US 11,863,530 B1
Systems and methods for virtual private network authentication
Arvind Sreekumar, Santa Clara, CA (US); Ramkrishnan Kunnath, Milpitas, CA (US); and Xiaobo Sherry Wei, Palo Alto, CA (US)
Assigned to Aviatrix Systems, Inc., Santa Clara, CA (US)
Filed by AVIATRIX SYSTEMS, INC., Santa Clara, CA (US)
Filed on May 4, 2021, as Appl. No. 17/307,885.
Claims priority of provisional application 63/022,222, filed on May 8, 2020.
Int. Cl. H04L 29/00 (2006.01); H04L 9/40 (2022.01)
CPC H04L 63/0272 (2013.01) [H04L 63/0236 (2013.01); H04L 63/0815 (2013.01); H04L 63/20 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A computerized method, by a controller deployed within a cloud computing network and maintained within a non-transitory storage medium, for establishing a secure channel between a virtual private network (VPN) client processing on a network device for a user and a network gateway, the computerized method comprising:
transmitting, by the controller, an authentication request to an identity provider based on receipt of a resource request from the VPN client;
receiving, by the controller, an authentication response from the identity provider;
generating, by the controller, an authentication token based on the authentication response;
transmitting, by the controller, the authentication token to the VPN client, wherein the controller further stores the authentication token;
receiving, by the network gateway, a secure connection request from the VPN client that includes the authentication token;
validating, by the network gateway, the authentication token by querying the controller for a comparison of a pairing of the authentication token and a user identifier with one or more stored pairings of authentication tokens and user identifiers;
in response to validation of the authentication token, establishing, by the network gateway, the secure connection with VPN client; and
providing, by the network gateway, the VPN client with access to resources via the secure connection.