System and method for securing remote administrative access to a processing device

US 7,603,456 B2
Filed: 06/06/2007
Issued: 10/13/2009
Est. Priority Date: 09/30/2003
Status: Expired due to Fees

First Claim

Patent Images

1. A system for securing remote administrative access to a processing device including a processor operative under programmed instructions comprising:

means for receiving a series of incoming binary data packets at a designated port of an associated document processing device, the designated port being associated with administrative control of the associated document processing device, each data packet including source data, destination data, and a data portion for communicating administrative control data for configuration of the document processing device;

means for receiving binary mask data defining an address space from which remotely generated requests for administrative control of the document processing device is acceptable;

means for storing received binary mask data on a data storage local to the document processing device;

means for receiving binary reference address data representative of at least one address within an address range defined by the address space;

means for generating a first binary value in accordance with a comparison of the binary reference address data with the binary mask data;

means for generating a second binary value in accordance with a comparison of an incoming first binary data packet with the binary mask data, wherein the first binary data packet is incoming at the designated port associated with the administrative control of the associated document processing device;

determining means for determining acceptability of the incoming first binary data packet in accordance with a comparison of the first and the second binary values associated therewith; and

means for selectively commencing, by the associated document processing device, processing of received administrative control data of the incoming first binary data packet in accordance with an output of the determining means.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The subject application is directed to a system and method for securing remote administrative access to a processing device. Incoming data packets, including source data, destination data, and a data portion for administrative control of a processing device are received at a designated port associated with administrative control. Binary mask data defining an address space from which control is acceptable is then received. Binary reference address data representing an address with an address range within the address space is received. A first binary value is generated via a comparison of the reference data and the mask data. A second binary value is generated via a comparison of an incoming data packet and the mask data. The acceptability of the packet is determined based on comparing the first value with the second value. Processing of received administrative control by the processing device is then selectively commenced based on the value comparison.

Citations

18 Claims

1. A system for securing remote administrative access to a processing device including a processor operative under programmed instructions comprising:
- means for receiving a series of incoming binary data packets at a designated port of an associated document processing device, the designated port being associated with administrative control of the associated document processing device, each data packet including source data, destination data, and a data portion for communicating administrative control data for configuration of the document processing device;
  
  means for receiving binary mask data defining an address space from which remotely generated requests for administrative control of the document processing device is acceptable;
  
  means for storing received binary mask data on a data storage local to the document processing device;
  
  means for receiving binary reference address data representative of at least one address within an address range defined by the address space;
  
  means for generating a first binary value in accordance with a comparison of the binary reference address data with the binary mask data;
  
  means for generating a second binary value in accordance with a comparison of an incoming first binary data packet with the binary mask data, wherein the first binary data packet is incoming at the designated port associated with the administrative control of the associated document processing device;
  
  determining means for determining acceptability of the incoming first binary data packet in accordance with a comparison of the first and the second binary values associated therewith; and
  
  means for selectively commencing, by the associated document processing device, processing of received administrative control data of the incoming first binary data packet in accordance with an output of the determining means.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The system of claim 1 wherein the determining means include means for determining acceptable incoming binary data as that disposed within the address range in accordance with a received range allow instruction.
  - 3. The system of claim 1 wherein the determining means includes means for determining acceptable incoming binary data as that disposed outside the address range in accordance with a received range reject instruction.
  - 4. The system of claim 1 wherein first and second binary values are generated by completion of a respective logical AND operations between mask data with received binary reference data and mask data with an incoming data packet.
  - 5. The system of claim 4 further comprising:
    - means for receiving additional binary mask data defining at least one additional corresponding address space from which remotely generated requests for configuration is acceptable;
      
      means for receiving additional binary reference address data representative of at least one additional corresponding address within an address range defined thereby;
      
      means for generating at least one additional first binary value, each corresponding to a comparison of the additional binary reference address data with the additional binary mask data;
      
      means for generating at least one additional second binary value in accordance with a comparison of an incoming second binary data packet with the additional binary mask data; and
      
      the determining means including means for determining acceptability of the incoming second binary data packet in accordance with a comparison of the additional first and second binary values.
  - 6. The system of claim 1 wherein mask data and reference address data is received via an associated thin client interface.

7. A method for securing remote administrative access to a processing device comprising the steps of:
- receiving a series of incoming binary data packets at a designated port of an associated document processing device, the designated port being associated with administrative control of the associated document processing device, each data packet including source data, destination data, and a data portion for communicating administrative control data for configuration of the document processing device;
  
  receiving binary mask data defining an address space from which remotely generated requests for administrative control of the document processing device is acceptable;
  
  storing received binary mask data on a data storage local to the document processing device;
  
  receiving binary reference address data representative of at least one address within an address range defined by the address space;
  
  generating a first binary value in accordance with a comparison of the binary reference address data with the binary mask data;
  
  generating a second binary value in accordance with a comparison of an incoming first binary data packet with the binary mask data, wherein the first binary data packet is incoming at the designated port associated with the administrative control of the associated document processing device;
  
  determining acceptability of the incoming first binary data packets in accordance with a comparison of the first and the second binary values associated therewith; and
  
  selectively commencing, by the associated document processing device, processing of received administrative control data of the incoming first binary data packets in accordance with an output of the determining step.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The method of claim 7 wherein the step of determining acceptability of incoming binary packets includes determining acceptable incoming binary data as that disposed within the address range in accordance with a received range allow instruction.
  - 9. The method of claim 7 wherein the step of determining acceptability of incoming binary packets includes determining acceptable incoming binary data as that disposed outside the address range in accordance with a received range reject instruction.
  - 10. The method of claim 7 wherein first and second binary values are generated by completion of a respective logical AND operations between mask data with received binary reference data and mask data with an incoming data packet.
  - 11. The method of claim 10 further comprising the steps of:
    - receiving additional binary mask data defining at least one additional corresponding address space from which remotely generated requests for configuration is acceptable;
      
      receiving additional binary reference address data representative of at least one additional corresponding address within an address range defined thereby;
      
      generating at least one additional first binary value, each corresponding to a comparison of the additional binary reference address data with the additional binary mask data;
      
      generating at least one additional second binary value in accordance with a comparison of an incoming second binary data packet with the additional binary mask data; and
      
      determining acceptability of the incoming second binary data packet in accordance with a comparison of the additional first and second binary values.
  - 12. The method of claim 7 wherein mask data and reference address data is received via an associated thin client interface.

13. A computer-implemented method for securing remote administrative access to a processing device comprising the steps of:
- receiving a series of incoming binary data packets at a designated port of an associated document processing device, the designated port being associated with administrative control of the associated document processing device, each data packet including source data, destination data, and a data portion for communicating administrative control data for configuration of the document processing device;
  
  receiving binary mask data defining an address space from which remotely generated requests for administrative control of the document processing device is acceptable;
  
  storing received binary mask data on a data storage local to the document processing device;
  
  receiving binary reference address data representative of at least one address within an address range defined by the address space;
  
  generating a first binary value in accordance with a comparison of the binary reference address data with the binary mask data;
  
  generating a second binary value in accordance with a comparison of an incoming data packet with the binary mask data, wherein the first binary data packet is incoming at the designated port of the associated document processing device;
  
  determining acceptability of the series of incoming binary data packets in accordance with a comparison of the first and the second binary values associated therewith; and
  
  selectively commencing, by the associated document processing device, processing of received administrative control data of the series of incoming binary data packets in accordance with an output of the determining step.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The computer-implemented method of claim 13 wherein the step of determining acceptability of incoming binary packets includes determining acceptable incoming binary data as that disposed within the address range in accordance with a received range allow instruction.
  - 15. The computer-implemented method of claim 13 wherein the step of determining acceptability of incoming binary packets includes determining acceptable incoming binary data as that disposed outside the address range in accordance with a received range reject instruction.
  - 16. The computer-implemented method of claim 13 wherein first and second binary values are generated by completion of a respective logical AND operations between mask data with received binary reference data and mask data with an incoming data packet.
  - 17. The computer-implemented method of claim 16 further comprising the steps of:
    - receiving additional binary mask data defining at least one additional corresponding address space from which remotely generated requests for configuration is acceptable;
      
      receiving additional binary reference address data representative of at least one additional corresponding address within an address range defined thereby;
      
      generating at least one additional first binary value, each corresponding to a comparison of the additional binary reference address data with the additional binary mask data;
      
      generating at least one additional second binary value in accordance with a comparison of an incoming second binary data packet with the additional binary mask data; and
      
      determining acceptability of the incoming second binary data packet in accordance with a comparison of the additional first and second binary values.
  - 18. The computer-implemented method of claim 13 wherein mask data and reference address data is received via an associated thin client interface.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Kabushiki Kaisha Toshiba (Toshiba Corporation), Toshiba Tec Corporation (Toshiba Corporation)
Original Assignee
Kabushiki Kaisha Toshiba (Toshiba Corporation), Toshiba Tec Corporation (Toshiba Corporation)
Inventors
Lee, Sheng
Primary Examiner(s)
Lin; Kenny S
Assistant Examiner(s)
Hussain; Tauqir

Application Number

US11/758,987
Publication Number

US 20070260722A1
Time in Patent Office

860 Days
Field of Search

709/223, 709/224, 709/229, 726 3- 21
US Class Current

709/223
CPC Class Codes

H04L 43/028 by filtering

H04L 63/0227 Filtering policies mail mes...

System and method for securing remote administrative access to a processing device

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for securing remote administrative access to a processing device

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links