US 11,997,219 B1
Network security for remote workers
Ryan Thomas Russell, San Antonio, TX (US); Emily Kathleen Krebs, San Antonio, TX (US); Stacy Callaway Huggar, San Antonio, TX (US); Jeffrey Neal Pollack, San Antonio, TX (US); Yevgeniy Viatcheslavovich Khmelev, San Antonio, TX (US); and Mark Anthony Lopez, Helotes, TX (US)
Assigned to United Services Automobile Association (USAA), San Antonio, TX (US)
Filed by UIPCO, LLC, San Antonio, TX (US)
Filed on Feb. 24, 2020, as Appl. No. 16/799,672.
Claims priority of provisional application 62/810,184, filed on Feb. 25, 2019.
Int. Cl. H04L 9/32 (2006.01); G06F 21/62 (2013.01); G06F 21/84 (2013.01); H04L 9/30 (2006.01); H04L 9/40 (2022.01); H04N 7/18 (2006.01)
CPC H04L 9/3268 (2013.01) [G06F 21/6209 (2013.01); G06F 21/84 (2013.01); H04L 9/30 (2013.01); H04L 63/0272 (2013.01); H04L 63/083 (2013.01); H04L 63/102 (2013.01); H04L 63/105 (2013.01); H04L 63/107 (2013.01); H04L 2463/082 (2013.01); H04N 7/18 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A system, comprising:
a first server configured to:
receive, from a user device, a first request to generate a digital certificate, wherein the first request includes a first public Internet Protocol (IP) address associated with the user device;
generate and send the digital certificate to a router associated with the user device, wherein the digital certificate includes the first public IP address;
a second server configured to manage privileges for private and public areas, the second server is configured to:
receive the digital certificate from the user device, wherein the second server validates the digital certificate with the first server;
receive, from the user device, a second request to provide a virtual private network (VPN) service to the user device, wherein the second request includes a second public IP address associated with the user device;
determine that the first public IP address included in the received digital certificate matches the second public IP address;
determine, based on location data associated with the user device, that the user device is located in a private area or a public area;
in response to determining the user device is located in the public area, determine, based on a user profile of a user associated with the user device, A) that the user is scheduled to work during a period of time when the second request is received by the second server, and B) an amount of time the user is authorized to work in the public area within the period of time the user is scheduled to work; and
in response to determining A) that the first public IP address included in the received digital certificate matches the second public IP address, B) that the user device is located in the public area, and C) that the user is scheduled to work at the time, grant the user device access to the VPN service with restricted privileges for the amount of time for the public area.