UDP communication with TCP style programmer interface over wireless networks

US 20050055577A1
Filed: 07/02/2004
Published: 03/10/2005
Est. Priority Date: 12/20/2000
Status: Active Grant

First Claim

Patent Images

1. A method for transmitting data in a secure manner between a computing network and a remote device, each of the computing network and the remote device including a tunneling client, the method comprising:

establishing a data tunnel leg between a tunneling switch of a carrier network and a tunneling client of a computing network;

at the tunneling switch of the carrier network, receiving a first packet from a tunneling client of a remote device in a UDP protocol, the first packet comprising a request for access to network data stored on the computing network;

transmitting a packet acknowledgement signal from the tunneling switch to the remote device, wherein the tunneling client of the remote device can use the packet acknowledgement signal to confirm that the first packet was accurately transmitted; and

transmitting, via the data tunnel leg, the first packet from the tunneling switch to the computing network.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods provide for secure communications between local and remote devices or networks in virtual private networks. Data can be communicated between the local and remote devices using the User Datagram Protocol (UDP) to reduce network overhead for the data communications. The UDP-based data communications are made secure and reliable by various techniques, for example: confirming that a packet sent by a source component is received by the receiving component, and guaranteeing packet sequencing by buffering packets as they are received and only delivering them to the target in the original sequence that they were sent from the source. Because TCP based communications are common, a TCP-style API can be used to enable programmers to more easily implement the UDP-based communications. Other embodiments of the invention relate to transport protocol enhancements for use within virtual private networks, including protocol mapping, protocol buffering, and protocol filtering.

Citations

25 Claims

1. A method for transmitting data in a secure manner between a computing network and a remote device, each of the computing network and the remote device including a tunneling client, the method comprising:
- establishing a data tunnel leg between a tunneling switch of a carrier network and a tunneling client of a computing network;
  
  at the tunneling switch of the carrier network, receiving a first packet from a tunneling client of a remote device in a UDP protocol, the first packet comprising a request for access to network data stored on the computing network;
  
  transmitting a packet acknowledgement signal from the tunneling switch to the remote device, wherein the tunneling client of the remote device can use the packet acknowledgement signal to confirm that the first packet was accurately transmitted; and
  
  transmitting, via the data tunnel leg, the first packet from the tunneling switch to the computing network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. A method as defined in claim 1, further comprising the acts of:
    - at the carrier network;
      
      receiving from the computing network the requested network data as a set of UDP-formatted packet(s); and
      
      transmitting the set of packet(s) to the remote device.
  - 3. A method as defined in claim 2, further comprising the act of:
    - receiving a second packet acknowledgement signal from the remote device acknowledging receipt of at least one packet of the set of requested network data packet(s), wherein the packet acknowledgement signal confirms that the at least one packet of the set of packet(s) was accurately received.
  - 4. A method as defined in claim 2, wherein the set of packets has a defined sequence but each packet is not received by the carrier network in the defined sequence, the method further comprising the acts of:
    - as each of the packets is received by the carrier network, buffering the packets within the carrier network; and
      
      upon buffering one or more packets that are the next in order of the defined sequence, transmitting the one or more packets that are the next in order of the defined sequence to the remote device in the proper sequence.
  - 5. A method as defined in claim 2, wherein the set of packets has a defined sequence but each packet is not received by the remote device in the defined sequence, the method further comprising the acts of:
    - as each of the packets is received by the tunneling client of the remote device, buffering the packets within the tunneling client of the remote device; and
      
      upon buffering one or more packets that are the next in order of the defined sequence, transmitting the one or more packets that are the next in order of the defined sequence to a target application in the remote device in the proper sequence.
  - 6. A method as defined in claim 2, wherein:
    - at least one of the computing network and the remote device have a defined maximum packet size;
      
      at least one of the computing network and the remote device have a defined timeout value;
      
      before the carrier network transmits the network data to the remote device, network data that is to be transmitted through the data tunnel leg is added to a buffer in the computing network, wherein additional data can also be added to the buffer for transmission; and
      
      the data stored in the buffer is transmitted through the data tunnel leg as a packet upon either the defined maximum packet size being met or the defined timeout value expiring.
  - 7. A method as defined in claim 2, wherein the tunneling client of the computing network:
    - dynamically detects whether the packet has been compressed; and
      
      if the packet has not been compressed, compresses the packet before transmitting the packet through the data tunnel leg.
  - 8. A method as defined in claim 1, wherein the first packet comprises a piece of the request for access to network data, the first packet having a size that can be sent across a wireless network without being fragmented by the network.
  - 9. A method as defined in claim 1, wherein the first packet further comprises a checksum value that is an MD5 representation of the packet itself;
    - wherein the checksum value can be used to verify the integrity of the packet and thereby ensure that the packet has not been corrupted or tampered with.
  - 10. A method as defined in claim 1, wherein the first packet is encrypted at the tunneling client of the remote device and decrypted at the tunneling client of the computing network.
  - 11. A method as defined in claim 1, wherein establishing a data tunnel leg between a tunneling switch of a carrier network and a tunneling client of a computing network comprises assigning a session ID to the data tunnel leg that is known by the carrier network and the computing network, wherein the session ID identifies all transmissions through the data tunnel leg until the data tunnel leg is destroyed.
  - 12. In a computer system that is adapted for use in transmitting data between a computing network and a remote device via a tunneling switch in a carrier network, a computer program product for implementing a method suitable for transmitting data in a secure manner between the computing network and the remote device, each of the computing network and the remote device including a tunneling client, the computer program product comprising a computer readable medium carrying computer executable instructions for performing the method of claim 1.

13. A software development kit comprising:
- an application program interface module comprising a set of routines, protocols, and tools for building software applications, wherein the application program interface module presents a TCP style interface to a programmer;
  
  a UDP-header library comprising one or more headers for use by a programmer in developing an application that applies UDP formatting to data for transmission over a network; and
  
  a network communications module comprising code operable to perform a method for transmitting data in a secure manner between a computing network and a remote device, each of the computing network and the remote device including a tunneling client, the method comprising;
  
  establishing a data tunnel leg between a tunneling switch of a carrier network and a tunneling client of a computing network;
  
  at the tunneling switch of the carrier network, receiving a first packet from a tunneling client of a remote device in a UDP protocol, the first packet comprising a request for access to network data stored on the computing network;
  
  transmitting a packet acknowledgement signal from the tunneling switch to the remote device, wherein the tunneling client of the remote device can use the packet acknowledgement signal to confirm that the first packet was accurately transmitted; and
  
  transmitting, via the data tunnel leg, the first packet from the tunneling switch to the computing network.

14. In a device having a tunneling client, a method for enabling a user operating the device to access network data of a remote computing network, the method comprising:
- transmitting a UDP-formatted packet to a tunneling switch on a carrier network, the packet comprising a request to access network data stored on a remote computing network, wherein a data tunnel leg has previously been established between the tunneling switch and the remote computing network;
  
  receiving a packet acknowledgement signal from the tunneling switch, whereby the device can use the packet acknowledgement signal to confirm that the packet was accurately received by the tunneling switch;
  
  receiving the requested data from the remote computing network via the tunneling switch in the form of one or more UDP-formatted packets; and
  
  transmitting a second packet acknowledgement signal to the tunneling switch, whereby the tunneling switch can use the second packet acknowledgement signal to confirm that one of the one or more UDP-formatted requested data packets was accurately transmitted.
- View Dependent Claims (15, 16, 17)
- - 15. A method as defined in claim 14, wherein the data tunnel leg between the tunneling switch and the computing network comprises a session ID that is known by the carrier network and the computing network, wherein the session ID identifies all transmissions through the data tunnel leg until the data tunnel leg is destroyed.
  - 16. A method as defined in claim 14, wherein the one or more UDP-formatted packets have a defined sequence but are not necessarily received by a tunneling client of the device in the defined sequence, the method further comprising the acts of:
    - as each of the packets are received, buffering the packets within the tunneling client of the device; and
      
      upon receiving one or more of the packets that are the next in order of the defined sequence, transmitting the one or more packets that are the next in order of the defined sequence to a target application in the device in the proper sequence.
  - 17. A method as defined in claim 14, wherein each packet transmitted by the remote computing network is limited to a size that can be sent across a wireless network without being fragmented by the wireless network.

18. A software development kit comprising:
- an application program interface module comprising a set of routines, protocols, and tools for building software applications, wherein the application program interface module presents a TCP style interface to a programmer;
  
  a UDP-header library comprising one or more headers for use by a programmer in developing an application that applies UDP formatting to data for transmission over a network; and
  
  a network communications module comprising code operable to perform a method for enabling a user operating the device to access network data of a remote computing network, the method comprising;
  
  transmitting a UDP-formatted packet to a tunneling switch on a carrier network, the packet comprising a request to access network data stored on a remote computing network, wherein a data tunnel leg has previously been established between the tunneling switch and the remote computing network;
  
  receiving a packet acknowledgement signal from the tunneling switch, whereby the device can use the packet acknowledgement signal to confirm that the packet was accurately received by the tunneling switch;
  
  receiving the requested data from the remote computing network via the tunneling switch in the form of one or more UDP-formatted packets; and
  
  transmitting a second packet acknowledgement signal to the tunneling switch, whereby the tunneling switch can use the second packet acknowledgement signal to confirm that one of the one or more UDP-formatted requested data packets was accurately transmitted.

19. In a device capable of communicating with a remote computing network via a carrier network, a method for transmitting data in a secure manner between the remote computing network and the device, each of the computing network and the device including a tunneling client, the method comprising the acts of:
- establishing a first data tunnel leg between a tunneling client of a remote computing network and a carrier network, the carrier network including a tunneling server;
  
  establishing a second data tunnel leg between the carrier network and a device;
  
  at a tunneling client of the device, fitting data in a first protocol format to a first template, the first template located in a tunneling client of the remote device and comprising one or more inflection points that correspond to commands or other data aspects of the first protocol;
  
  transmitting the templated data to the computing network via the first data tunnel leg; and
  
  at the tunneling client of the computing network, if the first template matches a second template, the second template comprising one or more inflection points that correspond to commands or other data aspects of a second protocol, matching the inflection points of the first template to the inflection points of the second template, whereby data of the first protocol format is switched to represent the data in the second protocol format.
- View Dependent Claims (20, 21, 22, 23, 24)
- - 20. A method as defined in claim 19, wherein the first protocol comprises a POP e-mail protocol and the second protocol comprises a MAPI e-mail protocol.
  - 21. A method as defined in claim 19, wherein, upon the data transmission between the remote device and the computing network being interrupted, the first template temporarily stores the data within the template itself until the transient conditions along the communication route are resolved and the data transmission is restored.
  - 22. A method as defined in claim 19, wherein the data transmitted between the remote device and the computing network is transmitted as one or more packets, wherein the method further comprises:
    - at the second template, receiving and storing each packet of the plurality of packets as each packet arrives, wherein the packets are not necessarily received in the ordered sequence in which they were formed; and
      
      upon receiving all of the plurality of packets necessary to form a consecutive packet arrangement at the second template, arranging the packets into an ordered sequence and delivering them to the appropriate device or application in the computing network for processing.
  - 23. A method as defined in claim 19, wherein the data transmitted between the remote device and the computing network is transmitted as one or more packets, wherein the method further comprises:
    - if the inflection points of the first template do not match the inflection points of the second template or any other template stored on the computing network, rejecting the packet(s) and deleting the packet(s) from the system.
  - 24. In a computer system that is adapted for use in transmitting data between a computing network and a remote device, a computer program product for implementing a method suitable for transmitting data in a secure manner between the computing network and the remote device, each of the computing network and the remote device including a tunneling client, the computer program product comprising a computer readable medium carrying computer executable instructions for performing the method of claim 19.

25. A system for enabling a user of a remote device to access network data and software applications stored on a computing network, the system comprising:
- a first tunneling client on a remote device;
  
  a second tunneling client on a computing network; and
  
  a tunneling server on a carrier network, wherein;
  
  the second tunneling client and the tunneling server are configured to communicate with each other and maintain a first data tunnel leg therebetween; and
  
  the first tunneling client, the second tunneling client, and the tunneling server are each configured to transmit and receive data packets that are transmitted in a UDP protocol, wherein each of the first tunneling client, the second tunneling client, and the tunneling server are further configured to send confirmation signals upon receipt of UDP-formatted data packets that enable the sending application to verify that the UDP-formatted data packets were accurately transmitted.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
WSOU Investments, LLC (WSOU Holdings, LLC)
Original Assignee
Intellisync Corporation (Nokia Corporation)
Inventors
Jensen, Olaf D., Hull, Joel E., Wesemann, Darren L.

Granted Patent

US 8,266,677 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/4
CPC Class Codes

H04L 63/0272 Virtual private networks

UDP communication with TCP style programmer interface over wireless networks

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

UDP communication with TCP style programmer interface over wireless networks

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links