公开(公告)号：US20150350256A1

公开(公告)日：2015-12-03

申请号：US14289308

申请日：2014-05-28

Applicant: APPLE INC.

Inventor： Thomas F. PAULY

IPC: H04L29/06 ,  H04L29/12

CPC classification number: H04L65/1069 ,  H04L61/1511 ,  H04L61/2514 ,  H04L63/0272 ,  H04L63/168 ,  H04L67/02 ,  H04L69/16

Abstract: A method, client device and non-transitory computer readable storage medium for connecting to a virtual private network (VPN). A request to connect to a destination identified by a hostname is received from an application executed on the client device and a domain name system (DNS) lookup functionality is performed on the hostname, the DNS lookup functionality returning an address. It is then determined whether the returned address is a redirected address, whether a hypertext transmission protocol secure (HTTPS) probe configured for the hostname fails, or whether the returned address matches a cached route in which a transmission control protocol (TCP) connection establishment is unsuccessful. If any of the returned address is a redirected address, the HTTPS probe fails or the returned address matches the cached route and the TCP connection establishment is unsuccessful, the client device is connected to the VPN.

Abstract translation: 用于连接到虚拟专用网络（VPN）的方法，客户端设备和非暂时性计算机可读存储介质。 从客户端设备上执行的应用程序接收到连接到由主机名标识的目的地的请求，并且对主机名（DNS查找功能返回地址）执行域名系统（DNS）查找功能。 然后，确定返回的地址是否是重定向的地址，为主机名配置的超文本传输​​协议安全（HTTPS）探针是否失败，或者返回的地址是否匹配传输控制协议（TCP）连接建立的缓存路由 不成功。 如果任何返回的地址是重定向的地址，则HTTPS探测失败或返回的地址与缓存路由匹配，并且TCP连接建立失败，客户端设备连接到VPN。

公开(公告)号：US20160360461A1

公开(公告)日：2016-12-08

申请号：US14866796

申请日：2015-09-25

Applicant: Apple Inc.

Inventor： Franco TRAVOSTINO ,  Vu H. CHIEM ,  Thomas F. PAULY ,  Padmavathy BHOOMA

IPC: H04W36/30 ,  H04L12/751 ,  H04W36/00 ,  H04W36/14 ,  H04W76/02

CPC classification number: H04W36/30 ,  H04W36/0022 ,  H04W36/14 ,  H04W40/02 ,  H04W40/12 ,  H04W76/16 ,  H04W76/18

Abstract: The embodiments set forth techniques for avoiding network connectivity stalls at a mobile computing device. In an idle state, a performance analyzer executing on the mobile computing device is configured to passively analyze high-level network connectivity information to detect any minor issues with the network connectivity being provided by a primary interface (e.g., WiFi). When minor issues are detected, the mobile computing device transitions into an alerted state, where high emphasis is placed on using the WiFi interface and low emphasis is placed on using a secondary interface (e.g., Cellular). In the alerted state, the mobile computing device actively analyzes low-level connectivity information to detect any major issues with the WiFi interface. When major issues are detected, the mobile computing device transitions into a fallback state, where high emphasis is placed on using the Cellular interface and low emphasis is placed on using the WiFi interface.

Abstract translation: 实施例阐述了在移动计算设备处避免网络连接停顿的技术。 在空闲状态下，在移动计算设备上执行的性能分析器被配置为被动地分析高级网络连接信息以检测由主接口（例如，WiFi）提供的网络连接的任何次要问题。 当检测到小问题时，移动计算设备转变为警报状态，其中高度重视使用WiFi接口，并且低重点放在使用辅助接口（例如，蜂窝）上。 在警报状态下，移动计算设备主动分析低级连接信息以检测WiFi接口的任何主要问题。 当检测到主要问题时，移动计算设备转变为回退状态，其中高度重视使用蜂窝接口，并且重点放在使用WiFi接口。

公开(公告)号：US20160183085A1

公开(公告)日：2016-06-23

申请号：US14975535

申请日：2015-12-18

Applicant: Apple Inc.

Inventor： Vikram Bhaskara YERRABOMMANAHALLI ,  Ajoy K. SINGH ,  Krisztian KISS ,  Rohan C. MALTHANKAR ,  Thomas F. PAULY

IPC: H04W12/04 ,  H04W64/00 ,  H04W12/06 ,  H04L29/06

CPC classification number: H04W12/04 ,  H04L63/0428 ,  H04L63/107 ,  H04L65/1006 ,  H04L65/1016 ,  H04L65/1073 ,  H04W12/06 ,  H04W12/08 ,  H04W64/00

Abstract: Apparatus and methods to support location specific control to allow and/or disallow access to services through untrusted wireless networks by a wireless communication device are disclosed. One or more network elements obtain a location of the wireless communication device and selectively allow and/or disallow access to one or more cellular network services and/or one or more access point names (APNs) based on the location of the wireless communication device when connecting through an untrusted wireless network.

Abstract translation: 公开了用于支持位置特定控制以允许和/或不允许由无线通信设备通过不可信无线网络访问服务的装置和方法。 一个或多个网络元件获得无线通信设备的位置，并且基于无线通信设备的位置，选择性地允许和/或不允许访问一个或多个蜂窝网络服务和/或一个或多个接入点名称（APN） 通过不信任的无线网络连接。

公开(公告)号：US20170374110A1

公开(公告)日：2017-12-28

申请号：US15699006

申请日：2017-09-08

Applicant: APPLE INC.

Inventor： Thomas F. PAULY

IPC: H04L29/06 ,  H04L29/12 ,  H04L29/08

Abstract: A method, client device and non-transitory computer readable storage medium for connecting to a virtual private network (VPN). A request to connect to a destination identified by a hostname is received from an application executed on the client device and a domain name system (DNS) lookup functionality is performed on the hostname, the DNS lookup functionality returning an address. It is then determined whether the returned address is a redirected address, whether a hypertext transmission protocol secure (HTTPS) probe configured for the hostname fails, or whether the returned address matches a cached route in which a transmission control protocol (TCP) connection establishment is unsuccessful. If any of the returned address is a redirected address, the HTTPS probe fails or the returned address matches the cached route and the TCP connection establishment is unsuccessful, the client device is connected to the VPN.

公开(公告)号：US20150229639A1

公开(公告)日：2015-08-13

申请号：US14502786

申请日：2014-09-30

Applicant: APPLE INC.

Inventor： Najeeb M. ABDULRAHIMAN ,  Thomas F. PAULY ,  Vikram B. YERRABOMMANAHALLI

IPC: H04L29/06 ,  H04W12/06

CPC classification number: H04W12/06 ,  H04L63/0853 ,  H04L63/0884 ,  H04L63/0892 ,  H04W76/10 ,  H04W84/12

Abstract: Described are methods that allow credentials of a first client station to authenticate a second client station. An exemplary method includes associating a first client station with a second client station, the first client station including credential information, the associating authorizing the second client station to use the credential information, transmitting, by the second client station, an association request to a network, the network utilizing the credential information to authorize a connection, the second client station configured to perform a proxy functionality for requests received from the network to be forwarded to the first client station and responses received from the first client station to be forwarded to the network, determining, by the network, whether the credential information received from the second client station is authenticated and establishing a connection between the second client station and the network using the credential information of the first client station.

Abstract translation: 描述了允许第一客户端的凭证来验证第二客户端的方法。 一种示例性方法包括将第一客户端站与第二客户站相关联，第一客户端站包括凭证信息，关联授权第二客户端站使用凭证信息，由第二客户站向网络发送关联请求 ，所述网络利用所述凭证信息来授权连接，所述第二客户端站被配置为执行从所述网络接收到的请求被转发到所述第一客户端的请求的代理功能，以及从所述第一客户站接收的要被转发到所述网络的响应 由所述网络确定从所述第二客户端站接收到的所述凭证信息是否被认证，并且使用所述第一客户站的凭证信息来建立所述第二客户端站与所述网络之间的连接。

公开(公告)号：US20190312868A1

公开(公告)日：2019-10-10

申请号：US16384733

申请日：2019-04-15

Applicant: Apple Inc.

Inventor： Krisztian KISS ,  Thomas F. PAULY ,  Ajoy K. SINGH ,  Rohan C. MALTHANKAR ,  Vikram Bhaskara YERRABOMMANAHALLI ,  Rafael L. RIVERA-BARRETO

IPC: H04L29/06 ,  H04W12/06 ,  H04W76/18

Abstract: Apparatus and methods to support authentication failure handling by network elements and by a wireless communication device when attempting access to services through non-cellular wireless networks by the wireless communication device are disclosed. Error messages received from evolved packet core (EPC) network elements, such as an authentication, authorization, and accounting (AAA) server, are mapped to failure messages provided to wireless communication devices by internetworking equipment, such as an evolved packet data gateway (ePDG). The wireless communication device determines a failures cause based on the failure messages and disallows retry attempts until select criteria are satisfied.

公开(公告)号：US20170094512A1

公开(公告)日：2017-03-30

申请号：US15273165

申请日：2016-09-22

Applicant: Apple Inc.

Inventor： Krisztian KISS ,  Thomas F. PAULY ,  Ajoy K. SINGH ,  Rohan C. MALTHANKAR ,  Vikram Bhaskara YERRABOMMANAHALLI ,  Rafael L. RIVERA-BARRETO

IPC: H04W12/06 ,  H04L29/06 ,  H04W76/02

CPC classification number: H04L63/0884 ,  H04L63/0853 ,  H04W4/12 ,  H04W4/16 ,  H04W8/183 ,  H04W12/06 ,  H04W76/18 ,  H04W84/02 ,  H04W84/12 ,  H04W88/06 ,  Y02D30/30

Abstract: Apparatus and methods to support authentication failure handling by network elements and by a wireless communication device when attempting access to services through non-cellular wireless networks by the wireless communication device are disclosed. Error messages received from evolved packet core (EPC) network elements, such as an authentication, authorization, and accounting (AAA) server, are mapped to failure messages provided to wireless communication devices by internetworking equipment, such as an evolved packet data gateway (ePDG). The wireless communication device determines a failures cause based on the failure messages and disallows retry attempts until select criteria are satisfied.