Device and method for virtual private network connection establishment

US 9,762,625 B2
Filed: 05/28/2014
Issued: 09/12/2017
Est. Priority Date: 05/28/2014
Status: Active Grant

First Claim

Patent Images

1. A method for use in virtual private network (VPN) communications, the method comprising:

at a client device;

receiving, from an application executed on the client device, a request to connect to a destination identified by a hostname;

performing a domain name system (DNS) lookup functionality on the hostname, the DNS lookup functionality returning an address, wherein performing the DNS lookup functionality includes,transmitting a DNS lookup to one or more trusted servers only, andsetting a DNS lookup timeout period based at least in part on one or more measured network parameters;

determining whether the returned address is a redirected address based on whether the returned address matches an entry in a stored list of redirected addresses;

determining whether a hypertext transmission protocol secure (HTTPS) probe configured for the hostname fails, wherein the HTTPS probe failing is indicative of a second destination being unavailable in a public network, wherein the HTTPS probe succeeding is indicative of the second destination being publicly available on the public network;

determining whether the returned address matches a cached route in which a transmission control protocol (TCP) connection establishment is unsuccessful, wherein the TCP connection establishment being unsuccessful is indicative of the destination being unavailable in the public network, wherein the TCP connection establishment succeeding is indicative of a connection being established with the destination on the public network; and

connecting to a VPN when;

the returned address is a redirected address;

the HTTPS probe fails;

orthe returned address matches the cached route and the TCP connection establishment is unsuccessful.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method, client device and non-transitory computer readable storage medium for connecting to a virtual private network (VPN). A request to connect to a destination identified by a hostname is received from an application executed on the client device and a domain name system (DNS) lookup functionality is performed on the hostname, the DNS lookup functionality returning an address. It is then determined whether the returned address is a redirected address, whether a hypertext transmission protocol secure (HTTPS) probe configured for the hostname fails, or whether the returned address matches a cached route in which a transmission control protocol (TCP) connection establishment is unsuccessful. If any of the returned address is a redirected address, the HTTPS probe fails or the returned address matches the cached route and the TCP connection establishment is unsuccessful, the client device is connected to the VPN.

Citations

20 Claims

1. A method for use in virtual private network (VPN) communications, the method comprising:
- at a client device;
  
  receiving, from an application executed on the client device, a request to connect to a destination identified by a hostname;
  
  performing a domain name system (DNS) lookup functionality on the hostname, the DNS lookup functionality returning an address, wherein performing the DNS lookup functionality includes,transmitting a DNS lookup to one or more trusted servers only, andsetting a DNS lookup timeout period based at least in part on one or more measured network parameters;
  
  determining whether the returned address is a redirected address based on whether the returned address matches an entry in a stored list of redirected addresses;
  
  determining whether a hypertext transmission protocol secure (HTTPS) probe configured for the hostname fails, wherein the HTTPS probe failing is indicative of a second destination being unavailable in a public network, wherein the HTTPS probe succeeding is indicative of the second destination being publicly available on the public network;
  
  determining whether the returned address matches a cached route in which a transmission control protocol (TCP) connection establishment is unsuccessful, wherein the TCP connection establishment being unsuccessful is indicative of the destination being unavailable in the public network, wherein the TCP connection establishment succeeding is indicative of a connection being established with the destination on the public network; and
  
  connecting to a VPN when;
  
  the returned address is a redirected address;
  
  the HTTPS probe fails;
  
  orthe returned address matches the cached route and the TCP connection establishment is unsuccessful.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 18, 19, 20)
- - 2. The method of claim 1, wherein, prior to performing the DNS lookup functionality, the method further comprises:
    - determining, by the client device, characteristics of a network to which the client device is attempting to connect; and
      
      establishing a connection to the VPN when the determined characteristics match predetermined characteristics.
  - 3. The method of claim 2, wherein the characteristics include at least one of an IP address of the DNS server that serves hosts on the network, a type of the network, or an identifier of the network.
  - 4. The method of claim 1, further comprising:
    - when the DNS lookup functionality fails to return an address, establishing a connection to the VPN.
  - 5. The method of claim 1, further comprising:
    - when the DNS lookup functionality is not completed prior to the expiration of the DNS lookup timeout period, establishing a connection to the VPN.
  - 6. The method of claim 1, wherein determining whether the returned address is a redirected address includes:
    - generating, by the client device, the list of redirected addresses by;
      
      sending a dummy hostname request;
      
      receiving a return address in response to the dummy hostname request; and
      
      storing, by the client device, in the list of redirected addresses, the return address received in response to the dummy hostname request.
  - 7. The method of claim 1, wherein the cached route is received from a VPN server, the cached route associated with a previous connection between the client device and the VPN.
  - 18. The method of claim 1, wherein performing the DNS lookup functionality further includes selecting a specific DNS server to perform the DNS lookup based on one of a previous use of the specific DNS server or a stored association between the hostname and the specific DNS server.
  - 19. The method of claim 1, wherein performing the DNS lookup functionality further includes transmitting a DNS lookup to a DNS server that is associated with a entity provided by the VPN.
  - 20. The method of claim 6, wherein sending a dummy hostname request occurs each time the client device connects to a new network.

8. A client device, comprising:
- communications circuitry; and
  
  a processor,wherein the processor and communications circuitry are configured to establish a connection to a virtual private network (VPN) by;
  
  receiving, from an application executed on the client device, a request to connect to a destination identified by a hostname;
  
  performing a domain name system (DNS) lookup functionality on the hostname, the DNS lookup functionality returning an address, wherein performing the DNS lookup functionality includes,transmitting a DNS lookup to one or more trusted servers only, andsetting a DNS lookup timeout period that is based on one or more measured network parameters;
  
  determining whether the returned address is a redirected address based on whether the returned address matches an entry in a stored list of redirected addresses;
  
  determining whether a hypertext transmission protocol secure (HTTPS) probe configured for the hostname fails, wherein the HTTPS probe failing is indicative of a second destination being unavailable in a public network, wherein the HTTPS probe succeeding is indicative of the second destination being publicly available on the public network;
  
  determining whether the returned address matches a cached route in which a transmission control protocol (TCP) connection establishment is unsuccessful, wherein the TCP connection establishment being unsuccessful is indicative of the destination being unavailable in the public network, wherein the TCP connection establishment succeeding is indicative of a connection being established with the destination on the public network; and
  
  connecting to the VPN when;
  
  the returned address is a redirected address;
  
  the HTTPS probe fails;
  
  orthe returned address matches the cached route and the TCP connection establishment is unsuccessful.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16)
- - 9. The client device of claim 8, further comprising:
    - a memory arrangement, wherein the memory arrangement stores a list of redirected addresses.
  - 10. The client device of claim 9, wherein the processor and the communications circuitry in determining whether the returned address is a redirected address are further configured to:
    - send a dummy hostname request; and
      
      receive a return address in response to the dummy hostname request, wherein the memory arrangement stores in the list of redirected addresses, the return address received in response to the dummy hostname request.
  - 11. The client device of claim 8, wherein the cached route is received from a VPN server, the cached route associated with a previous connection between the client device and the VPN.
  - 12. The client device of claim 8, wherein, prior to performing the DNS lookup functionality, the processor and the communications circuitry establish a connection to the VPN by:
    - determining characteristics of a network to which the client device is attempting to connect; and
      
      establishing a connection to the VPN when the determined characteristics match predetermined characteristics.
  - 13. The client device of claim 12, wherein the characteristics include at least one of an IP address of the DNS server that serves hosts on the network, a type of the network, or an identifier of the network.
  - 14. The client device of claim 8, wherein the processor and the communications functionality establish a connection to the VPN when the DNS lookup functionality fails to return the address.
  - 15. The client device of claim 8, wherein the processor and the communications functionality establish a connection to the VPN when the DNS lookup functionality is not completed prior to the expiration of the DNS lookup timeout period.
  - 16. The client device of claim 8, wherein the DNS lookup functionality is performed on one of a first DNS server associated with a currently connected network of the client device and a second DNS server associated with a request from the client device to the currently connected network to utilize the second DNS server.

17. A non-transitory computer readable storage medium with an executable program stored thereon, wherein the program instructs a microprocessor to perform operations comprising:
- receiving, at a client device, from an application executed on the client device, a request to connect to a destination identified by a hostname;
  
  performing, at the client device, a domain name system (DNS) lookup functionality on the hostname, the DNS lookup functionality returning an address, wherein performing the DNS lookup functionality includes,transmitting a DNS lookup to one or more trusted servers only, andsetting a DNS lookup timeout period that is based on one or more measured network parameters;
  
  determining, at the client device, whether the returned address is a redirected address based on whether the returned address matches an entry in a stored list of redirected addresses;
  
  determining, at the client device, whether a hypertext transmission protocol secure (HTTPS) probe configured for the hostname fails, wherein the HTTPS probe failing is indicative of a second destination being unavailable in a public network, wherein the HTTPS probe succeeding is indicative of the second destination being publicly available on the public network;
  
  determining, at the client device, whether the returned address matches a cached route in which a transmission control protocol (TCP) connection establishment is unsuccessful, wherein the TCP connection establishment being unsuccessful is indicative of the destination being unavailable in the public network, wherein the TCP connection establishment succeeding is indicative of a connection being established with the destination on the public network; and
  
  connecting to a virtual private network (VPN) when;
  
  the returned address is a redirected address;
  
  the HTTPS probe fails;
  
  orthe returned address matches the cached route and the TCP connection establishment is unsuccessful.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Apple Inc.
Original Assignee
Apple Inc.
Inventors
Pauly, Thomas F.
Primary Examiner(s)
Vu, Viet

Application Number

US14/289,308
Publication Number

US 20150350256A1
Time in Patent Office

1,203 Days
Field of Search

709227, 709230, 709225, 709228, 709229, 709219, 709218, 709239, 709223, 709224, 709238, 370401, 370235, 370236, 370351
US Class Current
CPC Class Codes

H04L 61/2514   between local and global IP...

H04L 61/4511   using domain name system [DNS]

H04L 63/0272   Virtual private networks

H04L 63/168   above the transport layer

H04L 65/1069   Session establishment or de...

H04L 67/02   based on web technology, e....

H04L 69/16   Implementation or adaptatio...

Device and method for virtual private network connection establishment

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Device and method for virtual private network connection establishment

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links