Controlling devices on an internal network from an external network
First Claim
1. A method for an intermediary selectively coupling an external network and an internal network to dynamically generate filter rules to facilitate establishing an end to end secure session connection between a first device on the internal network and a second device of the external network, the method comprising:
- receiving a secure session establishment request by the second device on the external network to establish a secure communication session with the first device on the internal network;
forwarding the secure session establishment request to the first device;
monitoring the internal network for an approval or disapproval acknowledgement by the first device for the secure session establishment request; and
if an approval authentication acknowledgement is monitored, then configuring a first filter rule of the intermediary to allow communication between the first and second devices through the intermediary.
1 Assignment
0 Petitions
Accused Products
Abstract
Various embodiments of the invention are illustrated, discussed and claimed. In some embodiments, disclosed are techniques for facilitating a control point on an external network to interact with a UPnP device on an internal network to which access is blocked by a gateway, firewall or other such device. In particular, various embodiments disclose how the UPnP Security protocol may be utilized by such an external control point to allow the control point to remotely send actions to, query the state of, and/or otherwise securely access desired internal network UPnP devices.
-
Citations
37 Claims
-
1. A method for an intermediary selectively coupling an external network and an internal network to dynamically generate filter rules to facilitate establishing an end to end secure session connection between a first device on the internal network and a second device of the external network, the method comprising:
-
receiving a secure session establishment request by the second device on the external network to establish a secure communication session with the first device on the internal network;
forwarding the secure session establishment request to the first device;
monitoring the internal network for an approval or disapproval acknowledgement by the first device for the secure session establishment request; and
if an approval authentication acknowledgement is monitored, then configuring a first filter rule of the intermediary to allow communication between the first and second devices through the intermediary. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A method for communicating with a device by way of an intermediary selectively coupling an external network and an internal network, comprising:
-
receiving a presence advertisement for the device;
storing a network address associated with the first device;
determining services offered by the device; and
while on the external network, issuing a secure communication initiation request to the device via the intermediary. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. A system of devices communicatively coupled with an internal network and an external network via a gateway, comprising:
-
a first device, communicatively coupled to the internal network, offering services;
a second device selectively coupled with the internal and external networks, the second device seeking a service of the first device, wherein when requesting the service, said requesting includes sending a secure communication initiation request to the first device to facilitate establishing a secure communication session with the first device; and
an intermediary selectively communicatively coupling the first and second devices, wherein the intermediary is configured to receive a secure communication initiation request from the second device over the external network and forward the request to the first device. - View Dependent Claims (24, 25, 26)
-
-
27. An article comprising a machine-accessible media having associated data for an intermediary selectively coupling an external network and an internal network to dynamically generate filter rules to facilitate establishing an end to end secure session connection between a first device on the internal network and a second device of the external network, wherein the data, when accessed, results in the intermediary performing:
-
receiving a secure session establishment request by a second device on the external network to establish a secure communication session with a first device on the internal network;
forwarding the secure session establishment request to the first device;
monitoring the internal network for an approval or disapproval acknowledgement by the first device for the secure session establishment request; and
if an approval authentication acknowledgement is monitored, then configuring a first filter rule of the intermediary to allow communication between the first and second devices through the intermediary. - View Dependent Claims (28, 29, 30, 31)
-
-
32. An article comprising a machine-accessible media having associated data for communicating with a device by way of an intermediary selectively coupling an external network and an internal network, wherein the data, when accessed, results in a machine performing:
-
receiving a presence advertisement for the device;
storing a network address associated with the first device;
determining services offered by the device; and
while on the external network, issuing a secure communication initiation request to the device via the intermediary. - View Dependent Claims (33, 34, 35)
-
-
36. Machine-accessible information for an intermediary selectively coupling an external network and an internal network embodied in a propagated signal which, when accessed, results in the intermediary performing:
-
receiving a secure session establishment request by a second device on the external network to establish a secure communication session with a first device on the internal network;
forwarding the secure session establishment request to the first device;
monitoring the internal network for an approval or disapproval acknowledgement by the first device for the secure session establishment request; and
if an approval authentication acknowledgement is monitored, then configuring a first filter rule of the intermediary to allow communication between the first and second devices through the intermediary. - View Dependent Claims (37)
-
Specification