Secure network communications in a mobile device over IPsec

US 9,794,225 B2
Filed: 06/29/2015
Issued: 10/17/2017
Est. Priority Date: 01/31/2005
Status: Active Grant

First Claim

Patent Images

1. A method of communicating with secure endpoints included within a secured network from a mobile device external to the secured network, the method comprising:

initiating a virtual private network (VPN) based secure connection to a VPN appliance;

initializing a stealth-based service on the mobile device;

transmitting user credential information from the mobile device to a virtual data relay (VDR) broker via the VPN appliance;

receiving status information from the VDR broker identifying a VDR associated with the mobile device and providing a connected status; and

communicating with one or more secure endpoints within the secured network via a VPN connection to the VDR via the VPN appliance and through the VDR to the one or more secure endpoints within a community of interest based on user credential information transmitted to the VDR broker.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and systems of communicating with secure endpoints included within a secured network from a mobile device external to the secured network is disclosed. The method includes initiating a VPN-based secure connection to a VPN appliance, and initializing a stealth-based service on the mobile device. The method further includes transmitting user credential information from the mobile device to a VDR broker via the VPN appliance, and receiving status information from the VDR broker identifying a VDR associated with the mobile device and providing a connected status. The method also includes communicating with one or more secure endpoints within the secured network via a VPN connection to the VDR via the VPN appliance and through the VDR to the one or more secure endpoints within a community of interest based on the user credential information transmitted to the VDR broker.

Citations

14 Claims

1. A method of communicating with secure endpoints included within a secured network from a mobile device external to the secured network, the method comprising:
- initiating a virtual private network (VPN) based secure connection to a VPN appliance;
  
  initializing a stealth-based service on the mobile device;
  
  transmitting user credential information from the mobile device to a virtual data relay (VDR) broker via the VPN appliance;
  
  receiving status information from the VDR broker identifying a VDR associated with the mobile device and providing a connected status; and
  
  communicating with one or more secure endpoints within the secured network via a VPN connection to the VDR via the VPN appliance and through the VDR to the one or more secure endpoints within a community of interest based on user credential information transmitted to the VDR broker.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the community of interest includes a user of the mobile device and the one or more secure endpoints but excludes one or more second endpoints within the secured network, wherein the one or more second endpoints are obscured to the user of the mobile device while the mobile device has the connected status.
  - 3. The method of claim 1, wherein the mobile device includes a mobile security application installed thereon.
  - 4. The method of claim 1, wherein the mobile device includes a first application and a second application installed thereon, and wherein the user credential information is collected by the first application.
  - 5. The method of claim 4, wherein communicating with one or more secure endpoints comprises initiating communication from the first application, wherein the second application is excluded from the community of interest and lacks access to the one or more secure endpoints.
  - 6. The method of claim 4, further comprising:
    - transmitting second user credential information from the second application on the mobile device to the VDR broker;
      
      receiving status information from the VDR broker identifying a second VDR associated with the mobile device and providing the connected status; and
      
      communicating with one or more second secure endpoints within the secured network via a VPN connection to the second VDR via the VPN appliance and through the second VDR to the one or more second secure endpoints within a second community of interest based on the second user credential information.
  - 7. The method of claim 1, further comprising transmitting a tunnel close command to the VDR broker via the VPN appliance.
  - 8. The method of claim 7, wherein transmission of the tunnel close command causes the VPN appliance to close a VPN tunnel and causes the VDR broker to shut down the VDR associated with the mobile device.

9. A system for enabling communication between a mobile device and one or more secure endpoints included within a secured network, the system comprising:
- a mobile gateway communicatively connectable to the mobile device via a tunneled connection, configured to manage a plurality of a virtual data recorder (VDR) connectivity states for each VDR connection, the plurality of VDR connectivity states including;
  
  an inactive state;
  
  a request VDR state;
  
  an assigned VDR state;
  
  a provisioning request state; and
  
  a community of interest (COI) active state;
  
  the mobile gateway including;
  
  a processor operating as a VDR broker and configured to allocate VDRs to mobile devices based on authentication credentials received from the mobile devices and obtain key information to provide to the allocated VDRs for use in secure communications within the secured network;
  
  one or more VDRs associated with the mobile device and providing proxied secure communications using the key information obtained from an authentication server based on the authentication credentials provided by the mobile device.
- View Dependent Claims (10, 11, 12, 13, 14)
- - 10. The system of claim 9, further comprising the mobile device, wherein the mobile device includes a Stealth connectivity application installed thereon.
  - 11. The system of claim 10, further comprising a VPN appliance connected between the mobile device and the mobile gateway.
  - 12. The system of claim 9, further comprising the authentication server, wherein the authentication server is within the secured network communicatively connected to the mobile gateway.
  - 13. The system of claim 9, further comprising a licensing VDR at the mobile gateway configured to maintain a licensing tunnel to a licensing server within the secured network, wherein, upon failure of the licensing tunnel, each of the VDRs allocated at the mobile gateway are interrupted.
  - 14. The system of claim 9, wherein the key information is associated with a community of interest of which the mobile device is a member based on the received authentication credentials.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Unisys Corporation
Original Assignee
Unisys Corporation
Inventors
Johnson, Robert A, Trocki, James, Vallevand, Mark K, Rajcan, Steven L, Hinaman, Ted
Primary Examiner(s)
Zaidi, Syed

Application Number

US14/753,146
Publication Number

US 20150382193A1
Time in Patent Office

841 Days
Field of Search

726 15
US Class Current
CPC Class Codes

H04L 63/0272   Virtual private networks

H04L 63/08   for authentication of entit...

H04L 63/104   Grouping of entities

H04W 88/16   Gateway arrangements

Secure network communications in a mobile device over IPsec

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Secure network communications in a mobile device over IPsec

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links