Multiplex communications – Communication over free space – Having a plurality of contiguous regions served by...
Reexamination Certificate
2000-08-31
2004-12-28
Kizou, Hassan (Department: 2662)
Multiplex communications
Communication over free space
Having a plurality of contiguous regions served by...
C370S401000, C370S466000, C709S230000
Reexamination Certificate
active
06836474
ABSTRACT:
This application makes use of the following acronyms generally known to those skilled in the art:
HyperText Transfer Protocol (HTTP)
Internet Engineering Task Force (IETF)
Point-to-Point Protocol (PPP)
Public Land Mobile Network (PLMN)
Secure Sockets Layer (SSL)
Transmission Control Protocol/Internet Protocol (TCP/IP)
Transport Layer Security (TLS)
WAP Datagram Protocol (WDP)
Wireless Application Protocol (WAP)
Wireless Application Environment (WAE)
Wireless Markup Language (WML)
Wireless Session Protocol (WSP)
Wireless Transaction Protocol (WTP)
Wireless Transport Layer Security (VTLS)
World Wide Web Consortium W3C
BACKGROUND OF THE INVENTION
1. Technical Field of the Invention
The present invention relates to WAP sessions between a mobile terminal and a WAP gateway, and more particularly, to the organization of protocol layers in a WAP gateway.
2. Description of Related Art
When building a virtual private network for corporate users that is accessible by mobile terminals, such as laptop computers, mobile telephones and the like, there exists no standardized manner for building a so-called “demilitarized zone” that enables for the authentication of users of mobile terminals accessing the network via a wireless application protocol (WAP) prior to actually giving a user access to the corporate network. On the internet, a request/response or challenge mechanism may be used where typically the point-to-point protocol (PPP) or remote access server queries an accessing user for his user name, prompts the user for a challenge, and reads any password provided by the user in response to the challenge. This occurs prior to actually providing access to the user. Existing mechanisms for authorizing access of a WAP terminal to a network are inconvenient and have a number of security concerns.
Authentication can be done using a mechanism known as HTTP Basic Authentication, where the originating server (e.g., an internet server) first must receive a request from the terminal device in order to respond with an authentication request to the terminal. This, of course, requires the terminal to already be connected to the network, and even the private network. Authentication can also be done in the gateway, e.g., by allowing users of mobile terminal devices to configure a gateway password and user ID. Alternatively, this is done in the access server. These methods are very inflexible, and if a more secure method, such as using one-time passwords, secure cards, etc, is used for entering the corporate network, an excessive amount of work for the user is required. Current terminals do not allow users to get a “terminal window” similar to the one available in, for example, Windows 98, where dynamic passwords can be entered. Thus, some manner for providing an unproved authorization process for mobile terminals accessing virtual private networks is desired.
SUMMARY OF THE INVENTION
The present invention overcomes the foregoing and other problems with a WAP gateway interconnecting a PLMN network and a second private data network. The WAP gateway includes a first stage proxy and a second stage proxy. The first stage proxy is located on a first side of a firewall of the second network and includes the WDP layer of the WAP protocol stack. The remaining layers of the WAP protocol stack are located within a second stage proxy located on the other side of the firewall of the second network. Responsive to requests provided from a mobile terminal, the WDP layer of the first stage proxy may communicate with protocol layers within the second stage proxy using SSL/TLS tunneling. As a result, authentication is needed only once, at the first request to access the private data network, and all subsequent requests within the session are tunneled directly through the firewall.
REFERENCES:
patent: 6061346 (2000-05-01), Nordman
patent: 6463475 (2002-10-01), Calhoun
patent: 6480717 (2002-11-01), Ramaswamy
patent: 6523068 (2003-02-01), Beser et al.
patent: 6636502 (2003-10-01), Lager et al.
patent: 105645 (2001-05-01), None
“Wireless Application Protocol: White Paper,” WAP Forum, Wireless Internet Today, Jun. 2000.*
W. Schulte, “Das Internet Für Unterwegs”Elektronik, Franzis Verlag GMBH, Munchen, De, vol. 47, No. 23, Nov. 10, 1998, pp. 106, 108, 110-113, XP000875170.
I. James, “Wise™ Connects GSM to the Internet and Intranets”Ericsson Review, SE, Ericsson, Stockholm, No. Spec. Int. Iss., 1998, pp. 42-47, XP000751714.
Wireless Application Forum: “Wireless Application Protocol Wireless Datagram Protocol Specification”, Wireless Application Protocol, Wireless Datagram Protocol Specification, Apr. 30, 1998, page Complete, XP002109607.
Larsson Pär
Nilsson Mikael
Kizou Hassan
Lee Timothy
Telefonaktiebolaget LM Ericsson (publ)
LandOfFree
WAP session tunneling does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with WAP session tunneling, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and WAP session tunneling will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3318003