Proxy method and system for secure wireless administration of managed entities
First Claim
1. A system, for securing communication between a WID and a Proxy having access to an encrypted service database for storing information respecting said WID and information respecting at least one User of said WID, comprising:
- an identifier for said WID, stored encrypted on said WID and stored unencrypted in said service database, a password for said WID, stored encrypted on said WID and in said service database, a secret key pre-shared between said WID and said Proxy, a site key for encrypting said service database and decrypting said password for said WID stored encrypted in said service database, a communications key algorithm using both said identifier for said WID and said password for said WID, for the purpose of generating a communications key, a first message for the purpose of said WID requesting a connection to said Proxy, said first message comprising two parts, one part including said identifier for said WID encrypted with said secret key, and a second part including an encoded command and parameters for said command, said second part encrypted with said communications key, a session key for encrypting messages after a session is established, at least one token for validating messages within a session, and a second message for the purpose of said Proxy providing to said WID said token and said session key, said second message encrypted with said communications key, whereupon the receipt of said token and said session key said WID is enabled to provide at least one further message to said Proxy by returning said token within said message to said Proxy.
1 Assignment
0 Petitions
Accused Products
Abstract
A method, system and apparatus are described for avoiding the use of a web-server or generic security when providing network administration services remotely to managed entities using wireless technology. Instead a true Proxy device, not operating as a web-server, is used to preprocess all command traffic from wireless input devices (WID). The intervention between the WID and the managed entities of the Proxy isolating the managed entities from the WID, enhanced by encoding using a novel messaging protocol, further enhanced by a novel security model based on multiple pre-shared keys and algorithms together with identifiers and passwords that are not transmitted, achieves several bandwidth and security advantages including the ability to deliver TELNET services across the Internet and behind a firewall.
72 Citations
3 Claims
-
1. A system, for securing communication between a WID and a Proxy having access to an encrypted service database for storing information respecting said WID and information respecting at least one User of said WID, comprising:
-
an identifier for said WID, stored encrypted on said WID and stored unencrypted in said service database, a password for said WID, stored encrypted on said WID and in said service database, a secret key pre-shared between said WID and said Proxy, a site key for encrypting said service database and decrypting said password for said WID stored encrypted in said service database, a communications key algorithm using both said identifier for said WID and said password for said WID, for the purpose of generating a communications key, a first message for the purpose of said WID requesting a connection to said Proxy, said first message comprising two parts, one part including said identifier for said WID encrypted with said secret key, and a second part including an encoded command and parameters for said command, said second part encrypted with said communications key, a session key for encrypting messages after a session is established, at least one token for validating messages within a session, and a second message for the purpose of said Proxy providing to said WID said token and said session key, said second message encrypted with said communications key, whereupon the receipt of said token and said session key said WID is enabled to provide at least one further message to said Proxy by returning said token within said message to said Proxy. - View Dependent Claims (2)
-
-
3. A method of abstracting Identifiers for the purpose of keeping the Identifiers secret longer by making them more difficult to guess, crack, or otherwise improperly access for enhancing the security used to control User access to wireless network administration services, having a site key, a communication key algorithm, and a hashing algorithm comprising the steps:
-
assign an identifier to said device, assign a device password to said device, apply said device password as a seed to said communication key algorithm and generate a communication key, encrypt said device password using said site key and store said device password only in encrypted form, assign a separate identifier to said User, accept a separate User password selected by said User, apply said User password as a seed to said hashing algorithm and generate a hash value, delete said User password, transmit said hash value in lieu of said User password.
-
Specification