Methods and systems for connecting mobile nodes to private networks

US 7,792,072 B2
Filed: 12/13/2004
Issued: 09/07/2010
Est. Priority Date: 12/13/2004
Status: Expired due to Fees

First Claim

Patent Images

1. A method, comprising:

connecting a mobile node to an access point outside a private network;

forming an internet protocol security tunnel between the mobile node and a home agent on the private network for a transfer of packets;

roaming the mobile node into a region of the private network and connecting the mobile node to the private network using a private network access point, while maintaining the internet protocol security tunnel between the mobile node and the home agent,wherein when the mobile node is outside the private network forming the internet protocol security tunnel between the mobile node and the home agent further comprises forming an internet protocol security tunnel between the mobile node and a private network gateway and forming an internet protocol security tunnel between the private network gateway and the home agent, wherein when the mobile nodes roams into the region of the private network, the internet protocol security tunnel is maintained between the mobile node and the home agent without traversing the private network gateway, andwherein roaming the mobile node into the private network comprises sending, by the mobile node, an update message to the home agent, and receiving an acknowledgement message from the home agent, wherein the acknowledgment message indicates that the home agent has updated the security association and an internet protocol address for the mobile node.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

When mobile node is connected to an access point outside the private network, a tunnel is formed between the mobile node and a home agent on the private network for the transfer of packets. When, the mobile node roams into a region accessible to the private network, the mobile node is connected to the private network using a private network access point while maintaining the tunnel between the mobile node and the home agent.

Citations

22 Claims

1. A method, comprising:
- connecting a mobile node to an access point outside a private network;
  
  forming an internet protocol security tunnel between the mobile node and a home agent on the private network for a transfer of packets;
  
  roaming the mobile node into a region of the private network and connecting the mobile node to the private network using a private network access point, while maintaining the internet protocol security tunnel between the mobile node and the home agent,wherein when the mobile node is outside the private network forming the internet protocol security tunnel between the mobile node and the home agent further comprises forming an internet protocol security tunnel between the mobile node and a private network gateway and forming an internet protocol security tunnel between the private network gateway and the home agent, wherein when the mobile nodes roams into the region of the private network, the internet protocol security tunnel is maintained between the mobile node and the home agent without traversing the private network gateway, andwherein roaming the mobile node into the private network comprises sending, by the mobile node, an update message to the home agent, and receiving an acknowledgement message from the home agent, wherein the acknowledgment message indicates that the home agent has updated the security association and an internet protocol address for the mobile node.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein maintaining the internet protocol security tunnel between the mobile node and the home agent comprises restructuring the internet protocol security tunnel between the mobile node and the private network gateway and the internet protocol security tunnel between the private network gateway and the home agent into an internet protocol security tunnel directly between the mobile node and the home agent.
  - 3. The method of claim 1, wherein connecting the mobile node to the access point comprises connecting a mobile node configured to use a mobile internet protocol to the access point.
  - 4. The method of claim 1, wherein connecting the mobile node to the access point comprises connecting a mobile node configured to use mobile internet protocol version 6.
  - 5. The method of claim 1, wherein forming the internet protocol security tunnel between the mobile node and the home agent comprises setting up a security association between the mobile node and the home agent through a firewall of the private network, wherein the firewall is configured to allow passage of a security association message from the mobile node and directed to the home agent.
  - 6. The method of claim 5, wherein setting up a security association comprises setting up a security association using internet protocol security.
  - 7. The method of claim 6, wherein maintaining the internet protocol security tunnel between the mobile node and the home agent comprises maintaining the internet protocol security association.
  - 8. The method of claim 1, wherein forming the internet protocol security tunnel between the mobile node and the home agent comprises forming the internet protocol security tunnel through a firewall of the private network, wherein the firewall is configured to allow passage of packets from the mobile node directed to the home agent.

9. A method, comprising:
- connecting a mobile node to an internet access point;
  
  setting up a security association between the mobile node and a home agent on a private network through a firewall using the internet access point, wherein the firewall is configured to allow passage of a security association message from the mobile node and directed to the home agent; and
  
  when the security association is set up, forming an internet protocol security tunnel between the mobile node and the home agent for a transfer of packets,wherein forming the internet protocol security tunnel between the mobile node and the home agent comprises forming a internet protocol security tunnel between the mobile node and a private network gateway and forming a internet protocol security tunnel between the private network gateway and the home agent, andwherein setting up the security association between the mobile node and the home agent comprises sending, by the mobile node, an update message to the home agent when the mobile node roams into the private network, and receiving an acknowledgement message from the home agent, wherein the acknowledgment message indicates that the home agent has updated the security association and an internet protocol address for the mobile node, wherein the internet protocol security tunnel is maintained, when the mobile roams into the private network, directly between the mobile node and the home agent without traversing the private network gateway.

10. A system, comprising:
- a private network comprising a home agent and a gateway; and
  
  a mobile node,wherein the mobile node and the private network are configured to allow the mobile node to connect to the private network through an access point outside the private network to form an internet protocol security tunnel between the mobile node and the home agent, and to maintain the internet protocol security tunnel directly between the home agent and the mobile node without traversing the gateway, when the mobile node roams into the private network and connects to the private network through an access point of the private network,wherein, when the mobile node roams outside the private network, the internet protocol security tunnel between the mobile node and the home agent comprises a tunnel between the mobile node and the gateway and a tunnel between the gateway and the home agent, andwherein, when the mobile node roams into the private network, the mobile node is configured to send an update message to the home agent, and the home agent is configured to send an acknowledgement message to the mobile node in response to the updated message and further configured to update a security association and an internet protocol address for the mobile node.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
- - 11. The system of claim 10, wherein the mobile node is mobile internet protocol capable.
  - 12. The system of claim 11, wherein the mobile node is mobile internet protocol version 6 capable.
  - 13. The system of claim 10, wherein the mobile node and the home agent are configured to maintain the internet protocol security tunnel when the mobile node roams into the private network and connects to the private network through the access point of the private network by forming an internet protocol security tunnel directly between the mobile node and the home agent.
  - 14. The system of claim 10, wherein the private network further comprises a firewall, wherein the firewall is configured to allow passage of security association messages from the mobile node to the home agent.
  - 15. The system of claim 14, wherein the mobile node and private network are internet protocol security capable and the firewall is configured to allow passage of internet protocol security association messages from the mobile node to the home agent.
  - 16. The system of claim 10, wherein the mobile node and private network are mobile internet protocol version 6 and internet protocol security capable and a firewall is configured to allow passage of packets with internet protocol security encryption between the mobile node and the home agent.
  - 17. The system of claim 16, wherein the mobile node and the home agent are configured to maintain the internet protocol security tunnel when the mobile node roams into the private network and connects to the private network through an access point of the private network by maintaining the internet protocol security tunnel without internet protocol security encryption.

18. An apparatus, comprising:
- at least one processor; and
  
  at least one memory including computer program code,wherein the at least one memory and the computer program code are configured to, with the at least one processor, cause the apparatus at least toconnect to a private network through an access point outside the private network to form an internet protocol security tunnel between the apparatus and a home agent in the private network and to maintain the tunnel directly between the home agent and the apparatus when the apparatus roams into the private network and connects to the private network through an access point of the private network,form an internet protocol security tunnel between the apparatus and a private network gateway and to form an internet protocol security tunnel between the private network gateway and the home agentsend, when the apparatus roams into the private network, an update message to the home agent, andreceive an acknowledgement message from the home agent indicating that a security association and an internet protocol address are updated for the apparatus, wherein the tunnel is maintained, when the apparatus roams into the private network, directly between the apparatus and the home agent without traversing a private network gateway.

19. A system, comprising:
- a home agent; and
  
  at least one access point;
  
  wherein the system is configured to connect a mobile node through an access point outside the system to form an internet protocol security tunnel between the mobile node and the home agent and to maintain the internet protocol security tunnel directly between the home agent and the mobile node when the mobile node roams into the system and connects to the system through an access point of the system,wherein the system is a virtual private network and comprises a virtual private network gateway, and the tunnel between the mobile node and the home agent comprises a first internet protocol security tunnel between the virtual private network gateway and the mobile node and a second internet protocol security tunnel between the virtual private network gateway and the home agent,wherein the home agent is configured to receive an update message from the mobile node when it roams into the system, and further configured to send an acknowledgment message to the mobile node, indicating that a security association and an internet protocol address are updated for the mobile node, wherein the tunnel is maintained, when the mobile node roams into the private network, directly between the mobile node and the home agent without traversing the virtual private network gateway.

20. A system, comprising:
- network means for providing a shared communication space, the network means comprising a home agent; and
  
  communication means for communicating via the shared communication space,wherein the communication means and the network means for allowing the communication means to connect to the network means through an access point outside the network means to form an internet protocol security tunnel between the communication means and the home agent, and to maintain the internet protocol security tunnel directly, without traversing a network means gateway, between the home agent and the communication means when the communication means roams into the network means and connects to the network means through an access point of the connection means,wherein the internet protocol security tunnel between the home agent and the communication means comprises an internet protocol security tunnel between the home agent and network means gateway and an internet protocol security tunnel between the network means gateway and the communications means, andwherein, when the communication means roams into the network means, the communication means is further for sending an update message to the home agent, and the home agent is configured to send an acknowledgement message to the communication means in response to the updated message and further configured to update a security association and an internet protocol address for the communication means.

21. An apparatus, comprising:
- transmitting means for communicating with a home agent of a private network;
  
  receiving means for receiving a transmission from the home agent; and
  
  processing means for connecting the apparatus to the private network though an access point outside the private network to form an internet protocol security tunnel directly between the apparatus and the home agent in the private network, and to maintain the internet protocol security tunnel directly, without traversing a private network gateway, between the home agent and the apparatus when the apparatus roams into the private network and connects to the private network through the access point of the private network,wherein the internet protocol security tunnel between the home agent and the apparatus comprises an internet protocol security tunnel between the apparatus and the private network gateway and an internet protocol security tunnel between the private network gateway and the home agent,wherein the transmitting means is further for sending, when the apparatus roams into the private network, an update message to the home agent, andwherein the receiving means is further for receiving an acknowledgement message from the home agent indicating that a security association and an internet protocol address are updated for the apparatus.

22. A system, comprising:
- routing means for connecting a mobile node to the system; and
  
  at least one accessing means for providing a connection to the system,wherein the system is configured to connect the mobile node through an accessing means outside the system to form an internet protocol security tunnel directly between the mobile node and the routing means and to maintain the internet protocol security tunnel directly between the routing means and the mobile node when the mobile node roams into the system and connects to the system through the accessing means of the system,wherein the internet protocol security tunnel between the mobile node and the router means comprises an internet protocol security tunnel between the mobile node and a private network gateway and an internet protocol security tunnel between the private network gateway and the routing means,wherein the routing means is further for receiving an update message from the mobile node when it roams into the system, and further for sending an acknowledgment message to the mobile node, indicating that a security association and an internet protocol address are updated for the mobile node, wherein the tunnel is maintained, when the mobile node roams into the private network, directly between the mobile node and the home agent without traversing the private network gateway.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
RPX Corporation
Original Assignee
Nokia, Inc. (Nokia Corporation)
Inventors
Koodli, Rajeev, Devarapalli, Vijay
Primary Examiner(s)
Kincaid, Lester
Assistant Examiner(s)
Lai, Daniel

Application Number

US11/010,594
Publication Number

US 20060126645A1
Time in Patent Office

2,094 Days
Field of Search

4554321-444, 455/552.1, 455/410, 455/411, 726/15, 370/351, 370331-333, 435432-433
US Class Current

370/328
CPC Class Codes

H04L 63/0272   Virtual private networks

H04W 12/03   Protecting confidentiality,...

H04W 8/10   between location register a...

H04W 80/04   Network layer protocols, e....

Methods and systems for connecting mobile nodes to private networks

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and systems for connecting mobile nodes to private networks

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links