Universal convergence border gateway

US 20060265504A1
Filed: 09/23/2005
Published: 11/23/2006
Est. Priority Date: 05/18/2005
Status: Abandoned Application

First Claim

Patent Images

1. A method of communicating, comprising the actions of:

decoupling standard services from their normally-associated access technologies using the IP layer; and

allowing a user equipment to access standard services independently of the access technology normally associated with said services.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A services gateway, which links client access by any technology to multiple service nodes, even if the client access technology is not directly compatible with the service node. The universal convergence border gateway (UCBG) utilizes the IP layer as a harmonizing layer to decouple standard services from their normally-associated access technologies. This is particularly advantageous with multifunction client devices because the best available wireless access technology can be used independently of the type of service being accessed. The UCBG uses a single encryption scheme to multiplex the traffic for various services with different characteristics into multiple data flows. The UCBG uses a single encryption scheme to converge the data flows to the client using a single control path without losing each traffic'"'"'s characteristics such as QoS. The gateway also demultiplexes the converged traffic that it receives from the client in order for the data to reach the appropriate service node.

24 Citations

View as Search Results

47 Claims

1. A method of communicating, comprising the actions of:
- decoupling standard services from their normally-associated access technologies using the IP layer; and
  
  allowing a user equipment to access standard services independently of the access technology normally associated with said services.

2. A communication system, comprising:
- a server which utilizes the IP layer to decouple standard services from their normally-associated access technologies;
  
  wherein a user equipment is able to access standard services independently of the access technology normally associated with said services.

3. A method for a mobile device to simultaneously communicate with different service nodes, comprising the actions of:
- using a single primary security association to simultaneously participate in multiple data flows having different traffic characteristics on multiple different types of services;
  
  wherein said mobile electronic device uses said single primary security association to manage said multiple different types of services.
- View Dependent Claims (4, 5, 6, 7, 8, 9, 10)
- - 4. The method of claim 3, wherein said multiple data flows are controlled by said single primary security association.
  - 5. The method of claim 3, wherein said single primary security association is an Internet Key Exchange Security Association (IKE SA).
  - 6. The method of claim 5, wherein the information on services is transferred using the configuration payload of said IKE SA.
  - 7. The method of claim 5, wherein the service characteristics are transferred using the configuration payload of said IKE SA.
  - 8. The method of claim 5, wherein a client'"'"'s username/password information is securely delivered to a service requiring said information using the configuration payload of said IKE SA.
  - 9. The method of claim 3, wherein said multiple data flows are Internet Protocol Security Security Associations (IPSec SAs).
  - 10. The method of claim 9, wherein said multiple data flows are distinguished using their respective Security Parameter Index (SPI) values.

11. A method of communicating, comprising the actions of:
- mutiplexing multiple data flows, having different characteristics for multiple different types of services, using a single encryption scheme; and
  
  communicating said data flows between a mobile electronic device and a convergence gateway using respective secondary data paths under the management of a single primary control path;
  
  wherein said mobile electronic device can simultaneously access services from multiple different types of services, under the management of said single primary control path.
- View Dependent Claims (12, 13, 14)
- - 12. The method of claim 11, wherein said multiple data flows are multiplexed using a single encryption scheme, where the traffic characteristics of said data flows are not lost during multiplexing.
  - 13. The method of claim 11, wherein said single primary control path is an Internet Key Exchange Security Association (IKE SA).
  - 14. The method of claim 11, wherein said data flows are Internet Protocol Security Security Associations (IPSec SAs).

15. A communications system, comprising:
- a mobile electronic device which can simultaneously participate in multiple data flows having different traffic characteristics for multiple different types of services; and
  
  multiplexing software which generates said multiple data flows using the configuration of a single primary security association to distinguish said multiple data flows; and
  
  allows said mobile electronic device to interface with a convergence gateway through said single primary security association;
  
  wherein said mobile electronic device can simultaneously access said multiple different types of services under the control of said single primary security association.
- View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23)
- - 16. The system of claim 15, wherein said multiple data flows are controlled by said single primary security association.
  - 17. The system of claim 15, wherein said single primary security association is an Internet Key Exchange Security Association (IKE SA).
  - 18. The system of claim 17, wherein the information on services, including the service characteristics, is transferred using the configuration payload of said IKE SA.
  - 19. The system of claim 17, wherein a client'"'"'s username/password information is securely delivered to a service requiring said information using the configuration payload of said IKE SA.
  - 20. The system of claim 15, wherein said multiple data flows are Internet Protocol Security Security Associations (IPSec SAs).
  - 21. The system of claim 20, wherein said multiple data flows are distinguished using their respective Security Parameter Index (SPI) values.
  - 22. The system of claim 15, wherein said multiplexing software runs on said mobile electronic device.
  - 23. The system of claim 15, wherein said traffic characteristics of said multiple data flows are not lost during multiplexing.

24. A system for communication with a mobile client, comprising:
- a single primary security association between a server and a mobile client;
  
  wherein said server uses the payload of said single primary security association to multiplex the traffic for two or more different types of services into two or more data flows; and
  
  wherein said server simultaneously delivers services from said two or more different types of services nodes to said mobile client, under the control of said single primary security association.
- View Dependent Claims (25, 26, 27, 28, 29, 30, 31)
- - 25. The system of claim 24, wherein said data flows are controlled by said single primary security association.
  - 26. The system of claim 24, wherein said server multiplexes the traffic from two or more different types of service nodes using a single encryption scheme, where the traffic characteristics of said data flows are not lost during multiplexing.
  - 27. The system of claim 24, wherein said server also demultiplexes the traffic, associated with two or more different types of services, from said mobile client to route said traffic to the appropriate service nodes.
  - 28. The system of claim 24, wherein said server demultiplexes the traffic, associated with two or more different types of service nodes, using Internet Protocol Security Security Parameter Index (IPSec SPI) values.
  - 29. The system of claim 24, wherein said single primary security association is an Internet Key Exchange Security Association (IKE SA).
  - 30. The system of claim 29, wherein a client'"'"'s username/password information is securely delivered to a service requiring said information using the configuration payload of said IKE SA.
  - 31. The system of claim 24, wherein said data flows are Internet Protocol Security Security Associations (IPSec SAs).

32. A method of delivering network services to a client, comprising the actions of:
- in a mobile client, running multiple applications which interface to different respective types of data flows, and multiplexing and demultiplexing said data flows in multiple secondary security associations under the control of a single primary security association; and
  
  in a gateway server, multiplexing and demultiplexing data flows of multiple different types in multiple secondary security associations, and routing said data flows to the appropriate service nodes;
  
  wherein said server simultaneously delivers services from said services nodes to said client independently of the access technology used by said client to access said services.
- View Dependent Claims (33, 34, 35, 36, 37)
- - 33. The method of claim 32, wherein said gateway server multiplexes said data flows using a single encryption scheme, where the traffic characteristics of said data flows are not lost during multiplexing.
  - 34. The method of claim 32, wherein said server demultiplexes said data flows using Internet Protocol Security Security Parameter Index (IPSec SPI) values.
  - 35. The method of claim 32, wherein said single primary security association is an Internet Key Exchange Security Association (IKE SA).
  - 36. The method of claim 35, wherein a client'"'"'s username/password information is securely delivered to a service requiring said information using the configuration payload of said IKE SA.
  - 37. The method of claim 32, wherein said data flows are Internet Protocol Security Security Associations (IPSec SAs).

38. A method of delivering network services, comprising the actions of:
- managing a first data flow between a server and a user equipment to carry traffic of a first characteristic associated with a first service node;
  
  if there is traffic of a second characteristic associated with said first service node, managing a second data flow between said server and said user equipment to carry traffic of said second characteristic; and
  
  if there is traffic associated with a second service node, managing a third data flow between said server and said user equipment to carry traffic associated with said second service node;
  
  wherein the respective services of said first and second service nodes are delivered to said user equipment through the respective data flows and under the control of a single security association between said user equipment and said server; and
  
  wherein additional data flows, between said server and said user equipment, are created as needed using said single security association.
- View Dependent Claims (39, 40)
- - 39. The method of claim 38, wherein said single security association is an Internet Key Exchange Security Association (IKE SA).
  - 40. The method of claim 38, wherein said first, second, and third data flows are Internet Protocol Security Security Associations (IPSec SAs).

41. A communication system comprising:
- a security association between a server and a user equipment;
  
  a first data flow between said server and said user equipment, said first data flow is generated from the payload configuration of said security association and carries traffic of a first characteristic associated with a first service node;
  
  if there is traffic of a second characteristic associated with said first service node, a second data flow between said server and said user equipment, said second data flow is generated from the payload configuration of said security association and carries traffic of the second characteristic; and
  
  if there is traffic associated with a second service node, a third data flow between said server and said user equipment, said third data flow is generated from the payload configuration of said security association and carries traffic associated with said second service node;
  
  wherein an end user is able to simultaneously access the services of said first and second service nodes under the control of said security association; and
  
  wherein additional data flows, between said server and said user equipment, are created as needed using said security association.
- View Dependent Claims (42, 43, 44, 45, 46, 47)
- - 42. The system of claim 41, wherein said first, second, and third data flows are controlled by said security association.
  - 43. The system of claim 41, wherein said server multiplexes said first, second, and third data flows using a single encryption scheme, where the traffic characteristics of said data flows are not lost during multiplexing.
  - 44. The system of claim 41, wherein said server demultiplexes data flows from said end user and sends said data flows to the appropriate service nodes.
  - 45. The system of claim 44, wherein said server demultiplexes said data flows using Internet Protocol Security Security Parameter Index (IPSec SPI) values.
  - 46. The system of claim 41, wherein said security association is an Internet Key Exchange Security Association (IKE SA).
  - 47. The system of claim 41, wherein said data flows are Internet Protocol Security Security Associations (IPSec SAs).

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intellinet Technologies Incorporated
Original Assignee
Azaire Networks, Inc. (Intellinet Technologies Incorporated)
Inventors
Howe, William Osmond, Taaghol, Pouya, Kant, Nishi, Dhar, Naveen

Application Number

US11/233,936
Publication Number

US 20060265504A1
Time in Patent Office

Days
Field of Search
US Class Current

709/227
CPC Class Codes

H04L 12/14   Charging , metering or bill...

H04L 12/1403   Architecture for metering, ...

H04L 63/0272   Virtual private networks

H04L 63/164   at the network layer

H04L 65/10   Architectures or entities

H04L 65/1033   Signalling gateways

H04L 67/56   Provisioning of proxy servi...

H04L 67/565   Conversion or adaptation of...

H04L 67/567   Integrating service provisi...

H04L 69/08   Protocols for interworking;...

H04W 88/16   Gateway arrangements

Universal convergence border gateway

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

24 Citations

47 Claims

Specification

Solutions

Use Cases

Quick Links

Universal convergence border gateway

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

24 Citations

47 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links