Enabling secure network mobile device communications

US 9,912,663 B2
Filed: 02/08/2017
Issued: 03/06/2018
Est. Priority Date: 01/31/2005
Status: Active Grant

First Claim

Patent Images

1. A method of enabling communication between a mobile device and one or more secure endpoints included within a secured network, the method comprising:

receiving user credentials from the mobile device at a virtual data relay (VDR) broker within a gateway;

allocating a virtual data relay (VDR) at the gateway;

retrieving a wrapping key associated with the VDR;

transmitting a tuples request to an authentication server from the VDR broker, the tuples request including the user credentials;

receiving from the authentication server, one or more communities of interest (COIs) wrapped with the wrapping key associated with the VDR, the one or more COIs based on the user credentials; and

providing configuration information to the VDR.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and systems of communicating with secure endpoints included within a secured network from a mobile device external to the secured network is disclosed. The method includes initiating a VPN-based secure connection to a VPN appliance, and initializing a stealth-based service on the mobile device. The method further includes transmitting user credential information from the mobile device to a VDR broker via the VPN appliance, and receiving status information from the VDR broker identifying a VDR associated with the mobile device and providing a connected status. The method also includes communicating with one or more secure endpoints within the secured network via a VPN connection to the VDR via the VPN appliance and through the VDR to the one or more secure endpoints within a community of interest based on the user credential information transmitted to the VDR broker.

4 Citations

18 Claims

1. A method of enabling communication between a mobile device and one or more secure endpoints included within a secured network, the method comprising:
- receiving user credentials from the mobile device at a virtual data relay (VDR) broker within a gateway;
  
  allocating a virtual data relay (VDR) at the gateway;
  
  retrieving a wrapping key associated with the VDR;
  
  transmitting a tuples request to an authentication server from the VDR broker, the tuples request including the user credentials;
  
  receiving from the authentication server, one or more communities of interest (COIs) wrapped with the wrapping key associated with the VDR, the one or more COIs based on the user credentials; and
  
  providing configuration information to the VDR.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, further comprising the VDR opening a license tunnel to a home stealth appliance.
  - 3. The method of claim 1, further comprising receiving status information from the VDR at the VDR broker.
  - 4. The method of claim 1, wherein the wrapping key is provided to the VDR broker by the VDR.
  - 5. The method of claim 1, further comprising returning status information regarding the VDR to the mobile device.
  - 6. The method of claim 1, further comprising establishing a secured connection between the mobile device and the gateway.
  - 7. The method of claim 6, wherein the secured connection between the mobile connection and the gateway comprises a virtual private network (VPN) connection established via a VPN appliance.
  - 8. The method of claim 1, further comprising receiving a tuples XML file from the authentication server in response to the tuples request.

9. A gateway comprising:
- a programmable circuit;
  
  a memory operatively connected to the programmable circuit and storing instructions which, when executed by the programmable circuit, cause the gateway to perform;
  
  receiving user credentials from the mobile device at a virtual data relay (VDR) broker within the gateway;
  
  allocating a virtual data relay (VDR) at the gateway;
  
  retrieving a wrapping key associated with the VDR;
  
  transmitting a tuples request to an authentication server from the VDR broker, the tuples request including the user credentials;
  
  receiving from the authentication server, one or more communities of interest (COIs) wrapped with the wrapping key associated with the VDR, the one or more COIs based on the user credentials; and
  
  providing configuration information to the VDR.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 10. The gateway according to claim 9, wherein the wrapping key is provided to the VDR broker by the VDR.
  - 11. The gateway according to claim 9, wherein the gateway further receives a tuples XML file from the authentication server in response to the tuples request.
  - 12. The gateway according to claim 9, wherein the VDR broker includes an authentication manager, a VPN manager, a VDR manager, a client application manager, an event manager, and a license manager.
  - 13. The gateway according to claim 12, wherein the event manager comprises a VDR table.
  - 14. The gateway according to claim 12, wherein the VDR manager is configured to manage a pool of available VDRs.
  - 15. The gateway according to claim 12, wherein the VPN manager is configured to receive client tunnel connection indications from a VPN server.
  - 16. The gateway according to claim 12, wherein the authentication manager is configured to authenticate the user credentials as being associated with the one or more COIs.
  - 17. The gateway according to claim 12, wherein the license manager is configured to manage a license tunnel connection to a license gateway.
  - 18. A communication network comprising:
    - the gateway according to claim 9;
      
      one or more mobile devices communicatively connected to the gateway; and
      
      a secure enterprise network comprising a plurality of computing devices, the plurality of computing devices being associated with the one or more communities of interest.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Unisys Corporation
Original Assignee
Unisys Corporation
Inventors
Johnson, Robert A, Trocki, James, Vallevand, Mark K, Rajcan, Steven L, Hinaman, Ted
Primary Examiner(s)
ZAIDI, SYED A

Application Number

US15/427,167
Publication Number

US 20170237735A1
Time in Patent Office

391 Days
Field of Search

726 15
US Class Current
CPC Class Codes

H04L 12/4641   Virtual LANs, VLANs, e.g. v...

H04L 63/0272   Virtual private networks

H04L 63/029   Firewall traversal, e.g. tu...

H04L 63/083   using passwords cryptograph...

H04L 63/0884   by delegation of authentica...

H04L 63/104   Grouping of entities

H04W 12/069   using certificates or pre-s...

H04W 72/04   Wireless resource allocation

H04W 88/16   Gateway arrangements

Enabling secure network mobile device communications

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

4 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Enabling secure network mobile device communications

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

4 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links