WO2001041392A2 - Selection de reseau prive virtuel - Google Patents

Selection de reseau prive virtuel Download PDF

Info

Publication number
WO2001041392A2
WO2001041392A2 PCT/SG2000/000192 SG0000192W WO0141392A2 WO 2001041392 A2 WO2001041392 A2 WO 2001041392A2 SG 0000192 W SG0000192 W SG 0000192W WO 0141392 A2 WO0141392 A2 WO 0141392A2
Authority
WO
WIPO (PCT)
Prior art keywords
radius
data terminal
data storage
storage computer
vpns
Prior art date
Application number
PCT/SG2000/000192
Other languages
English (en)
Other versions
WO2001041392A3 (fr
Inventor
Kai Yew Paul Chong
Sui Jin Foong
Keng Wui Daniel Teo
Kok Soon Thia
Boon Tiong Tan
Tye San Yap
Original Assignee
Singapore Telecommunications Limited
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Singapore Telecommunications Limited filed Critical Singapore Telecommunications Limited
Priority to AU45003/01A priority Critical patent/AU4500301A/en
Publication of WO2001041392A2 publication Critical patent/WO2001041392A2/fr
Publication of WO2001041392A3 publication Critical patent/WO2001041392A3/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0272Virtual private networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/2854Wide area networks, e.g. public data networks
    • H04L12/2856Access arrangements, e.g. Internet access
    • H04L12/2869Operational details of access network equipments
    • H04L12/287Remote access server, e.g. BRAS
    • H04L12/2872Termination of subscriber connections
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/2854Wide area networks, e.g. public data networks
    • H04L12/2856Access arrangements, e.g. Internet access
    • H04L12/2869Operational details of access network equipments
    • H04L12/287Remote access server, e.g. BRAS
    • H04L12/2876Handling of subscriber policies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • H04L12/4675Dynamic sharing of VLAN information amongst network nodes
    • H04L12/4679Arrangements for the registration or de-registration of VLAN attribute values, e.g. VLAN identifiers, port VLAN membership
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/54Store-and-forward switching systems 
    • H04L12/56Packet switching systems
    • H04L12/5691Access to open networks; Ingress point selection, e.g. ISP selection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/54Store-and-forward switching systems 
    • H04L12/56Packet switching systems
    • H04L12/5691Access to open networks; Ingress point selection, e.g. ISP selection
    • H04L12/5692Selection among different networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/70Admission control; Resource allocation

Definitions

  • the present invention relates generally to virtual private networks, and more particularly to a method and system for selectively connecting a remote data terminal to one or more virtual private networks using a customised client or a web browser.
  • a virtual private network is a private data network that is formed within and makes use of a larger public telecommunication network, such as the Internet, or a larger private telecommunications network.
  • Use of a VPN provides companies with the same capabilities as a system of owned and leased telecommunication lines and exchanges, but at a much lower cost by using the shared public infrastructure rather than a private one.
  • Privacy is maintained in a VPN through use of a tunnelling protocol, by which data is encrypted before it is sent through the public network and decrypted at the receiving end.
  • An additional level of security involves encrypting not only the data but also the originating and receiving network addresses. VPNs therefore make it possible to have the same secure sharing of public resources. Companies today are looking at using VPNs for both Extranets and wide-area Intranets.
  • VPN-based services requiring the transport of video, audio or data information between nodes within a VPN will be offered in the near future.
  • examples of such services include financial and banking services, as well as traditional telephony services.
  • financial and banking services as well as traditional telephony services.
  • traditional telephony services The proliferation of VPN-based services will no doubt result in individual users subscribing to and using several such services.
  • one aspect of the present invention provides a method for selectively connecting a data terminal to one of a plurality of VPNs, said VPNs being formed within a telecommunication network, the method including the steps of:
  • step (h) if step (g) is successful, connecting said data terminal to the selected
  • the telecommunication network may be a public telecommunications network, such as the Internet.
  • the data terminal may be connected at step (b) to the Internet with a public IP address.
  • the data terminal may be connected at step (b) to a private telecommunications network, with the data terminal being connected with a private IP address.
  • the IP address of the data terminal may be changed, at step (h), to an IP address with access to the selected VPN.
  • the connection of the data terminal to the public telecommunication network may be carried out in step (a) by a Remote Access Server.
  • the user identifier may be sent from the data terminal to the first data storage computer in step (b) via a Web Server.
  • a Web Browser may be installed in the Data Terminal to enable the entry and sending of said user identifier.
  • the list of VPNs retrieved from the first data storage computer in step (c) may be transmitted to the Data Terminal by the Web Server.
  • the list of VPNs may be displayed at the Data Terminal by the Web Browser.
  • (g) may be performed by a RADIUS/LDAP client in conjunction with a RADIUS/LDAP server, said RADIUS/LDAP server storing user authentication information.
  • the first data storage computer acts as said RADIUS/LDAP server.
  • a second data storage computer may be remotely connectable to said RADIUS/LDAP client, said second data storage computer acting as said RADIUS/LDAP server.
  • the second data storage computer may connectable to said RADIUS/LDAP client via the Internet.
  • the second data storage computer may be connectable to said RADIUS/LDAP client, said second data storage computer acting as said RADIUS/LDAP server, both second data storage computer and said RADIUS/LDAP client being remotely connectable to said Remote Access Server.
  • the RADIUS/LDAP client may be connectable to said Remote Access Server via the Internet.
  • Another aspect of the invention provides a system for selectively connecting a data terminal to one of a plurality of VPNs, said VPNs being formed within a telecommunication network, the system comprising: a first data storage computer for storing (i) user identity information indicative of the identity of authorized users to one or more of said VPNs and (ii) VPN authorisation- information indicative of those VPNs that each authorized user is authorized to use, connection means for connecting said data terminal to the telecommunication network; retrieval means for sending a user identifier indicative of a selected authorized user to said first data storage computer and retrieving a list of VPNs accessible by the selected authorized user from the first data storage computer, said data terminal including display means for presenting said list of VPNs, and selection means for accepting the selection at said data terminal of one of said virtual private networks, the system further comprising authenticating means for authenticating the identity of said selected authorized user, said connection means acting to connect said data terminal to the selected VPN if the authentication is successful.
  • Figures 1 to 5 are schematic block diagrams illustrating a first embodiment of a system for selectively connecting a remote terminal to one of a plurality of VPNs, and the flow of information between various elements of that system during operation;
  • Figures 6 and 7 are schematic block diagrams illustrating a second embodiment of a system for selectively connecting a remote terminal to one of a plurality of VPNs;
  • Figure 8 is a schematic block diagram illustrating a third embodiment of a system for selectively connecting a remote terminal to one of a plurality of VPNs.
  • Figures 9 to 11 are representations of graphical displays provided to the user of the data terminal of the systems of Figures 1 to 8 during operation.
  • the data terminal 2 may consist of a personal computer and modem to enable connection of the personal computer to the public telephony network.
  • the system 1 includes a Data File Server 3, a Web Server 4, a Remote Authentication Dial-In User Service (RADIUS) communications device 5 and a Remote Access Server (RAS) 6.
  • the File Server 3 includes a Data Storage Computer 7.
  • the RAS 6 is deployed at a local telephony exchange in which the data terminal 2's virtual circuits aggregates into, and manages the Internet access for the data terminal 2 and other data terminals and devices connecting to the Internet via that telephony exchange.
  • RAS 's that are suitable for use with the present invention are the RedbackTM Subscriber Management System 1000 and the AlcatelTM Data Application Network Adapter (DANA).
  • the Web Server 4 provides World Wide Web services on the Internet to the data terminal 2 and other terminals and devices connected to the Internet. It may include hardware, an operating system, Web server software, TCP/IP protocols and Web site content (Web pages). Alternatively, the Web Server 4 may simply comprise software installed on a host computer that performs these services.
  • the software acts to accepts requests from a Web browser installed in the data terminal 2 to download HTML pages and images, and also to execute related server-side scripts that automate functions such the searching of the LDAP data storage computer.
  • An example of this latter type of Web Server is the MicrosoftTM Internet Information Server.
  • a mini-Web browser suitable for installation on the data terminal 2 which can adapted to implement the required functionality may be readily developed by a skilled person in the computing/telecommunications field.
  • RADIUS is a proposed Internet Engineering Task Force (IETF) standard and uses a client/server protocol and software to enable remote access servers, such as the RAS 6, to communicate with a central server, such as the Data Storage Computer 7, so as to authenticate the identity of dial-in users and authorize their access to a requested service or system.
  • All user authentication and network service access information is located on the Data Storage Computer 7. which acts as the RADIUS/LDAP server.
  • the RADIUS communications device 5 (RADIUS client) and sends authentication requests to the Data Storage Computer 7 (RADIUS/LDAP server) and acts on responses sent back by the server.
  • One example of a RADIUS communications device 5 suitable for use with the present invention is the AlcatelTM Service Management Centre (SMC).
  • the Data Storage Computer 7 acts to store and retrieve user information and authorisation information.
  • the Data Storage Computer 7 may operate in accordance with the Lightweight Directory Access Protocol (LDAP), a client-server protocol developed for accessing directory service information.
  • LDAP Lightweight Directory Access Protocol
  • MCIS MicrosoftTM Commercial Internet System
  • CSPs Commercial Service Providers
  • LDAP data storage computer The operation of the system 1 will now be described. Initially, VPN identification information indicative of several VPNs to which users- may subscribe or otherwise be provided with access to is stored in the Data Storage Computer 7.
  • the Data Storage Computer 7 may also store user authentication information, such as a user name and a user password, for each authorised user to enable authentication of the identity of that user. At least some of the data stored in the Data Storage Computer 7 may be common to both the user identity information and the user authentication information.
  • an installed dialer program is run to cause the Data Terminal's modem to dial the RAS 6 over a Permanent Virtual Circuit, such encapsulating an Ethernet or a PPP connection, to be established between the Data Terminal 2 and the RAS 6.
  • a Permanent Virtual Circuit such encapsulating an Ethernet or a PPP connection
  • the HTML page is displayed to the user by the mini-Browser installed at the Data Terminal 2 (step s3).
  • An example of such an HTML page is shown in Figure 9.
  • the HMTL page includes a field 10 for the entry of a user's name (step s4) or other user identifier to identify the user to the RAS 6 or to the Web Server 4 accessed by the RAS 6.
  • a cookie may be set in the Data Terminal 42 so that the Web Server 4 is able to provide the HTML page for display by the mini-Browser with an expected user name inserted in the field 10.
  • the HTML page may contain an ActiveX object that logs the user out of any previous VPN to which the Data Terminal 2 is connected. If ActiveX is not supported by the mini-Browser platform, the HTML page may display a text message to the user instructing the user to log out of any current VPN.
  • the Web Server 4 sends a query (step s6) to the Data Storage Computer 7 to retrieve from the stored user information and VPN authorisation information a list of those VPNs accessible to the identified user.
  • the list of accessible VPNs is transmitted to the Web Server 4 (step s7).
  • the Web Server 4 then dynamically creates a customized HTML page containing the list of VPNs accessible to the user, and transmits this HTML page to the RAS 6 and onto the Data Terminal 2 (step s8).
  • This HTML page is displayed by the mini-Browser installed in the Data Terminal 2 (step s9).
  • An example of such an HTML page is shown in Figure 10.
  • the list of accessible VPNs is displayed on this page as a series of icons 20 to 24, each of which corresponds to a different one of the VPNs accessible to the identified user.
  • the VPN that the user wishes to use is then selected by using a mouse associated with the personal computer of the Data Terminal to position a cursor 25 over the icon corresponding to the selected VPN (step sl O).
  • the mini-Browser Upon selection of the desired VPN, the mini-Browser acts to display a further HTML page to the user (step sl l).
  • the HTML page an example of which is shown in Figure 1 1, includes a field 30 for the entry of a user password (step 12).
  • the user name, the selected VPN and the entered password are then submitted to the RAS 6 (step si 3), and forwarded to the RADIUS communications device 5 (step 14).
  • an authentication message is sent to the RADIUS/LDAP Communications device 5 (step si 6) and forwarded to the RAS 6 (step si 7).
  • the RAS 6 then changes the IP address of the Data Terminal 2 to an IP address with access to the selected VPN (step si 8) and displays a "User Connected" message to the user via the mini-Browser.
  • the mini-Browser can then be minimized until the user wishes to change VPN or disconnect. If the user reactivates the dialer program installed in the Data Terminal
  • the user is automatically disconnected from the current VPN and presented with the VPN Service Selection page shown in Figure 10.
  • the user may also be disconnected if the RAS 6 detects zero or a very low level of network activity by the user.
  • the RADIUS/LDAP Communication device 5 may also collect accounting data, such as the user name, login time, logout time and VPN used.
  • the presentation of a login web page such as that shown in Figure 10. may not be bypassable. That is to say, a client cannot gain access to any of the VPNs 20 to 24 without first obtaining a page presenting the choices of subscribed VPNs.
  • the user may be presented with a VPN-specific welcome page which also may not be bypassable.
  • the control of the VPN-specific welcome page may be provided by the remote access server (RAS) 6, the RADIUS communication device 5, or the Data Storage Computer 7
  • FIGs 6 and 7 there is shown generally a system 40 for selectively connecting a data terminal 2 to one of a plurality of virtual private networks (VPNs), which includes the Data Storage Computer 7, Web Server 4, RADIUS/LDAP communications device 5 and a RAS 6 of Figures 1 to 5.
  • VPNs virtual private networks
  • the system 40 includes a further Data Storage Computer 41, acting as a remote RADIUS server, which is connectable to the RADIUS/LDAP communications device 5 by a telecommunications network 42, such as the Internet.
  • the remote RADIUS server 41 stores the user authentication information, whilst the RADIUS/LDAP communications device 5 acts here as a RADIUS proxy and forwards data packets for processing to the remote RADIUS server 41.
  • steps si to sl4 are carried out in the same manner as described in relation to Figures 1 to 5.
  • a data packet containing this information is sent to remote RADIUS server 41 and the identity of the user authenticated (step si 5').
  • a data packet containing an authentication message is sent to the RADIUS/LDAP Communications device 5 (step si 6'). Thereafter, the system 40 operates in accordance with steps si 7 and si 8 as described previously.
  • FIG 8 illustrates a second variant of the system 1.
  • VPNs virtual private networks
  • a Remote Access Server which is also a RADIUS client device 51 and another Data Storage Computer 52 remotely connected to the RAS 6 by a telecommunications network, such as the Internet, are also provided.
  • the Data Storage Computer 52 which may be a RADIUS server, stores the user authentication information and together with the external RADIUS client device 51 acts to entirely handle user authentication at a remote location from the RAS 6.
  • the system 50 operates in accordance with steps si to sl3 as described in relation to Figures 1 to 5.
  • the RAS 6 merely forwards an entire Point-to-Point Protocol (PPP) packet containing the user name, selected VPN and password over a secure tunneling protocol - such as Layer 2 Tunneling Protocol (L2TP) - to the RADIUS client device 51 (step si 4").
  • PPP Point-to-Point Protocol
  • L2TP Layer 2 Tunneling Protocol
  • An attempt is then made to authenticate the identity of the user and whether or not the selected VPN is accessible to that user through a series of communications between the RADIUS client device 51 and the Data Storage server 52 - - during which the user name, selected VPN and password are compared to the user authentication information stored in the server 52.
  • step si 5" a PPP packet containing the IP address to the selected VPN is sent to Data Terminal 2 (step si 5"). Thereafter, the system 50 operates in accordance with step si 8 as described previously.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Storage Device Security (AREA)

Abstract

La présente invention concerne un système permettant la connexion sélective d'un terminal informatique (2) à l'un des différents réseaux privés virtuels (20 - 24) constitués à l'intérieur d'un réseau de télécommunications public. Un ordinateur à mémoire de données (7) intégré au système conserve en mémoire, d'une part l'information d'identité des utilisateurs désignant l'identité des utilisateurs autorisés à avoir accès à l'un au moins de ces réseaux privés virtuels, et d'autre part une information d'autorisation d'accès au réseau privé virtuel désignant ceux des réseaux privés virtuels que chaque utilisateur autorisé est admis à utiliser. Des organes de recherche tels qu'un serveur web (4) envoient à l'ordinateur à mémoire de données un identificateur d'utilisateur désignant un utilisateur autorisé sélectionné, et récupèrent dans l'ordinateur à mémoire de données une liste de réseaux privés virtuels accessibles par l'utilisateur autorisé sélectionné. Le terminal informatique comporte un afficheur permettant de proposer la liste des réseaux privés virtuels, et des organes de sélection permettant d'accepter la sélection au niveau du terminal informatique de l'un des réseaux privés virtuels. Le système intègre des moyens d'authentification tels qu'un RADIUS client/serveur permettant d'authentifier l'identité de l'utilisateur autorisé sélectionné considéré, le terminal informatique n'étant connecté au réseau privé virtuel que si l'authentification donne un résultat positif.
PCT/SG2000/000192 1999-11-18 2000-11-17 Selection de reseau prive virtuel WO2001041392A2 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU45003/01A AU4500301A (en) 1999-11-18 2000-11-17 Virtual private network selection

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
SG9905842 1999-11-18
SG9905842-2 1999-11-18

Publications (2)

Publication Number Publication Date
WO2001041392A2 true WO2001041392A2 (fr) 2001-06-07
WO2001041392A3 WO2001041392A3 (fr) 2002-05-02

Family

ID=20430475

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/SG2000/000192 WO2001041392A2 (fr) 1999-11-18 2000-11-17 Selection de reseau prive virtuel

Country Status (2)

Country Link
AU (1) AU4500301A (fr)
WO (1) WO2001041392A2 (fr)

Cited By (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2004017598A1 (fr) * 2002-08-19 2004-02-26 Axalto Sa Procede securise d'echange de donnees entre un navigateur et un site web
EP1473898A1 (fr) * 2003-05-02 2004-11-03 Texas Instruments Incorporated Méthode pour l'accès à l'environnement de développement
GB2393365B (en) * 2002-07-11 2005-03-16 Sun Microsystems Inc A method and system for authenticating users of computer services
EP1560369A2 (fr) * 2004-01-29 2005-08-03 NTT DoCoMo, Inc. Système, terminal et logiciel de communication
WO2006118530A1 (fr) * 2005-04-29 2006-11-09 Telefonaktiebolaget Lm Ericsson (Publ) Selection de boutique d'operateur dans un acces large bande
CZ298394B6 (cs) * 2002-10-01 2007-09-19 Anect A. S. Komunikacní infrastruktura spolupracující korporace
WO2008061349A1 (fr) * 2006-11-21 2008-05-29 Research In Motion Limited Traitement de connexions de réseau virtuel privé sur un réseau local sans fil
KR100923394B1 (ko) * 2002-06-25 2009-10-23 주식회사 케이티 가상사설망에서의 네트워크 저장공간 구현 방법
CZ301193B6 (cs) * 2002-05-17 2009-12-02 TELEMATIX SERVICES, a.s. Univerzální komunikacní, informacní, navigacní a platební systém
US8719431B2 (en) 2006-10-26 2014-05-06 Blackberry Limited Transient WLAN connection profiles
WO2016119633A1 (fr) * 2015-01-28 2016-08-04 中兴通讯股份有限公司 Procédé et dispositif d'accès pour réseau de locataire mobile virtuel
US20210218775A1 (en) * 2016-06-09 2021-07-15 CACI, Inc-Federal Methods and systems for controlling traffic to vpn servers
US11683346B2 (en) 2016-06-09 2023-06-20 CACI, Inc.—Federal Methods and systems for establishment of VPN security policy by SDN application

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1998027783A1 (fr) * 1996-12-19 1998-06-25 Nortel Networks Corporation Fournisseur de services de reseau prive virtuel pour un reseau fonctionnant en mode de transfert asynchrone

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1998027783A1 (fr) * 1996-12-19 1998-06-25 Nortel Networks Corporation Fournisseur de services de reseau prive virtuel pour un reseau fonctionnant en mode de transfert asynchrone

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
DAVE KOSIUR: "'Virtual' privacy is not enough" [Online] XP002184489 Retrieved from the Internet: <URL: http://www.zdnet.com/eweek/reviews/0810/10 vpn.html> [retrieved on 2001-11-30] first three pages *

Cited By (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CZ301193B6 (cs) * 2002-05-17 2009-12-02 TELEMATIX SERVICES, a.s. Univerzální komunikacní, informacní, navigacní a platební systém
KR100923394B1 (ko) * 2002-06-25 2009-10-23 주식회사 케이티 가상사설망에서의 네트워크 저장공간 구현 방법
GB2393365B (en) * 2002-07-11 2005-03-16 Sun Microsystems Inc A method and system for authenticating users of computer services
WO2004017598A1 (fr) * 2002-08-19 2004-02-26 Axalto Sa Procede securise d'echange de donnees entre un navigateur et un site web
CZ298394B6 (cs) * 2002-10-01 2007-09-19 Anect A. S. Komunikacní infrastruktura spolupracující korporace
EP1473898A1 (fr) * 2003-05-02 2004-11-03 Texas Instruments Incorporated Méthode pour l'accès à l'environnement de développement
US7269849B2 (en) 2003-05-02 2007-09-11 Texas Instruments Incorporated Method and system for access to development environment of another
EP1560369A2 (fr) * 2004-01-29 2005-08-03 NTT DoCoMo, Inc. Système, terminal et logiciel de communication
EP1560369A3 (fr) * 2004-01-29 2007-11-14 NTT DoCoMo, Inc. Système, terminal et logiciel de communication
WO2006118497A1 (fr) * 2005-04-29 2006-11-09 Telefonaktiebolaget L M Ericsson (Publ) Selection d'une boutique d'operateur
WO2006118530A1 (fr) * 2005-04-29 2006-11-09 Telefonaktiebolaget Lm Ericsson (Publ) Selection de boutique d'operateur dans un acces large bande
US8719431B2 (en) 2006-10-26 2014-05-06 Blackberry Limited Transient WLAN connection profiles
WO2008061349A1 (fr) * 2006-11-21 2008-05-29 Research In Motion Limited Traitement de connexions de réseau virtuel privé sur un réseau local sans fil
US8595365B2 (en) 2006-11-21 2013-11-26 Research In Motion Limited Handling virtual private network connections over a wireless local area network
US8874764B2 (en) 2006-11-21 2014-10-28 Blackberry Limited Saving a connection profile when unable to connect to a wireless local area network
WO2016119633A1 (fr) * 2015-01-28 2016-08-04 中兴通讯股份有限公司 Procédé et dispositif d'accès pour réseau de locataire mobile virtuel
CN105992163A (zh) * 2015-01-28 2016-10-05 中兴通讯股份有限公司 虚拟移动租户网络的接入方法及装置
US20210218775A1 (en) * 2016-06-09 2021-07-15 CACI, Inc-Federal Methods and systems for controlling traffic to vpn servers
US11606394B2 (en) * 2016-06-09 2023-03-14 CACI, Inc.—Federal Methods and systems for controlling traffic to VPN servers
US11683346B2 (en) 2016-06-09 2023-06-20 CACI, Inc.—Federal Methods and systems for establishment of VPN security policy by SDN application

Also Published As

Publication number Publication date
AU4500301A (en) 2001-06-12
WO2001041392A3 (fr) 2002-05-02

Similar Documents

Publication Publication Date Title
US6212561B1 (en) Forced sequential access to specified domains in a computer network
US8996603B2 (en) Method and apparatus for user domain based white lists
US6615263B2 (en) Two-tier authentication system where clients first authenticate with independent service providers and then automatically exchange messages with a client controller to gain network access
US6718388B1 (en) Secured session sequencing proxy system and method therefor
CN100456729C (zh) 个人远程防火墙
US7984157B2 (en) Persistent and reliable session securely traversing network components using an encapsulating protocol
EP1370040B1 (fr) Procédé, serveur d&#39;accès réseau, serveur d&#39;authentification, d&#39;autorisation et de comptabilité, produit logiciel informatique des fonctions de proxy d&#39;utilisateur d&#39;authentification, d&#39;autorisation et de comptabilité, avec un serveur d&#39;accès réseau
US8352548B2 (en) Communications system providing enhanced client-server communications and related methods
JP2002523973A (ja) コンピュータ・ネットワークにおけるサービスへの安全なアクセスを可能にするシステムおよび方法
WO2001031855A9 (fr) Procedes et appareil permettant d&#39;etablir des sessions d&#39;acces direct par tunnel dans un reseau de communication
US20030050918A1 (en) Provision of secure access for telecommunications system
US7644185B2 (en) Communications system providing shared client-server communications interface and related methods
WO2001041392A2 (fr) Selection de reseau prive virtuel
EP1075748B1 (fr) Procede, agencement et dispositif d&#39;authentification
US20020099832A1 (en) Method for accessing the internet
Cisco CDAT Expert Interface
Cisco CDAT Expert Interface
Cisco SESM Features
KR100359559B1 (ko) 전용 사설망 서비스 방법
KR20020059640A (ko) 동적 네트워크 승인, 인증 및 어카운팅을 제공하는 시스템및 방법
EP1211860A1 (fr) Accès sécurisé pour un système de télécommunications
JP2001352411A (ja) ダイヤルアップ接続システム
EP1084556B1 (fr) Acces a un reseau de donnees
KR20060096986A (ko) 개인 원격 방화벽

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

122 Ep: pct application non-entry in european phase