System and method for secure network mobility
First Claim
1. In a computer network arrangement comprising a home network having at least one home network server and a firewall for protecting said home network server, a relay server outside of said home network, and a client having a permanent IP address within said home network, a method for maintaining secure communications between the home network server and the client when said client roams outside of said home network to a new location, said method comprising:
- establishing a new IP address for the new client location;
sending a registration message to said relay server identifying said new IP address location;
authenticating said registration message;
encapsulating and transmitting said registration message to said home server;
registering said new IP address as a care-of-address for said client at said home server;
confirming the registration of said new IP address with said client;
establishing a security association between said home server and said relay server on behalf of said client;
performing network address translation between the client'"'"'s permanent IP address and the client'"'"'s new IP address;
tunneling packets addressed for said client between said home server and said relay server based on the established security association and said address translation for said client; and
decapsulating said packets at said relay server and forwarding said packets to said client.
13 Assignments
0 Petitions
Accused Products
Abstract
A system and method are provided for use in maintaining secure communications between a home network and a mobile client when the client roams outside of the home network to a new location. One method of the present invention includes the steps of: establishing a new IP address for the new client location; sending a registration message identifying the new IP address location; authenticating the registration message; encapsulating and transmitting the registration message to the home server; registering the new IP address as a care-of-address for the client at the home server; confirming the registration of the new IP address with the client; establishing a security association between the home server and the relay server on behalf of the client; performing network address translation between the client'"'"'s permanent IP address client and the client'"'"'s new IP address; tunneling packets addressed for the client between the home server based and the relay server based on the established security association and the address translation for the client; and decapsulating the packets at the relay server and forwarding the packets to the client.
-
Citations
20 Claims
-
1. In a computer network arrangement comprising a home network having at least one home network server and a firewall for protecting said home network server, a relay server outside of said home network, and a client having a permanent IP address within said home network, a method for maintaining secure communications between the home network server and the client when said client roams outside of said home network to a new location, said method comprising:
-
establishing a new IP address for the new client location;
sending a registration message to said relay server identifying said new IP address location;
authenticating said registration message;
encapsulating and transmitting said registration message to said home server;
registering said new IP address as a care-of-address for said client at said home server;
confirming the registration of said new IP address with said client;
establishing a security association between said home server and said relay server on behalf of said client;
performing network address translation between the client'"'"'s permanent IP address and the client'"'"'s new IP address;
tunneling packets addressed for said client between said home server and said relay server based on the established security association and said address translation for said client; and
decapsulating said packets at said relay server and forwarding said packets to said client. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 19)
-
-
9. In a computer network arrangement comprising a home network having at least one home network server and a firewall for protecting said home network server, a relay server outside of said home network, and a client having a permanent IP address within said home network, a method for maintaining secure communications between the home network server and the client when said client roams outside of said home network to a new location, said method comprising:
-
establishing a new IP address for the new client location;
sending a registration message to said home server identifying said new IP address location;
encapsulating and transmitting said registration message to said home server;
registering said new IP address as a care-of-address for said client at said home server;
confirming the registration of said new IP address with said client;
establishing a security association between said home server and said client;
performing network address translation between the client'"'"'s permanent IP address and the client'"'"'s new IP address; and
tunneling packets addressed for said client between said home server and said client based on the established security association and said address translation for said client. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 20)
-
-
17. A system for maintaining secure communications for a client having a permanent IP address within a home network system and a temporary, care-of IP address when roaming outside of said home network system, said system comprising:
-
a home network server, wherein said home network server authenticates messages received from clients roaming outside of said home network system and performs network address translation between the client'"'"'s permanent IP address client and the client'"'"'s registered care-of IP address, further wherein said home network server encapsulates and retransmits messages addressed to said client'"'"'s permanent IP address to the client'"'"'s registered care-of IP address;
a relay server, said relay server located outside of said home network, wherein said relay server tunnels messages between said home network server and said client; and
a multiplexer subsystem, wherein said multiplexer subsystem is comprised of a HTTP server, and a multiplexer module.
-
-
18. A method for communicating between a roaming client and a home server wherein at least one of either the client or the home server is protected by a firewall, said method comprising:
-
generating a first message in HTTP Request-format, transmitting said first message in HTTP Request-format through said firewall;
processing said first message, wherein said first message is encapsulated in UDP packets and forwarded to its intended recipient;
generating a second message in response to said first message, wherein said second message is encapsulated in UDP packets;
translating said second message into HTTP Response-Format;
transmitting said second message to its intended recipient.
-
Specification
-
- Resources
-
Current AssigneeJurgen Manchot, Smith Micro Software Incorporated
-
Original AssigneeEcutel Systems, Inc. (Smith Micro Software Incorporated)
-
InventorsZhang, Qiang, Nagarajan, Ravi, Gadi, Hari, Tran, Dzung, Makineni, Gowri
-
Granted Patent
-
Time in Patent OfficeDays
-
Field of Search
-
US Class Current713/201
-
CPC Class CodesH04L 12/4633 Interconnection of networks...H04L 63/0209 Architectural arrangements,...H04L 63/0272 Virtual private networksH04L 63/06 for supporting key manageme...H04L 63/08 for authentication of entit...H04L 63/164 at the network layerH04W 12/03 Protecting confidentiality,...H04W 8/04 Registration at HLR or HSS ...H04W 8/26 Network addressing or numbe...H04W 80/04 Network layer protocols, e....H04W 88/182 Network node acting on beha...
