Internet enabled monitoring and control device

US 8,370,907 B1
Filed: 11/20/2007
Issued: 02/05/2013
Est. Priority Date: 11/20/2007
Status: Expired due to Fees

First Claim

Patent Images

1. A method for establishing a secure communication path between a remote user and a monitoring and control device over an unsecure network and through a server comprising:

(a) using the device to establish and maintain an encrypted communication path to the server;

(b) receiving device identification information from the user over the network at the server;

(c) identifying and contacting the device with the server over the encrypted communication path using the device identification information; and

(d) exchanging login information between the device and the user over the network and through the server whereupon the device authenticates the user and allows the user to connect to the device;

(d1) requesting at the server an authentication banner from the device and displaying the banner to the user;

(d2) relaying a user response to the banner through the server to the device; and

(d3) validating the user response with the device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A connection between a monitoring device and a remote user is accomplished securely over the Internet by using a communication channel with public/private key encryption to connect the two locations and by performing authentication of a user at the local monitoring device rather than at a device server at the remote location, thereby effectively removing the device server as vulnerable point for attack. In particular, when a remote user attempts to log in, via a web browser or interactive telephone system, the encrypted channel is established using the public/private key of the device and the device server proxies the log-in request to the monitored device. The device itself is then responsible for granting or denying access.

Citations

38 Claims

1. A method for establishing a secure communication path between a remote user and a monitoring and control device over an unsecure network and through a server comprising:
- (a) using the device to establish and maintain an encrypted communication path to the server;
  
  (b) receiving device identification information from the user over the network at the server;
  
  (c) identifying and contacting the device with the server over the encrypted communication path using the device identification information; and
  
  (d) exchanging login information between the device and the user over the network and through the server whereupon the device authenticates the user and allows the user to connect to the device;
  
  (d1) requesting at the server an authentication banner from the device and displaying the banner to the user;
  
  (d2) relaying a user response to the banner through the server to the device; and
  
  (d3) validating the user response with the device.
- View Dependent Claims (2, 3, 4)
- - 2. The method of claim 1 wherein step (d) comprises detecting the physical manipulation of an object located on the device.
  - 3. The method of claim 1 wherein step (a) comprises:
    - (a1) installing the device at an operating location;
      
      (a2) connecting the installed device to the network;
      
      (a3) after connection to the network, connecting the device via the network to a server at a predetermined network address with the encrypted network connection;
      
      (a4) forwarding a unique device ID from the device to the server;
      
      (a5) pairing the unique device ID with an account ID at the server and storing the device ID and account ID pair at the server; and
      
      (a6) maintaining a persistent encrypted network connection.
  - 4. The method of claim 3 wherein step (c) comprises receiving an account ID from the user, locating the device ID from device ID and account ID pairs stored at the server and using the device ID to contact the device.

5. A method for verifying the existence of a connection between a monitoring and control device and a first server by a second system, comprising:
- (a) sending a challenge token from the second system to the first server;
  
  (b) at the first server and in response to the challenge token, sending the challenge token to the device over the connection;
  
  (c) cryptographically signing the challenge token at the device and returning the signed challenge token to the first server over the connection; and
  
  (d) forwarding the challenge token from the first server to the second system and verifying the challenge token was generated by the device at the second system;
  
  (d1) requesting at the server an authentication banner from the device and displaying the banner to the user;
  
  (d2) relaying a user response to the banner through the server to the device; and
  
  (d3) validating the user response with the device.
- View Dependent Claims (6, 7, 8)
- - 6. The method of claim 5 wherein step (c) comprises signing the challenge token with a private key of a public/private key pair stored at the device.
  - 7. The method of claim 6 wherein step (d) comprises verifying the challenge token with a public key of the public/private key pair.
  - 8. The method of claim 5 wherein the device establishes the connection with the first server.

9. A method for establishing a secure connection between an initiator device having a key associated therewith and a target device having a key associated therewith via a server, the method comprising:
- (a) creating an initiator list of keys associated with allowed devices in the initiator monitoring device;
  
  (b) creating a target list of keys associated with allowed devices in the target monitoring device;
  
  (c) sending, via the server, a connection request to connect to the target device and the initiator device key from the initiator device to the target device;
  
  (d) in the target device, and in response to the connection request, comparing the received key against the target list of allowed devices;
  
  (e) when the initiator device key is on the target list, sending, via the server, the key of the target device to the initiator device;
  
  (f) in the initiator device, comparing the received key against the initiator list of allowed devices; and
  
  (g) when the target device key is on the initiator list, establishing through the server an encrypted connection between the initiator and target devices.
- View Dependent Claims (10, 11, 12, 13)
- - 10. The method of claim 9 wherein the keys associated with the initiator and target devices are public keys of public/private key pairs.
  - 11. The method of claim 9 wherein the encrypted connection is performed with public/private key pairs.
  - 12. The method of claim 9 wherein the initiator device has a control interface and the target device has an identical control interface and wherein the method further comprises generating commands at the initiator device control interface, sending the commands over the encrypted connection and controlling the target device control interface to generate commands identical to the commands generated at the initiator device control interface.
  - 13. The method of claim 9 further comprising means for configuring the initiator device to forward configuration commands to one or more target devices in order to synchronize all or parts of the initiator device'"'"'s configuration to the target device(s).

14. A method for sending a notification from a monitoring and control device to a remote recipient, the method comprising:
- (a) in response to a change, using the device to select a notification server randomly from a list including a plurality of servers stored in the device;
  
  (b) connecting the device to the selected server;
  
  (c) sending a notification request to the server; and
  
  (d) at the server, in response to the notification request, sending a notification message to the recipient;
  
  (d1) requesting at the server an authentication banner from the device and displaying the banner to the user;
  
  (d2) relaying a user response to the banner through the server to the device; and
  
  (d3) validating the user response with the device.
- View Dependent Claims (15, 16, 17, 18, 19)
- - 15. The method of claim 14 wherein, in step (d), the notification message is stored only in the device.
  - 16. The method of claim 14 wherein step (d) comprises sending an audio notification message to the user.
  - 17. The method of claim 16 wherein step (d) comprises playing an audio notification message generated by the user and storing the recorded audio message on the server.
  - 18. The method of claim 17 wherein step (d) comprises storing the recorded audio message on the server in encrypted form.
  - 19. The method of claim 14 further comprising receiving at the notification server an acknowledgement that the user received the notification message.

20. Apparatus for establishing a secure communication path between a remote user and a monitoring and control device over an unsecure network and through a server comprising:
- a mechanism in the device that establishes and maintains an encrypted communication path to the server;
  
  means for receiving device identification information from the user over the network at the server;
  
  means in the server for identifying and contacting the device over the encrypted communication path using the device identification information; and
  
  a login mechanism that exchanges login information between the device and the user over the network and through the server wherein the device authenticates the user and allows the user to connect to the device;
  
  a mechanism in the server that requests an authentication banner from the device and displays the banner to the user;
  
  a mechanism in the server that relays a user response to the banner through the server to the device; and
  
  a mechanism in the device that validates the user response.
- View Dependent Claims (21, 22, 23)
- - 21. The apparatus of claim 20 wherein the login mechanism comprises a controller in the device that detects the physical manipulation of an object located on the device.
  - 22. The apparatus of claim 20 wherein the login mechanism comprises:
    - means for installing the device at an operating location;
      
      an adapter that connects the installed device to the network;
      
      means operable after connection to the network, for connecting the device via the network to a server at a predetermined network address with the encrypted network connection;
      
      a mechanism that forwards a unique device ID from the device to the server;
      
      means at the server for pairing the unique device ID with an account ID and storing the device ID and account ID pair at the server; and
      
      means for maintaining a persistent encrypted network connection.
  - 23. The apparatus of claim 22 wherein the means for identifying and contacting the device over the encrypted communication path using the device identification information comprises means for receiving an account ID from the user, means for locating the device ID from device ID and account ID pairs stored at the server and means for using the device ID to contact the device.

24. Apparatus for verifying the existence of a connection between a monitoring and control device and a first server by a second system, comprising:
- means for sending a challenge token from the second system to the first server;
  
  means at the first server that responds to the challenge token, by sending the challenge token to the device over the connection;
  
  a signing mechanism that cryptographically signs the challenge token at the device and returns the signed challenge token to the first server over the connection;
  
  and means for forwarding the challenge token from the first server to the second system and for verifying the challenge token was generated by the device at the second system;
  
  a mechanism in the server that requests an authentication banner from the device and displays the banner to the user;
  
  a mechanism in the server that relays a user response to the banner through the server to the device; and
  
  a mechanism in the device that validates the user response.
- View Dependent Claims (25, 26, 27)
- - 25. The apparatus of claim 24 wherein the signing mechanism comprises means for signing the challenge token with a private key of a public/private key pair stored at the device.
  - 26. The apparatus of claim 25 wherein the means for verifying the challenge token was generated by the device comprises means for verifying the challenge token with a public key of the public/private key pair.
  - 27. The apparatus of claim 24 wherein the device comprises a mechanism that establishes the connection with the first server.

28. Apparatus for establishing a secure connection between an initiator device having a key associated therewith and a target device having a key associated therewith via a server, the apparatus comprising:
- in the initiator monitoring device, an initiator list of keys associated with allowed devices;
  
  in the target monitoring device, a target list of keys associated with allowed devices;
  
  means for sending, via the server, a connection request to connect to the target device and the initiator device key from the initiator device to the target device;
  
  means in the target device, that responds to the connection request, by comparing the received key against the target list of allowed devices;
  
  means operable when the initiator device key is on the target list, for sending, via the server, the key of the target device to the initiator device;
  
  means in the initiator device, for comparing the received key against the initiator list of allowed devices; and
  
  means operable when the target device key is on the initiator list, for establishing through the server an encrypted connection between the initiator and target devices.
- View Dependent Claims (29, 30, 31, 32)
- - 29. The apparatus of claim 28 wherein the keys associated with the initiator and target devices are public keys of public/private key pairs.
  - 30. The apparatus of claim 28 wherein the encrypted connection is performed with public/private key pairs.
  - 31. The apparatus of claim 28 wherein the initiator device has a control interface and the target device has an identical control interface and wherein the apparatus further comprises means for generating commands at the initiator device control interface, means for sending the commands over the encrypted connection and means for controlling the target device control interface to generate commands identical to the commands generated at the initiator device control interface.
  - 32. The apparatus of claim 28 further comprising means for configuring the initiator device to forward configuration commands to one or more target devices in order to synchronize all or parts of the initiator device'"'"'s configuration to the target device(s).

33. Apparatus for sending a notification from a monitoring and control device to a remote recipient, the apparatus comprising:
- means in the device that responds to a change by selecting a notification server randomly from a list including a plurality of servers stored in the device;
  
  means for connecting the device to the selected server;
  
  means for sending a notification request to the server; and
  
  means at the server, that responds to the notification request, by sending a notification message to the recipient;
  
  a mechanism in the server that requests an authentication banner from the device and displays the banner to the user;
  
  a mechanism in the server that relays a user response to the banner through the server to the device; and
  
  a mechanism in the device that validates the user response.
- View Dependent Claims (34, 35, 36, 37, 38)
- - 34. The apparatus of claim 33 wherein the notification message is stored only in the device.
  - 35. The apparatus of claim 33 wherein the means that sends a notification message to the user comprises means for sending an audio notification message to the user.
  - 36. The apparatus of claim 35 wherein the means that sends a notification message to the user comprises means for playing an audio notification message generated by the user and means for storing the recorded audio message on the server.
  - 37. The apparatus of claim 36 wherein the means for storing the recorded audio message on the server comprises means for storing the recorded audio message on the server in encrypted form.
  - 38. The apparatus of claim 33 further comprising means for receiving at the notification server an acknowledgement that the user received the notification message.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Deviceco LLC
Original Assignee
Deviceco LLC
Inventors
Galyean, Tinsley A., Potter, Jeffrey P.
Primary Examiner(s)
Zand, Kambiz
Assistant Examiner(s)
FIELDS, COURTNEY D

Application Number

US11/943,281
Time in Patent Office

1,904 Days
Field of Search

726/5, 726/28, 600/301, 713/176, 713/151
US Class Current

726/5
CPC Class Codes

G05B 19/0425   Safety, monitoring

G05B 2219/25062   Detect physical location of...

G06F 11/3006   where the computing system ...

G06F 11/3055   Monitoring arrangements for...

G06F 21/313   using a call-back technique...

H04L 63/0428   wherein the data content is...

H04L 63/08   for authentication of entit...

H04L 63/0823   using certificates cryptogr...

H04L 9/3213   using tickets or tokens, e....

H04L 9/3247   involving digital signatures

Internet enabled monitoring and control device

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

38 Claims

Specification

Solutions

Use Cases

Quick Links

Internet enabled monitoring and control device

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

38 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links