Method and system for initiating a virtual private network over a shared network on behalf of a wireless terminal
First Claim
Patent Images
1. A system comprising:
- a shared network;
a radio access network, the radio access network including a base transceiver station (BTS) for communicating with a wireless terminal over an air interface and a packet data serving node (PDSN) that is utilized for routing packets between the wireless terminal and the shared network;
an enterprise network;
a resource on the enterprise network, wherein the wireless terminal and the resource are able to exchange the packets over a communication pathway, the communication pathway extending through the radio access network, the shared network, and the enterprise network, wherein the packets include an enterprise address that indicates the wireless terminal is authorized to communicate over the enterprise network;
a VPN server in the communication pathway that is configured to tunnel the packets through the shared network to a VPN terminator, wherein the packets are unencrypted when communicated to the VPN server, wherein the process of tunneling comprises;
(a) encrypting the packets; and
(b) encapsulating the encrypted packets into other packets;
the VPN terminator in the communication pathway, wherein the VPN server and the VPN terminator are able to establish a VPN connection between them through the shared network, the VPN connection providing part of the communication pathway; and
a network services platform in the communication pathway that is located between the PDSN and the VPN server, wherein the network services platform is configured to receive packets exchanged between the wireless terminal and the resource and to manipulate data carried within the packet, and wherein the packets are unencrypted when received at the network services platform within the communication pathway.
5 Assignments
0 Petitions
Accused Products
Abstract
A VPN server on a radio access network may initiate a virtual private network (VPN) over a shared network, e.g., Internet, on behalf of a wireless terminal. The VPN may span the shared network, but not span the radio access network. As a result, the radio access network may be able to analyze and manipulate data sent by the wireless terminal. Additionally, the VPN may securely transport the data through the shared network.
-
Citations
20 Claims
-
1. A system comprising:
-
a shared network; a radio access network, the radio access network including a base transceiver station (BTS) for communicating with a wireless terminal over an air interface and a packet data serving node (PDSN) that is utilized for routing packets between the wireless terminal and the shared network; an enterprise network; a resource on the enterprise network, wherein the wireless terminal and the resource are able to exchange the packets over a communication pathway, the communication pathway extending through the radio access network, the shared network, and the enterprise network, wherein the packets include an enterprise address that indicates the wireless terminal is authorized to communicate over the enterprise network; a VPN server in the communication pathway that is configured to tunnel the packets through the shared network to a VPN terminator, wherein the packets are unencrypted when communicated to the VPN server, wherein the process of tunneling comprises; (a) encrypting the packets; and (b) encapsulating the encrypted packets into other packets; the VPN terminator in the communication pathway, wherein the VPN server and the VPN terminator are able to establish a VPN connection between them through the shared network, the VPN connection providing part of the communication pathway; and a network services platform in the communication pathway that is located between the PDSN and the VPN server, wherein the network services platform is configured to receive packets exchanged between the wireless terminal and the resource and to manipulate data carried within the packet, and wherein the packets are unencrypted when received at the network services platform within the communication pathway. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method comprising:
-
establishing a VPN connection through a shared network between a VPN server and a VPN terminator for packet communication between a wireless terminal and a resource on an enterprise network; the wireless terminal transmitting a packet to a radio access network over an air interface, the packet including an enterprise address that indicates the wireless terminal is authorized to communicate over the enterprise network; a packet entity in the radio access network routing the packet to a network services platform, wherein the packet is unencrypted when communicated to the network services platform, and wherein the packet entity comprises a packet data serving node (PDSN) for routing the packet between the wireless terminal and the shared network; the network services platform manipulating data carried in the unencrypted packet to provide at least one communication service, wherein the network services platform is located in a communication pathway between the packet entity and the VPN server; incident to manipulating the data in the unencrypted packet, the network services platform sending the unencrypted packet with the manipulated data to the VPN server; the VPN server tunneling the unencrypted packet through the VPN connection to the VPN terminator, wherein the process of tunneling comprises; (a) encrypting the unencrypted packet with manipulated data; and (b) encapsulating the encrypted packet into another packet, such that the VPN connection securely carries the manipulated data across the shared network; the VPN terminator receiving the packet, determining from the enterprise address in the packet that the wireless terminal is authorized to communicate over the enterprise network, and routing the packet to the resource over the enterprise network. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
Specification