Integrated wireline and wireless end-to-end virtual private networking

US 20050237982A1
Filed: 04/26/2004
Published: 10/27/2005
Est. Priority Date: 04/26/2004
Status: Active Grant

First Claim

Patent Images

1. An end-to-end virtual private networking system for transporting network packets securely through a public data network, comprising:

a mobile device comprising an application client and a wireless roaming client managing data transfer from said mobile device to said public data network via one of a plurality of predetermined wireless links;

a roaming gateway located in a data center and coupled to said public data network for tracking said plurality of predetermined wireless links and for managing data transfer from said public data network to said mobile device via one of said plurality of predetermined wireless links;

an enterprise server in a private network for exchanging network packets with said application client in said mobile device;

a CPE-VPN router in said private network coupled to said enterprise server and to said public data network;

a VPN router located in said data center coupled to said roaming gateway and to said public data network, wherein said VPN router and said CPE-VPN router establish a VPN tunnel therebetween via said public data network;

wherein said CPE-VPN router transports said network packets between said enterprise server and said VPN tunnel, and wherein said VPN router transports said network packets between said roaming gateway and said VPN tunnel.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An end-to-end virtual private networking system transports network packets securely through a public data network. A mobile device comprises an application client and a wireless roaming client managing data transfer from the mobile device to the public data network via one of a plurality of predetermined wireless links. A roaming gateway is located in a data center and is coupled to the public data network for tracking the plurality of predetermined wireless links and for managing data transfer from the public data network to the mobile device via one of the plurality of predetermined wireless links. An enterprise server is provided in a private enterprise for exchanging network packets with the application client in the mobile device. A CPE-VPN router in the private enterprise network is coupled to the enterprise server and to the public data network. A VPN router located in the data center is coupled to the roaming gateway and to the public data network, wherein the VPN router and the CPE-VPN router establish a VPN tunnel therebetween via the public data network. The CPE-VPN router transports the network packets between the enterprise server and the VPN tunnel. The VPN router transports the network packets between the roaming gateway and the VPN tunnel.

34 Citations

View as Search Results

23 Claims

1. An end-to-end virtual private networking system for transporting network packets securely through a public data network, comprising:
- a mobile device comprising an application client and a wireless roaming client managing data transfer from said mobile device to said public data network via one of a plurality of predetermined wireless links;
  
  a roaming gateway located in a data center and coupled to said public data network for tracking said plurality of predetermined wireless links and for managing data transfer from said public data network to said mobile device via one of said plurality of predetermined wireless links;
  
  an enterprise server in a private network for exchanging network packets with said application client in said mobile device;
  
  a CPE-VPN router in said private network coupled to said enterprise server and to said public data network;
  
  a VPN router located in said data center coupled to said roaming gateway and to said public data network, wherein said VPN router and said CPE-VPN router establish a VPN tunnel therebetween via said public data network;
  
  wherein said CPE-VPN router transports said network packets between said enterprise server and said VPN tunnel, and wherein said VPN router transports said network packets between said roaming gateway and said VPN tunnel.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The system of claim 1 wherein said plurality of predetermined wireless links include a wireless LAN link and a wireless WAN link, and wherein said wireless roaming client selects said one of said wireless LAN link or said wireless WAN link in response to availability thereof.
  - 3. The system of claim 1 wherein said data transfer between said mobile device and said roaming gateway includes encryption of said network packets.
  - 4. The system of claim 1 wherein said roaming gateway comprises a gateway router performing network address translation.
  - 5. The system of claim 1 wherein said VPN tunnel comprises a site-to-site tunnel.
  - 6. The system of claim 1 wherein said VPN tunnel comprises an application-specific tunnel.

7. A data center for providing an end-to-end virtual private networking system for transporting network packets between a mobile device and an enterprise server securely through a public data network, wherein said mobile device comprises an application client and a wireless roaming client managing data transfer from said mobile device to said public data network via one of a plurality of predetermined wireless links, wherein said enterprise server is located in a private network, and wherein a CPE-VPN router is located in said private network for coupling said enterprise server and to said public data network, said data center comprising:
- a roaming gateway located in a data center and coupled to said public data network for tracking said plurality of predetermined wireless links and for managing data transfer from said public data network to said mobile device via one of said plurality of predetermined wireless links; and
  
  a VPN router located in said data center coupled to said roaming gateway and to said public data network, wherein said VPN router and said CPE-VPN router establish a VPN tunnel therebetween via said public data network, wherein said VPN router transports said network packets between said roaming gateway and said VPN tunnel.
- View Dependent Claims (8)
- - 8. The system of claim 7 wherein said roaming gateway comprises a gateway router performing network address translation.

9. A method of transporting network packets from a mobile wireless device to an enterprise server in a private enterprise network via a wireless data network and a public wireline data network, said wireless data network and said public wireline data network each being coupled to a data center, said method comprising the steps of:
- generating a network packet in said mobile device, said network packet having an original destination address of said enterprise server and an original source address of said mobile wireless device;
  
  encapsulating said network packet with a public destination address and a public source address associated with said wireless data network;
  
  transporting said network packet via said wireless data network to said data center;
  
  removing said public destination and public source addresses from said network packet;
  
  processing said network packet via a gateway to an entry router for a virtual private network (VPN) tunnel so that said original destination and said original source addresses are hidden;
  
  transporting said network packet via said public wireline data network to an exit router for said VPN tunnel;
  
  restoring said original destination and said original source addresses in said network packet; and
  
  transporting said network packet from said exit router to said enterprise server via said private enterprise network.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The method of claim 9 further comprising the step of:
    - selecting said wireless data network from a plurality of predetermined wireless links.
  - 11. The method of claim 9 wherein said network packet is generated in said mobile wireless device by an application accessing said enterprise server.
  - 12. The method of claim 11 further comprising the step of:
    - labeling said network packet according to a Class of Service (CoS) associated to said application.
  - 13. The method of claim 9 wherein said public destination address is comprised of a network address corresponding to a network-address translation (NAT) router located within said data center, and wherein said NAT router forwards said network packet to said gateway.
  - 14. The method of claim 9 wherein said entry router is located within said data center.
  - 15. The method of claim 9 wherein said exit router is located within said private enterprise network.
  - 16. The method of claim 9 wherein said entry router encrypts said network packet and wherein said exit router decrypts said network packet.

17. A method of transporting network packets from an enterprise server in a private enterprise network to a remote application in a mobile wireless device via a public wireline data network and a wireless data network, said wireless data network and said public wireline data network each being coupled to a data center, said method comprising the steps of:
- generating a network packet in said enterprise server, said network packet having an original destination address of said mobile wireless device and an original source address of said enterprise server;
  
  processing said network packet in an entry router for a virtual private network (VPN) tunnel so that said original destination and said original source addresses are hidden;
  
  transporting said network packet via said public wireline data network to an exit router for said VPN tunnel;
  
  forwarding said network packet from said exit router to a wireless gateway;
  
  encapsulating said network packet with a public destination address and a public source address associated with said wireless data network;
  
  transporting said network packet via said wireless data network to a mobile wireless client in said mobile wireless device;
  
  removing said public destination and public source addresses from said network packet;
  
  restoring said original destination and said original source addresses in said network packet; and
  
  transporting said network packet from said mobile wireless client to said remote application.
- View Dependent Claims (18, 19, 20, 21, 22, 23)
- - 18. The method of claim 17 further comprising the step of:
    - selecting said wireless data network from a plurality of predetermined wireless links.
  - 19. The method of claim 17 further comprising the step of:
    - labeling said network packet according to a Class of Service (CoS) associated to said remote application.
  - 20. The method of claim 17 wherein said public source address is comprised of a network address corresponding to a network-address translation (NAT) router located within said data center, and wherein said NAT router forwards said network packet to said mobile wireless device.
  - 21. The method of claim 17 wherein said entry router is located within said private enterprise network.
  - 22. The method of claim 17 wherein said exit router is located within said data center.
  - 23. The method of claim 17 wherein said entry router encrypts said network packet and wherein said exit router decrypts said network packet.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
T-Mobile Innovations LLC (Deutsche Telekom AG)
Original Assignee
Sprint Communications Company LP (Deutsche Telekom AG)
Inventors
Pankajakshan, Bejoy, Dixon, Mathew A., Zamora, Pedro A.

Granted Patent

US 7,317,717 B2
Time in Patent Office

Days
Field of Search
US Class Current

370/338
CPC Class Codes

H04L 12/5692   Selection among different n...

H04L 12/66   Arrangements for connecting...

H04L 63/0272   Virtual private networks

H04W 12/03   Protecting confidentiality,...

H04W 24/00   Supervisory, monitoring or ...

H04W 88/16   Gateway arrangements

H04W 92/02   Inter-networking arrangements

Integrated wireline and wireless end-to-end virtual private networking

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

34 Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Integrated wireline and wireless end-to-end virtual private networking

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

34 Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links