System and method for remote network access

US 8,332,464 B2
Filed: 12/15/2003
Issued: 12/11/2012
Est. Priority Date: 12/13/2002
Status: Expired due to Fees

First Claim

Patent Images

1. A system to provide a remote computing client access to resources provided by at least one server in at least one target computing network, comprising:

a point of presence node communicatively configured to connect to the at least one target computing network; and

at least one Internet Protocol Security concentrator resident in the point of presence node;

at least one access server resident in the point of presence node, wherein the at least one access server comprises a virtual private network module configured to implement a secure communication channel between the remote computing client and the at least one server in the at least one target communication network,wherein the remote computing client comprises a virtual private network module configured to cooperate with the virtual private network module resident in the point of presence node,wherein the virtual private network module in the remote computing client and the virtual private module in the at least one access server are configured to establish an encrypted communication channel between a specific application executing on the remote computing client and the point of presence node,wherein the virtual private network module in the remote computing client is configured to;

generate a first encryption data set comprising a public portion and a private portion, andtransmit the public portion of the first encryption data set to the virtual private network module in the at least one access server in a first session set-up message,wherein the virtual private network module in the at least one access server is configured to;

receive the public portion of the first encryption data set in the first session set-up message,generate a second encryption data set corresponding to the first session set-up message, the second encryption data set comprising a public portion and a private portion,encrypt the public portion of the second encryption data set with a private key of the at least one access server, andtransmit the encrypted public portion of the second encryption data set in a second session set-up message,wherein the virtual private network module in the remote computing client further is configured to;

receive the encrypted public portion of the second encryption data set in the second session set-up message,decrypt the encrypted public portion of the second encryption data set, andif decryption is successful, establish a session between the virtual private network module in the remote computing client and the virtual private network module in the at least one access server,wherein the virtual private network module in the at least one access server further is configured to;

upon establishment of the session between the virtual private network module in the remote computing client and the virtual private network module in the at least one access server, receive an encapsulated network packet, the encapsulated network packet including addressing and network routing information to the server in the target computing network,unwrap the encapsulated network packet,transmit the unwrapped network packet to the server in the target computing network, the unwrapped network packet being transmitted directly to the server in the target computing network,receive a return packet from the target computing network,encapsulating the return packet in a tunnel mode message to be sent to the remote computing client, andtransmit the encapsulated return packet to the remote computing client.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for remote network access are provided. The described methods may be implemented in a computer-readable-medium and executed on a processing device. Software modules resident on one or more networks servers and one or more client computing devices cooperate to provide the client computing device(s) with remote network access.

124 Citations

View as Search Results

13 Claims

1. A system to provide a remote computing client access to resources provided by at least one server in at least one target computing network, comprising:
- a point of presence node communicatively configured to connect to the at least one target computing network; and
  
  at least one Internet Protocol Security concentrator resident in the point of presence node;
  
  at least one access server resident in the point of presence node, wherein the at least one access server comprises a virtual private network module configured to implement a secure communication channel between the remote computing client and the at least one server in the at least one target communication network,wherein the remote computing client comprises a virtual private network module configured to cooperate with the virtual private network module resident in the point of presence node,wherein the virtual private network module in the remote computing client and the virtual private module in the at least one access server are configured to establish an encrypted communication channel between a specific application executing on the remote computing client and the point of presence node,wherein the virtual private network module in the remote computing client is configured to;
  
  generate a first encryption data set comprising a public portion and a private portion, andtransmit the public portion of the first encryption data set to the virtual private network module in the at least one access server in a first session set-up message,wherein the virtual private network module in the at least one access server is configured to;
  
  receive the public portion of the first encryption data set in the first session set-up message,generate a second encryption data set corresponding to the first session set-up message, the second encryption data set comprising a public portion and a private portion,encrypt the public portion of the second encryption data set with a private key of the at least one access server, andtransmit the encrypted public portion of the second encryption data set in a second session set-up message,wherein the virtual private network module in the remote computing client further is configured to;
  
  receive the encrypted public portion of the second encryption data set in the second session set-up message,decrypt the encrypted public portion of the second encryption data set, andif decryption is successful, establish a session between the virtual private network module in the remote computing client and the virtual private network module in the at least one access server,wherein the virtual private network module in the at least one access server further is configured to;
  
  upon establishment of the session between the virtual private network module in the remote computing client and the virtual private network module in the at least one access server, receive an encapsulated network packet, the encapsulated network packet including addressing and network routing information to the server in the target computing network,unwrap the encapsulated network packet,transmit the unwrapped network packet to the server in the target computing network, the unwrapped network packet being transmitted directly to the server in the target computing network,receive a return packet from the target computing network,encapsulating the return packet in a tunnel mode message to be sent to the remote computing client, andtransmit the encapsulated return packet to the remote computing client.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The system of claim 1, wherein:
    - the virtual private network module in the remote computing client communicates with the virtual private network module in the at least one access server using a message exchange mode; and
      
      the virtual private network module in the remote computing client receives application layer data from at least one application executing on the remote computing client.
  - 3. The system of claim 2, wherein the virtual private network module in the at least one access server is configured to implement a proxy client for at least one application executing on the remote computing client.
  - 4. The system of claim 1, wherein the remote computing device further comprises a reconfiguration system module configured to collect system configuration data relating to the remote computing device, generate a system configuration file, and stores the system configuration file in a memory module in the remote computing device.
  - 5. The system of claim 4, wherein the at least one access server comprises:
    - a central policy manager module configured to establish configuration policies for one or more remote clients that access resources via the virtual private network module; and
      
      a reconfiguration system module configured to cooperate with the reconfiguration system module in the remote computing device to impose configuration changes on the remote computing device.
  - 6. The system of claim 4, wherein the reconfiguration system is configured to implement an atomic reconfiguration process on the remote computing device.
  - 7. The system of claim 4, wherein the remote computing device comprises a client application tunneling module, wherein the client application tunneling module is configured to extract destination IP addresses and port numbers from communication packets and invoke the reconfiguration system module to reconfigure a name-to-address mapping for communications between the remote computing device and an application executing on a remote server.
  - 8. The system of claim 1, wherein the remote computing device comprises a local proxy module that emulates an HTTP proxy server.
  - 9. The system of claim 1, wherein at least one server in the point of presence node comprises a network address translation module configured to perform network address translation on incoming and outgoing packets to enable remote access to resources on one or more networks outside the at least one target computing network.
  - 10. The system of claim 9, wherein the network address translation module is configured to automatically determine a network configuration for the at least one target computing network.
  - 11. The system of claim 1, wherein:
    - the at least one access server comprises a first network backup module;
      
      the remote computing client comprises a second network backup module; and
      
      the first network backup module and the second network backup module are configured to back up and restore one or more files from the at least one server.
  - 12. The system of claim 11, wherein the first network backup module is configured to maintain incremental backups of files used by the remote computing client.

13. A system comprising:
- at least one access server including a virtual private network module configured to implement a secure communication channel between a virtual private network module resident in a remote computing client and the at least one access server,wherein the virtual private network module in the at least one access server is configured to;
  
  receive, from the virtual private network module resident in the remote computing client, a public portion of a first encryption data set in a first session set-up message,generate a second encryption data set corresponding to the first session set-up message, the second encryption data set comprising a public portion and a private portion,encrypt the public portion of the second encryption data set with a private key of the at least one access server, andtransmit, to the virtual private network module resident in the remote computing client, the encrypted public portion of the second encryption data set in a second session set-up message, andif decryption of the encrypted second public portion of the second encryption data set is successful, establish a session with the virtual private network module in the remote computing client,upon establishment of the session with the virtual private network module in the remote computing client, receive an encapsulated network packet, the encapsulated network packet including addressing and network routing information to a server in the target computing network,unwrap the encapsulated network packet,transmit the unwrapped network packet to the server in the target computing network, the unwrapped network packet being transmitted directly to the server in the target computing network,receive a return packet from the target computing network,encapsulating the return packet in a tunnel mode message to be sent to the remote computing client, andtransmit the encapsulated return packet to the remote computing client.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Anxebusiness Corporation (Open Text Corporation)
Original Assignee
Anxebusiness Corporation (Open Text Corporation)
Inventors
Dispensa, Steve, Miller, Matt, Schroeder, Wayne, Sloderbeck, Jason
Primary Examiner(s)
BURGESS, BARBARA N

Application Number

US10/737,200
Publication Number

US 20060031407A1
Time in Patent Office

3,284 Days
Field of Search

709/200, 709/202, 709/203, 709/217, 709/219, 709/227
US Class Current

709/203
CPC Class Codes

H04L 61/00   Network arrangements, proto...

H04L 61/25   of the same type

H04L 63/0272   Virtual private networks

H04L 63/20   for managing network securi...

System and method for remote network access

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

124 Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for remote network access

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

124 Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links