Remote access to local network via security gateway
Abstract
Multiple protocol tunnels (e.g., IPsec tunnels) are deployed to enable an access terminal that is connected to a network to access a local network associated with a femto access point. A first protocol tunnel is established between a security gateway and the femto access point. A second protocol tunnel is then established in either of two ways. In some implementations the second protocol tunnel is established between the access terminal and the security gateway. In other implementations the second protocol tunnel is established between the access terminal and the femto access point, whereby a portion of the tunnel is routed through the first tunnel.
Claims
exact text as granted — not AI-modifiedWhat is claimed is:
1 . A method of communication, comprising:
obtaining an identifier of an access point on a local network, wherein the access point is associated with a subscriber; storing the identifier in subscription information maintained for the subscriber at an authentication server coupled to a security gateway; receiving authentication information associated with an access terminal; authenticating the access terminal based on a determination that the authentication information corresponds to the subscription information; and providing the identifier of the access point to the security gateway to enable the access terminal to remotely access the local network via the access point.
2 . The method of claim 1 , wherein the authentication information is received as a result of a search by the access terminal to locate a security gateway that has established a first protocol tunnel between the security gateway and the access point.
3 . The method of claim 2 , wherein the identifier of the access point is provided by the security gateway to the access terminal based on a determination that the security gateway has established the first protocol tunnel between the security gateway and the access point.
4 . The method of claim 3 , wherein the security gateway and the access terminal each perform corresponding operations to establish a second protocol tunnel between the security gateway and the access terminal based on the determination that the security gateway has established the first protocol tunnel and the determination that the authentication information associated with the access terminal corresponds to the subscription information maintained for the subscriber.
5 . The method of claim 4 , wherein the corresponding operations to establish the second protocol tunnel include exchanging messages between the security gateway and the access terminal to allocate cryptographic keys for encrypting and decrypting information transmitted over the second protocol tunnel.
6 . The method of claim 1 , wherein the subscription information includes a plurality of identifiers each of which corresponds to one of a plurality of access points.
7 . The method of claim 6 , further comprising providing only identifiers of the plurality of identifiers that correspond to access points of the plurality of access points with which the security gateway has established a protocol tunnel.
8 . The method of claim 1 , wherein the access point is a small-coverage access point.
9 . An apparatus for communication, comprising:
a communication controller configured to obtain an identifier of an access point on a local network, wherein the access point is associated with a subscriber; and a database configured to store the identifier in subscription information maintained for the subscriber at an authentication server coupled to a security gateway; wherein the communication controller is further configured to:
receive authentication information associated with an access terminal;
authenticate the access terminal based on a determination that the authentication information corresponds to the subscription information; and
provide the identifier of the access point to the security gateway to enable the access terminal to remotely access the local network via the access point.
10 . The apparatus of claim 9 , wherein the authentication information is received as a result of a search by the access terminal to locate a security gateway that has established a first protocol tunnel between the security gateway and the access point.
11 . The apparatus of claim 10 , wherein the identifier of the access point is provided by the security gateway to the access terminal based on a determination that the security gateway has established the first protocol tunnel between the security gateway and the access point.
12 . The apparatus of claim 11 , wherein the security gateway and the access terminal each perform corresponding operations to establish a second protocol tunnel between the security gateway and the access terminal based on the determination that the security gateway has established the first protocol tunnel and the determination that the authentication information associated with the access terminal corresponds to the subscription information maintained for the subscriber.
13 . The apparatus of claim 12 , wherein the corresponding operations to establish the second protocol tunnel include exchanging messages between the security gateway and the access terminal to allocate cryptographic keys for encrypting and decrypting information transmitted over the second protocol tunnel.
14 . The apparatus of claim 9 , wherein the subscription information includes a plurality of identifiers each of which corresponds to one of a plurality of access points.
15 . The apparatus of claim 14 , wherein the communication controller is further configured to provide only identifiers of the plurality of identifiers that correspond to access points of the plurality of access points with which the security gateway has established a protocol tunnel.
16 . The apparatus of claim 9 , wherein the access point is a small-coverage access point.
17 . An apparatus for communication, comprising:
means for obtaining an identifier of an access point on a local network, wherein the access point is associated with a subscriber; means for storing the identifier in subscription information maintained for the subscriber at an authentication server coupled to a security gateway; means for receiving authentication information associated with an access terminal; means for authenticating the access terminal based on a determination that the authentication information corresponds to the subscription information; and means for providing the identifier of the access point to the security gateway to enable the access terminal to remotely access the local network via the access point.
18 . The apparatus of claim 17 , wherein the authentication information is received as a result of a search by the access terminal to locate a security gateway that has established a first protocol tunnel between the security gateway and the access point.
19 . The apparatus of claim 18 , wherein the identifier of the access point is provided by the security gateway to the access terminal based on a determination that the security gateway has established the first protocol tunnel between the security gateway and the access point.
20 . The apparatus of claim 19 , wherein the security gateway and the access terminal each perform corresponding operations to establish a second protocol tunnel between the security gateway and the access terminal based on the determination that the security gateway has established the first protocol tunnel and the determination that the authentication information associated with the access terminal corresponds to the subscription information maintained for the subscriber.
21 . The apparatus of claim 20 , wherein the corresponding operations to establish the second protocol tunnel include exchanging messages between the security gateway and the access terminal to allocate cryptographic keys for encrypting and decrypting information transmitted over the second protocol tunnel.
22 . The apparatus of claim 17 , wherein the subscription information includes a plurality of identifiers each of which corresponds to one of a plurality of access points.
23 . The apparatus of claim 22 , further comprising means for providing only identifiers of the plurality of identifiers that correspond to access points of the plurality of access points with which the security gateway has established a protocol tunnel.
24 . A non-transitory computer-readable medium storing computer executable code comprising:
code for obtaining an identifier of an access point on a local network, wherein the access point is associated with a subscriber; code for storing the identifier in subscription information maintained for the subscriber at an authentication server coupled to a security gateway; code for receiving authentication information associated with an access terminal; code for authenticating the access terminal based on a determination that the authentication information corresponds to the subscription information; and code for providing the identifier of the access point to the security gateway to enable the access terminal to remotely access the local network via the access point.
25 . The non-transitory computer-readable medium of claim 24 , wherein the authentication information is received as a result of a search by the access terminal to locate a security gateway that has established a first protocol tunnel between the security gateway and the access point.
26 . The non-transitory computer-readable medium of claim 25 , wherein the identifier of the access point is provided by the security gateway to the access terminal based on a determination that the security gateway has established the first protocol tunnel between the security gateway and the access point.
27 . The non-transitory computer-readable medium of claim 26 , wherein the security gateway and the access terminal each perform corresponding operations to establish a second protocol tunnel between the security gateway and the access terminal based on the determination that the security gateway has established the first protocol tunnel and the determination that the authentication information associated with the access terminal corresponds to the subscription information maintained for the subscriber.
28 . The non-transitory computer-readable medium of claim 27 , wherein the corresponding operations to establish the second protocol tunnel include exchanging messages between the security gateway and the access terminal to allocate cryptographic keys for encrypting and decrypting information transmitted over the second protocol tunnel.
29 . The non-transitory computer-readable medium of claim 24 , wherein the subscription information includes a plurality of identifiers each of which corresponds to one of a plurality of access points.
30 . The non-transitory computer-readable medium of claim 29 , further comprising code for providing only identifiers of the plurality of identifiers that correspond to access points of the plurality of access points with which the security gateway has established a protocol tunnel.Join the waitlist — get patent alerts
Track US2015033021A1 — get alerts on status changes and closely related new filings.
We store only your email — no account needed. See our privacy policy.