WO2005018168A1 - Establishing a vpn connection - Google Patents

Establishing a vpn connection Download PDF

Info

Publication number
WO2005018168A1
WO2005018168A1 PCT/NO2004/000249 NO2004000249W WO2005018168A1 WO 2005018168 A1 WO2005018168 A1 WO 2005018168A1 NO 2004000249 W NO2004000249 W NO 2004000249W WO 2005018168 A1 WO2005018168 A1 WO 2005018168A1
Authority
WO
WIPO (PCT)
Prior art keywords
computer
mobile terminal
communication
mobile
network
Prior art date
Application number
PCT/NO2004/000249
Other languages
French (fr)
Inventor
Juan Carlos López CALVET
Original Assignee
Telenor Asa
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Telenor Asa filed Critical Telenor Asa
Priority to DE602004004157T priority Critical patent/DE602004004157T2/en
Priority to EP04775033A priority patent/EP1658701B1/en
Priority to DK04775033T priority patent/DK1658701T3/en
Publication of WO2005018168A1 publication Critical patent/WO2005018168A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0272Virtual private networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/045Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/18Network architectures or network communication protocols for network security using different networks or channels, e.g. using out of band channels
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W80/00Wireless network protocols or protocol adaptations to wireless operation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W84/00Network topologies
    • H04W84/18Self-organising networks, e.g. ad-hoc networks or sensor networks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Air Bags (AREA)
  • Small-Scale Networks (AREA)
  • Nonmetallic Welding Materials (AREA)
  • Input Circuits Of Receivers And Coupling Of Receivers And Audio Equipment (AREA)

Abstract

The invention relates to a method, a mobile communication terminal and a system for enabling a VPN connection to be established between a first (150) and a second (160) computer connected to a network such as the Internet. A first mobile terminal (154) is arranged for local Bluetooth communication with the first (150) computer. Likewise, a second mobile terminal (164) is arranged for local Bluetooth communication with the second (160) computer. The method is executed by the second mobile terminal (164), and comprises the steps of: receiving (308) from the first mobile terminal (154) an encrypted request message, including the IP address of the first computer (150) and a shared secret; decrypting (310) the request message using a private key (PrivKeyB) associated with the second mobile terminal (164); receiving (316) a response command from the second computer (160); and transmitting (318) to the first mobile terminal (154) a response message containing the IP address of the second computer (160).

Description

Establishing a NPN Connection
Field of the invention
The present invention relates in general to information security, and more specifically to a method for enabling a Virtual Private Network connection to be established in a communication network between a first and a second computer connected to the network.
In particular, a first mobile communication terminal is arranged for local communication with the first computer, and a second mobile communication terminal is arranged for local communication with the second computer, and the method according to the invention is performed by said second mobile terminal.
The invention also relates to a mobile communication terminal arranged for performing the method, and a system wherein a mobile communication terminal arranged for performing the method is included. Background of the invention
A Virtual Private Network (VPN) is a private network that makes use of the public network, including its telecommunication infrastructure. VPNs are widely used to enable mobile and remote users to connect to their company's internal LANs.
IPSec (Internet Protocol Security) has been a popular technique over the past years for providing VPNs. Using IPSec, security is achieved through the provision of a tunnelling protocol and security procedures.
In order to establish an IPSec VPN tunnel connection between two peer or client computers connected to the Internet, each computer must be in possession of certain configuration data, including the IP address of both computers and a shared secret, such as a random number or alphanumeric string. When such information is provided, each computer may perform a configuration process which results in that the VPN connection is established.
Public Key Infrastructure (PKI) is a secure method for exchanging information within an organization, an industry, a nation or worldwide. PKI uses the asymmetric encryption method, also known as the "public/private key" method, for encrypting IDs and documents/messages. A certificate authority (CA) issues digital certificates (digital IDs) that authenticate the identity of people and organizations over a public network such as the Internet. Objects of the invention
An object of the present invention is to provide a method, a device and a system for enabling a Virtual Private Network connection to be established in a communication network between a first and a second computer connected to the network.
A further object of the invention is to provide such a method, a device and a system which is easy and cost-effective in implementation and use.
Another object of the invention is to provide such a method, a device and a system which utilizes existing infrastructure such as the widespread mobile telephony, as well as oncoming technologies such as the Bluetooth short-range communication.
Still another object of the invention is to provide a method, a device and a system that makes it simple for ordinary customers to establish VPN connections for facilitating new methods of e-commerce and on-line payment solutions.
Summary of the invention At least some of the objects stated above are achieved by means of a method, a mobile communication terminal and a system as set forth in the appended, independent claims. Further favorable advantages are obtained by means of the preferred embodiments as set forth in the dependent claims.
Brief list of drawings The invention will be described in further detail by way of example and with reference to the figures, wherein
Fig. 1 is a block diagram illustrating a system wherein a method according to the invention is used,
Fig. 2 is a timing diagram illustrating the complete process of establishing a VPN connection,
Fig. 3 is a flow chart illustrating a method according to the invention.
Detailed description of a preferred embodiment
Fig. 1 is a block diagram illustrating a system wherein the method according to the invention is used. A first client computer 150 (A) and a second client computer 160 (B) are operatively connected to a global digital communication network 110 such as the Internet. The aim of the invention is to establish a VPN connection between A and B, i.e. between the first client computer 150 and the second client computer 160.
Each client computer 150, 160 is provided with an address (IP address) in the network 110. Each client computer 150, 160 is further provided with client software, such as an Internet browser, which enables the computer to access the World Wide Web. Also, each client computer 150, 160 is provided with a local communication interface, such as a Bluetooth RF transceiver, for local, short-range wireless communication with remote peripheral devices.
Bluetooth is a computing and telecommunications industry specification that describes how mobile phones, computers, and personal digital assistants (PDA's) can easily interconnect with each other using a local (short-range) wireless connection. A Bluetooth device is a microchip transceiver that transmits and receives in the frequency band of 2.45 GHz. Each device has a unique 48-bit address from the IEEE 802 standard. Connections can be point-to-point or multipoint. The maximum range is approx. 10 meters. A frequency hop scheme allows devices to communicate even in areas with a great deal of electromagnetic interference. Built-in functions for encryption and authentication are provided for the short-range Bluetooth communication.
Each client computer 150, 160 is further provided with software enabling the computer to communicate with the remote peripheral devices, using said local communication interface.
A first mobile terminal 154 is associated with the first client computer 150. The first mobile terminal 154 is provided with two independent communication options: Firstly, the mobile terminal 154 is provided with a communication interface for local communication with the first client computer 150, e.g. a
Bluetooth RF transceiver. Secondly, the mobile terminal 154 is arranged to operate in a mobile telephone network 120, by radio communication with a base station 122 covering the current location of the mobile terminal 154. In particular, the mobile telephone network provides a message service, such as an SMS service, enabling the mobile terminal 154 to transmit a digital message to another mobile terminal operating in the mobile telephone network 120.
Likewise, a second mobile terminal 164 is associated with the first client computer 160 on the B side. The second mobile terminal 164 is also provided with two independent communication options: Firstly, the mobile terminal 164 is provided with a communication interface for local communication with the second client computer 160, e.g. a. Bluetooth RF transceiver. Secondly, the mobile terminal 164 is arranged to operate in the mobile telephone network 120, by radio communication with a base station 124 covering the current location of the mobile terminal 164. The message service, such as an SMS service, provided by the mobile telephone network 120, enables the mobile terminal 164 to transmit and receive digital messages to another mobile terminal operating in the network. Typically, the mobile telephone network 120 comprises a GSM network, and the mobile terminals are arranged to operate in the GSM network, which enables the terminals to send and receive SMS messages through the network 120.
Each of the first 154 and the second 164 mobile terminals comprises a SIM (Subscriber Identity Module) card.
Fig. 2 is a timing diagram illustrating the complete process of enabling a VPN connection to be established between the first client computer 150 and the second client computer 160. For the purpose of illustration, the system shown in fig. 1 is also referred to when describing the process in fig. 2.
The following configuration information is needed at both client computers 150, 160 in order to enable the establishing of a VPN tunnel connection between the first 150 and the second 160 client computers: (1) the IP address of both client computers, and (2) a shared secret.
The further process of establishing a VPN connection or tunnel, based on such configuration data, will be a normal design procedure for a person skilled in the art, based on the teachings of the IPSec specification. In the initial process step 202, a request is input by a user operating the first client computer 150. The request includes an identity of the second mobile terminal 164, such as a telephone number associated with it.
Then, in the secret generation step 204, a "shared secret", such as a pseudo-random number or alphanumeric string, is generated by the first client computer 150. Subsequently, in the request command transmission step 206, the first client computer 150 transmits a request command through the first local Bluetooth connection 152 to the first mobile terminal 154. The built-in features of the Bluetooth communication ensure that the data is transmitted in encrypted form, which is essential for security/confidentiality. This command includes data representing the generated shared secret, the IP address of the first client computer 150 and the identity of the second mobile terminal 164, and the command instructs the first mobile terminal A to transmit a request message in the following step 208.
As a response to the receipt of the request command, the first mobile terminal is arranged to initiate the request message transmission step 208, wherein the first mobile terminal 154 transmits a request message, such as an SMS message, to the identified, second mobile terminal 164, through the mobile communication network 120. This request message contains the shared secret and the IP address of the first client computer 150.
Preferably, steps 206 and 208 are carried out by arranging the first mobile terminal 154 as a "dumb" mobile terminal, whose functionality may be controlled by the first client computer 150 via Bluetooth communication. In this case, the request message is generated by the first client computer 150, and the request command transmitted in step 206 will include the generated request message and actually instruct the first mobile terminal 154 to forward the request message by transmitting the request message as an SMS. The request message is encrypted using the public key associated with the second mobile terminal 164.
Upon reception of this SMS message, the second mobile terminal 164 will perform the request decryption step 210 of decrypting the request message using the private key associated with the second mobile terminal 164. Advantageously, this private key is stored in the SIM (Subscriber Identity Module) card included in the second mobile terminal. In order to obtain access to the private key stored in the SIM card, the operator of the second mobile terminal 164 will have to enter a PIN code on the mobile terminal 164.
Upon the decrypting of the request message, the second mobile terminal 164 performs the configuration message transmission step 212, wherein configuration data including the IP address of the first client computer 160 and the shared secret are transmitted by the Bluetooth communication to the second client computer 160.
When the second client computer 160 has detected that the configuration message has been received, i.e. when configuration data including both the IP address of the first client computer and the shared secret have been acquired, the second client computer 160 initiates a configuration process 214, configuring the VPN tunnel connection between the first 150 and the second 160 client computers.
Then, the second client computer 160 performs the transmit response command step 216. In this step, a response command is transmitted to the second client computer using the second Bluetooth connection 162.
As a response to the receipt of the response command, the second mobile terminal is arranged to initiate the response message transmission step 218, wherein the second mobile terminal 164 transmits a response message, such as an SMS message, to the first mobile terminal 154, through the mobile communication network 120. This response message contains the IP address of the second client computer 160. Preferably, steps 216 and 218 are carried out by arranging the second mobile terminal 164 as a "dumb" mobile terminal, whose functionality may be controlled by the second client computer 160 via Bluetooth. In this case, the response message is generated by the second client computer 150, and the response command transmitted in step 216 will include the generated request message and actually instruct the second mobile terminal 164 to forward the request message by transmitting the response message as an SMS.
The response message is encrypted using the private key associated with the second mobile terminal 164, which was stored in its SIM card. At the first mobile terminal 154, when the response message has been received at step 218, the response message is decrypted in the response decryption step 220. The decryption step 220 essentially correspond to the decrypting step 210 performed by the second mobile terminal 164, as described above.
Subsequent to the decryption step 220, the first mobile terminal 154 performs the configuration message transmission step 222, wherein configuration data including the IP address of the second client computer is transmitted to the first client computer, using the local Bluetooth communication.
The first client computer is thus supplied with the shared secret and the IP address of the second client computer, which enables the first client computer 150 to initiate a VPN tunnel configuring process 224. Also, a configuring process 214 has previously been initiated by the second client computer 160. The completion of both configuring processes 214, 224 enables the establishment of the VPN tunnel between the first 150 and the second 160 client computers.
Fig. 3 is a flow chart illustrating a method according to the invention. The complex process illustrated in fig. 2 comprises steps performed by various parties. The method illustrated in Fig. 3 corresponds to those steps in the above overall process that are performed by the second mobile terminal 164.
The method enables a Virtual Private Network connection, in particular an IPSec tunnel, to be established in a communication network 110 between the first 150 and the second 160 computer connected to the network.
The method is described also with reference to the system illustrated in fig. 1. Thus, a first mobile communication terminal 154 is arranged for local communication (e.g. Bluetooth) with the first 150 computer and a second mobile communication terminal 164 is arranged for local communication (e.g. Bluetooth) with the second 160 computer. Both mobile terminals 154, 164 are also arranged for communication through the mobile telephone network 120. The second mobile terminal 164 performs the steps of the method. The method starts at reference 301.
First, in the request receiving step 308, an encrypted request message is received. This step corresponds to the request transmission step 208 in fig. 2, wherein the request message was transmitted by the first mobile terminal 154. The request message contains information representing the network address (IP address) of the first computer 150 and the shared secret, which was generated by the first client computer 150 in step 204 and transmitted by local Bluetooth communications to the first mobile terminal 154 in step 206 (cf. fig. 2). The request message is preferably an SMS, transmitted and received by means of the mobile communication network 120. The request message is encrypted with a public key associated with the mobile terminal 164.
The test step 309 ensures that the method continues to the decryption step 310 only when a request message has been received. Otherwise, the method awaits the reception of a request message.
In the decryption step 310, corresponding to the decryption step 210 in fig. 2, the request message is decrypted by the second mobile terminal 164, using the private key associated with the second mobile terminal 164. As explained with reference to fig. 2, this private key is advantageously stored in the SIM card included in the second mobile terminal 164.
Upon the completion of the decryption step 310, the second mobile terminal 164 further performs the configuration message transmission step 312, corresponding to step 212 in fig. 2. At this point, configuration data including the IP address of the first client computer 160 and the shared secret are transmitted by the local Bluetooth communication to the second client computer 160.
Then, the second mobile terminal performs the response command receiving step 316, whose counterpart is the response command transmission step 216 performed by the second client computer, illustrated in fig. 2. In this step 316, a response command is received from the second client computer 160 using the second Bluetooth connection 162.
The test step 317 ensures that the method continues to the response transmission step 318 only when a response command has been received. Otherwise, the method awaits the reception of the response command.
As a response to the receipt of the response command, the second mobile terminal is arranged to initiate the response message transmission step 318, corresponding to step 218 illustrated in fig. 2. In this step 318, the second mobile terminal 164 transmits a response message (an SMS message) to the first mobile terminal 154, through the mobile communication network 120. This response message contains the IP address of the second client computer 160.
Preferably, steps 316 through 318 are achieved by arranging the second mobile terminal 164 as a "dumb" mobile terminal, whose functionality may be controlled by the second client computer 160 via Bluetooth. In this case, the response message is actually generated by the second client computer 150, and the response command transmitted in step 316 will include the generated request message and actually instruct the second mobile terminal 164 to forward the request message by transmitting the response message as an SMS. The response message is encrypted using the private key associated with the second mobile terminal 164, which was stored in its SIM card.
When these steps are completed, at the termination stage 319, the first client computer 150 is enabled to obtain the IP address of the second computer 160 from the first mobile terminal 154, included in the transmitted response message. As illustrated in the overall process in fig. 2, this will involve that the decryption step 220 and the configuration data transmission step 222 are performed by the first mobile terminal 154. Also, the second client computer 160 has been enabled to perform the VPN tunnel configuration step 214 as a result of the configuration message transmitted by the second mobile terminal 164 in step 312. Consequently, both client computers 150, 160 have obtained the configuration data necessary in order to establish a VPN tunnel between the first 150 and the second 160 computer.
The invention will be particularly applicable if the network 110 supports a global addressing feature, which is the case for the oncoming Internet Protocol specification IPv6. Implementations based on the currently widespread IPv4 involve the use of Network Address Translation (NAT) devices. A disadvantage of NAT networks based on IPv4 is that non-global addresses are used. This means that a computer would send an address that is only valid inside the NAT network, and which cannot be accessed from the outside. An end-to-end communication cannot be obtained, instead, a tunnel could be established between two NAT servers, but then the communication would be completely open inside the NAT network, and thus the security would be compromised.
The above detailed description has explained the invention by way of example. A person skilled in the art will realize that numerous variations and alternatives to the detailed embodiment exist within the scope of the appended claims.
For instance, the first mobile terminal 154 and the first computer 150, which are described as separate units intercommunicating via short-range Bluetooth communication, may be merged into a single mobile unit, such as a Personal Digital Assistant. In this case, the local communication that takes place between the first mobile terminal 154 and the first client computer 150 is performed internally in the mobile unit. Although Bluetooth communication is specified as the preferred local, short-range communication solution between the client computer (150, 160) and the corresponding mobile terminal (154, 164 respectively), the skilled person will also realize that other options may be employed, such as infrared communication or even wired connection. However, for security purposes, the local communication should preferably provide built-in encryption schemes.
The mobile terminals 154, 164 may be ordinary mobile telephones, such as GSM telephones, provided with additional, short-range communicating means, such as Bluetooth. However, the mobile terminals may also be more complex communication/processing units such as PDAs which include a mobile communication module (e.g. GSM) and e.g. a Bluetooth communication transceiver.
The overall process in fig. 2 is initiated by the user at the first client computer 150. It is of course also possible to initiate the process at the first mobile terminal 154, which then provides a short-range connection to the first client computer 150. It is also possible to rearrange the shared secret generating step 204 to be performed by the first mobile terminal 154. This is particularly relevant if the process is performed by a PDA/phone device which also acts as the client computer.

Claims

1. Method for enabling a Virtual Private Network connection to be established in a communication network (110) between a first (150) and a second (160) computer connected to the network, wherein a first mobile communication terminal (154) is arranged for local communication with the first (150) computer and a second mobile communication terminal (164) is arranged for local communication with the second (160) computer, characterized in that said method is executed by the second mobile terminal (164) and comprises the following steps:
- receiving (308) from the first mobile terminal (154) an encrypted request message comprising information representing the network address of the first computer (150) and a shared secret,
- decrypting (310) said request message using a private key (PrivKeyB) associated with the second mobile terminal (164), - transmitting (312) to the second computer (160) a configuration message containing information representing the network address of the first computer (150) and the shared secret,
- receiving (316) a response command from the second computer (160), and
- upon the reception of the response command, transmitting (318) to the first mobile terminal (154) a response message containing information representing the network address of the second (160) computer, thus enabling the first computer (150) to acquire the network address of the second computer (160), and further enabling the second computer (160) to acquire the network address of the first computer (150) and the shared secret, which enables the Virtual Private
Network connection to be established between the first (150) and the second (160) computer.
2. Method according to claim 1, wherein said private key (PrivKeyB) is stored in a Subscriber Identity Module in the second mobile terminal (164).
3. Method according to claim 2, wherein said response command comprises said response message.
4. Method according to claim 3, wherein said request message is received from a mobile communication network (120), and wherein said response message is transmitted to said mobile communication network (120).
5. Method according to claim 4, wherein said mobile communication network (120) is a GSM compatible mobile telephone network, and wherein said request and response messages are SMS messages.
6. Method according to claim 5, wherein said request message is encrypted using a public key (PubKeyB) associated with the second mobile terminal (164), and wherein said response message is encrypted using the private key (PrivKeyB) associated with the second mobile terminal (164).
7. Method according to one of the claims 1-6, wherein the local communication between the second mobile terminal (164) and the second computer (160) is a short- range, wireless communication implemented according to the Bluetooth specification.
8. Method according to one of the claims 1-7, wherein the local communication between the first mobile terminal (154) and the first computer (150) is a short- range, wireless communication implemented according to the Bluetooth specification.
9 Method according to one of the claims 1-7, wherein the first mobile terminal
(154) and the first computer (150) are merged into a single mobile unit, such as a Personal Digital Assistant, said local communication between the first mobile terminal (154) and the first computer (150) being performed internally by a wired connection in the mobile unit.
10. Mobile communication terminal (164) adapted for enabling a Virtual Private Network connection to be established between a first (150) and a second (160) computer in a communication network (110), comprising
- a mobile telephone radio communication arrangement, and
- a communication interface for local communication with a computer, characterized in that the mobile terminal is arranged to perform a method according to one of the claims 1-9.
11. System for enabling a Virtual Private Network connection to be established in a communication network (110), said system comprising a first (150) and a second (160) computer connected to the network (110), wherein a first mobile communication terminal (154) is arranged for local communication with the first (150) computer, and a second mobile communication terminal (164) is arranged for local communication with the second (160) computer, characterized in that the second mobile communication terminal (164) is arranged to perform a method according to one of the claims 1-9.
PCT/NO2004/000249 2003-08-18 2004-08-17 Establishing a vpn connection WO2005018168A1 (en)

Priority Applications (3)

Application Number Priority Date Filing Date Title
DE602004004157T DE602004004157T2 (en) 2003-08-18 2004-08-17 METHOD, SYSTEM AND MOBILE DEVICE FOR MAKING A VPN CONNECTION
EP04775033A EP1658701B1 (en) 2003-08-18 2004-08-17 Method, system and mobile terminal for establishing a vpn connection
DK04775033T DK1658701T3 (en) 2003-08-18 2004-08-17 Establishing a VPN connection

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
NO20033655A NO321751B1 (en) 2003-08-18 2003-08-18 Method, mobile terminal and system for establishing a VPN connection
NO20033655 2003-08-18

Publications (1)

Publication Number Publication Date
WO2005018168A1 true WO2005018168A1 (en) 2005-02-24

Family

ID=28036449

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/NO2004/000249 WO2005018168A1 (en) 2003-08-18 2004-08-17 Establishing a vpn connection

Country Status (10)

Country Link
EP (1) EP1658701B1 (en)
AT (1) ATE350836T1 (en)
DE (1) DE602004004157T2 (en)
DK (1) DK1658701T3 (en)
ES (1) ES2279444T3 (en)
MY (1) MY134829A (en)
NO (1) NO321751B1 (en)
RU (1) RU2351084C2 (en)
UA (1) UA88621C2 (en)
WO (1) WO2005018168A1 (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2547051A1 (en) * 2010-03-11 2013-01-16 Nishihata, Akira Confidential communication method using vpn, a system and program for the same, and memory media for program therefor
EP2645665A1 (en) * 2012-03-29 2013-10-02 Broadcom Corporation Bluetooth loe energy privacy
WO2014074239A2 (en) * 2012-09-25 2014-05-15 Openpeak Inc. Method and system for sharing vpn connections between applications
US9720481B2 (en) 2012-09-14 2017-08-01 Siemens Aktiengesellschaft Energy-saving mode for a rail system signaling system
EP3228059A4 (en) * 2014-12-04 2017-10-11 Telefonaktiebolaget LM Ericsson (publ) Secure connections establishment
RU2635215C1 (en) * 2016-12-27 2017-11-09 Открытое Акционерное Общество "Информационные Технологии И Коммуникационные Системы" Method for connecting user computer to virtual private network via provider local network

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TW201206129A (en) * 2010-07-20 2012-02-01 Gemtek Technology Co Ltd Virtual private network system and network device thereof
CN115397033B (en) * 2021-05-25 2024-04-09 成都鼎桥通信技术有限公司 Wireless communication method, wireless communication device, wireless communication module, medium, and program product

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0944203A2 (en) * 1998-02-09 1999-09-22 Nokia Mobile Phones Ltd. Mobile internet access
DE10140446A1 (en) * 2001-08-17 2003-03-06 Siemens Ag Data processing unit splits data and code between cellular and local networks
US20030070067A1 (en) * 2001-09-21 2003-04-10 Shin Saito Communication processing system, communication processing method, server and computer program

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0944203A2 (en) * 1998-02-09 1999-09-22 Nokia Mobile Phones Ltd. Mobile internet access
DE10140446A1 (en) * 2001-08-17 2003-03-06 Siemens Ag Data processing unit splits data and code between cellular and local networks
US20030070067A1 (en) * 2001-09-21 2003-04-10 Shin Saito Communication processing system, communication processing method, server and computer program

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2547051A1 (en) * 2010-03-11 2013-01-16 Nishihata, Akira Confidential communication method using vpn, a system and program for the same, and memory media for program therefor
EP2547051A4 (en) * 2010-03-11 2014-11-12 Nishihata Akira Confidential communication method using vpn, a system and program for the same, and memory media for program therefor
US9185092B2 (en) 2010-03-11 2015-11-10 Akira Nishihata Confidential communication method using VPN, system thereof, program thereof, and recording medium for the program
EP2645665A1 (en) * 2012-03-29 2013-10-02 Broadcom Corporation Bluetooth loe energy privacy
US9720481B2 (en) 2012-09-14 2017-08-01 Siemens Aktiengesellschaft Energy-saving mode for a rail system signaling system
WO2014074239A2 (en) * 2012-09-25 2014-05-15 Openpeak Inc. Method and system for sharing vpn connections between applications
WO2014074239A3 (en) * 2012-09-25 2014-07-17 Openpeak Inc. Method and system for sharing vpn connections between applications
EP3228059A4 (en) * 2014-12-04 2017-10-11 Telefonaktiebolaget LM Ericsson (publ) Secure connections establishment
RU2635215C1 (en) * 2016-12-27 2017-11-09 Открытое Акционерное Общество "Информационные Технологии И Коммуникационные Системы" Method for connecting user computer to virtual private network via provider local network

Also Published As

Publication number Publication date
NO321751B1 (en) 2006-06-26
NO20033655L (en) 2005-02-21
DE602004004157T2 (en) 2007-10-11
EP1658701B1 (en) 2007-01-03
UA88621C2 (en) 2009-11-10
ATE350836T1 (en) 2007-01-15
DK1658701T3 (en) 2007-03-26
ES2279444T3 (en) 2007-08-16
EP1658701A1 (en) 2006-05-24
DE602004004157D1 (en) 2007-02-15
MY134829A (en) 2007-12-31
RU2006107601A (en) 2007-09-27
RU2351084C2 (en) 2009-03-27
NO20033655D0 (en) 2003-08-18

Similar Documents

Publication Publication Date Title
EP1602194B1 (en) Methods and software program product for mutual authentication in a communications network
US8861730B2 (en) Arranging data ciphering in a wireless telecommunication system
US11863541B2 (en) System and method for end-to-end secure communication in device-to-device communication networks
US7706781B2 (en) Data security in a mobile e-mail service
US8233934B2 (en) Method and system for providing access via a first network to a service of a second network
US7450554B2 (en) Method for establishment of a service tunnel in a WLAN
TWI264917B (en) Method and system for authenticating user of data transfer device
US20030120920A1 (en) Remote device authentication
US20060083187A1 (en) Pairing system and method for wirelessly connecting communication devices
CN110519760B (en) Network access method, device, equipment and storage medium
JP2009533932A (en) Channel coupling mechanism based on parameter coupling in key derivation
KR20080104180A (en) Sim based authentication
EP1397932A1 (en) Authentication in data communication
KR20050116817A (en) An identity mapping mechanism in wlan access control with public authentication servers
CN100571460C (en) The method and apparatus of secure roaming
EP1658701B1 (en) Method, system and mobile terminal for establishing a vpn connection
Hager et al. Demonstrating vulnerabilities in bluetooth security
JP5388088B2 (en) Communication terminal device, management device, communication method, management method, and computer program.
WO2001069838A2 (en) Method, and associated apparatus, for generating security keys in a communication system
JP2004535627A (en) Secure remote subscription module access
CN111357305B (en) Communication method, equipment, system and storage medium of movable platform
EP1517475A1 (en) Smart card based encryption in Wi-Fi communication
CN111866829A (en) Direct communication method for authorizing 5GD2D service through NFC
KR101940722B1 (en) Method for providing communication security for user mobile in open wifi zone
CN110234110B (en) Automatic switching method for mobile network

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LU MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
WWE Wipo information: entry into national phase

Ref document number: 2004775033

Country of ref document: EP

WWE Wipo information: entry into national phase

Ref document number: 2006107601

Country of ref document: RU

Ref document number: 1200600436

Country of ref document: VN

WWP Wipo information: published in national office

Ref document number: 2004775033

Country of ref document: EP

WWG Wipo information: grant in national office

Ref document number: 2004775033

Country of ref document: EP