Method and apparatus for establishing dynamic tunnel access sessions in a communication network

US 7,117,526 B1
Filed: 10/20/2000
Issued: 10/03/2006
Est. Priority Date: 10/22/1999
Status: Expired due to Term

First Claim

Patent Images

1. A method for dynamically creating a tunnel in a communications network to provide subscribers host access to a network service, comprising:

storing a subscriber profile in a network database, wherein the subscriber profile includes subscriber-specific network service tunneling requirements for a plurality of network services that are available to the subscriber, the network service tunneling requirements including information for identifying tunnel requirements for each of those services;

receiving at a network device a first subscriber data packet associated with a first network service;

accessing the subscriber profile to determine if the first network service has a subscriber-specific tunneling requirement; and

creating a first tunnel if a determination is made that the subscriber profile requires a first network service tunnel, wherein the first tunnel has a first end point at the network device and a second end point at the first network service; and

providing simultaneous access to a tunnel access session to more than one subscriber accessing the communications network,wherein the subscriber profile defines tunneling requirements for the plurality of network services that the subscriber has been authorized to access.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus for implementing dynamic tunnel access sessions at a network device within a communications network. The tunnel access sessions are created between a network device, typically a gateway device and a network service, such as the Internet or a corporate intranet. The dynamic tunnel access sessions provide for subscriber-transparent tunneling. The present invention does not require special client-side software to be loaded on the remote host of the subscriber, and does not require any manual configuration of the remote host. A subscriber is capable of establishing more than one tunnel access session to more than one network service during a network session. Additionally, more than one subscriber who accesses the communication network via the network device is able to establish a communication link with a pre-existing tunnel.

Citations

18 Claims

1. A method for dynamically creating a tunnel in a communications network to provide subscribers host access to a network service, comprising:
- storing a subscriber profile in a network database, wherein the subscriber profile includes subscriber-specific network service tunneling requirements for a plurality of network services that are available to the subscriber, the network service tunneling requirements including information for identifying tunnel requirements for each of those services;
  
  receiving at a network device a first subscriber data packet associated with a first network service;
  
  accessing the subscriber profile to determine if the first network service has a subscriber-specific tunneling requirement; and
  
  creating a first tunnel if a determination is made that the subscriber profile requires a first network service tunnel, wherein the first tunnel has a first end point at the network device and a second end point at the first network service; and
  
  providing simultaneous access to a tunnel access session to more than one subscriber accessing the communications network,wherein the subscriber profile defines tunneling requirements for the plurality of network services that the subscriber has been authorized to access.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein storing a subscriber profile comprises storing at least one parameter chosen from the group consisting of the network access identifier, a user/subscriber name and a user/subscriber password.
  - 3. The method of claim 1, further comprising determining if a first tunnel between the network device and the first network service pre-exists prior to creating the tunnel between the network device and the first network service.
  - 4. The method of claim 1, wherein more than one subscriber accessing the communication network through the network device can simultaneously transmit data packets to the first network service via the first tunnel.
  - 5. The method of claim 1, further comprising:
    - receiving at the network device a second subscriber data packet associated with a second network service;
      
      accessing the subscriber profile to determine if the second network service has a subscriber-specific tunneling requirement; and
      
      creating a second tunnel if a determination is made that the subscriber profile requires a second network service tunnel, wherein the second tunnel has a first end point at the network device and a second end point at the second network service.
  - 6. The method of claim 5, further comprising determining if a second tunnel between the network device and the second network service pre-exists prior to creating the tunnel between the network device and the second network service.
  - 7. The method of claim 5, wherein the second tunnel is functional simultaneous with the functioning of the first tunnel.
  - 8. The method of claim 5, wherein the more than one subscriber accessing the communication network through the network device can simultaneously transmit data packets to the first network service via the first tunnel and the second network service via the second tunnel.

9. A system for dynamically creating a tunnel in a communications network to provide a subscriber host access to a destination network, comprising:
- a storage device that stores a subscriber profile, wherein the subscriber profile includes subscriber-specific network service tunneling requirements for a plurality of network services that are available to the subscriber, the network service tunneling requirements including information for identifying tunnel requirements for each of those services;
  
  means for receiving at a network device a first data packet associated with a first network service;
  
  means for accessing the subscriber profile to determine if the first network service has a subscriber-specific tunneling requirement; and
  
  means for creating a first tunnel if a determination is made that the subscriber profile requires a first network service tunnel, wherein the first tunnel has a first end point at the first end point at the network device and a second end point at the first network service,wherein the means for creating a first tunnel is capable of providing simultaneous access to a tunnel access session to more than one subscriber accessing the communications network, andwherein the subscriber profile defines tunneling requirements for more than one network services that the subscriber has been authorized to access.
- View Dependent Claims (10, 11)
- - 10. The system of claim 9, further comprising a means for determining if a first tunnel between the network device and the first network service pre-exists prior to creating the tunnel between the network device and the first network service.
  - 11. The system of claim 9, further comprising:
    - means for receiving at the network device a second data packet associated with a second network service;
      
      means for accessing the subscriber profile to determine if the second network service has a subscriber-specific tunneling requirement; and
      
      means for creating a second tunnel if a determination is made that the subscriber profile requires a second network service tunnel, wherein the second tunnel has a first end point at the network device and a second end point at the second network service.

12. A network device that dynamically creates a tunnel in a communications network to provide a subscriber host access to a destination network, comprising:
- a processor that receives from a subscriber a data packet associated with a network service;
  
  a database accessed by the processor that stores a subscriber profile that defines subscriber-specific network service tunnel requirements for a plurality of network services, the subscriber-specific network service tunnel requirements including information for identifying requirements for establishing a tunnel for each of those services; and
  
  a tunnel management module implemented by the processor that communicates with the database to determine if the subscriber requires a tunnel for access to the network service and, if a determination is made that the tunnel is required, the tunnel management module creates a tunnel access session between the network device and the network service,wherein the tunnel management module is capable of providing simultaneous access to the tunnel access session to more than one subscriber accessing the communications network through the network device, andwherein the subscriber profile defines tunneling requirements for the more than one network services that the subscriber has been authorized to access.
- View Dependent Claims (13, 14, 15, 16, 17, 18)
- - 13. The network device of claim 12, further comprising a session management module implemented by the processor that communicates with the database to manage the tunnel access session provided by the network device.
  - 14. The network device of claim 12, wherein the tunnel management module determines if a tunnel between the network device and the network service pre-exists prior to creating the tunnel between the network device and the network service.
  - 15. The network device of claim 12, further comprising a session management module implemented by the processor that communicates with the database to manage the simultaneous tunnel access session provided to more than one subscriber accessing the communication network through the network device.
  - 16. The network device of claim 12, wherein the tunneling requirements are predefined by the subscriber.
  - 17. The network device of claim 12, wherein the tunneling requirements are predefined by the network device administrator.
  - 18. The network device of claim 12, wherein the tunnel management module is capable of creating more than one tunnel access session for simultaneous subscriber access to more than one network service.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nomadix, Inc. (Nippon Telegraph and Telephone Corporation)
Original Assignee
Nomadix, Inc. (Nippon Telegraph and Telephone Corporation)
Inventors
Short, Joel E.
Primary Examiner(s)
Moise, Emmanuel L.
Assistant Examiner(s)
CALLAHAN, PAUL E

Application Number

US09/693,369
Time in Patent Office

2,174 Days
Field of Search

709/203, 709/225, 709/227, 709/229, 709/250, 713/200, 713/201, 713/168, 713/169, 713/171, 713/172, 370/463, 710/14, 710/36, 710/38, 710/41, 726/3, 726/15, 726/5, 726/14, 726/4, 380/281, 380/282, 380/285, 380/30, 705/67
US Class Current

726/5
CPC Class Codes

G06Q 20/3674 involving authentication

H04L 63/0272 Virtual private networks

Method and apparatus for establishing dynamic tunnel access sessions in a communication network

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for establishing dynamic tunnel access sessions in a communication network

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links