Creating rules for routing resource access requests

US 8,613,041 B2
Filed: 07/30/2009
Issued: 12/17/2013
Est. Priority Date: 12/10/2003
Status: Expired due to Fees

First Claim

Patent Images

1. A method of creating redirection rules for routing a resource access request from a computer to a network, comprising:

creating an inclusion redirection rule for at least one existing resource definition defining a resource, wherein the inclusion redirection rule redirects the resource access request to the network, the inclusion redirection rule being stored in memory;

receiving exclusion input with an exclusion resource definition defining at least one exclusion resource, the exclusion input being received over a communication network; and

creating an exclusion redirection rule for the at least one exclusion resource, wherein the exclusion redirection rule instructs the computer to locally handle the resource access request, the exclusion redirection rule being stored in memory.

View all claims

24 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques for determining which resource access requests are handled locally at a remote computer, and which resource access requests are routed or “redirected” through a virtual private network. One or more routing or “redirection” rules are downloaded from a redirection rule server to a remote computer. When the node of the virtual private network running on the remote computer receives a resource access request, it compares the identified resource with the rules. Based upon how the identified resource matches one or more rules, the node will determine whether the resource access request is redirected through the virtual private network or handled locally (e.g., retrieved locally from another network). A single set of redirection rules can be distributed to and employed by a variety of different virtual private network communication techniques.

123 Citations

17 Claims

1. A method of creating redirection rules for routing a resource access request from a computer to a network, comprising:
- creating an inclusion redirection rule for at least one existing resource definition defining a resource, wherein the inclusion redirection rule redirects the resource access request to the network, the inclusion redirection rule being stored in memory;
  
  receiving exclusion input with an exclusion resource definition defining at least one exclusion resource, the exclusion input being received over a communication network; and
  
  creating an exclusion redirection rule for the at least one exclusion resource, wherein the exclusion redirection rule instructs the computer to locally handle the resource access request, the exclusion redirection rule being stored in memory.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The method recited in claim 1, further comprising combining the inclusion redirection rule with the exclusion redirection rule into a redirection rule list.
  - 3. The method recited in claim 1, wherein the existing resource definition is maintained by a policy server for controlling access to the resource defined in the at least one existing resource definition.
  - 4. The method recited in claim 1, further comprising receiving input with a second resource definition;
    - and creating a second inclusion redirection rule for the second resource definition.
  - 5. The method recited in claim 1, wherein the existing resource definition includes an Internet protocol (IP) address for the resource.
  - 6. The method recited in claim 1, wherein the existing resource definition includes a name for the resource.
  - 7. The method recited in claim 6, wherein the name is a domain name.
  - 8. The method recited in claim 6, wherein the name is a host name.
  - 9. The method recited in claim 1, wherein the existing resource definition includes a universal resource locator (URL) address for the resource.
  - 10. The method recited in claim 1, wherein the existing resource definition includes an Internet protocol (IP) address for the resource.
  - 11. The method recited in claim 1, wherein the exclusion resource definition includes a name for the exclusion resource.
  - 12. The method recited in claim 11, wherein the name is a domain name.
  - 13. The method recited in claim 11, wherein the name is a host name.
  - 14. The method recited in claim 1, wherein the exclusion resource definition includes a universal resource locator (URL) address for the exclusion resource.

15. An apparatus for creating a redirection rule list for routing a resource access request from a computer to a network, comprising:
- a policy server that maintains a plurality of resource definitions in memory, each resource definition defining a resource, anda rule redirection server that stores an inclusion redirection rule in memory, each inclusion redirection rule for each resource in the redirection rule list, wherein the inclusion redirection rule redirects the resource access request to the network;
  
  wherein the policy server maintains at least one exclusion resource definition in memory, the at least one exclusion resource definition defining an exclusion resource, and the rule redirection server stores an exclusion redirection rule for the exclusion resource in the redirection rule list, wherein the exclusion redirection rule instructs the computer to locally handle the resource access request.
- View Dependent Claims (16, 17)
- - 16. The apparatus for creating a redirection rule list recited in claim 15, wherein the policy server receives input with at least one exclusion resource definition.
  - 17. The apparatus for creating a redirection rule list recited in claim 15, wherein the rule redirection server provides the redirection rule list to at least one client in a virtual private network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Aventail LLC
Original Assignee
Aventail LLC
Inventors
Hopen, Chris, Sauve, Bryan, Hoover, Paul, Perry, Bill
Primary Examiner(s)
Zee, Edward

Application Number

US12/512,891
Publication Number

US 20100036955A1
Time in Patent Office

1,601 Days
Field of Search

726 3- 15, 726/1, 726/2, 709/238, 713/153
US Class Current

726/1
CPC Class Codes

G06F 21/6218   to a system of files or obj...

H04L 12/4641   Virtual LANs, VLANs, e.g. v...

H04L 45/14   Routing performance; Theore...

H04L 47/70   Admission control; Resource...

H04L 61/5007   Internet protocol [IP] addr...

H04L 63/0272   Virtual private networks

H04L 63/029   Firewall traversal, e.g. tu...

H04L 63/10   for controlling access to d...

H04L 63/101   Access control lists [ACL]

H04L 67/63   Routing a service request d...

Creating rules for routing resource access requests

First Claim

24 Assignments

0 Petitions

Accused Products

Abstract

123 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Creating rules for routing resource access requests

First Claim

24 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

123 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links