Virtual private network between computing network and remote device

US 7,673,133 B2
Filed: 03/05/2004
Issued: 03/02/2010
Est. Priority Date: 12/20/2000
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

establishing a first data tunnel leg between a tunneling client of a computing network and a tunneling server of a carrier network;

establishing a second data tunnel leg between the tunneling server of the carrier network and the tunneling client of a remote device; and

causing transmission of data between the remote device and the computing network via the first and second data tunnel legs and the carrier network using a first template associated with a first protocol, the first template being used by the tunneling client of the computing network, and a second template associated with the first protocol, the second template being used by the tunneling client of the remote device,wherein each of the first template and the second template comprises one or more inflection points that correspond to commands or other data aspects that are unique to the first protocol.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A secure connection between a computer network and a remote device is provided by a carrier network between the computer network and the remote device. The secure connection includes data tunnels that operate as virtual private networks between the corporate network and the carrier network and between the remote device and the carrier network. In addition, communication protocols can be used to enable data requests and data transmission over the secure connection, optionally through ports on the computer network that are opened for Web traffic.

Citations

46 Claims

1. A method comprising:
- establishing a first data tunnel leg between a tunneling client of a computing network and a tunneling server of a carrier network;
  
  establishing a second data tunnel leg between the tunneling server of the carrier network and the tunneling client of a remote device; and
  
  causing transmission of data between the remote device and the computing network via the first and second data tunnel legs and the carrier network using a first template associated with a first protocol, the first template being used by the tunneling client of the computing network, and a second template associated with the first protocol, the second template being used by the tunneling client of the remote device,wherein each of the first template and the second template comprises one or more inflection points that correspond to commands or other data aspects that are unique to the first protocol.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 41, 42)
- - 2. A method as defined in claim 1, wherein the data transmitted between the remote device and the computing network comprises an access request that includes a protocol identifier that allows a firewall and a proxy on the computing network to recognize the data as web traffic and allow passage thereof into the computing network.
  - 3. A method as defined in claim 2, wherein the first protocol comprises a Post Office Protocol (POP) e-mail protocol used in transferring e-mail commands or data between the computing network and the remote device.
  - 4. A method as defined in claim 2, wherein:
    - the first protocol comprises an Instant Messenger protocol; and
      
      each of the first template and the second template comprises four inflection points that correspond to four Instant Messenger tasks, including the tasks of;
      
      send a message;
      
      receive a message;
      
      retrieve a buddy list; and
      
      login.
  - 5. A method as defined in claim 1, wherein establishing a first data tunnel leg comprises:
    - causing a first connection signal to be sent from the tunneling client of the computing network to a tunneling server of the carrier network; and
      
      causing a connection reply signal to be sent from the tunneling server to the tunneling client on the computing network.
  - 6. A method as defined in claim 5, wherein the first connection signal comprises a uniform resource identifier that represents a request for the carrier network to provide access to network data on the computing network.
  - 7. A method as defined in claim 1, further comprising causing a keep alive signal to be sent from the computing network to the carrier network to maintain the first data tunnel leg.
  - 8. A method as defined in claim 1, wherein the first connection signal is to be transmitted via a port that is established through a firewall on the computing network, wherein the port is otherwise specified for being opened and reserved for Internet traffic.
  - 9. A method as defined in claim 5, wherein the first connection signal further comprises a first identification code which authenticates the computing network.
  - 10. A method as defined in claim 9, further comprising causing a session key to be transmitted from the tunneling client of the remote device, wherein the session key is used to set up an encryption protocol that is to be used for communication between the remote device and the computing network.
  - 11. A method as defined in claim 9, further comprising causing a session key to be transmitted from the tunneling client of the computing network, wherein the session key is used to set up an encryption protocol that is to be used for communication between the remote device and the computing network.
  - 12. A method as defined in claim 9, further comprising causing transmission of identification data, from the remote device to the computing network, that is used by the computing network to authenticate the identity of a user operating the remote device.
  - 13. A method as defined in claim 5, wherein establishing the second data tunnel leg second connection signal further comprises causing a second connection signal to be sent from the tunneling client of the remote device to the tunneling server.
  - 41. A method as defined in claim 1, wherein the tunneling client of the computing network comprises the first template and the tunneling client of the remote device comprises the second template.
  - 42. A method as defined in claim 41, wherein the first template comprises a protocol code corresponding to the first protocol and the second template comprises a protocol format corresponding to the first protocol but not the protocol code.

14. A method comprising:
- receiving a first connection signal from a computing network;
  
  establishing a first data tunnel leg between a carrier network and the computing network in response to the first connection signal;
  
  receiving a second connection signal from a remote device;
  
  establishing a second data tunnel leg between the carrier network and the remote device in response to the second connection signal, the first data tunnel leg and the second tunnel leg together operating as a virtual private network; and
  
  causing transmission of data between the remote device and the computing network via the first and second data tunnel legs using a first template associated with a first protocol, the first template being used by a tunneling client of the computing network, and a second template associated with the first protocol, the second template being used by a tunneling client of the remote device,wherein each of the first template and the second template comprises one or more inflection points that correspond to commands or other data aspects that are unique to the first protocol.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
- - 15. A method as defined in claim 14, wherein the first protocol comprises a Post Office Protocol (POP) e-mail protocol used in transferring e-mail commands or data between the computing network and the remote device.
  - 16. A method as defined in claim 14, wherein:
    - the first protocol comprises an Instant Messenger protocol; and
      
      each of the first template and the second template comprises four inflection points that correspond to four Instant Messenger tasks including the tasks of;
      
      send a message;
      
      receive a message;
      
      retrieve a buddy list; and
      
      login.
  - 17. A method as defined in claim 14, wherein the carrier network comprises a tunneling server that includes a user interface service that converts the data into a format that is configured to be visually displayed before sending the data to the remote device.
  - 18. A method as defined in claim 14, wherein establishing the first data tunnel leg further comprises causing a connection reply signal to be sent to the computing network.
  - 19. A method as defined in claim 14, wherein the first connection signal comprises a uniform resource identifier that represents a request for the carrier network to provide access to network data on the computing network.
  - 20. A method as defined in claim 14, further comprising receiving a keep alive signal from the computing network to maintain the first data tunnel leg.
  - 21. A method as defined in claim 20, wherein the first data tunnel leg is maintained substantially continuously and the second data tunnel leg is opened intermittently upon request from the remote device.
  - 22. A method as defined in claim 14, wherein the first connection signal is to be transmitted via a port that is established through a firewall on the computing network, wherein the port is opened and reserved for Internet traffic.
  - 23. A method as defined in claim 14, wherein, upon opening the second data tunnel leg, the first data tunnel leg and the second data tunnel leg comprise a single data tunnel leg wherein the remote device is configured to communicate with the computing network.
  - 24. A method as defined in claim 14, wherein the first connection signal is received by a designated tunneling server on the carrier network, and wherein the designated server is one of multiple tunneling servers of the carrier network.
  - 25. A method as defined in claim 14, further comprising receiving a session key from a device client on the remote device, wherein the session key is used to set up an encryption protocol that is to be used for communication between the remote device and the computing network.
  - 26. A method as defined in claim 25, further comprising causing transmission of identification data, to the computing network from the remote device, that is used by the computing network to authenticate the identity of a user operating the remote device.

27. A method comprising:
- causing transmission of a connection signal from a tunneling client of a device to a tunneling server of a carrier network, wherein a first data tunnel leg has already been established between the tunneling server and a remote computer network; and
  
  causing a data request to be transmitted via the second data tunnel leg to the carrier network using a first template that is associated with a first protocol and is used by the tunneling client of the device, upon the establishment of a second data tunnel leg between the device and the carrier network in response to the connection signal;
  
  causing receipt of the data request, at the remote computing network, from the carrier network via the first data tunnel leg; and
  
  processing the data request, at the remote computing network, using a second template associated with the first protocol,wherein each of the first template and the second template comprises one or more inflection points that correspond to commands or other data aspects that are unique to the first protocol.
- View Dependent Claims (28, 29, 30, 31, 32)
- - 28. A method as defined in claim 27, wherein the first protocol comprises a Post Office Protocol (POP) e-mail protocol used in transferring e-mail commands or data between the remote computing network and the device.
  - 29. A method as defined in claim 27, wherein:
    - the first protocol comprises an Instant Messenger protocol; and
      
      each of the first template and the second template comprises four inflection points that correspond to four Instant Messenger tasks, including the tasks of;
      
      send a message;
      
      receive a message;
      
      retrieve a buddy list; and
      
      login.
  - 30. A method as defined in claim 27, wherein the connection signal comprises a uniform resource identifier which represents a request for the carrier network to provide to the device access to network data on the remote computing network.
  - 31. A method as defined in claim 27, further comprising causing transmission of a session key from the tunneling client of the device, wherein the session key is used to set up an encryption protocol that is to be used for communication between the device and the remote computing network.
  - 32. A method as defined in claim 31, further comprising causing transmission of identification data, to the remote computing network, that is used by the remote computing network to authenticate the identity of a user operating the device.

33. A method comprising:
- causing transmission of a first connection signal from a tunneling client of a computing network to a carrier network;
  
  transmitting a keep alive signal from the computing network to the carrier network to maintain a first data tunnel leg upon the establishment of the first data tunnel leg between the computing network and the carrier network; and
  
  causing receipt of a data request from a remote device via the first data tunnel leg and a second data tunnel leg located between the carrier network and the remote device,wherein the data request is caused to be transmitted using a first template associated with a first protocol, the first template being used by the tunneling client of the computing network, and a second template associated with the first protocol, the second template being used by a tunneling client of the remote device,wherein each of the first template and the second template comprises one or more inflection points that correspond to commands or other data aspects that are unique to the first protocol.
- View Dependent Claims (43, 44)
- - 43. A method as defined in claim 33, wherein the tunneling client of the computing network comprises the first template and the tunneling client of the remote device comprises the second template.
  - 44. A method as defined in claim 43, wherein the first template comprises a protocol code corresponding to the first protocol and the second template comprises a protocol format corresponding to the first protocol but not the protocol code.

34. A computer program product comprising at least one computer-readable storage medium having computer-readable program code portions stored therein, the computer-readable program code portions comprising:
- program code instructions for establishing a first data tunnel leg between a carrier network and a computing network upon receiving a first connection signal from the computing network;
  
  program code instructions for establishing a second data tunnel leg between the carrier network and a remote device, the first data tunnel leg and the second data tunnel leg together operating as a virtual private network; and
  
  program code instructions for causing transmission of data between the remote device and the computing network via the first and second data tunnel legs using a first template associated with a first protocol, the first template being used by a tunneling client of the computing network, and a second template associated with the first protocol, the second template being used by a tunneling client of the remote device,wherein each of the first template and the second template comprises one or more inflection points that correspond to commands or other data aspects that are unique to the first protocol.
- View Dependent Claims (35, 36, 37, 38)
- - 35. A computer program product as defined in claim 34, wherein the first protocol comprises a Post Office Protocol (POP) e-mail protocol used in transferring e-mail commands or data between the computing network and the remote device.
  - 36. A computer program product as defined in claim 34, wherein:
    - the first protocol comprises an Instant Messenger protocol; and
      
      each of the first template and the second template comprises four inflection points that correspond to four Instant Messenger tasks including the tasks of;
      
      send a message;
      
      receive a message;
      
      retrieve a buddy list; and
      
      login.
  - 37. A computer program product as defined in claim 34, further comprising program code instructions for maintaining substantially continuously the first data tunnel leg and the second data tunnel leg is opened intermittently upon request from the remote device.
  - 38. A computer program product as defined in claim 34, further comprising program code instructions for causing transmission of the first connection signal via a port that is established through a firewall on the computing network, wherein the port is opened and reserved for Internet traffic.

39. A system for enabling a user of a remote device to access network data and software applications stored on a computer network, the system comprising:
- a first tunneling client on the computer network;
  
  a tunneling server on a carrier network, wherein;
  
  the first tunneling client and the tunneling server are configured to communicate with each other and maintain a first data tunnel leg therebetween;
  
  the tunneling server is configured to, upon receiving a connection signal from the remote device, establish a second data tunnel leg between the carrier network and the remote device which comprises a second tunneling client, the first data tunnel leg and the second data tunnel leg together operating as a virtual private network; and
  
  wherein the second tunneling client is configured to cause transmission of data between the remote device and the computing network via the first and second data tunnel legs using a second template associated with a first protocol, the second template being used by the second tunneling client, and a first template associated with the first protocol, the first template being used by the first tunneling client,wherein each of the first template and the second template comprises one or more inflection points that correspond to commands or other data aspects that are unique to the first protocol.
- View Dependent Claims (40)
- - 40. A system as defined in claim 39, wherein the second tunneling client is configured to generate the connection signal.

45. An apparatus comprising:
- at least one processor; and
  
  at least one memory including computer program code, the at least one memory and the computer program code configured to with the at least one processor, cause the apparatus at least to perform at least the following;
  
  communicate with a first tunneling client on a computer network and maintain a first data tunnel leg therebetween;
  
  establish a second data tunnel leg between the carrier network and the remote device upon receiving a connection signal from a remote device which comprises a second tunneling client, the first data tunnel leg and the second data tunnel leg together operating as a virtual private network; and
  
  cause data to be transmitted between the remote device and the computing device via the first and second data tunnel legs using a second template associated with a first protocol, the second template being used by the second tunneling client of the remote device, and a first template associated with the first protocol, the first template being used by the first tunneling client of the computing network,wherein each of the first template and the second template comprises one or more inflection points that correspond to commands or other data aspects that are unique to the first protocol.
- View Dependent Claims (46)
- - 46. The apparatus of claim 45, wherein the first tunneling client of the computing network comprises the first template and the second tunneling client of the remote device comprises the second template.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
WSOU Investments, LLC (WSOU Holdings, LLC)
Original Assignee
Intellisync Corporation (Nokia Corporation)
Inventors
Wesemann, Darren L.
Primary Examiner(s)
Lanier; Benjamin E
Assistant Examiner(s)
ALMEIDA, DEVIN E

Application Number

US10/794,243
Publication Number

US 20040255164A1
Time in Patent Office

2,188 Days
Field of Search

713/151, 726/15
US Class Current

713/151
CPC Class Codes

H04L 12/4641   Virtual LANs, VLANs, e.g. v...

H04L 63/0272   Virtual private networks

H04L 63/0435   wherein the sending and rec...

H04L 63/0823   using certificates cryptogr...

H04L 63/126   the source of the received ...

Virtual private network between computing network and remote device

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

46 Claims

Specification

Solutions

Use Cases

Quick Links

Virtual private network between computing network and remote device

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

46 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links