System and method for enabling VPN-less session setup for connecting mobile data devices to an enterprise data network

Abstract

A mobile application gateway configured to interconnect mobile communication devices on a cellular network with an enterprise network is provided. The mobile application gateway includes a voice and data signaling gateway configured to provide routing functionalities, service functionalities and admission control. A gateway GPRS support node (GGSN) is configured to establish a secure data session between one or more of the mobile communication devices and the enterprise network by establishing a GPRS tunneling protocol (GTP) tunnel between a carrier-hosted serving GPRS support node (SGSN) and the GGSN.

Description

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a block diagram of an independently managed and controlled wireless carrier network, and an independently managed corporate enterprise network;

FIG. 2 is a diagram of a conventional enterprise network gateway server connected to a wireless carrier network;

FIG. 3 is a diagram of a gateway server system accordingly to one preferred embodiment of the present invention;

FIG. 4A is a diagram of an enterprise data and voice network operably connected using the gateway server system using pure enterprise call control according to one preferred embodiment;

FIG. 4B is a diagram of an enterprise data and voice network operably connected using the gateway server system using split call control according to one preferred embodiment;

FIG. 5 depicts a network architecture according to another preferred embodiment using VoIP systems;

FIG. 6 is a call flow diagram for call origination according to one embodiment of the present invention;

FIG. 7 is a call flow diagram for effecting call delivery using VoIP system according to another preferred embodiment of the present invention;

FIG. 8 is a call flow diagram for effecting mobile termination using VoIP according to another preferred embodiment of the present invention;

FIG. 9 is a diagram of a network architecture for a Legacy (TDM) network according to another preferred embodiment of the present invention;

FIG. 10 is a diagram of a next generation IMS architecture that is backwards compatible with legacy cellular networks based on existing cellular protocols;

FIG. 11 is a diagram of a conventional legacy network architecture that does not support IM;

FIG. 12 depicts a Packet Engine according to another preferred embodiment of the present invention allowing a call server to detect DTMF digit events on the call path;

FIG. 13 depicts one embodiment of the Packet Engine consisting of a user space;

FIG. 14 depicts a Linux kernel module of the Packet Engine;

FIG. 15 depicts the current IMS standard definition;

FIG. 16 depicts one exemplary embodiment of the invention for IMS service;

FIG. 17 and FIG. 18 depict a gateway server carrier (GS-C) configured as an IMS standard-compliant SIP, and associated algorithm;

FIG. 19 depicts an algorithm for receiving incoming calls on various lines that are to be directed to a subscribers mobile phone;

FIG. 20 is a flow diagram of a method for speeding call originations and terminations to a variety of devices using intelligent predictive techniques for call routing in accordance with an exemplary embodiment of the present invention;

FIG. 21 is a flow diagram of a method for enabling secure VPN-less data sessions for connecting mobile data devices with an enterprise data network in accordance with an exemplary embodiment of the present invention; and

FIG. 22 is a flow diagram of a system and method for enabling call originations using a mobile data connection and hotline capabilities in accordance with an exemplary embodiment of the present invention.

Claims

1. A mobile application gateway configured to interconnect mobile communication devices on a cellular network with an enterprise network, comprising: a voice and data signaling gateway configured to provide routing functionalities, service functionalities and admission control; anda gateway GPRS support node (GGSN) configured to establish a secure data session between one or more of the mobile communication devices and the enterprise network by establishing a GPRS tunneling protocol (GTP) tunnel between a carrier-hosted serving GPRS support node (SGSN) and the GGSN.

2. The gateway of claim 1 further comprising a gateway server of the cellular network (GS-C) located in the cellular network that interfaces with an enterprise network gateway server (GS-E) in the enterprise network.

3. The gateway of claim 2 wherein the GS-E in the enterprise network interfaces with a plurality GS-Cs in various carrier networks.

4. The gateway of claim 2 wherein the mobile application gateway is configured to add selectable security and encryption between the cellular network and the enterprise network.

5. The gateway of claim 4 wherein the selectable security and encryption is setup automatically when the secure data session is established between the mobile communications device and the enterprise network.

6. The gateway of claim 4 wherein the selectable security and encryption is specific to the cellular network.

7. The gateway of claim 5 in which the mobile communications device is configured to require routing of the secure data session in accordance with the selectable security and encryption.

8. The gateway of claim 2 wherein the GS-E is configured to provide the GTP tunnel and a secure encrypted data session.

9. The gateway of claim 1 wherein a secure firewall of the enterprise network is configured to support the secure data session.

10. The gateway of claim 2 further comprising charging records generated from the GS-C supporting billing within the cellular network.

11. The gateway of claim 10 wherein the charging records can be generated from the GS-E.

12. A mobile application gateway configured to interconnect mobile communication devices on a cellular network with an enterprise network, comprising: a voice and data signaling gateway configured to provide routing functionalities, service functionalities and admission control; anda home agent (HA) configured to establish a secure data session between one or more of the mobile communication devices and the enterprise network by establishing a secure tunneling protocol between a carrier-hosted serving foreign agent (FA) and the HA.

13. The gateway of claim 12 further comprising a gateway server of the cellular network (GS-C) located in the cellular network that interfaces with an enterprise network gateway server (GS-E) in the enterprise network.

14. The gateway of claim 13 wherein the GS-E in the enterprise network interfaces with a plurality GS-Cs in various carrier networks.

15. The gateway of claim 13 wherein the mobile application gateway is configured to add selectable security and encryption between the cellular network and the enterprise network.

16. The gateway of claim 15 wherein the selectable security and encryption is setup automatically when the secure data session is initiated between the mobile device and the enterprise network.

17. The gateway of claim 15 wherein the selectable security and encryption is specific to the cellular network.

18. The gateway of claim 16 in which the mobile communications device is configured to require routing of the data session in accordance with the selectable security and encryption.

19. The gateway of claim 13 wherein the GS-E is configured to provide the GTP tunnel and a secure encrypted data session.

20. The gateway of claim 12 wherein a secure firewall of the enterprise network is configured to support the secure data session.

21. The gateway of claim 13 further comprising charging records generated from the GS-C supporting billing within the cellular network.

22. The gateway of claim 21 wherein the charging records can be generated from the GS-E.