Virtual private network between computing network and remote device

US 20040255164A1
Filed: 03/05/2004
Published: 12/16/2004
Est. Priority Date: 12/20/2000
Status: Active Grant

First Claim

Patent Images

1. A method for transmitting data in a secure manner between a computing network and a remote device, each of the computing network and the remote device including a tunneling client, the method comprising:

establishing a first data tunnel leg between a tunneling client of the computing network and a tunneling server of a carrier network;

establishing a second data tunnel leg between the tunneling server of the carrier network and a tunneling client of the remote device; and

transmitting data between the remote device and the computing network via the first and second data tunnel legs and the carrier network using a first template associated with a first protocol, the first template being used by the tunneling client of the computing network, and a second template associated with the first protocol, the second template being used by the tunneling of the remote device.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A secure connection between a computer network and a remote device is provided by a carrier network between the computer network and the remote device. The secure connection includes data tunnels that operate as virtual private networks between the corporate network and the carrier network and between the remote device and the carrier network. In addition, communication protocols can be used to enable data requests and data transmission over the secure connection, optionally through ports on the computer network that are opened for Web traffic.

Citations

48 Claims

1. A method for transmitting data in a secure manner between a computing network and a remote device, each of the computing network and the remote device including a tunneling client, the method comprising:
- establishing a first data tunnel leg between a tunneling client of the computing network and a tunneling server of a carrier network;
  
  establishing a second data tunnel leg between the tunneling server of the carrier network and a tunneling client of the remote device; and
  
  transmitting data between the remote device and the computing network via the first and second data tunnel legs and the carrier network using a first template associated with a first protocol, the first template being used by the tunneling client of the computing network, and a second template associated with the first protocol, the second template being used by the tunneling of the remote device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. A method as defined in claim 1, wherein the data transmitted between the remote device and the computing network comprises an access request that includes a protocol identifier that allows a firewall and a proxy on the computing network to recognize the data as web traffic and allow passage thereof into the computing network.
  - 3. A method as defined in claim 2, wherein the first protocol comprises a POP e-mail protocol used in transferring e-mail commands or data between the computing network and the remote device.
  - 4. A method as defined in claim 2, wherein:
    - the first protocol comprises an Instant Messenger protocol; and
      
      each of the first template and the second template comprises four inflection points that correspond to four Instant Messenger tasks, including the tasks of;
      
      send a message;
      
      receive a message;
      
      retrieve a buddy list; and
      
      login.
  - 5. A method as defined in claim 1, wherein each of the first template and the second template comprises one or more inflection points that correspond to commands or other data aspects that are unique to the first protocol.
  - 6. A method as defined in claim 1, wherein establishing a first data tunnel leg comprises:
    - sending a first connection signal from the tunneling client of the computing network to a tunneling server of the carrier network; and
      
      sending a connection reply signal from the tunneling server to the tunneling client on the computing network.
  - 7. A method as defined in claim 6, wherein the first connection signal comprises a uniform resource identifier that represents a request for the carrier network to provide access to network data on the computing network.
  - 8. A method as defined in claim 1, further comprising sending a keep alive signal from the computing network to the carrier network to maintain the first data tunnel leg.
  - 9. A method as defined in claim 1, wherein the first connection signal is transmitted via a port that is established through a firewall on the computing network, wherein the port is otherwise specified for being opened and reserved for Internet traffic.
  - 10. A method as defined in claim 6, wherein the first connection signal further comprises a first identification code which authenticates the computing network.
  - 11. A method as defined in claim 10, further comprising transmitting a session key from the tunneling client of the remote device, wherein the session key is used to set up all encryption protocol that is to be used for communication between the remote device and the computing network.
  - 12. A method as defined in claim 10, further comprising transmitting a session key from the tunneling client of the computing network, wherein the session key is used to set up an encryption protocol that is to be used for communication between the remote device and the computing network.
  - 13. A method as defined in claim 10, further comprising transmitting from the remote device to the computing network identification data that is used by the computing network to authenticate the identity of a user operating the remote device.
  - 14. A method as defined in claim 6, wherein establishing the second data tunnel leg second connection signal further comprises sending a second connection signal from the tunneling client of the remote device to the tunneling server.

15. In a carrier network capable of communicating with a computing network and a remote device, a method for enabling the remote device to access network data of the computing network, the method comprising:
- receiving a first connection signal from a computing network;
  
  in response to the first connection signal, establishing a first data tunnel leg between the carrier network and the computing network;
  
  receiving a second connection signal from a remote device; and
  
  in response to the second connection signal, establishing a second data tunnel leg between the carrier network and the remote device, the first data tunnel leg and the second data tunnel leg together operating as a virtual private network.
- View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29)
- - 16. A method as defined in claim 15, further comprising transmitting data between the remote device and the computing network via the first and second data tunnel legs using a first template associated with a first protocol, the first template being used by a tunneling client of the computing network, and a second template associated with the first protocol, the second template being used by a tunneling client of the remote device.
  - 17. A method as defined in claim 16, wherein each of the first template and the second template comprises one or more inflection points that correspond to commands or other data aspects that are unique to the first protocol.
  - 18. A method as defined in claim 17, wherein the first protocol comprises a POP e-mail protocol used in transferring e-mail commands or data between the computing network and the remote device.
  - 19. A method as defined in claim 17, wherein:
    - the first protocol comprises an Instant Messenger protocol; and
      
      each of the first template and the second template comprises four inflection points that correspond to four Instant Messenger tasks including the tasks of;
      
      send a message;
      
      receive a message;
      
      retrieve a buddy list; and
      
      login.
  - 20. A method as defined in claim 15, wherein the carder network comprises a tunneling server that includes a user interface service that converts the data into a format that can be visually displayed before sending the data to the remote device.
  - 21. A method as defined in claim 15, wherein establishing the first data tunnel leg further comprises sending a connection reply signal to the computing network.
  - 22. A method as defined in claim 15, wherein the first connection signal comprises a uniform resource identifier that represents a request for the carrier network to provide access to network data on the computing network.
  - 23. A method as defined in claim 15, further comprising receiving a keep alive signal from the computing network to maintain the first data tunnel leg.
  - 24. A method as defined in claim 23, wherein the first data tunnel leg is maintained substantially continuously and the second data tunnel leg is opened intermittently upon request from the remote device.
  - 25. A method as defined in claim 15, wherein the first connection signal is transmitted via a port that is established through a firewall on the computing network, wherein the port is opened and reserved for Internet traffic.
  - 26. A method as defined in claim 15, wherein, upon opening the second data tunnel log, the first data tunnel leg and the second data tunnel leg comprise a single data tunnel leg whereby the remote device can communicate with the computing network.
  - 27. A method as defined in claim 15, wherein the first connection signal is received by a designated tunneling server on the carrier network, and wherein the designated server is one of multiple tunneling servers of the carrier network.
  - 28. A method as defined in claim 15, further comprising receiving a session key from a device client on the remote device, wherein the session key is used to set up an encryption protocol that is to be used for communication between the remote device and the computing network.
  - 29. A method as defined in claim 28, further comprising transmitting, to the computing network from the remote device, identification data that is used by the computing network to authenticate the identity of a user operating the remote device.

30. In a device having a tunneling client, a method for enabling a user operating the device to access network data of a remote computing network, the method comprising:
- transmitting a connection signal from the tunneling client of the device to a tunneling server of the carrier network, wherein a first data tunnel leg has already been established between the tunneling server and the remote computing network; and
  
  upon the establishment of a second data tunnel leg between the computing network and the carrier network in response to the connection signal, transmitting a data request via the second data tunnel leg to the carrier network using a first template that is associated with a first protocol and is used by the tunneling client of the device, wherein;
  
  the remote computing network receives the data request from the carrier network via the first data tunnel leg; and
  
  the remote computing network processes the data request using a second template associated with the first protocol.
- View Dependent Claims (31, 32, 33, 34, 35, 36)
- - 31. A method as defined in claim 30, wherein each of the first template and the second template comprises one or more inflection points that correspond to commands or other data aspects that are unique to the first protocol.
  - 32. A method as defined in claim 31, wherein the first protocol comprises a POP e-mail protocol used in transferring e-mail commands or data between the remote computing network and the device.
  - 33. A method as defined in claim 31, wherein:
    - the first protocol comprises an Instant Messenger protocol; and
      
      each of the first template and the second template comprises four inflection points that correspond to four Instant Messenger tasks, including the tasks of;
      
      send a message;
      
      receive a message;
      
      retrieve a buddy list; and
      
      login.
  - 34. A method as defined in claim 30, wherein the connection signal comprises a uniform resource identifier which represents a request for the carrier network to provide to the device access to network data on the remote computing network.
  - 35. A method as defined in claim 30, further comprising transmitting a session key from the tunneling client of the device, wherein the session key is used to set up an encryption protocol that is to be used for communication between the device and the remote computing network.
  - 36. A method as defined in claim 35, further comprising transmitting, to the remote computing network, identification data that is used by the remote computing network to authenticate the identity of a user operating the device.

37. In a computing network capable of communicating with a remote carrier network, a method for enabling a user operating a remote device to access network data of the computing network, the method comprising:
- transmitting a first connection signal from a tunneling client of the computing network to a carrier network;
  
  upon the establishment of a first data tunnel leg between the computing network and the carrier network, transmitting a keep alive signal from the computing network to the carrier network to maintain the first data tunnel leg; and
  
  receiving a data request from a remote device via the first data tunnel leg and a second data tunnel leg located between the carrier network and a remote device, wherein;
  
  the data request is transmitted using a first template associated with a first protocol, the first template being used by the tunneling client or the computing network, and a second template associated with the first protocol, the second template being used by a tunneling client of the remote device.

38. In a carrier network capable of communicating with a computing network and a remote device, a computer program product for implementing a method suitable for enabling the remote device to access network data of the computing network, the computer program product comprising:
- a computer readable medium carrying computer executable instructions for performing the method, wherein the method comprises;
  
  upon receiving a first connection signal from a computing network, establishing a first data tunnel leg between the carrier network and the computing network; and
  
  upon receiving a second connection signal from a remote device, establishing a second data tunnel leg between the carrier network and the remote device, the first data tunnel leg and the second data tunnel leg together operating as a virtual private network.
- View Dependent Claims (39, 40, 41, 42, 43, 44)
- - 39. A computer program product as defined in claim 38, further comprising transmitting data between the remote device and the computing network via the first and second data tunnel legs using a first template associated with a first protocol, the first template being used by a tunneling client of the computing network, and a second template associated with the first protocol, the second template being used by a tunneling client of the remote device.
  - 40. A computer program product as defined in claim 39, wherein each of the first template and the second template comprises one or more inflection points that correspond to commands or other data aspects that are unique to the first protocol.
  - 41. A computer program product as defined in claim 40, wherein the first protocol comprises a POP e-mail protocol used in transferring e-mail commands or data between the computing network and the remote device.
  - 42. A computer program product as defined in claim 40, wherein:
    - the first protocol comprises an Instant Messenger protocol; and
      
      each of the first template and the second template comprises four inflection points that correspond to four Instant Messenger tasks including the tasks of;
      
      send a message;
      
      receive a message;
      
      retrieve a buddy list; and
      
      login.
  - 43. A computer program product as defined in claim 38, wherein the first data tunnel leg is maintained substantially continuously and the second data tunnel leg is opened intermittently upon request from the remote device.
  - 44. A computer program product as defined in claim 38, wherein the first connection signal is transmitted via a port that is established through a firewall on the computing network, wherein the port is opened and reserved for Internet traffic.

45. A system for enabling a user of a remote device to access network data and software, applications stored on a computer network, the system comprising:
- a first tunneling client on a computer network;
  
  a tunneling server on a carrier network, wherein;
  
  the first tunneling client and the tunneling server are configured to communicate with each other and maintain a first data tunnel leg therebetween; and
  
  the tunneling server is configured to, upon receiving a connection signal from a remote device, establish a second data tunnel leg between the carrier network and the remote device, the first data tunnel leg and the second data tunnel leg together operating as a virtual private network.
- View Dependent Claims (46, 47, 48)
- - 46. A system as defined in claim 45, wherein the remote device comprises a second tunneling client, the second tunneling client being operable to generate the connection signal.
  - 47. A system as defined in claim 46, wherein the second tunneling client is operable to transmit data between the remote device and the computing network via the first and second data tunnel legs using a second template associated with a first protocol, the second template being used by the second tunneling client, and a first template associated with the first protocol, the first template being used by the first tunneling client.
  - 48. A system as defined in claim 47, wherein each of the first template and the second template composes one or more inflection points that correspond to commands or other data aspects that are unique to the first protocol.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
WSOU Investments, LLC (WSOU Holdings, LLC)
Original Assignee
Intellisync Corporation (Nokia Corporation)
Inventors
Wesemann, Darren L.

Granted Patent

US 7,673,133 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/201
CPC Class Codes

H04L 12/4641   Virtual LANs, VLANs, e.g. v...

H04L 63/0272   Virtual private networks

H04L 63/0435   wherein the sending and rec...

H04L 63/0823   using certificates cryptogr...

H04L 63/126   the source of the received ...

Virtual private network between computing network and remote device

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

48 Claims

Specification

Solutions

Use Cases

Quick Links

Virtual private network between computing network and remote device

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

48 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links