Claims
- 1. A method for establishing a secure communications tunnel between a first node and a second node in a communication system including a plurality of networks each having a respective tunnel control entity for controlling establishment of secure communications tunnels in a respective network, the first node operating in a first network and the second node operating in a second network; the method comprising:
determining a route for the communications tunnel from the first network to the second network by way of one or more other networks; forming a request message digitally signed by the first node and including identities of the tunnel control entity of the first network and tunnel control entities of said other networks; and transmitting the request message from the first node to the tunnel control entity of the second network; and in response to the request message, establishing the secure communications tunnel between the first node and the second node by way of the tunnel control entities identified in that message.
- 2. A method as claimed in claim 1, wherein the tunnel control entity of the second network stores for a duration of the tunnel the identities of the tunnel control entities identified in the request message.
- 3. A method as claimed in claim 1, wherein the communication system includes a key server that stores a secure communication key for each of the tunnel control entities, wherefrom the tunnel control entity of the second network may retrieve a secure communication key for any of the tunnel control entities identified in the message, and thereby establish a secure communications tunnel to that entity.
- 4. A method as claimed in claim 1, wherein the step of determining a route comprises repeatedly:
forming and digitally signing at the first node the request message requesting establishment of a secure communications tunnel from the first node to the second node and including an identity of each tunnel control entity that has transmitted its identity to the first node in a previous iteration of these steps; transmitting the request message from the first node to one of the tunnel control entities identified in the message; determining at said one of the tunnel control entities another of the networks that is on a communication path from the network that has said one of the tunnel control entities to the second network; transmitting from said one of the tunnel control entities to the tunnel control entity of the other of the networks a message indicating the request for establishment of a secure communications tunnel from the first node to the second node; and transmitting from the tunnel control entity of the other of the networks to the first node the identity of that tunnel control entity.
- 5. A method as claimed in claim 1, comprising:
detecting that the first node has been or is to be handed over from the first network to a third network; informing the tunnel control entity of the third network of the communications tunnel from the first node to the second node; and determining a route for the communications tunnel from the third network to the second network by way of one or more of the other networks.
- 6. A method as claimed in claim 1, wherein the first network comprises a local area network.
- 7. A method as claimed in claim 6, wherein the first network comprises a wireless local area network.
- 8. A method as claimed in claim 1, wherein at least one of the networks on the route from the first network to the second network comprises a UMTS/3G network.
- 9. A method as claimed in claim 1, wherein the request message comprises a message having route alert set.
- 10. A method as claimed in claim 1, wherein the first node comprises a wireless communication terminal.
- 11. A method as claimed in claim 1, wherein the tunnel comprises a virtual private network tunnel.
- 12. A method as claimed in claim 1, wherein the tunnel is secured using an IPsec protocol.
- 13. A communication system including a plurality of networks each having a respective tunnel control entity for controlling establishment of secure communications tunnels in respective networks, a first node operating in a first network and a second node operating in a second network; the communication system being capable of supporting a secure communications tunnel between the first node and the second node, the system comprising:
determining means for determining a route for the communications tunnel from the first network to the second network by way of one or more other networks; forming means for forming a request message digitally signed by the first node and including identities of the tunnel control entity of the first network and tunnel control entities of said other networks; and transmitting means for transmitting the request message from the first node to the tunnel control entity of the second network; and establishing means for, in response to the request message establishing the secure communications tunnel between the first node and the second node by way of the tunnel control entities identified in the request message.
- 14. A tunnel control entity for controlling establishment of secure communications tunnels in a network comprised in a communication system, the tunnel control entity being arranged to:
in response to receiving from a requesting entity a request for establishment of a communications tunnel by way of said network, transmit to the requesting entity an identity of the tunnel control entity; and in response to receiving a request for establishment of a communications tunnel from said network to another network of the communication system, determine a route for the communications tunnel from said network to said another network by way of one or more other networks.
REFERENCE TO RELATED APPLICATIONS
[0001] This application claims priority of U.S. Provisional Patent Application Serial No. 60/442,062, entitled “Establishing Communication Tunnels,” filed on Jan. 24, 2003, the contents of which are hereby incorporated by reference.
Provisional Applications (1)
|
Number |
Date |
Country |
|
60442062 |
Jan 2003 |
US |