Secured authentication in a dynamic IP environment

US 20050246346A1
Filed: 09/16/2004
Published: 11/03/2005
Est. Priority Date: 04/30/2004
Status: Abandoned Application

First Claim

Patent Images

1. A system for establishing a secured communication between a remote data device and a host, comprising:

a remote data device that establishes a packet data connection (1XRTT or GPRS) with a cellular carrier;

the remote data device be capable of obtaining an IP address from the cellular carrier;

the remote data device being capable of transmitting a registration request message that contains an identification code of the remote data device and the IP address, wherein the registration request message identifies the remote data device to the proxy server; and

a proxy server receiving the registration request message to identify the remote data device, the proxy server being capable of transmitting an authentication challenge message based on the registration request message so as to request the remote data device to authenticate itself, wherein the remote data device generates an authentication response message based on the authentication challenge message and sends the authentication response message to the proxy server, wherein the proxy server receives the authentication response message and generates a confirmation message to the remote data device whether a communication can be established between the remote data device and the proxy server based on the authentication response message.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In one embodiment, after establishing a packet data connection (1XRTT or GPRS) and obtaining an IP address, the remote data device registers with the proxy server using UDP packets. The remote data device periodically transmits UDP packets to the proxy server to maintain the registration and possibly any NAT/firewall translations (for the UDP session) in the cellular network. The proxy server is configured to listen on a different TCP port for the remote data device. This is a fixed port number for any given remote data device and is used for addressing the remote data device by the central data acquisition system that wants to access the remote data device. When the proxy server receives a TCP connection (from the central data acquisition system) on the port for a specific remote data device, the proxy server marks the remote data device as being busy and transmits a UDP message to the remote data device informing it that a connection is requested. If the proxy server does not receive a TCP connection from the remote data device, the proxy server transmits connection no-acknowledge message to the central data acquisition system, and marks the remote data device as being idle. Upon receipt of the connection request message, the remote data device establishes a TCP session with the proxy server. The proxy server establishes communication between the central data acquisition system and the remote data device. If the proxy server can establish communication, the proxy server terminates communication and marks the remote data device as being idle.

77 Citations

View as Search Results

35 Claims

1. A system for establishing a secured communication between a remote data device and a host, comprising:
- a remote data device that establishes a packet data connection (1XRTT or GPRS) with a cellular carrier;
  
  the remote data device be capable of obtaining an IP address from the cellular carrier;
  
  the remote data device being capable of transmitting a registration request message that contains an identification code of the remote data device and the IP address, wherein the registration request message identifies the remote data device to the proxy server; and
  
  a proxy server receiving the registration request message to identify the remote data device, the proxy server being capable of transmitting an authentication challenge message based on the registration request message so as to request the remote data device to authenticate itself, wherein the remote data device generates an authentication response message based on the authentication challenge message and sends the authentication response message to the proxy server, wherein the proxy server receives the authentication response message and generates a confirmation message to the remote data device whether a communication can be established between the remote data device and the proxy server based on the authentication response message.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The system of claim 1, wherein the registration request message further comprises a cellular component code that identifies a cellular component of the remote data device.
  - 3. The system of claim 2, wherein the identity code of the registration request message comprises one of a mobile ID number or phone number of a cellular component of the remote data device, wherein the identity code identifies the remote data device to the proxy server.
  - 4. The system of claim 2, wherein the authentication challenge message comprises the cellular component code of the registration request message and an authentication challenge code, wherein the authentication challenge code is data generated for the remote data device to process so as to generate the authentication response message.
  - 5. The system of claim 4, wherein the authentication response message comprises the identifier code of the registration request message and an authentication response code, wherein the authentication response code comprises an MD5 hash generated from using MD5 algorithm on the cellular component code, the authentication challenge code, and a password code that is shared by the remote data device and the proxy server.
  - 6. The system of claim 5, wherein the authentication challenge message comprises a challenge tracking code that tracks the number of times the authentication challenge message is sent to the remote data device, wherein the authentication response code further comprises the challenge tracking code.
  - 7. The system of claim 6, wherein the confirmation message comprises an authentication ACK message or an authentication NAK message, the proxy server being capable of receiving the authentication response message and determining whether the remote data device can communicate with the proxy server based on the authentication response message.
  - 8. The system of claim 7, wherein determining whether the remote data device can communicate with proxy server comprises matching the MD5 hash with a verification code calculated by the proxy server.
  - 9. The system of claim 1, wherein the remote data device further comprises being capable of transmitting a heartbeat message that is sent periodically to the proxy server to maintain the active status of the remote data device, and to keep the NAT/firewall translation for UDP messages open to the remote data device, the proxy server being capable of sending a server heartbeat message to the remote data device.
  - 10. The system of claim 9, wherein the remote data device further comprises being capable of receiving a restart message from the proxy server when the heartbeat message is not recognized by the proxy server as being registered and responsive to receiving the restart message, the remote data device initiates a registration process with the proxy server.
  - 11. The system of claim 1, wherein the proxy server further comprises being capable of transmitting a connection request message to the remote data device when a host request to communicate with the remote data device and responsive to receiving the connection request message, the remote data device transmits a connection acknowledgement message to the proxy server and establishes a TCP/IP connection to the proxy server for data communication with the host.

12. A method that facilitates registering a remote data device with a proxy server, the method comprising the steps of:
- establishing a packet data connection (1XRTT or GPRS) with a cellular carrier;
  
  obtaining an IP address from the cellular carrier;
  
  transmitting to a proxy server a registration request message that contains an identity code of the remote data device and the IP address, wherein the registration request message identifies the remote data device to a proxy server, wherein the registration request message is used to register with the proxy server;
  
  receiving an authentication challenge message from the proxy server to request the remote data device to authenticate itself;
  
  generating an authentication response message based on the authentication challenge message;
  
  transmitting the authentication response message to the proxy server; and
  
  receiving a confirmation message from proxy server whether a registration was achieved between the remote data device and the proxy server based on the authentication response message.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 13. The method of claim 12, wherein the registration request message further comprises a cellular component code that identifies a cellular component of the remote data device.
  - 14. The method of claim 13, wherein the identity code of the registration request message comprises one of a mobile ID number or phone number of a cellular component of the remote data device, wherein the identity code identifies the remote data device to the proxy server.
  - 15. The method of claim 14, wherein the authentication challenge message comprises the cellular component code of the registration request message and an authentication challenge code, wherein the authentication challenge code is data generated for the remote data device to process so as to generate the authentication response message.
  - 16. The method of claim 15, wherein the authentication response message comprises the identifier code of the registration request message and an authentication response code, wherein the authentication response code comprises an MD5 hash generated from using MD5 algorithm on the cellular component code, the authentication challenge code, and a password code that is shared by the remote data device and the proxy server.
  - 17. The method of claim 16, wherein the authentication challenge message comprises a challenge tracking code that tracks the number of times the authentication challenge message is sent to the remote data device, wherein the authentication response code further comprises the challenge tracking code.
  - 18. The method of claim 17, wherein the confirmation message comprises an authentication ACK message or an authentication NAK message, which indicates whether the remote data device can communicate with the proxy server based on the authentication response message.
  - 19. The method of claim 18, wherein the proxy server matches the MD5 hash with a verification code calculated by the proxy server to determine whether the remote data device can communicate with proxy server comprises.
  - 20. The method of claim 12, further comprises transmitting a heartbeat message that is sent periodically to the proxy server to maintain the active status of the remote data device and to keep the NAT/firewall translation for UDP messages open to the remote data device, and receiving a server heartbeat message from the proxy server.
  - 21. The method of claim 20, further comprising receiving a restart message from the proxy server when the heartbeat message is not recognized by the proxy server as being registered, and responsive to receiving the restart message, initiating a registration process with the proxy server.
  - 22. The method of claim 12, further comprising receiving a connection request message when a host requests to communicate with the remote data device and responsive to receiving the connection request message, the remote data device transmits a connection acknowledgement message to the proxy server and establishes a TCP/IP connection to the proxy server for data communication with the host.

23. A method that facilitates registering a remote data device with a proxy server, the method comprising the steps of:
- receiving a registration request message that contains an identity code of the remote data device and the IP address, wherein the registration request message identifies the remote data device;
  
  transmitting an authentication challenge message to the remote data device to request the remote data device to authenticate itself;
  
  receiving an authentication response message based on the authentication challenge message from the remote data device;
  
  generating a confirmation message based on the authentication response message; and
  
  transmitting a confirmation message to the remote data device whether a communication was established between the remote data device and the proxy server.
- View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31, 32, 33)
- - 24. The method of claim 23, wherein the registration request message further comprises a cellular component code that identifies a cellular component of the remote data device.
  - 25. The method of claim 24, wherein the identity code of the registration request message comprises one of a mobile ID number or phone number of a cellular component of the remote data device, wherein the identity code identifies the remote data device to the proxy server.
  - 26. The method of claim 25, wherein the authentication challenge message comprises the cellular component code of the registration request message and an authentication challenge code, wherein the authentication challenge code is data generated for the remote data device to process so as to generate the authentication response message.
  - 27. The method of claim 26, wherein the authentication response message comprises the identifier code of the registration request message and an authentication response code, wherein the authentication response code comprises an MD5 hash generated from using MD5 algorithm on the cellular component code, the authentication challenge code, and a password code that is shared by the remote data device and the proxy server.
  - 28. The method of claim 27, wherein the authentication challenge message comprises a challenge tracking code that tracks the number of times the authentication challenge message is sent to the remote data device, wherein the authentication response code further comprises the challenge tracking code.
  - 29. The method of claim 27, wherein the confirmation message comprises an authentication ACK message or an authentication NAK message, which indicates to the remote data device whether the remote data device can communicate with the proxy server based on the authentication response message.
  - 30. The method of claim 27, further comprising determining whether the remote data device can communicate with proxy server by matching the MD5 hash with a verification code calculated by the proxy server.
  - 31. The method of claim 23, further comprises receiving a heartbeat message that is sent periodically by the remote data device to maintain the active status of the remote data device, and to keep the NAT/firewall translation for UDP messages open to the remote data device;
    - and sending a server heartbeat message to the remote data device.
  - 32. The method of claim 31, further comprising transmitting a restart message to the remote data device when the heartbeat message is not recognized by the proxy server as being registered, responsive to receiving the restart message, the remote data device initiates a registration process with the proxy server.
  - 33. The method of claim 23, further comprising transmitting a connection request message when a host requests to communicate with the remote data device and responsive to receiving the connection request message, the remote data device transmits a connection acknowledgement message to the proxy server and establishes a TCP/IP connection to the proxy server for data communication with the host.

34. A computer readable medium having a proxy manager that facilitates registering a remote data device with a proxy server, the manager for performing the steps of:
- receiving a registration request message that contains an identity code of the remote data device and the IP address, wherein the registration request message identifies the remote data device;
  
  transmitting an authentication challenge message to the remote data device to request the remote data device to authenticate itself;
  
  receiving an authentication response message based on the authentication challenge message from the remote data device;
  
  generating a confirmation message based on the authentication response message; and
  
  transmitting a confirmation message to the remote data device whether a communication was established between the remote data device and the proxy server.

35. A computer readable medium having a remote manager that facilitates registering a remote data device with a proxy server, the manager for performing the steps of:
- establishing a packet data connection (1XRTT or GPRS) with a cellular carrier;
  
  obtaining an IP address from the cellular carrier;
  
  transmitting to a proxy server a registration request message that contains an identity code of the remote data device and the IP address, wherein the registration request message identifies the remote data device to a proxy server, wherein the registration request message is used to register with the proxy server;
  
  receiving an authentication challenge message from the proxy server to request the remote data device to authenticate itself;
  
  generating an authentication response message based on the authentication challenge message;
  
  transmitting the authentication response message to the proxy server; and
  
  receiving a confirmation message from proxy server whether a registration was achieved between the remote data device and the proxy server based on the authentication response message.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Transtel Group Incorporated
Original Assignee
Transtel Group Incorporated
Inventors
Dudar, Joseph A., Gerdes, Reiner J., Stearns, Fred, Davis, Samuel D.

Application Number

US10/942,195
Publication Number

US 20050246346A1
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 61/5076   Update or notification mech...

H04L 63/029   Firewall traversal, e.g. tu...

H04L 63/08   for authentication of entit...

H04L 63/126   the source of the received ...

H04L 67/561   Adding application-function...

H04L 67/563   Data redirection of data ne...

H04W 80/04   Network layer protocols, e....

Secured authentication in a dynamic IP environment

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

77 Citations

35 Claims

Specification

Solutions

Use Cases

Quick Links

Secured authentication in a dynamic IP environment

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

77 Citations

35 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links