WO2005117392A1 - Methods and apparatus managing access to virtual private network for portable devices without vpn client - Google Patents

Methods and apparatus managing access to virtual private network for portable devices without vpn client Download PDF

Info

Publication number
WO2005117392A1
WO2005117392A1 PCT/US2005/016378 US2005016378W WO2005117392A1 WO 2005117392 A1 WO2005117392 A1 WO 2005117392A1 US 2005016378 W US2005016378 W US 2005016378W WO 2005117392 A1 WO2005117392 A1 WO 2005117392A1
Authority
WO
WIPO (PCT)
Prior art keywords
network
communications device
portable communications
access point
wireless
Prior art date
Application number
PCT/US2005/016378
Other languages
French (fr)
Inventor
Olivier Gerling
Junbiao Zhang
Kumar Ramaswamy
Original Assignee
Thomson Licensing
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Thomson Licensing filed Critical Thomson Licensing
Priority to EP05752119A priority Critical patent/EP1749390A1/en
Priority to US11/596,949 priority patent/US20080037486A1/en
Priority to JP2007527294A priority patent/JP2007538470A/en
Priority to BRPI0511097-1A priority patent/BRPI0511097A/en
Priority to CN2005800157933A priority patent/CN1954580B/en
Publication of WO2005117392A1 publication Critical patent/WO2005117392A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0272Virtual private networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0464Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload using hop-by-hop encryption, i.e. wherein an intermediate entity decrypts the information and re-encrypts it before forwarding it
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/06Selective distribution of broadcast services, e.g. multimedia broadcast multicast service [MBMS]; Services to user groups; One-way selective calling services

Definitions

  • This invention relates to a technique for managing a secure connection between a wireless device and a network.
  • portable communication devices include lap top computers, Personal Digital Assistants (PDAs) and wireless telephones. These portable communications devices offer the capability of accessing a communications network via a wireless connection. Wireless telephones, as well as some types of PDAs allow a user to access a public wireless telephony network.
  • Present day public wireless telephony networks typically make use of one of several well-known wireless standards, such as Time Division Multiple Access (TDMA), Code Division Multiple Access (CDMA), Global Standard for Mobile (GSM) and the third generation cellular phone standard.
  • TDMA Time Division Multiple Access
  • CDMA Code Division Multiple Access
  • GSM Global Standard for Mobile
  • Many lap top computers offer wireless connectivity through public networks that make use of the IEEE 802.1 li standard.
  • VPN Virtual Private Network
  • VPNs make use of the Internet Protocol Security Protocol (IPSEC).
  • IPSEC Internet Protocol Security Protocol
  • the communications device must include a VPN client, which takes the form of hardware and/or software necessary to implement the various security protocols.
  • VPN client takes the form of hardware and/or software necessary to implement the various security protocols.
  • portable communications devices such as lap top computers possess the ability to incorporate a VPN client, many smaller devices, such as wireless telephones and PDAs do not. Thus, such smaller portable communications devices cannot readily establish a connection to an enterprise network across a VPN.
  • a method for establishing connection between a portable communications device and an enterprise network commences upon the receipt at a wireless access point of a request by the portable communications device for access to an ente ⁇ rise network. Responsive to the access request, the wireless access point determines the identity of the enterprise network, which the portable communications device seeks to access. The wireless access point authenticates the portable communications device using a wireless authentication protocol. Upon successful authentication of the portable communications device, the wireless access point establishes a Virtual Private Network with the identified enterprise network to facilitate communications between the portable communications device and the enterprise network. In this way, the wireless access point establishes a connection utilizing the wireless LAN security mechanism as between the portable device and the access point, and a VPN connection between the access point and the enterprise network.
  • FIGURE 1 depicts a block schematic diagram of a wireless network according to the prior art in which a portable communications device includes a VPN client for communicating with an enterprise network across an end-to-end VPN connection; and
  • FIGURE 2 depicts a block schematic of a wireless network according to the present principles in which a portable communications device communicates with an enterprise network in part across a VPN connection without the need for the portable device to include a VPN client.
  • FIGURE 1 depicts a block schematic diagram of a prior art communications network 10 in which a portable communications device 12, such as a lap top computer, wireless telephone or PDA, establishes an end-to-end communications link with an enterprise network 14 via Virtual Private Network (VPN) 16.
  • the VPN 16 extends between the enterprise network 14 and the portable communications device 12 through a public network 18 and a wireless access point 20.
  • the wireless access point 20 can comprise part of a wireless network, not shown.
  • the enterprise network 14 includes an enterprise gateway server 20 coupled to a Local Area Network 24.
  • the portable communications device 12 In order for the portable communications device 12 to establish an end-to-end communications link with the enterprise network 14 through the VPN 16, the portable communications device 12 must possess a VPN Client 26.
  • the VPN client 26 takes the form of one or more programs and associated data, and possibly one or more hardware elements (not shown) that enable the portable communications device 12 to interface with the VPN 16, taking into account the applicable security protocol(s). While some portable communications devices such as lap top computers possess the ability to incorporate the VPN client 22, other portable communications devices with lesser resources, such as a wireless telephone device do not possess such capability. Thus, portable communications devices with limited resources lack the capability of establishing a communications link with the enterprise network 14 across the VPN 16.
  • FIGURE 2 depicts a block schematic diagram of a communications network 100 in accordance with a preferred embodiment of the present principles for enabling or more portable communications devices, such as devices 12a and 12b, to establish communications with an enterprise network 14 at least in part across a Virtual Private Network (VPN) 16.
  • the network 100 of FIG. 2 possesses many of the same elements as the network 10 of FIG. 1 and therefore, like numbers reference like elements.
  • the network 100 of FIG. 2 differs from the network 10 of FIG. 1 in one significant respect.
  • the portable communications device 12 includes the VPN client 26
  • neither of the portable communications device 12a and 12b in the network 100 of FIG, 2 includes a VPN client. Rather than establish an end-to end communications link with the enterprise network 14 through VPN 16 as in FIG.
  • each of the portable communications devices 12a and 12b first establish a communications link with the wireless access point 20, using one of several well-known wireless communications protocols.
  • the wireless access point 20 typically would occur using any of several well-known wireless telephone communications protocols, such as CDMA, TDMA, GSM, 3G or the like.
  • the portable communications devices 12a and 12b could communicate with the wireless access point 20 using the IEEE 802.1 li protocol. Communication via wireless protocols other than those previously mention can also occur.
  • the wireless access point 20 seeks to identify the enterprise network that the portable communications device seeks to access to enable authentication.
  • the wireless access point 20 identifies the enterprise network 14 in at least one of two ways.
  • the credentials associated with the user of the portable communications device can identify the enterprise network 14.
  • a user's credential contains will include the user's name, i.e., bob@thomson.net with the domain portion of the user name specifying the enterprise network.
  • the user could also specifically identify the enterprise network 14 that he or she seeks to access.
  • the wireless access point 20 authenticates the user of the portable communication device by consulting the enterprise network 14, which can verify the user's credential.
  • Such authentication can occur through using the IEEE 802. Hi communications protocol between the wireless access point 20 and the portable communications device.
  • the wireless access point 20 As between the wireless access point 20 and the enterprise network 14, the RADRJS communications protocol could be used.
  • the wireless access point 20 builds a secure session with one of the portable communications devices 12a and 12b using the wireless LAN security mechanism e.g. Temporal Key Integrity protocol, (TKIP), Wi-Fi Protected Access (WPA) or Advanced Encryption standard (AES).
  • TKIP Temporal Key Integrity protocol
  • WPA Wi-Fi Protected Access
  • AES Advanced Encryption standard
  • the wireless access point 20 also builds a VPN between itself and the enterprise network 14 on behalf of the portable communications device, using the regular VPN model, such as through IPSEC.
  • the wireless access point 20 bridges these two secure connections to build an end-to-end connection between the portable device and the enterprise network.
  • the VPN connection between the wireless access point 20 and the enterprise network 14 can be pre-built as a single VPN session.
  • the wireless access point 20 must have the trust of the enterprise network 14, thus introducing an additional level of complexity as compared to the end-to-end VPN solution of FIG. 1 in which the intermediate networks do not have to be trusted.
  • the foregoing describes a technique for enabling a communications device to establish a with an enterprise network without the need for the portable computing device to possess a VPN client.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Telephonic Communication Services (AREA)
  • Small-Scale Networks (AREA)

Abstract

A portable communications device (12a, 12b) advantageously can access an enterprise network (14) through a Virtual Private Network (16) link without the need for a VPN client (26). To accomplish communications, the portable communications device establishes a communication link with a wireless access point (20) using one or several well-known secure wireless protocols. The wireless access point establishes a communication link with the enterprise network through the VPN(16) and bridges the connections to afford an end-to-end link between the portable computing device and the enterprise network.

Description

METHODS AND APPARATUS MANAGING ACCESS TO VIRTUAL PRIVATE NETWORK FOR PORTABLE DEVICES WITHOUT VPN CLIENT
CROSS-REFERENCE TO RELATED APPLICATIONS This application claims priority under 35 U.S.C. 119(e) to U.S. Provisional Patent Application Serial No. 60/571742, filed on May 17, 2004, the teachings of which are incorporated herein.
TECHNICAL FIELD
This invention relates to a technique for managing a secure connection between a wireless device and a network.
BACKGROUND ART
Many individuals increasingly make use of one or more portable communication devices in the course their daily pursuits. Such portable devices include lap top computers, Personal Digital Assistants (PDAs) and wireless telephones. These portable communications devices offer the capability of accessing a communications network via a wireless connection. Wireless telephones, as well as some types of PDAs allow a user to access a public wireless telephony network. Present day public wireless telephony networks typically make use of one of several well-known wireless standards, such as Time Division Multiple Access (TDMA), Code Division Multiple Access (CDMA), Global Standard for Mobile (GSM) and the third generation cellular phone standard. Many lap top computers offer wireless connectivity through public networks that make use of the IEEE 802.1 li standard. For many users, access to a public wireless network enables subsequent access to an enterprise network, the intended destination for communications. In the past, most enterprise networks relied on leased line connections with one or more public networks to enable user access. Leased line connections offer high security, but at a high cost. With advent of the Internet, public network providers now offer enterprise network operators the ability to create a Virtual Private Network (VPN) within the public network. Such VPNs use virtual connections to simulate the equivalent of a private leased- line network, but at a reduced cost. Within a given public network, several VPNs can share a common communications path. Thus, security remains important to make sure that unintended recipients cannot access data destined for a particular enterprise network. Various security techniques exist within VPN networks. Such techniques often make use of different encryption techniques, including symmetric key and public key encryption. Some VPNs make use of the Internet Protocol Security Protocol (IPSEC). To enable a portable communications device to establish an end- to-end connection via a VPN to an enterprise network, the communications device must include a VPN client, which takes the form of hardware and/or software necessary to implement the various security protocols. While some portable communications devices such as lap top computers possess the ability to incorporate a VPN client, many smaller devices, such as wireless telephones and PDAs do not. Thus, such smaller portable communications devices cannot readily establish a connection to an enterprise network across a VPN. Thus a need exists for a technique for enabling a portable communications device to establish a connection with an enterprise network at least in part across a VPN.
BRIEF SUMMARY OF THE INVENTION
Briefly, in accordance with a preferred embodiment of the present principles, there is provided a method for establishing connection between a portable communications device and an enterprise network. The method commences upon the receipt at a wireless access point of a request by the portable communications device for access to an enteφrise network. Responsive to the access request, the wireless access point determines the identity of the enterprise network, which the portable communications device seeks to access. The wireless access point authenticates the portable communications device using a wireless authentication protocol. Upon successful authentication of the portable communications device, the wireless access point establishes a Virtual Private Network with the identified enterprise network to facilitate communications between the portable communications device and the enterprise network. In this way, the wireless access point establishes a connection utilizing the wireless LAN security mechanism as between the portable device and the access point, and a VPN connection between the access point and the enterprise network. BRIEF SUMMARY OF THE DRAWINGS
FIGURE 1 depicts a block schematic diagram of a wireless network according to the prior art in which a portable communications device includes a VPN client for communicating with an enterprise network across an end-to-end VPN connection; and FIGURE 2 depicts a block schematic of a wireless network according to the present principles in which a portable communications device communicates with an enterprise network in part across a VPN connection without the need for the portable device to include a VPN client.
DETAILED DISCUSSION
To best understand the technique of the present principles for facilitating communications between a portable communications device and an enterprise network in part across a VPN without the need for a VPN client at the portable communications device, a brief discussion of the prior art technique will prove helpful. FIGURE 1 depicts a block schematic diagram of a prior art communications network 10 in which a portable communications device 12, such as a lap top computer, wireless telephone or PDA, establishes an end-to-end communications link with an enterprise network 14 via Virtual Private Network (VPN) 16. The VPN 16 extends between the enterprise network 14 and the portable communications device 12 through a public network 18 and a wireless access point 20. Although shown as a single entity, the wireless access point 20 can comprise part of a wireless network, not shown. In the illustrated embodiment, the enterprise network 14 includes an enterprise gateway server 20 coupled to a Local Area Network 24. In order for the portable communications device 12 to establish an end-to-end communications link with the enterprise network 14 through the VPN 16, the portable communications device 12 must possess a VPN Client 26. The VPN client 26 takes the form of one or more programs and associated data, and possibly one or more hardware elements (not shown) that enable the portable communications device 12 to interface with the VPN 16, taking into account the applicable security protocol(s). While some portable communications devices such as lap top computers possess the ability to incorporate the VPN client 22, other portable communications devices with lesser resources, such as a wireless telephone device do not possess such capability. Thus, portable communications devices with limited resources lack the capability of establishing a communications link with the enterprise network 14 across the VPN 16. FIGURE 2 depicts a block schematic diagram of a communications network 100 in accordance with a preferred embodiment of the present principles for enabling or more portable communications devices, such as devices 12a and 12b, to establish communications with an enterprise network 14 at least in part across a Virtual Private Network (VPN) 16. The network 100 of FIG. 2 possesses many of the same elements as the network 10 of FIG. 1 and therefore, like numbers reference like elements. The network 100 of FIG. 2 differs from the network 10 of FIG. 1 in one significant respect. Unlike the network 10 of FIG. 1 in which the portable communications device 12 includes the VPN client 26, neither of the portable communications device 12a and 12b in the network 100 of FIG, 2 includes a VPN client. Rather than establish an end-to end communications link with the enterprise network 14 through VPN 16 as in FIG. 1, each of the portable communications devices 12a and 12b first establish a communications link with the wireless access point 20, using one of several well-known wireless communications protocols. Thus for example, should one of the portable communications device 12 and 12b comprise a wireless telephone or PDA, communications between that device and the wireless access point 20 typically would occur using any of several well-known wireless telephone communications protocols, such as CDMA, TDMA, GSM, 3G or the like. Depending on their configuration, one or both of the portable communications devices 12a and 12b could communicate with the wireless access point 20 using the IEEE 802.1 li protocol. Communication via wireless protocols other than those previously mention can also occur. Once one of the portable communications devices 12a and 12b has established a communications link with the wireless access point 20, the wireless access point then seeks to identify the enterprise network that the portable communications device seeks to access to enable authentication. The wireless access point 20 identifies the enterprise network 14 in at least one of two ways. For example, the credentials associated with the user of the portable communications device can identify the enterprise network 14. For example, a user's credential contains will include the user's name, i.e., bob@thomson.net with the domain portion of the user name specifying the enterprise network. The user could also specifically identify the enterprise network 14 that he or she seeks to access. The wireless access point 20 authenticates the user of the portable communication device by consulting the enterprise network 14, which can verify the user's credential. Such authentication can occur through using the IEEE 802. Hi communications protocol between the wireless access point 20 and the portable communications device. As between the wireless access point 20 and the enterprise network 14, the RADRJS communications protocol could be used. Upon successful authentication, the wireless access point 20 builds a secure session with one of the portable communications devices 12a and 12b using the wireless LAN security mechanism e.g. Temporal Key Integrity protocol, (TKIP), Wi-Fi Protected Access (WPA) or Advanced Encryption standard (AES). The wireless access point 20 also builds a VPN between itself and the enterprise network 14 on behalf of the portable communications device, using the regular VPN model, such as through IPSEC. The wireless access point 20 bridges these two secure connections to build an end-to-end connection between the portable device and the enterprise network. Note that the VPN connection between the wireless access point 20 and the enterprise network 14 can be pre-built as a single VPN session. Note that the wireless access point 20 must have the trust of the enterprise network 14, thus introducing an additional level of complexity as compared to the end-to-end VPN solution of FIG. 1 in which the intermediate networks do not have to be trusted. The foregoing describes a technique for enabling a communications device to establish a with an enterprise network without the need for the portable computing device to possess a VPN client.

Claims

WHAT IS CLAIMED IS: 1. A method for establishing connection between a portable communications device and an enterprise network, comprising the steps of: receiving at a wireless access point a request for access to an enterprise network from a portable communications device; determining at the wireless access point which enterprise network the portable communication device seeks to access: authenticating the portable communications device at the wireless access point using a wireless access authentication protocol to create a wireless communications link with the portable communications device; establishing virtual private network connection to the enterprise network to be accessed by the portable communications device to provide a connection via the access point between the portable communications device and the enterprise network; and bridging the wireless communications link and the virtual private communications connection. 2. The method according to claim 1 wherein the step of determining step further comprises the steps of: receiving an identifying credential from the portable communications device seeking access to the enterprise network; identifying the enterprise network from the identifying credential. 3. The method according to claim 1 wherein the step of determining step further comprises the steps of: receiving from the portable communications device seeking access to the enteφrise network a network identification; and identifying the enteφrise network from the network identification. 4. The method according to claim 1 wherein the authentication step further comprises the step of consulting the enteφrise network to verify credentials of the portable communications device.
5. The method according to claim wherein the authenticating step further comprises authenticating the portable communications device using one of a temporal key integrity protocol, wi-fi protected Access protocol or an advanced encryption standard protocol. 6. A method for operating a portable communications device to access an enteφrise network, comprising the steps of: sending from the portable communications device a request for access for receipt by a wireless access point; supplying an indication by the portable communications device of the identity of the enteφrise network to be accessed for receipt by the wireless access point; and providing authenticating information from the portable communications device to the wireless access point to enable the wireless access point to establish a wireless communications link with the portable communications device and to enable the wireless access point to establish a VPN connection with the enteφrise network so that wireless access point can bridge the VPN connection and wireless communications link. 8. Apparatus for establishing connection between a portable communications device and an enteφrise network, comprising: means for receiving at a wireless access point a request for access to an enteφrise network from a portable communications device; means for determining at the wireless access point which enteφrise network the portable communication device seeks to access: means for authenticating the portable communications device at the wireless access point using a wireless access authentication protocol to create a wireless communications link with the portable communications device; means for establishing virtual private network connection to the enteφrise network to be accessed by the portable communications device to provide a connection via the access point between the portable communications device and the enteφrise network; and means for bridging the wireless communications link and the virtual private communications connection.
9. The apparatus according to claim 8 wherein the determining means further comprises: means for receiving from the portable communications device seeking access to the enteφrise network a network identification; and means for identifying the enteφrise network from the network identification. 10. The apparatus according to claim 8 wherein the determining means further comprises: means for receiving from the portable communications device seeking access to the enteφrise network a network identification; and means for identifying the enteφrise network from the network identification.
PCT/US2005/016378 2004-05-17 2005-05-10 Methods and apparatus managing access to virtual private network for portable devices without vpn client WO2005117392A1 (en)

Priority Applications (5)

Application Number Priority Date Filing Date Title
EP05752119A EP1749390A1 (en) 2004-05-17 2005-05-10 Methods and apparatus managing access to virtual private network for portable devices without vpn client
US11/596,949 US20080037486A1 (en) 2004-05-17 2005-05-10 Methods And Apparatus Managing Access To Virtual Private Network For Portable Devices Without Vpn Client
JP2007527294A JP2007538470A (en) 2004-05-17 2005-05-10 Method for managing access to a virtual private network of a portable device without a VPN client
BRPI0511097-1A BRPI0511097A (en) 2004-05-17 2005-05-10 methods and equipment for virtual private network access management for vpn clientless portable devices
CN2005800157933A CN1954580B (en) 2004-05-17 2005-05-10 Methods and apparatus managing access to virtual private network for portable devices without VPN client

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US57174204P 2004-05-17 2004-05-17
US60/571,742 2004-05-17

Publications (1)

Publication Number Publication Date
WO2005117392A1 true WO2005117392A1 (en) 2005-12-08

Family

ID=34970563

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2005/016378 WO2005117392A1 (en) 2004-05-17 2005-05-10 Methods and apparatus managing access to virtual private network for portable devices without vpn client

Country Status (6)

Country Link
US (1) US20080037486A1 (en)
EP (1) EP1749390A1 (en)
JP (1) JP2007538470A (en)
CN (1) CN1954580B (en)
BR (1) BRPI0511097A (en)
WO (1) WO2005117392A1 (en)

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1758310A1 (en) * 2005-08-22 2007-02-28 Alcatel Mechanism to avoid double-encryption in mobile networks
WO2007090321A1 (en) * 2006-02-10 2007-08-16 Huawei Technologies Co., Ltd. A method, an apparatus and a wireless local area network for establishing the virtual link and a data transferring method
WO2009114643A3 (en) * 2008-03-12 2009-11-26 Qualcomm Incorporated Providing multiple levels of service for wireless communication
WO2011056315A2 (en) 2009-10-28 2011-05-12 Symbol Technologies, Inc. Systems and methods for secure access to remote networks utilizing wireless networks
WO2012037674A2 (en) * 2010-09-24 2012-03-29 Research In Motion Limited Dynamic switching of a network connection based on security restrictions
US8930492B2 (en) 2011-10-17 2015-01-06 Blackberry Limited Method and electronic device for content sharing
US9015809B2 (en) 2012-02-20 2015-04-21 Blackberry Limited Establishing connectivity between an enterprise security perimeter of a device and an enterprise
GB2522005A (en) * 2013-11-26 2015-07-15 Vodafone Ip Licensing Ltd Mobile WiFi
US9160693B2 (en) 2010-09-27 2015-10-13 Blackberry Limited Method, apparatus and system for accessing applications and content across a plurality of computers

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP4823015B2 (en) * 2006-10-26 2011-11-24 富士通株式会社 Remote control program, portable terminal device and gateway device
US20080301797A1 (en) * 2007-05-31 2008-12-04 Stinson Samuel Mathai Method for providing secure access to IMS multimedia services to residential broadband subscribers
US8370918B1 (en) * 2011-09-30 2013-02-05 Kaspersky Lab Zao Portable security device and methods for providing network security
CN105704053B (en) * 2014-11-28 2019-05-21 中国电信股份有限公司 Application traffic guard method and system and gateway

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2002017558A2 (en) * 2000-08-18 2002-02-28 Etunnels Inc. Method and apparatus for data communication between a plurality of parties
US20020090089A1 (en) * 2001-01-05 2002-07-11 Steven Branigan Methods and apparatus for secure wireless networking
WO2003007561A1 (en) * 2001-07-13 2003-01-23 Ssh Communications Security Corp Method for forming a secured network
WO2003029916A2 (en) * 2001-09-28 2003-04-10 Bluesocket, Inc. Method and system for managing data traffic in wireless networks

Family Cites Families (28)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6247045B1 (en) * 1999-06-24 2001-06-12 International Business Machines Corporation Method and apparatus for sending private messages within a single electronic message
GB2366631B (en) * 2000-03-04 2004-10-20 Ericsson Telefon Ab L M Communication node, communication network and method of recovering from a temporary failure of a node
JP4201466B2 (en) * 2000-07-26 2008-12-24 富士通株式会社 VPN system and VPN setting method in mobile IP network
US7124189B2 (en) * 2000-12-20 2006-10-17 Intellisync Corporation Spontaneous virtual private network between portable device and enterprise network
US7295532B2 (en) * 2001-08-17 2007-11-13 Ixi Mobile (R & D), Ltd. System, device and computer readable medium for providing networking services on a mobile device
US7197041B1 (en) * 2001-08-31 2007-03-27 Shipcom Wireless Inc System and method for developing and executing a wireless application gateway
US7036143B1 (en) * 2001-09-19 2006-04-25 Cisco Technology, Inc. Methods and apparatus for virtual private network based mobility
US7469294B1 (en) * 2002-01-15 2008-12-23 Cisco Technology, Inc. Method and system for providing authorization, authentication, and accounting for a virtual private network
US7072657B2 (en) * 2002-04-11 2006-07-04 Ntt Docomo, Inc. Method and associated apparatus for pre-authentication, preestablished virtual private network in heterogeneous access networks
JP3973961B2 (en) * 2002-04-25 2007-09-12 東日本電信電話株式会社 Wireless network connection system, terminal device, remote access server, and authentication function device
CN1245824C (en) * 2002-07-08 2006-03-15 华为技术有限公司 Method for accessing mobile virtual private network of enterprise wireless exchange
JP4056849B2 (en) * 2002-08-09 2008-03-05 富士通株式会社 Virtual closed network system
US7440573B2 (en) * 2002-10-08 2008-10-21 Broadcom Corporation Enterprise wireless local area network switching system
US7599323B2 (en) * 2002-10-17 2009-10-06 Alcatel-Lucent Usa Inc. Multi-interface mobility client
US7426195B2 (en) * 2002-10-24 2008-09-16 Lucent Technologies Inc. Method and apparatus for providing user identity based routing in a wireless communications environment
US7185106B1 (en) * 2002-11-15 2007-02-27 Juniper Networks, Inc. Providing services for multiple virtual private networks
US7283534B1 (en) * 2002-11-22 2007-10-16 Airespace, Inc. Network with virtual “Virtual Private Network” server
US7428226B2 (en) * 2002-12-18 2008-09-23 Intel Corporation Method, apparatus and system for a secure mobile IP-based roaming solution
US7409452B2 (en) * 2003-02-28 2008-08-05 Xerox Corporation Method and apparatus for controlling document service requests from a mobile device
KR100543451B1 (en) * 2003-04-17 2006-01-23 삼성전자주식회사 Method and apparatus for hybrid network device performing virtual private network and wireless local area network
US7403516B2 (en) * 2003-06-02 2008-07-22 Lucent Technologies Inc. Enabling packet switched calls to a wireless telephone user
US7486684B2 (en) * 2003-09-30 2009-02-03 Alcatel-Lucent Usa Inc. Method and apparatus for establishment and management of voice-over IP virtual private networks in IP-based communication systems
US7752320B2 (en) * 2003-11-25 2010-07-06 Avaya Inc. Method and apparatus for content based authentication for network access
US7496360B2 (en) * 2004-02-27 2009-02-24 Texas Instruments Incorporated Multi-function telephone
US20050198532A1 (en) * 2004-03-08 2005-09-08 Fatih Comlekoglu Thin client end system for virtual private network
US7457626B2 (en) * 2004-03-19 2008-11-25 Microsoft Corporation Virtual private network structure reuse for mobile computing devices
US7317717B2 (en) * 2004-04-26 2008-01-08 Sprint Communications Company L.P. Integrated wireline and wireless end-to-end virtual private networking
JP2007188969A (en) * 2006-01-11 2007-07-26 Toshiba Corp Semiconductor device and its manufacturing method

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2002017558A2 (en) * 2000-08-18 2002-02-28 Etunnels Inc. Method and apparatus for data communication between a plurality of parties
US20020090089A1 (en) * 2001-01-05 2002-07-11 Steven Branigan Methods and apparatus for secure wireless networking
WO2003007561A1 (en) * 2001-07-13 2003-01-23 Ssh Communications Security Corp Method for forming a secured network
WO2003029916A2 (en) * 2001-09-28 2003-04-10 Bluesocket, Inc. Method and system for managing data traffic in wireless networks

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
FEIL H ED - INSTITUTE OF ELECTRICAL AND ELECTRONICS ENGINEERS: "802.11 wireless network policy recommendation for usage within unclassified government networks", 2003 IEEE MILITARY COMMUNICATIONS CONFERENCE. MILCOM 2003. BOSTON, MA, OCT. 13 - 16, 2003, IEEE MILITARY COMMUNICATIONS CONFERENCE, NEW YORK, NY : IEEE, US, vol. VOL. 2 OF 2, 13 October 2003 (2003-10-13), pages 832 - 838, XP010698595, ISBN: 0-7803-8140-8 *
PAT R CALHOUN US ROBOTICS ACCESS CORP ELLIS WONG BAY NETWORKS ET AL: "Virtual Tunneling Protocol (VTP)", IETF STANDARD-WORKING-DRAFT, INTERNET ENGINEERING TASK FORCE, IETF, CH, July 1996 (1996-07-01), pages 1 - 62, XP015011451, ISSN: 0000-0004 *

Cited By (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1758310A1 (en) * 2005-08-22 2007-02-28 Alcatel Mechanism to avoid double-encryption in mobile networks
WO2007090321A1 (en) * 2006-02-10 2007-08-16 Huawei Technologies Co., Ltd. A method, an apparatus and a wireless local area network for establishing the virtual link and a data transferring method
RU2480934C2 (en) * 2008-03-12 2013-04-27 Квэлкомм Инкорпорейтед Providing multiple service levels for wireless communication
WO2009114643A3 (en) * 2008-03-12 2009-11-26 Qualcomm Incorporated Providing multiple levels of service for wireless communication
EP3621277A1 (en) * 2008-03-12 2020-03-11 QUALCOMM Incorporated Providing multiple levels of service for wireless communication
US9642033B2 (en) 2008-03-12 2017-05-02 Qualcomm Incorporated Providing multiple levels of service for wireless communication
US8179903B2 (en) 2008-03-12 2012-05-15 Qualcomm Incorporated Providing multiple levels of service for wireless communication devices communicating with a small coverage access point
AU2009223056B2 (en) * 2008-03-12 2013-08-22 Qualcomm Incorporated Providing multiple levels of service for wireless communication
KR101150562B1 (en) * 2008-03-12 2012-07-13 콸콤 인코포레이티드 Providing multiple levels of service for wireless communication
WO2011056315A3 (en) * 2009-10-28 2011-10-20 Symbol Technologies, Inc. Systems and methods for secure access to remote networks utilizing wireless networks
WO2011056315A2 (en) 2009-10-28 2011-05-12 Symbol Technologies, Inc. Systems and methods for secure access to remote networks utilizing wireless networks
WO2012037674A3 (en) * 2010-09-24 2012-06-21 Research In Motion Limited Dynamic switching of a network connection based on security restrictions
WO2012037674A2 (en) * 2010-09-24 2012-03-29 Research In Motion Limited Dynamic switching of a network connection based on security restrictions
US9160693B2 (en) 2010-09-27 2015-10-13 Blackberry Limited Method, apparatus and system for accessing applications and content across a plurality of computers
US8930492B2 (en) 2011-10-17 2015-01-06 Blackberry Limited Method and electronic device for content sharing
US9231902B2 (en) 2011-10-17 2016-01-05 Blackberry Limited Method and electronic device for content sharing
US9015809B2 (en) 2012-02-20 2015-04-21 Blackberry Limited Establishing connectivity between an enterprise security perimeter of a device and an enterprise
GB2522005A (en) * 2013-11-26 2015-07-15 Vodafone Ip Licensing Ltd Mobile WiFi

Also Published As

Publication number Publication date
CN1954580B (en) 2011-03-30
US20080037486A1 (en) 2008-02-14
BRPI0511097A (en) 2007-12-26
CN1954580A (en) 2007-04-25
JP2007538470A (en) 2007-12-27
EP1749390A1 (en) 2007-02-07

Similar Documents

Publication Publication Date Title
US20080037486A1 (en) Methods And Apparatus Managing Access To Virtual Private Network For Portable Devices Without Vpn Client
US11659385B2 (en) Method and system for peer-to-peer enforcement
US7231203B2 (en) Method and software program product for mutual authentication in a communications network
EP1997292B1 (en) Establishing communications
Matsunaga et al. Secure authentication system for public WLAN roaming
US20060168648A1 (en) Enabling dynamic authentication with different protocols on the same port for a switch
US9112879B2 (en) Location determined network access
CN101032107A (en) Method and system for fast roaming of a mobile unit in a wireless network
Shi et al. IEEE 802.11 roaming and authentication in wireless LAN/cellular mobile networks
CA2647684A1 (en) Secure wireless guest access
GB2393073A (en) Certification scheme for hotspot services
US20040133806A1 (en) Integration of a Wireless Local Area Network and a Packet Data Network
KR101002471B1 (en) Broker-based interworking using heirarchical certificates
CN103684958A (en) Method and system for providing flexible VPN (virtual private network) service and VPN service center
Kumar et al. Security issues in m-government
KR20070022268A (en) Methods and apparatus managing access to virtual private network for portable device without vpn client
WO2002043427A1 (en) Ipsec connections for mobile wireless terminals
Lei et al. 5G security system design for all ages
KR101480706B1 (en) Network system for providing security to intranet and method for providing security to intranet using security gateway of mobile communication network
US20230413046A1 (en) Authentication procedure
Iyer et al. Public WLAN Hotspot Deployment and Interworking.
Kim et al. 5G Architecture Based on Software-Defined Perimeter (SDP) for Direct Trust Access to Private Networks
Elkeelany et al. Remote access virtual private network architecture for high‐speed wireless internet users
Stakenburg Managing the Client-side Risks of IEEE 802.11 Networks
Shi et al. AAA Architecture and Authentication for Wireless Lan roaming

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KM KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NG NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SM SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): BW GH GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LT LU MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
DPEN Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed from 20040101)
WWE Wipo information: entry into national phase

Ref document number: 1020067023864

Country of ref document: KR

WWE Wipo information: entry into national phase

Ref document number: 6787/DELNP/2006

Country of ref document: IN

WWE Wipo information: entry into national phase

Ref document number: 2007527294

Country of ref document: JP

WWE Wipo information: entry into national phase

Ref document number: 200580015793.3

Country of ref document: CN

NENP Non-entry into the national phase

Ref country code: DE

WWW Wipo information: withdrawn in national office

Ref document number: DE

WWE Wipo information: entry into national phase

Ref document number: 2005752119

Country of ref document: EP

WWP Wipo information: published in national office

Ref document number: 2005752119

Country of ref document: EP

WWP Wipo information: published in national office

Ref document number: 1020067023864

Country of ref document: KR

WWE Wipo information: entry into national phase

Ref document number: 11596949

Country of ref document: US

ENP Entry into the national phase

Ref document number: PI0511097

Country of ref document: BR