System and method for enabling VPN-less session setup for connecting mobile data devices to an enterprise data network

US 9,036,591 B2
Filed: 08/12/2013
Issued: 05/19/2015
Est. Priority Date: 03/02/2006
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

forwarding, from a first gateway server in a cellular network to a second gateway server in an enterprise network, a request to invoke a data session by a mobile terminal;

establishing a secure tunnel between the first gateway server and the second gateway server, wherein the secure tunnel supports selectable security and encryption specific to requirements of an enterprise network; and

transmitting data of the data session to the enterprise network;

wherein the data of the data session invoked without a virtual private network client operating on the mobile terminal is transmitted through a firewall of the enterprise network to one of a destination inside the enterprise network and a destination outside the enterprise network; and

wherein the secure tunnel established between the first gateway server and the second gateway server is established automatically via an internet protocol connection which is deployed in the cellular network in response to receipt of the request by at least one of the first gateway server and the second gateway server; and

wherein the mobile terminal is subjected to a data policy of the enterprise network irrespective of a location of the mobile terminal.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A mobile application gateway configured to interconnect mobile communication devices on a cellular network with an enterprise network is provided. The mobile application gateway includes a voice and data signaling gateway configured to provide routing functionalities, service functionalities and admission control. A gateway GPRS support node (GGSN) is configured to establish a secure data session between one or more of the mobile communication devices and the enterprise network by establishing a GPRS tunneling protocol (GTP) tunnel between a carrier-hosted serving GPRS support node (SGSN) and the GGSN.

5 Citations

View as Search Results

20 Claims

1. A method, comprising:
- forwarding, from a first gateway server in a cellular network to a second gateway server in an enterprise network, a request to invoke a data session by a mobile terminal;
  
  establishing a secure tunnel between the first gateway server and the second gateway server, wherein the secure tunnel supports selectable security and encryption specific to requirements of an enterprise network; and
  
  transmitting data of the data session to the enterprise network;
  
  wherein the data of the data session invoked without a virtual private network client operating on the mobile terminal is transmitted through a firewall of the enterprise network to one of a destination inside the enterprise network and a destination outside the enterprise network; and
  
  wherein the secure tunnel established between the first gateway server and the second gateway server is established automatically via an internet protocol connection which is deployed in the cellular network in response to receipt of the request by at least one of the first gateway server and the second gateway server; and
  
  wherein the mobile terminal is subjected to a data policy of the enterprise network irrespective of a location of the mobile terminal.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein the first gateway server and the second gateway server together comprise one of a Gateway General Packet Radio Service Support Node (GGSN) and a Home Agent (HA).
  - 3. The method of claim 1, wherein the request to invoke the data session issued by the mobile terminal occurs via a data network.
  - 4. The method of claim 3, wherein the data network is deployed in the enterprise network.
  - 5. The method of claim 1, wherein the data session is invoked without a virtual private network client operating on the mobile terminal.
  - 6. The method of claim 1 comprising identifying, by the first gateway server, the enterprise network based on identified information corresponding to the mobile terminal.
  - 7. The method of claim 1, wherein data of the data session is transmitted through a firewall of the enterprise network to a destination outside the enterprise network.
  - 8. The method of claim 1, wherein the secure tunnel established between the first gateway server and the second gateway server is established automatically in response to receipt of the request by at least one of the first gateway server and the second gateway server.
  - 9. The method of claim 1, wherein the secure tunnel established between the first gateway server and the second gateway server permits one of a Gateway General Packet Radio Service Support Node (GGSN) and a Home Agent (HA) function to be performed by the first gateway server and one of a GGSN or HA function to be performed by the second gateway server.
  - 10. The method of claim 1, further comprising selecting encryption specific to the requirements of the enterprise network as supported by the secure tunnel established between the enterprise network and the cellular network.

11. A system, comprising:
- a cellular network including a first gateway server configured to receive a request to invoke a data session issued by a mobile terminal of a cellular network; and
  
  an enterprise network including a second gateway server,wherein the first gateway server, responsive to receiving the request, forwards the request via a data network to the second gateway server;
  
  wherein a secure tunnel is established between the first gateway server and the second gateway server;
  
  wherein the secure tunnel may support selectable security and encryption specific to requirements of the enterprise network;
  
  wherein data of the data session is transmitted to the enterprise network;
  
  wherein the data of the data session invoked without a virtual private network client operating on the mobile terminal is transmitted through a firewall of the enterprise network to one of a destination inside the enterprise network and a destination outside the enterprise network; and
  
  wherein the secure tunnel established between the first gateway server and the second gateway server is established automatically via an internet protocol connection which is deployed in the cellular network in response to receipt of the request by at least one of the first gateway server and the second gateway server; and
  
  wherein the mobile terminal is subjected to a data policy of the enterprise network irrespective of a location of the mobile terminal.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
- - 12. The system of claim 11, wherein the first gateway server and the second gateway server together comprise one of a Gateway General Packet Radio Service Support Node (GGSN) and a Home Agent (HA).
  - 13. The system of claim 11, wherein the request to invoke the data session issued by the mobile terminal occurs via a data network.
  - 14. The system of claim 13, wherein the data network is deployed in the enterprise network.
  - 15. The system of claim 11, wherein the data session is invoked without a virtual private network client operating on the mobile terminal.
  - 16. The system of claim 11, wherein the first gateway server identifies the enterprise network based on identified information corresponding to the mobile terminal.
  - 17. The system of claim 11, wherein data of the data session is transmitted through a firewall of the enterprise network to a destination outside the enterprise network.
  - 18. The system of claim 11, wherein the secure tunnel established between the first gateway server and the second gateway server is established automatically in response to receipt of the request by at least one of the first gateway server and the second gateway server.
  - 19. The system of claim 11, wherein the secure tunnel established between the first gateway server and the second gateway server permits one of a Gateway General Packet Radio Service Support Node (GGSN) and a Home Agent (HA) function performed to be performed by the first gateway server and one of a GGSN or HA function to be performed by the second gateway server.

20. A system, comprising:
- a voice and data signaling gateway configured to provide routing functionalities, service functionalities and admission control; and
  
  a home agent configured to establish a secure data session between a mobile terminal and an enterprise network via a secure tunneling protocol between a carrier-hosted serving foreign agent and the home agent, wherein the secure tunneling protocol is established for the mobile terminal in response to receipt of a request to invoke a data session issued by the mobile terminal, wherein a first gateway server deployed in the cellular network forwards the request to a second gateway server deployed in the enterprise network, wherein a secure tunnel is established between the first gateway server and the second gateway server, wherein the secure tunnel may support selectable security and encryption specific to requirements of the enterprise network;
  
  wherein the data of the data session invoked without a virtual private network client operating on the mobile terminal is transmitted through a firewall of the enterprise network to one of the a destination inside the enterprise network and a destination outside the enterprise network; and
  
  wherein the secure tunnel established between the first gateway server and the second gateway server is established automatically via an internet protocol connection which is deployed in the cellular network in response to receipt of the request by at least one of the gateway server and the second gateway server; and
  
  wherein the mobile terminal is subjected to a data policy of the enterprise network irrespective of a location of the mobile terminal.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Tango Networks Incorporated
Original Assignee
Tango Networks Incorporated
Inventors
Silver, Andrew
Primary Examiner(s)
Sivji, Nizar

Application Number

US13/964,343
Publication Number

US 20130329884A1
Time in Patent Office

645 Days
Field of Search

455/414, 455/466, 455/426, 455/517, 455/435, 455/436, 370/330, 370/313, 370/401, 709/229, 709/249
US Class Current

370/329
CPC Class Codes

H04L 12/66   Arrangements for connecting...

H04L 65/1016   IP multimedia subsystem [IMS]

H04L 65/1023   Media gateways

H04L 65/1033   Signalling gateways

H04L 65/104   in the network

H04L 65/1053   IP private branch exchange ...

H04L 65/1069   Session establishment or de...

H04L 65/1096   Supplementary features, e.g...

H04M 15/00   Arrangements for metering, ...

H04M 15/57   for integrated multimedia m...

H04M 15/63   based on the content carrie...

H04M 15/8292   Charging for signaling or u...

H04M 2203/1091   Fixed mobile conversion

H04M 2215/208   IMS, i.e. Integrated Multim...

H04M 3/42042   Notifying the called party ...

H04M 3/42314   in private branch exchanges

H04M 3/543   Call deflection

H04M 5/12   Calling substations, e.g. b...

H04M 7/006   Networks other than PSTN/IS...

H04Q 2213/13034   A/D conversion, code compre...

H04Q 2213/1307 : Call setup

H04Q 2213/13091 : CLI, identification of call...

H04Q 2213/13098 : Mobile subscriber

H04Q 2213/13109 : Initializing, personal profile

H04Q 2213/13176 : Common channel signaling, CCS7

H04Q 2213/1318 : Ringing

H04Q 2213/13196 : Connection circuit/link/tru...

H04Q 2213/13204 : Protocols

H04Q 2213/1322 : PBX

H04Q 2213/13224 : Off-net subscriber, dial in...

H04Q 2213/13296 : Packet switching, X.25, fra...

H04Q 2213/13348 : Channel/line reservation

H04Q 2213/13384 : Inter-PBX traffic, PBX netw...

H04Q 2213/13389 : LAN, internet

H04Q 2213/13405 : Dual frequency signaling, DTMF

H04Q 2213/13407 : Detection of data transmiss...

H04Q 3/0025 : Provisions for signalling

H04Q 3/0045 : involving hybrid, i.e. a mi...

H04Q 3/62 : for connecting to private b...

H04Q 3/72 : Finding out and indicating ...

H04W 12/03 : Protecting confidentiality,...

H04W 4/16 : Communication-related suppl...

H04W 4/20 : Services signaling; Auxilia...

H04W 40/00 : Communication routing or co...

H04W 76/10 : Connection setup

H04W 76/12 : Setup of transport tunnels

H04W 76/19 : Connection re-establishment

H04W 76/22 : Manipulation of transport t...

H04W 76/30 : Connection release

H04W 8/12 : between location registers ...

H04W 80/00 : Wireless network protocols ...

H04W 84/16 : WPBX [Wireless Private Bran...

H04W 88/16 : Gateway arrangements

H04W 92/02 : Inter-networking arrangements

H04W 92/06 : between gateways and public...

View All

System and method for enabling VPN-less session setup for connecting mobile data devices to an enterprise data network

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

5 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

System and method for enabling VPN-less session setup for connecting mobile data devices to an enterprise data network

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

5 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others