Access and control system for network-enabled devices
First Claim
1. A system for remote communications between private users through a public network while providing seamless, firewall-compliant connectivity, said system comprising:
- a first computer connectable to the public network over a first secure channel through a first firewall element, said first firewall element adapted to protect said first computer from hostile intrusion from the public network;
a second computer connectable to the public network over a second secure channel through a second firewall element, said second firewall element adapted to protect said second computer from hostile intrusion from the public network; and
a connection server operatively coupled to the public network, said connection server including means for forming a first, secure, firewall compliant connection with said first computer, and means for forming a second, secure, firewall compliant connection with said second computer, means for sending communications received from said first computer to said second computer while maintaining second firewall compliance, and means for sending communications received from said second computer to said first computer while maintaining first firewall compliance.
13 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for remote access of network-enabled devices that provide seamless, firewall-compliant connectivity between multiple users and multiple devices, that allow collaborative operations by multiple users of remote devices, that allow point to multipoint control of multiple devices and which allow rapid, secure transmission of data between remote users and devices. In general terms, the system includes at least one connection server, and at least two computers operatively coupled to the connection server via a public or global network. In an example where at least one client computer is operatively connected to at least one network-enabled device through a connection server via the public or global network, the connection server is configured to route control instructions from the client to the network-enabled device, and route data from the network-enabled device to the client.
-
Citations
127 Claims
-
1. A system for remote communications between private users through a public network while providing seamless, firewall-compliant connectivity, said system comprising:
-
a first computer connectable to the public network over a first secure channel through a first firewall element, said first firewall element adapted to protect said first computer from hostile intrusion from the public network;
a second computer connectable to the public network over a second secure channel through a second firewall element, said second firewall element adapted to protect said second computer from hostile intrusion from the public network; and
a connection server operatively coupled to the public network, said connection server including means for forming a first, secure, firewall compliant connection with said first computer, and means for forming a second, secure, firewall compliant connection with said second computer, means for sending communications received from said first computer to said second computer while maintaining second firewall compliance, and means for sending communications received from said second computer to said first computer while maintaining first firewall compliance. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27)
-
-
28. A system for remote communications between private users through a public network while providing seamless, firewall-compliant connectivity, said system comprising:
-
a client computer securely connectable to the public network through a first firewall element, said first firewall element adapted to protect said client computer from hostile intrusion from the public network;
a device control computer securely connectable to the public network through a second firewall element, and at least one network-enabled device privately networked to said device control computer, said second firewall element adapted to protect said device control computer and said at least one network-enabled device from hostile intrusion from the public network; and
at least one connection server operatively coupled to the public network, said at least one connection server including means for forming a secure, first firewall compliant connection with said client computer, and means for forming a secure, second firewall compliant connection with said device control computer and said at least one network-enabled device, means for sending communications from said client computer to said at least one network-enabled device via said device control computer while maintaining second firewall compliance, and means for sending communications from said at least one network-enabled device, received from said device control computer, to said client computer while maintaining first firewall compliance. - View Dependent Claims (29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66)
-
-
67. A distributed control structure providing for secure transmission of communications over a public network between two or more computers protected by two or more firewall elements using different criteria for restriction of communications traffic therethrough, said distributed control structure comprising:
at least one connection server operatively coupled to the public network, said at least one connection server including means for forming a first firewall compliant connection with a first of the computers, means for forming a second firewall compliant connection with a second of the computers, means for sending communications from the first computer to the second computer while maintaining second firewall compliance, and means for sending communications from the second computer to the first computer while maintaining first firewall compliance. - View Dependent Claims (68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90)
-
91. A method of establishing a private-to-public-to-private communications tunnel, wherein at least the private addresses of the communications tunnel are firewall protected, said method comprising:
-
authenticating a first computer having a first, firewall protected private address;
creating a first firewall compliant connection between a publicly addressed connection server and said first computer upon authentication of said first computer;
establishing a second firewall compliant connection between said publicly addressed connection server and a second computer having a second firewall protected private address; and
establishing the private-to-public-to-private communications tunnel, wherein said connection server routes communications from said first computer through said first firewall compliant connection and said second firewall compliant connection to said second computer, and from said second computer through said second firewall compliant connection and said first firewall compliant connection to said first computer. - View Dependent Claims (92, 93, 94, 95, 96, 97, 98, 99, 100)
-
-
101. A method for establishing a secure connection for rapid transfer of data between privately addressed, firewall protected locations over a public network, said method comprising:
-
preparing authentication data on a first computer having a first, firewall protected private address;
encrypting the authentication data using a public security key;
sending a request over the public network to a publicly addressed server, wherein the request includes the encrypted authentication data;
decrypting the encrypted authentication data at the location of the publicly addressed server using a private security key;
verifying the decrypted authentication data to determine whether the authentication data represents an authorized user;
authorizing the first computer to proceed if the authentication data represents an authorized user;
generating a secret security key on the first computer for encryption of data to be sent over the secure connection;
encrypting the secret key using the public security key and sending the encrypted secret security key to the publicly addressed server;
decrypting the encrypted secret security key at the location of the publicly addressed server using the private security key; and
establishing a second firewall compliant connection between said publicly addressed server and a second computer having a second firewall protected private address; and
establishing a private-to-public-to-private communications tunnel connecting said first computer, said publicly addressed server and said second computer. - View Dependent Claims (102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113)
-
-
114. A method of load balancing communications among a plurality of connection servers networked in a publicly addressable distributed control infrastructure which multiple computers within multiple private networks may access for establishing communications over a public network, said method comprising:
-
determining a user type of each computer to be connected by communications through said publicly addressable distributed control infrastructure in a particular session;
determining a session type of the particular session to be established;
comparing user type and session type determinations with server type information stored in at least one database connected to said distributed control infrastructure;
selecting a connection server characterized by server type information that indicates the connection server is capable of handling the determined user types and session type;
determining if the selected server is active;
determining whether or not the selected server, if active, has adequate Power to handle the connections that will be required to establish the communications for the session; and
if the selected server is active and has adequate Power, determining whether the selected server has the best available Power level for carrying out the session, based upon a calculated average Power expected for the session and Utilization Ratios of each capable, active connection server which has adequate Power. - View Dependent Claims (115)
-
-
116. A method of persistent, secure transfer of data between at least two computers over a public network, wherein the computers have separate privately addressed, firewall protected locations, said method comprising:
-
accessing a connection server operably connected to the public network by addressing a request from a first of the computers to a public address of the connection server;
establishing a secure connection between the first computer and the connection server, after which, the connection server establishes a secure connection between the connection server and at least a second of the computers, according to instructions received from the first computer as to which computers the first computer desires to communicate with;
wherein secure, full-duplex, persistent communications are established through the connection server without the need for any of the computers to know or address a private address of any of the other computers between which the communications take place. - View Dependent Claims (117, 118, 119, 120, 121, 122, 123, 124)
-
-
125. A process for remotely controlling one or more network-enabled devices by one or more client computers over a public network, wherein the one or more network-enabled devices are operatively connected within one or more different private networks and the one or more client computers are operatively connected within one or more other different private networks, at least one of the private networks being protected by a firewall element, said process comprising:
-
accessing at least one connection server by at least one of the client computers, said at least one connection server being operably connected to the public network;
establishing a secure connection between each of the at least one client computers and the at least one connection server, after which, the at least one connection server establishes a secure connection between the at least one connection server and each of the network-enabled devices requested to be connected with the at least one client computer, through at least one device control computer connected with said network-enabled devices, wherein secure, full-duplex, persistent communications are established through the connection server without the need for any of the computers to know or address a private address of any of the other computers between which the communications take place;
sending control instructions from said at least one client computer to at least one of the connected network-enabled devices, via the at least one connection server; and
receiving data at said at least one client computer received from said at least one connected network-enabled device via said at least one connection server. - View Dependent Claims (126, 127)
-
Specification