Multi-layered secure equipment access
US-2024236045-A9 · Jul 11, 2024 · US
Per-application network content filtering
US11558490B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11558490-B2 |
| Application number | US-202117216140-A |
| Country | US |
| Kind code | B2 |
| Filing date | Mar 29, 2021 |
| Priority date | Aug 31, 2015 |
| Publication date | Jan 17, 2023 |
| Grant date | Jan 17, 2023 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Disclosed are various examples for providing network content filtering to client devices on a per-application basis. A network stack receives a request from an application to connect to a network service. The network stack then determines the identity of the application. Based at least in part on the identity of the application, the network stack initiates a network connection between the application and the network service using or without using a managed network tunnel.
First claim
Opening claim text (preview).
Therefore, the following is claimed: 1. A system, comprising: a client device comprising a processor and a memory; a management application comprising a first set of machine-readable instructions stored in the memory that, when executed by the processor, cause the client device to at least: authenticate with a device management service, receive at least one application routing rule from the device management service, and configure a network stack to enforce the at least one application routing rule; and the network stack comprising a second set of machine-readable instructions stored in the memory that, when executed by the processor, cause the client device to at least: receive a request from an application executing on the client device to connect to a network service, determine an identity of the application, determine whether to direct traffic from the application to a managed network tunnel based at least in part on the identity of the application and the at least one application routing rule, open the managed network tunnel in response to a determination that the traffic from the application is to be filtered, and initiate a network connection between the application and the network service through the managed network tunnel. 2. The system of claim 1 , wherein the network stack further causes the client device to at least route the traffic from the application to the network service through the managed network tunnel. 3. The system of claim 1 , wherein the managed network tunnel connects to the network service through a content filtering service that filters the traffic from the application according to one or more filtering rules. 4. The system of claim 3 , wherein the content filtering service monitors behavior of the application and blocks the traffic of the application if it corresponds to an unapproved behavior. 5. The system of claim 1 , wherein the application routing rule specifies whether to direct traffic from the application to the managed network tunnel based at least in part on the identity of the application and the network service. 6. The system of claim 1 , wherein the managed network tunnel is encrypted. 7. The system of claim 1 , wherein the managed network tunnel is an application layer network tunnel. 8. A method implemented by a client device, comprising authenticating, by a management application installed on the client device, the client device with a device management service; receiving, by the management application, at least one application routing rule from the device management service; configuring, by the management application, a network stack of the client device to enforce the at least one application routing rule; receiving, with the network stack of the client device, a request from an application executing on the client device to connect to a network service; determining, with the network stack of the client device, an identity of the application; determining, with the network stack of the client device, whether to direct traffic from the application to a managed network tunnel based at least in part on the identity of the application and the at least one application routing rule; opening, with the network stack of the client device, the managed network tunnel in response to a determination that the traffic from the application is to be filtered; and initiating, with the network stack of the client device, a network connection between the application and the network service through the managed network tunnel. 9. The method of claim 8 , further comprising routing, by the network stack of the client device, the traffic from the application to the network service through the managed network tunnel. 10. The method of claim 8 , wherein the managed network tunnel connects to the network service through a content filtering service that filters the traffic from the application according to one or more filtering rules. 11. The method of claim 10 , wherein the content filtering service monitors behavior of the application and blocks the traffic of the application if it corresponds to an unapproved behavior. 12. The method of claim 8 , wherein the at least one application routing rule specifies whether to direct traffic from the application to the managed network tunnel based at least in part on the identity of the application and the network service. 13. The method of claim 8 , wherein the managed network tunnel is encrypted. 14. The method of claim 8 , wherein the managed network tunnel is an application layer network tunnel. 15. A system, comprising a client device comprising a processor and a memory; machine-readable instructions stored in the memory and executable by the processor, the machine-readable instructions comprising a management means and a networking means, wherein the management means is for (i) authenticating with a device management service, (ii) receiving at least one application routing rule from the device management service, and (iii) configuring the networking means to enforce the at least one application routing rule; and the networking means is for (i) receiving a request from an application executing on the client device to connect to a network service, (ii) determining an identity of the application, (iii) determining whether to direct traffic from the application to a managed network tunnel based at least in part on the identity of the application and the at least one application routing rule, (iv) opening the managed network tunnel in response to a determination that the traffic from the application is to be filtered, and (v) initiating a network connection between the application and the network service through the managed network tunnel. 16. The system of claim 15 , wherein the networking means is additionally for routing the traffic from the application to the network service through the managed network tunnel. 17. The system of claim 15 , wherein the managed network tunnel connects to the network service through a content filtering means for filtering the traffic from the application according to one or more filtering rules. 18. The system of claim 17 , wherein the content filtering means is additional for monitoring behavior of the application and blocking the traffic of the application if it corresponds to an unapproved behavior. 19. The system of claim 15 , wherein the application routing rule specifies whether to filter traffic based at least in part on the identity of the application and the network service. 20. The system of claim 15 , wherein the managed network tunnel is encrypted.
Assignees
Inventors
Classifications
- H04L67/63Primary
Routing a service request depending on the request content or context · CPC title
- H04W4/50Primary
Service provisioning or reconfiguring · CPC title
Setup of application sessions (admission control or resource allocation in data switching networks H04L47/70) · CPC title
Single bridge functionality, e.g. connection of two networks over a single bridge · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11558490B2 cover?
- Disclosed are various examples for providing network content filtering to client devices on a per-application basis. A network stack receives a request from an application to connect to a network service. The network stack then determines the identity of the application. Based at least in part on the identity of the application, the network stack initiates a network connection between the appli…
- Who is the assignee on this patent?
- Airwatch Llc
- What technology area does this patent fall under?
- Primary CPC classification H04L67/63. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Jan 17 2023 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).