Device plug-in system for configuring network device over a public network

US 7,284,042 B2
Filed: 08/13/2002
Issued: 10/16/2007
Est. Priority Date: 08/14/2001
Status: Active Grant

First Claim

Patent Images

1. A method for remotely configuring a customer network device from a service center computer, comprising:

receiving a network policy description from a first customer at the service center computer, the service center computer configured to receive network policy descriptions from at least the first customer and a second customer;

identifying a network device of the first customer to configure according to the network policy description, the network device being part of a first customer network that is independent of network devices of a second customer network;

downloading a bootstrap partial configuration from the service center computer to the network device over a public network, the bootstrap partial configuration enabling establishment of a secure channel according to a capability of the network device;

establishing a secure channel between the service center computer and the network device over said public network said bootstrap partial configuration; and

downloading full configuration data to said network device using the secure channel.

View all claims

12 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention provides device configuration and policy configuration data to network devices over a public network, e.g., the internet. A secure communication link is first established over the public network to the network device. Next, policy and configuration information is downloaded to the network device using that secure communication link. In one embodiment, the communication link is an IPSec tunnel. In particular, the network policy may include a virtual private network (VPN) policy. The invention addresses the secure downloading of configuration and policy information, which has not been an issue in prior art devices where there was an ability to provide such information internally to a network, without the need to go over the internet.

70 Citations

View as Search Results

18 Claims

1. A method for remotely configuring a customer network device from a service center computer, comprising:
- receiving a network policy description from a first customer at the service center computer, the service center computer configured to receive network policy descriptions from at least the first customer and a second customer;
  
  identifying a network device of the first customer to configure according to the network policy description, the network device being part of a first customer network that is independent of network devices of a second customer network;
  
  downloading a bootstrap partial configuration from the service center computer to the network device over a public network, the bootstrap partial configuration enabling establishment of a secure channel according to a capability of the network device;
  
  establishing a secure channel between the service center computer and the network device over said public network said bootstrap partial configuration; and
  
  downloading full configuration data to said network device using the secure channel.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1 wherein said network device is a router, and said establishing a secure channel comprises clear-text telenetting.
  - 3. The method of claim 1 further comprising:
    - changing credentials ad a key of said network device after downloading said bootstrap partial configuration.
  - 4. The method of claim 3 wherein said full configuration data is a virtual private network (VPN) policy, which is downloaded after said credentials and key are changed.
  - 5. The method of claim 1 wherein said downloading uses a trivial file transfer protocol (TFTP).
  - 6. The method of claim 1 further comprising:
    - generating configuration data for the network device using a device plug-in, the device plug-in being selected from a plurality of device plug-ins according to the type of network device.

7. A method of configuring a customer network device from a service center computer, comprising:
- generating an event at the service center computer responsive to a change of policy for a first customer network;
  
  retrieving information about the first customer from a storage area of the service center computer, the storage area containing information about a plurality of customers and the networks of said plurality of customers;
  
  selecting a device plug-in for configuring a network device of the first customer network according to the changed policy, the device plug-in being selected according to the type of the network device;
  
  establishing a communication channel between the service center computer and the network device over a public network;
  
  downloading a bootstrap partial configuration from the service center computer to the network device;
  
  using the bootstrap partial configuration to form a secure channel between the service center computer and the network device; and
  
  sending full configuration data from the service center computer to the network device using the secure channel.
- View Dependent Claims (8, 9, 10, 11)
- - 8. The method of claim 7 further comprising:
    - authenticating the service center computer to the network device by providing credentials to the network device.
  - 9. The method of claim 7 further comprising:
    - initiating a change of passwords at the network device.
  - 10. The method of claim 7 wherein the network device is a router and the full configuration data includes a virtual private network (VPN) policy.
  - 11. The method of claim 7 wherein the communication channel between the service center computer and the network device comprises an IPSec tunnel.

12. A method of configuring as customer network device from a service center computer, comprising:
- detecting a change in policy associated with a first customer network at the service center computer;
  
  retrieving information about the first customer from a storage area of the service center computer, the storage area containing information about a plurality of customers and the networks of said plurality of customers;
  
  identifying a network device of the first customer to configure using information retrieved from the storage area, the network device being part of a first customer network that is independent of network devices of a second customer network;
  
  establishing a communication channel over a public network for sending configuration data from the service center computer to the network device;
  
  downloading a bootstrap partial configuration from the service center computer to the network device over the public network;
  
  using the bootstrap partial configuration to form a secure channel between the service center computer and the network device; and
  
  sending full configuration data from the service center computer to the network device using the secure channel.
- View Dependent Claims (13, 14, 15, 16, 17, 18)
- - 13. The method of claim 12 further comprising:
    - generating an event at the service center computer responsive to the change in policy.
  - 14. The method of claim 13, wherein the event contains information for retrieving information about the first customer from the storage area.
  - 15. The method of claim 12 further comprising:
    - authenticating the service center computer to the network device by providing credentials to the network device.
  - 16. The method of claim 12 further comprising:
    - generating configuration data for the network device using a device plug-in, the device plug-in being selected from a plurality of device plug-ins according to the type of network device.
  - 17. The method of claim 12 further comprising:
    - initiating a change of passwords at the network device.
  - 18. The method of claim 12 wherein the network device is a router and the full configuration data is a virtual private network (VPN) policy.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Sophos Limited (Sophos Group Ltd.)
Original Assignee
ENDFORCE, Inc. (Sophos Group Ltd.)
Inventors
Bell, Raymond J., Russo, Kevin A., Emerick, William S., Mulh, Kenneth E., Beadles, Mark A.
Primary Examiner(s)
NGUYEN, THU HA T

Application Number

US10/219,091
Publication Number

US 20030037128A1
Time in Patent Office

1,890 Days
Field of Search

709220-222, 709/223, 709225-227, 709/201, 709214-216, 370/254, 713/150, 713/153, 713/155, 713/193, 713/201, 713/1, 713/2, 713/170, 713/171
US Class Current

709/220
CPC Class Codes

H04L 67/34   involving the movement of s...

H04L 69/329   in the application layer [O...

H04L 9/40   Network security protocols

Device plug-in system for configuring network device over a public network

First Claim

12 Assignments

0 Petitions

Accused Products

Abstract

70 Citations

18 Claims

Specification

Use Cases

Quick Links

Others

Device plug-in system for configuring network device over a public network

First Claim

12 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

70 Citations

18 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others