Policy-controlled authentication for internet communication

Assignee

• Netskope, Inc. · US

Inventors

• David Goldschlag · Silver Spring, US
• Vadim Tarnavsky · San Jose, US
• Kevin Eugene Sapp · St. Augustine, US
• Victor Ronin · San Francisco, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L61/2592
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

Systems and methods for providing policy-controlled communication over the Internet are provided. A system may include a client endpoint function configured to execute on a client device while coupled to a first VPN tunnel, a service endpoint function that operates a remote service of a plurality of remote services, and a mid-link server coupled to the first VPN tunnel and a second VPN tunnel. The client endpoint function may include a first VPN endpoint component, and the service endpoint function may include a second VPN endpoint component. The mid-link server may include a first VPN termination point that authenticates and terminates the first VPN tunnel and a second VPN termination point that authenticates and terminates the second VPN tunnel. The first VPN termination point may re-authenticate the client device based on a first characteristic of the first VPN endpoint component and/or a second characteristic of the second VPN endpoint component.