Apparatus and method for establishing a VPN tunnel between a wireless device and a LAN

US 20070271606A1
Filed: 05/17/2006
Published: 11/22/2007
Est. Priority Date: 05/17/2006
Status: Abandoned Application

First Claim

Patent Images

1. In a LAN supporting the communication of information among a plurality of preconfigured wireless communication devices, a hybrid VPN client is implemented on at least one of the preconfigured wireless communication devices, the hybrid VPN client comprises:

means for implementing a software portion of the hybrid VPN client;

means for implementing a hardware portion of the hybrid VPN client;

wherein the division of functionality between the software portion and the hardware portion of the hybrid VPN client is selected such that the hybrid VPN client operates to minimize at least one wireless communication device operating characteristic.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A local area network includes one or more wireless access points for receiving and sending voice and data messages from and to a mobile wireless communications device and a router to manage the delivery of messages to either a DHCP server, a VPN server, or the wireless access points. The DHCP server provides configuration parameters specific to a client requesting DHCP information. The VPN server operates, in conjunction with wireless communications devices to perform key exchange, mode configuration, client authentication, and to maintain the security of a VPN session. The wireless communications device includes a hybrid VPN client that operates, in conjunction with the LAN, to initiate the establishment of a VPN tunnel between the wireless communications device and the VPN server. The hybrid VPN client includes both software and hardware modules that operate together to limit communications latency during the establishment and maintenance of a VPN session.

Citations

23 Claims

1. In a LAN supporting the communication of information among a plurality of preconfigured wireless communication devices, a hybrid VPN client is implemented on at least one of the preconfigured wireless communication devices, the hybrid VPN client comprises:
- means for implementing a software portion of the hybrid VPN client;
  
  means for implementing a hardware portion of the hybrid VPN client;
  
  wherein the division of functionality between the software portion and the hardware portion of the hybrid VPN client is selected such that the hybrid VPN client operates to minimize at least one wireless communication device operating characteristic.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The at least one wireless communication device operating characteristic of claim 1 is one of power consumption and communications latency.
  - 3. The software means of claim 1 is comprised of instructions stored on a digital signal processor which are used to run the hardware portion of the hybrid VPN client.
  - 4. The software means of claim 3 further comprises instructions stored on a digital signal processor which are used by the preconfigured wireless communications device and the LAN to initiate and maintain a secure VPN link.
  - 5. The hardware means of claim 1 is comprised of a plurality of packet security algorithms that are stored on an application specific processor.
  - 6. The packet security algorithms of claim 5 are comprised of at least one encryption algorithms, at least one hashing algorithm, and at least one large number algorithm.
  - 7. The hardware and software means of claim 1 operate together to support the initialization of a secure VPN link.
  - 8. The initialization of the secure VPN link of claim 7 is a three phase process wherein the first phase is a setup stage for establishing an initial security association between a LAN device and the preconfigured wireless communications device, the second phase is a mode configuration stage for loading an IP address from the LAN device to the preconfigured wireless communications device, and the third phase is a parameter negotiation stage wherein the initial security association established in the first phase is used to create a permanent security association that is used for the communication of information over the secure VPN link.
  - 9. At least one of the plurality of wireless communications devices of claim 1 are preconfigured to include a DHCP address, a VPN server address, and security association settings.

10. In a LAN supporting the communication of information over a secure VPN link between the LAN and at least one preconfigured wireless communications device, the preconfigured wireless communications device includes a hybrid VPN client that employs a method for establishing the secure VPN link that minimizes at least one wireless communications device operating characteristic comprising the steps of:
- employing a plurality of instructions stored in a software portion of the hybrid VPN client to manage the operation of a hardware portion of the hybrid VPN client and to access a plurality of operational parameters stored in the preconfigured wireless communications device in order to complete a first phase of a secure VPN link initialization process;
  
  employing a plurality of instructions stored in the software portion of the hybrid VPN client to manage the operation of the hardware portion of the hybrid VPN client and to access a plurality of operational parameters stored in the preconfigured wireless communications device memory in response to one or more requests from the LAN to complete a second phase of the secure VPN link initialization process; and
  
  employing a plurality of instructions stored in the software portion of the hybrid VPN client to manage the operation of the hardware portion of the hybrid VPN client and to access a plurality of operational parameters stored in the preconfigured wireless communications device memory in response to at least one request from the LAN to complete a third phase of the secure VPN link initialization process.
- View Dependent Claims (11, 12, 13, 14, 15, 16)
- - 11. The first, second and third phases of the secure VPN link initialization process of claim 10 are respectively a setup stage for establishing a security association between a LAN device and the preconfigured wireless communications, a mode configuration stage for loading an IP address from the LAN device to the preconfigured wireless communications device, and a parameter negotiation stage wherein the initial security association established in the first phase is used to create a permanent security association that is used for the communication of information over the secure VPN link.
  - 12. The plurality of operational parameters of claim 10 is comprised of an IP address, a public key, a private key, configuration information, and identification information.
  - 13. The configuration information of claim 12 is comprised of a DHCP address, a VPN server address and security association settings.
  - 14. The identification information of claim 12 comprises a user name, user password, and phone type.
  - 15. The hardware portion of the hybrid VPN client of claim 10 is comprised of a plurality of packet security algorithms that are stored on an application processor.
  - 16. The packet security algorithms of claim 15 are comprised of at least one encryption algorithm, at least one hashing algorithm and at least one large number algorithm.

17. An apparatus for implementing a hybrid VPN client in a preconfigured wireless communications device, the apparatus comprising:
- an application processor apparatus for implementing packet security algorithms associated with a hardware portion of the hybrid VPN client, anda processor apparatus for storing and executing software instructions associated with a software portion of the hybrid VPN client to run the hardware portion of the hybrid VPN client and to initiate and maintain a secure VPN link.
- View Dependent Claims (18, 19, 20, 21, 22)
- - 18. The hardware and software portions of the hybrid VPN client apparatus of claim 17 are divided between the application processor apparatus and the processor apparatus such that the hybrid VPN client operates to minimize at least one wireless communications device operating characteristic.
  - 19. The at least one wireless communications device operating characteristic of claim 18 can be one of communications latency and power consumption.
  - 20. The packet security algorithms implemented on the application processor apparatus of claim 17 are comprised of at least one encryption algorithm, at least one hashing algorithm, and at least one large number algorithm.
  - 21. The hardware and software portions of the hybrid VPN client of claim 17 operate together to support a secure VPN link initialization process.
  - 22. The secure VPN link initialization process of claim 21 is a three phase process wherein the first phase is a setup stage for establishing an initial security association between a LAN device and the preconfigured wireless communications device, the second phase is a mode configuration stage for loading an IP address from the LAN device to the preconfigured wireless communications device, and the third phase is a parameter negotiation stage wherein the initial security association established in the first phase is used to create a permanent security association that is used for the communication of information over a VPN tunnel.

23. In a LAN supporting the communication of information over a secure VPN link between the LAN and at least one preconfigured wireless communications device, the preconfigured wireless communications device includes a hybrid VPN client that employs a method for establishing the secure VPN link that minimizes at least one wireless communications device operating characteristic comprising the steps of:
- employing a plurality of instructions stored in a software portion of the hybrid VPN client to manage the operation of a hardware portion of the hybrid VPN client and to access a plurality of operational parameters stored in the preconfigured wireless communications device in order to complete a first phase of a secure VPN link initialization process;
  
  employing a plurality of instructions stored in the software portion of the hybrid VPN client to manage the operation of the hardware portion of the hybrid VPN client and to access a plurality of operational parameters stored in the preconfigured wireless communications device memory in response to at least one request from the LAN to complete a second phase of the secure VPN link initialization process.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Spectralink Corporation (Mobile Devices Holdings LLC)
Original Assignee
Spectralink Corporation (Mobile Devices Holdings LLC)
Inventors
Durand, Christophe, Amann, Keith R., Roach, David L., House, Michael W., Steed, Jeffery

Application Number

US11/436,132
Publication Number

US 20070271606A1
Time in Patent Office

Days
Field of Search
US Class Current

726/15
CPC Class Codes

H04L 12/4641   Virtual LANs, VLANs, e.g. v...

H04L 61/5014   using dynamic host configur...

H04L 63/0272   Virtual private networks

H04W 12/02   Protecting privacy or anony...

H04W 12/033   of the user plane, e.g. use...

Apparatus and method for establishing a VPN tunnel between a wireless device and a LAN

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Apparatus and method for establishing a VPN tunnel between a wireless device and a LAN

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links