System and method for establishing a virtual private network

US 8,726,006 B2
Filed: 08/21/2012
Issued: 05/13/2014
Est. Priority Date: 06/30/2004
Status: Active Grant

First Claim

Patent Images

1. A system comprising:

a program executing on a client establishing a connection with a device intermediary to the client and a server;

a driver of the client intercepting a packet transmitted by an application of the client to the server and providing the intercepted packet to the program; and

wherein the program performs additional processing of the intercepted packet, comprising encapsulating payload from the intercepted packet, before transmitting the encapsulated payload of the intercepted packet via the connection.

View all claims

11 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for establishing a virtual private network (VPN) between a client and a private data communication network. An encrypted data communication session, such as a Secure Sockets Layer (SSL) data communication session, is established between a gateway and the client over a public data communication network. The gateway then sends a programming component to the client for automatic installation and execution thereon. The programming component operates to intercept communications from client applications destined for resources on the private data communication network and to send the intercepted communications to the gateway via the encrypted data communication session instead of to the resources on the private data communication network.

Citations

20 Claims

1. A system comprising:
- a program executing on a client establishing a connection with a device intermediary to the client and a server;
  
  a driver of the client intercepting a packet transmitted by an application of the client to the server and providing the intercepted packet to the program; and
  
  wherein the program performs additional processing of the intercepted packet, comprising encapsulating payload from the intercepted packet, before transmitting the encapsulated payload of the intercepted packet via the connection.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The system of claim 1, wherein the additional processing comprises encrypting at least the payload of the intercepted packet.
  - 3. The system of claim 1, wherein the additional processing comprises Domain Name Service (DNS) name resolution.
  - 4. The system of claim 1, wherein the additional processing comprises dynamically changing internet protocol addresses.
  - 5. The system of claim 1, wherein the additional processing comprises keeping a log regarding the intercepted packet.
  - 6. The system of claim 1, wherein the additional processing comprises keeping statistics regarding the intercepted packet.
  - 7. The system of claim 1, wherein the additional processing comprises integrating with a global server load balancing system.
  - 8. The system of claim 1, wherein the program transmits the payload from the intercepted packet to the device via the connection.
  - 9. The system of claim 1, wherein the program executes at an application layer of a network stack of the client and the driver operates at one or more layers below the application layer.
  - 10. The system of claim 1, wherein the program terminates an end point of the connection with the device and the driver terminates a second connection of the application to the server.

11. A system comprising:
- a device intermediary to a client and a server, the device establishing a first connection with a program executing on the client, the program encapsulating payload from a packet intercepted by a driver from a transmission by an application of the client of the packet to the server, encrypting the encapsulated payload and transmitting communications comprising the encrypted encapsulated payload;
  
  wherein the device decrypts the communications received from the program and destined for the server; and
  
  wherein the device performs additional processing of the decrypted communications before transmitting to the server via a second connection between the device and the server.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The system of claim 11, wherein the device responsive to a request from the client to access the server, transmits the program to the client for installation and execution on the client, the program upon execution, installing a driver in a network stack of the client.
  - 13. The system of claim 12, wherein the driver intercepts communications from the application and redirects the communications to the program.
  - 14. The system of claim 11, wherein the additional processing comprises re-encrypting the decrypted communications before transmission to the server.
  - 15. The system of claim 11, wherein the additional processing comprises load balancing the decrypted communications before transmission to the server.
  - 16. The system of claim 11, wherein the additional processing comprises compressing the decrypted communications before transmission to the server.
  - 17. The system of claim 11, wherein the additional processing comprises serving a response out of a cache of the device rather than transmitting the decrypted communications to the server.
  - 18. The system of claim 11, wherein the additional processing comprises performing defense against denial of service attacks.
  - 19. The system of claim 11, wherein the additional processing comprises performing virus scanning of the decrypted communications.
  - 20. The system of claim 11, wherein responsive to transmitting the communications to the server, the device receives via the second connection a response from the server and encrypts and transmits the encrypted response via the first connection to the program.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Citrix Systems, Inc. (Cloud Software Group)
Original Assignee
Citrix Systems, Inc. (Cloud Software Group)
Inventors
Sundarrajan, Prabakar, He, Junxiao, Soni, Ajay, Nanjundaswamy, Shashidhara, Kumar, Arkesh
Primary Examiner(s)
Abrishamkar, Kaveh

Application Number

US13/590,630
Publication Number

US 20120317411A1
Time in Patent Office

630 Days
Field of Search

None
US Class Current

713/151
CPC Class Codes

H04L 63/0272   Virtual private networks

H04L 63/029   Firewall traversal, e.g. tu...

H04L 63/0428   wherein the data content is...

H04L 63/164   at the network layer

H04L 63/166   at the transport layer

H04L 67/289   Intermediate processing fun...

H04L 67/34   involving the movement of s...

H04L 67/563   Data redirection of data ne...

System and method for establishing a virtual private network

First Claim

11 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for establishing a virtual private network

First Claim

11 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links