Providing secure remote access to a device at a merchant location

US 10,332,090 B2
Filed: 08/25/2016
Issued: 06/25/2019
Est. Priority Date: 08/27/2015
Status: Active Grant

First Claim

Patent Images

1. A gateway device for providing secure connections between a point of sale (POS) system located at a merchant location and a datacenter, the gateway device comprising:

a functional unit coupled to a network interface, wherein the network interface is configured to communicate with the datacenter over a network;

wherein the functional unit is configured to;

upon initiation of a support event associated with the POS system, determine an available block of internet protocol (IP) addresses for the merchant location, wherein determining the available block of IP addresses is performed by accessing information stored in a shared storage location;

determine a local IP address of the POS system;

establish an apparent IP address of the POS system that is different than the local IP address, wherein the apparent IP address is selected from the available block of IP addresses;

initiate a secure virtual private network (VPN) tunnel from the gateway device to the datacenter, wherein the VPN tunnel uses at least a subset of the available block of IP addresses;

securely store a descriptive document in the shared storage location, wherein the descriptive document identifies the available block of IP addresses for the merchant location, and wherein the descriptive document is configured to enable the datacenter to communicate with the POS system using the apparent IP address during the support event;

during the support event, receive one or more communications from the data center addressed to the apparent IP address and translate the received one or more communications to be addressed to the local IP address; and

terminate the support event.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

System and method for providing secure connections between a point of sale (POS) system and a datacenter. Upon initiation of a support event associated with the POS system, a gateway device may determine an available block of internet protocol (IP) addresses for the merchant location, e.g., by accessing information stored in a shared storage location. The gateway device may determine a local IP address of the POS system and establish an apparent IP address of the POS system, selected from the available block of IP addresses. The gateway device may initiate a virtual private network (VPN) tunnel to the datacenter using at least a subset of the available block of IP addresses. The gateway device may securely store a descriptive document in the shared storage location identifying the available block of IP addresses for the merchant location. The gateway device may performing IP address translation during the support event.

63 Citations

View as Search Results

20 Claims

1. A gateway device for providing secure connections between a point of sale (POS) system located at a merchant location and a datacenter, the gateway device comprising:
- a functional unit coupled to a network interface, wherein the network interface is configured to communicate with the datacenter over a network;
  
  wherein the functional unit is configured to;
  
  upon initiation of a support event associated with the POS system, determine an available block of internet protocol (IP) addresses for the merchant location, wherein determining the available block of IP addresses is performed by accessing information stored in a shared storage location;
  
  determine a local IP address of the POS system;
  
  establish an apparent IP address of the POS system that is different than the local IP address, wherein the apparent IP address is selected from the available block of IP addresses;
  
  initiate a secure virtual private network (VPN) tunnel from the gateway device to the datacenter, wherein the VPN tunnel uses at least a subset of the available block of IP addresses;
  
  securely store a descriptive document in the shared storage location, wherein the descriptive document identifies the available block of IP addresses for the merchant location, and wherein the descriptive document is configured to enable the datacenter to communicate with the POS system using the apparent IP address during the support event;
  
  during the support event, receive one or more communications from the data center addressed to the apparent IP address and translate the received one or more communications to be addressed to the local IP address; and
  
  terminate the support event.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The gateway device of claim 1, wherein the merchant location comprises a plurality of devices, wherein the functional unit is further configured to establish an apparent IP address for each of the plurality of devices, wherein each apparent IP address is selected from the available block of IP addresses.
  - 3. The gateway device of claim 1, wherein determining the available block of addresses comprises:
    - accessing one or more descriptive documents stored in the shared storage location, wherein each of the one or more descriptive documents identifies a respective block of IP addresses in use; and
      
      determining an unused block of IP addresses different from each of the respective blocks of IP addresses in use.
  - 4. The gateway device of claim 3, wherein each respective block of IP addresses in use are associated with a respective merchant location, wherein the number of possible merchant locations exceeds the number of available blocks of IP addresses.
  - 5. The gateway device of claim 1, wherein the descriptive document is accessible only by the gateway device, and is securely readable over the network by the datacenter via use of a shared cryptographic key.
  - 6. The gateway device of claim 1, wherein said terminating the support event is performed automatically in response to a specified period of inactivity.
  - 7. The gateway device of claim 1, wherein said terminating the support event is performed in response to:
    - termination of the support event;
      
      a command from the POS system;
      
      ora command from the datacenter.
  - 8. The gateway device of claim 1, wherein the initiation of the support event is performed in response to:
    - input to the POS system;
      
      ora command from the datacenter.

9. A method for providing secure connections between a point of sale (POS) system located at a merchant location and a datacenter, the method comprising:
- by a gateway device at the merchant location;
  
  upon initiation of a support event associated with the POS system, determining an available block of internet protocol (IP) addresses for the merchant location, wherein determining the available block of IP addresses is performed by accessing information stored in a shared storage location;
  
  determining a local IP address of the POS system;
  
  establishing an apparent IP address of the POS system that is different than the local IP address, wherein the apparent IP address is selected from the available block of IP addresses;
  
  initiating a secure virtual private network (VPN) tunnel from the gateway device to the datacenter, wherein the VPN tunnel uses at least a subset of the available block of IP addresses;
  
  securely storing a descriptive document in the shared storage location, wherein the descriptive document identifies the available block of IP addresses for the merchant location, and wherein the descriptive document is configured to enable the datacenter to communicate with the POS system using the apparent IP address during the support event;
  
  during the support event, receiving one or more communications from the data center addressed to the apparent IP address and translating the received one or more communications to be addressed to the local IP address; and
  
  terminating the support event.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The method of claim 9, wherein the merchant location comprises a plurality of devices, wherein the functional unit is further configured to establish an apparent IP address for each of the plurality of devices, wherein each apparent IP address is selected from the available block of IP addresses.
  - 11. The method of claim 9, wherein determining the available block of addresses comprises:
    - accessing one or more descriptive documents stored in the shared storage location, wherein each of the one or more descriptive documents identifies a respective block of IP addresses in use; and
      
      determining an unused block of IP addresses different from each of the respective blocks of IP addresses in use.
  - 12. The method of claim 11, wherein each respective block of IP addresses in use are associated with a respective merchant location, wherein the number of possible merchant locations exceeds the number of available blocks of IP addresses.
  - 13. The method of claim 9, wherein the descriptive document is accessible only by the gateway device, and is securely readable over the network by the datacenter via use of a shared cryptographic key.
  - 14. The method of claim 9, wherein said terminating the support event is performed automatically in response to a specified period of inactivity.
  - 15. The method of claim 9, wherein said terminating the support event is performed in response to:
    - termination of the support event;
      
      a command from the POS system;
      
      ora command from the datacenter.
  - 16. The method of claim 9, wherein the initiation of the support event is performed in response to:
    - input to the POS system;
      
      ora command from the datacenter.

17. A non-transitory memory medium storing program instructions for providing secure connections between a point of sale (POS) system located at a merchant location and a datacenter, wherein the program instructions are executable by a processor of a gateway device at the merchant location to:
- upon initiation of a support event associated with the POS system, determine an available block of internet protocol (IP) addresses for the merchant location, wherein determining the available block of IP addresses is performed by accessing information stored in a shared storage location;
  
  determine a local IP address of the POS system;
  
  establish an apparent IP address of the POS system that is different than the local IP address, wherein the apparent IP address is selected from the available block of IP addresses;
  
  initiate a secure virtual private network (VPN) tunnel from the gateway device to the datacenter, wherein the VPN tunnel uses at least a subset of the available block of IP addresses;
  
  securely store a descriptive document in the shared storage location, wherein the descriptive document identifies the available block of IP addresses for the merchant location, and wherein the descriptive document is configured to enable the datacenter to communicate with the POS system using the apparent IP address during the support event;
  
  during the support event, receive one or more communications from the data center addressed to the apparent IP address and translate the received one or more communications to be addressed to the local IP address; and
  
  terminate the support event.
- View Dependent Claims (18, 19, 20)
- - 18. The non-transitory memory medium of claim 17, wherein determining the available block of addresses comprises:
    - accessing one or more descriptive documents stored in the shared storage location, wherein each of the one or more descriptive documents identifies a respective block of IP addresses in use; and
      
      determining an unused block of IP addresses different from each of the respective blocks of IP addresses in use.
  - 19. The non-transitory memory medium of claim 18, wherein each respective block of IP addresses in use are associated with a respective merchant location, wherein the number of possible merchant locations exceeds the number of available blocks of IP addresses.
  - 20. The non-transitory memory medium of claim 17, wherein said terminating the support event is performed automatically in response to a specified period of inactivity.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Acumera, Inc.
Original Assignee
Acumera, Inc.
Inventors
Stewart, Brett B.
Primary Examiner(s)
Ade, Garcia

Application Number

US15/247,372
Publication Number

US 20170061415A1
Time in Patent Office

1,034 Days
Field of Search

705 18
US Class Current
CPC Class Codes

G06Q 20/20   Point-of-sale [POS] network...

G06Q 20/206   comprising security or oper...

G06Q 20/3224   Transactions dependent on l...

G06Q 20/382   insuring higher security of...

H04L 63/0272   Virtual private networks

Providing secure remote access to a device at a merchant location

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

63 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Providing secure remote access to a device at a merchant location

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

63 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links