Proxy method and system for secure wireless administration of managed entities

US 7,454,785 B2
Filed: 12/19/2002
Issued: 11/18/2008
Est. Priority Date: 12/19/2002
Status: Expired due to Fees

First Claim

Patent Images

1. A method for wirelessly administering at least one managed computer via a proxy server trusted by said at least one managed computer, the method comprising:

from a wireless device, transmitting an encoded message, said message including at least one command, wherein said at least one command included in said message corresponds to and is distinct from one or more operating system (OS) commands for said at least one managed computer;

at the proxy server, receiving and decoding said encoded message, authenticating said wireless device and authorizing said at least one command included in said message, andsending said one or more OS commands from said proxy server to said at least one managed computer.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method, system and apparatus are described for avoiding the use of a web-server or generic security when providing network administration services remotely to managed entities using wireless technology. Instead a true Proxy device, not operating as a web-server, is used to preprocess all command traffic from wireless input devices (WID). The intervention between the WID and the managed entities of the Proxy isolating the managed entities from the WID, enhanced by encoding using a novel messaging protocol, further enhanced by a novel security model based on multiple pre-shared keys and algorithms together with identifiers and passwords that are not transmitted, achieves several bandwidth and security advantages including the ability to deliver TELNET services across the Internet and behind a firewall.

Citations

29 Claims

1. A method for wirelessly administering at least one managed computer via a proxy server trusted by said at least one managed computer, the method comprising:
- from a wireless device, transmitting an encoded message, said message including at least one command, wherein said at least one command included in said message corresponds to and is distinct from one or more operating system (OS) commands for said at least one managed computer;
  
  at the proxy server, receiving and decoding said encoded message, authenticating said wireless device and authorizing said at least one command included in said message, andsending said one or more OS commands from said proxy server to said at least one managed computer.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 2. The method as claimed in claim 1 wherein said at least one managed computer comprises a server connected to a local area network.
  - 3. The method as in claim 2 wherein said wireless device comprises a portable digital computing device having access to the Internet through a radio network.
  - 4. The method as claimed in claim 1 wherein said transmission of said message is via wireless or Internet means or a combination therof.
  - 5. The method as claimed in claim 1 wherein said message is encoded, by applying a symbolic representation of groups of commands.
  - 6. The method as claimed in claim 1 wherein said message is encrypted, and wherein said decoding comprises:
    - decrypting, interpreting, and expanding said message to obtain said one or more OS commands for transmission from said proxy server to said managed computer.
  - 7. The method as claimed in claim 1 wherein said authentication and authorization are performed by said proxy server acting as a proxy for said at least one said managed computer.
  - 8. The method as claimed in claim 1 wherein said authentication comprisesconfirming that said device is a device registered on said proxy server or that a user of said device is a user registered on said proxy server.
  - 9. The method as claimed in claim 1 wherein said authentication comprisesconfirming that said device is a device registered on said proxy server and that a user of said device is a user registered on said proxy server.
  - 10. The method as claimed in claim 1 wherein said authorization comprisesconfirming that a user of said device is permitted to require said at least one managed computer to execute said one or more OS commands.
  - 11. The method as claimed in claim 1 wherein transmission of said OS commands from said proxy server to said at least one managed computer is performed without any connection between said device and said at least one managed computer.
  - 12. The method as claimed in claim 1 wherein said wireless device is further assigned a pass-phrase that is separate from the password selected by said user.
  - 13. The method as claimed in claim 1 wherein said encoded message is used for the delivery of services behind the firewall.
  - 14. A method as in claim 1 wherein said at least one command comprises a sequence of two or more commands, and wherein said message is encoded by mapping said sequence of two or more commands to a symbolic representation of said sequence of two or more commands.
  - 15. A method as in claim 14 wherein said symbolic representation is based, at least in part, on an encryption of said sequence of two or more commands.
  - 16. A method as in claim 1 wherein said at least one managed computer is an entity is selected from the group comprising:
    - servers, routers, desktop computers, modems, printers, switches, and mainframe computers.
  - 17. A method as in claim 1 wherein at least one of said one or more OS commands requires at least one parameter, and wherein said encoded message further includes said at least one parameter, and wherein said step of expanding associates said at least one parameter with said OS commands.
  - 18. A method as in claim 1 wherein said OS commands are selected from:
    - Microsoft Windows commands and UNIX commands.

19. A System, for a user to wirelessly administer at least one managed computer, the system comprising:
- a wireless device, constructed and adapted to create and transmit an encoded message, said message including at least one command for said at least one managed computer, wherein said at least one command corresponds to and is distinct form one or more operating system (OS) commands for said at least one managed computer;
  
  a proxy message processor, trusted by said at least one managed computer, said proxy message processor constructed and said proxy message processor constructed and adapted toreceive and decode said message, to authenticate said wireless device and toauthorize said commands, andto send said one or more OS commands from said proxy message processor to at least one managed computer.
- View Dependent Claims (20, 21, 22, 23)
- - 20. The system as claimed in claim 19 wherein said wireless device is further constructed and adapted to operate on a radio network enabled transmitting device, including a cell phone or a pager, having access to the Internet.
  - 21. The system as claimed in claim 19 wherein said proxy message processor further comprises a connection to the Internet adapted for use by said proxy message processor.
  - 22. The system as claimed in claim 19 wherein said proxy message processor comprises a server, not having Port 80 open, and adapted for connection to the Internet and to a network on which said managed computer operates, and for which suitable access rights have been granted.
  - 23. A system as in claim 19 wherein said OS commands are selected from:
    - Microsoft Windows commands and UNIX commands.

24. A method for a wirelessly administering at least one managed computer via a proxy server trusted by said at least one managed computer, the method comprising:
- from a wireless device, transmitting an encoded message, said message including at least one command for said at least one managed computer, said at least one command corresponding to and distinct from a sequence of one or more operating system (OS) commands for said at least one managed computer;
  
  at the proxy server, receiving and decoding said encoded message, authenticating said device and authorizing said at least one command;
  
  expanding said at least one command into said sequence of one or more OS commands; and
  
  thensending said sequence of one or more OS commands from said proxy server to said at least one managed computer.
- View Dependent Claims (25)
- - 25. A method as in claim 24 wherein at least one of said one or more OS commands requires at least one parameter, and wherein said encoded message further includes said at least one parameter, and wherein said step of expanding associates said at least one parameter with said sequence of OS commands. expanding associates said at least one parameter with said OS commands.

26. A system for wireless administration of at least one managed computer, the system comprising:
- a proxy message processor, trusted by said at least one managed computer, wherein said at least one managed computer is selected from the group comprising;
  
  servers, routers, desktop computers, modems, printers, switches, and mainframe computers;
  
  said proxy message processor constructed and adapted to;
  
  (a) receive an encoded message originating from a wireless device, said message corresponding to and distinct from a sequence of one or more operating system (OS) commands for said at least one managed computer;
  
  (b) decode said message;
  
  (c) authenticate said wireless device;
  
  (d) authorize said one or more commands;
  
  (e) expand said one or more commands into the sequence of one or more OS commands;
  
  (f) send said sequence of one or more OS commands from said proxy message processor to said at least one managed computer.
- View Dependent Claims (27, 28, 29)
- - 27. A system as in claim 26 wherein at least one of said one or more OS commands requires at least one parameter, and wherein said encoded message further includes said at least one parameter, and wherein said proxy message processor is further constructed and adapted to associate said at least one parameter with said sequence of OS commands.
  - 28. A system as in claim 26 wherein said at least one managed computer comprises a plurality of computers.
  - 29. A system as in claim 28 wherein said plurality of computers are organized in at least two distinct domains.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Avocent Huntsville, LLC (Vertiv Holdings Co.)
Original Assignee
Avocent Huntsville Corporation (Vertiv Holdings Co.)
Inventors
Van Schaick, Allan, Doree, Jim, Kerstens, Kevin
Primary Examiner(s)
Revak; Christopher A

Application Number

US10/326,226
Publication Number

US 20040123159A1
Time in Patent Office

2,161 Days
Field of Search

726 11- 12
US Class Current

726/12
CPC Class Codes

H04L 41/00   Arrangements for maintenanc...

H04L 63/0464   using hop-by-hop encryption...

H04L 63/067   using one-time keys cryptog...

H04L 63/08   for authentication of entit...

H04L 67/04   specially adapted for termi...

H04L 67/08   specially adapted for termi...

H04L 69/329   in the application layer [O...

H04L 9/40   Network security protocols

H04W 12/03   Protecting confidentiality,...

H04W 12/08   Access security

Proxy method and system for secure wireless administration of managed entities

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

Citations

29 Claims

Specification

Solutions

Use Cases

Quick Links

Proxy method and system for secure wireless administration of managed entities

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

29 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links