Determining security of local area network
US-2024372862-A1 · Nov 7, 2024 · US
Application-aware connection for network access client
US9608962B1 · US · B1
| Field | Value |
|---|---|
| Publication number | US-9608962-B1 |
| Application number | US-201313938194-A |
| Country | US |
| Kind code | B1 |
| Filing date | Jul 9, 2013 |
| Priority date | Jul 9, 2013 |
| Publication date | Mar 28, 2017 |
| Grant date | Mar 28, 2017 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Virtual private network (VPN)-related techniques are described. The techniques provide intuitive mechanisms by which a client device more efficiently establishes a VPN connection. In one example, a client device includes a memory, processor(s), and a VPN handler. The VPN handler is configured to monitor actions initiated by one or more applications executable by the programmable processor(s), and determine whether each of the initiated actions requires a VPN connection via which to transmit outbound data traffic corresponding to a respective application of the one or more applications. The VPN handler is further configured to, in response to a detection that at least one initiated action requires the VPN connection via which to transmit the outbound data traffic, automatically establish the VPN connection to couple the client device to an enterprise network, and transmit the outbound data traffic corresponding to the respective application, via the VPN connection.
First claim
Opening claim text (preview).
What is claimed is: 1. A method comprising: monitoring, by a client device, one or more application-layer communications output by a plurality of applications installed on the client device and to be transmitted over a network; processing, by the client device, the monitored application-layer communications to determine one or more application-level parameters within the application-layer communications to identify actions associated with at least one of (i) an initial execution of an inactive application of the monitored one or more applications, or (ii) a particular use of an active application of the monitored one or more applications; prior to generating outbound data traffic associated with the application-layer communications and to be transmitted over the network, determining, by the client device, based on the monitored one or more application-layer communications, whether any of the identified actions requires a secure data connection via which to transmit the outbound data traffic; in response to detecting, based on the monitored one or more application-layer communications, that at least one identified action requires the secure data connection via which to transmit first outgoing data traffic of the outbound data traffic, the first outgoing data traffic being associated with a first application, automatically establishing, by the client device, the secure data connection to couple the client device to an enterprise network; determining, by the client device, based on the monitored one or more application-layer communications, that second outgoing data traffic of the outbound data traffic does not require the secure data connection, the second outgoing traffic being associated with a second application of the plurality of applications; transmitting, by the client device, the first outgoing data traffic corresponding to the first application, via the secure data connection; and transmitting, by the client device, the second outgoing traffic, via a connection to a public network, while the secure data connection is active. 2. The method of claim 1 , wherein detecting that the at least one identified action requires the secure data connection comprises: determining, by the client device that the first application is inactive; determining, by the client device, that all data transmission associated with the first application requires the secure data connection via which to transmit the first outgoing data traffic; and detecting, by the client device, based on the monitored one or more application-layer communications, the initial execution of the first application. 3. The method of claim 1 , wherein detecting that the at least one identified action requires the secure data connection comprises: determining, by the client device, that the first application is active; determining, by the client device, that the particular use of the first application requires the secure data connection via which to transmit the first outgoing data traffic; and detecting, by the client device, based on the monitored one or more application-layer communications, that the particular use of the first application has occurred. 4. The method of claim 1 , further comprising: detecting, by the client device, based on the monitored one or more application-layer communications, that no action of the identified actions requires the secure data connection via which to transmit the outbound data traffic; and responsive to detecting that no action of the identified actions requires the secure data connection, deactivating, by the client device, the secure data connection. 5. The method of claim 4 , further comprising: implementing, by the client device, a counter associated with the identified actions that require the secure data connection via which to transmit the outbound data traffic, wherein detecting that no action of the identified actions requires the secure data connection via which to transmit the outbound data traffic comprises detecting, by the client device, that the counter is associated with a zero value. 6. The method of claim 1 , further comprising: implementing, by the client device, a counter associated with the identified actions that require the secure data connection via which to transmit the outbound data traffic, wherein detecting that the at least one identified action requires the secure data connection via which to transmit the first outgoing data traffic corresponding to the first application comprises: detecting, by the client device, a transition of the counter from a value of zero to a value that is greater than zero. 7. The method of claim 1 , wherein determining, based on the monitored one or more application-layer communications, whether each of the identified actions requires the secure data connection via which to transmit the outbound data traffic comprises: determining, by the client device, based on the monitored one or more application-layer communications, whether each respective application of the plurality of applications is included in a predetermined list of applications maintained by the client device with respect to the secure data connection. 8. The method of claim 1 , wherein the secure data connection is a first secure data connection, and wherein the at least one identified action that requires the first secure data connection is a first identified action, the method further comprising: detecting, by the client device, based on the monitored one or more application-layer communications, that a second action of the identified actions requires a second secure data connection via which to transmit third outgoing data traffic of the outbound data traffic, the third outgoing data traffic corresponding to a third application of the plurality of applications; and in response to detecting the second action that requires the second secure data connection via which to transmit the third outgoing data traffic corresponding to the third application of the plurality of applications: transmitting, by the client device, the third outgoing data traffic corresponding to the third application, via the second secure data connection. 9. A client device comprising: a memory; one or more programmable processors coupled to the memory; and a virtual private network (VPN) handler coupled to the one or more programmable processors, the VPN handler being configured to: monitor one or more application-level parameters passed by a plurality of applications executable by the one or more processors to identify actions associated with at least one of (i) an initial execution of an inactive application of the monitored one or more applications, or (ii) a particular use of an active application of the monitored one or more applications; prior to generating outbound data traffic associated with the application-level parameters, determine, based on the monitored one or more application-level parameters, whether any of the identified actions requires a VPN connection via which to transmit the outbound data traffic; in response to a detection, based on the monitored one or more application-level parameters, that at least one identified action requires the VPN connection via which to transmit first outgoing data traffic of the outbound data traffic, the first outgoing data traffic being associated with a first application, automatically establish the VPN connection to couple the client device to an enterprise network; determine, based on the monitored one or more application-layer communications, that second outgoing data traffic of the outbound data traffic does not require the secure data connection, the second outgoing traffic being associated with a second application of the plurality of applications; transm
Assignees
Inventors
Classifications
- H04L63/0272Primary
Virtual private networks · CPC title
at the transport layer · CPC title
wherein the data content is protected, e.g. by encrypting or encapsulating the payload · CPC title
wherein the security policies are location-dependent, e.g. entities privileges depend on current location or allowing specific operations only from locally connected terminals · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9608962B1 cover?
- Virtual private network (VPN)-related techniques are described. The techniques provide intuitive mechanisms by which a client device more efficiently establishes a VPN connection. In one example, a client device includes a memory, processor(s), and a VPN handler. The VPN handler is configured to monitor actions initiated by one or more applications executable by the programmable processor(s), a…
- Who is the assignee on this patent?
- Juniper Networks Inc, Pulse Secure Llc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/0272. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Mar 28 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (B1). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).