapsulated return packet to the remote computing client.
-
Specification