SYSTEM AND METHOD FOR SECURING REMOTE ADMINISTRATIVE ACCESS TO A PROCESSING DEVICE

US 20070260722A1
Filed: 06/06/2007
Published: 11/08/2007
Est. Priority Date: 09/30/2003
Status: Active Grant

First Claim

Patent Images

1. A system for securing remote administrative access to a processing device comprising:

means adapted for receiving a series of incoming binary data packets at a designated port associated with administrative control of an associated processing device, each data packet including source data, destination data, and a data portion adapted for communicating administrative control data for administrative control of the processing device;

means adapted for receiving binary mask data defining an address space from which administrative control is acceptable;

means adapted for receiving binary reference address data representative of at least one address within an address range defined by the address space;

means adapted for generating a first binary value in accordance with a comparison binary reference data with mask data;

means adapted for generating a second binary value in accordance with a comparison of an incoming data packet with mask data;

determining means adapted for determining acceptability of incoming binary data packets in accordance with a comparison of first and second binary values associated therewith; and

means adapted for selectively commencing processing of received administrative control by the processing device data in accordance with an output of the determining means.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The subject application is directed to a system and method for securing remote administrative access to a processing device. Incoming data packets, including source data, destination data, and a data portion for administrative control of a processing device are received at a designated port associated with administrative control. Binary mask data defining an address space from which control is acceptable is then received. Binary reference address data representing an address with an address range within the address space is received. A first binary value is generated via a comparison of the reference data and the mask data. A second binary value is generated via a comparison of an incoming data packet and the mask data. The acceptability of the packet is determined based on comparing the first value with the second value. Processing of received administrative control by the processing device is then selectively commenced based on the value comparison.

51 Citations

View as Search Results

18 Claims

1. A system for securing remote administrative access to a processing device comprising:
- means adapted for receiving a series of incoming binary data packets at a designated port associated with administrative control of an associated processing device, each data packet including source data, destination data, and a data portion adapted for communicating administrative control data for administrative control of the processing device;
  
  means adapted for receiving binary mask data defining an address space from which administrative control is acceptable;
  
  means adapted for receiving binary reference address data representative of at least one address within an address range defined by the address space;
  
  means adapted for generating a first binary value in accordance with a comparison binary reference data with mask data;
  
  means adapted for generating a second binary value in accordance with a comparison of an incoming data packet with mask data;
  
  determining means adapted for determining acceptability of incoming binary data packets in accordance with a comparison of first and second binary values associated therewith; and
  
  means adapted for selectively commencing processing of received administrative control by the processing device data in accordance with an output of the determining means.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The system of claim 1 wherein the determining means include means adapted for determining acceptable incoming binary data as that disposed within the address range in accordance with a received range allow instruction.
  - 3. The system of claim 1 wherein the determining means includes means adapted for determining acceptable incoming binary data as that disposed outside the address range in accordance with a received range reject instruction.
  - 4. The system of claim 1 wherein first and second binary values are generated by completion of a respective logical AND operations between mask data with received binary reference data and mask data with an incoming data packet.
  - 5. The system of claim 4 further comprising:
    - means adapted for receiving additional binary mask data defining at least one additional corresponding address space from which administrative control is acceptable;
      
      means adapted for receiving additional binary reference address data representative of at least one additional corresponding address within an address range defined thereby;
      
      means adapted for generating at least one additional first binary value, each corresponding to a comparison of additional binary reference data with mask data;
      
      means adapted for generating at least one additional second binary value in accordance with a comparison of an incoming data packet with additional binary mask data; and
      
      the determining means including means adapted for determining acceptability of incoming binary data packets in accordance with a comparison of additional first and second binary values.
  - 6. The system of claim 1 wherein mask data and reference address data is received via an associated thin client interface.

7. A method for securing remote administrative access to a processing device comprising the steps of:
- receiving a series of incoming binary data packets at a designated port associated with administrative control of an associated processing device, each data packet including source data, destination data, and a data portion adapted for communicating administrative control data for administrative control of the processing device;
  
  receiving binary mask data defining an address space from which administrative control is acceptable;
  
  receiving binary reference address data representative of at least one address within an address range defined by the address space;
  
  generating a first binary value in accordance with a comparison binary reference data with mask data;
  
  generating a second binary value in accordance with a comparison of an incoming data packet with mask data;
  
  determining acceptability of incoming binary data packets in accordance with a comparison of first and second binary values associated therewith; and
  
  selectively commencing processing of received administrative control by the processing device data in accordance with an output of the determining step.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The method of claim 7 wherein the step of determining acceptability of incoming binary packets includes determining acceptable incoming binary data as that disposed within the address range in accordance with a received range allow instruction.
  - 9. The method of claim 7 wherein the step of determining acceptability of incoming binary packets includes determining acceptable incoming binary data as that disposed outside the address range in accordance with a received range reject instruction.
  - 10. The method of claim 7 wherein first and second binary values are generated by completion of a respective logical AND operations between mask data with received binary reference data and mask data with an incoming data packet.
  - 11. The method of claim 10 further comprising the steps of:
    - receiving additional binary mask data defining at least one additional corresponding address space from which administrative control is acceptable;
      
      receiving additional binary reference address data representative of at least one additional corresponding address within an address range defined thereby;
      
      generating at least one additional first binary value, each corresponding to a comparison of additional binary reference data with mask data;
      
      generating at least one additional second binary value in accordance with a comparison of an incoming data packet with additional binary mask data; and
      
      determining acceptability of incoming binary data packets in accordance with a comparison of additional first and second binary values.
  - 12. The method of claim 7 wherein mask data and reference address data is received via an associated thin client interface.

13. A computer-implemented method for securing remote administrative access to a processing device comprising the steps of:
- receiving a series of incoming binary data packets at a designated port associated with administrative control of an associated processing device, each data packet including source data, destination data, and a data portion adapted for communicating administrative control data for administrative control of the processing device;
  
  receiving binary mask data defining an address space from which administrative control is acceptable;
  
  receiving binary reference address data representative of at least one address within an address range defined by the address space;
  
  generating a first binary value in accordance with a comparison binary reference data with mask data;
  
  generating a second binary value in accordance with a comparison of an incoming data packet with mask data;
  
  determining acceptability of incoming binary data packets in accordance with a comparison of first and second binary values associated therewith; and
  
  selectively commencing processing of received administrative control by the processing device data in accordance with an output of the determining step.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The computer-implemented method of claim 13 wherein the step of determining acceptability of incoming binary packets includes determining acceptable incoming binary data as that disposed within the address range in accordance with a received range allow instruction.
  - 15. The computer-implemented method of claim 13 wherein the step of determining acceptability of incoming binary packets includes determining acceptable incoming binary data as that disposed outside the address range in accordance with a received range reject instruction.
  - 16. The computer-implemented method of claim 13 wherein first and second binary values are generated by completion of a respective logical AND operations between mask data with received binary reference data and mask data with an incoming data packet.
  - 17. The computer-implemented method of claim 16 further comprising the steps of:
    - receiving additional binary mask data defining at least one additional corresponding address space from which administrative control is acceptable;
      
      receiving additional binary reference address data representative of at least one additional corresponding address within an address range defined thereby;
      
      generating at least one additional first binary value, each corresponding to a comparison of additional binary reference data with mask data;
      
      generating at least one additional second binary value in accordance with a comparison of an incoming data packet with additional binary mask data; and
      
      determining acceptability of incoming binary data packets in accordance with a comparison of additional first and second binary values.
  - 18. The computer-implemented method of claim 13 wherein mask data and reference address data is received via an associated thin client interface.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Kabushiki Kaisha Toshiba (Toshiba Corporation), Toshiba Tec Corporation (Toshiba Corporation)
Original Assignee
Kabushiki Kaisha Toshiba (Toshiba Corporation), Toshiba Tec Corporation (Toshiba Corporation)
Inventors
LEE, Sheng

Granted Patent

US 7,603,456 B2
Time in Patent Office

Days
Field of Search
US Class Current

709/223
CPC Class Codes

H04L 43/028 by filtering

H04L 63/0227 Filtering policies mail mes...

SYSTEM AND METHOD FOR SECURING REMOTE ADMINISTRATIVE ACCESS TO A PROCESSING DEVICE

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

51 Citations

18 Claims

Specification

Use Cases

Quick Links

Others

SYSTEM AND METHOD FOR SECURING REMOTE ADMINISTRATIVE ACCESS TO A PROCESSING DEVICE

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

51 Citations

18 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others