Secure remote access computing system

US 6,154,843 A
Filed: 03/21/1997
Issued: 11/28/2000
Est. Priority Date: 03/21/1997
Status: Expired due to Term

First Claim

Patent Images

1. At least one computer readable medium containing computer executable instructions to perform a method comprising:

establishing a communication link between a first computing device and a second computing device by way of a public communication network;

communicating, from said first computing device to said second computing device, a request by a user of said first computing device to execute a task controlled by said second computing device;

verifying on said second computing device that said user of said first computing device is authorized to execute said task;

dynamically generating a customized program on said second computing device that contains data and user interface features necessary for said user of said first computing device to define at least one parameter required to execute said task;

transmitting said customized program from said second computing device to said first computing device;

executing said customized program on said first computing device for said user to define said at least one parameter required to execute said task;

transmitting said at least one parameter required to execute said task from said first computing device to said second computing device; and

executing said task by said second computing device on behalf of said first computing device.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A secure remote access computing system for executing tasks on a secure private network requested by an unsecured remote computing device connected to the secure private network by way of a public communication network, without exposing any device in the secure private network other than a designated network interface device to the public communication network. The network interface device dynamically generates a custom program containing the necessary network data and user interfaces and verifies the security privileges for the remote computing device, so that a remote user can define the task being executed on the private network by way of the secure network interface device surrogate. The unsecured remote computing device and the secure network interface device communicate by accepted conventions of protocols and commands that are well known and used by other users of the public communication network.

97 Citations

View as Search Results

36 Claims

1. At least one computer readable medium containing computer executable instructions to perform a method comprising:
- establishing a communication link between a first computing device and a second computing device by way of a public communication network;
  
  communicating, from said first computing device to said second computing device, a request by a user of said first computing device to execute a task controlled by said second computing device;
  
  verifying on said second computing device that said user of said first computing device is authorized to execute said task;
  
  dynamically generating a customized program on said second computing device that contains data and user interface features necessary for said user of said first computing device to define at least one parameter required to execute said task;
  
  transmitting said customized program from said second computing device to said first computing device;
  
  executing said customized program on said first computing device for said user to define said at least one parameter required to execute said task;
  
  transmitting said at least one parameter required to execute said task from said first computing device to said second computing device; and
  
  executing said task by said second computing device on behalf of said first computing device.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. A method according to claim 1 wherein said step of establishing includes:
    - transmitting a Universal Resource Locator style command from said first computing device that uniquely identifies said second computing device using a Hyper Text Transfer Protocol style communication protocol over said public communication network without said user of said first computing device having log-on access to said second computing device; and
      
      responding from said second computing device to said first computing device to confirm that operable communications exist between said first computing device and said second computing device.
  - 3. A method according to claim 1 wherein said task is an administration type task directed toward at least one computing device selected from a group comprising:
    - said second computing device and at least one node of a private network that is operatively connected to said second computing device as a gateway to said private network.
  - 4. A method according to claim 1 wherein said task is any computing operation operable on at least one target computing device selected from a group comprising:
    - said second computing device and at least one node of a private network that is operatively connected to said second computing device as a gateway to said private network.
  - 5. A method according to claim 1 wherein said step of dynamically generating includes:
    - identifying a minimum set of data and user interface features necessary for said user of said first computing device to define an executable one of said task; and
      
      generating a custom Web page available only to said user of said first computing device that contains said minimum set of data and user interface features.
  - 6. A computer-readable storage device containing instructions for controlling a computer system to perform steps according to claim 1.

7. A method comprising:
- establishing a communication link between a remote computing device and a secure network interface to a private network by way of a public communication network;
  
  communicating, from said remote computing device to said secure network interface, a request by a user of said remote computing device to execute a network administration task on at least one node of said private network;
  
  executing, in response to said request, said task by said secure network interface on behalf of said at least one node of said private network without said user of said remote computing device having direct log-on access to any of said at least one node of said private network;
  
  generating, in response to said request to execute said task, a custom program on said secure network interface that contains data and user interface features unique to said task;
  
  verifying that said user of said remote computing device is authorized to execute said task;
  
  downloading said custom program from said secure network interface to said remote computing device;
  
  executing said custom program on said remote computing device for said user to define said at least one parameter necessary to execute said task; and
  
  transmitting said at least one parameter necessary to execute said task from said remote computing device to said secure network interface.
- View Dependent Claims (8, 9, 10)
- - 8. A computer-readable storage device containing instructions for controlling a computer system to perform steps according to claim 7.
  - 9. The method of claim 7, wherein the generated custom program contains data specific to the private network.
  - 10. The method of claim 9, wherein the data specific to the private network includes network configuration details, network administration parameters, network address information, passwords, or node specific information.

11. A secure remote access network administration system using a public communication network comprising:
- a remote computing device having a network browsing program and access to said public communication network;
  
  a private network having a plurality of computing devices therein;
  
  a network interface device supporting service for a publicly accessible Web page, said network interface device also having access to said public communication network and supporting a private communication link to said private network;
  
  means for establishing a communication link between said remote computing device and said network interface device;
  
  means for communicating, from said remote computing device to said network interface device, a request by a user of said remote computing device to execute an administrative task on at least one of said plurality of computing devices in said private network;
  
  means for verifying on said network interface device that said user of said remote computing device is authorized to execute said administrative task;
  
  means for dynamically generating a custom Web page on said network interface device that is unique to said administrative task and contains only enough data and user interface features as are required for said user of said remote computing device to define at least one parameter necessary to construct an executable one of said administrative task;
  
  means for transmitting said custom Web page from said network interface device to said remote computing device;
  
  means for executing said custom Web page on said remote computing device for said user to define said at least one parameter necessary to construct an executable one of said administrative task;
  
  means for transmitting said at least one parameter from said remote computing device to said network interface device; and
  
  means for executing said administrative task, in response to said request, by said network interface device on behalf of said at least one of said plurality of computing devices in said private network without said user of said remote computing device being logged onto said network interface device as a network interface device user and without having direct access to any one of said plurality of computing devices in said private network.
- View Dependent Claims (12, 13, 14)
- - 12. A system according to claim 11 wherein said means for establishing includes:
    - means for locating a remote computing device with operable access to said public communication network;
      
      means for communicating on said public communication network by way of an accepted communication protocol standards; and
      
      means for locating said network interface device by way of a Universal Resource Locator style command that uniquely identifies said network interface device using a Hyper Text Transfer Protocol style communication protocol.
  - 13. A system according to claim 12 wherein said means for dynamically generating includes:
    - means for determining a minimum set of private network data that is required to perform said administrative task;
      
      means for extracting said minimum set of private network data from said private network; and
      
      means for generating a custom user interface program based on said minimum set of private network data and at least one informational parameter prompt for completion by said user of said remote computing device.
  - 14. A system according to claim 13 including:
    - means for shielding said plurality of computing devices in said private network from direct access from said remote device over said public communication network.

15. A method for executing a task on a secure local computing device on behalf of at least one of a plurality of secure computing devices in a private network, in response to a request to execute said task that is communicated over a public communication network to said secure local computing device by an unsecured remote computing device, said method comprising:
- verifying, on said secure local computing device in response to said request, a permission for a user of said unsecured remote computing device to request execution of said task;
  
  dynamically generating, on said secure local computing device, a custom user interface in a custom program unique to specific variables needed to execute only said task;
  
  executing said custom user interface in said custom program on said unsecured remote computing device to define parameters needed to execute said task;
  
  communicating said parameters from said unsecured remote computing device to said secure local computing device for execution on said secure local computing device; and
  
  executing said task on said secure local computing device.
- View Dependent Claims (16)
- - 16. A method according to claim 15 wherein said step of dynamically generating includes:
    - determining a minimum set of private network data that is relevant to said task and needed by said user to define said parameters unique to said task;
      
      extracting said minimum set of private network data from said private network;
      
      integrating said minimum set of private network data into said custom user interface in said custom program to prompt said user for only said parameters needed to generate an executable one of said task; and
      
      generating an executable one of said task from said parameters supplied by said user.

17. A computer-readable medium having computer-executable instructions stored thereon, said computer-executable instructions performing steps comprising:
- receiving at least one first message from a remote computer over a public communications system identifying a user process of the remote computer;
  
  authorizing the user process in response to the first message;
  
  transmitting at least one second message to the remote computer over the public communications system to identify devices in a private network and network administration tasks for execution on the identified devices;
  
  receiving at least one third message from the remote computer over a public communications system indicating selected network administration tasks and selected devices from the identified tasks and devices;
  
  generating selected information comprising network administration tasks capable of being performed and selected devices information for the user process;
  
  transmitting at least one fourth message containing at least part of the generated selected information to the user process over the public communications system;
  
  receiving at least one fifth message from the user process over a public communications system including at least one parameter for performing one of the selected tasks on one of the selected devices; and
  
  initiating the performance of one of the selected tasks on one of the selected devices.
- View Dependent Claims (18)
- - 18. The method of claim 17, wherein the at least one second message includes private network configuration details, network administration parameters, network address information, passwords, or node specific information.

19. A method for accessing a private network by way of a public network, comprising:
- providing a secure network interface device as a connection between a private network and a public network;
  
  receiving a request from a user of a first computing device at said secure network interface device for the capability to perform a computing task on said private network by way of said public network;
  
  dynamically generating and transmitting a program from the secure network interface device to the first computing device, said program providing the user with the capability to perform the requested computing task, said program having data and a user interface feature necessary for said user to define at least one parameter and limiting the requestor'"'"'s capability to perform computing tasks not authorized by the program;
  
  receiving a second request comprising said at least one parameter at the secure network interface from the requestor by way of the program to perform the computing task on the private network; and
  
  initiating the performance of the computing task on the private network by way of the secure network interface device.
- View Dependent Claims (20, 21, 22, 23, 24)
- - 20. The method as recited in claim 19 wherein the public network comprises the Internet.
  - 21. The method as recited in claim 19 wherein the private network comprises a local area network.
  - 22. The method as recited in claim 21 wherein said computing task comprises a task performable by an administrative level user.
  - 23. The method as recited in claim 19 wherein the program transmitted comprises a web page.
  - 24. A computer readable medium bearing computer readable instructions, said instructions being capable of carrying out the steps recited in claim 19.

25. A system for providing secure access to a private network, comprising:
- a private network of computing devices;
  
  a secure network interface device coupled between said private network and a public network; and
  
  a network interface computing operation disposed on said secure network for controlling access to the private network of computing devices, said network interface computing operation comprising computer executable instructions for;
  
  providing a set of authorized computing tasks that can be performed on the private network by way of the secure network interface;
  
  receiving a request from a user of a first computing device over a public network, said request requesting the performance of a specified one of the authorized computing tasks;
  
  dynamically generating and transmitting a program to a requestor of the performance of the specified one of the authorized computing tasks wherein said program provides data and user interface features necessary for the user of said first computing device to define at least one parameter that can be specified in performance of said task; and
  
  performing said task after receiving the specified at least one parameter from the program.
- View Dependent Claims (26, 27, 28, 29, 30)
- - 26. The system as recited in claim 25 wherein the public network comprises the Internet.
  - 27. The system as recited in claim 25 wherein the private network comprises a local area network.
  - 28. The system as recited in claim 25 wherein the program transmitted comprises a web page.
  - 29. The system as recited in claim 25 wherein said computing task comprises a task performable by an administrative level user.
  - 30. The system as recited in claim 25 wherein the set of authorized computing tasks is determined by the requestor'"'"'s authorization level.

31. A method for use on a secure network interface device for providing accessing to a private network via a connection to a public network, comprising:
- providing a set of specific authorized tasks capable of being performed on said private network by way of said public network;
  
  receiving a request from a user of a first computing device over the public network, said request requesting the performance of one of said specific authorized tasks;
  
  dynamically generating and transmitting a program to the first computing device, said program providing data and a user interface feature necessary for said to user to specify at least one parameter in performing said one of specific authorized tasks;
  
  receiving said at least one parameter; and
  
  performing said one of said specific authorized tasks on said private network.
- View Dependent Claims (32, 33, 34, 35, 36)
- - 32. The method as recited in claim 31 wherein the public network comprises the Internet.
  - 33. The method as recited in claim 31 wherein the private network comprises a local area network.
  - 34. The method as recited in claim 31 wherein the program transmitted comprises a web page.
  - 35. The method as recited in claim 31 wherein said specific authorized tasks comprise tasks performable by an administrative level user.
  - 36. The method as recited in claim 31 wherein the set of specific authorized tasks is based upon the authorization level of the requestor.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Hart, Edward C. Jr., Kiernan, Casey Lang, Rajarajan, Vij
Primary Examiner(s)
LE, DIEU MINH T

Application Number

US08/822,303
Time in Patent Office

1,348 Days
Field of Search

395/187.01, 395/186, 395/188.01, 395/200.47, 395/200.49, 395/200.59, 380/4, 380/23, 380/25, 380/21, 380/30, 380/44, 340/825.31, 340/825.32, 713/200, 713/201, 713/202
US Class Current

726/21
CPC Class Codes

G06F 21/606   by securing the transmissio...

H04L 63/10   for controlling access to d...

H04L 67/133   Protocols for remote proced...

Secure remote access computing system

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

97 Citations

36 Claims

Specification

Solutions

Use Cases

Quick Links

Secure remote access computing system

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

97 Citations

36 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links