Automatic secure client access

US 8,560,833 B2
Filed: 10/29/2010
Issued: 10/15/2013
Est. Priority Date: 10/29/2010
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

transmitting, by a first device, a first message directed to an IP address in a particular network, wherein the IP address in the particular network is a non-routable IP address such that the non-routable IP address is not routable by devices outside of the particular network and the non-routable IP address is routable by devices within the particular network;

responsive to determining that a second device at the IP address within the particular network received the first message, determining that the first device is within the particular network; and

responsive to determining that the second device at the IP address within the particular network did not receive the first message, determining that the first device is outside the particular network.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Providing secure network access in a networked client device. A client device is provided with a secure connection adapter. In operation, the secure connection adapter detects the network environment of the client device and determines of the network environment is trusted or untrusted. If the client device is operating in an untrusted network environment, the secure connection adapter establishes a secure connection to an enterprise host using a secure tunnel such as IPSec, SSL, or other secure connection. Programs executing on the client device now operate in the secure network environment, with all network activity routed through the secure connection to the enterprise. Optionally, a split tunnel mechanism may be used to direct some network traffic directly to the Internet from the client device.

43 Citations

View as Search Results

21 Claims

1. A method comprising:
- transmitting, by a first device, a first message directed to an IP address in a particular network, wherein the IP address in the particular network is a non-routable IP address such that the non-routable IP address is not routable by devices outside of the particular network and the non-routable IP address is routable by devices within the particular network;
  
  responsive to determining that a second device at the IP address within the particular network received the first message, determining that the first device is within the particular network; and
  
  responsive to determining that the second device at the IP address within the particular network did not receive the first message, determining that the first device is outside the particular network.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1 wherein determining that the second device at the IP address is within the particular network received the first message comprises:
    - receiving, by the first device, a second message from the second device at the IP address within the particular network.
  - 3. The method of claim 1 wherein the first message is a request to access network resources in the particular network.
  - 4. The method of claim 1 further comprising:
    - responsive to determining that the first device is outside the particular network, establishing by the first device a secure connection with a third device in the particular network, the third device using an IP address that is routable by devices outside of the particular network.
  - 5. The method of claim 4 wherein the third device forwards information received from the first device to the second device.
  - 6. The method of claim 4 where the secure connection is one or more of a VPN, IPSec tunnel, SSL connection, or other secure connection.
  - 7. The method of claim 4 further comprising:
    - intercepting data traffic addressed to one or more devices, other than the third device, in the particular network;
      
      forwarding the data traffic to the third device in the particular network via the secure connection.

8. A non-transitory machine readable medium having a set of instructions stored in nonvolatile form therein, which when executed by at least one processor causes a set of operations to be performed comprising:
- transmitting, by a first device, a first message directed to an IP address in a particular network, wherein the IP address in the particular network is a non-routable IP address such that the non-routable IP address is not routable by devices outside of the particular network and the non-routable IP address is routable by devices within the particular network;
  
  responsive to determining that a second device at the IP address within the particular network received the first message, determining that the first device is within the particular network; and
  
  responsive to determining that the second device at the IP address within the particular network did not receive the first message, determining that the first device is outside the particular network.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The medium of claim 8 wherein determining that the second device at the IP address is within the particular network received the first message comprises:
    - receiving, by the first device, a second message from the second device at the IP address within the particular network.
  - 10. The medium of claim 8 wherein the first message is a request to access network resources in the particular network.
  - 11. The medium of claim 8 further comprising:
    - responsive to determining that the first device is outside the particular network, establishing by the first device a secure connection with a third device in the particular network, the third device using an IP address that is routable by devices outside of the particular network.
  - 12. The medium of claim 11 wherein the third device forwards information received from the first device to the second device.
  - 13. The medium of claim 11 where the secure connection is one or more of a VPN, IPSec tunnel, SSL connection, or other secure connection.
  - 14. The medium of claim 11 further comprising:
    - intercepting data traffic addressed to one or more devices, other than the third device, in the particular network;
      
      forwarding the data traffic to the third device in the particular network via the secure connection.

15. A device comprising:
- at least one hardware processor;
  
  the device configured to perform operations by executing instructions using the at least one hardware processor, the operations comprising;
  
  transmitting, by a first device, a first message directed to an IP address in a particular network, wherein the IP address in the particular network is a non-routable IP address such that the non-routable IP address is not routable by devices outside of the particular network and the non-routable IP address is routable by devices within the particular network;
  
  responsive to determining that a second device at the IP address within the particular network received the first message, determining that the first device is within the particular network; and
  
  responsive to determining that the second device at the IP address within the particular network did not receive the first message, determining that the first device is outside the particular network.
- View Dependent Claims (16, 17, 18, 19, 20, 21)
- - 16. The medium of claim 15 wherein determining that the second device at the IP address is within the particular network received the first message comprises:
    - receiving, by the first device, a second message from the second device at the IP address within the particular network.
  - 17. The medium of claim 15 wherein the first message is a request to access network resources in the particular network.
  - 18. The medium of claim 15 further comprising:
    - responsive to determining that the first device is outside the particular network, establishing by the first device a secure connection with a third device in the particular network, the third device using an IP address that is routable by devices outside of the particular network.
  - 19. The medium of claim 18 wherein the third device forwards information received from the first device to the second device.
  - 20. The medium of claim 18 where the secure connection is one or more of a VPN, IPSec tunnel, SSL connection, or other secure connection.
  - 21. The medium of claim 18 further comprising:
    - intercepting data traffic addressed to one or more devices, other than the third device, in the particular network;
      
      forwarding the data traffic to the third device in the particular network via the secure connection.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett Packard Enterprise Development LP (Hewlett-Packard Enterprise Company)
Original Assignee
Aruba Networks Incorporated (Hewlett-Packard Enterprise Company)
Inventors
Kumar, Chetan R., Venkatraman, Charumathy, Maradani, Suman
Primary Examiner(s)
KOSOWSKI, CAROLYN M

Application Number

US12/916,287
Publication Number

US 20120110320A1
Time in Patent Office

1,082 Days
Field of Search

713/151
US Class Current

713/151
CPC Class Codes

H04L 63/168 above the transport layer

Automatic secure client access

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

43 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Automatic secure client access

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

43 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links