US2015033021A1PendingUtilityA1

Remote access to local network via security gateway

Assignee: QUALCOMM INCPriority: Nov 17, 2008Filed: Oct 15, 2014Published: Jan 29, 2015
Est. expiryNov 17, 2028(~2.3 yrs left)· nominal 20-yr term from priority
H04W 92/02H04W 84/105H04L 63/101H04W 84/045H04L 63/10H04L 63/0281H04L 63/061H04L 63/164H04W 12/06H04W 88/16H04L 63/0884H04L 63/0272H04W 76/12H04W 12/08H04L 63/029H04L 63/0485
56
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

Multiple protocol tunnels (e.g., IPsec tunnels) are deployed to enable an access terminal that is connected to a network to access a local network associated with a femto access point. A first protocol tunnel is established between a security gateway and the femto access point. A second protocol tunnel is then established in either of two ways. In some implementations the second protocol tunnel is established between the access terminal and the security gateway. In other implementations the second protocol tunnel is established between the access terminal and the femto access point, whereby a portion of the tunnel is routed through the first tunnel.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
         1 . A method of communication, comprising:
 obtaining an identifier of an access point on a local network, wherein the access point is associated with a subscriber;   storing the identifier in subscription information maintained for the subscriber at an authentication server coupled to a security gateway;   receiving authentication information associated with an access terminal;   authenticating the access terminal based on a determination that the authentication information corresponds to the subscription information; and   providing the identifier of the access point to the security gateway to enable the access terminal to remotely access the local network via the access point.   
     
     
         2 . The method of  claim 1 , wherein the authentication information is received as a result of a search by the access terminal to locate a security gateway that has established a first protocol tunnel between the security gateway and the access point. 
     
     
         3 . The method of  claim 2 , wherein the identifier of the access point is provided by the security gateway to the access terminal based on a determination that the security gateway has established the first protocol tunnel between the security gateway and the access point. 
     
     
         4 . The method of  claim 3 , wherein the security gateway and the access terminal each perform corresponding operations to establish a second protocol tunnel between the security gateway and the access terminal based on the determination that the security gateway has established the first protocol tunnel and the determination that the authentication information associated with the access terminal corresponds to the subscription information maintained for the subscriber. 
     
     
         5 . The method of  claim 4 , wherein the corresponding operations to establish the second protocol tunnel include exchanging messages between the security gateway and the access terminal to allocate cryptographic keys for encrypting and decrypting information transmitted over the second protocol tunnel. 
     
     
         6 . The method of  claim 1 , wherein the subscription information includes a plurality of identifiers each of which corresponds to one of a plurality of access points. 
     
     
         7 . The method of  claim 6 , further comprising providing only identifiers of the plurality of identifiers that correspond to access points of the plurality of access points with which the security gateway has established a protocol tunnel. 
     
     
         8 . The method of  claim 1 , wherein the access point is a small-coverage access point. 
     
     
         9 . An apparatus for communication, comprising:
 a communication controller configured to obtain an identifier of an access point on a local network, wherein the access point is associated with a subscriber; and   a database configured to store the identifier in subscription information maintained for the subscriber at an authentication server coupled to a security gateway;   wherein the communication controller is further configured to:
 receive authentication information associated with an access terminal; 
 authenticate the access terminal based on a determination that the authentication information corresponds to the subscription information; and 
 provide the identifier of the access point to the security gateway to enable the access terminal to remotely access the local network via the access point. 
   
     
     
         10 . The apparatus of  claim 9 , wherein the authentication information is received as a result of a search by the access terminal to locate a security gateway that has established a first protocol tunnel between the security gateway and the access point. 
     
     
         11 . The apparatus of  claim 10 , wherein the identifier of the access point is provided by the security gateway to the access terminal based on a determination that the security gateway has established the first protocol tunnel between the security gateway and the access point. 
     
     
         12 . The apparatus of  claim 11 , wherein the security gateway and the access terminal each perform corresponding operations to establish a second protocol tunnel between the security gateway and the access terminal based on the determination that the security gateway has established the first protocol tunnel and the determination that the authentication information associated with the access terminal corresponds to the subscription information maintained for the subscriber. 
     
     
         13 . The apparatus of  claim 12 , wherein the corresponding operations to establish the second protocol tunnel include exchanging messages between the security gateway and the access terminal to allocate cryptographic keys for encrypting and decrypting information transmitted over the second protocol tunnel. 
     
     
         14 . The apparatus of  claim 9 , wherein the subscription information includes a plurality of identifiers each of which corresponds to one of a plurality of access points. 
     
     
         15 . The apparatus of  claim 14 , wherein the communication controller is further configured to provide only identifiers of the plurality of identifiers that correspond to access points of the plurality of access points with which the security gateway has established a protocol tunnel. 
     
     
         16 . The apparatus of  claim 9 , wherein the access point is a small-coverage access point. 
     
     
         17 . An apparatus for communication, comprising:
 means for obtaining an identifier of an access point on a local network, wherein the access point is associated with a subscriber;   means for storing the identifier in subscription information maintained for the subscriber at an authentication server coupled to a security gateway;   means for receiving authentication information associated with an access terminal;   means for authenticating the access terminal based on a determination that the authentication information corresponds to the subscription information; and   means for providing the identifier of the access point to the security gateway to enable the access terminal to remotely access the local network via the access point.   
     
     
         18 . The apparatus of  claim 17 , wherein the authentication information is received as a result of a search by the access terminal to locate a security gateway that has established a first protocol tunnel between the security gateway and the access point. 
     
     
         19 . The apparatus of  claim 18 , wherein the identifier of the access point is provided by the security gateway to the access terminal based on a determination that the security gateway has established the first protocol tunnel between the security gateway and the access point. 
     
     
         20 . The apparatus of  claim 19 , wherein the security gateway and the access terminal each perform corresponding operations to establish a second protocol tunnel between the security gateway and the access terminal based on the determination that the security gateway has established the first protocol tunnel and the determination that the authentication information associated with the access terminal corresponds to the subscription information maintained for the subscriber. 
     
     
         21 . The apparatus of  claim 20 , wherein the corresponding operations to establish the second protocol tunnel include exchanging messages between the security gateway and the access terminal to allocate cryptographic keys for encrypting and decrypting information transmitted over the second protocol tunnel. 
     
     
         22 . The apparatus of  claim 17 , wherein the subscription information includes a plurality of identifiers each of which corresponds to one of a plurality of access points. 
     
     
         23 . The apparatus of  claim 22 , further comprising means for providing only identifiers of the plurality of identifiers that correspond to access points of the plurality of access points with which the security gateway has established a protocol tunnel. 
     
     
         24 . A non-transitory computer-readable medium storing computer executable code comprising:
 code for obtaining an identifier of an access point on a local network, wherein the access point is associated with a subscriber;   code for storing the identifier in subscription information maintained for the subscriber at an authentication server coupled to a security gateway;   code for receiving authentication information associated with an access terminal;   code for authenticating the access terminal based on a determination that the authentication information corresponds to the subscription information; and   code for providing the identifier of the access point to the security gateway to enable the access terminal to remotely access the local network via the access point.   
     
     
         25 . The non-transitory computer-readable medium of  claim 24 , wherein the authentication information is received as a result of a search by the access terminal to locate a security gateway that has established a first protocol tunnel between the security gateway and the access point. 
     
     
         26 . The non-transitory computer-readable medium of  claim 25 , wherein the identifier of the access point is provided by the security gateway to the access terminal based on a determination that the security gateway has established the first protocol tunnel between the security gateway and the access point. 
     
     
         27 . The non-transitory computer-readable medium of  claim 26 , wherein the security gateway and the access terminal each perform corresponding operations to establish a second protocol tunnel between the security gateway and the access terminal based on the determination that the security gateway has established the first protocol tunnel and the determination that the authentication information associated with the access terminal corresponds to the subscription information maintained for the subscriber. 
     
     
         28 . The non-transitory computer-readable medium of  claim 27 , wherein the corresponding operations to establish the second protocol tunnel include exchanging messages between the security gateway and the access terminal to allocate cryptographic keys for encrypting and decrypting information transmitted over the second protocol tunnel. 
     
     
         29 . The non-transitory computer-readable medium of  claim 24 , wherein the subscription information includes a plurality of identifiers each of which corresponds to one of a plurality of access points. 
     
     
         30 . The non-transitory computer-readable medium of  claim 29 , further comprising code for providing only identifiers of the plurality of identifiers that correspond to access points of the plurality of access points with which the security gateway has established a protocol tunnel.

Join the waitlist — get patent alerts

Track US2015033021A1 — get alerts on status changes and closely related new filings.

We store only your email — no account needed. See our privacy policy.