Creating a virtual private network (VPN) for a single app on an internet-enabled device or system
First Claim
1. A method of implementing a dedicated, non-shared virtual private network (VPN) between an application executing on a device and a VPN gateway, the method comprising:
- making a call to an operating system, the call being made by an app on the device;
re-directing the call to an app VPN-specific IP stack within the app making the call to the operating system, wherein said app VPN-specific IP stack builds one or more IP packets;
building one or more IP packets in the app VPN-specific IP stack;
encapsulating the one or more IP packets using IPsec in the app VPN-specific IP stack;
ensuring that only the app making the call to the operating system is utilizing the app VPN-specific IP stack to encapsulate the one or more IP packets, thereby preventing another app from using the dedicated, non-shared VPN; and
transmitting the encapsulated one or more IP packets from within the app to a transport module external to the app and in an operating system of the device for the purpose of transmission to an external VPN gateway, wherein the app VPN-specific IP stack is not integrated with the operating system.
3 Assignments
0 Petitions
Accused Products
Abstract
An Internet-enabled device, such as a smartphone, tablet, PC, wearable sensor, or household appliance, executes an application (or “app”) has its own VPN connection with a VPN gateway device. The app does not use the device-level or system VPN to connect with the gateway. The app, which may be security wrapped, is made more secure by having its own VPN tunnel with the gateway, wherein the VPN tunnel is not used by other apps running on the device. The conventional (or device-level) VPN connection is not used by the app(s). The app has its own IP stack, an HTTP proxy layer, an IPsec module, and a virtual data link layer which it uses to build IP packets, encapsulate them, and transmit them to a transport module in the device operating system, for example, a UDP module.
32 Citations
17 Claims
-
1. A method of implementing a dedicated, non-shared virtual private network (VPN) between an application executing on a device and a VPN gateway, the method comprising:
-
making a call to an operating system, the call being made by an app on the device; re-directing the call to an app VPN-specific IP stack within the app making the call to the operating system, wherein said app VPN-specific IP stack builds one or more IP packets; building one or more IP packets in the app VPN-specific IP stack; encapsulating the one or more IP packets using IPsec in the app VPN-specific IP stack; ensuring that only the app making the call to the operating system is utilizing the app VPN-specific IP stack to encapsulate the one or more IP packets, thereby preventing another app from using the dedicated, non-shared VPN; and transmitting the encapsulated one or more IP packets from within the app to a transport module external to the app and in an operating system of the device for the purpose of transmission to an external VPN gateway, wherein the app VPN-specific IP stack is not integrated with the operating system.
-
-
2. A method comprising:
-
receiving a first request from a first app running on a device to send first data; redirecting the first data to a first app virtual private network (VPN) Internet Protocol (IP) stack within the first app to generate a first plurality of IP packets, wherein said first app VPN IP stack builds a first one or more IP packets; encapsulating the first plurality of IP packets to form a first plurality of encapsulated IP packets, said encapsulating executed in the first app VPN IP stack for transmission using a first per-app VPN tunnel from the device to a VPN gateway; ensuring that only the first app is utilizing the first app VPN IP stack to encapsulate the first plurality of IP packets, thereby preventing another app from using the first per-app VPN tunnel; receiving a second request from a second app running on the device to send second data; redirecting the second data to a second app VPN IP stack within the second app to generate a second plurality of IP packets, wherein said second app VPN IP stack builds a second one or more IP packets; encapsulating the second plurality of IP packets to form a second plurality of encapsulated IP packets, said encapsulating executed in the second app VPN IP stack for transmission using a second per-app VPN tunnel from the device to the VPN gateway; and ensuring that only the second app is utilizing the second app VPN IP stack to encapsulate the second plurality of IP packets, thereby preventing another app from using the second per-app VPN tunnel. - View Dependent Claims (3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A device comprising:
-
an interface operable to receive a first request from a first app running on the device to send first data and to receive a second request from a second app running on the device to send second data, said interface functioning in an operating system of the device, external to the first app and the second app; and a processor operable to redirect the first data to a first app virtual private network (VPN) Internet Protocol (IP) stack within the first app making the first request to generate a first plurality of IP packets and to redirect the second data to a VPN second app IP stack within the second app making the second request to generate a second plurality of IP packets; wherein the first plurality of IP packets are encapsulated to form a first plurality of encapsulated IP packets for transmission using a first per-app VPN tunnel from the device to a VPN gateway and the second plurality of IP packets are encapsulated to form a second plurality of encapsulated IP packets for transmission using a second per-app VPN tunnel from the device to the VPN gateway. - View Dependent Claims (12, 13, 14, 15, 16)
-
-
17. A non-transitory computer readable medium comprising:
-
computer code for receiving a first request from a first app running on a device to send first data; computer code for redirecting the first data to a first app VPN Internet Protocol (IP) stack, within the first app to generate a first plurality of IP packets, wherein said first app VPN IP stack builds a first one or more IP packets; computer code for encapsulating the first plurality of IP packets to form a first plurality of encapsulated IP packets, said encapsulating executed in the first app VPN IP stack, for transmission using a first per-app VPN tunnel from the device to the VPN gateway; computer code for ensuring that only the first app is utilizing the first app VPN IP stack to encapsulate the first plurality of IP packets, thereby preventing another app from using the first per-app VPN tunnel; computer code for receiving a second request from a second app running on the device to send second data; computer code for redirecting the second data to a second app VPN IP stack, within the second app, to generate a second plurality of IP packets; computer code for encapsulating the second plurality of IP packets to form a second plurality of encapsulated IP packets, said encapsulating executed in the first app VPN IP stack, for transmission using a second per-app VPN tunnel from the device to the VPN gateway; and computer code for ensuring that only the second app is utilizing the second app VPN IP stack to encapsulate the second plurality of IP packets, thereby preventing another app from using the second per-app VPN tunnel.
-
Specification