Real-time automated virtual private network (VPN) access management

US 8,639,801 B2
Filed: 03/12/2010
Issued: 01/28/2014
Est. Priority Date: 03/12/2010
Status: Expired due to Fees

First Claim

Patent Images

1. A method of managing virtual private network (VPN) access to a network partitioned into a plurality of subnetworks (subnets), the method comprising:

providing first information associated with hardware hosted on one or more subnets of the network;

providing second information associated with users for VPN access, wherein the VPN access for each user is determined by a list of hardware each user has permission to access;

detecting a hardware triggering event corresponding to a modification of the first information; and

responsive to the detection of the hardware triggering event, automatically updating the second information based on the modification of the first information,wherein said first information comprises IP addresses or host names associated with the hardware, and said hardware triggering event comprises an event which alters said IP addresses or host names;

wherein automatically updating the second information includes readjusting relevant permissions for a user; and

wherein providing second information includes dynamically generating each user'"'"'s subnet requirements based on the list of hardware each user has permission to access.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Provided is a method for managing virtual private network (VPN) access to a network that is partitioned into a plurality of subnetworks (subnets). The method includes providing first information associated with hardware hosted on one or more subnets of the network; providing second information associated with users for VPN access, where the VPN access for each user is determined by a list of hardware each user has permission to access; detecting a hardware triggering event corresponding to a modification of the first information; and responsive to the detection of the hardware triggering event, automatically updating the second information based on the modification of the first information.

Citations

11 Claims

1. A method of managing virtual private network (VPN) access to a network partitioned into a plurality of subnetworks (subnets), the method comprising:
- providing first information associated with hardware hosted on one or more subnets of the network;
  
  providing second information associated with users for VPN access, wherein the VPN access for each user is determined by a list of hardware each user has permission to access;
  
  detecting a hardware triggering event corresponding to a modification of the first information; and
  
  responsive to the detection of the hardware triggering event, automatically updating the second information based on the modification of the first information,wherein said first information comprises IP addresses or host names associated with the hardware, and said hardware triggering event comprises an event which alters said IP addresses or host names;
  
  wherein automatically updating the second information includes readjusting relevant permissions for a user; and
  
  wherein providing second information includes dynamically generating each user'"'"'s subnet requirements based on the list of hardware each user has permission to access.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, wherein detecting the hardware triggering event includes detecting an event of a type selected from the group consisting of:
    - addition of new hardware on the network;
      
      removal of existing hardware from the network; and
      
      relocation of existing hardware to a different subnet.
  - 3. The method of claim 1, wherein providing the first information includes providing hardware inventory information in a hardware inventory database, wherein the hardware inventory database is updated in real-time when hardware is added or removed from the network.
  - 4. The method of claim 3, wherein providing the hardware inventory information includes providing information for physical devices, virtual devices, or combination thereof.
  - 5. The method of claim 1, wherein providing the second information includes providing authentication information for each user in an authentication database.

6. A method of managing virtual private network (VPN) access to a private network divided into a plurality of subnetworks (subnets), the method comprising:
- providing address information associated with a plurality of devices hosted on the plurality of subnets;
  
  providing authentication information associated with a plurality of users for VPN access,wherein the VPN access for each user is determined based on the devices each user has permission to access;
  
  responsive to a triggering event, evaluating the address information to determine a subnet relevant to the triggering event; and
  
  automatically updating the authentication information based on the determination of the relevant subnet,wherein the step of providing the address information comprises providing a host name or an IP address associated with each device on the private network;
  
  wherein automatically updating the authentication information includes readjusting relevant permissions for a user; and
  
  dynamically creating a list of subnets for VPN access based on the devices each user has permission to access.
- View Dependent Claims (7, 8, 9)
- - 7. The method of claim 6, wherein the triggering event includes a type selected from the group consisting of:
    - addition of a new user;
      
      removal of an existing user;
      
      modification of permission of an existing user;
      
      addition of a new device;
      
      removal of an existing device; and
      
      relocation of an existing device to a different subnet.
  - 8. The method of claim 6, further comprising providing subnet information including host names or IP addresses hosted on each subnet;
    - wherein evaluating the address information includes evaluating the host names or IP addresses associated with the devices on the private network to determine the relevant subnet that host an IP address of a device corresponding to the triggering event.
  - 9. The method of claim 6, wherein providing the address information includes providing hardware inventory information in a hardware inventory database, wherein the hardware inventory database is updated in real-time when a device is added or removed from the private network.

10. A system for managing VPN access to a network partitioned into a plurality of subnetworks (subnets), the system comprising:
- at least one user computer;
  
  at least one server computer including the plurality of subnets;
  
  a first database having first information associated with hardware hosted on one or more subnets;
  
  a second database having second information associated with users for VPN access,wherein the VPN access for each user is determined by a list of hardware each user has permission to access; and
  
  a management module coupled to the first and second databases and operable to;
  
  detect a hardware triggering event corresponding to a modification of the first information of the first database; and
  
  responsive to the detection of the hardware triggering event, automatically update the second information of the second database based on the modification of the first information,wherein the first information comprises IP addresses or host names associated with the hardware on the network, and wherein the first database comprises a hardware inventory database that is updated in real-time when hardware is added or removed from the network;
  
  wherein the management module is operable to dynamically generate each user'"'"'s subnet requirements based on the list of hardware each user has permission to access and automatically update the second information by readjustinq relevant permissions for a user.
- View Dependent Claims (11)
- - 11. The system of claim 10, wherein the management module is operable to detect the hardware triggering event of a type selected from the group consisting of:
    - addition of new hardware;
      
      removal of existing hardware; and
      
      relocation of existing hardware to a different subnet.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Kyndryl Incorporated (Kyndryl Holdings, Inc.)
Original Assignee
Softlayer Technologies Incorporated (International Business Machines Corporation)
Inventors
Francis, William J., McAloon, Daniel
Primary Examiner(s)
Chan, Wing F
Assistant Examiner(s)
Thieu, Benjamin M

Application Number

US12/722,951
Publication Number

US 20110225286A1
Time in Patent Office

1,418 Days
Field of Search

709223-224, 709220-221, 709/229
US Class Current

709/224
CPC Class Codes

H04L 41/50   Network service management,...

H04L 63/0272   Virtual private networks

H04L 63/101   Access control lists [ACL]

Real-time automated virtual private network (VPN) access management

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

Citations

11 Claims

Specification

Solutions

Use Cases

Quick Links

Real-time automated virtual private network (VPN) access management

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

11 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links