The present invention relates to the field of virtual private networks. More particularly, the present invention relates to always-on virtual private network access.
Mobile devices, such as cellular phones and personal digital assistants (PDAs) have been growing in popularity for many years. As they have grown in complexity, the number of functions they are capable of running has also increased. Now email access is a standard feature on many wireless devices. However, a problem arises in accessing unexpected email in a timely fashion.
The current standard practice is to send a short message service (SMS) page to the device to wake it up. The email is normally compressed and stored within the SMS page. However, SMS messages are short, so it is difficult to encapsulate an entire email in one message. SMS also does not support standard security protocols such as SSL or IPSec. Additionally, SMS is very expensive compared with high-bandwidth protocols. Lastly, this technique does not generalize to 802.11b, Bluetooth, or other non-cellular protocols.
Alternatively, the cellular device may poll for email. In a first case, devices may wake up periodically, dial into a network, establish a virtual private network (VPN) connection and poll for email. This, however, requires an authentication for connection. In the case of cellular data, this can be expensive as almost all the transferred data is for authentication, and not user data. In a second case, the device may simply be left on and connected to the VPN connection at all times, periodically polling for email, much like a wired device such as a computer device does with, for example, a digital subscriber line (DSL) connection. This, however, is not practical in a wireless device as it uses up the power in the battery too quickly.
What is needed is a solution wherein a wireless device may access unanticipated email in a timely fashion without the drawbacks of the prior art solutions.
An application processor is electrically and logically decoupled from a wireless data network module so that it may go to sleep independently. A security association may be established between the wireless data network module and a wireless data network. Then the application processor may be placed in a suspend state while maintaining the security association between the wireless data network module and the wireless data network. This allows email polling, for example, to occur without having to re-establish the security association by logging in again.
The accompanying drawings, which are incorporated into and constitute a part of this specification, illustrate one or more embodiments of the present invention and, together with the detailed description, serve to explain the principles and implementations of the invention.
In the drawings:
Embodiments of the present invention are described herein in the context of a system of computers, servers, and software. Those of ordinary skill in the art will realize that the following detailed description of the present invention is illustrative only and is not intended to be in any way limiting. Other embodiments of the present invention will readily suggest themselves to such skilled persons having the benefit of this disclosure. Reference will now be made in detail to implementations of the present invention as illustrated in the accompanying drawings. The same reference indicators will be used throughout the drawings and the following detailed description to refer to the same or like parts.
In the interest of clarity, not all of the routine features of the implementations described herein are shown and described. It will, of course, be appreciated that in the development of any such actual implementation, numerous implementation-specific decisions must be made in order to achieve the developer's specific goals, such as compliance with application- and business-related constraints, and that these specific goals will vary from one implementation to another and from one developer to another. Moreover, it will be appreciated that such a development effort might be complex and time-consuming, but would nevertheless be a routine undertaking of engineering for those of ordinary skill in the art having the benefit of this disclosure.
In accordance with the present invention, the components, process steps, and/or data structures may be implemented using various types of operating systems, computing platforms, computer programs, and/or general purpose machines. In addition, those of ordinary skill in the art will recognize that devices of a less general purpose nature, such as hardwired devices, field programmable gate arrays (FPGAs), application specific integrated circuits (ASICs), or the like, may also be used without departing from the scope and spirit of the inventive concepts disclosed herein.
In the present invention, the application processor 100 is electrically and logically decoupled from the WWAN module so that it may go to sleep independently. That is, it may send the WWAN module an indication that it is about to power down. This indication may be sent through an electrical signal, or it may be sent as an out-of-band application protocol data unit from a power management subsystem, to signal the wireless modem that it is about to power down. One of ordinary skill in the art will recognize that there may be other ways to send the WWAN module an indication that it is about to power down than just the specific examples described above.
In a specific embodiment of the present invention, the WWAN module 102 waits for its queues to drain and then acknowledges the request to suspend. The acknowledgement may also be an electrical signal or APDU [APPLICATION DATA UNIT?]. It is also possible for the WWAN module to acknowledge before it has drained its queue, or not to acknowledge at all.
Having received an acknowledgement, the application processor 100 may then enter into a deep suspend state without terminating any sessions. Of particular note, it has not terminated the secure association with the VPN server, nor the login with the email server.
Subsequent to suspension, a network event may occur such as receipt of an IP packet (such as a keep-alive), connection clear (out of range), or an incoming email notification. In this case, the WWAN module may receive the signal from a VPN server 104 and wake up the Internet appliance by using a RING signal or equivalent. When the device has acknowledged that it is awake, using, for example, an electrical signal or application protocol data unit, the WWAN module may either signal the Internet appliance of the network event, or wait for the Internet appliance to poll the wireless modem for that event. A predefined polling period may also be utilized to periodically wake the application processor to check for email from an email gateway 106.
By using this new capability, a wireless Internet appliance may associate with a network once in the beginning of the day, and quickly poll for new messages on a periodic basis.
After a predefined polling period, the application processor may wake up at 212. It may send a wakeup request to the WWAN module at 214. The WWAN module may acknowledge the wakeup request at 216. The application processor may then poll for email at 218. Once that is done, the application processor may wish to enter a sleep mode again to conserve power. It may therefore send a suspend request to the WWAN module 220. The WWAN module may acknowledge the suspend request at 222, and the application processor may go to sleep at 224.
A network exception event, such as a connection cleared (out of range) may occur at 226. This may cause the WWAN to need to re-establish the security association in order to stay connected to the VPN. Thus, the WWAN may then issue a wakeup request to the application processor at 228, causing the application processor to wake at 230 and acknowledge the wakeup request at 232. It then may re-establish its session with the WWAN module at 234 and re-establish the security association with the WWAN at 236.
This may also be helpful if an important email is received during the polling period. For example an “emergency” signal could be generated to the WWAN module from the VPN when an email message marked as “urgent” is received.
At 306, the application processor may be woken up from the suspend state. This may occur at the end of the polling period and may be accomplished by using a RING signal. At 308, the wireless data network may be polled for email. This may comprise polling an email server. At 310, the application processor may then again be placed in the suspend state. At 312, the security association may be re-established if the connection between the wireless Internet appliance and the wireless data network is lost. At 314, if a network event occurs during the polling period, such as the receipt of an IP packet, a connection clear alert, or an incoming email notification, the application processor may be awoken. Once again, this may be accomplished by using a RING signal. The application processor may then handle the network event, which may include re-establishing the security association if it has been lost.
An application processor waker 406 may wake up the application processor from the suspend state. This may occur at the end of the polling period and may be accomplished by using a RING signal. A wireless data network email poller 408 coupled to the application processor waker 406 and to the wireless data network security association establisher 402 may poll the wireless data network for email. This may comprise polling an email server using a wireless data network email poller 410.
While embodiments and applications of this invention have been shown and described, it would be apparent to those skilled in the art having the benefit of this disclosure that many more modifications than mentioned above are possible without departing from the inventive concepts herein. The invention, therefore, is not to be restricted except in the spirit of the appended claims.
Number | Name | Date | Kind |
---|---|---|---|
4381552 | Nocilini et al. | Apr 1983 | A |
4907150 | Arroyo et al. | Mar 1990 | A |
5083266 | Watanabe | Jan 1992 | A |
5095308 | Hewitt | Mar 1992 | A |
5175845 | Little | Dec 1992 | A |
5224152 | Harte | Jun 1993 | A |
5265270 | Stengel et al. | Nov 1993 | A |
5367697 | Barlow et al. | Nov 1994 | A |
5446904 | Belt et al. | Aug 1995 | A |
5566366 | Russo et al. | Oct 1996 | A |
5689715 | Crump et al. | Nov 1997 | A |
5790946 | Rotzoll | Aug 1998 | A |
5987338 | Gibbons et al. | Nov 1999 | A |
6018232 | Nelson et al. | Jan 2000 | A |
6072468 | Hocker et al. | Jun 2000 | A |
6085114 | Gibbons et al. | Jul 2000 | A |
6236674 | Morelli et al. | May 2001 | B1 |
6236850 | Desai | May 2001 | B1 |
6546425 | Hanson et al. | Apr 2003 | B1 |
6571091 | Janssen et al. | May 2003 | B1 |
6631469 | Silvester | Oct 2003 | B1 |
6766168 | Lim | Jul 2004 | B1 |
6870824 | Kim et al. | Mar 2005 | B1 |
6901429 | Dowling | May 2005 | B2 |
6915345 | Tummala et al. | Jul 2005 | B1 |
6930598 | Weiss | Aug 2005 | B2 |
6954790 | Forslow | Oct 2005 | B2 |
6976177 | Ahonen | Dec 2005 | B2 |
7376769 | Tubbs et al. | May 2008 | B1 |
7474650 | O'Neill | Jan 2009 | B2 |
20010004594 | Kuroiwa | Jun 2001 | A1 |
20010009025 | Ahonen | Jul 2001 | A1 |
20020006788 | Knutsson et al. | Jan 2002 | A1 |
20020068618 | Shoobridge | Jun 2002 | A1 |
20020099854 | Jorgensen | Jul 2002 | A1 |
20020112076 | Rueda et al. | Aug 2002 | A1 |
20020124090 | Poier et al. | Sep 2002 | A1 |
20020184438 | Usui | Dec 2002 | A1 |
20030009540 | Benfield et al. | Jan 2003 | A1 |
20030041125 | Salomon | Feb 2003 | A1 |
20030041136 | Cheline et al. | Feb 2003 | A1 |
20030041167 | French et al. | Feb 2003 | A1 |
20030081579 | Tosey et al. | May 2003 | A1 |
20030084342 | Girard | May 2003 | A1 |
20030182431 | Sturniolo et al. | Sep 2003 | A1 |
20030191937 | Balissat et al. | Oct 2003 | A1 |
20040203942 | Dehlin | Oct 2004 | A1 |
20050091338 | de la Huerga | Apr 2005 | A1 |
20050273603 | Girard | Dec 2005 | A1 |
20060153085 | Willins et al. | Jul 2006 | A1 |
Number | Date | Country |
---|---|---|
WO 9935557 | Jul 1999 | WO |
Entry |
---|
Wireless Lan Security—802.11b and Corporate Networks. ISS Technical Whitepaper. 2001. http://documents.iss.net/whitepapers/wireless—LAN—security.pdf. |
A Comprehensive Review of 802.11 Wireless LAN Security and the Cisco Wireless Security Suite. Cisco Aironet 1200 Series Wireless LAN Security White Paper. 2002. http://www.cisco.com/en/US/products/hw/wireless/ps430/products—white—paper09186a00800b469f.shtml. |
International Search Report, PCT/CA03/01119, dated Dec. 23, 2003. |
Number | Date | Country | |
---|---|---|---|
20040068666 A1 | Apr 2004 | US |