Systems and methods for secure remote access

US 9,191,368 B2
Filed: 11/05/2013
Issued: 11/17/2015
Est. Priority Date: 11/05/2013
Status: Active Grant

First Claim

Patent Images

1. A method for encapsulating remote access session data, comprising:

receiving, from an end user computer, a request for a remote connection to an onsite system behind a firewall, wherein the firewall prevents inbound connections;

initiating, by one or more onsite processors associated with a central system, a session request message within a reply to a previous message from the onsite system, wherein the request message is sent to a pre-selected traffic port that prevents non-outbound communications and blocks non-reply messages;

receiving the request message by an intelligent software module residing on one or more onsite processors associated with the onsite system;

establishing, by the intelligent software module, a connection between the onsite system and a remote connection server;

opening a secure tunnel at the central system by the onsite system;

encrypting data for transmission by the onsite system, wherein the data comprises operational information from a plurality of onsite controllers in communication with a plurality of sensors;

completing an authentication process by the onsite system;

establishing a connection between the end user computer and the onsite system; and

transferring the data from the onsite system to the end user computer.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments of the disclosure can include systems and methods for secure remote transfers. The onsite monitoring system secure file transfer solution can allow for transferring operational data by an onsite system behind a firewall to a central monitoring and diagnostic infrastructure by sending asynchronous, concurrent, parallel files over a port using a previously opened connection. The asynchronous TLS tunneling based remote desktop protocol solution is uni-directional because the communication ports are typically open outbound only.

10 Citations

View as Search Results

15 Claims

1. A method for encapsulating remote access session data, comprising:
- receiving, from an end user computer, a request for a remote connection to an onsite system behind a firewall, wherein the firewall prevents inbound connections;
  
  initiating, by one or more onsite processors associated with a central system, a session request message within a reply to a previous message from the onsite system, wherein the request message is sent to a pre-selected traffic port that prevents non-outbound communications and blocks non-reply messages;
  
  receiving the request message by an intelligent software module residing on one or more onsite processors associated with the onsite system;
  
  establishing, by the intelligent software module, a connection between the onsite system and a remote connection server;
  
  opening a secure tunnel at the central system by the onsite system;
  
  encrypting data for transmission by the onsite system, wherein the data comprises operational information from a plurality of onsite controllers in communication with a plurality of sensors;
  
  completing an authentication process by the onsite system;
  
  establishing a connection between the end user computer and the onsite system; and
  
  transferring the data from the onsite system to the end user computer.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein opening a secure tunnel at the central system by the onsite system comprises using secure socket layer protocol or transport layer security.
  - 3. The method of claim 1, wherein encrypting data for transmission comprises using a validated crypto library.
  - 4. The method of claim 1, wherein the firewall prevents standard bi-directional transport control protocol communications.
  - 5. The method of claim 1, wherein the end user computer is behind a central system firewall.
  - 6. The method of claim 1, wherein the end user computer is not inside a central system firewall.
  - 7. The method of claim 1, further comprising performing analytics and/or diagnostics on the data.

8. A system for encapsulating remote access session data, the system comprising:
- a central system with one or more computer processors operable to receive from an end user computer a request for a remote connection to an onsite system behind a firewall, wherein the firewall prevents inbound connections;
  
  the central system, in communication with the onsite system, and the one or more computer processors are operable to;
  
  initiate a session request message within a reply to a previous message from the onsite system, wherein the request message is sent to a pre-selected traffic port that prevents non-outbound communications and blocks non-reply messages;
  
  wherein the onsite system is operable to;
  
  receive the request message by an intelligent software module residing on one or more onsite processors associated with the onsite system;
  
  connect to a remote desktop server;
  
  open a secure tunnel to the central system;
  
  encrypt data for transmission to the central system, wherein the data comprises operational information from a plurality of onsite controllers in communication with a plurality of sensors;
  
  complete an authentication process; and
  
  transmit the data to the central system.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The system of claim 8, wherein to open a secure tunnel to the central system comprises using secure socket layer protocol or transport layer security.
  - 10. The system of claim 8, wherein the firewall prevents standard bi-directional transport control protocol communications.
  - 11. The system of claim 8, wherein a remote connection is established between the remote desktop server, the end user computer, the central system, and the onsite system.
  - 12. The system of claim 8, wherein the end user computer is behind a central system firewall.
  - 13. The system of claim 8, wherein the end user computer is not behind a central system firewall.
  - 14. The system of claim 8, wherein the data comprises operational information from a plurality of onsite controllers.

15. One or more non-transitory computer readable media comprising instructions, which when executed by one or more processors, perform the following operations:
- receive, from an end user computer, a request for a remote connection to an onsite system behind a firewall, wherein the firewall prevents inbound connections;
  
  initiate, by a central system, a session request message within a reply to a previous message from the onsite system, wherein the request message is sent to a pre-selected traffic port that prevents non-outbound communications and blocks non-reply messages and is received by an intelligent software module residing on one or more onsite processors associated with the onsite system;
  
  establish a connection between the onsite system and a remote connection server;
  
  open a secure tunnel at the central system by the onsite system;
  
  encrypt data for transmission, wherein the data comprises operational information from a plurality of onsite controllers in communication with a plurality of sensors;
  
  complete an authentication process by the onsite system;
  
  establish a connection between the end user computer and the onsite system; and
  
  transfer the data from the central system to the onsite system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
General Electric Company
Original Assignee
General Electric Company
Inventors
Atamna, Youcef
Primary Examiner(s)
Rahman, Mahfuzur

Application Number

US14/072,414
Publication Number

US 20150128244A1
Time in Patent Office

742 Days
Field of Search

726/11
US Class Current

1/1
CPC Class Codes

H04L 63/029   Firewall traversal, e.g. tu...

H04L 63/0428   wherein the data content is...

H04L 63/0823   using certificates cryptogr...

H04L 63/166   at the transport layer

H04L 67/06   specially adapted for file ...

Systems and methods for secure remote access

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

10 Citations

15 Claims

Specification

Use Cases

Quick Links

Others

Systems and methods for secure remote access

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

10 Citations

15 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others