Secure tunneling platform system and method

US 9,015,855 B2
Filed: 11/14/2012
Issued: 04/21/2015
Est. Priority Date: 12/30/2010
Status: Active Grant

First Claim

Patent Images

1. A system for identifying a user and for providing a virtual tunnel over the Internet for communications of the user, the system comprising:

a tunneling server module configured to receive a user request for authorization to communicate over the virtual tunnel pursuant to a virtual tunneling protocol, and to transmit, based on the user request, an authorization request to an authorization module;

the authorization module configured to receive the authorization request from the tunneling server module, and to transmit to the tunneling server module an authorization accept message for the user only when an authorization determination based on a password contained in the user request determines that the user has been authenticated, wherein the password is transmitted to the user by a remote server module and a transmission indicating the authorization determination is received by the authorization module from a server remote from the authorization module;

the tunneling server module configured to conduct communication with the user via the virtual tunnel only after the tunneling server module receives the authorization accept message for the user, to receive from the user via the virtual tunnel an Internet request, and to forward the Internet request to a destination address contained in the Internet request; and

the tunneling server module configured to receive, responsive to the Internet request, over the Internet, a reply, and to transmit the reply to the user.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system identifies a user, even a user behind a wireless router, and provides a virtual tunnel over the internet for communication with the user. A data center at an Internet Service Provider may work in concert with a central data center to authenticate the user and to provide access, for example using a layer 2 tunneling protocol and a point-to-point data (PPP) link protocol. A layer 2 tunneling protocol network server (LNS) may provide public IP address translation services.

74 Citations

View as Search Results

34 Claims

1. A system for identifying a user and for providing a virtual tunnel over the Internet for communications of the user, the system comprising:
- a tunneling server module configured to receive a user request for authorization to communicate over the virtual tunnel pursuant to a virtual tunneling protocol, and to transmit, based on the user request, an authorization request to an authorization module;
  
  the authorization module configured to receive the authorization request from the tunneling server module, and to transmit to the tunneling server module an authorization accept message for the user only when an authorization determination based on a password contained in the user request determines that the user has been authenticated, wherein the password is transmitted to the user by a remote server module and a transmission indicating the authorization determination is received by the authorization module from a server remote from the authorization module;
  
  the tunneling server module configured to conduct communication with the user via the virtual tunnel only after the tunneling server module receives the authorization accept message for the user, to receive from the user via the virtual tunnel an Internet request, and to forward the Internet request to a destination address contained in the Internet request; and
  
  the tunneling server module configured to receive, responsive to the Internet request, over the Internet, a reply, and to transmit the reply to the user.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The system of claim 1,wherein the tunneling server module is further configured to assign a public IP address to a user session for the user, wherein the reply is received by the tunneling server module as being addressed to the assigned public IP address;
    - andthe tunneling server module is further configured to convert the public IP address to a private IP address of the user before transmitting the reply to the user.
  - 3. The system of claim 2, wherein the tunneling server module assigns the public IP address to the user session according to port address translation and requests the private IP address and a port.
  - 4. The system of claim 1, wherein the virtual tunnel is a layer 2 tunneling protocol tunnel.
  - 5. The system of claim 1, wherein a point-to-point data link protocol session is established for the virtual tunnel.
  - 6. The system of claim 1, wherein the tunneling server module is a layer 2 tunneling protocol network server and the authorization module is a proxy RADIUS server distinct from the layer 2 tunneling protocol network server.
  - 7. The system of claim 1, wherein the tunneling server module is a layer 2 tunneling protocol network server, the authorization module is a proxy RADIUS server, and both the proxy RADIUS server and the tunneling server module are at a data center of an internet service provider.
  - 8. The system of claim 7, wherein the server remote from the authorization module is at a central data center remote from the data center of the internet service provider.
  - 9. The system of claim 8, wherein the central data center and the data center of the internet service provider communicate via dynamic context routers.
  - 10. The system of claim 8, further comprising a proxy RADIUS server at the central data center and configured to make the authorization determination based on the password.
  - 11. The system of claim 8, wherein the remote server module is located at the central data center.
  - 12. The system of claim 1, wherein the system provides a live platform for real time communication between the user and a remote destination via the Internet.

13. A method of identifying a user and providing a virtual tunnel for communication of the user over the Internet, the method comprising:
- receiving, by a tunneling server module, a user request for authorization to communicate over the virtual tunnel pursuant to a virtual tunneling protocol;
  
  transmitting by the tunneling server module, based on the user request, an authorization request to an authorization module;
  
  foreseeing by the authorization module, the authorization request from the tunneling server module, and transmitting to a remote authorization server a request for an authorization determination based on a password contained in the user request, the password having been received by the user from a remote user information server;
  
  receiving, by the authorization module, an authorization determination responsive to the request for authorization determination, and transmitting to the tunneling server module the response;
  
  conducting, by the tunneling server module, communication with the user via the virtual tunnel only after the tunneling server module receives an authorization accept message for the user as said response from the authorization module;
  
  receiving, via the tunneling server module, from the user via the virtual tunnel an Internet request, and forwarding the Internet request to a destination address contained in the Internet request, and receiving, by the tunneling server module, responsive to the Internet request, over the Internet, a reply to the Internet request, and transmitting the reply to the user.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
- - 14. The method of claim 13, further comprising assigning, by the tunneling server module, a public IP address for the communication session;
    - wherein the reply is received by the tunneling server module as addressed to the assigned public IP address;
      
      converting by the tunneling server module the public IP address to a private IP address of the user; and
      
      transmitting the reply to the user.
  - 15. The method of claim 14, wherein the translation by the tunneling server module includes a port address translation for the request that translates the private IP address and the port into the public IP address.
  - 16. The method of claim 13, wherein the virtual tunnel established is a layer 2 tunneling protocol tunnel conducted as a point-to-point data link protocol session.
  - 17. The method of claim 13, wherein the communication of the user is a live communication platform entailing real-time information.
  - 18. The method of claim 17, wherein the real-time communication is a voice-over IP communication.
  - 19. The method of claim 13, wherein the tunneling server module is a server located at a data center of an Internet Service Provider, and the authorization module is a RADIUS proxy server located at the data center of the Internet Service Provider, and the remote server is located remotely from the tunneling server module and the authorization module at a data center of a central data center.
  - 20. The method of claim 13, wherein a point-to-point over Ethernet encapsulation is used.

21. A method of identifying a user and providing a virtual tunnel for communication of the user over the Internet, the method comprising, by a tunneling server module:
- (A) receiving a user request to communicate over the virtual tunnel pursuant to a virtual tunneling protocol;
  
  (B) transmitting, based on the user request, an authorization request to an authorization module, the authorization request comprising a password, the password having been received by the user from a remote user information server;
  
  (C) receiving, from said authorization module, an authorization determination response; and
  
  then, only after the tunneling server module receives as said authorization determination an authorization accept message for the user,(D) conducting communication with the user via the virtual tunnel, including;
  
  (D)(1) receiving, from the user via the virtual tunnel, an Internet request, and forwarding the Internet request to a destination address contained in the Internet request, and(D)(2) receiving, responsive to the Internet request, over the Internet, a reply to the Internet request, and transmitting the reply to the user, whereinthe authorization module;
  
  (i) obtained the authorization request from the tunneling server module, (ii) transmitted to a remote authorization server a request for an authorization determination based on said password in the user request; and
  
  (iii) responsive to the request for authorization determination, received an authorization determination from the remote authorization server, and (iv) transmitted the authorization determination response to the tunneling server module.
- View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29)
- - 22. The method of claim 21, further comprising:
    - by the tunneling server module;
      
      assigning a first IP address for the communication session, wherein the reply received in (D)(2) by the tunneling server module is addressed to the assigned first IP address;
      
      converting the first IP address to a second IP address associated with the user; and
      
      transmitting the reply to the user.
  - 23. The method of claim 22 wherein the first IP address is a public IP address and wherein the second IP address is a private IP address.
  - 24. The method of claim 23, wherein address translation by the tunneling server module includes a port address translation for the request that translates the private IP address and the port into the public IP address.
  - 25. The method of claim 22, wherein (i) the tunneling server module comprises a server located at a data center of an Internet Service Provider (ISP), and (ii) the authorization module comprises a Remote Authentication Dial-In User Service (RADIUS) proxy server located at the data center of the ISP, and (iii) the remote user information server is located at location distinct from the tunneling server module and the authorization module.
  - 26. The method of claim 21, wherein the virtual tunnel comprises a layer 2 tunneling protocol tunnel.
  - 27. The method of claim 21, wherein a point-to-point data link protocol session is established for the virtual tunnel.
  - 28. The method of claim 21, wherein the tunneling server module comprises a layer 2 tunneling protocol network server and the authorization module comprises a proxy Remote Authentication Dial-In User Service (RADIUS) server distinct from the layer 2 tunneling protocol network server.
  - 29. The method of claim 28, wherein both the proxy RADIUS server and the tunneling server module are at a data center of an internet service provider.

30. A tunneling server module, operable in a system for identifying a user and for providing a virtual tunnel over the Internet for communications of the user, the tunneling server module configured to:
- (A) receive a user request to communicate over the virtual tunnel pursuant to a virtual tunneling protocol;
  
  (B) transmit, based on the user request, an authorization request to an authorization module, the authorization request comprising a password, the password having been received by the user from a remote user information server;
  
  (C) receive, from said authorization module, an authorization determination response; and
  
  , only after the tunneling server module receives as said authorization determination an authorization accept message for the user,(D)(1) receive, from the user via the virtual tunnel, an Internet request, and forward the Internet request to a destination address contained in the Internet request, and(D)(2) receive, responsive to the Internet request, over the Internet, a reply to the Internet request, and transmit the reply to the user, whereinthe authorization module;
  
  (i) obtained the authorization request from the tunneling server module, (ii) transmitted to a remote authorization server a request for an authorization determination based on said password in the user request; and
  
  (iii) responsive to the request for authorization determination, received an authorization determination from the remote authorization server, and (iv) transmitted the authorization determination response to the tunneling server module.
- View Dependent Claims (31, 32, 33, 34)
- - 31. The tunneling server module of claim 30, further configured to:
    - assign a first IP address for the communication session, wherein the reply received in (D)(2) is addressed to the assigned first IP address;
      
      convert the first IP address to a second IP address associated with the user; and
      
      transmit the reply to the user.
  - 32. The tunneling server module of claim 31 wherein the first IP address is a public IP address and wherein the second IP address is a private IP address.
  - 33. The tunneling server module of claim 32, wherein address translation by the tunneling server module includes port address translation for the request that translates the private IP address and the port into the public IP address.
  - 34. The tunneling server module of claim 30, wherein the tunneling server module comprises a layer 2 tunneling protocol network server and the authorization module comprises a proxy Remote Authentication Dial-In User Service (RADIUS) server distinct from the layer 2 tunneling protocol network server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Fon Wireless Ltd.
Original Assignee
Fon Wireless Ltd.
Inventors
Waisman-Diamond, Martin Varsavsky, Bcares Fernndez, Gonzalo Julin, Arginzoniz Cebreiro, Xabier Iurgi, Muoz Castro, Juan Manuel, Medrano, Pablo Martin
Primary Examiner(s)
POWERS, WILLIAM S

Application Number

US13/676,958
Publication Number

US 20130239181A1
Time in Patent Office

888 Days
Field of Search
US Class Current

726/27
CPC Class Codes

H04L 61/2514   between local and global IP...

H04L 63/083   using passwords cryptograph...

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 63/162   at the data link layer

H04L 63/30   for supporting lawful inter...

H04W 12/068   using credential vaults, e....

Secure tunneling platform system and method

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

74 Citations

34 Claims

Specification

Solutions

Use Cases

Quick Links

Secure tunneling platform system and method

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

74 Citations

34 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links