Method and apparatus for providing secure connectivity in mobile and other intermittent computing environments
First Claim
1. A method of maintaining network communications with a mobile or other intermittently connected computing device executing at least one networked application that participates in at least one network application session, comprising:
- (a) detecting the occurrence of an event affecting network communications with the computing device, and (b) in response to said detection, terminating, instantiating, and/or reinstantiating an IP Security session for use by said computing device while maintaining said network application session(s).
18 Assignments
0 Petitions
Accused Products
Abstract
Method and apparatus for enabling secure connectivity using standards-based Virtual Private Network (VPN) IPSEC algorithms in a mobile and intermittently connected computing environment enhance the current standards based algorithms by allowing migratory devices to automatically (re)establish security sessions as the mobile end system roams across homogeneous or heterogeneous networks while maintaining network application session. The transitions between and among networks occur seamlessly—shielding networked applications from interruptions in connectivity. The applications and/or users need not be aware of these transitions, although intervention is possible. The method does not require modification to existing network infrastructure and/or modification to networked applications.
496 Citations
60 Claims
-
1. A method of maintaining network communications with a mobile or other intermittently connected computing device executing at least one networked application that participates in at least one network application session, comprising:
-
(a) detecting the occurrence of an event affecting network communications with the computing device, and (b) in response to said detection, terminating, instantiating, and/or reinstantiating an IP Security session for use by said computing device while maintaining said network application session(s). - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A method of modifying an operating environment having at least one software component, said operating environment using transport engine protocols and running at least one application, the method comprising:
-
(a) transparently and selectively injecting computer instructions into said operating environment; and
(b) redirecting the execution path of said at least one software component to achieve additional functionality while maintaining binary compatibility with said operating environment component(s), said transport engine protocols and said applications. - View Dependent Claims (13)
-
-
14. A method of providing data communications in a mobile computing environment, said environment including at least one device using at least one network interface for network applications and operating system components, comprising:
-
(a) selectively and transparently virtualizing said at least one network interface, thereby shielding said network applications and operating system components from at least some characteristics of said mobile computing environment, and (b) allowing other said components to remain cognizant of at least interruptions in connectivity and changes in network point of attachment.
-
-
15. A method for providing data communications in an environment including at least one device using at least one network interface for network applications and operating system components, comprising:
-
(a) selectively virtualizing said at least one network interface, thereby shielding said network applications and operating system components from at least some adverse events that may otherwise disturb communications; and
(b) using said virtualized network interface to conduct data communications. - View Dependent Claims (16, 17)
-
-
18. A method for using plural IP Security sessions over a plurality of network interfaces associated with at least one network point of attachment, comprising:
-
(a) distributing network application communications to simultaneously flow over said plural IP Security sessions, and (b) multiplexing/demultiplexing said distributed communication flows into corresponding higher layer communications sessions. - View Dependent Claims (19, 20, 48)
-
-
21. A method comprising:
-
(a) facilitating the creation of plural IP Security sessions; and
(b) selectively allowing, denying and/or delaying the flow of network communications over at least one of said plural IP Security sessions based at least in part on applying policy rules. - View Dependent Claims (22)
-
-
23. A method of administering secure network connections comprising:
-
(a) establishing IP Security sessions within a computing network; and
(b) centrally managing and distributing policy regarding the establishment of said IP Security sessions from a central authority.
-
-
24. A method of proxying mobile communications comprising:
-
(a) establishing communications with a mobile device;
(b) establishing communications with an ultimate peer of said mobile device; and
(b) instantiating at least one of a possible plurality of IP Security sessions with said ultimate peer on behalf of said mobile device. - View Dependent Claims (25)
-
-
26. A method of proxying mobile communications comprising:
-
(a) establishing at least one IP Security session between said mobile device and a communication peer thereof; and
(b) maintaining said IP Security session with said communication peer during periods when said mobile device is unreachable.
-
-
27. A method of managing IP Security sessions between a mobility server and an ultimate communications peer, comprising:
-
(a) establishing at least one IP Security session between said mobility server and said ultimate communications peer; and
(b) automatically terminating said IP Security session in response to occurrence of a predetermined event. - View Dependent Claims (28)
-
-
29. A method of providing secure communications between a mobility client having a network identity, a mobility server and an ultimate communications peer, comprising:
-
(a) establishing at least one IP Security session between the mobility server and the ultimate peer; and
(b) securely maintaining said IP Security session even when the network identity of said mobility client changes.
-
-
30. In a system for maintaining network communications with a mobile or other intermittently connected computing device executing at least one networked application that participates in at least one network application session, said system comprising:
-
a detector that detects the occurrence of an event affecting network communications with the computing device, and a security module that, in response to said detection, instantiates or reinstantiates an IP Security session for use by said computing device while maintaining said network application session(s). - View Dependent Claims (31, 32, 33, 34, 35, 36, 37, 38, 39, 40)
-
- 41. An operating environment having at least one software component, said operating environment using transport engine protocols and running at least one application, the environment further comprising computer instructions transparently and selectively injected therein, wherein the injected computer instructions include a redirector that redirects the execution path of said at least one software component to achieve additional functionality while maintaining binary compatibility with said operating environment component(s), said transport engine protocols and said applications.
-
43. A mobile computing environment including at least one device using at least one network interface for network applications and operating system components, said environment comprising:
-
(a) instructions that selectively and transparently virtualize said at least one network interface, thereby shielding said network applications and operating system components from at least some characteristics of said mobile computing environment, and (b) further instructions that allow other said components to remain cognizant of at least interruptions in connectivity and changes in network point of attachment.
-
-
44. An environment including at least one device using at least one network interface for network applications and operating system components, said environment comprising:
-
instructions that selectively virtualize said at least one network interface, thereby shielding said network applications and operating system components from at least some adverse events that may otherwise disturb communications; and
additional structure that uses said virtualized network interface to conduct data communications. - View Dependent Claims (45, 46)
-
-
47. A system for using plural IP Security sessions over a plurality of network interfaces associated with at least one network point of attachment, comprising:
-
a data distributor that distributes network application communications to simultaneously flow over said plural IP Security sessions, and (b) a multiplexer/demultiplexer that multiplexes and demultiplexes said distributed communication flows into corresponding higher layer communications sessions. - View Dependent Claims (49)
-
-
50. A system comprising:
-
(a) a security framework that facilitates the creation of plural IP Security sessions; and
(b) a policy agent that selectively allows, denies and/or delays the flow of network communications over at least one of said plural IP Security sessions based at least in part on policy rules. - View Dependent Claims (51)
-
-
52. A system for administering secure network connections comprising:
-
a security framework that establishes IP Security sessions within a computing network; and
a central authority that centrally manages and distributes policy regarding the establishment of said IP Security sessions.
-
-
53. A mobility proxy comprising:
-
a communications structure that establishes communications with a mobile device and with an ultimate peer of said mobile device; and
a security component that instantiates at least one of a possible plurality of IP Security sessions with said ultimate peer on behalf of said mobile device. - View Dependent Claims (54)
-
-
55. A system for proxying mobile communications comprising:
-
communications means for establishing at least one IP Security session with said mobile device and a communication peer thereof; and
a means for maintaining said IP Security session with said communication peer during periods when said mobile device is unreachable.
-
-
56. A system for managing IP Security sessions between a mobility server and an ultimate communications peer, comprising:
-
means for establishing at least one IP Security session between said mobility server and said ultimate communications peer; and
means for automatically terminating said IP Security session in response to occurrence of a predetermined event. - View Dependent Claims (57)
-
-
58. A system for providing secure communications between a mobility client having a network identity, a mobility server and an ultimate communications peer, comprising:
-
means for establishing at least one IP Security session between the mobility server and the ultimate peer and the mobility client and the mobility server; and
means for securely maintaining said IP Security session even when the network identity of said mobility client changes.
-
-
59. A storage medium storing:
-
a first set of instructions that inserts a policy agent hooking runtime linkable module into an operating system having a policy agent and an IPSec infrastructure, said hooking module informing the policy agent of network state changes; and
a second set of instructions that inserts a network interface virtualizing driver into said operating system, said virtualizing driver virtualizing a client module network and initiating mobility server connections while selectively allowing the IPSec infrastructure to continue to be informed about network state changes.
-
-
60. A method of preparing a mobile device for secure communications, said mobile device having an operating environment including a policy agent and an IPSec infrastructure, said method comprising:
-
downloading over a computer network onto the mobile device and executing with the mobile device, a first set of instructions that insert a policy agent hooking run-time linkable module into the operating environment, said hooking module informing the policy agent of network state changes; and
downloading over the computer network and executing with the mobile device a second set of instructions that inserts a network interface virtualizing driver into said operating environment, said virtualizing driver virtualizing a client module network and initiating mobility server connections while selectively allowing the IPSec infrastructure to continue to be informed about network state changes.
-
Specification