Access and control system for network-enabled devices
First Claim
1. A system configured for remote point-to multipoint communications between private users through a public network while providing seamless, firewall-compliant connectivity, said system comprising:
- a first computer connectable to the public network over a first secure channel through a first firewall element, said first firewall element adapted to protect said first computer from hostile intrusion from the public network;
a second computer connectable to the public network over a second secure channel through a second firewall element, said second firewall element adapted to protect said second computer from hostile intrusion from the public network; and
a connection server operatively coupled to the public network, outside of said first and second firewall elements, said connection server including means for authenticating at least one of said first and second computers, means for forming a first, secure, firewall compliant connection with said first computer, means for forming a second, secure, firewall compliant connection with said second computer, means for forming a third, secure, firewall compliant connection with a third computer;
means for sending communications received from said first computer to said second computer while maintaining second firewall compliance, means for sending communications received from said second computer to said first computer while maintaining first firewall compliance; and
means for sending communications received from said first or second computer as point-to multipoint communications to multiple computers while maintaining firewall compliance of firewalls associated with communications sent to multiple computers, respectively.
13 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for remote access of network-enabled devices that provide seamless, firewall-compliant connectivity between multiple users and multiple devices, that allow collaborative operations by multiple users of remote devices, that allow point to multipoint control of multiple devices and which allow rapid, secure transmission of data between remote users and devices. In general terms, the system includes at least one connection server, and at least two computers operatively coupled to the connection server via a public or global network. In an example where at least one client computer is operatively connected to at least one network-enabled device through a connection server via the public or global network, the connection server is configured to route control instructions from the client to the network-enabled device, and route data from the network-enabled device to the client.
274 Citations
128 Claims
-
1. A system configured for remote point-to multipoint communications between private users through a public network while providing seamless, firewall-compliant connectivity, said system comprising:
-
a first computer connectable to the public network over a first secure channel through a first firewall element, said first firewall element adapted to protect said first computer from hostile intrusion from the public network; a second computer connectable to the public network over a second secure channel through a second firewall element, said second firewall element adapted to protect said second computer from hostile intrusion from the public network; and a connection server operatively coupled to the public network, outside of said first and second firewall elements, said connection server including means for authenticating at least one of said first and second computers, means for forming a first, secure, firewall compliant connection with said first computer, means for forming a second, secure, firewall compliant connection with said second computer, means for forming a third, secure, firewall compliant connection with a third computer;
means for sending communications received from said first computer to said second computer while maintaining second firewall compliance, means for sending communications received from said second computer to said first computer while maintaining first firewall compliance; and
means for sending communications received from said first or second computer as point-to multipoint communications to multiple computers while maintaining firewall compliance of firewalls associated with communications sent to multiple computers, respectively. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29)
-
-
30. A system for remote communications between private users through a public network while providing seamless, firewall-compliant connectivity, said system comprising:
-
a client computer securely connectable to the public network through a first firewall element, said first firewall element adapted to protect said client computer from hostile intrusion from the public network; a device control computer securely connectable to the public network through a second firewall element, and at least one network-enabled device privately networked to said device control computer, said second firewall element adapted to protect said device control computer and said at least one network-enabled device from hostile intrusion from the public network; and at least one connection server operatively coupled to the public network, outside of said first and second firewall elements, said at least one connection server including means for authorizing at least one of said client computer and said device control computer, means for forming a secure, first firewall compliant connection with said client computer, means for forming a secure, second firewall compliant connection with said device control computer and said at least one network-enabled device, means for securely sending communications from said client computer to said at least one network-enabled device via said device control computer while maintaining second firewall compliance, and means for securely sending communications from said at least one network-enabled device, received from said device control computer, to said client computer while maintaining first firewall compliance, wherein after authorizing said at least one of said client computer and said device control computer with said first firewall-compliant connection and said device control computer with said second firewall-compliant connection, subsequent transmissions between said at least one of said client computer and said device control computer through said first firewall-compliant connection and said device control computer with said second firewall-compliant computer are sendable with or without being encrypted. - View Dependent Claims (31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71)
-
-
72. A distributed control structure providing for secure transmission of communications over a public network between two or more computers protected by two or more firewall elements using different criteria for restriction of communications traffic therethrough, said distributed control structure comprising:
a plurality of connection servers networked within said distributed control structure and operatively coupled to the public network, wherein a first of said connection servers operates as a primary connection server, and the remainder of said plurality of connection servers operate secondarily to said primary connection server, said connection servers including means for authenticating at least two of said two or more computers, wherein an encryption key is securely shared by said at least two of said two or more computers;
means for forming a first firewall compliant connection with a first of the computers, means for forming a second firewall compliant connection with a second of the computers, means for sending communications from the first computer to the second computer while maintaining second firewall compliance, and means for sending communications from the second computer to the first computer while maintaining first firewall compliance.- View Dependent Claims (73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99)
-
100. A method of establishing a private-to-public-to-private communications tunnel, wherein at least the private addresses of the communications tunnel are firewall protected, said method comprising:
-
authenticating, at a location having a public address, a first computer having a first, firewall protected private address; creating a first firewall compliant connection between a publicly addressed connection server and said first computer upon authentication of said first computer; authenticating, at a location having a public address, a second computer having a second, firewall protected private address; establishing a second firewall compliant connection between said publicly addressed connection server and a said second computer having a second firewall protected private address, wherein an encryption key is securely shared by said first and second computers; and establishing the private-to-public-to-private communications tunnel, wherein said connection server routes communications from said first computer through said first firewall compliant connection and said second firewall compliant connection to said second computer, and from said second computer through said second firewall compliant connection and said first firewall compliant connection to said first computer; wherein said first computer is a client computer and said second computer is a device control computer, said device control computer being operably connected to at least one network-enabled device, wherein said communications from said first computer to said second computer include control instructions for operating said at least one network-enable device, and wherein said communications from said second computer to said first computer include data received by said second computer from said at least one network-enabled device. - View Dependent Claims (101, 102, 103, 104, 105, 106, 107, 108)
-
-
109. A method for establishing a secure connection for rapid transfer of data between privately addressed, firewall protected locations over a public network, said method comprising:
-
preparing authentication data on a first computer having a first, firewall protected private address; encrypting the authentication data using a public security key; sending a request over the public network to a publicly addressed server, wherein the request includes the encrypted authentication data; decrypting the encrypted authentication data at the location of the publicly addressed server using a private security key; verifying the decrypted authentication data to determine whether the authentication data represents an authorized user; authorizing the first computer to proceed if the authentication data represents an authorized user; generating a secret security key on the first computer for encryption of data to be sent over the secure connection; encrypting the secret key using the public security key and sending the encrypted secret security key to the publicly addressed server; decrypting the encrypted secret security key at the location of the publicly addressed server using the private security key; and establishing a second firewall compliant connection between said publicly addressed server and a second computer having a second firewall protected private address; and establishing a private-to-public-to-private communications tunnel connecting said first computer, said publicly addressed server and said second computer. - View Dependent Claims (110, 111, 112, 113, 114, 115, 116, 117, 118, 119, 120, 121)
-
-
122. A process for remotely controlling one or more network-enabled devices by one or more client computers over a public network, wherein the one or more network-enabled devices are operatively connected within one or more different private networks and the one or more client computers are operatively connected within one or more other different private networks, at least one of the private networks being protected by a firewall element, said process comprising:
-
accessing at least one connection server by at least one of the client computers, said at least one connection server being operably connected to the public network; authenticating, at a site of the at least one connection server, and establishing a secure connection between each of the at least one client computers and the at least one connection server, after which, the at least one connection server establishes a secure connection between the at least one connection server and each of the network-enabled devices requested to be connected with the at least one client computer, through at least one device control computer connected with said network-enabled devices, wherein secure, full-duplex, persistent communications are established through the connection server without the need for any of the computers to know or address a private address of any of the other computers between which the communications take place;
wherein the connections are configured to carry out at least one of the following further steps;sending point-to-multipoint control instructions from said at least one client computer to at least two of the connected network-enabled devices, via the at least one connection server; receiving point-to-multipoint transmissions of data at at least two of said at least one client computers from said at least one connected network-enabled device via said at least one connection server; and sending point-to-multipoint communications from said at least one client computer to at least two others of said at least one client computer. - View Dependent Claims (123, 124)
-
-
125. A system for remote, point-to-multi-point communications between private users through a public network while providing seamless, firewall-compliant connectivity, said system comprising:
-
a first computer connectable to the public network over a first secure channel through a first firewall element, said first firewall element adapted to protect said first computer from hostile intrusion from the public network; a second computer connectable to the public network over a second secure channel through a second firewall element, said second firewall element adapted to protect said second computer from hostile intrusion from the public network; at least one additional computer connectable to the public network over at least one additional secure channel; and a connection server operatively coupled to the public network, said connection server including means for forming a first, secure, firewall compliant connection with said first computer, means for forming a second, secure, firewall compliant connection with said second computer, means for forming at least one additional secure, firewall compliant connection with said at least one additional computer, and means for multi-point, secure, firewall compliant routing of data from one of said first, second and at least one additional computers to at least two other of said first, second and at least one additional computers, thereby facilitating at least one of collaborative communications among users;
collaborative control of one or more devices, collaborative monitoring of one or more devices, and other forms of collaborative communication, including leaming or teaching sessions. - View Dependent Claims (126)
-
-
127. A distributed control structure providing for secure transmission of communications over a public network between two or more computers protected by two or more firewall elements using different criteria for restriction of communications traffic therethrough, said distributed control structure comprising:
a plurality of connection servers networked within said distributed control structure and operatively coupled to the public network, and a security server operatively connected to said plurality of connection servers, said distributed control structure including means for authenticating at least two of said two or more computers, wherein an encryption key is securely shared by said at least two of said two or more computers;
means for forming a first firewall compliant connection with a first of the computers, means for forming a second firewall compliant connection with a second of the computers, means for sending communications from the first computer to the second computer while maintaining second firewall compliance, and means for sending communications from the second computer to the first computer while maintaining first firewall compliance; and
wherein said distributed control structure is configured to operatively connect with a plurality of client computers as well as a plurality of device control computers, each having at least one network-enabled device connected thereto.
-
128. A distributed control structure providing for secure transmission of communications over a public network between two or more computers protected by two or more firewall elements using different criteria for restriction of communications traffic therethrough, said distributed control structure comprising:
at least one connection server operatively coupled to the public network, said at least one connection server including means for authenticating at least two of said two or more computers, wherein an encryption key is securely shared by said at least two of said two or more computers;
means for forming a first firewall compliant connection with a first of the computers, means for forming a second firewall compliant connection with a second of the computers, means for sending communications from the first computer to the second computer while maintaining second firewall compliance, means for sending communications from the second computer to the first computer while maintaining first firewall compliance; and
means for sending communications received from at least one of said at least two computers as point-to multipoint communications to at least two others of said at least two computers, while maintaining firewall compliance of firewalls associated with said computers.
Specification