Method and system for providing secure, centralized access to remote elements

US 7,640,581 B1
Filed: 02/27/2004
Issued: 12/29/2009
Est. Priority Date: 02/27/2004
Status: Active Grant

First Claim

Patent Images

1. A system for accessing remote devices on a communications network, comprising:

a first network configured to enable a user computing device to access remote network elements;

a firewall in communication with said first network and configured to restrict access to said first network and the user computing device;

a router in communication with said firewall and a remote network element, an in-band access path defined by a communication path between the user computing device and the remote network element via said first network, firewall, and router;

a first server in communication with said firewall;

a modem bank in communication with said first server and further in communication with the remote network elements via a public switched telephone network (PSTN), an out-of-band access path defined by a communication path between the user computing device and the remote network element via said first network, firewall, first server, modem bank, and PSTN, and wherein the in-band access path from the firewall to the remote network element and the out-of-band access path from the firewall to the remote network element are two distinct paths;

said first server configured to;

(1) receive a request to communicate with the one or more remote network elements over the out-of-band access path;

(2) authenticate a user;

(3) facilitate a session with a second server for establishing connection with an external network element;

(4) establish secure pathway over the out-of-band access path between the user computing device and the one or more remote network elements; and

(5) transmit data for communicating operational status of the one or more remote network elements between the one or more network elements and the user computing device over the secure pathway; and

said modem bank including a plurality of modems in communication with said first and second servers and operable to authenticate the request to access the one or more remote network elements and to communicate the operational status of the one or more remote network elements.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for establishing centralized, out-of-band access to remote network elements is provided. Status and other information can be securely retrieved from the remote elements. One or more servers observe and manage a plurality of remote elements using modem-to-modem communications between a modem bank and a remote modem. Requests are submitted through a central mediation point, thereby allowing central control of user profiles and a collection of security audit log information. One or more authentication mechanisms provide enforced security measures and trusted communication paths between a user and a remote element. Remote elements can be securely monitored and administered from a central location.

239 Citations

21 Claims

1. A system for accessing remote devices on a communications network, comprising:
- a first network configured to enable a user computing device to access remote network elements;
  
  a firewall in communication with said first network and configured to restrict access to said first network and the user computing device;
  
  a router in communication with said firewall and a remote network element, an in-band access path defined by a communication path between the user computing device and the remote network element via said first network, firewall, and router;
  
  a first server in communication with said firewall;
  
  a modem bank in communication with said first server and further in communication with the remote network elements via a public switched telephone network (PSTN), an out-of-band access path defined by a communication path between the user computing device and the remote network element via said first network, firewall, first server, modem bank, and PSTN, and wherein the in-band access path from the firewall to the remote network element and the out-of-band access path from the firewall to the remote network element are two distinct paths;
  
  said first server configured to;
  
  (1) receive a request to communicate with the one or more remote network elements over the out-of-band access path;
  
  (2) authenticate a user;
  
  (3) facilitate a session with a second server for establishing connection with an external network element;
  
  (4) establish secure pathway over the out-of-band access path between the user computing device and the one or more remote network elements; and
  
  (5) transmit data for communicating operational status of the one or more remote network elements between the one or more network elements and the user computing device over the secure pathway; and
  
  said modem bank including a plurality of modems in communication with said first and second servers and operable to authenticate the request to access the one or more remote network elements and to communicate the operational status of the one or more remote network elements.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The communications system of claim 1, wherein said second server is further operable to select a specific modem.
  - 3. The communications system of claim 1, wherein said first server is further operable to log invalid modem-login attempts.
  - 4. The communications system of claim 1, wherein said first server is further operable to allow specific access to privileged users for accessing network elements.
  - 5. The communications system of claim 1, wherein the second server is in communication with said first server and modem bank via said first server, and configured to select a modem in the modem bank over which to communicate information communicated between the user computing device and remote network elements.

6. A method for securely retrieving a status of one or more remote devices, the method comprising:
- communicating between a user computing device and a network element via an in-band access path, the in-band access path including a firewall and router;
  
  communicating between the user computing device and the network element via an out-of-band access path, the out-of-band access path including the firewall, a first server, a modem bank, and a public switched telephone network, and wherein the in-band access path from the firewall to the remote network element and the out-of-band access path from the firewall to the remote network element are two distinct paths;
  
  requesting, from the user computing device, out-of-band access to the network element via one of a plurality of modems located in the modem bank configured to communicate with a remote modem in communication with the network element;
  
  communicating, from the network element via the out-of-band access path with the one of a plurality of modems, with the remote modem;
  
  authenticating, by the first server, a request to access the remote modem;
  
  establishing, by the first server, a secure pathway over the out-of-band access path between the user computing device and network element; and
  
  transmitting data for communicating operational status of the network element between the network element and the user computing device over the secure pathway.
- View Dependent Claims (7, 8, 9)
- - 7. The method of claim 6, wherein authenticating a request includes validating a number dialed to determine if a request from said number is authorized to connect with said remote modem.
  - 8. The method of claim 7, wherein authenticating a request further includes processing security credentials to obtain access to the network element.
  - 9. The method of claim 6, wherein authenticating a request further includes one or more selections from the following:
    - providing a trusted communications pathway between a source element and a destination element using selective call acceptance (SCA);
      
      encrypting communicated data to secure network communications;
      
      authenticating said source and destination elements; and
      
      utilizing automatic number identification (ANI) to authenticate a calling request.

10. One or more computer-readable storage media having computer-useable instructions embodied thereon, the instructions, when executed on a computing device, cause the computing device to:
- receive a first request via an out-of-band process to establish an out-of-band communications pathway with a network device;
  
  wherein the out-of-band access communications pathway includes a firewall, a first server, a modem bank, and a public switched telephone network;
  
  receive a security identifier to authenticate said first request;
  
  identify a dial-up number for accessing a remote modem;
  
  capture information associated with said first request to a log file;
  
  direct a server to identify one of a plurality of modems located in the modem bank that can provide feedback related to said network device;
  
  authenticate a second request, said second request being a request to access said remote modem;
  
  authenticate a third request, said third request being a request to access said network element; and
  
  transmit data for communicating operational status of the network element between the network element and a user computing device over an in-band pathway established between the user computing device and the network element, the in-band pathway includes the firewall and a router, and wherein the in-band access path from the firewall to the remote network element and the out-of-band access path from the firewall to the remote network element are two distinct paths.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
- - 11. The media of claim 10, wherein receiving a first request further comprises establishing a communications pathway by exchanging packets of information using one or more network protocols.
  - 12. The media of claim 11, wherein receiving a first request further comprises issuing a command to the network device to authenticate access to the network device.
  - 13. The media of claim 10, wherein receiving a security identifier includes receiving one or more security-credential components.
  - 14. The media of claim 10, wherein identifying a dial-up number includes:
    - issuing a request from a user;
      
      receiving a telephone number for dialing; and
      
      validating said telephone number against a predetermined dialing list.
  - 15. The media of claim 10, wherein capturing information includes capturing session information.
  - 16. The media of claim 15, wherein said session information includes data related to one or more of the following events:
    - failed attempts to access a network resource;
      
      successful attempts to access one or more elements designated as sensitive or critical components;
      
      logon successes and failures;
      
      account creation or deletion;
      
      account maintenance activity;
      
      dial-up activity;
      
      periods of system non-availability; and
      
      security-administration activities.
  - 17. The media of claim 15, wherein information captured includes one or more of the following:
    - a user identifier;
      
      a time stamp;
      
      a date stampa logon attempt;
      
      a logoff attempt;
      
      a network address;
      
      a client identifier;
      
      a user'"'"'s location;
      
      a dialed access number; and
      
      a reason for logging an event.
  - 18. The media of claim 10, wherein directing a server to select a modem includes:
    - sending a request to establish a communications link with a remote modem;
      
      selecting a modem from a modem pool;
      
      receiving a response from said server to establish a link with said pooled modem; and
      
      dialing a telephone number to said pooled modem to establishing a link with said remote modem.
  - 19. The media of claim 10, wherein authenticating a second request to access said remote modem includes:
    - receiving login identification for accessing said remote modem;
      
      verifying said login identification against a list of authorized users; and
      
      notifying said user with a status response.
  - 20. The media of claim 19, wherein said log-in identification is a username and password.
  - 21. The media of claim 19, wherein said status response is an approval or denial to access said remote modem.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CenturyLink Intellectual Property LLC (Lumen Technologies, Inc.)
Original Assignee
Embarq Holdings Company LLC (Lumen Technologies, Inc.)
Inventors
Brenton, James Albert, Martin, Michael Lee, Hermstedt, Matthew, Reece, David Wayne
Primary Examiner(s)
Barron, Jr.; Gilberto
Assistant Examiner(s)
ZECHER, CORDELIA P K

Application Number

US10/789,292
Time in Patent Office

2,132 Days
Field of Search

726/3, 726/8, 726/12
US Class Current

726/12
CPC Class Codes

H04L 63/029   Firewall traversal, e.g. tu...

H04L 63/08   for authentication of entit...

H04L 63/18   using different networks or...

Method and system for providing secure, centralized access to remote elements

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

239 Citations

21 Claims

Specification

Use Cases

Quick Links

Others

Method and system for providing secure, centralized access to remote elements

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

239 Citations

21 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others