Virtual private network with mobile nodes

US 20060111113A1
Filed: 12/30/2002
Published: 05/25/2006
Est. Priority Date: 10/17/2002
Status: Abandoned Application

First Claim

Patent Images

1. A virtual private network including an internal secured portion which connects via at least a first gateway and a second gateway to an external portion, the network comprising:

a plurality of workstations including at least one mobile workstation in the external portion;

the first gateway;

the second gateway; and

means for automatically changing the point through which the mobile workstation communicates with the internal portion of the network from the first gateway to the second gateway, in response to movement of the mobile workstation.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A virtual private network has an internal secured portion which connects to an external portion, the network via at least a first gateway and via a second gateway. There are a plurality of workstations including at least one mobile workstation in the external portion. The network automatically changes the point through which the mobile workstation communicates with the internal portion of the network from the first gateway to the second gateway, in response to movement of the mobile workstation. Context information is transferred to the second gateway. The context information includes an identifier of the mobile workstation and may also include material for defining secure communication means by which information is transferable securely between the mobile workstation in the external portion of the network and the internal portion of the network, via the second gateway.

Citations

34 Claims

1. A virtual private network including an internal secured portion which connects via at least a first gateway and a second gateway to an external portion, the network comprising:
- a plurality of workstations including at least one mobile workstation in the external portion;
  
  the first gateway;
  
  the second gateway; and
  
  means for automatically changing the point through which the mobile workstation communicates with the internal portion of the network from the first gateway to the second gateway, in response to movement of the mobile workstation.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 30, 31)
- - 2. A network as claimed in claim 1, further comprising transfer means for transferring context information usable by a gateway in communications with the mobile workstation, to the second gateway.
  - 3. A network as claimed in claim 2, wherein the context information includes an identifier of the mobile workstation.
  - 4. A network as claimed in claim 3 wherein the identifier is the home address of the mobile workstation.
  - 5. A network as claimed in claim 2, wherein the context information includes material for defining secure communication means by which information is transferable securely between the mobile workstation in the external portion of the network and the internal portion of the network, via the second gateway.
  - 6. A network as claimed in claim 5, wherein the secure communication means is a security association pair between the second gateway and the mobile workstation.
  - 7. A network as claimed in claim 2, wherein the transfer means is physically separate from the first gateway.
  - 8. A network as claimed in claim 2, wherein the transfer means additionally transfers information to the mobile workstation for enabling communications between the mobile workstation and the second gateway.
  - 9. A network as claimed in claim 8 wherein the information transferred to the mobile workstation enables secure communication means by which information is transferable securely between the mobile workstation in the external portion of the network and the internal portion of the network, via the second gateway.
  - 10. A network as claimed in claim 9, wherein the secure communication means is a security association pair between the mobile workstation and the second gateway.
  - 11. A network as claimed in claim 8, wherein the information transferred to the mobile workstation comprises the address of the second gateway.
  - 12. A network as claimed in claim 8, wherein the information transferred to the mobile workstation is transferred between the first gateway and the mobile workstation using an existing security association between the mobile workstation and the first gateway.
  - 13. A network as claimed in claim 1 wherein the second gateway comprises one or more databases which are updated to enable the internal portion of the network and the mobile workstation in the external portion of the network to communicate via the second gateway.
  - 14. A network as claimed in claim 13, wherein the one or more databases are a Security Policy Database and a Security Association Database.
  - 15. A network as claimed in claim 1 wherein the mobile workstation comprises one or more databases which are updated to enable the internal portion of the network and the mobile workstation in the external portion of the network to communicate via the second gateway.
  - 16. A network as claimed in claim 15, wherein the one or more databases are a Security Policy Database and a Security Association Database.
  - 17. A network as claimed in claim 1 further comprising location detection means for detecting the location of the mobile workstation and initiating a change in the point through which the mobile workstation communicates with the internal portion of the network, from the first gateway to a better gateway.
  - 18. A network as claimed in claim 17, wherein the gateway is better because it is closer to the mobile workstation and/or it is optimal for routing existing sessions.
  - 19. A network as claimed in claim 17, wherein the detection means is responsive to a location identifier received from the mobile workstation.
  - 20. A network as claimed in claim 19, wherein the location identifier is the care-of-address of the mobile workstation.
  - 21. A network as claimed in claim 20, wherein the identifier is received during a mobility binding update.
  - 22. A network as claimed in claim 17, wherein the location detection means is separate from the first gateway.
  - 23. A network as claimed in claim 22, wherein the transfer means is physically separate from the first gateway and wherein the location detection means and transfer means are housed together.
  - 24. A network as claimed in claim 1 wherein the first gateway and the second gateway are in distinct physically separated segments of the network.
  - 25. A network as claimed in claim 1, wherein the mobile workstation communicates with the internal portion of the network via the first gateway and also via the second gateway simultaneously for a transition period, before communicating via the second gateway only.
  - 26. A network as claimed in claim 1 wherein the mobile workstation is involved in a session with a correspondent node.
  - 27. A network as claimed in claim 26, wherein the correspondent node is located in the internal portion of the network and the mobile workstation is located in the external portion of the network.
  - 30. A mobile workstation as claimed in claim 23, further comprising means for using a first secure communication means by which information is transferable securely between the internal portion of the network and the mobile workstation via the first gateway, to receive the identifier of the second gateway;
  - 31. A mobile workstation as claimed in claim 23, further comprising means for using a second secure communication means to transfer information securely between the internal portion of the network and the mobile workstation via the second gateway;

28. A method of optimizing the route by which information travels between a mobile node in an external portion of a network and a correspondent node in an internal portion of a network, comprising the steps of:
- determining when a first serving gateway through which the mobile node communicates with the internal portion of the network, is sub-optimal;
  
  identifying a second gateway; and
  
  transferring the point through which the mobile node communicates with the internal portion of the network from the first serving gateway to the second gateway.

29. A mobile workstation for connecting to an external portion of a network that includes an internal secured portion connected, via a first gateway and a second gateway to the external portion, comprising:
- means arranged to receive, via the first secure communication means, an identifier of a second gateway; and
  
  means arranged to change from communicating with the internal portion of the network through the first gateway to communicating via the second gateway.

32. (canceled)

33. (canceled)

34. (canceled)

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nokia Corporation
Original Assignee
Nokia Corporation
Inventors
Waris, Heikki

Application Number

US10/531,491
Publication Number

US 20060111113A1
Time in Patent Office

Days
Field of Search
US Class Current

455/441
CPC Class Codes

H04L 12/4675   Dynamic sharing of VLAN inf...

H04L 41/28   Restricting access to netwo...

H04L 61/00   Network arrangements, proto...

H04L 63/0272   Virtual private networks

H04L 63/20   for managing network securi...

H04W 12/03   Protecting confidentiality,...

H04W 80/04   Network layer protocols, e....

H04W 88/16   Gateway arrangements

Virtual private network with mobile nodes

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

34 Claims

Specification

Solutions

Use Cases

Quick Links

Virtual private network with mobile nodes

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

34 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links