Authentication and encryption method and apparatus for a wireless local access network

US 7,797,530 B2
Filed: 04/09/2001
Issued: 09/14/2010
Est. Priority Date: 04/09/2001
Status: Active Grant

First Claim

Patent Images

1. An apparatus for secure wireless communication between at least one user mobile client station and a network to which the apparatus is connectable, the apparatus comprising:

a base unit communicatively coupled to an external network as a wireless access point, the base unit including;

a port configured for wireless communication with one or more mobile clients;

a firewall connected to the port and configured to control communications from the external network and the port;

a virtual private network (VPN) server connected to, and controlling, the firewall;

a router connected to the firewall and to the VPN server; and

the one or more mobile clients communicatively coupled wirelessly with the base unit;

wherein the one or more mobile clients have initial permission at the firewall to access only an authentication function of the VPN server until the VPN server communicates to the firewall a permission profile for a respective mobile client, whereupon a corresponding VPN tunnel connection is established for an authenticated mobile client to the VPN server, the VPN server loading rules into the firewall to accept communications from the authenticated mobile client only through the corresponding VPN tunnel connection;

wherein communications between authenticated mobile clients are transmitted through the router and secured through both the firewall and the corresponding VPN tunnel connection established from each respective authenticated mobile client to the VPN server;

wherein a given wireless communication is encrypted using the VPN tunnel connection established to the VPN server; and

wherein a wireless communication received at the firewall addressed to a VPN server associated with another apparatus is allowed to pass through the firewall and the router to the VPN server of the other apparatus.

View all claims

12 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

This invention pertains to the field of Wireless Local Area Network (WLAN). This invention allows a secure connection of a user client station to a base unit. The secure connection comprises the use of authentication and encryption means. The base unit comprises a switching unit, at least one firewall, an authentication/encryption unit and at least one port device. The invention also provides a secure roaming scheme when a roaming is performed by a wireless user.

29 Citations

View as Search Results

15 Claims

1. An apparatus for secure wireless communication between at least one user mobile client station and a network to which the apparatus is connectable, the apparatus comprising:
- a base unit communicatively coupled to an external network as a wireless access point, the base unit including;
  
  a port configured for wireless communication with one or more mobile clients;
  
  a firewall connected to the port and configured to control communications from the external network and the port;
  
  a virtual private network (VPN) server connected to, and controlling, the firewall;
  
  a router connected to the firewall and to the VPN server; and
  
  the one or more mobile clients communicatively coupled wirelessly with the base unit;
  
  wherein the one or more mobile clients have initial permission at the firewall to access only an authentication function of the VPN server until the VPN server communicates to the firewall a permission profile for a respective mobile client, whereupon a corresponding VPN tunnel connection is established for an authenticated mobile client to the VPN server, the VPN server loading rules into the firewall to accept communications from the authenticated mobile client only through the corresponding VPN tunnel connection;
  
  wherein communications between authenticated mobile clients are transmitted through the router and secured through both the firewall and the corresponding VPN tunnel connection established from each respective authenticated mobile client to the VPN server;
  
  wherein a given wireless communication is encrypted using the VPN tunnel connection established to the VPN server; and
  
  wherein a wireless communication received at the firewall addressed to a VPN server associated with another apparatus is allowed to pass through the firewall and the router to the VPN server of the other apparatus.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The apparatus as claimed in claim 1, wherein for each VPN tunnel connection the router creates a first link between the VPN server and the firewall and a second link between the VPN server and the firewall, the first and second links being secure as a result of encryption by the VPN server and filtering by the firewall.
  - 3. The apparatus as claimed in claim 1, further comprising a set of one or more security profiles, wherein the VPN server uses a given security profile to manage the firewall for a particular one of the one or more mobile clients.
  - 4. The apparatus as claimed in claim 1, wherein the VPN server uses PPTP protocol for the VPN tunnel connections.
  - 5. The apparatus as claimed in claim 1, wherein the VPN server uses IPSec for the VPN tunnel connections.
  - 6. The apparatus as claimed in claim 1, wherein the VPN server uses L2TP protocol for the VPN tunnel connections.
  - 7. The apparatus as claimed in claim 3, wherein a given security profile has at least one rule established at a RADIUS authentication server communicatively coupled to the VPN server.
  - 8. The apparatus as claimed in claim 3, wherein a given security profile is storable in a database according to a Lightweight Directory Access Protocol (LDAP).
  - 9. The apparatus as claimed in claim 1, wherein the wireless communications between a second base unit and the VPN server are unencrypted.
  - 10. The apparatus as claimed in claim 1, further including a local area network port allowing an external device to be connected to the apparatus, wherein traffic from the one or more mobile clients to the external device is unencrypted after passing through the VPN server.
  - 11. The apparatus as claimed in claim 1, wherein the base unit is connected to a wide area network.
  - 12. The apparatus as claimed in claim 1, wherein the VPN server is connectable to a database unit having one or more security profiles, the database unit being connected to the VPN server via a wide area network.

13. A method for secure wireless communication between a mobile client and a network via an access point, the access point comprising a port, a Virtual Private Network (VPN) server, a router, and a firewall, the method comprising:
- establishing an authentication link between the mobile client and the VPN server via the firewall and the port;
  
  authenticating the mobile client; and
  
  after successful authentication of the mobile client;
  
  retrieving to the firewall a profile associated with the authenticated mobile client;
  
  establishing a VPN tunnel connection for the authenticated mobile client to the VPN server;
  
  applying the profile at the firewall, allowing the authenticated mobile client to communicate data via the router, secured through both the firewall according to the profile and the VPN tunnel connection to the VPN server; and
  
  communicating the data to a second mobile client via a second VPN tunnel connection that is established for the second mobile client to the VPN server, the second mobile client station having been authenticated by the VPN server;
  
  encrypting the wireless communication between each mobile client and the VPN server; and
  
  wherein the mobile client has initial permission at the firewall to access only an authentication function of the VPN server until the VPN server communicates to the firewall a permission profile for a respective mobile client, andwherein a wireless communication received at the firewall addressed to a VPN server associated with another access point is allowed to pass through the firewall and the router to the VPN server of the other access point.
- View Dependent Claims (14, 15)
- - 14. The method as claimed in claim 13, further comprising removing the profile from the firewall upon detecting a disconnection from the access point of the mobile client.
  - 15. The method as claimed in claim 13, further comprising removing the profile from the firewall upon closing of the VPN tunnel connection for the mobile client.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Valtrus Innovations Limited (f/k/a Dolya Holdco 9 Limited) (Key Patent Innovations Limited)
Original Assignee
Hewlett-Packard Company (HP Inc.)
Inventors
Trudeau, Pierre, Moineau, Gilbert, Laroche, Stephane
Primary Examiner(s)
Homayounmehr; Farid

Application Number

US10/276,334
Publication Number

US 20040215957A1
Time in Patent Office

3,445 Days
Field of Search

713/153, 713/152, 709/238
US Class Current

713/153
CPC Class Codes

H04L 63/0227   Filtering policies mail mes...

H04L 63/0263   Rule management

H04L 63/0272   Virtual private networks

H04L 63/0428   wherein the data content is...

H04L 63/08   for authentication of entit...

H04L 67/306   User profiles

H04W 12/03   Protecting confidentiality,...

H04W 12/06   Authentication

H04W 12/08   Access security

H04W 74/00   Wireless channel access

H04W 84/12   WLAN [Wireless Local Area N...

Authentication and encryption method and apparatus for a wireless local access network

First Claim

12 Assignments

0 Petitions

Accused Products

Abstract

29 Citations

15 Claims

Specification

Use Cases

Quick Links

Others

Authentication and encryption method and apparatus for a wireless local access network

First Claim

12 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

29 Citations

15 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others