Method and apparatus for providing secure connectivity in mobile and other intermittent computing environments

US 7,882,247 B2
Filed: 01/13/2003
Issued: 02/01/2011
Est. Priority Date: 06/11/1999
Status: Expired due to Fees

First Claim

Patent Images

1. In a data communications environment providing seamless transparent roaming of mobile computing devices, said environment including:

a plurality of data networks or subnetworks capable of communicating Internet Protocol packet-based data;

at least one mobile computing device coupled to at least one of said plurality of data networks or subnetworks, said at least one mobile computing device capable of roaming between said plurality of data networks or subnetworks, said at least one mobile computing device executing a client application that uses a TCP application session; and

a mobility server that is coupled to at least one of said plurality of data networks or subnetworks, the mobility server intermediating communication between said at least one mobile computing device and at least one further network-connected computing device,wherein said at least one mobile computing device communicates privately and securely, at least in part through the use of cryptographic security services, with said mobility server at least in part via at least one of said plurality of data networks or subnetworks,a method of facilitating private and secure communications with said at least one mobile computing device via at least one of said data networks or subnetworks as said at least one mobile computing device roams, between said data networks or subnetworks, the method comprising;

(a) establishing at least one IP security association via at least one of said data networks or subnetworks between said at least one mobile computing device and said mobility server;

(b) detecting with said at least one mobile computing device whether said at least one mobile computing device has roamed between said data networks or subnetworks,(c) in response to said detection, terminating said established IP security association for use by said at least one mobile computing device; and

(d) nevertheless supporting said application TCP session even though the IP security association has been terminated while shielding mobile computing device client applications and operating system components from periods of network disconnectedness, by reinstantiating the IP Security association upon roaming including renegotiating a secure session once network connectivity is reestablished while hiding the change from the client applications and operating system components with a software layer above IP security association so the application TCP session does not disconnect even when the at least one mobile computing device becomes temporarily disconnected during roaming, thereby providing a roamable, secure communications tunnel that persists beyond said termination of said established IP security association and automatically roams with said at least one mobile computing device.

View all claims

18 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Method and apparatus including a mobility server enables secure connectivity using standards-based Virtual Private Network (VPN) IPSEC algorithms in a mobile and intermittently connected computing environment. Transitions between and among networks occur seamlessly—with a mobility server being effective to shield networked applications from interruptions in connectivity. The applications and/or users need not be aware of these transitions, although intervention is possible.

428 Citations

22 Claims

1. In a data communications environment providing seamless transparent roaming of mobile computing devices, said environment including:
- a plurality of data networks or subnetworks capable of communicating Internet Protocol packet-based data;
  
  at least one mobile computing device coupled to at least one of said plurality of data networks or subnetworks, said at least one mobile computing device capable of roaming between said plurality of data networks or subnetworks, said at least one mobile computing device executing a client application that uses a TCP application session; and
  
  a mobility server that is coupled to at least one of said plurality of data networks or subnetworks, the mobility server intermediating communication between said at least one mobile computing device and at least one further network-connected computing device,wherein said at least one mobile computing device communicates privately and securely, at least in part through the use of cryptographic security services, with said mobility server at least in part via at least one of said plurality of data networks or subnetworks,a method of facilitating private and secure communications with said at least one mobile computing device via at least one of said data networks or subnetworks as said at least one mobile computing device roams, between said data networks or subnetworks, the method comprising;
  
  (a) establishing at least one IP security association via at least one of said data networks or subnetworks between said at least one mobile computing device and said mobility server;
  
  (b) detecting with said at least one mobile computing device whether said at least one mobile computing device has roamed between said data networks or subnetworks,(c) in response to said detection, terminating said established IP security association for use by said at least one mobile computing device; and
  
  (d) nevertheless supporting said application TCP session even though the IP security association has been terminated while shielding mobile computing device client applications and operating system components from periods of network disconnectedness, by reinstantiating the IP Security association upon roaming including renegotiating a secure session once network connectivity is reestablished while hiding the change from the client applications and operating system components with a software layer above IP security association so the application TCP session does not disconnect even when the at least one mobile computing device becomes temporarily disconnected during roaming, thereby providing a roamable, secure communications tunnel that persists beyond said termination of said established IP security association and automatically roams with said at least one mobile computing device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1 wherein said detecting comprises detecting a change in network point of attachment.
  - 3. The method of claim 1 wherein said detecting comprises detecting that an interruption of network connectivity has caused a previous IP Security session to be terminated.
  - 4. The method of claim 1 wherein said detecting comprises detecting that a network identity of said at least one mobile computing device has changed.
  - 5. The method of claim 1 wherein said detecting comprises detecting that said at least one mobile computing device has roamed to a different network or subnetwork.
  - 6. The method of claim 1 wherein said step (c) includes negotiating a new IP Security session to replace a previously established but lost IP Security session in a manner that is transparent to an application running on said at least one mobile computing device.
  - 7. The method of claim 1 wherein said step (c) includes using IP Security functionality to create said secure tunnel through at least one network or subnetwork and said step (d) comprises roaming said secure tunnel between said data networks or subnetworks.
  - 8. The method of claim 1 further comprising applying policy rules to selectively allow, deny or delay the flow of network communications via said IP Security association.
  - 9. The method of claim 1 further comprising managing and distributing policy regarding the establishment of an IP Security session from a central or distributed authority.
  - 10. The method of claim 1 further comprising securely proxying, with said mobility server, said private and secure communications between said at least one mobile computing device and said at least another computing device.
  - 11. The method of claim 1 further comprising terminating a previous IP Security session based on said detecting.

12. In a data communications environment providing seamless and transparent roaming of mobile computing devices, said environment including:
- a plurality of data networks or subnetworks capable of communicating Internet Protocol packet-based data;
  
  at least one mobile computing device capable of roaming between said plurality of data networks or subnetworks, said at least one mobile computing device providing a client application that uses a client application TCP session and has an IPSec security layer;
  
  at lest one further computing device; and
  
  a mobility server that is coupled to at least one of said plurality of data networks or subnetworks the mobility server intermediating communication between said at least one mobile computing device and the at least one further computing device,wherein said at least one mobile computing device communicates privately and securely, through the use of cryptographic security services, with said mobility server at least in part via at least one of said plurality of data networks or subnetworks,a system for facilitating secure network communications with said at least one mobile computing device via said at least one data network or subnetwork, said system comprising;
  
  a detector provided at the at least one mobile computing device that detects network disconnectedness, anda security module that, in response to detected occurrence of an event affecting network communications with said at least one mobile computing device, terminates an IP Security association for use by said at least one mobile computing device and renegotiates a secure session once network connectivity is reestablished while shielding said network disconnectedness from the mobile computing device client application so the client application TCP session does not disconnect during mobile computing device roaming, by reinstantiating an IP security association upon roaming and hiding the change from the client applications and operating system components with a software layer above the IPSec security layer.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 13. The system of claim 12 wherein said detector detects a change in network point of attachment.
  - 14. The system of claim 12 wherein said detector detects that an interruption of network connectivity has caused a previous IP Security session to be terminated.
  - 15. The system of claim 12 wherein said at least one mobile computing device has a network identifier associated therewith, and said detector detects that the network identifier of said at least one mobile computing device has changed.
  - 16. The system of claim 12 wherein said detector detects that said at least one mobile computing device has roamed to a different network or subnetwork.
  - 17. The system of claim 12 wherein said security module negotiates a new IP Security session to replace a previously established but lost IP Security session in a manner that is transparent to at least one networked application operating on said at least one mobile computing device.
  - 18. The system of claim 12 wherein said security module uses IPSec to create a secure session through network communication.
  - 19. The system of claim 12 further comprising a policy manager that applies policy rules to selectively allow, deny or delay flow of network communications over an IP Security session.
  - 20. The system of claim 12 further comprising a policy management authority that centrally manages and distributes policy regarding establishment of an IP Security session.
  - 21. The system of claim 12 wherein said mobility server securely proxies mobile computing device communications.
  - 22. The system of claim 12 wherein the security module terminates a previous IP Security session based on said detection.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Netmotion Wireless Holdings, Inc. (NetMotion Software, Inc.)
Original Assignee
Netmotion Wireless Incorporated
Inventors
Stavens, Aaron, Savarese, Joseph, Sturniolo, Emil
Primary Examiner(s)
Winder; Patrice L

Application Number

US10/340,833
Publication Number

US 20030182431A1
Time in Patent Office

2,941 Days
Field of Search

709/231, 709225-229, 726/12
US Class Current

709/228
CPC Class Codes

H04L 63/0272   Virtual private networks

H04L 63/164   at the network layer

H04L 63/20   for managing network securi...

H04L 69/161   Implementation details of T...

H04W 12/03   Protecting confidentiality,...

H04W 76/20   Manipulation of established...

H04W 80/04   Network layer protocols, e....

Method and apparatus for providing secure connectivity in mobile and other intermittent computing environments

First Claim

18 Assignments

0 Petitions

Accused Products

Abstract

428 Citations

22 Claims

Specification

Use Cases

Quick Links

Others

Method and apparatus for providing secure connectivity in mobile and other intermittent computing environments

First Claim

18 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

428 Citations

22 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others