Systems and Methods for Secure Remote Access

US 20150128244A1
Filed: 11/05/2013
Published: 05/07/2015
Est. Priority Date: 11/05/2013
Status: Active Grant

First Claim

Patent Images

1. A method for encapsulating remote access session data, comprising:

receiving, from an end user computer, a request for a remote connection to an onsite system behind a firewall, wherein the firewall prevents inbound connections;

initiating, by a central system, a session request message within a reply to a previous message from the onsite system;

establishing a connection between the onsite system and a remote connection server;

opening a secure tunnel at the central system by the onsite system;

encrypting data for transmission by the onsite system;

completing an authentication process by the onsite system;

establishing a connection between the end user computer and the onsite system; and

transferring the data from the central system to the onsite system.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments of the disclosure can include systems and methods for secure remote transfers. The onsite monitoring system secure file transfer solution can allow for transferring operational data by an onsite system behind a firewall to a central monitoring and diagnostic infrastructure by sending asynchronous, concurrent, parallel files over a port using a previously opened connection. The asynchronous TLS tunneling based remote desktop protocol solution is uni-directional because the communication ports are typically open outbound only.

Citations

19 Claims

1. A method for encapsulating remote access session data, comprising:
- receiving, from an end user computer, a request for a remote connection to an onsite system behind a firewall, wherein the firewall prevents inbound connections;
  
  initiating, by a central system, a session request message within a reply to a previous message from the onsite system;
  
  establishing a connection between the onsite system and a remote connection server;
  
  opening a secure tunnel at the central system by the onsite system;
  
  encrypting data for transmission by the onsite system;
  
  completing an authentication process by the onsite system;
  
  establishing a connection between the end user computer and the onsite system; and
  
  transferring the data from the central system to the onsite system.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein opening a secure tunnel at the central system by the onsite system comprises using secure socket layer protocol or transport layer security.
  - 3. The method of claim 1, wherein encrypting data for transmission comprises using a validated crypto library.
  - 4. The method of claim 1, wherein the firewall prevents standard bi-directional transport control protocol communications.
  - 5. The method of claim 1, wherein initiating a session request message comprises sending the message to an open outbound uni-directional port.
  - 6. The method of claim 1, wherein the end user computer is behind a central system firewall.
  - 7. The method of claim 1, wherein the end user computer is not inside a central system firewall.
  - 8. The method of claim 1, wherein the data comprises operational information from a plurality of onsite controllers in communication with a plurality of sensors.
  - 9. The method of claim 1, further comprising performing analytics and/or diagnostics on the data.

10. A system for encapsulating remote access session data, the system comprising:
- a central system operable to receive from an end user computer a request for a remote connection to an onsite system behind a firewall, wherein the firewall prevents inbound connections;
  
  the central system, in communication with the onsite system, and operable to;
  
  initiate a session request message within a reply to a previous message from the onsite system;
  
  wherein the onsite system is operable to;
  
  connect to a remote desktop server;
  
  open a secure tunnel to the central system;
  
  encrypt data for transmission to the central system;
  
  complete an authentication process; and
  
  transmit the data to the central system.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The system of claim 10, wherein to open a secure tunnel to the central system comprises using secure socket layer protocol or transport layer security.
  - 12. The system of claim 10, wherein the firewall prevents standard bi-directional transport control protocol communications.
  - 13. The system of claim 10, wherein when the central system initiates the session request message, the central system is further operable to send the message to an open outbound uni-directional port.
  - 14. The system of claim 10, wherein a remote connection is established between the remote desktop server, the end user computer, the central system, and the onsite system
  - 15. The system of claim 10, wherein the end user computer is behind a central system firewall.
  - 16. The system of claim 10, wherein the end user computer is not behind a central system firewall.
  - 17. The system of claim 10, wherein the data comprises operational information from a plurality of onsite controllers in communication with a plurality of sensors.
  - 18. The system of claim 10, wherein the data comprises operational information from a plurality of onsite controllers.

19. One or more non-transitory computer readable media comprising instructions, which when executed by one or more processors, perform the following operations:
- receive, from an end user computer, a request for a remote connection to an onsite system behind a firewall, wherein the firewall prevents inbound connections;
  
  initiate, by a central system, a session request message within a reply to a previous message from the onsite system;
  
  establish a connection between the onsite system and a remote connection server;
  
  open a secure tunnel at the central system by the onsite system;
  
  encrypt data for transmission;
  
  completing an authentication process by the onsite system;
  
  establish a connection between the end user computer and the onsite system; and
  
  transfer the data from the central system to the onsite system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
General Electric Company
Original Assignee
General Electric Company
Inventors
Atamna, Youcef

Granted Patent

US 9,191,368 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/11
CPC Class Codes

H04L 63/029   Firewall traversal, e.g. tu...

H04L 63/0428   wherein the data content is...

H04L 63/0823   using certificates cryptogr...

H04L 63/166   at the transport layer

H04L 67/06   specially adapted for file ...

Systems and Methods for Secure Remote Access

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and Methods for Secure Remote Access

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links