SECURITY GATEWAY COMMUNICATION

US 20140215642A1
Filed: 07/20/2012
Published: 07/31/2014
Est. Priority Date: 07/20/2011
Status: Active Grant

First Claim

Patent Images

1. A method in a gateway device for establishing a communication channel between a client device communicatively coupled to a client interface of the gateway device and a server communicatively coupled to a host interface of the gateway device, the method comprising:

receiving client messages on the client interface,refraining from sending a client response message out the client interface until a predetermined sequence of client messages is received on the client interface;

sending a predetermined sequence of server messages out the host interface; and

establishing a communication channel to communicate user messages between the client device and the server, the communication channel being established after;

receiving the predetermined sequence of client messages on the client interface; and

receiving a server response message on the host interface only after the predetermined sequence of server messages has been sent by the gateway device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A gateway device and methods performed therein to prevent unauthorized client devices from connecting to the host network of the gateway device is described. The gateway device does not respond right away to an individual client message sent to the gateway device. Instead, the gateway device only responds to a predetermined sequence of the client messages, which is only known to the gateway device and authorized client devices. Because the gateway device will not respond to random client messages and the likelihood that an unauthorized client device can correctly guess the predetermined sequence of the client messages is low, the risk of a malicious party being able to hack into the host network, for example, by using port scanning techniques, can be mitigated.

Citations

22 Claims

1. A method in a gateway device for establishing a communication channel between a client device communicatively coupled to a client interface of the gateway device and a server communicatively coupled to a host interface of the gateway device, the method comprising:
- receiving client messages on the client interface,refraining from sending a client response message out the client interface until a predetermined sequence of client messages is received on the client interface;
  
  sending a predetermined sequence of server messages out the host interface; and
  
  establishing a communication channel to communicate user messages between the client device and the server, the communication channel being established after;
  
  receiving the predetermined sequence of client messages on the client interface; and
  
  receiving a server response message on the host interface only after the predetermined sequence of server messages has been sent by the gateway device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, wherein the predetermined sequence of client messages is a predetermined sequence of client synchronize messages, and the predetermined sequence of server messages is a predetermined sequence of server synchronize messages.
  - 3. The method of claim 2, wherein the client interface comprises a plurality of client ports, and the predetermined sequence of client messages comprises client synchronize messages that are received on the plurality of client ports in a predetermined client port order.
  - 4. The method of claim 2, wherein the predetermined sequence of server synchronize messages comprises server synchronize messages having a predetermined order of destination port identifiers.
  - 5. The method of claim 2, further comprising:
    - sending, in response to receiving the predetermined sequence of client synchronize messages, a predetermined sequence of client synchronize-acknowledgment messages out the client interface; and
      
      receiving a client acknowledge message on the client interface only after the predetermined sequence of client synchronize-acknowledgment messages has been sent by the gateway device, wherein the communication channel is established after receiving the client acknowledge message.
  - 6. The method of claim 1, further comprising:
    - receiving the user messages on the established communication channel from the client device, wherein the user messages include authentication codes;
      
      verifying, by the gateway device, the authentication codes of the user messages; and
      
      transmitting the verified user messages to the server on the established communication channel.
  - 7. The method of claim 1, further comprising:
    - receiving the user messages on the established communication channel from the client device in an encrypted format;
      
      decrypting, by the gateway device, the user messages; and
      
      transmitting the user messages to the server on the established communication channel.
  - 8. The method of claim 7, further comprising:
    - re-encrypting, by the gateway device, the user messages prior to transmitting the user messages to the server.
  - 9. The method of claim 7, wherein the client device is communicatively coupled to a wireless provider network, and the user messages originated from a mobile device as Short Message Service (SMS) messages or Unstructured Supplementary Service Data (USSD) messages.
  - 10. The method of claim 7, wherein the user messages originated from a mobile device as Radio Frequency (RF) communications or Near Field Communication (NFC) communications.
  - 11. The method of claim 7, wherein the user messages are associated with payment transactions.

12. A gateway device comprising:
- a client interface including a plurality of client ports;
  
  a host interface including a plurality of host ports;
  
  a processor coupled to the client interface and the host interface; and
  
  a machine readable storage medium storing executable program code, which when executed by the processor, causes the processor to;
  
  receive client messages on the client interface from a client device,refrain from sending a client response message out the client interface until a predetermined sequence of client messages is received on the client interface;
  
  send a predetermined sequence of server messages out the host interface to a server; and
  
  establish a communication channel to communicate user messages between the client device and the server, the communication channel being established after receiving the predetermined sequence of client messages on the client interface, and receiving a server response message on the host interface only after the predetermined sequence of server messages has been sent.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 13. The gateway device of claim 12, wherein the predetermined sequence of client messages is a predetermined sequence of client synchronize messages, and the predetermined sequence of server messages is a predetermined sequence of server synchronize messages.
  - 14. The gateway device of claim 13, wherein the client interface comprises a plurality of client ports, and the predetermined sequence of client messages comprises client synchronize messages that are received on the plurality of client ports in a predetermined client port order.
  - 15. The gateway device of claim 13, wherein the predetermined sequence of server synchronize messages comprises server synchronize messages having a predetermined order of destination port identifiers.
  - 16. The gateway device of claim 13, wherein the machine readable storage medium storing executable program code, which when executed by the processor, further causes the processor to:
    - send, in response to receiving the predetermined sequence of client synchronize messages, a predetermined sequence of client synchronize-acknowledgment messages out the client interface; and
      
      receive a client acknowledge message on the client interface only after the predetermined sequence of client synchronize-acknowledgment messages has been sent, wherein the communication channel is established after the client acknowledge message is received.
  - 17. The gateway device of claim 12, wherein the machine readable storage medium storing executable program code, which when executed by the processor, further causes the processor to:
    - receive the user messages on the established communication channel from the client device, wherein the user messages include authentication codes;
      
      verify the authentication codes of the user messages; and
      
      transmit the verified user messages to the server on the established communication channel.
  - 18. The gateway device of claim 12, wherein the machine readable storage medium storing executable program code, which when executed by the processor, further causes the processor to:
    - receive the user messages on the established communication channel from the client device in an encrypted format;
      
      decrypt the user messages; and
      
      transmit the user messages to the server on the established communication channel.
  - 19. The gateway device of claim 18, wherein the machine readable storage medium storing executable program code, which when executed by the processor, further causes the processor to:
    - re-encrypt the user messages prior to transmitting the user messages to the server.
  - 20. The gateway device of claim 18, wherein the client device is communicatively coupled to a wireless provider network, and the user messages originated from a mobile device as Short Message Service (SMS) messages or Unstructured Supplementary Service Data (USSD) messages.
  - 21. The gateway device of claim 18, wherein the user messages originated from a mobile device as Radio Frequency (RF) communications or Near Field Communication (NFC) communications.
  - 22. The gateway device of claim 18, wherein the user messages are associated with payment transactions.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Visa International Service Association (Visa, Inc.)
Original Assignee
Visa International Service Association (Visa, Inc.)
Inventors
Huxham, Horatio Nelson

Granted Patent

US 8,909,556 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/28
CPC Class Codes

G06Q 20/027   involving a payment switch ...

G06Q 20/3223   Realising banking transacti...

G06Q 20/3226   Use of secure elements sepa...

G06Q 20/3229   Use of the SIM of a M-devic...

G06Q 20/325   using wireless networks

G06Q 20/3278   RFID or NFC payments by mea...

G06Q 20/382   insuring higher security of...

G06Q 20/3823   combining multiple encrypti...

H04L 2463/102   applying security measure f...

H04L 63/02   for separating internal fro...

H04L 63/0281   Proxies

H04L 63/0464   using hop-by-hop encryption...

H04L 63/08   for authentication of entit...

H04L 63/10   for controlling access to d...

H04W 12/02   Protecting privacy or anony...

H04W 12/033   of the user plane, e.g. use...

H04W 12/08   Access security

H05K 3/321   by conductive adhesives

Y10T 29/4913   Assembling to base an elect...

Y10T 29/53174   Means to fasten electrical ...

SECURITY GATEWAY COMMUNICATION

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

SECURITY GATEWAY COMMUNICATION

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links