PORTABLE SECURE COMPUTING NETWORK

US 20100299518A1
Filed: 05/20/2009
Published: 11/25/2010
Est. Priority Date: 05/20/2009
Status: Active Grant

First Claim

Patent Images

1. A method for creating a secure online environment for a computing device connected to an untrusted network using a trusted computing device connected to a trusted network, comprising:

installing a proxy server on a first computing device, from a set of trusted computing devices that use one or more trusted networks for online access;

generating one or more shared encryption keys for the first computing device and a portable storage device;

initiating contact with the first computing device from a second computing device that accesses an untrusted network comprising initiating a proxy server protocol from the portable storage device using the second computing device over the untrusted network; and

creating a secure connection between the second computing device and the first computing device using the shared encryption keys.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

As provided herein, when using an untrusted network connection, a secure online environment can be created for a remote machine by connecting to a trusted computer with a trusted network connection. A proxy server is installed on a first computing device and shared encryption keys are generated for the first device and a portable storage device. A connection is initiated between a second computing device (e.g., remote device), connected to an untrusted network, and the first computing device, comprising initiating a proxy server protocol from the portable storage device (e.g., attached to the second device), using the second computing device. A secure connection between the first and second devices is created using the encryption keys.

Citations

20 Claims

1. A method for creating a secure online environment for a computing device connected to an untrusted network using a trusted computing device connected to a trusted network, comprising:
- installing a proxy server on a first computing device, from a set of trusted computing devices that use one or more trusted networks for online access;
  
  generating one or more shared encryption keys for the first computing device and a portable storage device;
  
  initiating contact with the first computing device from a second computing device that accesses an untrusted network comprising initiating a proxy server protocol from the portable storage device using the second computing device over the untrusted network; and
  
  creating a secure connection between the second computing device and the first computing device using the shared encryption keys.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, installing the proxy server from the portable storage device.
  - 3. The method of claim 1, comprising:
    - installing the proxy server on the respective computing devices in the set of trusted computing devices from the portable storage device; and
      
      generating one or more shared encryption keys for the portable storage device and the respective computing devices in the set of trusted computing devices.
  - 4. The method of claim 3, initiating contact with a first computing device, from the set of trusted computing devices, comprising selecting a desired trusted computing device from the set of trusted computing devices.
  - 5. The method of claim 3, initiating contact with a first computing device, from the set of trusted computing devices, comprising:
    - the second computing device connecting to an online centralized redirecting site;
      
      the online centralized redirecting site locating a desired trusted computing device from the set of trusted computing devices; and
      
      the online centralized redirecting site redirecting the second computing device connection to the desired trusted computing device.
  - 6. The method of claim 3, the desired trusted computing device comprising a trusted computing device that provides a desired proximity to the second computing device and a desired connection speed.
  - 7. The method of claim 1, the second computing device comprising one of:
    - a trusted computing device connecting to an untrusted network; and
      
      an untrusted computing device connecting to an untrusted network.
  - 8. The method of claim 1, comprising proxying data traffic for the second computing device that is using the untrusted network through the first computing device that is using the trusted network.
  - 9. The method of claim 8, proxying data traffic for the second computing device comprising:
    - proxying outbound data traffic from the second computing device through the first computing device to the trusted network; and
      
      proxying inbound data traffic from the trusted network through the first computing device to the second computing device.
  - 10. The method of claim 8, proxying data traffic comprising routing data traffic by proxying one or more of:
    - an application layer protocol from an Internet protocol suite; and
      
      a transport layer protocol from the Internet protocol suite.
  - 11. The method of claim 1, generating one or more shared encryption keys for the first computing device and a portable storage device comprising:
    - generating a public/private key pair for the first computing device;
      
      storing the private key on the first computing device; and
      
      writing the public key to the portable storage device.
  - 12. The method of claim 1, the shared encryption keys comprising one of:
    - symmetric encryption keys; and
      
      one-time password encryption keys.

13. A system for creating a secure online environment for a computing device connected to an untrusted network using a trusted computing device connected to a trusted network, comprising:
- a proxy server installer configured to install a proxy server on a first computing device, from a set of trusted computing devices that use one or more trusted networks for network access;
  
  an encryption key generator configured to generate one or more shared encryption keys for the first computing device and a portable storage device; and
  
  a secure connection generator disposed on the portable storage device, comprising a proxy server initiator configured to initiate a proxy server protocol from the portable storage device using a connected second computing device, where the second computing device accesses an untrusted network, and the secure connection generator configured to;
  
  initiate contact with the first computing device from the second computing device over the untrusted network using the proxy server protocol; and
  
  create a secure connection between the second computing device and the first computing device using the encryption keys over the untrusted network.
- View Dependent Claims (14, 15, 16, 17, 18, 19)
- - 14. The system of claim 13, the proxy server installer and the encryption key generator disposed on the portable storage device.
  - 15. The system of claim 13, comprising an online centralized redirector configured to facilitate connecting the second computing device to a desired trusted computing device, comprising:
    - a locator configured to locate a desired trusted computing device from the set of trusted computing devices; and
      
      a connection redirector configured to redirect a connection from the second computing device to the desired trusted computing device.
  - 16. The system of claim 15, the set of trusted computing devices configured to provide contact information for use by the online centralized redirector.
  - 17. The system of claim 15, the desired trusted computing device disposed at a desired distance from the second computing device and configured to provide a desired connection speed with the second computing device.
  - 18. The system of claim 13, the secure connection between the second computing device and the first computing device configured to proxy data traffic for the second computing device that is using the untrusted network through the first computing device that is using the trusted network.
  - 19. The system of claim 13, the encryption keys comprising one of:
    - asymmetric encryption keys;
      
      symmetric encryption keys; and
      
      one-time password encryption keys.

20. A method for creating a secure online environment for a computing device connected to an untrusted network using a trusted computing device connected to a trusted network, comprising:
- installing a proxy server from the portable storage device on respective computing devices, from a set of trusted computing devices that use one or more trusted networks for network access;
  
  generating one or more shared encryption keys for the portable storage device and the respective computing devices in the set of trusted computing devices comprising one of;
  
  generating an asymmetric public/private key pair for the first computing device, and writing the public key to the portable storage device; and
  
  generating a symmetric key and storing the key on the first computing device and the portable storage device;
  
  initiating a proxy server protocol from the portable storage device using a second computing device that accesses an untrusted network;
  
  initiating contact with a first computing device from the second computing device over the untrusted network using the proxy server protocol, comprising selecting a desired trusted computing device from the set of trusted computing devices, the desired trusted computing device comprising a trusted computing device that provides a desired proximity to the second computing device and a desired connection speed;
  
  creating a secure connection between the second computing device and the first computing device using the shared encryption keys; and
  
  proxying data traffic for the second computing device that is using the untrusted network through the first computing device that is using the trusted network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Steeves, David J., Viswanathan, Rajesh

Granted Patent

US 8,732,451 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/152
CPC Class Codes

H04L 2209/76   Proxy, i.e. using intermedi...

H04L 63/0281   Proxies

H04L 63/0435   wherein the sending and rec...

H04L 63/0485   Networking architectures fo...

H04L 63/0853   using an additional device,...

H04L 9/083   involving central third par...

PORTABLE SECURE COMPUTING NETWORK

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

PORTABLE SECURE COMPUTING NETWORK

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links