METHOD AND SYSTEMS FOR ROUTING PACKETS FROM AN ENDPOINT TO A GATEWAY

US 20100002693A1
Filed: 09/10/2009
Published: 01/07/2010
Est. Priority Date: 07/23/2004
Status: Active Grant

First Claim

Patent Images

1. A method for routing packets from an endpoint to a gateway, the method comprising:

(a) receiving, by a driver of a process for providing secure communications to a gateway from an endpoint, a filtering table;

(b) intercepting, by the driver, an outbound packet, the driver terminating a first transport layer connection with an application of the endpoint;

(c) transmitting, by the driver, the outbound packet to a client application, responsive to receiving the filtering table, the client application providing a second transport layer connection from the endpoint to the gateway; and

(d) transmitting, by the client application, the outbound packet to the gateway responsive to an application of a policy to the outbound packet.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for routing packets from an endpoint to a gateway includes receiving, by a driver of a process for providing secure communications to a gateway from an endpoint, a filtering table. The driver may intercept an outbound packet, the driver terminating a first transport layer connection with an application of the endpoint. The driver may transmit the outbound packet to a client application, responsive to the filtering table. The client application provides a second transport layer connection from the endpoint to the gateway. Responsive to an application of a policy to the outbound packet, the client application may transmit the outbound packet to the gateway.

118 Citations

View as Search Results

20 Claims

1. A method for routing packets from an endpoint to a gateway, the method comprising:
- (a) receiving, by a driver of a process for providing secure communications to a gateway from an endpoint, a filtering table;
  
  (b) intercepting, by the driver, an outbound packet, the driver terminating a first transport layer connection with an application of the endpoint;
  
  (c) transmitting, by the driver, the outbound packet to a client application, responsive to receiving the filtering table, the client application providing a second transport layer connection from the endpoint to the gateway; and
  
  (d) transmitting, by the client application, the outbound packet to the gateway responsive to an application of a policy to the outbound packet.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein step (a) further comprises receiving the filtering table from a client application.
  - 3. The method of claim 1, wherein step (c) further comprises transmitting information about the outbound packet to the client application.
  - 4. The method of claim 1, wherein step (c) further comprises transmitting the outbound packet to the client application, responsive to a routing table.
  - 5. The method of claim 1, wherein step (c) further comprises transmitting the outbound packet to a port monitored by the client application.
  - 6. The method of claim 1, wherein step (d) further comprises authentication, by the client application, of the endpoint to the gateway.
  - 7. The method of claim 1, wherein step (d) further comprises encrypting, by the client application, the outbound packet.
  - 8. The method of claim 1, wherein step (d) further comprises establishing, by the client application, a secure sockets layer (SSL) tunnel via the second transport layer connection to the gateway.
  - 9. The method of claim 1, further comprising the step of transmitting an encrypted outbound packet to the gateway via an SSL tunnel to the gateway.

10. A device for routing packets to a gateway, the device comprising:
- a filter of a process for providing secure communications to a gateway, intercepting an outbound packet and transmitting the outbound packet, responsive to a filter table, the filter terminating a first transport layer connection of an application; and
  
  a client application, in communication with the filter, receiving the outbound packet, the client application providing a second transport layer connection to the gateway and determining to transmit the outbound packet to the gateway, responsive to applying a policy to the outbound packet.
- View Dependent Claims (11, 12)
- - 11. The device of claim 10, wherein the filter comprises a driver that complies with a Network Driver Interface Specification (NDIS).
  - 12. The device of claim 10, wherein the filter transmits the outbound packet to the client application, responsive to a routing table.

13. A system for routing packets to a gateway, the system comprising:
- a computer system providing a gateway, comprising a kernel and an application space, receiving at least one outbound packet; and
  
  a device, in communication with the computer system, comprising;
  
  a filter of a process for providing secure communications to a gateway from the device, intercepting an outbound packet and transmitting the outbound packet, responsive to a filter table, the filter terminating a first transport layer connection of an application; and
  
  a client application, in communication with the filter, receiving the outbound packet, the client application providing a second transport layer connection to the gateway and determining to transmit the outbound packet to the gateway, responsive to applying a policy to the outbound packet.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
- - 14. The system of claim 13, wherein the filter comprises a driver.
  - 15. The system of claim 14, wherein the driver complies with a Network Driver Interface Specification (NDIS).
  - 16. The system of claim 13, wherein the filter and the client application reside on a computer system.
  - 17. The system of claim 13, wherein the filter executes in kernel mode.
  - 18. The system of claim 13, wherein the process executes in kernel mode.
  - 19. The system of claim 13, wherein the client application is a second process.
  - 20. The system of claim 19, wherein the second process executes in user mode.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Citrix Systems, Inc. (Cloud Software Group)
Original Assignee
Citrix Systems, Inc. (Cloud Software Group)
Inventors
Rao, Goutham P., Brueggemann, Eric R., Rodriguez, Robert A.

Granted Patent

US 8,019,868 B2
Time in Patent Office

Days
Field of Search
US Class Current

370/389
CPC Class Codes

H04L 12/2856   Access arrangements, e.g. I...

H04L 12/2898   Subscriber equipments DSL m...

H04L 45/00   Routing or path finding of ...

H04L 45/72   Routing based on the source...

H04L 47/20   Traffic policing

H04L 61/00   Network arrangements, proto...

H04L 61/2514   between local and global IP...

H04L 61/2557   Translation policies or rules

H04L 63/0227   Filtering policies mail mes...

H04L 63/0272   Virtual private networks

H04L 63/101   Access control lists [ACL]

H04L 63/164   at the network layer

H04L 63/166   at the transport layer

H04L 63/20   for managing network securi...

METHOD AND SYSTEMS FOR ROUTING PACKETS FROM AN ENDPOINT TO A GATEWAY

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

118 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD AND SYSTEMS FOR ROUTING PACKETS FROM AN ENDPOINT TO A GATEWAY

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

118 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links