| 摘要 |
An Internet-enabled device, such as a smartphone, tablet, PC, wearable sensor, or household appliance, executes an application (or “app”) has its own VPN connection with a VPN gateway device. The app does not use the device-level or system VPN to connect with the gateway. The app, which may be security wrapped, is made more secure by having its own VPN tunnel with the gateway, wherein the VPN tunnel is not used by other apps running on the device. The conventional (or device-level) VPN connection is not used by the app(s). The app has its own IP stack, an HTTP proxy layer, an IPsec module, and a virtual data link layer which it uses to build IP packets, encapsulate them, and transmit them to a transport module in the device operating system, for example, a UDP module. |
| 主权项 |
1. A method of implementing a dedicated, non-shared virtual private network (VPN) between an application executing on a device and a VPN gateway, the method comprising:
making a call to an operating system, the call being made by an app on the device; re-directing the call to an app VPN-specific IP stack within the app making the call to the operating system, wherein said app VPN-specific IP stack builds one or more IP packets; building one or more IP packets in the app VPN-specific IP stack; encapsulating the one or more IP packets using IPsec in the app VPN-specific IP stack; ensuring that only the app making the call to the operating system is utilizing the app VPN-specific IP stack to encapsulate the one or more IP packets, thereby preventing another app from using the dedicated, non-shared VPN; and transmitting the encapsulated one or more IP packets from within the app to a transport module external to the app and in an operating system of the device for the purpose of transmission to an external VPN gateway, wherein the app VPN-specific IP stack is not integrated with the operating system. |
