System and method for enabling VPN-less session setup for connecting mobile data devices to an enterprise data network

US 8,537,770 B2
Filed: 04/20/2012
Issued: 09/17/2013
Est. Priority Date: 03/02/2006
Status: Active Grant

First Claim

Patent Images

1. A method for provisioning a data service in a telecommunications network, comprising:

receiving, by a first gateway server a request to invoke a data session issued by a mobile terminal;

responsive to receiving the request, forwarding the request to a second gateway server, via a data network, deployed in an enterprise network;

establishing a secure tunnel between the first gateway server and the second gateway server, wherein the secure tunnel supports selectable security and encryption specific to requirements of the enterprise network;

transmitting data of the data session to the enterprise networkidentifying, by the first gateway server, the enterprise network based on identified information corresponding to the mobile terminal; and

deploying the second gateway server in the enterprise network and interfacing with the first gateway server via an Internet Protocol connection which is deployed in a cellular network;

wherein the mobile terminal is subjected to a data policy of the enterprise network irrespective of a location of the mobile terminal.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A mobile application gateway configured to interconnect mobile communication devices on a cellular network with an enterprise network is provided. The mobile application gateway includes a voice and data signaling gateway configured to provide routing functionalities, service functionalities and admission control. A gateway GPRS support node (GGSN) is configured to establish a secure data session between one or more of the mobile communication devices and the enterprise network by establishing a GPRS tunneling protocol (GTP) tunnel between a carrier-hosted serving GPRS support node (SGSN) and the GGSN.

10 Citations

View as Search Results

14 Claims

1. A method for provisioning a data service in a telecommunications network, comprising:
- receiving, by a first gateway server a request to invoke a data session issued by a mobile terminal;
  
  responsive to receiving the request, forwarding the request to a second gateway server, via a data network, deployed in an enterprise network;
  
  establishing a secure tunnel between the first gateway server and the second gateway server, wherein the secure tunnel supports selectable security and encryption specific to requirements of the enterprise network;
  
  transmitting data of the data session to the enterprise networkidentifying, by the first gateway server, the enterprise network based on identified information corresponding to the mobile terminal; and
  
  deploying the second gateway server in the enterprise network and interfacing with the first gateway server via an Internet Protocol connection which is deployed in a cellular network;
  
  wherein the mobile terminal is subjected to a data policy of the enterprise network irrespective of a location of the mobile terminal.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the first gateway server and the second gateway server together comprise one of a Gateway General Packet Radio Service Support Node (GGSN) and a Home Agent (HA).
  - 3. The method of claim 1, wherein the data session is invoked without a virtual private network client operating on the mobile terminal.
  - 4. The method of claim 1, wherein the data session is routed through the enterprise network without an interaction with the originating party, and wherein data of the data session is transmitted through a firewall of the enterprise network to a destination outside the enterprise network.
  - 5. The method of claim 2, wherein the secure tunnel established between the first gateway server and the second gateway server is established automatically in response to receipt of the request by the first gateway server.
  - 6. The method of claim 5, wherein the secure tunnel established between the first gateway server and the second gateway server permits one of a GGSN or HA function to be performed by the first gateway server and one of a GGSN or HA function to be performed by the second gateway server.
  - 7. The method of claim 1, further comprising:
    - selecting encryption specific to the requirements of the enterprise network as supported by the secure tunnel established between the enterprise network and the cellular network.

8. A system for provisioning a data service in a telecommunications network, the system comprising:
- a cellular network including a first gateway server configured to receive a request to invoke a data session issued by a mobile terminal of the cellular network; and
  
  an enterprise network including a second gateway server,wherein the first gateway server, responsive to receiving the request, identifies the enterprise network and forwards the request via a data network to the second gateway server, wherein a secure tunnel is established between the first gateway server and the second gateway server, wherein the secure tunnel may support selectable security and encryption specific to requirements of the enterprise network, and wherein data of the data session is transmitted to the enterprise network,wherein the first gateway server identifies the enterprise network based on identified information corresponding to the mobile terminal, and wherein the second gateway server is deployed in the enterprise network and interfaces with the first gateway server via an Internet Protocol connection which is deployed in the cellular network; and
  
  wherein the mobile terminal is subjected to a data policy of the enterprise network irrespective of a location of the mobile terminal.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The system of claim 8, wherein the first gateway server and the second gateway server together comprise one of a Gateway General Packet Radio Service Support Node (GGSN) and a Home Agent (HA).
  - 10. The system of claim 8, wherein the data session is invoked without a virtual private network client operating on the mobile terminal.
  - 11. The system of claim 8, wherein the data session is routed through the enterprise network without an interaction with the originating party, and wherein data of the data session is transmitted through a firewall of the enterprise network to a destination outside the enterprise network.
  - 12. The system of claim 9, wherein the secure tunnel established between the first gateway server and the second gateway server is established automatically in response to receipt of the request by the first gateway server.
  - 13. The system of claim 12, wherein the secure tunnel established between the first gateway server and the second gateway server permits one of a GGSN or HA function performed to be performed by the first gateway server and one of a GGSN or HA function to be performed by the second gateway server.

14. A system configured to interconnect mobile communication devices on a cellular network with an enterprise network, comprising:
- a voice and data signaling gateway configured to provide routing functionalities, service functionalities and admission control; and
  
  a home agent configured to establish a secure data session between a mobile terminal and the enterprise network by establishing a secure tunneling protocol between a carrier-hosted serving foreign agent and the home agent, wherein the secure tunneling protocol is established for the mobile terminal in response to receipt of a request to invoke a data session issued by the mobile terminal, wherein a first gateway server deployed in the cellular network identifies the enterprise network, responsive thereto, forwards the request to a second gateway server that is Internet Protocol interfaced with the first gateway server deployed in the enterprise network, wherein a secure tunnel is established between the first gateway server and the second gateway server, wherein the secure tunnel may support selectable security and encryption specific to requirements of the enterprise network,wherein the first gateway server identifies the enterprise network based on identified information corresponding to the mobile terminal, and wherein the second gateway server is deployed in the enterprise network and interfaces with the first gateway server via an Internet Protocol connection which is deployed in the cellular network; and
  
  wherein the mobile terminal is subjected to a data policy of the enterprise network irrespective of a location of the mobile terminal.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Tango Networks Incorporated
Original Assignee
Tango Networks Incorporated
Inventors
Silver, Andrew
Primary Examiner(s)
SIVJI, NIZAR N

Application Number

US13/451,756
Publication Number

US 20120204252A1
Time in Patent Office

515 Days
Field of Search

455/414, 455/466, 455/426, 455/517, 455/435, 455/436, 370/330, 370/313, 370/401, 709/229, 709/249
US Class Current

370/329
CPC Class Codes

H04L 12/66   Arrangements for connecting...

H04L 65/1016   IP multimedia subsystem [IMS]

H04L 65/1023   Media gateways

H04L 65/1033   Signalling gateways

H04L 65/104   in the network

H04L 65/1053   IP private branch exchange ...

H04L 65/1069   Session establishment or de...

H04L 65/1096   Supplementary features, e.g...

H04M 15/00   Arrangements for metering, ...

H04M 15/57   for integrated multimedia m...

H04M 15/63   based on the content carrie...

H04M 15/8292   Charging for signaling or u...

H04M 2203/1091   Fixed mobile conversion

H04M 2215/208   IMS, i.e. Integrated Multim...

H04M 3/42042   Notifying the called party ...

H04M 3/42314   in private branch exchanges

H04M 3/543   Call deflection

H04M 5/12   Calling substations, e.g. b...

H04M 7/006   Networks other than PSTN/IS...

H04Q 2213/13034   A/D conversion, code compre...

H04Q 2213/1307 : Call setup

H04Q 2213/13091 : CLI, identification of call...

H04Q 2213/13098 : Mobile subscriber

H04Q 2213/13109 : Initializing, personal profile

H04Q 2213/13176 : Common channel signaling, CCS7

H04Q 2213/1318 : Ringing

H04Q 2213/13196 : Connection circuit/link/tru...

H04Q 2213/13204 : Protocols

H04Q 2213/1322 : PBX

H04Q 2213/13224 : Off-net subscriber, dial in...

H04Q 2213/13296 : Packet switching, X.25, fra...

H04Q 2213/13348 : Channel/line reservation

H04Q 2213/13384 : Inter-PBX traffic, PBX netw...

H04Q 2213/13389 : LAN, internet

H04Q 2213/13405 : Dual frequency signaling, DTMF

H04Q 2213/13407 : Detection of data transmiss...

H04Q 3/0025 : Provisions for signalling

H04Q 3/0045 : involving hybrid, i.e. a mi...

H04Q 3/62 : for connecting to private b...

H04Q 3/72 : Finding out and indicating ...

H04W 12/03 : Protecting confidentiality,...

H04W 4/16 : Communication-related suppl...

H04W 4/20 : Services signaling; Auxilia...

H04W 40/00 : Communication routing or co...

H04W 76/10 : Connection setup

H04W 76/12 : Setup of transport tunnels

H04W 76/19 : Connection re-establishment

H04W 76/22 : Manipulation of transport t...

H04W 76/30 : Connection release

H04W 8/12 : between location registers ...

H04W 80/00 : Wireless network protocols ...

H04W 84/16 : WPBX [Wireless Private Bran...

H04W 88/16 : Gateway arrangements

H04W 92/02 : Inter-networking arrangements

H04W 92/06 : between gateways and public...

View All

System and method for enabling VPN-less session setup for connecting mobile data devices to an enterprise data network

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

10 Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for enabling VPN-less session setup for connecting mobile data devices to an enterprise data network

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

10 Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links