Wormhole devices for usable secure access to remote resource

US 8,387,124 B2
Filed: 05/04/2007
Issued: 02/26/2013
Est. Priority Date: 03/15/2007
Status: Active Grant

First Claim

Patent Images

1. A token, comprising:

a memory, including;

a first set of processing instructions for configuring remote access to a particular remote resource residing upon a computing device on a network the first set of processing instructions containing device configuration information of credentials, a list of identified resources on the device and associated user requests with the resources, and administrative tasks;

a second set of processing instructions for operating the token in a legacy environment;

security credentials; and

resource configuration information for the particular remote resource, wherein each particular remote resource has its own configuration information including intended accesses, authentication measures, and safeguards for the remote resource to maintain;

an interface through which a connection to a client host is established; and

a processor;

in response to user input for configuring a remote access connection with the particular remote resource, executing the first set of processing instructions that include;

establishing a trusted connection through the interface with the particular remote resource;

exchanging credentials associated with the particular remote resource over the trusted connection for establishing a secure connection with the particular remote resource over an untrusted connection; and

defining the resource configuration information for accessing user selected data or services available at the particular remote resource; and

in response to user input received in a legacy environment, executing the second set of processing instructions that include automatically;

establishing, over an untrusted connection to the client host available through the interface, a secure connection with the particular remote resource using the security credentials stored in the memory;

configuring the secure connection for access to the user selected data or services available at the particular remote resource using the configuration information for the particular remote resource stored in the memory;

making the user selected data or services at the particular remote resource available in the legacy environment; and

defending against attempted access to data or services available at the token other than the user selected data or services made available in the legacy environment, including attempts by the client host.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A token has a memory, an interface allow connection to a host, and a processor. The processor, in response to user input for configuring a remote access connection, executes a first set of processing instructions to establish a trusted connection with the server host, exchanges credentials over the trusted connection to establish a secure connection with the server host over an untrusted connection, and defines configuration information for accessing user selected data or services. The processor, in response to user input received in a legacy environment, executes a second set of processing instructions that includes establishing, over an untrusted connection, a secure connection with the server host using the security credentials, configuring the secure connection for access to the data or services, making the data or services available in the legacy environment, and defends against attempted access to data or services available at the token other than the data or services made available in the legacy environment.

52 Citations

View as Search Results

25 Claims

1. A token, comprising:
- a memory, including;
  
  a first set of processing instructions for configuring remote access to a particular remote resource residing upon a computing device on a network the first set of processing instructions containing device configuration information of credentials, a list of identified resources on the device and associated user requests with the resources, and administrative tasks;
  
  a second set of processing instructions for operating the token in a legacy environment;
  
  security credentials; and
  
  resource configuration information for the particular remote resource, wherein each particular remote resource has its own configuration information including intended accesses, authentication measures, and safeguards for the remote resource to maintain;
  
  an interface through which a connection to a client host is established; and
  
  a processor;
  
  in response to user input for configuring a remote access connection with the particular remote resource, executing the first set of processing instructions that include;
  
  establishing a trusted connection through the interface with the particular remote resource;
  
  exchanging credentials associated with the particular remote resource over the trusted connection for establishing a secure connection with the particular remote resource over an untrusted connection; and
  
  defining the resource configuration information for accessing user selected data or services available at the particular remote resource; and
  
  in response to user input received in a legacy environment, executing the second set of processing instructions that include automatically;
  
  establishing, over an untrusted connection to the client host available through the interface, a secure connection with the particular remote resource using the security credentials stored in the memory;
  
  configuring the secure connection for access to the user selected data or services available at the particular remote resource using the configuration information for the particular remote resource stored in the memory;
  
  making the user selected data or services at the particular remote resource available in the legacy environment; and
  
  defending against attempted access to data or services available at the token other than the user selected data or services made available in the legacy environment, including attempts by the client host.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 2. The token according to claim 1, wherein the legacy environment comprises an computational operating environment with interfaces, protocols, and standards for receiving and processing user input defining one of either a coupling action to establish a connection between the token and the particular remote resource, or an input action at a user interface issuing a command to the legacy environment.
  - 3. The token according to claim 1, wherein the interface of the token is one or a combination of a physical or logical, network interface or device interface.
  - 4. The token according to claim 1, wherein the user input comprises coupling the token with the client host, the legacy environment operates between the token and the client host, and the untrusted connection, over which the secure connection is established, is established through a device interface of the client host.
  - 5. The token according to claim 1, wherein the user input comprises coupling the token with the client host, the legacy environment operates between the token and the client host, and the untrusted connection, over which the secure connection is established, is established through a network interface.
  - 6. The token according to claim 1, wherein the user input comprises an input action at a user interface of the token that issues a command, the legacy environment operates between the token and the client host, and the untrusted connection, over which the secure connection is established, is established through a network interface.
  - 7. The token according to claim 1, wherein the user input comprises coupling the token with the client host, the legacy environment operates between the token and the client host;
    - and the untrusted connection, over which the secure connection is established, is established through a device interface of the client host.
  - 8. The token of claim 1, the interface further comprising one of a wireless interface in accordance with IEEE 802.11x, a Bluetooth interface, an infrared interface, an interface in accordance with IEEE 1394, a wide-area or metropolitan-area wireless interface such as one in accordance with IEEE 802.16, an Ethernet interface, and a local area network interface.
  - 9. The token of claim 1, the security credentials further comprising one of public keys, public-key certificates, cryptographic hashes of public keys, cryptographic hashes of public-key certificates, private keys, tokens, secrets or passwords, symmetric cryptographic keys, cryptographic hashes of tokens, anonymous or privacy-preserving cryptographic credentials, and Kerberos or other cryptographic “
    - tickets”
      
      .
  - 10. The token of claim 1, the token further comprising a biometric identifier.
  - 11. The token of claim 1, the token comprising one of a pair of wormhole tokens for a wormhole wire.
  - 12. The token of claim 11, wherein one of the pair of wormhole tokens is connected to a computer and another of the pair of wormhole tokens is connected to a printer, camera, or other legacy device.
  - 13. The token of claim 1, the token further comprising a media player and the legacy environment includes at least one legacy device.
  - 14. The token of claim 13, the legacy device comprising one of a stereo, an internal speaker, an internal display, an external display, a television, an external speaker, at least one headphone or a personal computer.
  - 15. The token of claim 1, the token further comprising a storage token.
  - 16. The token of claim 15, the processor further to encrypt the memory on the storage token when the storage token is not active.
  - 17. The token of claim 15, the first set of processing instructions further to limit access to the storage token by a host.
  - 18. The token of claim 1, wherein the processor in executing the second set of processing instructions automatically:
    - discovers a partner token using security credentials and a partner token identifier stored in the memory;
      
      establishes a secure connection to the partner token; and
      
      proxies the user selected data or service available at the server host through the secure connection to the partner token.
  - 19. The token of claim 18, wherein the service is printing.

20. A method, comprising:
- receiving a user input at a token attached to a client host;
  
  if the user input is an input for configuring a remote access connection with a particular remote resource residing upon a computing device on a network;
  
  establishing a trusted connection through an interface with the particular remote resource;
  
  exchanging credentials over the trusted connection for establishing a secure connection with the particular remote resource over an untrusted connection; and
  
  defining resource configuration information for accessing user selected data or services available at the particular remote resource, wherein the resource configuration information comprises intended accesses, authentication measures, and safeguards for the remote resource to maintain; and
  
  if the user input is received in a legacy environment;
  
  establishing, over an untrusted connection with the client host available through the interface, a secure connection with the particular remote resource using security credentials stored in a memory;
  
  configuring the secure connection for access to the user selected data or services available at the particular remote resource using resource configuration information stored in the memory, wherein each particular remote resource has a configuration for that particular remote resource including intended accesses, authentication measures, and safeguards for the remote resource to maintain;
  
  making the user selected data or services at the particular remote resource available in the legacy environment; and
  
  defending against attempted access to data or services available at the token other than the user selected data or services made available in the legacy environment, including attempts by the client host.
- View Dependent Claims (21, 22, 23, 24, 25)
- - 21. The method according to claim 20, wherein the user input comprises coupling the token with the client host and establishing the untrusted connection occurs through a device interface of the client host.
  - 22. The method according to claim 20, wherein the user input comprises coupling the token with the client host and establishing the untrusted connection occurs through a network interface.
  - 23. The method according to claim 20, wherein receiving the user input comprises receiving an input action at a user interface of the token that issues a command, and establishing the untrusted connection occurs through a network interface.
  - 24. The method according to claim 20, wherein the user input comprises coupling the token with the client host and establishing the untrusted connection occurs through a device interface of the client host.
  - 25. The method according to claim 20, further comprisingdiscovering a partner token using security credentials and a partner token identifier stored in the memory;
    - establishing a secure connection to the partner token; and
      
      proxying the user selected data or service available at the remote resource through the secure connection to the partner token.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Samsung Electronics Co. Ltd., Xerox Corporation (Xerox Holdings Corp.)
Original Assignee
Palo Alto Research Center, Inc. (Xerox Holdings Corp.)
Inventors
Smetters, Diana K., Smith, Trevor F., Lee, Kyung-Hee
Primary Examiner(s)
Truong, Thanhnga B
Assistant Examiner(s)
HERZOG, MADHURI R

Application Number

US11/744,451
Publication Number

US 20080229402A1
Time in Patent Office

2,125 Days
Field of Search

726 2- 5, 726/9, 726 26- 30, 713164-167, 713182-186, 235/375, 235379-382, 709217-219, 709223-229
US Class Current

726/9
CPC Class Codes

H04L 63/0853 using an additional device,...

Wormhole devices for usable secure access to remote resource

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

52 Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Wormhole devices for usable secure access to remote resource

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

52 Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links