Communication networks might either be private or public. In a private network, communications between multiple computers occur in a secure environment that prevents access from outside the network without appropriate authentication. These networks are considered as “trusted” networks because the communication signals securely travel from one computer to another within the private network without being exposed to the external environment.
Public networks such as the Internet, on the other hand, are not secure because the communication over these networks is not private and is susceptible to interception by other computers. In addition, the public networks cannot guarantee the delivery of the data packets being sent. They allow packets to be injected into, or ejected out of, the networks indiscriminately, and analyzed while in transit. To keep data sent over a public network private, a Virtual Private Network (VPN) is commonly established on top of a public network when two computers use the public network to communicate with each other. In a Virtual Private Network, data sent from one computer to another is encrypted by a security gateway and transmitted in encrypted form over the public network to a second security gateway connected to the receiving computer. The second gateway decrypts the data before forwarding it to the receiving computer. Such a private channel established on top of another network is referred to as a network tunnel.
In order to set up a Virtual Private Network, a user first establishes a path to a VPN server and goes through an AAA process (Authentication, Authorization and Accounting) for identification and authorization to create a secure tunnel with the server. Once the user is authorized, a secure network tunnel is established between the user and the VPN server over the public network, using a VPN protocol such as IPsec. This process requires a VPN client on the user's side, a VPN server and other VPN hardware on the other side of the tunnel, as well as appropriate user configurations.
Today's private networks often include wireless networks such as WiMAX to accommodate mobile access. In addition, to provide mobility access in a large geographic area, a private enterprise often relies on third-party wireless infrastructures besides its own wireless network. In this case, a user's device would need to be authenticated by both a third-party gateway and an enterprise authentication server before it could access the enterprise network. User credentials are typically requested by and securely returned to the third-party gateway. Once the user is authenticated and authorized, the user may communicate with the third-party wireless gateway.
The user, however, still needs a secure connection between the user's device and an enterprise VPN server in order to access the enterprise's private network when going through a public network. As a result, in an environment that includes a third-party wireless carrier network, the user must be authenticated and authorized by both the public gateway and the enterprise's authentication server in order to access a private enterprise network.
Therefore, there is still a need for an improved system and method for securely communicating with a private network through a public or third-party wireless network without the aforementioned drawbacks.