“Embedded Virtual Private Network” in Patent Application Approval Process (USPTO 20220029966): Allstate Insurance Company

2022 FEB 10 (NewsRx) -- By a News Reporter-Staff News Editor at Insurance Daily News -- A patent application by the inventors De Guia, Nicolette (Chicago, IL, US); Hansen, Mark D. (Buffalo Grove, IL, US); Park, Jason (Chicago, IL, US); Parkinson, John (Wheaton, IL, US), filed on October 12, 2021, was made available online on January 27, 2022, according to news reporting originating from Washington, D.C., by NewsRx correspondents.

This patent application is assigned to Allstate Insurance Company (Northbrook, Illinois, United States).

The following quote was obtained by the news editors from the background information supplied by the inventors: “Protecting confidential information in today’s online environment is difficult due to the increased connectivity and the increased amount of user information accessible via web enabled computing devices. Most network connections are made over the air (OTA) via cellular or Wi-Fi connections. OTA networks are inherently insecure because it is difficult to prevent interception and copying of the signal, so applications that run on mobile devices must handle the security of the network connection and any data transmitted over it.

“Browsers, however, generally do not do this, creating a security vulnerability, even if the site being targeted is adequately secured. Additionally, Internet Service Providers (ISPs) and Wi-Fi connectivity or access point providers can inspect and store traffic to monitor browsing and connection habits, opening up privacy concerns. Finally, malicious attackers, equipped with relatively simple hardware and software combinations, can stage “Man in the middle” (MITM) or “drive by” attacks that capture OTA data packets and redirect them to malicious sites.

“VPNs create secure, private connections that ensure that traffic cannot be intercepted and that the user can operate anonymously. A VPN application works by establishing a secure connection (generally using IPSec or similar protocol tunnels) to a network point of presence (POP) and then connecting from that POP to the target website over a secure connection. To the target, traffic appears to be coming from the POP, not the actual user, who is not visible to any intermediary ISP or configuration service provider (CSP).

“However, VPN client applications can be difficult to set up and the applications need to be activated to ensure that transmitted network activity is secure. Most users find these applications complicated to set up and difficult to use.

“Further, as consumers continue to gain an ever-increasing presence in online environments, there will be an ever-present need to better protect consumers from personal or information being breached (e.g., made available publicly) in order to protect consumers from fraud and/or other harms. Consumers need a system and method which provides a secure connection to their intended online destination over the Internet without the fear that their confidential information may be intercepted and copied by unauthorized entities.”

In addition to the background information obtained for this patent application, NewsRx journalists also obtained the inventors’ summary information for this patent application: “In light of the foregoing background, the following presents a simplified summary of the present disclosure in order to provide a basic understanding of some aspects of the invention. This summary is not an extensive overview of the invention. It is not intended to identify key or critical elements of the invention or to delineate the scope of the invention. The following summary merely presents some concepts of the invention in a simplified form as a prelude to the more detailed description provided below.

“By embedding a VPN capability inside an application layer and automating the connection process, a safe and secure network connection may be made available to users of computing devices. The embedded private connect VPN system may use Domain Name Server (DNS) functionality to determine which data or content streams are to be transmitted through a generated private connect VPN tunnel.

“Aspects of the disclosure address one or more of the issues mentioned above by disclosing methods, computer readable storage media, software, systems, and apparatuses for use by a consumer in order to keep track of a consumer’s accounts and to prevent unauthorized access or use of the consumers identified subscriptions and financial accounts. The discovered subscriptions and financial accounts may be listed and displayed to the consumer along with recommendations and assistance for closing any discovered unused or unwanted financial accounts and subscriptions. The described cyber-security system may prevent unauthorized access, use, and security breaches by unauthorized users and devices of the consumer’s accounts.

“In an aspect of the disclosure, a cyber-security system may be configured to, in operation, analyze the privacy policy or privacy statement for each financial institution or other businesses associated with the consumer determined from an email scan, browser history, and/or browser cache search. The cyber-security system may also analyze the on-line privacy policies or statements of financial institutions and other businesses for which the consumer has an account based on information provided by analysis of the consumer’s profile. The determined information may be displayed to the consumer along with recommendations regarding digital safety.

“Of course, the methods and systems of the above-referenced embodiments may also include other additional elements, steps, computer-executable instructions, or computer-readable data structures. In this regard, other embodiments are disclosed and claimed herein as well. The details of these and other embodiments of the present invention are set forth in the accompanying drawings and the description below. Other features and advantages of the invention will be apparent from the description, drawings, and claims.”

The claims supplied by the inventors are:

“1. A method comprising: analyzing at least one aspect of a domain name system (DNS) request received through a virtual private network (VPN) tunnel associated with a user internet protocol (IP) address, to determine at least one applicable predefmed rule to determine routing for traffic to the user IP address from a second IP address associated with the DNS request, responsive to receiving the DNS request, wherein the analyzing includes at least one of: comparing at least one of the second IP address or a uniform resource locator (URL) associated with the second IP address to at least one of a predefined whitelist or blacklist; or the inductor comprising, comparing at least one of the second IP address or the URL associated with the second IP address to a predefined list of content delivery sites, and wherein the predefined rules dictate at least traffic handling for the second IP address; and handling traffic from the second IP address in accordance with at least one of the predefined rules applied based on the results of the analyzing.

“2. The method of claim 1, wherein the predefmed rules include a first rule at least approving transmission from the second IP address, applicable responsive to at least one of the second IP address or the URL being included in the predefined whitelist.

“3. The method of claim 2, wherein the predefined rules include a second rule at least routing content transmission from the second IP address outside the VPN tunnel, applicable responsive to at least one of the second IP address or the URL being included in the predefined list of content delivery sites.

“4. The method of claim 1, wherein the predefined rules include a third rule at least blocking transmission from the second IP address, applicable responsive to at least one of the second IP address or the URL being included in the predefmed blacklist.

“5. The method of claim 1, wherein the predefined rules include a fourth rule at least routing content transmission from the second IP address outside the VPN tunnel, applicable responsive to at least one of the second IP address or the URL being included in the predefined list of content delivery sites.

“6. The method of claim 1, further comprising monitoring the handled traffic to identify at least one of probable malware or transmission from an IP address predefined as dangerous; and alerting a user at the user IP address responsive to the monitoring identifying at least the probable malware or transmission from the IP address predefined as dangerous

“7. The method of claim 1, wherein the analyzing further includes flow analysis of traffic to determine the second IP address is a content streaming IP address and wherein the predefined rules include a fifth rule at least routing content transmission from the second IF address outside the VPN tunnel, applicable responsive to determining transmission from the second IP address includes streaming content based on the flow analysis.

“8. A system comprising: one or more processors configured to: analyze at least one aspect of a domain name system (DNS) request received through a virtual private network (VPN) tunnel associated with a user internet protocol (IP) address, to determine at least one applicable predefined rule to determine routing for traffic to the user IF address from a second IP address associated with the DNS request, responsive to receiving the DNS request, wherein the analysis includes at least one of: comparison of at least one of the second IP address or a uniform resource locator (URL) associated with the second IP address to at least one of a predefined whitelist or blacklist; or comparison of at least one of the second IP address or the URL associated with the second IP address to a predefined list of content delivery sites, and wherein the predefined rules dictate at least traffic handling for the second IP address; and handle traffic from the second IP address in accordance with at least one of the predefined rules applied based on the results of the analyzing.

“9. The system of claim 8, wherein the predefined rules include a first rule at least approving transmission from the second IP address, applicable responsive to at least one of the second IP address or the URL being included in the predefined whitelist.

“10. The system of claim 9, wherein the predefined rules include a second rule at least routing content transmission from the second IP address outside the VPN tunnel, applicable responsive to at least one of the second IP address or the URL being included in the predefined list of content delivery sites.

“11. The system of claim 8, wherein the predefined rules include a third rule at least blocking transmission from the second IP address, applicable responsive to at least one of the second IP address or the URL being included in the predefined blacklist.

“12. The system of claim 8, wherein the predefined rules include a fourth rule at least routing content transmission from the second IP address outside the VPN tunnel, applicable responsive to at least one of the second IP address or the URL being included in the predefined list of content delivery sites.

“13. The system of claim 8, wherein the one or more processors are further configured to: monitor the handled traffic to identify at least one of probable malware or transmission from an IP address predefined as dangerous; and alert a user at the user IP address responsive to the monitoring identifying at least the probable malware or transmission from the IP address predefined as dangerous.

“14. The system of claim 8, wherein the analysis further includes flow analysis of traffic to determine the second IP address is a content streaming IP address and wherein the predefined rules include a fifth rule at least routing content transmission from the second IP address outside the VPN tunnel, applicable responsive to determining transmission from the second IP address includes streaming content based on the flow analysis.

“15. A non-transitory storage medium storing instructions that, when executed, cause one or more processors executing the instructions to perform a method comprising: analyzing at least one aspect of a domain name system (DNS) request received through a virtual private network (VPN) tunnel associated with a user internet protocol (IP) address, to determine at least one applicable predefined rule to determine routing for traffic to the user IF address from a second IP address associated with the DNS request, responsive to receiving the DNS request, wherein the analyzing includes at least one of: comparing at least one of the second IP address or a uniform resource locator (URL) associated with the second IP address to at least one of a predefined whitelist or blacklist; or comparing at least one of the second IP address or the URL associated with the second IP address to a predefined list of content delivery sites, and wherein the predefined rules dictate at least traffic handling for the second IP address; and handling traffic from the second IP address in accordance with at least one of the predefined rules applied based on the results of the analyzing.

“16. The storage medium of claim 15, wherein the predefined rules include a first rule at least approving transmission from the second IP address, applicable responsive to at least one of the second IP address or the URL being included in the predefined whitelist.

“17. The storage medium of claim 16, wherein the predefined rules include a second rule at least routing content transmission from the second IP address outside the VPN tunnel, applicable responsive to at least one of the second IP address or the URL being included in the predefined list of content delivery sites.

“18. The storage medium of claim 15, wherein the predefined rules include a third rule at least blocking transmission from the second IP address, applicable responsive to at least one of the second IP address or the URL being included in the predefined blacklist.

“19. The storage medium of claim 15, wherein the predefined rules include a fourth rule at least routing content transmission from the second IP address outside the VPN tunnel, applicable responsive to at least one of the second IP address or the URL being included in the predefined list of content delivery sites.

“20. The storage medium of claim 15, the method further comprising: monitoring the handled traffic to identify at least one of probable malware or transmission from an IP address predefined as dangerous; and alerting a user at the user IP address responsive to the monitoring identifying at least the probable malware or transmission from the IP address predefined as dangerous”

URL and more information on this patent application, see: De Guia, Nicolette; Hansen, Mark D.; Park, Jason; Parkinson, John. Embedded Virtual Private Network. Filed October 12, 2021 and posted January 27, 2022. Patent URL: https://appft.uspto.gov/netacgi/nph-Parser?Sect1=PTO1&Sect2=HITOFF&d=PG01&p=1&u=%2Fnetahtml%2FPTO%2Fsrchnum.html&r=1&f=G&l=50&s1=%2220220029966%22.PGNR.&OS=DN/20220029966&RS=DN/20220029966

(Our reports deliver fact-based news of research and discoveries from around the world.)