Network flow management for isolated virtual networks
US-10749808-B1 · Aug 18, 2020 · US
Per-app virtual private network tunnel for multiple processes
US10958480B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10958480-B2 |
| Application number | US-201816128548-A |
| Country | US |
| Kind code | B2 |
| Filing date | Sep 12, 2018 |
| Priority date | Jul 19, 2018 |
| Publication date | Mar 23, 2021 |
| Grant date | Mar 23, 2021 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Examples described herein include systems and methods for creating a per-app virtual private network (“VPN”) using hooking, even though an isolated process is used for networking functions. The isolated process can include networking functions of the WebView class for ANDROID. The application can start an HTTP proxy server to receive local HTTP requests. Then, the application can trigger a broadcast to the isolated process, causing the isolated process to route its HTTP requests to the HTTP proxy of the application. The application can then hook HTTP requests and send them to a virtual private network (“VPN”) tunnel server. This can allow an application to securely connect to enterprise files or data even though the networking functions occur in the isolated process.
First claim
Opening claim text (preview).
What is claimed is: 1. A method for creating a per-app virtual private network (“VPN”) based on multiple processes, comprising: executing an application process on a user device, the application process relying on an isolated process on the user device for network requests; setting a proxy server on the user device to run as part of the application process; setting the isolated process to send its network requests to the proxy server of the application process; receiving, from the isolated process, a network request at the proxy server of the application process; in an instance where the network request includes a user identifier that is shared with the application process, hooking, by the application process, the network request at the proxy server, wherein the hooking includes replacing a socket function call with an alternate function that specifies an address of a VPN tunnel server; and based on the hooking, contacting the VPN tunnel server to fulfill the network request at a destination server. 2. The method of claim 1 , wherein the application process registers the proxy server with an operating system by making an application programming interface call to the isolated process. 3. The method of claim 1 , wherein the isolated process handles networking capabilities for a WebView component of an ANDROID operating system. 4. The method of claim 1 , the method further comprising: sending traffic from the proxy server to the VPN tunnel server, wherein the VPN tunnel server is configured to send the traffic to the destination server specified by the network request of the isolated process; and receiving response traffic at the proxy server, the response traffic being forwarded by the VPN tunnel server from the destination server. 5. The method of claim 1 , wherein the proxy server only accepts network requests that include the user identifier. 6. The method of claim 1 , wherein the application process causes a browser executing on the user device to broadcast a proxy change to the isolated process, causing the isolated process to route the network request to the proxy server of the application process. 7. The method of claim 1 , wherein the VPN tunnel server encrypts data associated with the network request and ensures that the user device meets rules required to perform the network request. 8. A non-transitory, computer-readable medium comprising instructions that, when executed by a processor, perform stages for creating a per-app virtual private network (“VPN”) based on multiple processes, the stages comprising: executing an application process on a user device, the application process relying on an isolated process on the user device for network requests; setting a proxy server on the user device to run as part of the application process; setting the isolated process to send its network requests to the proxy server of the application process; receiving, from the isolated process, a network request at the proxy server of the application process; in an instance where the network request includes a user identifier that is shared with the application process, hooking, by the application process, the network request at the proxy server, wherein the hooking includes replacing a socket function call with an alternate function that specifies an address of a VPN tunnel server; and based on the hooking, contacting the VPN tunnel server to fulfill the network request at a destination server. 9. The non-transitory, computer-readable medium of claim 8 , wherein the application process registers the proxy server with an operating system by making an application programming interface call to the isolated process. 10. The non-transitory, computer-readable medium of claim 8 , wherein the isolated process handles networking capabilities for a WebView component of an ANDROID operating system. 11. The non-transitory, computer-readable medium of claim 8 , the stages further comprising: sending traffic from the proxy server to the VPN tunnel server, wherein the VPN tunnel server is configured to send the traffic to the destination server specified by the network request of the isolated process; and receiving response traffic at the proxy server, the response traffic being forwarded by the VPN tunnel server from the destination server. 12. The non-transitory, computer-readable medium of claim 8 , wherein the proxy server only accepts network requests that include the user identifier. 13. The non-transitory, computer-readable medium of claim 8 , wherein the application process causes a browser executing on the user device to broadcast a proxy change to the isolated process, causing the isolated process to route the network request to the proxy server of the application process. 14. The non-transitory, computer-readable medium of claim 8 , wherein the VPN tunnel server encrypts data associated with the network request and ensures that the user device meets rules required to perform the network request. 15. A system for creating a per-app virtual private network (“VPN”) based on multiple processes, comprising: a memory storage including a non-transitory, computer-readable medium comprising instructions; and a processor that executes the instructions to carry out stages of an application process on a user device, the stages comprising: executing an application process on a user device, the application process relying on an isolated process on the user device for network requests; setting a proxy server on the user device to run as part of the application process; setting the isolated process to send its network requests to the proxy server of the application process; receiving, from the isolated process, a network request at the proxy server; in an instance where the network request includes a user identifier that is shared with the application process, hooking, by the application process, the network request at the proxy server, wherein the hooking includes replacing a socket function call with an alternate function that specifies an address of a VPN tunnel server; and based on the hooking, contacting the VPN tunnel server to fulfill the network request at a destination server. 16. The system of claim 15 , wherein the application process registers the proxy server with an operating system by making an application programming interface call to the isolated process. 17. The system of claim 15 , wherein the isolated process handles networking capabilities for a WebView component of an ANDROID operating system. 18. The system of claim 15 , the stages further comprising: sending traffic from the proxy server to the VPN tunnel server, wherein the VPN tunnel server is configured to send the traffic to the destination server specified by the network request of the isolated process; and receiving response traffic at the proxy server, the response traffic being forwarded by the VPN tunnel server from the destination server. 19. The system of claim 15 , wherein the proxy server only accepts network requests that include the user identifier. 20. The system of claim 15 , wherein the VPN tunnel server encrypts data associated with the network request and ensures that the user device meets rules required to perform the network request.
Assignees
Inventors
Classifications
Provisioning of proxy services (store-and-forward switching systems in data switching networks H04L12/54) · CPC title
Interprogram communication · CPC title
Remote procedure calls [RPC]; Web services · CPC title
Hypervisor-specific management and integration aspects · CPC title
based on web technology, e.g. hypertext transfer protocol [HTTP] · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10958480B2 cover?
- Examples described herein include systems and methods for creating a per-app virtual private network (“VPN”) using hooking, even though an isolated process is used for networking functions. The isolated process can include networking functions of the WebView class for ANDROID. The application can start an HTTP proxy server to receive local HTTP requests. Then, the application can trigger a broa…
- Who is the assignee on this patent?
- Vmware Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L12/4641. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Mar 23 2021 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 4 related publications on this page (citations in our corpus or others sharing the same primary CPC).