Multi-service VPN network client for mobile device having dynamic failover
First Claim
1. A cellular mobile device comprising:
- a transmitter and receiver to send and receive cellular communications in the form of radio frequency signals;
a microprocessor;
an operating system executing on the microprocessor to provide an operating environment of application software;
a multi-service network client downloaded to the cellular mobile device and registered with the operating system as a single application, wherein the multi-service network client comprises;
a virtual private network (VPN) handler to establish a VPN connection with a remote VPN security device upon authenticating a user to the remove security device, wherein the VPN handler encrypts output network packets and decrypts inbound network packets to securely tunnel the network packets between the cellular mobile device and the remote VPN security device;
a security manager to receive the decrypted inbound network packets from the VPN handler and apply at least one security service to the decrypted network packets; and
a VPN control application that provides a unified user interface that allows a user to configure both the VPN handler and the security manager,wherein the VPN handler establishes the VPN connection to concurrently include both a layer three (L3) tunnel that uses a first type of transport layer protocol of the operating system and a layer four (L4) tunnel that uses a second type of transport layer protocol of the operating system, andwherein, after establishing the L3 tunnel and prior to sending data on the L3 tunnel, the VPN handler determines whether network ports associated with the L3 tunnel are unblocked by the operating system and, when the network ports are unblocked, automatically transitions from the L4 tunnel to the L3 tunnel without terminating the VPN connection.
13 Assignments
0 Petitions
Accused Products
Abstract
An integrated, multi-service network client for cellular mobile devices is described. The multi-service network client can be deployed as a single software package on cellular mobile network devices to provide integrated services including secure enterprise virtual private network (VPN) connectivity, acceleration, security management including monitored and enforced endpoint compliance, and collaboration services. Once installed on the cellular mobile device, the multi-service client establishes the VPN connection to concurrently include both a layer three (L3) tunnel that uses a first type of transport layer protocol of the operating system and a layer four (L4) tunnel that uses a second type of transport layer protocol of the operating system. The VPN handler determines whether network ports associated with the L3 tunnel are unblocked by an operating system and, when the network ports are unblocked, automatically transitions from the L4 tunnel to the L3 tunnel without terminating the VPN connection.
-
Citations
28 Claims
-
1. A cellular mobile device comprising:
-
a transmitter and receiver to send and receive cellular communications in the form of radio frequency signals; a microprocessor; an operating system executing on the microprocessor to provide an operating environment of application software; a multi-service network client downloaded to the cellular mobile device and registered with the operating system as a single application, wherein the multi-service network client comprises; a virtual private network (VPN) handler to establish a VPN connection with a remote VPN security device upon authenticating a user to the remove security device, wherein the VPN handler encrypts output network packets and decrypts inbound network packets to securely tunnel the network packets between the cellular mobile device and the remote VPN security device; a security manager to receive the decrypted inbound network packets from the VPN handler and apply at least one security service to the decrypted network packets; and a VPN control application that provides a unified user interface that allows a user to configure both the VPN handler and the security manager, wherein the VPN handler establishes the VPN connection to concurrently include both a layer three (L3) tunnel that uses a first type of transport layer protocol of the operating system and a layer four (L4) tunnel that uses a second type of transport layer protocol of the operating system, and wherein, after establishing the L3 tunnel and prior to sending data on the L3 tunnel, the VPN handler determines whether network ports associated with the L3 tunnel are unblocked by the operating system and, when the network ports are unblocked, automatically transitions from the L4 tunnel to the L3 tunnel without terminating the VPN connection. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A system comprising:
-
a virtual private network (VPN) security device coupled to a packet network; a cellular mobile device comprising a microprocessor, an operating system executing on the microprocessor to provide an operating environment of application software, and a multi-service network client registered with the operating system as a single application, wherein the multi-service network client comprises; a VPN handler to exchange network packets with the operating system, wherein the VPN handler establishes a VPN connection with a remote VPN security device of an enterprise and processes to network packets for tunneling between the cellular mobile device and the remote VPN security device; and a security manager to receive the network packets from the VPN handler and apply at least one security service to the network packets, a VPN control application that provides a unified user interface that allows a user to configure both the VPN handler and the security manager, wherein the VPN security device presents an interface by which an administrator defines a plurality of different roles for the user, wherein upon authenticating the user, the VPN security device selects a subset of the roles for the user, and wherein the VPN security device controls access to one or more protected resources by the user based on the selected subset of the roles.
-
-
19. A method comprising:
-
receiving, with a cellular mobile device from an electronic repository, a single distribution software package that includes a multi-service network client, wherein the multi-service network client includes a virtual private network (VPN) handler, a security manager; and
a VPN control application that provides a unified user interface that allows a user to configure both the VPN handler and the security manager;installing the multi-service network client on the cellular mobile device including registering the VPN handler with an operating system of the cellular mobile device, wherein the VPN handler provides a single point of entry for network packets from the operating system to apply VPN services with the VPN handler and security services with the security manager; establishing, with the VPN handler, the VPN connection to concurrently include both a layer three (L3) tunnel that uses a first type of transport layer protocol of the operating system and a layer four (L4) tunnel that uses a second type of transport layer protocol of the operating system; after establishing the L3 tunnel and prior to sending data on the L3 tunnel, determining, with the VPN handler, whether network ports associated with the L3 tunnel are unblocked by the operating system; and when the network ports are unblocked by the operating system, automatically transitioning from the L4 tunnel to the L3 tunnel with the VPN handler without terminating the VPN connection. - View Dependent Claims (20, 21)
-
-
22. A cellular mobile device comprising:
-
a transmitter and receiver to send and receive cellular communications in the form of radio frequency signals; a microprocessor; an operating system executing on the microprocessor to provide an operating environment of application software; a multi-service network client downloaded to the cellular mobile device and registered with the operating system as a single application, wherein the multi-service network client comprises; a virtual private network (VPN) handler to establish a VPN connection with a remote VPN security device upon authenticating a user to the remove security device, wherein the VPN handler encrypts output network packets and decrypts inbound network packets to securely tunnel the network packets between the cellular mobile device and the remote VPN security device; and a VPN control application that provides a unified user interface that allows a user to configure both the VPN handler and a security manager, wherein the VPN handler establishes the VPN connection to concurrently include both a layer three (L3) tunnel that uses a first type of transport layer protocol of the operating system and a layer four (L4) tunnel that uses a second type of transport layer protocol of the operating system, and wherein, after establishing the L3 tunnel and prior to sending data on the L3 tunnel, the VPN handler determines whether network ports associated with the L3 tunnel are unblocked by the operating system and, when the network ports are unblocked, automatically transitions from the L4 tunnel to the L3 tunnel without terminating the VPN connection. - View Dependent Claims (23, 24)
-
-
25. A non-transitory computer-readable medium storing a downloadable distribution package comprising software program code to execute a multi-service network client on a processor within a cellular device, wherein the multi-service network client comprises:
-
a virtual private network (VPN) handler to establish a VPN connection with a remote VPN security device upon authenticating a user to the remove security device, wherein the VPN handler encrypts output network packets and decrypts inbound network packets to securely tunnel the network packets between the cellular mobile device and the remote VPN security device; a security manager to receive the decrypted inbound network packets from the VPN handler and apply at least one security service to the decrypted network packets; and a VPN control application that provides a unified user interface that allows a user to configure both the VPN handler and the security manager, wherein the VPN handler comprises software program code to establish the VPN connection to concurrently include both a layer three (L3) tunnel that uses a first type of transport layer protocol of the operating system and a layer four (L4) tunnel that uses a second type of transport layer protocol of the operating system, and wherein the VPN handler comprises software program code to determine, after establishing the L3 tunnel and prior to sending data on the L3 tunnel, whether network ports associated with the L3 tunnel are unblocked by the operating system and, when the network ports are unblocked, automatically transitions from the L4 tunnel to the L3 tunnel without terminating the VPN connection. - View Dependent Claims (26, 27, 28)
-
Specification