Multi-service VPN network client for mobile device having integrated acceleration

US 8,549,617 B2
Filed: 12/14/2010
Issued: 10/01/2013
Est. Priority Date: 06/30/2010
Status: Active Grant

First Claim

Patent Images

1. A cellular mobile device comprising:

a transmitter and receiver to send and receive cellular communications in the form of radio frequency signals;

a microprocessor;

an operating system executing on the microprocessor to provide an operating environment of application software;

a multi-service virtual private network (VPN) client registered with the operating system as a single application, wherein the multi-service network client comprises;

a VPN handler executing on the microprocessor that establishes a VPN connection with a remote VPN security device, wherein the VPN handler encrypts outbound network packets and decrypts inbound network packets to securely tunnel the network packets between the cellular mobile device and the remote VPN security device;

a data acceleration module executing on the microprocessor that exchanges network packets with the VPN handler and applies at least one acceleration service to the network packets, wherein the data acceleration module is configured to provide the acceleration service as a client-side decompression service that operates on the cellular mobile device in conjunction with an upstream acceleration device to detect and eliminate repeated phrases within network packets transmitted to the cellular mobile device, wherein the data acceleration module is configured to maintain a phrase dictionary that is synchronized with a phrase dictionary of the upstream acceleration device to rebuild the eliminated phrases within the network packets received by the VPN handler;

a VPN control application executing on the microprocessor that provides a unified user interface that allows a user to configure the VPN handler and the data acceleration module; and

a security manager executing on the microprocessor that receives the decrypted inbound network packets from the VPN handler and apply at least one security service to the decrypted network packets,wherein the security service applied by the security manager of the multi-service VPN network client provides anti-virus and spyware detection functions to the decrypted inbound network packets, andwherein the VPN control application presents a unified user interface for configuring anti-virus settings and personal firewall settings of the security manager in addition to configuring the VPN handler and the data acceleration module.

View all claims

13 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An integrated, multi-service virtual private network (VPN) network client for cellular mobile devices is described. The multi-service network client can be deployed as a single software package on cellular mobile network devices to provide integrated services including secure enterprise VPN connectivity, acceleration, security management including monitored and enforced endpoint compliance, and collaboration services. The multi-service client integrates with an operating system of the device to provide a VPN handler to establish a VPN connection with a remote VPN security device. The VPN network client includes to data acceleration module exchange network packets with the VPN handler and apply at least one acceleration service to the network packets, and a VPN control application that provides a unified user interface that allows a user to configure both the VPN handler and the data acceleration module.

Citations

18 Claims

1. A cellular mobile device comprising:
- a transmitter and receiver to send and receive cellular communications in the form of radio frequency signals;
  
  a microprocessor;
  
  an operating system executing on the microprocessor to provide an operating environment of application software;
  
  a multi-service virtual private network (VPN) client registered with the operating system as a single application, wherein the multi-service network client comprises;
  
  a VPN handler executing on the microprocessor that establishes a VPN connection with a remote VPN security device, wherein the VPN handler encrypts outbound network packets and decrypts inbound network packets to securely tunnel the network packets between the cellular mobile device and the remote VPN security device;
  
  a data acceleration module executing on the microprocessor that exchanges network packets with the VPN handler and applies at least one acceleration service to the network packets, wherein the data acceleration module is configured to provide the acceleration service as a client-side decompression service that operates on the cellular mobile device in conjunction with an upstream acceleration device to detect and eliminate repeated phrases within network packets transmitted to the cellular mobile device, wherein the data acceleration module is configured to maintain a phrase dictionary that is synchronized with a phrase dictionary of the upstream acceleration device to rebuild the eliminated phrases within the network packets received by the VPN handler;
  
  a VPN control application executing on the microprocessor that provides a unified user interface that allows a user to configure the VPN handler and the data acceleration module; and
  
  a security manager executing on the microprocessor that receives the decrypted inbound network packets from the VPN handler and apply at least one security service to the decrypted network packets,wherein the security service applied by the security manager of the multi-service VPN network client provides anti-virus and spyware detection functions to the decrypted inbound network packets, andwherein the VPN control application presents a unified user interface for configuring anti-virus settings and personal firewall settings of the security manager in addition to configuring the VPN handler and the data acceleration module.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The cellular mobile device of claim 1, wherein the multi-service VPN network client comprises a single distribution package.
  - 3. The cellular mobile device of claim 1,wherein the VPN handler comprises a host checker module that inventories a state of the cellular mobile device and builds a health status report, andwherein, prior to establishing the VPN connection, the host checker outputs the health status report to the remote VPN security device for determining whether the cellular mobile device is compliant with corporate policies.
  - 4. The cellular mobile device of claim 1, wherein the data acceleration module provides a client-side decompression service that operates in conjunction with an upstream acceleration device to provide real-time, continuous pattern recognition and compression of data flows within the network packets.
  - 5. The cellular mobile device of claim 1, wherein the data acceleration module provides application-specific protocol optimization for control flows within the network packets.
  - 6. The cellular mobile device of claim 1, wherein the multi-service network client further comprises one or more collaboration components that process the network packets from the VPN handler, wherein collaboration components provide collaboration services including at least one of a network meeting, a secure desktop or a document sharing service.
  - 7. The cellular mobile device of claim 1,wherein the VPN control application provides a user interface that allows a user to disable VPN connectivity, andwherein, when VPN connectivity is disabled, the VPN handler exchanges the network packets with the operating system and transparently provides the packets to the security manager for application of the security service.
  - 8. The cellular mobile device of claim 1, wherein the user interface of the VPN control application allows the user to submit credentials and instruct the VPN handler to dynamically instantiate the secure VPN connection or deconstruct an existing VPN connection.
  - 9. The cellular mobile device of claim 1, wherein the VPN handler and the VPN control application are configured to be independently upgradable.
  - 10. The cellular mobile device of claim 1,wherein the VPN handler establishes the VPN connection as an Internet Protocol Security (IPSec) connection over User Datagram Protocol (UDP), andwherein the VPN handler includes a compression module that applies Lempel-Ziv (LZ) compression in conjunction with the IPSec connection to tunnel encrypted IP packets to the remote VPN security device.
  - 11. The cellular mobile device of claim 1,wherein the VPN handler establishes an Secure Socket Layer (SSL) control channel with the remote VPN security device and, upon a successful authentication, receives a session cookie with a unique identifier,wherein, in the event communication with the remote VPN security device is temporarily lost, the VPN handler performs a fast reconnect by issuing the session cookie to the remote VPN security device, andwherein, when performing the fast reconnect, the VPN handler identifies a set of transport mechanisms currently available to the cellular mobile device and, when only a cellular network is available and not a wireless packet-based connection, the VPN handler defers the fast reconnect until application-layer data is received from a user application and ready to be sent via the VPN connection.

12. A cellular mobile device comprising:
- a transmitter and receiver to send and receive cellular communications in the form of radio frequency signals;
  
  a microprocessor;
  
  an operating system executing on the microprocessor to provide an operating environment of application software;
  
  a multi-service virtual private network (VPN) client registered with the operating system as a single application, wherein the multi-service network client comprises;
  
  a VPN handler executing on the microprocessor that establishes a VPN connection with a remote VPN security device, wherein the VPN handler encrypts outbound network packets and decrypts inbound network packets to securely tunnel the network packets between the cellular mobile device and the remote VPN security device;
  
  a data acceleration module executing on the microprocessor that exchanges network packets with the VPN handler and applies at least one acceleration service to the network packets, wherein the data acceleration module is configured to provide the acceleration service as a client-side decompression service that operates on the cellular mobile device in conjunction with an upstream acceleration device to detect and eliminate repeated phrases within network packets transmitted to the cellular mobile device, wherein the data acceleration module is configured to maintain a phrase dictionary that is synchronized with a phrase dictionary of the upstream acceleration device to rebuild the eliminated phrases within the network packets received by the VPN handler; and
  
  a VPN control application executing on the microprocessor that provides a unified user interface that allows a user to configure the VPN handler and the data acceleration module,wherein the multi-service VPN network client further comprises a security manager executing on the microprocessor that receives the decrypted inbound network packets from the VPN handler and apply at least one security service to the decrypted network packets,wherein the security manager applies anti-virus and spyware services to the network packets,wherein the security manager provides an interface by which the VPN handler determines whether a user of the cellular mobile device has activated and registered the security manager, andwherein the VPN handler requires an affirmative indication from the security manager prior to allowing the VPN connection to be established with the remote VPN security device, wherein the affirmative indication from the security manager indicates to the VPN handler that the security manager have been activated to apply the anti-virus and spyware services to the network packets using up-to-date virus definitions.

13. A cellular mobile device comprising:
- a transmitter and receiver to send and receive cellular communications in the form of radio frequency signals;
  
  a microprocessor;
  
  an operating system executing on the microprocessor to provide an operating environment of application software;
  
  a multi-service virtual private network (VPN) client registered with the operating system as a single application, wherein the multi-service network client comprises;
  
  a VPN handler executing on the microprocessor that establishes a VPN connection with a remote VPN security device, wherein the VPN handler encrypts outbound network packets and decrypts inbound network packets to securely tunnel the network packets between the cellular mobile device and the remote VPN security device;
  
  a data acceleration module executing on the microprocessor that exchanges network packets with the VPN handler and applies at least one acceleration service to the network packets, wherein the data acceleration module is configured to provide the acceleration service as a client-side decompression service that operates on the cellular mobile device in conjunction with an upstream acceleration device to detect and eliminate repeated phrases within network packets transmitted to the cellular mobile device, wherein the data acceleration module is configured to maintain a phrase dictionary that is synchronized with a phrase dictionary of the upstream acceleration device to rebuild the eliminated phrases within the network packets received by the VPN handler; and
  
  a VPN control application executing on the microprocessor that provides a unified user interface that allows a user to configure the VPN handler and the data acceleration module,wherein, upon establishing the VPN connection, the VPN control application receives a web-based home page from the remote VPN security device via an Hypertext Transfer Protocol Secure (HTTPS) response,wherein the VPN control application dynamically parses HyperText Markup Language (HTML) bookmark links from the HTTPS response and renders a bookmark window using input controls native to the cellular mobile device, where each of the input controls corresponds to a different one of the bookmarks links parsed from the HTTPS response received from the remote VPN security device, andwherein, upon selection of one of the input controls, the VPN control application formulates and outputs an appropriate HTTP string to the remote VPN security device as if a corresponding HTML link were selected by the user.
- View Dependent Claims (14)
- - 14. The cellular mobile device of claim 13,wherein the VPN control application detects a bookmark within the HTTPS response that corresponding to a webmail for the user, andwherein, upon detecting the bookmark for the webmail, the VPN control application dynamically constructs the user interface to have an input control for launching a native email client of the cellular mobile device to access the webmail without launching a web browser.

15. A system comprising:
- a virtual private network (VPN) security device coupled to a packet network;
  
  a cellular mobile device comprising a microprocessor, an operating system executing on the microprocessor to provide an operating environment of application software, and a multi-service network client registered with the operating system as a single application, wherein the multi-service network client comprises;
  
  a VPN handler executing on the microprocessor that exchanges network packets with the operating system, wherein the VPN handler establishes a VPN connection with the VPN security device and processes network packets for tunneling between the cellular mobile device and the VPN security device, wherein the VPN handler encrypts outbound network packets and decrypts inbound network packets to securely tunnel the network packets between the cellular mobile device and the VPN security device; and
  
  a security manager executing on the microprocessor that receives the decrypted inbound network packets from the VPN handler and applies at least one security service to the decrypted inbound network packets, wherein the security service applied by the security manager of the multi-service VPN network client provides anti-virus and spyware detection functions to the decrypted inbound network packets,a data acceleration module executing on the microprocessor that exchanges network packets with the VPN handler and applies at least one acceleration service to the network packets, wherein the data acceleration module is configured to provide the acceleration service as a client-side decompression service that operates on the cellular mobile device in conjunction with an upstream acceleration device to detect and eliminate repeated phrases within network packets transmitted to the cellular mobile device, wherein the data acceleration module is configured to maintain a phrase dictionary that is synchronized with a phrase dictionary of the upstream acceleration device to rebuild the eliminated phrases within the network packets received by the VPN handler, anda VPN control application executing on the microprocessor that provides a unified user interface that allows a user to configure all of the VPN handler, the data acceleration module and anti-virus settings and personal firewall settings of the security manager,wherein the VPN security device presents an interface by which an administrator defines a plurality of different roles for the user,wherein upon authenticating the user, the VPN security device selects a subset of the roles for the user, andwherein the VPN security device controls access to one or more protected resources by the user based on the selected subset of the roles.

16. A method comprising:
- receiving, with a cellular mobile device from an electronic repository, a single distribution software package that includes;
  
  a multi-service network client, wherein the multi-service network client includes a virtual private network (VPN) handler that establishes a VPN connection with a remote VPN security device, wherein the VPN handler encrypts outbound network packets and decrypts inbound network packets to securely tunnel the network packets between the cellular mobile device and the remote VPN security device,a data acceleration module that exchanges network packets with the VPN handler and applies at least one acceleration service to the network packets,a security manager to receive the decrypted inbound network packets from the VPN handler and apply at least one security service to the decrypted network packets, wherein the security service applied by the security manager of the multi-service VPN network client provides anti-virus and spyware detection functions to the decrypted inbound network packets anda VPN control application that provides a unified user interface that allows a user to configure the VPN handler, anti-virus settings and personal firewall settings of the security manager, and the data acceleration module;
  
  installing the multi-service network client on the cellular mobile device including registering the VPN handler with an operating system of the cellular mobile device as a single application,wherein the VPN handler provides a single point of entry for network packets from the operating system to apply VPN services with the VPN handler and at least one acceleration service to the network packets with the data acceleration module,wherein the data acceleration module applies the acceleration service as a client-side decompression service to detect and eliminate repeated phrases within network packets transmitted to the cellular mobile device, and wherein the data acceleration module is configured to maintain a phrase dictionary that is synchronized with a phrase dictionary of an upstream acceleration device to rebuild phrases eliminated by the upstream acceleration device within the network packets transmitted to the VPN handler; and
  
  executing the multi-service network client on a processor of the cellular mobile device.
- View Dependent Claims (17)
- - 17. The method of claim 16, further comprising:
    - establishing, with the VPN handler, a VPN connection with a remote VPN security device of an enterprise; and
      
      exchanging network packets between the VPN handler the operating system for communication via the VPN connection.

18. A non-transitory computer-readable medium storing a downloadable distribution package comprising a multi-service network client to be executed on a processor within a cellular mobile device, wherein the multi-service network client comprises:
- a virtual private network (VPN) handler to establish a VPN connection with a remote VPN security device, wherein the VPN handler encrypts outbound network packets and decrypts inbound network packets to securely tunnel the network packets between the cellular mobile device and the remote VPN security device;
  
  a data acceleration module that exchanges network packets with the VPN handler and applies at least one acceleration service to the network packets, wherein the data acceleration module is configured to provide the acceleration service as a client-side decompression service that operates on the cellular device in conjunction with an upstream acceleration device to detect and eliminate repeated phrases within network packets transmitted to the cellular mobile device, wherein the data acceleration module is configured to maintain a phrase dictionary that is synchronized with a phrase dictionary of the upstream acceleration device to rebuild the eliminated phrases within the network packets received by the VPN handler;
  
  a VPN control application that provides a unified user interface that allows a user to configure both the VPN handler and the data acceleration module; and
  
  a security manager to receive the decrypted inbound network packets from the VPN handler and apply at least one security service to the decrypted network packets,wherein the security service applied by the security manager of the multi-service VPN network client provides anti-virus and spyware detection functions to the decrypted inbound network packets, andwherein the VPN control application presents a unified user interface for configuring anti-virus settings and personal firewall settings of the security manager in addition to configuring the VPN handler and the data acceleration module.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Pulse Secure, LLC (Ivanti Software, Inc.)
Original Assignee
Juniper Networks Incorporated
Inventors
Wei, Yin, Iyer, Subramanian, Campagna, Richard, Wood, James
Primary Examiner(s)
Orgad, Edan
Assistant Examiner(s)
HOLDER, BRADLEY W

Application Number

US12/968,015
Publication Number

US 20120005476A1
Time in Patent Office

1,022 Days
Field of Search

726/15, 726/2, 726/3, 726/11, 726/14, 380/247
US Class Current

726/15
CPC Class Codes

H04L 63/0272   Virtual private networks

H04L 63/08   for authentication of entit...

H04W 12/068   using credential vaults, e....

H04W 12/069   using certificates or pre-s...

H04W 76/19   Connection re-establishment

Multi-service VPN network client for mobile device having integrated acceleration

First Claim

13 Assignments

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Multi-service VPN network client for mobile device having integrated acceleration

First Claim

13 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links