Virtual private network for real-time data

US 7,565,689 B2
Filed: 06/08/2005
Issued: 07/21/2009
Est. Priority Date: 06/08/2005
Status: Active Grant

First Claim

Patent Images

1. A method for protecting real-time data exchanged as packets between a mobile electronic device and a VPN gateway during a media session over a communications link that includes a wireless network, including:

establishing a first VPN connection between the mobile electronic device and the VPN gateway through the communications link, the first VPN connection using a key-based encryption algorithm to protect data exchanged therethrough;

establishing, while the first VPN connection is established, a second VPN connection between the mobile electronic device and the VPN gateway through the communications link, the second VPN connection using a key-based encryption algorithm to protect data exchanged therethrough;

exchanging real-time data packets between the mobile electronic device and the VPN gateway through the second VPN connection;

providing key information for the second VPN connection to at least one of the mobile electronic device or VPN gateway through the first VPN connection, wherein undated key information for the second VPN connection is provided through the first VPN connection at intervals while the second VPN connection is established.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Protection of real-time data such as voice data exchanged as packets between a mobile electronic device (10) and a VPN gateway (122) during a media session over a communications link (130) that includes a wireless network (132). A first VPN connection (136) is established between the mobile electronic device (10) and the VPN gateway (122) through the communications link (130), the first VPN connection (136) using key-based encryption to protect data exchanged therethrough. While the first VPN connection (136) is established, a second VPN connection (138) is established between the mobile electronic device (10) and the VPN gateway (122) through the communications link (130), the second VPN connection (138) using key-based encryption to protect data exchanged therethrough. Real-time data packets are exchanged between the mobile electronic device (10) and the VPN gateway (122) through the second VPN connection (138).

22 Citations

View as Search Results

15 Claims

1. A method for protecting real-time data exchanged as packets between a mobile electronic device and a VPN gateway during a media session over a communications link that includes a wireless network, including:
- establishing a first VPN connection between the mobile electronic device and the VPN gateway through the communications link, the first VPN connection using a key-based encryption algorithm to protect data exchanged therethrough;
  
  establishing, while the first VPN connection is established, a second VPN connection between the mobile electronic device and the VPN gateway through the communications link, the second VPN connection using a key-based encryption algorithm to protect data exchanged therethrough;
  
  exchanging real-time data packets between the mobile electronic device and the VPN gateway through the second VPN connection;
  
  providing key information for the second VPN connection to at least one of the mobile electronic device or VPN gateway through the first VPN connection, wherein undated key information for the second VPN connection is provided through the first VPN connection at intervals while the second VPN connection is established.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1 wherein the second VPN connection uses a different strength encryption algorithm than the first VPN connection.
  - 3. The method of claim 1 wherein a lower-bit encryption is used for the second VPN connection than the first VPN connection.
  - 4. The method of claim 1 wherein the updated key information is exchanged at regular intervals while the second VPN connection is established.
  - 5. The method of claim 1 wherein at least one of:
    - (i) the intervals at which the updated key information is provided or(ii) a strength of the encryption used for the second VPN connection, is based on an identification of at least one of the mobile electronic device or a terminal device with which the mobile electronic device is exchanging the real-time data.
  - 6. The method of claim 1 wherein a terminal device exchanges the real-time data with mobile electronic device during a media session through the VPN gateway and the second VPN connection, the method including tracking information for media sessions between the mobile electronic device and the terminal device, wherein at least one of:
    - (i) the intervals at which the updated key information is provided or(ii) a strength of the encryption used for the second VPN connection, is based on the tracked information.
  - 7. The method of claim 6 wherein the tracked information includes information about durations of previous media sessions between the mobile electronic device and the terminal device.
  - 8. The method of claim 1 wherein the real-time data comprises VoIP voice data, the method including setting up a VoIP media session between the mobile electronic device and a terminal device through the communications link and VPN gateway, wherein the VoIP voice data is exchanged between the VPN gateway and the mobile device using the second VPN connection, and wherein the second VPN connection is established for the VoIP media session and then terminated upon completion of the VoIP media session.

9. A mobile electronic device for engaging in a media session in which real-time data packets are exchanged with a remote location, the mobile device comprising:
- a wireless communications subsystem for exchanging data packets with the remote location through a communications link that includes a wireless network;
  
  a processor for controlling the communications subsystem; and
  
  a VPN module associated with the processor for establishing co-existing first and second VPN connections through the communications link between the mobile electronic device and the remote location and exchanging there-between real-time data through the second VPN connection, wherein the VPN module is configured for generating encryption key information for the second VPN connection and for sending the generated encryption key information through the first VPN connection to the remote location, wherein the VPN module is configured for generating and sending up-dated encryption key information for the second VPN connection at intervals while the second VPN connection is established.
- View Dependent Claims (10, 11)
- - 10. The mobile electronic device of claim 9 wherein the VPN module is configured for applying a less-resource intensive encryption to real-time data sent through the second VPN connection than to data sent through the first VPN connection.
  - 11. The mobile electronic device of claim 9 wherein the VPN module is configured for receiving key information through the first VPN connection and using the received key information for encrypting and decrypting the real-time data exchanged through the second VPN connection.

12. A VPN gateway for exchanging real-time data packets with a remote device over a communications link, the gateway having means for establishing co-existing first and second VPN connections through the communications link between the VPN gateway and the remote device location and exchanging there-between real-time data through the second VPN connection, wherein the gateway is configured for generating encryption key information for the second VPN connection and for sending the generated encryption key information through the first VPN connection to the remote location, wherein the gateway is configured for generating and sending up-dated encryption key information for the second VPN connection at intervals while the second VPN connection is established.
- View Dependent Claims (13, 14, 15)
- - 13. The VPN gateway of claim 12 wherein the gateway is configured for applying a less-resource intensive encryption to real-time data sent through the second VPN connection than to data sent through the first VPN connection.
  - 14. The VPN gateway of claim 12 wherein the gateway is configured to determine the intervals for generating and sending the up-dated encryption key information based on an identity of at least the remote device or a further device that the real-time data packets are being exchanged with.
  - 15. The VPN gateway of claim 12 wherein the gateway is configured to determine an encryption strength for the up-dated encryption key information based on an identity of at least the remote device or a further device that the real-time data packets are being exchanged with.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Malikie Innovations Limited (Key Patent Innovations Limited)
Original Assignee
Blackberry Limited
Inventors
Nagy, Thomas C., Brown, Michael K., Robertson, Ian M.
Primary Examiner(s)
Barron, Jr.; Gilberto
Assistant Examiner(s)
Lemma; Samson B

Application Number

US11/147,195
Publication Number

US 20060282889A1
Time in Patent Office

1,504 Days
Field of Search

726/15, 713/171, 713/160
US Class Current

726/15
CPC Class Codes

H04L 63/0272   Virtual private networks

H04L 63/062   for key distribution, e.g. ...

H04L 63/18   using different networks or...

H04W 12/02   Protecting privacy or anony...

H04W 12/03   Protecting confidentiality,...

Virtual private network for real-time data

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

22 Citations

15 Claims

Specification

Use Cases

Quick Links

Others

Virtual private network for real-time data

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

22 Citations

15 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others