Systems and methods for application-specific access to virtual private networks
First Claim
Patent Images
1. A method, comprising:
- generating, by an application executing on a device, a request for a network data flow to a private network;
comparing identification information associated with the application against a set of rules stored on the memory, wherein the set of rules identifies conditions for the application to be authorized to access the private network;
diverting the network data flow to a virtual private network (VPN) tunnel as opposed to entering a Transport Connection Protocol (TCP)/Internet Protocol (IP) stack;
determining if the application specifies a destination by hostname;
resolving the hostname for the destination at VPN plugin in response to the application specified hostname;
opening a flow divert socket for application data to flow between the application and a data transportation component of the device in response to the application not specifying the destination by hostname or after successfully resolving the hostname for the destination host;
establishing a connection for the network data flow upon the identification information satisfying the identified conditions for the application to access the private network; and
directing, by the data transportation component, the network data flow directly to the private network.
1 Assignment
0 Petitions
Accused Products
Abstract
Described herein are systems and methods utilizing application-specific access to a virtual private network (“VPN”). A method may comprise receiving, from an application executing on a device, a request for a network data flow to a private network, comparing identification information associated with the application against a set of rules stored on a memory of the device, wherein the set of rules identifies conditions for the application to be authorized to access the private network, and establishing a connection for the network data flow upon the identification information satisfying the conditions for the application to access the private network.
27 Citations
18 Claims
-
1. A method, comprising:
-
generating, by an application executing on a device, a request for a network data flow to a private network; comparing identification information associated with the application against a set of rules stored on the memory, wherein the set of rules identifies conditions for the application to be authorized to access the private network; diverting the network data flow to a virtual private network (VPN) tunnel as opposed to entering a Transport Connection Protocol (TCP)/Internet Protocol (IP) stack; determining if the application specifies a destination by hostname; resolving the hostname for the destination at VPN plugin in response to the application specified hostname; opening a flow divert socket for application data to flow between the application and a data transportation component of the device in response to the application not specifying the destination by hostname or after successfully resolving the hostname for the destination host; establishing a connection for the network data flow upon the identification information satisfying the identified conditions for the application to access the private network; and directing, by the data transportation component, the network data flow directly to the private network. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A device, comprising:
-
a memory storing a plurality of rules; and a processor coupled to the memory and configured to; receive a request for a network data flow to a private network from an application executing on the device; compare identification information associated with the application against a set of rules of the plurality of rules stored on the device, wherein the set of rules identifies conditions for the application to be authorized to access the private network; divert the network data flow to a virtual private network (VPN) tunnel as opposed to enter a Transport Connection Protocol (TCP)/Internet Protocol (IP) stack; determine if the application specifies a destination by hostname; resolve the hostname for the destination at VPN plugin in response to the application specified hostname; open a flow divert socket for application data to flow between the application and a data transportation component of the device in response to the application not specifying the destination by hostname or after successfully resolving the hostname for the destination host; establish a connection for the network data flow upon the identification information satisfying the identified conditions for the application to access the private network; and direct, by the data transportation component, the network data flow directly to the private network. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A non-transitory computer readable storage medium with an executable program stored thereon and executed by a processor to cause the processor to perform a set of actions, the actions comprising:
-
receiving, from an application executing on a device, a request for a network data flow to a private network; comparing identification information associated with the application against a set of rules stored on the memory, wherein the set of rules identifies conditions for the application to be authorized to access the private network; diverting the network data flow to a virtual private network (VPN) tunnel as opposed to entering a Transport Connection Protocol (TCP)/Internet Protocol (IP) stack; determining if the application specifies a destination by hostname; resolving the hostname for the destination at VPN plugin in response to the application specified hostname; opening a flow divert socket for application data to flow between the application and a data transportation component of the device in response to the application not specifying the destination by hostname or after successfully resolving the hostname for the destination host; establishing a connection for the network data flow upon the identification information satisfying the identified conditions for the application to access the private network; and directing, by the data transportation component, the network data flow directly to the private network. - View Dependent Claims (16, 17, 18)
-
Specification