System and method for enabling VPN-less session setup for connecting mobile data devices to an enterprise data network
First Claim
Patent Images
1. A method, comprising:
- forwarding, from a first gateway server in a cellular network to a second gateway server in an enterprise network, a request to invoke a data session by a mobile terminal;
establishing a secure tunnel between the first gateway server and the second gateway server, wherein the secure tunnel supports selectable security and encryption specific to requirements of an enterprise network; and
transmitting data of the data session to the enterprise network;
wherein the data of the data session invoked without a virtual private network client operating on the mobile terminal is transmitted through a firewall of the enterprise network to one of a destination inside the enterprise network and a destination outside the enterprise network; and
wherein the secure tunnel established between the first gateway server and the second gateway server is established automatically via an internet protocol connection which is deployed in the cellular network in response to receipt of the request by at least one of the first gateway server and the second gateway server; and
wherein the mobile terminal is subjected to a data policy of the enterprise network irrespective of a location of the mobile terminal.
0 Assignments
0 Petitions
Accused Products
Abstract
A mobile application gateway configured to interconnect mobile communication devices on a cellular network with an enterprise network is provided. The mobile application gateway includes a voice and data signaling gateway configured to provide routing functionalities, service functionalities and admission control. A gateway GPRS support node (GGSN) is configured to establish a secure data session between one or more of the mobile communication devices and the enterprise network by establishing a GPRS tunneling protocol (GTP) tunnel between a carrier-hosted serving GPRS support node (SGSN) and the GGSN.
5 Citations
20 Claims
-
1. A method, comprising:
-
forwarding, from a first gateway server in a cellular network to a second gateway server in an enterprise network, a request to invoke a data session by a mobile terminal; establishing a secure tunnel between the first gateway server and the second gateway server, wherein the secure tunnel supports selectable security and encryption specific to requirements of an enterprise network; and transmitting data of the data session to the enterprise network; wherein the data of the data session invoked without a virtual private network client operating on the mobile terminal is transmitted through a firewall of the enterprise network to one of a destination inside the enterprise network and a destination outside the enterprise network; and wherein the secure tunnel established between the first gateway server and the second gateway server is established automatically via an internet protocol connection which is deployed in the cellular network in response to receipt of the request by at least one of the first gateway server and the second gateway server; and wherein the mobile terminal is subjected to a data policy of the enterprise network irrespective of a location of the mobile terminal. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A system, comprising:
-
a cellular network including a first gateway server configured to receive a request to invoke a data session issued by a mobile terminal of a cellular network; and an enterprise network including a second gateway server, wherein the first gateway server, responsive to receiving the request, forwards the request via a data network to the second gateway server; wherein a secure tunnel is established between the first gateway server and the second gateway server; wherein the secure tunnel may support selectable security and encryption specific to requirements of the enterprise network; wherein data of the data session is transmitted to the enterprise network; wherein the data of the data session invoked without a virtual private network client operating on the mobile terminal is transmitted through a firewall of the enterprise network to one of a destination inside the enterprise network and a destination outside the enterprise network; and wherein the secure tunnel established between the first gateway server and the second gateway server is established automatically via an internet protocol connection which is deployed in the cellular network in response to receipt of the request by at least one of the first gateway server and the second gateway server; and wherein the mobile terminal is subjected to a data policy of the enterprise network irrespective of a location of the mobile terminal. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A system, comprising:
-
a voice and data signaling gateway configured to provide routing functionalities, service functionalities and admission control; and a home agent configured to establish a secure data session between a mobile terminal and an enterprise network via a secure tunneling protocol between a carrier-hosted serving foreign agent and the home agent, wherein the secure tunneling protocol is established for the mobile terminal in response to receipt of a request to invoke a data session issued by the mobile terminal, wherein a first gateway server deployed in the cellular network forwards the request to a second gateway server deployed in the enterprise network, wherein a secure tunnel is established between the first gateway server and the second gateway server, wherein the secure tunnel may support selectable security and encryption specific to requirements of the enterprise network; wherein the data of the data session invoked without a virtual private network client operating on the mobile terminal is transmitted through a firewall of the enterprise network to one of the a destination inside the enterprise network and a destination outside the enterprise network; and wherein the secure tunnel established between the first gateway server and the second gateway server is established automatically via an internet protocol connection which is deployed in the cellular network in response to receipt of the request by at least one of the gateway server and the second gateway server; and wherein the mobile terminal is subjected to a data policy of the enterprise network irrespective of a location of the mobile terminal.
-
Specification