VPN network client for mobile device having fast reconnect

US 8,464,336 B2
Filed: 12/14/2010
Issued: 06/11/2013
Est. Priority Date: 06/30/2010
Status: Active Grant

First Claim

Patent Images

1. A cellular mobile device comprising:

a transmitter and receiver to send and receive cellular communications in the form of radio frequency signals;

a microprocessor;

a virtual private network (VPN) network client executing on the microprocessor to establish a secure VPN connection with a remote VPN security device, wherein the VPN network client processes network packets for securely tunneling the network packets between the cellular mobile device and the remote VPN security device,wherein the VPN network client establishes a secure control channel with the remote VPN security device for the secure VPN connection and, upon a successful authentication, receives a session cookie with a unique identifier,wherein, in the event communication with the remote VPN security device is temporarily lost, the VPN network client performs a fast reconnect without requiring re-authentication of the cellular mobile device by communicating the session cookie to the remote VPN security device, andwherein, prior to performing the fast reconnect, the VPN network client identifies a set of transport mechanisms currently available to the cellular mobile device and, when only a cellular network is available and not a wireless packet-based connection, the VPN network client defers the fast reconnect to the cellular network until application-layer data is received from a user application and is ready to be sent to the remote VPN security device via the VPN connection.

View all claims

13 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A virtual private network client for cellular mobile devices is described. The VPN network client establishes a secure VPN connection with a remote VPN security device. The VPN network client establishes a secure control channel with the secure VPN gateway and, upon a successful authentication, receives a session cookie with a unique identifier. In the event communication with the secure VPN gateway is subsequently temporarily lost, the VPN network client performs a fast reconnect without requiring re-authentication of the cellular mobile device by communicating the session cookie to the secure VPN gateway. Prior to performing the fast reconnect, the VPN network client identifies a set of transport mechanisms currently available to the cellular mobile device and, when only a cellular network is available and not a wireless packet-based connection, the VPN network client defers the fast reconnect until application-layer data is received from a user application and is ready to be sent to the remote VPN security device via the VPN connection.

105 Citations

View as Search Results

23 Claims

1. A cellular mobile device comprising:
- a transmitter and receiver to send and receive cellular communications in the form of radio frequency signals;
  
  a microprocessor;
  
  a virtual private network (VPN) network client executing on the microprocessor to establish a secure VPN connection with a remote VPN security device, wherein the VPN network client processes network packets for securely tunneling the network packets between the cellular mobile device and the remote VPN security device,wherein the VPN network client establishes a secure control channel with the remote VPN security device for the secure VPN connection and, upon a successful authentication, receives a session cookie with a unique identifier,wherein, in the event communication with the remote VPN security device is temporarily lost, the VPN network client performs a fast reconnect without requiring re-authentication of the cellular mobile device by communicating the session cookie to the remote VPN security device, andwherein, prior to performing the fast reconnect, the VPN network client identifies a set of transport mechanisms currently available to the cellular mobile device and, when only a cellular network is available and not a wireless packet-based connection, the VPN network client defers the fast reconnect to the cellular network until application-layer data is received from a user application and is ready to be sent to the remote VPN security device via the VPN connection.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 22, 23)
- - 2. The cellular mobile device of claim 1, further comprising:
    - an operating system executing on the microprocessor to provide an operating environment of application software,wherein the VPN network client exchanges the network packets with the operating system to encrypt output network packets and decrypt inbound network packets to securely tunnel the network packets.
  - 3. The cellular mobile device of claim 2,wherein the multi-service network client further comprises a data acceleration module that applies at least one acceleration service to the network packets from the VPN handler,wherein the VPN network client comprises a multi-service network client registered with the operating system as a single application,wherein the multi-service network client comprises:
    - a VPN handler to exchange the network packets with the operating system;
      
      a security manager to receive the decrypted network packets from the VPN handler and apply at least one security service to the network packets, wherein the security manager applies anti-virus and spyware services to the network packets, wherein the security manager provides an interface by which the VPN handler determines whether a user of the cellular mobile device has activated and registered the security manager, and wherein the VPN handler requires an affirmative indication from the security manager prior to establishing the VPN connection with the remote VPN security device; and
      
      a VPN control application that provides a unified user interface that allows a user to configure both the VPN handler and the security manager.
  - 4. The cellular mobile device of claim 3, wherein the multi-service network client comprises a single distribution package.
  - 5. The cellular mobile device of claim 3, wherein the VPN control application presents a unified user interface for configuring anti-virus settings and personal firewall settings of the security manager.
  - 6. The cellular mobile device of claim 3,wherein the VPN handler comprises a host checker module that inventories a state of the cellular mobile device and builds a health status report, andwherein the host checker outputs the health status report to the remote VPN security device prior to establishing the VPN connection for determining whether the cellular mobile device is compliant with corporate policies.
  - 7. The cellular mobile device of claim 3, wherein the data acceleration module provides a local content cache.
  - 8. The cellular mobile device of claim 3, wherein the data acceleration module provides a client-side decompression service that operates in conjunction with an upstream acceleration device to provide real-time, continuous pattern recognition and compression of data flows within the network packets.
  - 9. The cellular mobile device of claim 3, wherein the data acceleration module provides application-specific protocol optimization for control flows within the network packets.
  - 10. The cellular mobile device of claim 3, wherein the multi-service network client further comprises one or more collaboration components that process the packets from the VPN handler, wherein collaboration components provide collaboration services including at least one of a network meeting, a secure desktop or a document sharing service.
  - 11. The cellular mobile device of claim 3,wherein the VPN control application provides a user interface that allows a user to disable VPN connectivity, andwherein, when VPN connectivity is disabled, the VPN handler exchanges the network packets with the operating system and transparently provides the packets to the security manager for application of the security service.
  - 12. The cellular mobile device of claim 3, wherein the user interface of the VPN control applications allows the user to submit credentials and instruct the VPN handler to dynamically instantiate the secure VPN connection or deconstruct an existing VPN connection.
  - 13. The cellular mobile device of claim 3,wherein upon establishing the VPN connection the VPN control application receives a web-based home page from the secure VPN device via an Hypertext Transfer Protocol Secure (HTTPS) response,wherein the secure VPN connection dynamically parses HyperText Markup Language (HTML) bookmark links from the HTTPS response and renders a bookmark window using input controls native to the cellular mobile device, where each of the input controls corresponds to a different one of the bookmarks links parsed from the HTML response received from the remote VPN security device, andwherein, upon selection of one of the input controls, the VPN control application formulates and outputs an appropriate HTTP string to the secure VPN device as if a corresponding HTML link were selected by the user.
  - 14. The cellular mobile device of claim 13,wherein the VPN control application detects a bookmark within the HTML response that corresponding to a webmail for the user, andwherein, upon detecting the bookmark for the webmail, the VPN control application dynamically constructs the user interface to have an input control for launching a native email client of the cellular mobile device to access the webmail without launching a web browser.
  - 15. The cellular mobile device of claim 3, wherein the VPN handler and the VPN control application are configured to be independently upgradable.
  - 22. The cellular mobile device of claim 1wherein the VPN network client receives an event from an operating system executing on the cellular mobile device indicating that the application-layer data is pending to be sent via the VPN connection, andwherein the VPN network performs the fast reconnect to the cellular network upon receiving the event from the operating system.
  - 23. The method of claim 1wherein the VPN network client receives an event from an operating system executing on the cellular mobile device indicating that the application-layer data is pending to be sent via the VPN connection, andwherein the VPN network client performs the fast reconnect to the cellular network only upon receiving the event from the operating system.

16. A system comprising:
- a virtual private network (VPN) security device coupled to a packet network;
  
  a cellular mobile device comprising a microprocessor and a virtual private network (VPN) network client executing on the microprocessor to establish a VPN connection with the VPN security device,wherein the VPN handler establishes a secure control channel with the VPN security device for the secure VPN connection and, upon a successful authentication, receives a session cookie with a unique identifier,wherein, in the event communication with the VPN security device is temporarily lost, the VPN handler performs a fast reconnect without requiring re-authentication of the cellular mobile device by communicating the session cookie to the secure VPN gateway, andwherein, prior to performing the fast reconnect, the VPN handler identifies a set of transport mechanisms currently available to the cellular mobile device and, when only a cellular network is available and not a wireless packet-based connection, the VPN handler defers the fast reconnect to the cellular network until application-layer data is received from a user application and is ready to be sent to the VPN security device via the VPN connection.

17. A method comprising:
- executing a virtual private network (VPN) network client on a processor of a cellular mobile device;
  
  establishing, with the VPN network client, a secure VPN connection with a secure VPN gateway;
  
  upon a successful authentication, receiving from the secure VPN gateway a session cookie with a unique identifier with the VPN client;
  
  detecting with the VPN network client that communication with the secure VPN gateway is temporarily lost and, in response, identifying a set of transport mechanisms currently available to the cellular mobile device;
  
  when a wireless local area network connection is available to the cellular mobile device, performing a fast reconnect without requiring re-authentication of the cellular mobile device by communicating the session cookie to the secure VPN gateway via the wireless packet-based network connection; and
  
  when only a cellular packet-based network connection is available to the cellular mobile device and not the wireless local area network connection, deferring the fast reconnect to the cellular network until application-layer data is received from a user application and is ready to be sent to the secure VPN gateway via the VPN connection over the cellular packet-based network connection.
- View Dependent Claims (18)
- - 18. The method of claim 17, wherein identifying a set of transport mechanisms comprises receiving a semaphore signal from an operating system of the cellular mobile device to determine whether the wireless local area network connection and the cellular packet-based network connection are available to the cellular mobile device.

19. A non-transitory computer-readable medium storing a downloadable distribution package comprising software program code to execute a virtual private network (VPN) network client on a processor within a cellular device, wherein the multi-service network client comprises:
- wherein the VPN network client is programmed to establish a secure control channel with a secure VPN gateway for a secure VPN connection and, upon a successful authentication, receives a session cookie with a unique identifier,wherein the VPN network client is programmed to, in the event communication with the secure VPN gateway is temporarily lost, performs a fast reconnect of the secure VPN connection without requiring re-authentication of the cellular mobile device by communicating the session cookie to the secure VPN gateway, andwherein the VPN network client is programmed to, prior to performing the fast reconnect, identify a set of transport mechanisms currently available to the cellular mobile device and, when only a cellular network is available and not a wireless packet-based connection, defer the fast reconnect to the cellular network until application-layer data is received from a user application and is ready to be sent to the secure VPN gateway via the secure VPN connection.

20. A method comprising:
- receiving, with a cellular mobile device, a distribution software package from an electronic repository, wherein the distribution software package includes a virtual private network (VPN) network client programmed to;
  
  (1) establish a secure communication session with a secure VPN gateway for a secure VPN connection and, upon a successful authentication, receive a session cookie with a unique identifier, (2), in the event communication with the secure VPN gateway is temporarily lost, perform a fast reconnect without requiring re-authentication of the cellular mobile device by communicating the session cookie to the secure VPN gateway, (3) prior to performing the fast reconnect, identify a set of transport mechanisms currently available to the cellular mobile device and, (4) when only a cellular network is available and not a wireless packet-based connection, defer the fast reconnect to the cellular network until application-layer data is received from a user application and is ready to be sent to the secure VPN gateway via the secure VPN connection; and
  
  installing the network client on the cellular mobile device including registering the VPN handler with an operating system of the cellular mobile device, wherein the VPN handler provides a single point of entry for network packets from the operating system to apply VPN services with the VPN handler and security services with the security manager.

21. A method comprising:
- receiving, from a cellular mobile device, a request to download a single distribution software package that includes a virtual private network (VPN) network client, wherein the VPN network client is programmed to;
  
  (1) establish a secure VPN connection with a secure VPN gateway and, upon a successful authentication, receive a session cookie with a unique identifier, (2), in the event communication with the secure VPN gateway is temporarily lost, perform a fast reconnect without requiring re-authentication of the cellular mobile device by communicating the session cookie to the secure VPN gateway, (3) prior to performing the fast reconnect, identify a set of transport mechanisms currently available to the cellular mobile device and, (4) when only a cellular network is available and not a wireless packet-based connection, defer the fast reconnect until application-layer data is received from a user application and is ready to be sent to the secure VPN gateway via the VPN connection; and
  
  outputting the multi-service network client from a software repository to be installed on the cellular mobile device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Pulse Secure, LLC (Ivanti Software, Inc.)
Original Assignee
Juniper Networks Incorporated
Inventors
Wei, Yin, Iyer, Subramanian, Campagna, Richard, Wood, James
Primary Examiner(s)
Zand, Kambiz
Assistant Examiner(s)
GUIRGUIS, MICHAEL M

Application Number

US12/968,048
Publication Number

US 20120002815A1
Time in Patent Office

910 Days
Field of Search

726/15, 370/328
US Class Current

726/15
CPC Class Codes

H04L 12/4633   Interconnection of networks...

H04L 12/4641   Virtual LANs, VLANs, e.g. v...

H04L 63/0272   Virtual private networks

H04L 63/0815   providing single-sign-on or...

H04L 63/1433   Vulnerability analysis

H04W 76/19   Connection re-establishment

VPN network client for mobile device having fast reconnect

First Claim

13 Assignments

0 Petitions

Accused Products

Abstract

105 Citations

23 Claims

Specification

Use Cases

Quick Links

Others

VPN network client for mobile device having fast reconnect

First Claim

13 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

105 Citations

23 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others