Proxy method and system for secure wireless administration of managed entities
First Claim
1. A system, for securing communication between a wireless input device (WID) and a proxy server for wirelessly administering at least one managed computer via said proxy server, said proxy server being trusted by said at least one managed computer, said proxy server having access to an encrypted service database for storing information respecting said WID and information respecting at least one user of said WID,said wireless device being constructed and adapted to create and transmit an encoded message, said message including at least one command for at least one managed computer, wherein said at least one command corresponds to and is distinct form one or more operating system (OS) commands for said at least one managed computer, said proxy server constructed and adapted to receive and decode said message, to authenticate said wireless device and to authorize said commands, and to send said one or more OS commands from said proxy server to at least one managed computer, the system comprising:
- a WID identifier for said WID, said WID identifier being stored in an encrypted form on said WID and said WID identifier being stored unencrypted in said service database,a WID password for said WID, said WID password being stored in an encrypted form on said WID and in said service database,a secret key pre-shared between said WID and said proxy server,a site key for encrypting said service database and for decrypting said WID password stored in an encrypted form in said service database,a communications key algorithm using both said WID identifier and said WID password, for generating a communications key,a first message for the purpose of said WID requesting a connection to said proxy server, said first message comprising a first message part and a second message part, said first message part including said WID identifier encrypted with said secret key, and said second message part including at least one encoded command for said at least one managed computer and parameters for said at least one command, wherein said command corresponds to and is distinct form one or more OS commands for said at least one managed computer, said second message part encrypted with said communications key,a session key for encrypting messages after a session is established,at least one token for validating messages within a session, anda second message for the purpose of said proxy server providing to said WID said token and said session key, said second message encrypted with said communications key, where upon the receipt of said token and said session key said WID is enabled to provide at least one further message to said proxy server by returning said token within said message to said proxy server.
1 Assignment
0 Petitions
Accused Products
Abstract
A method, system and apparatus are described for avoiding the use of a web-server or generic security when providing network administration services remotely to managed entities using wireless technology. Instead a true Proxy device, not operating as a web-server, is used to preprocess all command traffic from wireless input devices (WID). The intervention between the WID and the managed entities of the Proxy isolating the managed entities from the WID, enhanced by encoding using a novel messaging protocol, further enhanced by a novel security model based on multiple pre-shared keys and algorithms together with identifiers and passwords that are not transmitted, achieves several bandwidth and security advantages including the ability to deliver TELNET services across the Internet and behind a firewall.
103 Citations
17 Claims
-
1. A system, for securing communication between a wireless input device (WID) and a proxy server for wirelessly administering at least one managed computer via said proxy server, said proxy server being trusted by said at least one managed computer, said proxy server having access to an encrypted service database for storing information respecting said WID and information respecting at least one user of said WID,
said wireless device being constructed and adapted to create and transmit an encoded message, said message including at least one command for at least one managed computer, wherein said at least one command corresponds to and is distinct form one or more operating system (OS) commands for said at least one managed computer, said proxy server constructed and adapted to receive and decode said message, to authenticate said wireless device and to authorize said commands, and to send said one or more OS commands from said proxy server to at least one managed computer, the system comprising: -
a WID identifier for said WID, said WID identifier being stored in an encrypted form on said WID and said WID identifier being stored unencrypted in said service database, a WID password for said WID, said WID password being stored in an encrypted form on said WID and in said service database, a secret key pre-shared between said WID and said proxy server, a site key for encrypting said service database and for decrypting said WID password stored in an encrypted form in said service database, a communications key algorithm using both said WID identifier and said WID password, for generating a communications key, a first message for the purpose of said WID requesting a connection to said proxy server, said first message comprising a first message part and a second message part, said first message part including said WID identifier encrypted with said secret key, and said second message part including at least one encoded command for said at least one managed computer and parameters for said at least one command, wherein said command corresponds to and is distinct form one or more OS commands for said at least one managed computer, said second message part encrypted with said communications key, a session key for encrypting messages after a session is established, at least one token for validating messages within a session, and a second message for the purpose of said proxy server providing to said WID said token and said session key, said second message encrypted with said communications key, where upon the receipt of said token and said session key said WID is enabled to provide at least one further message to said proxy server by returning said token within said message to said proxy server. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method in a wireless administration system, for a user to wirelessly administer at least one managed computer, the system comprising:
- a wireless device, constructed and adapted to create and transmit an encoded message, said message including at least one command for said at least one managed computer, wherein said at least one command corresponds to and is distinct form one or more operating system (OS) commands for said at least one managed computer; and
a proxy message processor, trusted by said at least one managed computer, said proxy message processor constructed and adapted to receive and decode said message, to authenticate said wireless device and to authorize said commands, and to send said one or more OS commands from said proxy message processor to at least one managed computer, the method used to control user access to wireless network administration services of said wireless administration system, said wireless administration system having a site key, a communication key algorithm, and a hashing algorithm, the method comprising;assigning an identifier to said wireless device, assigning a device password to said wireless device, using said device password as a seed to said communication key algorithm to generate a communication key, encrypting said device password using said site key and storing said device password only in encrypted form, assigning a separate identifier to said user, accepting a separate user password selected by said user, using said user password as a seed to said hashing algorithm to generate a hash value, deleting said user password, and transmitting said hash value in lieu of said user password. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
- a wireless device, constructed and adapted to create and transmit an encoded message, said message including at least one command for said at least one managed computer, wherein said at least one command corresponds to and is distinct form one or more operating system (OS) commands for said at least one managed computer; and
Specification