Method and apparatus for providing secure connectivity in mobile and other intermittent computing environments
First Claim
Patent Images
1. In a data communications environment providing seamless transparent roaming of mobile computing devices, said environment including:
- a plurality of data networks or subnetworks capable of communicating Internet Protocol packet-based data;
at least one mobile computing device coupled to at least one of said plurality of data networks or subnetworks, said at least one mobile computing device capable of roaming between said plurality of data networks or subnetworks, said at least one mobile computing device executing a client application that uses a TCP application session; and
a mobility server that is coupled to at least one of said plurality of data networks or subnetworks, the mobility server intermediating communication between said at least one mobile computing device and at least one further network-connected computing device,wherein said at least one mobile computing device communicates privately and securely, at least in part through the use of cryptographic security services, with said mobility server at least in part via at least one of said plurality of data networks or subnetworks,a method of facilitating private and secure communications with said at least one mobile computing device via at least one of said data networks or subnetworks as said at least one mobile computing device roams, between said data networks or subnetworks, the method comprising;
(a) establishing at least one IP security association via at least one of said data networks or subnetworks between said at least one mobile computing device and said mobility server;
(b) detecting with said at least one mobile computing device whether said at least one mobile computing device has roamed between said data networks or subnetworks,(c) in response to said detection, terminating said established IP security association for use by said at least one mobile computing device; and
(d) nevertheless supporting said application TCP session even though the IP security association has been terminated while shielding mobile computing device client applications and operating system components from periods of network disconnectedness, by reinstantiating the IP Security association upon roaming including renegotiating a secure session once network connectivity is reestablished while hiding the change from the client applications and operating system components with a software layer above IP security association so the application TCP session does not disconnect even when the at least one mobile computing device becomes temporarily disconnected during roaming, thereby providing a roamable, secure communications tunnel that persists beyond said termination of said established IP security association and automatically roams with said at least one mobile computing device.
18 Assignments
0 Petitions
Accused Products
Abstract
Method and apparatus including a mobility server enables secure connectivity using standards-based Virtual Private Network (VPN) IPSEC algorithms in a mobile and intermittently connected computing environment. Transitions between and among networks occur seamlessly—with a mobility server being effective to shield networked applications from interruptions in connectivity. The applications and/or users need not be aware of these transitions, although intervention is possible.
428 Citations
22 Claims
-
1. In a data communications environment providing seamless transparent roaming of mobile computing devices, said environment including:
-
a plurality of data networks or subnetworks capable of communicating Internet Protocol packet-based data; at least one mobile computing device coupled to at least one of said plurality of data networks or subnetworks, said at least one mobile computing device capable of roaming between said plurality of data networks or subnetworks, said at least one mobile computing device executing a client application that uses a TCP application session; and a mobility server that is coupled to at least one of said plurality of data networks or subnetworks, the mobility server intermediating communication between said at least one mobile computing device and at least one further network-connected computing device, wherein said at least one mobile computing device communicates privately and securely, at least in part through the use of cryptographic security services, with said mobility server at least in part via at least one of said plurality of data networks or subnetworks, a method of facilitating private and secure communications with said at least one mobile computing device via at least one of said data networks or subnetworks as said at least one mobile computing device roams, between said data networks or subnetworks, the method comprising; (a) establishing at least one IP security association via at least one of said data networks or subnetworks between said at least one mobile computing device and said mobility server; (b) detecting with said at least one mobile computing device whether said at least one mobile computing device has roamed between said data networks or subnetworks, (c) in response to said detection, terminating said established IP security association for use by said at least one mobile computing device; and (d) nevertheless supporting said application TCP session even though the IP security association has been terminated while shielding mobile computing device client applications and operating system components from periods of network disconnectedness, by reinstantiating the IP Security association upon roaming including renegotiating a secure session once network connectivity is reestablished while hiding the change from the client applications and operating system components with a software layer above IP security association so the application TCP session does not disconnect even when the at least one mobile computing device becomes temporarily disconnected during roaming, thereby providing a roamable, secure communications tunnel that persists beyond said termination of said established IP security association and automatically roams with said at least one mobile computing device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. In a data communications environment providing seamless and transparent roaming of mobile computing devices, said environment including:
-
a plurality of data networks or subnetworks capable of communicating Internet Protocol packet-based data; at least one mobile computing device capable of roaming between said plurality of data networks or subnetworks, said at least one mobile computing device providing a client application that uses a client application TCP session and has an IPSec security layer; at lest one further computing device; and a mobility server that is coupled to at least one of said plurality of data networks or subnetworks the mobility server intermediating communication between said at least one mobile computing device and the at least one further computing device, wherein said at least one mobile computing device communicates privately and securely, through the use of cryptographic security services, with said mobility server at least in part via at least one of said plurality of data networks or subnetworks, a system for facilitating secure network communications with said at least one mobile computing device via said at least one data network or subnetwork, said system comprising; a detector provided at the at least one mobile computing device that detects network disconnectedness, and a security module that, in response to detected occurrence of an event affecting network communications with said at least one mobile computing device, terminates an IP Security association for use by said at least one mobile computing device and renegotiates a secure session once network connectivity is reestablished while shielding said network disconnectedness from the mobile computing device client application so the client application TCP session does not disconnect during mobile computing device roaming, by reinstantiating an IP security association upon roaming and hiding the change from the client applications and operating system components with a software layer above the IPSec security layer. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
Specification