System for connecting, securing and managing network devices with a dedicated private virtual network

US 10,542,572 B2
Filed: 01/26/2018
Issued: 01/21/2020
Est. Priority Date: 04/17/2015
Status: Active Grant

First Claim

Patent Images

1. A device comprising:

a memory component configured to store information associated with network settings;

a controller configured to control access of an external device of a network and an internal device of the network to one another when the external device is provided isolated network access, and wherein the controller is configured to control level access of the external device of the network to the internal device of the network and vice versa, wherein the level of access is based on a policy, and wherein the level of access is selected from a group consisting of full virtual network access, no virtual network access, and limited virtual network access; and

a private virtual network (PVN) router within the network, wherein the PVN router is configured to receive a request signal from the external device to establish an isolated network access via the network, and wherein the PVN router is further configured to transmit a response signal to the external device based on the network settings stored in the memory component and further based on the control access by the controller, wherein the response signal comprises a dedicated PVN to establish a connection between the external device and the network and further to establish the isolated network access, wherein the external device is inaccessible, automatically, by the internal device after the connection is established and without user configuration and wherein the internal device is inaccessible by the external device after the connection is established, wherein the internal device and the external device are associated with different users.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A device includes a database, a controller, and a PVN router. The database is configured to store network settings information and tracks devices connected to a network. The controller is configured to control access of devices to one another after establishing a connection to the network. The PVN router is configured to receive a provisioning request from a requesting to connect to the network. The PVN router is further configured to transmit a provisioning response to the requesting device based on instantiation of a PVN template received from the database. The PVN template is generated based on the network settings information and further based on the control access determined by the controller. The provisioning response establishes a connection between the requesting device and the network. The requesting device is inaccessible by a subset of devices already connected in the network after the connection is established and vice versa.

26 Citations

28 Claims

1. A device comprising:
- a memory component configured to store information associated with network settings;
  
  a controller configured to control access of an external device of a network and an internal device of the network to one another when the external device is provided isolated network access, and wherein the controller is configured to control level access of the external device of the network to the internal device of the network and vice versa, wherein the level of access is based on a policy, and wherein the level of access is selected from a group consisting of full virtual network access, no virtual network access, and limited virtual network access; and
  
  a private virtual network (PVN) router within the network, wherein the PVN router is configured to receive a request signal from the external device to establish an isolated network access via the network, and wherein the PVN router is further configured to transmit a response signal to the external device based on the network settings stored in the memory component and further based on the control access by the controller, wherein the response signal comprises a dedicated PVN to establish a connection between the external device and the network and further to establish the isolated network access, wherein the external device is inaccessible, automatically, by the internal device after the connection is established and without user configuration and wherein the internal device is inaccessible by the external device after the connection is established, wherein the internal device and the external device are associated with different users.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The device of claim 1, wherein presence of the external device remains unknown by the internal device after the connection is established, and wherein presence of the internal device remains unknown by the external device after the connection is established.
  - 3. The device of claim 1, wherein the memory component is configured to track devices connected to the network.
  - 4. The device of claim 1, wherein the network settings comprises an internet protocol, subnet size, default gateway, routing tables, and domain name system services.
  - 5. The device of claim 1, wherein the PVN router is further configured to receive a request from the external device, after the connection is established between the external device and the network, to provide access to the internal device, and wherein the controller is further configured to determine whether access to the internal device should be granted.
  - 6. The device of claim 5, wherein the PVN router is further configured to provide a signal to the external device to enable the external device to access the internal device in response to a determination by the controller that access should be granted.
  - 7. The device of claim 1, wherein the request signal from the external device to connect to the network is a provisioning request.
  - 8. The device of claim 1, wherein the PVN router is further configured to automatically discover new devices.
  - 9. The device of claim 1, wherein the dedicated PVN transmitted within a template to the external device.
  - 10. The device of claim 1, wherein the control access of the external device by the controller is configurable by network administrator.

11. A method comprising:
- receiving a request for connecting an external device of a network to the network and to provide an isolated network access to the external device;
  
  transmitting a dedicated private virtual network (PVN) response to the external device; and
  
  establishing a connection between the external device and the network, wherein the connection provides the isolated network level of access of the external device of the network to internal devices of the network and vice versa, wherein the level of access is based on a policy, and wherein the level of access is selected from a group consisting of full virtual network access, no virtual network access, and limited virtual network access, and wherein the external device is inaccessible, automatically, by at least one internal device of the network after the connection is established and without user configuration and wherein the at least one internal device is inaccessible by the external device after the connection is established, wherein the internal device and the external device are associated with different users.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
- - 12. The method of claim 11, wherein presence of the external device remains unknown by the internal device after the connection is established, and wherein presence of the internal device remains unknown by the external device after the connection is established.
  - 13. The method of claim 11, wherein the dedicated PVN is included in a template being transmitted and it includes an internet protocol, subnet size, default gateway, routing tables, and domain name system services.
  - 14. The method of claim 11 further comprising:
    - receiving a request from the external device, after the connection is established between the external device and the network, to provide access to the internal device; and
      
      determining whether access to the internal device should be granted.
  - 15. The method of claim 14 further comprising:
    - granting access to the external device in response to determining that access should be granted.
  - 16. The method of claim 14, wherein the determining whether to grant access is performed by a controller, and wherein the controller is dynamically configurable by a network administrator to modify access and a level of access.
  - 17. The method of claim 11, wherein the external device is accessible by another internal device of the network after the connection is established and wherein the another internal device is accessible by the external device after the connection is established.
  - 18. The method of claim 11 further comprising:
    - detecting another external device to be connected to the network.

19. A device comprising:
- a database configured to store network settings information and further configured to track devices connected to a network;
  
  a controller configured to control level of access of an external device to the network and internal devices of the network to one another after establishing a connection to the network, wherein the controller is configured to control the level of access of the external device of the network to the internal device of the network and vice versa based on a policy, and wherein the level of access is selected from a group consisting of full virtual network access, no virtual network access, and limited virtual network access; and
  
  a private virtual network (PVN) router configured to receive a provisioning request from a requesting device to connect to the network and to provide isolated network access to the requesting device, wherein the PVN router is further configured to transmit a provisioning response to the requesting device based on instantiation of a PVN template received from the database, wherein the PVN template is generated based on the network settings and further based on the control access determined by the controller, and wherein the provisioning response establishes a connection between the requesting device and the network to provide isolated network access to the requesting device, wherein the requesting device is inaccessible, automatically, by a subset of devices already connected in the network after the connection is established and without user configuration and wherein the subset of devices is inaccessible by the requesting device after the connection is established, wherein the internal device and the external device are associated with different users.
- View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27, 28)
- - 20. The device of claim 19, wherein the requesting device is accessible by another subset of devices already connected in the network after the connection is established and wherein the another subset of devices is accessible by the requesting device after the connection is established.
  - 21. The device of claim 19, wherein the requesting device is invisible to the subset of devices and wherein the subset of devices is invisible to the requesting device.
  - 22. The device of claim 19, wherein the controller is configurable in response to receiving instructions from a network administrator to modify accessibility of the requesting device to the subset of devices and vice versa prior to establishing the connection.
  - 23. The device of claim 19, wherein the PVN router is configured to receive a request from the requesting device, after the connection is established, to grant access to another device connected to the network that is not in the subset of devices.
  - 24. The device of claim 23, wherein the controller is configured to determine whether the requesting device should be given access to the another device connected to the network that is not in the subset of devices.
  - 25. The device of claim 24, wherein the controller is configured to provide access to the requesting device in response to determining that the requesting device should be given access to the another device connected to the network that is not in the subset of devices.
  - 26. The device of claim 19, wherein presence of the requesting device remains unknown by the subset of devices after the connection is established, and wherein presence of the subset of devices remains unknown by the requesting device after the connection is established.
  - 27. The device of claim 19, wherein the PVN template comprises information regarding an internet protocol, subnet size, default gateway, routing tables, and domain name system services.
  - 28. The device of claim 19, wherein the PVN router is further configured to automatically discover new devices.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Barracuda Networks Incorporated
Original Assignee
Barracuda Networks Incorporated
Inventors
Perone, Michael, Shi, Fleming
Primary Examiner(s)
Ly, Anh Vu H

Application Number

US15/881,019
Publication Number

US 20180152981A1
Time in Patent Office

725 Days
Field of Search

None
US Class Current
CPC Class Codes

H04L 12/4641   Virtual LANs, VLANs, e.g. v...

H04W 48/12   using downlink control channel

H04W 76/10   Connection setup

H04W 76/11   Allocation or use of connec...

H04W 88/16   Gateway arrangements

System for connecting, securing and managing network devices with a dedicated private virtual network

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

26 Citations

28 Claims

Specification

Solutions

Use Cases

Quick Links

System for connecting, securing and managing network devices with a dedicated private virtual network

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

26 Citations

28 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links