Systems for Improved Multi-Channel Network Connectivity Performance and Security

US 20170325286A1
Filed: 07/12/2017
Published: 11/09/2017
Est. Priority Date: 04/20/2015
Status: Active Grant

First Claim

Patent Images

1. A system for routing multi-channel-network traffic, the system comprising:

a. at least one network device having an operating system, which device is capable of communicating with a remote server over a plurality of data channels and is configured to operate a virtual private network (VPN) service application, wherein the VPN service application performs operations comprising;

i. establishing a virtual network interface and routing a set of outgoing data packets to a virtual network interface, wherein the data packets optionally are an open systems interconnection (OSI) layer-3 Internet protocol (IP) datagram or OSI layer-2 Ethernet frame;

ii. reading the set of outgoing data packets to form a set of modified outgoing data packets;

iii. assigning each data packet from the set of modified outgoing data packets to at least one of the plurality of data channels to form a subset of modified outgoing data packets;

iv. sending the subsets of modified outgoing data packets to the remote server, optionally using one or more network sockets, which network socket(s) is(are) optionally selected from the group consisting of at least one of a layer-4 user datagram protocol (UDP) socket, a layer-4 transmission control protocol (TCP) socket, a layer-4 stream control transmission protocol (SCTP) socket, a socket configured to bind to a real physical network interface, and a layer-3 raw socket;

v. receiving one or more subsets of modified incoming data packet(s) from at least one remote server, optionally using one or more network sockets, which network socket(s) is(are) optionally selected from the group consisting of at least one of a layer-4 user datagram protocol (UDP) socket, a layer-4 transmission control protocol (TCP) socket, a layer-4 stream control transmission protocol (SCTP) socket, a socket configured to bind to a real physical network interface, and a layer-3 raw socket; and

vi. optionally reordering, assembling, and writing, the subset(s) of modified incoming data packet(s) into a set of incoming data packets to the virtual network interface and optionally routing them to at least one network device application or operating system; and

b. at least one remote server that comprises a VPN service or a proxy service capable of communicating with at least one network device over the plurality of data channels and at least one of a plurality of target computer hosts, wherein at least one remote server is configured to perform operations comprising;

i. receiving subsets of modified outgoing data packets from at least one network device via the plurality of data channels, wherein the subsets of modified outgoing data packets are optionally reordered and assembled into a set of outgoing remote server data packets, wherein the outgoing remote server data packets optionally are an open systems interconnection (OSI) layer-3 Internet protocol (IP) datagram or OSI layer-2 Ethernet frame;

ii. forwarding the set of outgoing remote server data packets to one or more target computer hosts;

iii. receiving a set of incoming computer host data packets from one or more target computer hosts to form a set of modified incoming computer host data packets;

iv. assigning each data packet from the set of modified incoming computer host data packets to at least one of the plurality of data channels; and

v. sending the-subsets of modified incoming computer host data packets to at least one network device via the assigned data channel(s).

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods that efficiently combine multiple wireless networks or devices resulting in faster, more reliable, and more secure mobile Internet. A Virtual Private Network (VPN) service application is operated to route outgoing and incoming data packets of a mobile device. The mobile device is (i) either coupled to a remote server through the VPN service application for data packets transfer between the remote server and the mobile device or (ii) performs cross-layer translation for data packets transfer between the mobile device and direct target hosts on the Internet. Concurrently using multiple channels secures data packets transfer by sending encrypted data packets over multiple channels and receiving the encrypted data packets by a single apparatus. Data packets are designated to be transferred via a Wi-Fi channel or a cellular channel, and then transferred using both the Wi-Fi channel and the cellular channel.

Citations

17 Claims

1. A system for routing multi-channel-network traffic, the system comprising:
- a. at least one network device having an operating system, which device is capable of communicating with a remote server over a plurality of data channels and is configured to operate a virtual private network (VPN) service application, wherein the VPN service application performs operations comprising;
  
  i. establishing a virtual network interface and routing a set of outgoing data packets to a virtual network interface, wherein the data packets optionally are an open systems interconnection (OSI) layer-3 Internet protocol (IP) datagram or OSI layer-2 Ethernet frame;
  
  ii. reading the set of outgoing data packets to form a set of modified outgoing data packets;
  
  iii. assigning each data packet from the set of modified outgoing data packets to at least one of the plurality of data channels to form a subset of modified outgoing data packets;
  
  iv. sending the subsets of modified outgoing data packets to the remote server, optionally using one or more network sockets, which network socket(s) is(are) optionally selected from the group consisting of at least one of a layer-4 user datagram protocol (UDP) socket, a layer-4 transmission control protocol (TCP) socket, a layer-4 stream control transmission protocol (SCTP) socket, a socket configured to bind to a real physical network interface, and a layer-3 raw socket;
  
  v. receiving one or more subsets of modified incoming data packet(s) from at least one remote server, optionally using one or more network sockets, which network socket(s) is(are) optionally selected from the group consisting of at least one of a layer-4 user datagram protocol (UDP) socket, a layer-4 transmission control protocol (TCP) socket, a layer-4 stream control transmission protocol (SCTP) socket, a socket configured to bind to a real physical network interface, and a layer-3 raw socket; and
  
  vi. optionally reordering, assembling, and writing, the subset(s) of modified incoming data packet(s) into a set of incoming data packets to the virtual network interface and optionally routing them to at least one network device application or operating system; and
  
  b. at least one remote server that comprises a VPN service or a proxy service capable of communicating with at least one network device over the plurality of data channels and at least one of a plurality of target computer hosts, wherein at least one remote server is configured to perform operations comprising;
  
  i. receiving subsets of modified outgoing data packets from at least one network device via the plurality of data channels, wherein the subsets of modified outgoing data packets are optionally reordered and assembled into a set of outgoing remote server data packets, wherein the outgoing remote server data packets optionally are an open systems interconnection (OSI) layer-3 Internet protocol (IP) datagram or OSI layer-2 Ethernet frame;
  
  ii. forwarding the set of outgoing remote server data packets to one or more target computer hosts;
  
  iii. receiving a set of incoming computer host data packets from one or more target computer hosts to form a set of modified incoming computer host data packets;
  
  iv. assigning each data packet from the set of modified incoming computer host data packets to at least one of the plurality of data channels; and
  
  v. sending the-subsets of modified incoming computer host data packets to at least one network device via the assigned data channel(s).
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 14)
- - 2. The system of claim 1, wherein at least one network device and at least one remote server provides a boosting policythat utilizes configurable and adaptive control logic that optionally performs one or more of the following operations:
    - network/channel selection, network/channel prioritization, network/channel optimization, network/channel security, and network/channel bandwidth aggregation function(s) based on at least one or more of the following parameters;
      
      network/channel conditions, network/channel types, business rules, user behaviors and preferences, and application data traffic.
  - 3. The system of claim 1 that further comprises one or more of the following:
    - a. the virtual network interface is either a network TUNnel (TUN) or a network TAP (TAP) interface; and
      
      /orb. the VPN service and VPN service application is operated as an operating system module, wherein the virtual network interface is optionally a network TUNnel (TUN) or a network TAP (TAP) interface; and
      
      /orc. the VPN service and VPN service application is operated as an operating system service, wherein the virtual network interface is optionally a network TUNnel (TUN) or a network TAP (TAP) interface.
  - 4. The system of claim 1 that further comprises one or more of the following:
    - a. the remote server is configured with IP forwarding enabled, where the remote server optionally establishes a virtual network interface with network address translation, wherein upon receiving one or more incoming computer host data packets from a target computer host, the remote server optionally forwards the incoming host data packet(s) to a network device of the system, optionally using the plurality of data channels simultaneously; and
      
      /orb. the remote server is configured with IP forwarding enabled, where the remote server optionally establishes a virtual network interface with network address translation, wherein upon receiving one or more outgoing remote server data packets and optionally forwards the outgoing remote server data packet(s) to at least one target computer host; and
      
      /orc. encryption of each data packet from the set of modified outgoing data packets from at least one network device of the system and decryption by the remoter server of each data packet from the set of modified outgoing data packets, wherein packet encryption and decryption optionally is controlled by a security policy; and
      
      /orc. encryption of each data packet from the set of modified incoming data packets from the remote serve and decryption by the network device, wherein packet encryption and decryption optionally is controlled by a security policy; and
      
      /ord. encoding of each data packet from the set of outgoing data packets from a network device of the system before being sent over the plurality of data channels and decoding thereof by the remote server, wherein packet encoding and decoding optionally is controlled by a coding policy; and
      
      /ore. encoding of each data packet from the set of incoming data packets from the remote server before being sent over the plurality of data channels and decoding thereof by the network device, wherein packet encoding and decoding optionally is controlled by a coding policy.
  - 5. The system of claim 1, wherein the one or more of network devices communicates with the proxy service on the remote server via a proxy server application on at least one of the network devices of the system optionally using at least one of the plurality of data channels, wherein the proxy server application receives the set of outgoing data packets from the one or more of the network device'"'"'s applications and forwards the same to the remote server, wherein the proxy server application receives the set of incoming data packets from the remote server and forwards them to the one or more of the network device'"'"'s applications, optionally via one or more of the plurality of data channels.
  - 6. The system of claim 1, wherein at least one remote server provides wireless or wired connectivity and functions as a wireless access point, wherein the wireless access point optionally comprises Wi-Fi routers, mobile device, cellular macro cells, small cells, micro cells, pico cells, or femto cells.
  - 7. The system of claim 1, wherein only one of the available data channels is actively used during communication of data between at least one network device and at least one remote server and at least another data channel of the plurality of data channels is kept active to immediately carry data traffic of the data channel in use should this data channel fails or becomes unavailable.
  - 8. The system of claim 1, wherein the boosting policy uses connection control logic on the one or more of the network devices performs at least one of the following operations:
    - a. selecting and connecting to wireless access points; and
      
      /orb configuring the operation of a VPN service or a proxy service; and
      
      /orc. implementing source based or policy based routing; and
      
      /ord. functioning as a switch to resolve and find specific channels for transmitting data packets of all or selected application traffic to and from the remote server using one or more network channels.
  - 14. The system of claim 1, wherein the VPN service application is a software development kit (SDK).

9. A system for routing multi-channel network traffic without using a remote server, the system comprising one or more network devices capable of communicating over a plurality of data channels and configured to operate a virtual private network (VPN) service application, optionally implemented as an operating system module or as an operating system service, wherein the VPN service application comprises a routing module, optionally consisting of a user datagram protocol (UDP) translator and a transmission control protocol (TCP) translator, and wherein the service application performs operations comprising:
- a. establishing a virtual network interface and routing a set of outgoing data packets to the virtual network interface, wherein the outgoing data packets optionally are an open system interconnection (OSI) layer-3 Internet protocol (IP) datagram or an OSI layer-2 Ethernet frame;
  
  b. reading the set of outgoing data packets from the virtual network interface and extracting data from the set of outgoing data packets;
  
  c. assigning each subset of outgoing data packets from the set of outgoing data packets to at least one of a UDP translator and a TCP translator to form a set of modified outgoing data packets;
  
  d. sending the one or more subsets of modified outgoing data pockets via at least one of the network sockets using at least one of the plurality of data channels to at least one of the target computer hosts, optionally using at least one of a layer-4 user datagram protocol with layer-3 Internet protocol (UDP/IP), a layer-4 transmission control protocol with layer-3 Internet protocol (TCP/IP) data traffic network sockets, and/or a socket configured to bind to a real physical network interface, and wherein the network sockets optionally are at least one of a protected and or a standard socket;
  
  e. receiving one or more subsets of modified incoming data packets from at least one target computer host via at least one of the network socket using at least one of the plurality of data channels;
  
  f. extracting data from one or more subsets of modified incoming data packets to form one or more subsets of incoming data packets; and
  
  h. optionally reordering, assembling, and writing the subsets of incoming data packets to the virtual network interface and optionally routing them to at least one network device applications or operating system.
- View Dependent Claims (10, 11, 12, 13, 15)
- - 10. The system of claim 9 that further comprises one or more of the following:
    - a. the virtual network interface is either a network TUNnel (TUN) or a network TAP (TAP) interface; and
      
      /orb. the VPN service application is operated as an operating system module, wherein the virtual network interface is optionally a network TUNnel (TUN) or a network TAP (TAP) interface; and
      
      /orc. the VPN service application is operated as an operating system service, wherein the virtual network interface is optionally a network TUNnel (TUN) or a network TAP (TAP) interface.
  - 11. The system of claim 9, wherein at least one network device provides a boosting policy that utilizes configurable and adaptive control logic that optionally performs one or more of the following operations optionally communicating with a remote management server:
    - network/channel selection, network/channel prioritization, network/channel optimization, network/channel security, and network/channel bandwidth aggregation function(s) based on at least one or more of the following parameters;
      
      network/channel conditions, network/channel types, business rules, user behaviors and preferences, and application data traffic.
  - 12. The system of claim 9, wherein the VPN service application further performs at least one of the following operations:
    - a. reassembling or reordering data received over one or more data channels; and
      
      /orb. constructing data packets from data received over one or more data channels; and
      
      /orc. writing data packets to the virtual network interface; and
      
      /ord. routing data packets to network device applications or operation system; and
      
      /ore. encrypting outgoing data packets; and
      
      /orf. encoding of outgoing data packets; and
      
      /org. decrypting incoming data packets; and
      
      /ori. decoding incoming data packets.
  - 13. The system of claim 9, wherein the boosting policy use connection control logic on the one or more of the network devices performs at least one of the following operations:
    - a. selecting and connecting to wireless access points; and
      
      /orb configuring the operation of a VPN service application or a proxy service application; and
      
      /orc. implementing source based or policy based routing; and
      
      /ord. functioning as a switch to resolve and find specific channels for transmitting data packets of all or selected application traffic to and from the remote server using one or more network channels.
  - 15. The system of claim 10, wherein the VPN service application is a software development kit (SDK).

16. A system for increasing performance when downloading and uploading data files on at least one network device configured to communicate with at least one target computer host, optionally over the application layer and optionally using at least one remote server or proxy server, the system comprising:
- A. at least one network device capable of communicating over plurality of data channels using at least one method comprising;
  
  i obtaining location information of at least one file to be downloaded, wherein the location information optionally is of at least one of a URL, a URI, or resource location information; and
  
  performing operations comprising;
  
  a) using the location information to obtain at least one network address of the data file(s) to be downloaded, which address optionally comprises at least one of a IPv4 and a IPv6 address, and wherein the network address is optionally obtained using an authoritative DNS server, a non-authoritative DNS server, or a local database;
  
  b) optionally assigning at least one of the network addresses to at least one of the plurality of data channels;
  
  c) optionally establishing a communication link with at least one of a remote server or a proxy server;
  
  d) obtaining data of at least one file to be downloaded optionally using at least one of a remote server or proxy server;
  
  wherein data comprise of at least one of a metadata, a header data, and a range data and then dividing at least one file into plurality of data blocks using the obtained data;
  
  e) assigning each of the plurality of data blocks intelligently to at least one of the plurality of data channels;
  
  f) requesting data block downloads via establishing at least one communication link to at least one of the network addresses using at least one or more of data channels optionally via a remote server or a proxy server;
  
  g) managing the state of each block and scheduling or retrying each download via a boosting policy;
  
  h) assembling blocks and writing at least one file to at least one of a permanent storage, a temporary storage, and a random access memory (RAM); and
  
  i) optionally executing the file while being downloaded or after download completion;
  
  orii obtaining location information of at least one file to be uploaded wherein the location information is of at least one of a URL, a URI, and a resource location information, and perform operations comprising;
  
  a) using the location information to obtain at least one network address of the data file(s) to be uploaded, which address optionally comprises at least one of a IPv4 and a IPv6 address, and wherein the network address is optionally obtained using an authoritative DNS server, a non-authoritative DNS server, or a local database;
  
  b) optionally assigning at least one of the network addresses to at least one of the plurality of data channels;
  
  c) optionally establishing a communication link with at least one of a remote server or a proxy server;
  
  d) dividing the file into plurality of blocks;
  
  e) assigning each of the plurality of blocks intelligently to at least one of the plurality of data channels via a boosting policy;
  
  f) uploading blocks via establishing at least one communication link to at least one of the network addresses using at least one of a plurality of data channels optionally via a remote server or proxy server;
  
  g) managing the state of each block and scheduling or retrying each upload via a boosting policy;
  
  B. optionally at least one remote server or proxy server capable of communicating with at least one of a network device and a target host over at least one or more data channels, and performing operations comprising;
  
  i accepting at least one communication link from at least one network device of the system;
  
  ii establishing at least one communication link to at least one target host using at least one network interface;
  
  iii accepting at least one or more download or upload requests from at least one network device of the system for at least one of the blocks and forwarding download or upload requests to at least one target hosts;
  
  iv accepting at least one response from at least one target host and forwarding at least one response to at least one network device over one or more of the data channels;
  
  v accepting and caching at least one or more of the blocks downloaded from at least one of the target hosts over one or more of the data channels;
  
  vi collecting the cached downloaded blocks and performing at least one of a reordering and an assembling of the cached data blocks into the original file and optionally forwarding at least one file to one or more network devices using at least one of a plurality of data channels;
  
  vii accepting and caching at least one or more of the blocks uploaded from at least one of the network devices of the system over one or more of the data channels; and
  
  viii collecting the cached uploaded blocks and performing at least one of a reordering and an assembling of the cached data blocks into the original file and optionally forwarding at least one file to one or more target computer hosts using at least one of a plurality of data channels; and
  
  C. optionally operating a boosting policy that utilizes configurable and adaptive control logic that optionally performs one or more of the following operations;
  
  network/channel selection, network/channel prioritization, network/channel optimization, network/channel security, and network/channel bandwidth aggregation function(s) based on at least one or more of the following parameters;
  
  network/channel conditions, network/channel types, business rules, user behaviors and preferences, and application data traffic.
- View Dependent Claims (17)
- - 17. A method of claim 16 that is implemented as a software development kit (SDK).

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Shoelace Wireless, Inc.
Original Assignee
Shoelace Wireless, Inc.
Inventors
LE, Minh Thoai Anh, MAINS, James A.

Granted Patent

US 10,212,761 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

H04L 12/46   Interconnection of networks

H04L 12/4641   Virtual LANs, VLANs, e.g. v...

H04L 12/64   Hybrid switching systems

H04L 45/22   Alternate routing

H04L 45/243   using M+N parallel active p...

H04L 61/4511   using domain name system [DNS]

H04L 63/0236   Filtering by address, proto...

H04L 63/0272   Virtual private networks

H04L 63/0281   Proxies

H04L 63/08   for authentication of entit...

H04L 63/10   for controlling access to d...

H04L 63/123   received data contents, e.g...

H04L 67/02   based on web technology, e....

H04L 67/10   in which an application is ...

H04W 12/02   Protecting privacy or anony...

H04W 12/033   of the user plane, e.g. use...

H04W 72/044   based on the type of the al...

H04W 76/12   Setup of transport tunnels

H04W 92/02   Inter-networking arrangements

Systems for Improved Multi-Channel Network Connectivity Performance and Security

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Systems for Improved Multi-Channel Network Connectivity Performance and Security

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links