Method and system for a secure connection in communication networks

US 8,296,825 B2
Filed: 05/31/2004
Issued: 10/23/2012
Est. Priority Date: 05/31/2004
Status: Active Grant

First Claim

Patent Images

1. A method for enabling a user to communicate on a virtual private network through a public communication network, a possibility of communicating on said virtual private network depending on an availability to said user of at least one enabling credential sent to the user in encrypted form, comprising the steps of:

providing said user with a SIM type module bearing an encryption mechanism;

providing the user with a user terminal communicating with the SIM type module;

generating the at least one enabling credential;

encrypting the at least one enabling credential using information associated with the encryption mechanism borne by the SIM type module;

transmitting to the user terminal an encrypted message containing the encrypted at least one enabling credential, wherein the encrypted at least one enabling credential is decrypted at the user terminal based on information generated by the SIM type module using the same encryption mechanism,providing encrypted communication modes between said virtual private network and the user who communicates thereon;

providing at least one gateway associated with said virtual private network to activate said encrypted communication modes;

registering said at least one gateway and the user with an inter working function; and

activating said virtual private network between said user and said at least one gateway;

wherein said step of registering said at least one gateway and the user with said inter working function entails the step of identifying which ones, in a set of SIM type modules issued, are SIM type modules enabled to communicate on said virtual private network in relation to a specific gateway.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for enabling a user to communicate on a virtual private network through a public communication network, the possibility of communicating on the private network depending on the availability to the user of at least one enabling credential sent to the user in encrypted form. The system includes at least one SIM type module available to the user and bearing an encryption mechanism and it is configured to decrypt the enabling credential at the user exploiting the encryption mechanism home by the SIM type module, the SIM type module being able to interact with at least one additional communication network to activate the encryption mechanism.

Citations

18 Claims

1. A method for enabling a user to communicate on a virtual private network through a public communication network, a possibility of communicating on said virtual private network depending on an availability to said user of at least one enabling credential sent to the user in encrypted form, comprising the steps of:
- providing said user with a SIM type module bearing an encryption mechanism;
  
  providing the user with a user terminal communicating with the SIM type module;
  
  generating the at least one enabling credential;
  
  encrypting the at least one enabling credential using information associated with the encryption mechanism borne by the SIM type module;
  
  transmitting to the user terminal an encrypted message containing the encrypted at least one enabling credential, wherein the encrypted at least one enabling credential is decrypted at the user terminal based on information generated by the SIM type module using the same encryption mechanism,providing encrypted communication modes between said virtual private network and the user who communicates thereon;
  
  providing at least one gateway associated with said virtual private network to activate said encrypted communication modes;
  
  registering said at least one gateway and the user with an inter working function; and
  
  activating said virtual private network between said user and said at least one gateway;
  
  wherein said step of registering said at least one gateway and the user with said inter working function entails the step of identifying which ones, in a set of SIM type modules issued, are SIM type modules enabled to communicate on said virtual private network in relation to a specific gateway.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 18)
- - 2. The method as claimed in claim 1, comprising the step of providing said user with the SIM type module comprising a SIM card able to interact with at least one mobile telephony network.
  - 3. The method as claimed in claim 1, comprising the step of providing said user with the user terminal capable of connecting to said public communication network and to said SIM type module.
  - 4. The method as claimed in claim 1, comprising the step of providing said user with the user terminal selected from the group of:
    - PC, notebook, laptop, PDA, and smartphone.
  - 5. The method as claimed in claim 3, comprising the step of providing said user with the user terminal capable of connecting to said SIM type module through at least a communication channel selected from the group of:
    - a Smart Card reader, a Bluetooth channel, an IrDA channel, a SIM card reader, a cell phone, and a cable.
  - 6. The method as claimed in claim 1, comprising the step of providing said encrypted communication modes according to protocols selected from SSL, TLS, SSH and IPsec.
  - 7. The method as claimed in claim 1, comprising the step of providing the inter working function co-operating with at least one additional communication network, said at least one additional communication network being provided with an authentication center, said SIM type module being able to interact with said at least one additional communication network to activate said encryption mechanism.
  - 8. The method as claimed in claim 7,wherein said user terminal for mobile communication being capable of communicating with said authentication center through said inter working function,said method further comprising the step of:
    - requesting from said authentication center, given a request by said user to communicate on said virtual private network, at least one respective set of authentication data, said authentication data being used to activate said encryption mechanism borne by said SIM type module.
  - 9. The method as claimed in claim 8, wherein said requesting step comprises transmission of an identifier of said SIM type module to said authentication center.
  - 10. The method as claimed in claim 9, wherein said identifier is an international mobile subscriber identity.
  - 11. The method as claimed in claim 8, wherein said authentication data comprise at least one triplet.
  - 12. The method as claimed in claim 1, wherein said step of registering said at least one gateway and the user with said inter working function entails an operation of providing said inter working function with information selected in the group of:
    - list of SIM type modules capable of accessing services of said virtual private network through the at least one gateway; and
      
      interconnecting modes between said inter working function and said at least one gateway.
  - 13. The method as claimed in claim 12, wherein said interconnecting modes between said inter working function and said at least one gateway are selected from the group of interconnection on a dedicated link and connection on the public communication network by means of virtual private newtork technologies.
  - 14. The method as claimed in claim 1, comprising the steps of receiving from said user who intends to communicate over said virtual private network, an identifier of said SIM type module with associated information entities selected from the group of:
    - a set of addresses reachable by said identifier on said virtual private network,time bands in which said user is allowed to access said virtual private network;
      
      days of a week in which said user is allowed to access said virtual private network; and
      
      enabled protocols for said user.
  - 18. A non-transitory computer readable storage medium encoded with a computer product capable of being loaded into a memory of an electronic computer and comprising portions of software code capable of implementing the method as claimed in claim 1.

15. A system for enabling a user to communicate on a virtual private network through a public communication network, a possibility of communicating on said virtual private network depending on an availability to said user of at least one enabling credential sent to the user in encrypted form, comprising:
- a network connection utilizing encrypted communication modes between said virtual private network and the user who communicates thereon;
  
  at least one SIM type module provided to said user and bearing an encryption mechanism and configured to communicate with at least an additional communication network;
  
  a user terminal provided to said user and configured to communicate with said at least one SIM type module;
  
  a gateway device associated with said virtual private network and configured to activate said encrypted communication modes and generate the at least one enabling credential;
  
  a server configured to receive the at least one enabling credential from the gateway device, and encrypt the at least one enabling credential using information associated with the encryption mechanism borne by the SIM type module;
  
  an inter working function with which said gateway device and the user are registered to entail identifying which ones, in a set of SIM type modules issued, are SIM type modules enabled to communicate on said virtual private network in relation to the gateway device;
  
  wherein the gateway device is further configured to receive the encrypted at least one enabling credential from the server and transmit to the user terminal an encrypted message containing the encrypted at least one enabling credential,wherein the gateway device is further configured to activate said virtual private network between said user and said gateway device, andwherein the user terminal decrypts the encrypted at least one enabling credential based on information generated by the SIM type module using the same encryption mechanism.
- View Dependent Claims (16, 17)
- - 16. The system as claimed in claim 15, wherein said at least one additional communication network comprises an authentication center to provide authentication data capable of activating said encryption mechanism.
  - 17. A public communication network configured to enable a user to communicate on a virtual private network through said public communication network, a possibility of communicating on said virtual private network depending on an availability to said user of at least one enabling credential sent to the user in encrypted form, the public communication network having a system according to claim 15.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Telecom Italia S.p.A.
Original Assignee
Telecom Italia S.p.A.
Inventors
Leone, Manuel, Caprella, Ettore Elio
Primary Examiner(s)
Flynn, Nathan
Assistant Examiner(s)
LAKHIA, VIRAL S

Application Number

US11/597,832
Publication Number

US 20080052769A1
Time in Patent Office

3,067 Days
Field of Search

726 17- 21, 726 2- 9, 380270-272, 709/221, 709/222, 713/153
US Class Current

726/4
CPC Class Codes

H04L 63/0272   Virtual private networks

H04L 63/0428   wherein the data content is...

H04L 63/0853   using an additional device,...

H04L 63/166   at the transport layer

H04W 12/03   Protecting confidentiality,...

H04W 12/06   Authentication

H04W 92/16   Interfaces between hierarch...

Method and system for a secure connection in communication networks

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for a secure connection in communication networks

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links