Networking as a service
First Claim
Patent Images
1. A method comprising:
- discovering local devices, network services, and an uplink carrier associated with a network;
configuring the network using a business wizard and a library of network configurations;
forming and maintaining the network as a secure network;
monitoring networking devices of the network using a heartbeat process;
auto-upgrading software implemented in the network;
authenticating a networking device of the networking devices that does not have a pre-shared key to a Web service;
receiving a Web request from a user associated with the Web service and the networking device;
fielding the Web request at a captive portal, wherein the captive portal sends a splash screen HTML response that has a redirect to an HTTPS link to a Web service login server associated with the Web service with information in a redirect URL of the captive portal about the networking device, wherein the information includes a MAC address of the networking device;
receiving a request at the Web service login server;
generating a short-lived number used once (NONCE) and storing the short-lived NONCE in association with the MAC address at the Web service login server;
sending from the Web service login server a login form, wherein the user is prompted to enter a device password into the form;
validating the password at the Web service login server, wherein the Web service login server responds to a correct password with a confirmation page, placing a stub in the confirmation page with the redirect URL and the short-lived NONCE;
receiving an HTTP POST of the generated NONCE at the captive portal;
handshaking between a heartbeat daemon and a heartbeat server over HTTPS;
receiving the NONCE at the heartbeat server in a next scheduled heartbeat cycle, before the NONCE expires, wherein the heartbeat server looks up the MAC address to validate the NONCE and, if valid, sends a cryptographic hash of the password;
wherein the heartbeat daemon uses the cryptographic hash as an authentication token for subsequent heartbeats.
5 Assignments
0 Petitions
Accused Products
Abstract
Networking as a Service (NaaS) delivers network services using remote appliances controlled by a hosted, multi-tenant management system. The system may include a heartbeating process for communication between a web-based server and appliances, in which the appliances periodically contact the management system on the server. The heartbeating process allows the appliances to maintain a completely up-to-date configuration. Furthermore, heartbeating allows for comprehensive monitoring of appliances and for software distribution. The system may also include means for authenticating appliances, without the need for pre-installed PSKs or certificates.
-
Citations
19 Claims
-
1. A method comprising:
-
discovering local devices, network services, and an uplink carrier associated with a network; configuring the network using a business wizard and a library of network configurations; forming and maintaining the network as a secure network; monitoring networking devices of the network using a heartbeat process; auto-upgrading software implemented in the network; authenticating a networking device of the networking devices that does not have a pre-shared key to a Web service; receiving a Web request from a user associated with the Web service and the networking device; fielding the Web request at a captive portal, wherein the captive portal sends a splash screen HTML response that has a redirect to an HTTPS link to a Web service login server associated with the Web service with information in a redirect URL of the captive portal about the networking device, wherein the information includes a MAC address of the networking device; receiving a request at the Web service login server; generating a short-lived number used once (NONCE) and storing the short-lived NONCE in association with the MAC address at the Web service login server; sending from the Web service login server a login form, wherein the user is prompted to enter a device password into the form; validating the password at the Web service login server, wherein the Web service login server responds to a correct password with a confirmation page, placing a stub in the confirmation page with the redirect URL and the short-lived NONCE; receiving an HTTP POST of the generated NONCE at the captive portal; handshaking between a heartbeat daemon and a heartbeat server over HTTPS; receiving the NONCE at the heartbeat server in a next scheduled heartbeat cycle, before the NONCE expires, wherein the heartbeat server looks up the MAC address to validate the NONCE and, if valid, sends a cryptographic hash of the password; wherein the heartbeat daemon uses the cryptographic hash as an authentication token for subsequent heartbeats. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A system comprising:
-
at least one processor; a memory storing instructions configured to instruct the at least one processor to perform; discovering local devices, network services, and an uplink carrier associated with a network; configuring the network using a business wizard and a library of network configurations; forming and maintaining the network as a secure network; monitoring networking devices of the network using a heartbeat process; auto-upgrading software implemented in the network; authenticating a networking device of the networking devices that does not have a pre-shared key to a Web service; receiving a Web request from a user associated with the Web service and the networking device; fielding the Web request at a captive portal, wherein the captive portal sends a splash screen HTML response that has a redirect to an HTTPS link to a Web service login server associated with the Web service with information in a redirect URL of the captive portal about the networking device, wherein the information includes a MAC address of the networking device; receiving a request at the Web service login server; generating a short-lived number used once (NONCE) and storing the short-lived NONCE in association with the MAC address at the Web service login server; sending from the Web service login server a login form, wherein the user is prompted to enter a device password into the form; validating the password at the Web service login server, wherein the Web service login server responds to a correct password with a confirmation page, placing a stub in the confirmation page with the redirect URL and the short-lived NONCE; receiving an HTTP POST of the generated NONCE at the captive portal; handshaking between a heartbeat daemon and a heartbeat server over HTTPS; receiving the NONCE at the heartbeat server in a next scheduled heartbeat cycle, before the NONCE expires, wherein the heartbeat server looks up the MAC address to validate the NONCE and, if valid, sends a cryptographic hash of the password; wherein the heartbeat daemon uses the cryptographic hash as an authentication token for subsequent heartbeats. - View Dependent Claims (18, 19)
-
Specification