System and method for managing devices relayed via an established session

US 10,095,571 B2
Filed: 01/04/2017
Issued: 10/09/2018
Est. Priority Date: 01/04/2016
Status: Active Grant

First Claim

Patent Images

1. A system for managing, auditing and troubleshooting at least one IP device, said system comprising:

a bridge device that relays a connection between an agent device and said at least one IP device to manage, audit and troubleshoot said at least one IP device, wherein said bridge device comprises;

a memory that stores a set of instructions; and

a processor that executes said set of instructions, said set of instructions comprising;

initiating a first secure connection with, or responding to a connection request from an admin device;

obtaining information associated with said at least one IP device from said admin device, wherein said information comprises an identity of said at least one IP device;

connecting to a device registry and downloading information associated with said at least one IP device, wherein said device registry stores said identity and access credentials of said at least one IP device to connect with said at least one IP device;

determining whether a connector to connect with said at least one IP device is installed in said bridge device;

communicating a request to said admin device and obtaining, from said admin device, (a) a uniform resource locator (URL) of a connector store, or (b) a location, from where a connector to connect with said at least one IP device is to be downloaded when said connector to connect with said at least one IP device is not installed in said bridge device;

downloading and installing said connector to connect with said at least one IP device as a plug-in module in said bridge device;

forming or joining a second secure connection with said agent device (108) to manage, audit and troubleshoot said at least one IP device;

forming, on approval from said admin device, a third secure connection, using said connector, between said bridge device and said at least one IP device;

securing and relaying information from said second secure connection to said third secure connection when said second secure connection and said third secure connection are connected together, wherein said information is secured end-to-end to prevent tampering, wherein said bridge device restricts session participants other than those using said agent device from accessing said information unless said agent device allows said session participants to interact with said at least one IP device, based on rules enforced by policy filters; and

obtaining, using said admin device, said policy filters and one or more input output (IO) masks and providing said policy filters and said one or more IO masks to said connector to manage, audit and troubleshoot said at least one IP device, wherein said policy filters determine how said session participants interact with said at least one IP device and said one or more IO masks comprise rules that determine what is seen by said each of session participants or what needs to be masked to manage, audit and troubleshoot said at least one IP device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The embodiments herein provide a system and a method managing, auditing and troubleshooting an IP device. The system comprises a bridge device that (a) initiates a first secure connection with, or responds to a connection request from an admin device, (b) connects to a device registry and downloads information associated with the IP device, (c) downloads and installs a connector to connect with the IP device as a plug-in module, (d) forms or joins a second secure connection with the agent device to manage, audit and troubleshoot IP device, (e) forms, on approval from the admin device, a third secure connection, between the bridge device and the IP device and (f) secures and relays information from the second secure connection to the third secure connection when the second secure connection and the third secure connection are connected together.

Citations

20 Claims

1. A system for managing, auditing and troubleshooting at least one IP device, said system comprising:
- a bridge device that relays a connection between an agent device and said at least one IP device to manage, audit and troubleshoot said at least one IP device, wherein said bridge device comprises;
  
  a memory that stores a set of instructions; and
  
  a processor that executes said set of instructions, said set of instructions comprising;
  
  initiating a first secure connection with, or responding to a connection request from an admin device;
  
  obtaining information associated with said at least one IP device from said admin device, wherein said information comprises an identity of said at least one IP device;
  
  connecting to a device registry and downloading information associated with said at least one IP device, wherein said device registry stores said identity and access credentials of said at least one IP device to connect with said at least one IP device;
  
  determining whether a connector to connect with said at least one IP device is installed in said bridge device;
  
  communicating a request to said admin device and obtaining, from said admin device, (a) a uniform resource locator (URL) of a connector store, or (b) a location, from where a connector to connect with said at least one IP device is to be downloaded when said connector to connect with said at least one IP device is not installed in said bridge device;
  
  downloading and installing said connector to connect with said at least one IP device as a plug-in module in said bridge device;
  
  forming or joining a second secure connection with said agent device (108) to manage, audit and troubleshoot said at least one IP device;
  
  forming, on approval from said admin device, a third secure connection, using said connector, between said bridge device and said at least one IP device;
  
  securing and relaying information from said second secure connection to said third secure connection when said second secure connection and said third secure connection are connected together, wherein said information is secured end-to-end to prevent tampering, wherein said bridge device restricts session participants other than those using said agent device from accessing said information unless said agent device allows said session participants to interact with said at least one IP device, based on rules enforced by policy filters; and
  
  obtaining, using said admin device, said policy filters and one or more input output (IO) masks and providing said policy filters and said one or more IO masks to said connector to manage, audit and troubleshoot said at least one IP device, wherein said policy filters determine how said session participants interact with said at least one IP device and said one or more IO masks comprise rules that determine what is seen by said each of session participants or what needs to be masked to manage, audit and troubleshoot said at least one IP device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The system of claim 1, further comprising a policy server that provides said set of policies, wherein said set of policies comprise commands to execute on or responses from said at least one IP device based on said session participants and a current state of a decision tree.
  - 3. The system of claim 2, wherein said policy filters comprise said decision tree, wherein said decision tree determines how said session participants interact with said at least one IP device, wherein an interaction with said at least one IP device comprises at least one of said commands or requests that are communicated by said session participants.
  - 4. The system of claim 3, wherein said decision tree is stateless or depends on at least one of (a) state of said at least one IP device or (b) an outcome of an earlier command.
  - 5. The system of claim 1, wherein said one or more IO masks control visibility of said information from said session participants, wherein said one or more IO masks determine what commands or requests are visible in said admin device, said bridge device, or a monitoring, recording and supervising server when said information is transferred from said agent device to said at least one IP device, wherein said one or more IO masks determine what said information is visible in said agent device, said bridge device, said admin device or said monitoring, recording and supervising server when said information is returned from said at least one IP device to said agent device.
  - 6. The system of claim 1, further comprising a conference server that permits or blocks one or more devices from being a part of a session, wherein said one or more devices comprise at least one of said agent device or said admin device.
  - 7. The system of claim 1, further comprising said monitoring, recording and supervising server that listens into said session and records said session unless said agent device approves an additional interaction with said at least one IP device.
  - 8. The system of claim 1, further comprising an original equipment manufacturer (OEM) policy server that provides said set of policies from an original equipment manufacturer (OEM) to said admin device, wherein said set of policies are updated and stored in said policy server to manage, audit and troubleshoot said at least one IP device.
  - 9. The system of claim 1, wherein unencrypted information is transferred between a sender and a receiver of said session and secured with a hash that is encrypted, and signed by said sender, wherein said receiver (a) decodes said hash, (b) validates whether said hash is received from said sender, (c) receives said information, (d) computes said hash and (e) verifies said information with said decoded hash before processing said information.
  - 10. The system of claim 1, wherein said set of instructions executed by said processor further comprises breaking said third secure connection when said second secure connection is broken down for any reason, wherein said third secure connection is a slave of said second secure connection.
  - 11. The system of claim 1, wherein said set of instructions executed by said processor further comprises automatically re-initiating said third secure connection when said second secure connection is up and said third secure connection is down, wherein said processor notifies said admin device and said agent device, and performs further actions to re-initiate said third secure connection based on at least one of (a) instructions received from said admin device or (b) a request received from said agent device.
  - 12. The system of claim 1, wherein said set of instructions executed by said processor further comprises performing a pre-approved list of tasks for managing said at least one IP device when said admin device drops said first secure connection.

13. One or more non-transitory computer readable storage mediums storing one or more sequences of instructions, which when executed by one or more processors, causes managing, auditing and troubleshooting of at least one IP device, by performing the steps of:
- obtaining a set of policies from original equipment manufacturer (OEM) policy server, wherein said set of policies comprise at least one of (a) commands to be performed to manage, audit and troubleshoot said at least one IP device or (b) responses;
  
  updating said set of policies obtained from said OEM policy server to revoke permissions on at least one of (a) said commands or (b) said visibility of information from an agent device, a bridge device or an admin device, wherein said admin device is restricted to include additional permissions over said set of policies that are obtained from said OEM policy server;
  
  storing said updated set of policies in an internal policy server;
  
  determining an identity of said at least one IP device from at least one of (a) fault reporting mechanisms or (b) a request initiated by said agent device;
  
  initiating a first secure connection with, or responding to a connection request from said bridge device, wherein information associated with said identity of said at least one IP device is communicated to said bridge device;
  
  determining whether said bridge device comprises a connector to initiate a connection with said at least one IP device;
  
  obtaining a request from said bridge device and communicating, to said bridge device, (a) a uniform resource locator (URL) of a connector store or (b) a location from where a connector to connect with said at least one IP device is to be downloaded when said connector to connect with said at least one IP device is not installed in said bridge device;
  
  forming a session or responding to a session creation request made by said agent device to (a) authenticate said agent device and (b) connect said agent device with said bridge device to manage, audit and troubleshoot said at least one IP device when said commands, provided by said agent device, are presented in said set of policies provided by said OEM policy server or said internal policy server; and
  
  providing information to said bridge device to at least one of (a) connect with said at least one IP device to manage, audit and troubleshoot said at least one IP device, (b) join said session or (c) perform session management operations.
- View Dependent Claims (14)
- - 14. The one or more non-transitory computer readable storage mediums storing one or more sequences of instructions of claim 13, which when executed by one or more processors further causes providing information to said bridge device to obtain policy filters and input output (IO) masks from said OEM policy server or said internal policy server.

15. A computer implemented method for managing, auditing and troubleshooting of at least one IP device, said method comprising:
- initiating a first secure connection with, or responding to a connection request from an admin device;
  
  obtaining information associated with said at least one IP device from said admin device, wherein said information comprises an identity of said at least one IP device;
  
  connecting to a device registry and downloading information associated with said at least one IP device, wherein said device registry stores said identity and access credentials of said at least one IP device to connect with said at least one IP device;
  
  determining whether a connector to connect with said at least one IP device is installed in said bridge device;
  
  communicating a request to said admin device and obtaining, from said admin device, (a) a uniform resource locator (URL) of a connector store, or (b) a location, from where a connector to connect with said at least one IP device is to be downloaded when said connector to connect with said at least one IP device is not installed in said bridge device;
  
  downloading and installing said connector to connect with said at least one IP device as a plug-in module in said bridge device;
  
  forming or joining a second secure connection with said agent device to manage, audit and troubleshoot said at least one IP device;
  
  forming, on approval from said admin device, a third secure connection, using said connector, between said bridge device and said at least one IP device;
  
  securing and relaying information from said second secure connection to said third secure connection when said second secure connection and said third secure connection are connected together, wherein said information is secured end-to-end to prevent tampering, wherein said bridge device restricts session participants other than those using said agent device from accessing said information unless said agent device allows said session participants to interact with said at least one IP device, based on rules enforced by policy filters; and
  
  obtaining, using said admin device, said policy filters and one or more input output (IO) masks and providing said policy filters and said one or more IO masks to said connector to manage, audit and troubleshoot said at least one IP device.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The computer implemented method of claim 15, further comprising breaking said third secure connection when said second secure connection is broken down for any reason, wherein said third secure connection is a slave of said second secure connection.
  - 17. The computer implemented method of claim 15, further comprising (a) automatically re-initiating said third secure connection when said second secure connection is up and said third secure connection is down and (b) notifying said admin device and said agent device, and performing further actions to re-initiate said third secure connection based on at least one of (a) instructions received from said admin device or (b) a request received from said agent device.
  - 18. The computer implemented method of claim 15, further comprising listening into a session and recording said session using a monitoring, recording and supervising server unless said agent device approves an additional interaction with said at least one IP device.
  - 19. The computer implemented method of claim 15, wherein said policy filters comprise said decision tree, wherein said decision tree determines how said session participants interact with said at least one IP device, wherein an interaction with said at least one IP device comprises at least one of said commands or requests that are communicated by said session participants.
  - 20. The computer implemented method of claim 15, wherein said one or more IO masks control visibility of said information from said session participants, wherein said one or more IO masks determine what commands or requests are visible in said admin device, said bridge device, or said monitoring, recording and supervising server when said information is transferred from said agent device to said at least one IP device, wherein said one or more IO masks determine what said information is visible in said agent device, said bridge device, said admin device or said monitoring, recording and supervising server when said information is returned from said at least one IP device to said agent device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Smarterhi Communications Private Limited
Original Assignee
Smarterhi Communications Private Limited
Inventors
Narayanan, Srinivasan, Vasudev, Pradeep
Primary Examiner(s)
TRUONG, LOAN

Application Number

US15/397,799
Publication Number

US 20170192835A1
Time in Patent Office

643 Days
Field of Search
US Class Current
CPC Class Codes

H04L 41/06   Management of faults, event...

H04L 41/0809   Plug-and-play configuration

H04L 41/0893   Assignment of logical group...

H04L 41/0894   Policy-based network config...

H04L 41/28   Restricting access to netwo...

H04L 41/344   Out-of-band transfers

System and method for managing devices relayed via an established session

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for managing devices relayed via an established session

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links