Internet enabled monitoring and control device
First Claim
1. A method for establishing a secure communication path between a remote user and a monitoring and control device over an unsecure network and through a server comprising:
- (a) using the device to establish and maintain an encrypted communication path to the server;
(b) receiving device identification information from the user over the network at the server;
(c) identifying and contacting the device with the server over the encrypted communication path using the device identification information; and
(d) exchanging login information between the device and the user over the network and through the server whereupon the device authenticates the user and allows the user to connect to the device;
(d1) requesting at the server an authentication banner from the device and displaying the banner to the user;
(d2) relaying a user response to the banner through the server to the device; and
(d3) validating the user response with the device.
1 Assignment
0 Petitions
Accused Products
Abstract
A connection between a monitoring device and a remote user is accomplished securely over the Internet by using a communication channel with public/private key encryption to connect the two locations and by performing authentication of a user at the local monitoring device rather than at a device server at the remote location, thereby effectively removing the device server as vulnerable point for attack. In particular, when a remote user attempts to log in, via a web browser or interactive telephone system, the encrypted channel is established using the public/private key of the device and the device server proxies the log-in request to the monitored device. The device itself is then responsible for granting or denying access.
-
Citations
38 Claims
-
1. A method for establishing a secure communication path between a remote user and a monitoring and control device over an unsecure network and through a server comprising:
-
(a) using the device to establish and maintain an encrypted communication path to the server; (b) receiving device identification information from the user over the network at the server; (c) identifying and contacting the device with the server over the encrypted communication path using the device identification information; and (d) exchanging login information between the device and the user over the network and through the server whereupon the device authenticates the user and allows the user to connect to the device; (d1) requesting at the server an authentication banner from the device and displaying the banner to the user; (d2) relaying a user response to the banner through the server to the device; and (d3) validating the user response with the device. - View Dependent Claims (2, 3, 4)
-
-
5. A method for verifying the existence of a connection between a monitoring and control device and a first server by a second system, comprising:
-
(a) sending a challenge token from the second system to the first server; (b) at the first server and in response to the challenge token, sending the challenge token to the device over the connection; (c) cryptographically signing the challenge token at the device and returning the signed challenge token to the first server over the connection; and (d) forwarding the challenge token from the first server to the second system and verifying the challenge token was generated by the device at the second system; (d1) requesting at the server an authentication banner from the device and displaying the banner to the user; (d2) relaying a user response to the banner through the server to the device; and (d3) validating the user response with the device. - View Dependent Claims (6, 7, 8)
-
-
9. A method for establishing a secure connection between an initiator device having a key associated therewith and a target device having a key associated therewith via a server, the method comprising:
-
(a) creating an initiator list of keys associated with allowed devices in the initiator monitoring device; (b) creating a target list of keys associated with allowed devices in the target monitoring device; (c) sending, via the server, a connection request to connect to the target device and the initiator device key from the initiator device to the target device; (d) in the target device, and in response to the connection request, comparing the received key against the target list of allowed devices; (e) when the initiator device key is on the target list, sending, via the server, the key of the target device to the initiator device; (f) in the initiator device, comparing the received key against the initiator list of allowed devices; and (g) when the target device key is on the initiator list, establishing through the server an encrypted connection between the initiator and target devices. - View Dependent Claims (10, 11, 12, 13)
-
-
14. A method for sending a notification from a monitoring and control device to a remote recipient, the method comprising:
-
(a) in response to a change, using the device to select a notification server randomly from a list including a plurality of servers stored in the device; (b) connecting the device to the selected server; (c) sending a notification request to the server; and (d) at the server, in response to the notification request, sending a notification message to the recipient; (d1) requesting at the server an authentication banner from the device and displaying the banner to the user; (d2) relaying a user response to the banner through the server to the device; and (d3) validating the user response with the device. - View Dependent Claims (15, 16, 17, 18, 19)
-
-
20. Apparatus for establishing a secure communication path between a remote user and a monitoring and control device over an unsecure network and through a server comprising:
-
a mechanism in the device that establishes and maintains an encrypted communication path to the server; means for receiving device identification information from the user over the network at the server; means in the server for identifying and contacting the device over the encrypted communication path using the device identification information; and a login mechanism that exchanges login information between the device and the user over the network and through the server wherein the device authenticates the user and allows the user to connect to the device; a mechanism in the server that requests an authentication banner from the device and displays the banner to the user; a mechanism in the server that relays a user response to the banner through the server to the device; and a mechanism in the device that validates the user response. - View Dependent Claims (21, 22, 23)
-
-
24. Apparatus for verifying the existence of a connection between a monitoring and control device and a first server by a second system, comprising:
-
means for sending a challenge token from the second system to the first server; means at the first server that responds to the challenge token, by sending the challenge token to the device over the connection; a signing mechanism that cryptographically signs the challenge token at the device and returns the signed challenge token to the first server over the connection; and means for forwarding the challenge token from the first server to the second system and for verifying the challenge token was generated by the device at the second system; a mechanism in the server that requests an authentication banner from the device and displays the banner to the user; a mechanism in the server that relays a user response to the banner through the server to the device; and a mechanism in the device that validates the user response. - View Dependent Claims (25, 26, 27)
-
-
28. Apparatus for establishing a secure connection between an initiator device having a key associated therewith and a target device having a key associated therewith via a server, the apparatus comprising:
-
in the initiator monitoring device, an initiator list of keys associated with allowed devices; in the target monitoring device, a target list of keys associated with allowed devices; means for sending, via the server, a connection request to connect to the target device and the initiator device key from the initiator device to the target device; means in the target device, that responds to the connection request, by comparing the received key against the target list of allowed devices; means operable when the initiator device key is on the target list, for sending, via the server, the key of the target device to the initiator device; means in the initiator device, for comparing the received key against the initiator list of allowed devices; and means operable when the target device key is on the initiator list, for establishing through the server an encrypted connection between the initiator and target devices. - View Dependent Claims (29, 30, 31, 32)
-
-
33. Apparatus for sending a notification from a monitoring and control device to a remote recipient, the apparatus comprising:
-
means in the device that responds to a change by selecting a notification server randomly from a list including a plurality of servers stored in the device; means for connecting the device to the selected server; means for sending a notification request to the server; and means at the server, that responds to the notification request, by sending a notification message to the recipient; a mechanism in the server that requests an authentication banner from the device and displays the banner to the user; a mechanism in the server that relays a user response to the banner through the server to the device; and a mechanism in the device that validates the user response. - View Dependent Claims (34, 35, 36, 37, 38)
-
Specification