Secure access to remote resources over a network
First Claim
Patent Images
1. A method for securely accessing a remote resource on a private network, the method comprising:
- storing in a memory of a client computing device a routing rule for accessing a remote resource; and
executing instructions stored in the memory of the client computing device, wherein execution of the instructions by a processor;
provides to a routing table stored in the memory of the client computing device one or more initial routing rules for accessing a name server in the network, wherein the one or more initial routing rules are limited to one or more routing rules necessary for accessing the name server;
requests access to the remote resource by a client application stored in the memory of the client computing device using the name of the remote resource;
transmits to the name server an address resolution query for the name of the remote resource based on the one or more initial routing rules;
intercepts a reply from the name server intended for the client application, the reply including a network address corresponding to the name of the resource;
obtains from the memory the routing rule corresponding to the name of the requested resource;
determines that the client computing device is permitted to access the requested resource based on the routing rule;
generates a routing rule for the network address identified in the reply;
provides to the client application the routing rule for the network address generated from the intercepted reply; and
opens by the client application a secure connection with the remote network based on the routing rule.
13 Assignments
0 Petitions
Accused Products
Abstract
A client computer hosts a virtual private network tool to establish a virtual private network connection with a remote network. Upon startup, the virtual private network tool collects critical network information for the client computer, and sends this critical network information to an address assignment server in the remote network. The address assignment server compares the critical network information with a pool of available addresses in the remote network, and assigns addresses for use by the client computer that do not conflict with the addresses for local resources. The address assignment server also provides routing information for resources in the remote network to the virtual private network tool. The virtual private network tool will postpone loading this routing information into the routing tables of the client computer until the client computer requests access to a specific resource in the remote network. When the client computer requests access to a specific resource in the remote network, the virtual private network tool will only provide the routing table with the routing information for that specific remote resource.
126 Citations
16 Claims
-
1. A method for securely accessing a remote resource on a private network, the method comprising:
-
storing in a memory of a client computing device a routing rule for accessing a remote resource; and executing instructions stored in the memory of the client computing device, wherein execution of the instructions by a processor; provides to a routing table stored in the memory of the client computing device one or more initial routing rules for accessing a name server in the network, wherein the one or more initial routing rules are limited to one or more routing rules necessary for accessing the name server; requests access to the remote resource by a client application stored in the memory of the client computing device using the name of the remote resource; transmits to the name server an address resolution query for the name of the remote resource based on the one or more initial routing rules; intercepts a reply from the name server intended for the client application, the reply including a network address corresponding to the name of the resource; obtains from the memory the routing rule corresponding to the name of the requested resource; determines that the client computing device is permitted to access the requested resource based on the routing rule; generates a routing rule for the network address identified in the reply; provides to the client application the routing rule for the network address generated from the intercepted reply; and opens by the client application a secure connection with the remote network based on the routing rule. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A non-transitory computer-readable storage medium having embodied thereon a program, the program being executable by a processor to perform a method for securely accessing a remote resource on a private network, the method comprising:
-
providing to a routing table stored in a memory of a client computing device one or more initial routing rules for accessing a name server in the network, wherein the one or more initial routing rules are limited to the routing rules necessary for accessing the name server; requesting access to the remote resource by a client application stored in the memory of the client computing device using the name of the remote resource; transmitting to the name server an address resolution query for the name of the remote resource based on the one or more initial routing rules; intercepting a reply from the name server intended for the client application, the reply including a network address corresponding to the name of the resource; obtaining from the memory the routing rule corresponding to the name of the requested resource; determining that the client computing device is permitted to access the requested resource based on the routing rule; generating a routing rule for the network address identified in the reply; providing to the client application the routing rule for the network address generated from the intercepted reply; and opening by the client application a secure connection with the remote network based on the routing rule. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeSonicWALL US Holdings, Inc. (SonicWall Holdings Ltd.)
-
Original AssigneeAventail LLC
-
InventorsHoover, Paul Lawrence, Erickson, Rodger Del, Sauve, Bryan
-
Primary Examiner(s)Swearingen, Jeffrey R
-
Application NumberUS13/038,340Publication NumberTime in Patent Office1,981 DaysField of SearchNoneUS Class Current1/1CPC Class CodesG06F 21/6218 to a system of files or obj...H04L 12/4633 Interconnection of networks...H04L 12/4675 Dynamic sharing of VLAN inf...H04L 45/021 Ensuring consistency of rou...H04L 45/745 Address table lookup; Addre...H04L 61/5046 Resolving address allocatio...H04L 63/0227 Filtering policies mail mes...H04L 63/0272 Virtual private networksH04L 63/10 for controlling access to d...H04L 67/01 ProtocolsH04L 67/63 Routing a service request d...
