Patents Assigned to Aventail, LLC
-
Patent number: 10432587Abstract: Policy enforcement previously available for web proxy access methods is extended and applied to layer 3 packets flowing through VPN channels. With these extensions, a common security policy is possible that is enforceable between VPN proxied access and VPN tunneled access. Equivalent security policy to tunnel based VPN access without comprising the inherent performance, scalability and application compatibility advantages tunne based VPNs have over their proxy based VPN counterparts.Type: GrantFiled: February 21, 2013Date of Patent: October 1, 2019Assignee: AVENTAIL LLCInventors: Steven C. Work, Prakash N. Masanagi, Christopher D. Peterson
-
Patent number: 9736234Abstract: The present disclosure identifies topologies of a computer network where one network appliance may be configured as a master network appliance and where that master network appliance may communicate over a network communication interface with one or more slave network appliances. Computer networks of the present disclosure may include a switch and a firewall where the switch may be coupled to several network appliances via different network communication interfaces.Type: GrantFiled: January 26, 2016Date of Patent: August 15, 2017Assignee: AVENTAIL LLCInventors: Chris A. Hopen, Gary B. Tomlinson, John Brooke, Derek W. Brown, Jonathan Burdge, Rodger D. Erickson
-
Patent number: 9467290Abstract: The disclosure provides a method and apparatus for transmitting data securely using an unreliable communication protocol, such as User Datagram Protocol. In one variation, the disclosure describes retaining compatibility with conventional Secure Sockets Layer (SSL) and SOCKS protocols, such that secure UDP datagrams can be transmitted between a proxy server and a client computer in a manner analogous to conventional SOCKS processing. Further, the disclosure describes a network arrangement that employs a cache having copies distributed among a plurality of different locations. SSL/TLS session information for a session with each of the proxy servers is stored in the cache so that it is accessible to at least one other proxy server. Using this arrangement, cached SSL/TLS communication session information may be retrieved and used by a second proxy server to accept a session with the client device when the client device switches proxy servers.Type: GrantFiled: August 19, 2013Date of Patent: October 11, 2016Assignee: AVENTAIL LLCInventors: Marc D. VanHeyningen, Rodger D. Erickson
-
Patent number: 9407456Abstract: A client computer hosts a virtual private network tool to establish a virtual private network connection with a remote network. Upon startup, the virtual private network tool collects critical network information for the client computer, and sends this critical network information to an address assignment server in the remote network. The address assignment server compares the critical network information with a pool of available addresses in the remote network, and assigns addresses for use by the client computer that do not conflict with the addresses for local resources. The address assignment server also provides routing information for resources in the remote network to the virtual private network tool. The virtual private network tool will postpone loading this routing information into the routing tables of the client computer until the client computer requests access to a specific resource in the remote network.Type: GrantFiled: March 1, 2011Date of Patent: August 2, 2016Assignee: AVENTAIL LLCInventors: Paul Lawrence Hoover, Rodger Del Erickson, Bryan Sauve
-
Patent number: 9397927Abstract: Techniques for determining which resource access requests are handled locally at a remote computer, and which resource access requests are routed or “redirected” through a virtual private network. One or more routing or “redirection” rules are downloaded from a redirection rule server to a remote computer. When the node of the virtual private network running on the remote computer receives a resource access request, it compares the identified resource with the rules. Based upon how the identified resource matches one or more rules, the node will determine whether the resource access request is redirected through the virtual private network or handled locally (e.g., retrieved locally from another network). A single set of redirection rules can be distributed to and employed by a variety of different virtual private network communication techniques.Type: GrantFiled: September 4, 2014Date of Patent: July 19, 2016Assignee: AVENTAIL LLCInventors: Chris Hopen, Bryan Sauve, Paul Hoover, Bill Perry
-
Patent number: 9300670Abstract: Systems and techniques are provided for controlling requests for resources from remote computers. A remote computer's ability to access a resource is determined based upon the computer's operating environment. The computer or computers responsible for controlling access to a resource will interrogate the remote computer to ascertain its operating environment. The computer or computers responsible for controlling access to a resource may, for example, download one or more interrogator agents onto the remote computer to determine its operating environment. Based upon the interrogation results, the computer or computers responsible for controlling access to a resource will control the remote computer's access to the requested resource.Type: GrantFiled: October 19, 2013Date of Patent: March 29, 2016Assignee: Aventail LLCInventors: Chris Hopen, Gary Tomlinson, Parvez Anandam, Brian Young, Alan Flagg, Jude Michael Dylan O'Reilley
-
Patent number: 9197538Abstract: Techniques for determining which resource access requests are handled locally at a remote computer, and which resource access requests are routed or “redirected” through a virtual private network. One or more routing or “redirection” rules are downloaded from a redirection rule server to a remote computer. When the node of the virtual private network running on the remote computer receives a resource access request, it compares the identified resource with the rules. Based upon how the identified resource matches one or more rules, the node will determine whether the resource access request is redirected through the virtual private network or handled locally (e.g., retrieved locally from another network). A single set of redirection rules can be distributed to and employed by a variety of different virtual private network communication techniques.Type: GrantFiled: October 24, 2013Date of Patent: November 24, 2015Assignee: Aventail LLCInventors: Chris Hopen, Bryan Sauve, Paul Hoover, Bill Perry
-
Patent number: 9043476Abstract: A network arrangement that employs a cache having copies distributed among a plurality of different locations. The cache stores state information for a session with any of the server devices so that it is accessible to at least one other server device. Using this arrangement, when a client device switches from a connection with a first server device to a connection with a second server device, the second server device can retrieve state information from the cache corresponding to the session between the client device and the first server device. The second server device can then use the retrieved state information to accept a session with the client device.Type: GrantFiled: May 31, 2013Date of Patent: May 26, 2015Assignee: Aventail LLCInventor: Rodger D. Erickson
-
Patent number: 8984268Abstract: The invention provides a method and apparatus for transmitting data securely using an unreliable communication protocol, such as User Datagram Protocol. In one variation, the invention retains compatibility with conventional Secure Sockets Layer (SSL) and SOCKS protocols, such that secure UDP datagrams can be transmitted between a proxy server and a client computer in a manner analogous to conventional SOCKS processing. In contrast to conventional SSL processing, which relies on a guaranteed delivery service such as TCP and encrypts successive data records with reference to a previously-transmitted data record, encryption is performed using a nonce that is embedded in each transmitted data record. This nonce acts both as an initialization vector for encryption/decryption of the record, and as a unique identifier to authenticate the record.Type: GrantFiled: October 29, 2007Date of Patent: March 17, 2015Assignee: Aventail LLCInventor: Marc D. VanHeyningen
-
Patent number: 8959384Abstract: Systems and methods for routing communications to a platform service are provided. A message including payload data is received. The information in the payload data of the message is examined in order to determine the type of message. The message is then relayed to an appropriate platform service based on the type of message. Some embodiments assign numbers to the packets that make up the message.Type: GrantFiled: February 20, 2014Date of Patent: February 17, 2015Assignee: Aventail LLCInventors: Chris A. Hopen, Gary B. Tomlinson, John Brooke, Derek W. Brown, Jonathan Burdge, Rodger D. Erickson
-
Publication number: 20140173334Abstract: Systems and methods for routing communications to a platform service are provided. A message including payload data is received. The information in the payload data of the message is examined in order to determine the type of message. The message is then relayed to an appropriate platform service based on the type of message. Some embodiments assign numbers to the packets that make up the message.Type: ApplicationFiled: February 20, 2014Publication date: June 19, 2014Applicant: AVENTAIL LLCInventors: Chris A. Hopen, Gary B. Tomlinson, John Brooke, Derek W. Brown, Jonathan Burdge, Rodger D. Erickson
-
Patent number: 8700775Abstract: Systems and methods for routing communications to a platform service are provided. A message including payload data is received. The information in the payload data of the message is examined in order to determine the type of message. The message is then relayed to an appropriate platform service based on the type of message. Some embodiments assign numbers to the packets that make up the message.Type: GrantFiled: September 21, 2007Date of Patent: April 15, 2014Assignee: Aventail LLCInventors: Chris A. Hopen, Gary B. Tomlinson, John Brooke, Derek W. Brown, Jonathan Burdge, Rodger D. Erickson
-
Patent number: 8661158Abstract: A client computer hosts a virtual private network tool to establish a virtual private network connection with a remote network. Upon startup, the virtual private network tool collects critical network information for the client computer, and sends this critical network information to an address assignment server in the remote network. The address assignment server compares the critical network information with a pool of available addresses in the remote network, and assigns addresses for use by the client computer that do not conflict with the addresses for local resources. The address assignment server also provides routing information for resources in the remote network to the virtual private network tool. The virtual private network tool will postpone loading this routing information into the routing tables of the client computer until the client computer requests access to a specific resource in the remote network.Type: GrantFiled: March 7, 2006Date of Patent: February 25, 2014Assignee: Aventail LLCInventors: Paul Lawrence Hoover, Rodger Del Erickson, Bryan Sauvé
-
Publication number: 20140053237Abstract: Techniques for determining which resource access requests are handled locally at a remote computer, and which resource access requests are routed or “redirected” through a virtual private network. One or more routing or “redirection” rules are downloaded from a redirection rule server to a remote computer. When the node of the virtual private network running on the remote computer receives a resource access request, it compares the identified resource with the rules. Based upon how the identified resource matches one or more rules, the node will determine whether the resource access request is redirected through the virtual private network or handled locally (e.g., retrieved locally from another network). A single set of redirection rules can be distributed to and employed by a variety of different virtual private network communication techniques.Type: ApplicationFiled: October 24, 2013Publication date: February 20, 2014Applicant: Aventail LLCInventors: Chris Hopen, Bryan Sauve, Paul Hoover, Bill Perry
-
Patent number: 8615796Abstract: Techniques for determining which resource access requests are handled locally at a remote computer, and which resource access requests are routed or “redirected” through a virtual private network. One or more routing or “redirection” rules are downloaded from a redirection rule server to a remote computer. When the node of the virtual private network running on the remote computer receives a resource access request, it compares the identified resource with the rules. Based upon how the identified resource matches one or more rules, the node will determine whether the resource access request is redirected through the virtual private network or handled locally (e.g., retrieved locally from another network). A single set of redirection rules can be distributed to and employed by a variety of different virtual private network communication techniques.Type: GrantFiled: July 30, 2009Date of Patent: December 24, 2013Assignee: Aventail LLCInventors: Chris Hopen, Bryan Sauve, Paul Hoover, Bill Perry
-
Patent number: 8613041Abstract: Techniques for determining which resource access requests are handled locally at a remote computer, and which resource access requests are routed or “redirected” through a virtual private network. One or more routing or “redirection” rules are downloaded from a redirection rule server to a remote computer. When the node of the virtual private network running on the remote computer receives a resource access request, it compares the identified resource with the rules. Based upon how the identified resource matches one or more rules, the node will determine whether the resource access request is redirected through the virtual private network or handled locally (e.g., retrieved locally from another network). A single set of redirection rules can be distributed to and employed by a variety of different virtual private network communication techniques.Type: GrantFiled: July 30, 2009Date of Patent: December 17, 2013Assignee: Aventail LLCInventors: Chris Hopen, Bryan Sauve, Paul Hoover, Bill Perry
-
Patent number: 8601550Abstract: Systems and techniques are provided for controlling requests for resources from remote computers. A remote computer's ability to access a resource is determined based upon the computer's operating environment. The computer or computers responsible for controlling access to a resource will interrogate the remote computer to ascertain its operating environment. The computer or computers responsible for controlling access to a resource may, for example, download one or more interrogator agents onto the remote computer to determine its operating environment. Based upon the interrogation results, the computer or computers responsible for controlling access to a resource will control the remote computer's access to the requested resource.Type: GrantFiled: November 2, 2010Date of Patent: December 3, 2013Assignee: Aventail LLCInventors: Chris Hopen, Gary Tomlinson, Parvez Anandam, Brian Young, Alan Flagg, Jude Michael Dylan O'Reilley
-
Patent number: 8590032Abstract: Techniques for determining which resource access requests are handled locally at a remote computer, and which resource access requests are routed or “redirected” through a virtual private network. One or more routing or “redirection” rules are downloaded from a redirection rule server to a remote computer. When the node of the virtual private network running on the remote computer receives a resource access request, it compares the identified resource with the rules. Based upon how the identified resource matches one or more rules, the node will determine whether the resource access request is redirected through the virtual private network or handled locally (e.g., retrieved locally from another network). A single set of redirection rules can be distributed to and employed by a variety of different virtual private network communication techniques.Type: GrantFiled: October 14, 2005Date of Patent: November 19, 2013Assignee: Aventail LLCInventors: Chris Hopen, Bryan Sauve, Paul Hoover, Bill Perry
-
Patent number: 8572249Abstract: A network appliance is described that can provide a variety of software services, including both platform services, such as access method services, and a load balancing service. A network may include a network appliance that both provides one or more platform services and acts as a load balancer. When two or more such appliances are used together, they can replace a substantial portion of a conventional network. For example, when a network appliance receives a client communication, its load balancer service can determine whether one of its own platform services will process the communication or forward the communication to another network appliance for processing. Moreover, if the load balancing service of a network appliance fails, another network appliance can provide load balancing. Similarly, if another service of a network appliance fails, then the network appliance may continue to provide load balancing but forward communications requiring the failed service to another network appliance for processing.Type: GrantFiled: December 10, 2003Date of Patent: October 29, 2013Assignee: Aventail LLCInventors: Chris A. Hopen, Gary B. Tomlinson, John Brooke, Derek W. Brown, Jonathan Burdge, Rodger D. Erickson
-
Patent number: 8533457Abstract: The disclosure provides a method and apparatus for transmitting data securely using an unreliable communication protocol, such as User Datagram Protocol. In one variation, the disclosure describes retaining compatibility with conventional Secure Sockets Layer (SSL) and SOCKS protocols, such that secure UDP datagrams can be transmitted between a proxy server and a client computer in a manner analogous to conventional SOCKS processing. Further, the disclosure describes a network arrangement that employs a cache having copies distributed among a plurality of different locations. SSL/TLS session information for a session with each of the proxy servers is stored in the cache so that it is accessible to at least one other proxy server. Using this arrangement, cached SSL/TLS communication session information may be retrieved and used by a second proxy server to accept a session with the client device when the client device switches proxy servers.Type: GrantFiled: January 11, 2011Date of Patent: September 10, 2013Assignee: Aventail LLCInventors: Marc D. VanHeyningen, Rodger D. Erickson