Providing virtualized private network tunnels
First Claim
1. A method, comprising:
- transmitting, to a mobile device, policy information that describes one or more policies for providing an application of the mobile device with access to at least one resource accessible through an access gateway;
receiving, by the access gateway, as part of a process of establishing a per-application policy-controlled virtual private network (VPN) tunnel for enabling the application with access to the at least one resource, a ticket configured to provide authentication in connection with establishing the per-application policy-controlled VPN tunnel, wherein the ticket includes a validity duration;
providing access to the at least one resource via the per-application policy-controlled VPN tunnel;
receiving, during the validity duration, the ticket at the access gateway to cause the per-application policy-controlled VPN tunnel to be re-established a first time;
closing the per-application policy-controlled VPN tunnel after re-establishing the per-application policy-controlled VPN tunnel the first time; and
after closing the per-application policy-controlled VPN tunnel, receiving, during the validity duration, the ticket at the access gateway to cause the per-application policy-controlled VPN tunnel to be re-established a second time.
8 Assignments
0 Petitions
Accused Products
Abstract
Various aspects of the disclosure relate to providing a per-application policy-controlled virtual private network (VPN) tunnel. In some embodiments, tickets may be used to provide access to an enterprise resource without separate authentication of the application and, in some instances, can be used in such a manner as to provide a seamless experience to the user when reestablishing a per-application policy controlled VPN tunnel during the lifetime of the ticket. Additional aspects relate to an access gateway providing updated policy information and tickets to a mobile device. Other aspects relate to selectively wiping the tickets from a secure container of the mobile device. Yet further aspects relate to operating applications in multiple modes, such as a managed mode and an unmanaged mode, and providing authentication-related services based on one or more of the above aspects.
-
Citations
20 Claims
-
1. A method, comprising:
-
transmitting, to a mobile device, policy information that describes one or more policies for providing an application of the mobile device with access to at least one resource accessible through an access gateway; receiving, by the access gateway, as part of a process of establishing a per-application policy-controlled virtual private network (VPN) tunnel for enabling the application with access to the at least one resource, a ticket configured to provide authentication in connection with establishing the per-application policy-controlled VPN tunnel, wherein the ticket includes a validity duration; providing access to the at least one resource via the per-application policy-controlled VPN tunnel; receiving, during the validity duration, the ticket at the access gateway to cause the per-application policy-controlled VPN tunnel to be re-established a first time; closing the per-application policy-controlled VPN tunnel after re-establishing the per-application policy-controlled VPN tunnel the first time; and after closing the per-application policy-controlled VPN tunnel, receiving, during the validity duration, the ticket at the access gateway to cause the per-application policy-controlled VPN tunnel to be re-established a second time. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. An apparatus, comprising:
-
at least one processor; and memory storing executable instructions configured to, when executed by the at least one processor, cause the apparatus to; transmit, to a mobile device, policy information that describes one or more policies for providing an application of the mobile device with access to at least one resource accessible through the apparatus; receive, as part of a process of establishing a per-application policy-controlled virtual private network (VPN) tunnel for enabling the application with access to the at least one resource, a ticket configured to provide authentication in connection with establishing the per-application policy-controlled VPN tunnel, wherein the ticket includes a validity duration; provide access to the at least one resource via the per-application policy-controlled VPN tunnel; receive, during the validity duration, the ticket to cause the per-application policy-controlled VPN tunnel to be re-established a first time; close the per-application policy-controlled VPN tunnel after re-establishing the per-application policy-controlled VPN tunnel the first time; and after closing the per-application policy-controlled VPN tunnel, receive, during the validity duration, the ticket to cause the per-application policy-controlled VPN tunnel to be re-established a second time. - View Dependent Claims (11, 12, 13, 14, 15)
-
-
16. One or more non-transitory computer-readable media storing instructions configured to, when executed, cause a computing device to:
-
transmit, to a mobile device, policy information that describes one or more policies for providing an application of the mobile device with access to at least one resource accessible through the computing device; receive, as part of a process of establishing a per-application policy-controlled virtual private network (VPN) tunnel for enabling the application with access to the at least one resource, a ticket configured to provide authentication in connection with establishing the per-application policy-controlled VPN tunnel, wherein the ticket includes a validity duration; provide access to the at least one resource via the per-application policy-controlled VPN tunnel; receive, during the validity duration, the ticket to cause the per-application policy-controlled VPN tunnel to be re-established a first time; close the per-application policy-controlled VPN tunnel after re-establishing the per-application policy-controlled VPN tunnel the first time; and after closing the per-application policy-controlled VPN tunnel, receive, during the validity duration, the ticket to cause the per-application policy-controlled VPN tunnel to be re-established a second time. - View Dependent Claims (17, 18, 19, 20)
-
Specification