Gateway device for terminating a large volume of VPN connections
First Claim
1. A method of communicating through a virtual private network (VPN) tunnel between a first application (app) on a device and a VPN gateway, the method comprising:
- transmitting an internally unique internet protocol (IP) address from the VPN gateway to the first app;
transmitting an app federation cookie from the VPN gateway to the first app after determining that the first app is in a federation of wrapped apps on the device;
sharing the app federation cookie with a second app in the federation of wrapped apps;
assigning the second app the same internally unique IP address;
transmitting a first range of ports to the first app, wherein the first app uses a port in the first port range as a source port for data transmission from the first app to the VPN gateway, wherein the first port range comprises a plurality of ports not included in a second port range transmitted to the second app having the same internally unique IP address as the first app;
receiving, at the VPN gateway, a data transmission from the first app; and
determining, at the VPN gateway, that the data transmission originated from the first app based on the source port.
3 Assignments
0 Petitions
Accused Products
Abstract
A VPN gateway device is able to assign, manage, and terminate a large volume of connections from apps executing on devices, enabling a large scale per-app VPN mobile environment. When a mobile device user opens an app on a mobile device, a VPN gateway transmits a unique IP address to the app. The gateway also transmits an app federation cookie to the app. The app shares the app federation cookie with a second app. The VPN gateway then assigns the second app the same unique IP address. The gateway then transmits a range of ports to the first app. The app uses a port in the range of ports for data transmission from the device to the VPN gateway. The gateway receives a data transmission from the first app via a VPN and determines that the data transmission originated from the first app based on the source port.
-
Citations
20 Claims
-
1. A method of communicating through a virtual private network (VPN) tunnel between a first application (app) on a device and a VPN gateway, the method comprising:
-
transmitting an internally unique internet protocol (IP) address from the VPN gateway to the first app; transmitting an app federation cookie from the VPN gateway to the first app after determining that the first app is in a federation of wrapped apps on the device; sharing the app federation cookie with a second app in the federation of wrapped apps; assigning the second app the same internally unique IP address; transmitting a first range of ports to the first app, wherein the first app uses a port in the first port range as a source port for data transmission from the first app to the VPN gateway, wherein the first port range comprises a plurality of ports not included in a second port range transmitted to the second app having the same internally unique IP address as the first app; receiving, at the VPN gateway, a data transmission from the first app; and determining, at the VPN gateway, that the data transmission originated from the first app based on the source port. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A system of communicating through a virtual private network (VPN) tunnel between a first application (app) on a device and a VPN gateway, the system comprising:
-
logic for transmitting an internally unique internet protocol (IP) address and an app federation cookie from a VPN gateway to the first app on the device after determining that the first app is in a federation of wrapped apps on the device, wherein the app federation cookie is shared with a second app in the federation of wrapped apps after determining that the second app is in the federation of wrapped apps on the device and the second app is assigned the same internally unique IP address; logic for transmitting a first range of ports from the VPN gateway to the first app, wherein the first app uses a port in the first port range as a source port for data transmission from the first app to the VPN gateway, wherein the first port range comprises a plurality of ports not included in a second port range transmitted to the second app; logic for receiving, at the VPN gateway, a data transmission from the first app; and logic for determining, at the VPN gateway, that the data transmission originated from the first app based on the source port. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A virtual private network (VPN) gateway comprising:
-
an output interface configured to transmit an internally unique internet protocol (IP) address and an app federation cookie from the virtual private network (VPN) gateway to a first application (app) on a device app after determining that the first app is in a federation of wrapped apps on the device, wherein the app federation cookie is shared with a second app in the federation of wrapped apps and the second app is assigned the same internally unique IP address, wherein the output interface is further configured to transmit a first range of ports from the VPN gateway to the first app, wherein the first app uses a port in the first port range as a source port for data transmission from the first app to the VPN gateway, wherein the first port range comprises a plurality of ports not included in a second port range transmitted to the second app; an input interface, at the VPN gateway, configured to receive a data transmission from the first app; a mapping mechanism configured to associate the first port range with the first app; a VPN gateway processor configured to determine that the data transmission originated from the first app based on the source port. - View Dependent Claims (18, 19, 20)
-
Specification