Edge server selection for enhanced services network
First Claim
1. A method performed by a computing system implementing an enhanced services network, the method comprising:
- authenticating a client at one or more coordinating servers of a server system for one or more sessions of the client for the enhanced services network based on authentication information received from the client over a communications network;
maintaining a client-specific group of client-side edge servers available to the client across all sessions of the client for the enhanced services network in which the client-specific group of client-side edge servers is a limited subset of a domain of client-side edge servers of the enhanced services network, the client-specific group of client-side edge servers including a predefined quantity or proportion of the domain of client-side edge servers;
following a first authentication of the client for a session of the enhanced services network of the one or more sessions, directing a browser program of the client to establish a connection to a first client-side edge server of the client-specific group, the first client-side edge server facilitating, via a first set of one or more resource-side edge servers of the enhanced services network, at least a portion of the session between the client and one or more third-party network resources hosted by one or more third-party servers located outside of the enhanced services network by;
receiving, from the client, a first request initiated via the browser program for the one or more third-party network resources, establishing a virtual private network with the first set of one or more resource-side edge servers located along a communications path to the one or more third-party network resources, and processing the first request on-behalf of the client via the first client-side edge server and the first set of one or more resource-side edge servers; and
following a second authentication of the client for a subsequent session of the enhanced services network of the one or more sessions, directing the browser program of the client to establish a connection to a second client-side edge server of the client-specific group, the second client-side edge server facilitating, via a second set of one or more resource-side edge servers of the enhanced services network that differs from the first set, at least a portion of the subsequent session between the client and one or more third-party network resources hosted by one or more third-party servers located outside of the enhanced services network by;
receiving, from the client, a second request initiated via the browser program for the one or more third-party network resources, establishing a virtual private network with the second set of one or more resource-side edge servers located along a communications path to the one or more third-party network resources hosted by the one or more third-party servers, and processing the second request on-behalf of the client via the second client-side edge server and the second set of one or more resource-side edge servers.
3 Assignments
0 Petitions
Accused Products
Abstract
An enhanced services network provides enhanced privacy and/or security over public networks to client subscribers of the service. Client devices access the enhanced services network over a public communications network (e.g., the Internet, cellular network, etc.) via a client-side edge server of the enhanced services network. The enhanced services network interfaces with client-requested network resources hosted by third-party server devices via a resource-side edge server. The particular client-side edge server and/or resource-side edge server that is utilized for a particular client session may be selected by the enhanced services network according to a rule set. The rule set may seek to achieve one or more target goals, such as: (1) limit discoverability of the enhanced services network, (2) minimize or reduce geographic/network distance between an edge server and a target computing device, and/or (3) establish connections that are more secure than the connections originally requested by the client.
-
Citations
16 Claims
-
1. A method performed by a computing system implementing an enhanced services network, the method comprising:
-
authenticating a client at one or more coordinating servers of a server system for one or more sessions of the client for the enhanced services network based on authentication information received from the client over a communications network; maintaining a client-specific group of client-side edge servers available to the client across all sessions of the client for the enhanced services network in which the client-specific group of client-side edge servers is a limited subset of a domain of client-side edge servers of the enhanced services network, the client-specific group of client-side edge servers including a predefined quantity or proportion of the domain of client-side edge servers; following a first authentication of the client for a session of the enhanced services network of the one or more sessions, directing a browser program of the client to establish a connection to a first client-side edge server of the client-specific group, the first client-side edge server facilitating, via a first set of one or more resource-side edge servers of the enhanced services network, at least a portion of the session between the client and one or more third-party network resources hosted by one or more third-party servers located outside of the enhanced services network by; receiving, from the client, a first request initiated via the browser program for the one or more third-party network resources, establishing a virtual private network with the first set of one or more resource-side edge servers located along a communications path to the one or more third-party network resources, and processing the first request on-behalf of the client via the first client-side edge server and the first set of one or more resource-side edge servers; and following a second authentication of the client for a subsequent session of the enhanced services network of the one or more sessions, directing the browser program of the client to establish a connection to a second client-side edge server of the client-specific group, the second client-side edge server facilitating, via a second set of one or more resource-side edge servers of the enhanced services network that differs from the first set, at least a portion of the subsequent session between the client and one or more third-party network resources hosted by one or more third-party servers located outside of the enhanced services network by; receiving, from the client, a second request initiated via the browser program for the one or more third-party network resources, establishing a virtual private network with the second set of one or more resource-side edge servers located along a communications path to the one or more third-party network resources hosted by the one or more third-party servers, and processing the second request on-behalf of the client via the second client-side edge server and the second set of one or more resource-side edge servers. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A computing system, comprising:
-
one or more computer-readable information storage devices having instructions stored thereon, executable by one or more computing devices to; authenticate a first client for one or more sessions of an enhanced services network based on authentication information received from the first client over a communications network; select a first client-specific group of client-side edge servers of a domain of client-side edge servers of the enhanced services network that are available to the first client over all sessions of the enhanced services network, the first client-specific group of client-side edge servers including a predefined quantity or proportion forming a first limited subset of the domain of client-side edge servers; following a first authentication of the first client for a session of the enhanced services network, facilitate, via a first set of one or more resource-side edge servers of the enhanced services network, at least a portion of the session between the first client and one or more third-party network resources hosted by one or more third-party servers located outside of the enhanced services network by; establishing a virtual private network with the first set of one or more resource-side edge servers located along a communications path to the one or more third-party network resources, providing a proxy service for the first client that terminates connections and establishes new connections between the first client device and the one or more third-party network resources hosted by one or more third-party servers via the first client-side edge server and the first set of one or more resource-side edge servers; and following a second authentication of the first client for a subsequent session of the enhanced services network, facilitate, via a second set of one or more resource-side edge servers of the enhanced services network that differs from the first set, at least a portion of the subsequent session between the first client and one or more third-party network resources hosted by one or more third-party servers located outside of the enhanced services network by; establishing a virtual private network with the second set of one or more resource-side edge servers located along a communications path to the one or more third-party network resources, providing the proxy service for the first client that terminates connections and establishes new connections between the first client device and the one or more third-party network resources hosted by one or more third-party servers via the second client-side edge server and the second set of one or more resource-side edge servers. - View Dependent Claims (15, 16)
-
Specification