Spontaneous virtual private network between portable device and enterprise network

US 7,124,189 B2
Filed: 01/22/2001
Issued: 10/17/2006
Est. Priority Date: 12/20/2000
Status: Expired due to Fees

First Claim

Patent Images

1. In a data center capable of communicating with a remote enterprise network, a method for enabling a user to access network data of the remote enterprise network through a data tunnel between the data center and the remote enterprise network that operates as a virtual private network, the method comprising the acts of:

in response to receiving a data request from the remote enterprise network, establishing the data tunnel with the remote enterprise network, by transmitting reply data to the remote enterprise network, the data tunnel operating as a virtual private network a firewall of the remote enterprise network without requiring a virtual private network node to be placed at the firewall;

continuing to transmit the reply data to the remote enterprise network in an ongoing manner such that the data tunnel is kept open;

receiving an access request from a user for network data from the remote enterprise network;

transmitting the access request to the remote enterprise network using the existing data tunnel that has been established and exists prior to the data center having received the access request;

receiving the network data from the remote enterprise network in response to the access request; and

transmitting the network data to the user.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An enterprise network opens a virtual private network tunnel with a data center by sending the data center a data request that includes a uniform resource identifier. The data center responds by sending the enterprise network ongoing reply data. A user wishing to access network data of the enterprise network transmits an access request to the data center. The data center authenticates the identity of the user and transmits the access request to the enterprise network. The enterprise network responds to the access request by performing acts upon the network data and/or by returning network data to the data center such that the user is enabled access to the network data. In an alternative embodiment, the data center caches a copy of network data to be retrieved by a remote user when the same network data is disconnected from the enterprise network.

Citations

45 Claims

1. In a data center capable of communicating with a remote enterprise network, a method for enabling a user to access network data of the remote enterprise network through a data tunnel between the data center and the remote enterprise network that operates as a virtual private network, the method comprising the acts of:
- in response to receiving a data request from the remote enterprise network, establishing the data tunnel with the remote enterprise network, by transmitting reply data to the remote enterprise network, the data tunnel operating as a virtual private network a firewall of the remote enterprise network without requiring a virtual private network node to be placed at the firewall;
  
  continuing to transmit the reply data to the remote enterprise network in an ongoing manner such that the data tunnel is kept open;
  
  receiving an access request from a user for network data from the remote enterprise network;
  
  transmitting the access request to the remote enterprise network using the existing data tunnel that has been established and exists prior to the data center having received the access request;
  
  receiving the network data from the remote enterprise network in response to the access request; and
  
  transmitting the network data to the user.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. A method as defined in claim 1, wherein the access request is received by a designated server, and wherein the designated server is one of multiple servers of the data center.
  - 3. A method as defined in claim 2, wherein a database of the remote enterprise network is notified which of the multiple servers is the designated server, the designated server notifying the database when the data tunnel is established.
  - 4. A method as defined in claim 3, wherein the access request is received by a designated telephony node of the data center, and wherein the user generates the access request using a telephone system.
  - 5. A method as defined in claim 3, wherein the access request is received by one of multiple servers of the data center over the internet, and wherein the access request is generated by the user using a device connected to the Internet.
  - 6. A method as defined in claim 4, wherein the designated telephony node of the data center transmits the access request to the designated server.
  - 7. A method as defined in claim 6, wherein the designated telephony node determines which of the multiple servers is the designated server by communicating with at least one of the multiple servers.
  - 8. A method as defined in claim 6, wherein the designated telephony node determines which of the multiple servers is the designated server by communicating with the database.
  - 9. A method as defined in claim 1, wherein the act of receiving an access request to access network data of the remote enterprise network from the user further comprises the act of authenticating the identity of the user.
  - 10. A method as defined in claim 9, wherein authenticating the identity of the user comprises the act of receiving a valid personal identification number.
  - 11. A method as defined in claim 4, wherein the act of transmitting the network data to the user includes the acts of:
    - transmitting the network data from the designated sewer to the designated telephony node; and
      
      transmitting the network data from the designated telephony node to the telephone system used by the user.
  - 12. A method as defined in claim 5, wherein the act of transmitting the network data to the user includes the net of transmitting the network data from the designated server to the device that is connected to the Internet.

13. In an enterprise network capable of communicating with a remote data center network, a method for enabling a user to access network data of the enterprise network through a data tunnel between the remote data center and the enterprise network that operates as a virtual private network, the method comprising the acts oftransmitting a data request to the remote data center;
- receiving reply data that has been transmitted by the remote data center in response to the data request and that establishes the data tunnel with the remote data center, the data tunnel operating as a virtual private network through a firewall or the enterprise network without requiring a virtual private network node to be placed at the firewall;
  
  receiving the reply data from the remote data center in an ongoing manner such that the data tunnel is kept open;
  
  receiving, from the remote data center, an access request to access network data of the enterprise network, the access request having been received by the remote data center from the user and thereafter transmitted by the remote data center to the enterprise network through the data tunnel that has been established and exists prior to the remote data center having received the access request; and
  
  in response to the access request, transmitting the network data to the remote data center such that the user is enabled to access the network data.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 14. A method as defined in claim 13, wherein the data request includes a uniform resource identifier.
  - 15. A method as defined in claim 13, wherein the data request is transmitted through the firewall.
  - 16. A method as defined in claim 15, wherein the data request is transmitted through a proxy server.
  - 17. A method as defined in claim 13, wherein the reply data is received through port 443.
  - 18. A method as defined in claim 17, wherein the reply data is received using Secure Sockets Layer protocol.
  - 19. A method as defined in claim 13, wherein the reply data is received through port 80.
  - 20. A method as defined in claim 13, wherein the act of transmitting the network data to the remote data center includes the acts of:
    - encrypting the network data to comply with Secure Sockets Layer protocol,transmitting the network data to the remote data center through a second data tunnel, such that the transmission of the network data operates as a temporary virtual private network; and
      
      closing the second data tunnel.
  - 21. A method as defined in claim 13, wherein upon receiving the access request, the method further comprises the act of:
    - performing an act upon the network data.
  - 22. A method as defined in claim 21, wherein performing an act upon the network data includes retrieving email message data.

23. In a data center capable of communicating with a remote enterprise network, a method for enabling a user to access network data of the remote enterprise network through a data tunnel between the data center and the remote enterprise network that operates as a virtual private network, the method comprising the acts of:
- receiving, from the remote enterprise network, a uniform resource identifier associated with a resource of a server of the data center;
  
  in response to receiving the uniform resource identifier, invoking the resource to establish the data tunnel with the remote enterprise network by transmitting reply data, and continuing to transmit the reply data to the remote enterprise network in an ongoing manner, such that the data tunnel is kept open between the data center and the remote enterprise network, the data tunnel operating as a virtual private network through a firewall of the remote enterprise network without requiring a virtual private network node to be placed at the firewall;
  
  receiving an access request to access network data of the remote enterprise network from the user;
  
  inserting the access request into the reply data and transmitting the access request to the remote enterprise network using the data tunnel that has established and exists prior to the data center having received the access request;
  
  receiving the network data from the remote enterprise network in response to the access request; and
  
  transmitting the network data to the user.
- View Dependent Claims (24, 25, 26, 27)
- - 24. A method as defined in claim 23, wherein the act of receiving the network data from the remote enterprise network comprises the act of receiving through a second data tunnel the network data from the remote enterprise network, the second data tunnel operating as a temporary virtual private network is closed after the network data is received by the data center.
  - 25. A method as defined in claim 23, wherein the act of transmitting the access request to the remote enterprise network comprises the act or transmitting the access request using Secure Sockets Layer protocol.
  - 26. A method as defined in claim 23, wherein the act of receiving an access request to access network data of the remote enterprise network from the user further comprises the act of authenticating the identity of the user.
  - 27. A method as defined in claim 26, wherein authenticating the identity of the user comprises the act of receiving a valid personal identification number.

28. A computer program product for implementing in a data center a method for enabling a user to access network data of a remote enterprise network through a data tunnel between the data center and the remote enterprise network that operates as a virtual private network, the computer program product comprising:
- a computer-readable medium carrying computer-executable instructions for implementing the method, the computer-executable instructions comprising;
  
  program code means for establishing the data tunnel with the remote enterprise network by transmitting reply data to the remote enterprise network in response to receiving a data request from the remote enterprise network, the data tunnel operating as a virtual private network through a firewall of the remote enterprise network without requiring a virtual private network node to be placed at the firewall;
  
  program code means for continuing to transmit the reply data to the remote enterprise network in an ongoing manner such that the data tunnel is kept open;
  
  program code means for receiving an access request from a user for network data from the remote enterprise network;
  
  program code means for transmitting the access request to the remote enterprise network using the data tunnel that has been established and exists prior to the data center having received the access request;
  
  program code means for receiving the network data form the remote enterprise network in response to the access request; and
  
  program code means the transmitting the network data to the user.
- View Dependent Claims (29, 30, 31, 32, 33)
- - 29. A computer program product as defined in claim 28, wherein the computer-executable instructions further comprise program code means for authenticating the identity of the user.
  - 30. A computer program product as defined in claim 28, wherein the computer-executable instructions further comprise program code means for enabling telephony nodes of the data center to receive the access request and to transmit the access request to a designated server, wherein the designated server is transmitting the ongoing reply data to the remote enterprise network.
  - 31. A computer program product as defined in claim 30, wherein the designated server is one of multiple servers of the data center, and wherein the user generates the access request using a telephone system.
  - 32. A computer program product as defined in claim 28, wherein the computer-executable instructions further comprise program code means for caching a copy of network data in a database of the data center.
  - 33. A computer program product as defined in claim 32, wherein the computer-executable instructions further comprise program code means for transmitting the cached copy of the network data to the user in response to receiving the access request from the user.

34. In an enterprise network capable of communicating with a remote data center, a method for enabling a user to manipulate network data of the enterprise network through a data tunnel between the remote data center and the enterprise network that operates as a virtual private network, the method comprising the acts oftransmitting a data request to the remote data center;
- receiving reply data that has been transmitted by the remote data center in response to the data request and that establishes the data tunnel with the remote data center, the data tunnel operating as a virtual private network through a firewall of the enterprise network without requiring a virtual private network node to be placed at the firewall;
  
  receiving the reply data from the remote data center in an ongoing manner such that the data tunnel is kept open;
  
  receiving, from the remote data center, a user request for an act to be performed on network data of the enterprise network, the user request having been received by the remote data center from the user and thereafter transmitted by the remote data center to the enterprise network through the data tunnel that has been established and exists prior to the data center having received the user request; and
  
  upon receiving the user request, performing the act on network data of the enterprise network.
- View Dependent Claims (35, 36, 37, 38)
- - 35. A method as defined in claim 34, wherein performing an act upon the network data includes deleting email.
  - 36. A method as defined in claim 35, wherein performing an act upon the network data includes faxing the network data to the user.
  - 37. A method as defined in claim 35, wherein performing an act upon the network data includes retrieving a web page.
  - 38. A method as defined in claim 35, wherein performing an act upon the network data includes retrieving email messages.

39. In a data center capable of communicating with a remote enterprise network, a method for enabling a user to access network data of the remote enterprise network through a data tunnel between tho data center and the remote enterprise network that operates as a virtual private network, the method comprising:
- establishing the data tunnel with the remote enterprise network by transmitting reply data to the remote enterprise network in response to receiving a data request from the remote enterprise network;
  
  continuing to transmit the reply data to the remote enterprise network in an ongoing manner to keep the data tunnel open;
  
  receiving network data from the remote enterprise network through the data tunnel, the data tunnel operating as a virtual private network through a firewall of the enterprise network without requiring a virtual private network node to be placed at the firewall;
  
  caching a copy of the network data in a database of the data center,receiving an access request to access network data of the remote enterprise network from the user;
  
  retrieving the network data from the database in response to the access request; and
  
  transmitting the network data to the user.
- View Dependent Claims (40, 41, 42, 43, 44, 45)
- - 40. A method as defined in claim 39, wherein the network data of the enterprise network is disconnected from the enterprise network after the network data is received by the data center.
  - 41. A method as defined in claim 39, wherein the network data of the enterprise network is disconnected from the user after the network data is received by the data center.
  - 42. A method as defined in claim 39, wherein the user determines what network data is transmitted to the data center, and wherein the user determines what network data is cached in the database.
  - 43. A method as defined in claim 39, wherein the act of receiving an access request to access network data of the remote enterprise network from the user further comprises the act of authenticating the identity of the user.
  - 44. A method as defined in claim 39, wherein the access request comprises a command to update network data.
  - 45. A method as defined in claim 44, further comprising the acts of updating the cached copy of network data, and transmitting update information to the enterprise network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
WSOU Investments, LLC (WSOU Holdings, LLC)
Original Assignee
Intellisync Corporation (Nokia Corporation)
Inventors
Wesemann, Darren L., Summers, David L.
Primary Examiner(s)
Jaroenchonwanit, Bunjob
Assistant Examiner(s)
Chankong, Dohm

Application Number

US09/767,465
Publication Number

US 20020099826A1
Time in Patent Office

2,094 Days
Field of Search

None
US Class Current

709/227
CPC Class Codes

H04L 12/4679   Arrangements for the regist...

H04L 63/0227   Filtering policies mail mes...

H04L 63/0272   Virtual private networks

H04L 63/166   at the transport layer

H04W 12/06   Authentication

H04W 76/12   Setup of transport tunnels

Y10S 379/901   Virtual networks or virtual...

Spontaneous virtual private network between portable device and enterprise network

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

Citations

45 Claims

Specification

Solutions

Use Cases

Quick Links

Spontaneous virtual private network between portable device and enterprise network

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

45 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links