Security for remote access VPN
First Claim
1. A method comprising;
- generating, at a first device, key information for a virtual private network (VPN) connection between the first device and a second device;
wherein the key information comprises one or more session keys for a VPN session associated with the VPN connection;
generating, at the first device, a plurality of shares from the key information;
wherein the plurality of shares includes a first set of one or more shares and a second set of one or more shares;
wherein the first set of one or more shares is different than the second set of one or more shares;
causing the first set of one or more shares to be stored on a dongle that is paired to the first device;
causing the second set of one or more shares to be stored on the first device;
reconstructing the one or more session keys for the VPN session associated with the VPN connection using the first set of one or more shares and the second set of one or more shares;
resuming the VPN session based at least in part on the one or more session keys that were reconstructed using the first set of one or more shares and the second set of one or more shares.
1 Assignment
0 Petitions
Accused Products
Abstract
Techniques are disclosed for improving security in virtual private network. In one embodiment, key information is generated for a virtual private network (VPN) connection between a first device and a second device. A plurality of shares is then generated based on the key information. A first set of one or more shares is stored on a dongle that is paired to the first device. A second set of one or more shares is stored on the first device. In response to a request to resume the VPN connection, the first set of shares is retrieved from the dongle. The key information is reconstructed based on the first set of shares and the second set of shares. The reconstructed key information may then be used to resume the VPN connection.
76 Citations
19 Claims
-
1. A method comprising;
-
generating, at a first device, key information for a virtual private network (VPN) connection between the first device and a second device; wherein the key information comprises one or more session keys for a VPN session associated with the VPN connection; generating, at the first device, a plurality of shares from the key information; wherein the plurality of shares includes a first set of one or more shares and a second set of one or more shares; wherein the first set of one or more shares is different than the second set of one or more shares; causing the first set of one or more shares to be stored on a dongle that is paired to the first device; causing the second set of one or more shares to be stored on the first device; reconstructing the one or more session keys for the VPN session associated with the VPN connection using the first set of one or more shares and the second set of one or more shares; resuming the VPN session based at least in part on the one or more session keys that were reconstructed using the first set of one or more shares and the second set of one or more shares. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A non-transitory computer-readable medium storing instructions, which, when executed by one or more processors, cause performance of;
-
generating, at a first device, key information for a virtual private network (VPN) connection between the first device and a second device; wherein the key information comprises one or more session keys for a VPN session associated with the VPN connection; generating, at the first device, a plurality of shares from the key information; wherein the plurality of shares includes a first set of one or more shares and a second set of one or more shares; wherein the first set of one or more shares is different than the second set of one or more shares; causing the first set of one or more shares to be stored on a dongle that is paired to the first device; causing the second set of one or more shares to be stored on the first device; reconstructing the one or more session keys for the VPN session associated with the VPN connection using the first set of one or more shares and the second set of one or more shares; resuming the VPN session based at least in part on the one or more session keys that were reconstructed using the first set of one or more shares and the second set of one or more shares. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
-
-
18. An apparatus comprising;
-
one or more hardware processors; one or more stored sequences of instructions which, when executed by the one or more hardware processors, cause the apparatus to perform; generating, at the apparatus, key information for a virtual private network (VPN) connection between the apparatus and a second device; wherein the key information comprises one or more session keys for a VPN session associated with the VPN connection; generating, at the apparatus, a plurality of shares from the key information; wherein the plurality of shares includes a first set of one or more shares and a second set of one or more shares; wherein the first set of one or more shares is different than the second set of one or more shares; causing the first set of one or more shares to be stored on a dongle that is paired to the apparatus; causing the second set of one or more shares to be stored on the apparatus; reconstructing the one or more session keys for the VPN session associated with the VPN connection using the first set of one or more shares and the second set of one or more shares; resuming the VPN session based at least in part on the one or more session keys that were reconstructed using the set of one or more shares and the second set of one or more shares. - View Dependent Claims (19)
-
Specification