SECURE NETWORK TUNNEL BETWEEN A COMPUTING DEVICE AND AN ENDPOINT

摘要

The present disclosure presents a system, method and apparatus herein enabling secure coupling of a computing device, such as a mobile device with an endpoint, such as an application server. The computing device can include any electronic device such as a computer, a server, an application server, a mobile device or tablet. The endpoint can be any electronic device as well that is located within an enterprise network. In at least one embodiment, the secure coupling of the mobile device with a computing device can include a security gateway server. In one example, the security gateway server can be a tunnel service server. In another embodiment, an application server can include a tunnel service module to provide the secure coupling with the mobile device.

主权项

1. A method for establishing a secure internet protocol (IP) tunnel over a telecommunications network between a mobile device and a tunnel service server behind a firewall in an enterprise network, wherein application data sent over the secure IP tunnel is encrypted from the mobile device to the tunnel service server, the method comprising:
transmitting, from the mobile device, a signaling request to a signaling service device in the enterprise network, the signaling service device being behind an enterprise firewall; receiving, at the mobile device, from the signaling service device a response, containing a set of offered addresses associated with the tunnel service server; determining, at the tunnel service server, an optimal bearer path based at least upon the offered addresses from the mobile device and the set of offered addresses on the service server; transmitting a connection request to the tunnel service server, which contains a set of offered addresses from the mobile device, to establish a connection to the tunnel service server; receiving, at the tunnel service server, the connection request; establishing a secure tunnel over the optimal bearer path between the mobile device and the tunnel service server; transmitting encrypted application data from the tunnel service server to the mobile device through the secure tunnel, such that the encrypted application data remains encrypted from the tunnel service server to the mobile device, wherein the encrypted application data is packaged in one or more first data packets.