Private and secure communication architecture without utilizing a public cloud based routing server

US 9,935,930 B2
Filed: 03/19/2015
Issued: 04/03/2018
Est. Priority Date: 09/09/2011
Status: Active Grant

First Claim

Patent Images

1. A method for setting up communications between a first smart device client and a second smart device client by a private cloud routing server (PCRS), comprising:

utilizing, by the PCRS located on a public cloud network, an authentication process to setup a relationship between the PCRS and the first and second smart device client, respectively, wherein the authentication process comprises;

sending, by the PCRS, a first session based message from a message box of the PCRS to a message box of a first smart device client located on the public cloud network, wherein the first session based message includes an address of the message box of the PCRS,receiving, by the PCRS from the first smart device client, a first session based access request in the message box of the PCRS, wherein the first session based access request includes an address of the message box of the first smart device client, a public IP address of the first smart device client, and a private IP address of the first smart device client,determining, by the PCRS, that the first session based access request is valid and registering the address of the message box of the first smart device client and both the public and the private IP address of the first smart device client, and transmitting, by the PCRS, a session based acknowledgment to the message box of the first smart device client, wherein the session based acknowledgment includes both a current public and a current private IP address of the PCRS;

in response to a determination by the first smart device client that the session based acknowledgment is valid, binding a public IP address and a private IP address of the PCRS with a registered private IP address of the first smart device client,wherein the first smart device client connects with the PCRS by at least one connection of;

in response to the private IP address of the PCRS being in a same first Local Area Network (LAN) as the first smart device client, the first smart device client directly connects to the PCRS using the private IP address of the PCRS, andin response to the private IP address of the PCRS not being in the same first LAN as the first smart device client, the first smart device client connects through a first WAN to the public cloud network using the public IP address of the PCRS,wherein the first smart device client and the PCRS communicate with each other after the first session based message is authenticated, andwherein a private network service is then accessible by the first smart device client through the public cloud network based upon the authenticated first session based message;

sending, by the PCRS, a second session based message from the message box of the PCRS to a message box of the second smart client located on the public cloud network, wherein the second session based message includes the address of the message box of the PCRS;

receiving, by the PCRS from the second smart device client, a second session based access request in the message box of the PCRS, wherein the second session based access request includes an address of the message box of the second smart device client, a public IP address of the second smart device client, and a private IP address of the second smart device client;

determining, by the PCRS, that the second session based access request is valid and registering the address of the message box of the second smart device client and both the public and the private IP address of the second smart device client;

transmitting, by the PCRS, a session based acknowledgment to the message box of the second smart device client, wherein the session based acknowledgment includes both a current public and a current private IP address of the PCRS; and

in response to a determination by the second smart device client that the second session based acknowledgment is valid, binding the public IP address and the private IP address of the PCRS with a registered private IP address of the second smart device client,wherein the second smart device client connects with the PCRS by at least one connection of;

in response to the private IP address of the PCRS being in a same second LAN as the second smart device client, the second smart device client directly connects to the PCRS using the private IP address of the PCRS, andin response to the private IP address of the PCRS not being in the same second LAN as the second smart device client, the second smart device client connects through the first WAN to the public cloud network using the public IP address of the PCRS,wherein the first smart device client and the second smart device client communicate with the PCRS after the first and second session based messages are authenticated, andwherein the first smart device client and the second smart device client communicate with each other through the public cloud network.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for use with a public cloud network is disclosed. The method includes setting up a private cloud routing server and a smart device client in a client server relationship. The private cloud routing server includes a first message box. The smart client includes a second message box. The first and second message boxes are located on the public cloud network. The method also includes passing an authenticated session based message between the first and the second message boxes in a secure manner. The smart device client and the private cloud routing server can communicate with each other after authentication to provide security. The method also includes setting up another smart device client in a client server relationship with the private cloud routing server. The two smart device clients can privately and securely communicate with each other through the public cloud network.

Citations

21 Claims

1. A method for setting up communications between a first smart device client and a second smart device client by a private cloud routing server (PCRS), comprising:
- utilizing, by the PCRS located on a public cloud network, an authentication process to setup a relationship between the PCRS and the first and second smart device client, respectively, wherein the authentication process comprises;
  
  sending, by the PCRS, a first session based message from a message box of the PCRS to a message box of a first smart device client located on the public cloud network, wherein the first session based message includes an address of the message box of the PCRS,receiving, by the PCRS from the first smart device client, a first session based access request in the message box of the PCRS, wherein the first session based access request includes an address of the message box of the first smart device client, a public IP address of the first smart device client, and a private IP address of the first smart device client,determining, by the PCRS, that the first session based access request is valid and registering the address of the message box of the first smart device client and both the public and the private IP address of the first smart device client, and transmitting, by the PCRS, a session based acknowledgment to the message box of the first smart device client, wherein the session based acknowledgment includes both a current public and a current private IP address of the PCRS;
  
  in response to a determination by the first smart device client that the session based acknowledgment is valid, binding a public IP address and a private IP address of the PCRS with a registered private IP address of the first smart device client,wherein the first smart device client connects with the PCRS by at least one connection of;
  
  in response to the private IP address of the PCRS being in a same first Local Area Network (LAN) as the first smart device client, the first smart device client directly connects to the PCRS using the private IP address of the PCRS, andin response to the private IP address of the PCRS not being in the same first LAN as the first smart device client, the first smart device client connects through a first WAN to the public cloud network using the public IP address of the PCRS,wherein the first smart device client and the PCRS communicate with each other after the first session based message is authenticated, andwherein a private network service is then accessible by the first smart device client through the public cloud network based upon the authenticated first session based message;
  
  sending, by the PCRS, a second session based message from the message box of the PCRS to a message box of the second smart client located on the public cloud network, wherein the second session based message includes the address of the message box of the PCRS;
  
  receiving, by the PCRS from the second smart device client, a second session based access request in the message box of the PCRS, wherein the second session based access request includes an address of the message box of the second smart device client, a public IP address of the second smart device client, and a private IP address of the second smart device client;
  
  determining, by the PCRS, that the second session based access request is valid and registering the address of the message box of the second smart device client and both the public and the private IP address of the second smart device client;
  
  transmitting, by the PCRS, a session based acknowledgment to the message box of the second smart device client, wherein the session based acknowledgment includes both a current public and a current private IP address of the PCRS; and
  
  in response to a determination by the second smart device client that the second session based acknowledgment is valid, binding the public IP address and the private IP address of the PCRS with a registered private IP address of the second smart device client,wherein the second smart device client connects with the PCRS by at least one connection of;
  
  in response to the private IP address of the PCRS being in a same second LAN as the second smart device client, the second smart device client directly connects to the PCRS using the private IP address of the PCRS, andin response to the private IP address of the PCRS not being in the same second LAN as the second smart device client, the second smart device client connects through the first WAN to the public cloud network using the public IP address of the PCRS,wherein the first smart device client and the second smart device client communicate with the PCRS after the first and second session based messages are authenticated, andwherein the first smart device client and the second smart device client communicate with each other through the public cloud network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein the PCRS comprises:
    - a computing device;
      
      a connection through a router to a network;
      
      a non-volatile storage storing a program that, in response to execution, causes the PCRS to;
      
      create and manage an authorized client list to accommodate a plurality of smart device clients.
  - 3. The method of claim 2, wherein the program, in response to further execution, causes the PCRS to:
    - punch a hole in the router to stay open pending a smart device client response; and
      
      wait for the router to bind the network connection between the first smart device client and the PCRS.
  - 4. The method of claim 2, wherein the first smart device client comprises:
    - a computing device; and
      
      a connection through a router to a network;
      
      wherein the router includes a non-volatile storage storing a program that, in response to execution, causes the first smart device client to;
      
      retrieve a session based invitation from the message box of the first smart device client,send a session based access request to the message box of the PCRS,retrieve a session based acknowledgement from the message box of the first smart device client,send a communication request to the PCRS,punch a hole in the router to stay open pending the PCRS response,wait for the router to bind the network connection between the PCRS and the first smart device client,route incoming request from the PCRS to the first smart device client,establish a peer-to-peer communication with the PCRS,access the at least one private network service through the PCRS, andcommunicate with the second smart device client through the PCRS.
  - 5. The method of claim 4, wherein the program, in response to further execution, causes the first smart device client to:
    - access the PCRS behind a firewall with fixed or dynamic IP addresses, wherein the first smart device client requires no outside or public cloud based routing server in a wide area network (WAN) and requires no additional router setup in a local area network (LAN);
      
      establish a peer-to-peer communication channel with the PCRS;
      
      access a private network service through the PCRS; and
      
      communicate with the second smart device client through the PCRS.
  - 6. The method of claim 4, wherein the program, in response to further execution, causes the first smart device client to:
    - access the PCRS behind a firewall with fixed or dynamic IP addresses, wherein the first smart device client requires no outside or public cloud based routing server in a wide area network (WAN) and requires no additional router setup in the a local area network (LAN);
      
      establish a peer-to-peer communication channel with the PCRS;
      
      mapping local physical I/O to a virtual PCRS I/O;
      
      accessing private network service through the PCRS; and
      
      communicating with the second smart device client through the PCRS.
  - 7. The method of claim 2, wherein the first smart device client comprises:
    - a computing device;
      
      a connection to a network; and
      
      a non-volatile storage storing a program that, in response to execution, causes the first smart device client to;
      
      retrieve a session based invitation from the message box of the first smart device client,send a session based reply to the message box of the PCRS,retrieve a session based acknowledgement from the message box of the first smart device client,send an access request to the PCRS,wait for the PCRS response,bind the network connection between the PCRS and the first smart device client,route incoming request from the PCRS to first smart device client,establish a peer-to-peer communication with the PCRS,access the at least one private network service through the PCRS; and
      
      communicate with the first smart device client through the PCRS.
  - 8. The method of claim 7, wherein the program, in response to further execution, causes the first smart device client to:
    - access the PCRS behind a firewall with fixed or dynamic IP addresses, wherein the first smart device client requires no outside or public cloud based routing server in the a wide area network (WAN) and requires no additional router setup in a local area network (LAN);
      
      establish a peer-to-peer communication with the PCRS;
      
      access a private network service through the PCRS; and
      
      communicate with the second smart device client through the PCRS.
  - 9. The method of claim 7, wherein the program, in response to further execution, causes the first smart device client to:
    - access the PCRS behind a firewall with fixed or dynamic IP addresses, wherein the first smart device client requires no outside or public cloud based routing server in a wide area network (WAN) and requires no additional router setup in a local area network (LAN);
      
      establish a peer-to-peer communication with the PCRS;
      
      map local physical I/O to virtual server I/O;
      
      access private network service through the PCRS; and
      
      communicate with the second smart device client through the PCRS.

10. A private cloud routing server (PCRS), comprising:
- a computing device;
  
  a connection through a router to a network; and
  
  a non-volatile storage storing a program that, in response to execution by the computing device, causes the PCRS to;
  
  utilize an authentication process to setup a relationship between the PCRS and a first and second smart device client, respectively, wherein the authentication process comprises;
  
  sending, by the PCRS, a first session based message from a message box of the PCRS to a message box of a first smart device client located on the public cloud network, wherein the first session based message includes an address of the message box of the PCRS,receiving, by the PCRS from the first smart device client, a first session based access request in the message box of the PCRS, wherein the first session based access request includes an address of the message box of the first smart device client, a public IP address of the first smart device client, and a private IP address of the first smart device client,determining, by the PCRS, that the first session based access request is valid and registering the address of the message box of the first smart device client and both the public and the private IP address of the first smart device client, andtransmitting, by the PCRS, a session based acknowledgment to the message box of the first smart device client, wherein the session based acknowledgment includes both a current public and a current private IP address of the PCRS;
  
  wherein in response to a determination by the first smart device client that the session based acknowledgment is valid, binding a public IP address and a private IP address of the PCRS with a registered private IP address of the first smart device client,wherein the first smart device client connects with the PCRS by at least one connection of;
  
  in response to the private IP address of the PCRS being in a same first Local Area Network (LAN) as the first smart device client, the first smart device client directly connects to the PCRS using the private IP address of the PCRS, andin response to the private IP address of the PCRS not being in the same first LAN as the first smart device client, the first smart device client connects through a first WAN to the public cloud network using the public IP address of the PCRS,wherein the first smart device client and the PCRS communicate with each other after the first session based message is authenticated, andwherein a private network service is then accessible by the first smart device client through the public cloud network based upon the authenticated first session based message;
  
  send a second session based message from the message box of the PCRS to a message box of the second smart client located on the public cloud network, wherein the second session based message includes the address of the message box of the PCRS; and
  
  receive from the second smart device client, a second session based access request in the message box of the PCRS, wherein the second session based access request includes an address of the message box of the second smart device client, a public IP address of the second smart device client, and a private IP address of the second smart device client;
  
  determine, by the PCRS, that the second session based access request is valid and registering the address of the message box of the second smart device client and both the public and the private IP address of the second smart device client; and
  
  transmit, by the PCRS, a session based acknowledgment to the message box of the second smart device client, wherein the session based acknowledgment includes both a current public and a current private IP address of the PCRS;
  
  wherein in response to a determination by the second smart device client that the second session based acknowledgment is valid, binding the public IP address and the private IP address of the PCRS with a registered private IP address of the second smart device client,wherein the second smart device client connects with the PCRS by at least one connection of;
  
  in response to the private IP address of the PCRS being in a same second LAN as the second smart device client, the second smart device client directly connects to the PCRS using the private IP address of the PCRS, andin response to the private IP address of the PCRS not being in the same second LAN as the second smart device client, the second smart device client connects through the first WAN to the public cloud network using the public IP address of the PCRS,wherein the first smart device client and the second smart device client communicate with the PCRS after the first and second session based messages are authenticated, andwherein the first smart device client and the second smart device client communicate with each other through the public cloud network.
- View Dependent Claims (11)
- - 11. The PCRS of claim 10, wherein the program in response to further execution, causes the private cloud server to:
    - punch a hole in the router to stay open pending a smart device client response; and
      
      wait for the router to bind the network connection between the smart device client and the PCRS wherein the router routes an incoming request from the smart device client to the PCRS.

12. A smart device client, comprising:
- a computing device;
  
  a connection through a router to a network; and
  
  a non-volatile storage of the router storing a program that, in response to execution, causes the smart device client to;
  
  retrieve a session based invitation from a smart device client message box,send a session based access request to a private cloud routing server message box of a private cloud routing server (PCRS),wherein the PCRS receives from the smart device client, the session based access request in the private cloud routing server message box of the PCRS, wherein the session based access request includes an address of the smart device client message box, a public IP address of the smart device client, and a private IP address of the smart device client, andwherein the PCRS determines that the session based access request is valid and registers the address of the smart device client message box and both the public and the private IP address of the smart device client,retrieve a session based acknowledgement from the smart device client message box,wherein the session based acknowledgment includes both a current public and a current private IP address of the PCRS,send a communication request to the PCRS,punch a hole in the router to stay open pending a PCRS response;
  
  determine that the session based acknowledgment is valid,in response to receiving a valid session based acknowledgement, binding, by the smart device client, a public IP address and a private IP address of the PCRS with the registered private IP address of the smart device client via an authentication process, route an incoming request from the PCRS to the smart device client,connect with the PCRS by at least one connection of;
  
  in response to the private IP address of the PCRS being in a same first Local Area Network (LAN) as the smart device client, the smart device client directly connects to the PCRS using the private IP address of the PCRS, andin response to the private IP address of the PCRS not being in the same first LAN as the smart device client, the smart device client connects through a first WAN to the public cloud network using the public IP address of the PCRS,establish a peer-to-peer communication with the PCRS,access private network service through the PCRS, andcommunicate with at least another smart device client through the PCRS.
- View Dependent Claims (13, 14)
- - 13. The smart device client of claim 12, wherein the program, in response to further execution, causes the smart device client to:
    - access the PCRS behind a firewall with fixed or dynamic IP addresses, wherein the smart device client requires no outside or public cloud based routing server in a wide area network (WAN) and requires no additional router setup in a local area network (LAN); and
      
      access a private network service through the PCRS.
  - 14. The smart device client of claim 12, wherein the program, in response to further execution, causes the smart device client to:
    - access the PCRS behind a firewall with fixed or dynamic IP addresses, wherein the smart device client requires no outside or public cloud based routing server in a wide area network (WAN) and requires no additional router setup in a local area network (LAN);
      
      map a local physical I/O to a virtual server I/O; and
      
      access a private network service through the PCRS.

15. A smart device client, comprising:
- a computing device;
  
  a connection to a network; and
  
  a non-volatile storage storing a program that, in response to execution, causes the smart device client to;
  
  retrieve a session based invitation from a smart device client message box,send a session based reply to a private cloud routing server message box of a private cloud routing server (PCRS),wherein the PCRS receives from the smart device client, the session based reply in the private cloud routing server message box of the PCRS,wherein the session based reply includes an address of the smart device client message box, a public IP address of the smart device client, and a private IP address of the smart device client, andwherein the PCRS determines that the session based reply is valid and registers the address of the smart device client message box and both a public and a private IP address of the smart device client,retrieve a session based acknowledgement from the smart device client message box,wherein the session based acknowledgment includes both a current public and a current private IP address of the PCRS,send an access request to the PCRS,wait for the PCRS response,determine that the session based acknowledgment is valid,in response to receiving a valid session based acknowledgement, binding, by a router of the smart device client, a public IP address and a private IP address of the private cloud server with the registered private IP address of the smart device client via an authentication process,routes incoming request from the PCRS to the smart device client,connect with the PCRS by at least one connection of;
  
  in response to the private IP address of the PCRS being in a same first Local Area Network (LAN) as the smart device client, the smart device client directly connects to the PCRS using the private IP address of the PCRS, andin response to the private IP address of the PCRS not being in the same first LAN as the smart device client, the smart device client connects through a first WAN to the public cloud network using the public IP address of the PCRS,establish a peer-to-peer communication with the PCRS,access private network service through the PCRS, andcommunicate with at least another smart device client through the PCRS.
- View Dependent Claims (16, 17)
- - 16. The smart device client of claim 15, wherein the program, in response to further execution, causes the smart device client to:
    - access the PCRS behind a firewall with fixed or dynamic IP addresses, wherein the smart device client requires no outside or public cloud based routing server in a wide area network (WAN) and requires no additional router setup in a local area network (LAN); and
      
      access private network service through the PCRS.
  - 17. The smart device client of claim 15, wherein the program, in response to further execution, causes the smart device client to:
    - access the PCRS behind a firewall with fixed or dynamic IP addresses, wherein the smart device client requires no outside or public cloud based routing server in a wide area network (WAN) and requires no additional router setup in a local area network (LAN);
      
      map a local physical I/O to a virtual PCRS I/O; and
      
      access a private network service through the PCRS.

18. A smart device client, comprising:
- a computing device;
  
  a connection to a network; and
  
  a non-volatile storage storing a program that, in response to execution, locates a private cloud routing server (PCRS) and causes the smart device client to;
  
  retrieve a session based invitation from the smart device client message box,send a session based reply to a PCRS message box,wherein the PCRS receives from the smart device client, the session based reply in the private cloud routing server message box of the PCRS,wherein the session based reply includes an address of the smart device client message box, a public IP address of the smart device client, and a private IP address of the smart device client, andwherein the PCRS determines that the session based reply is valid and registers the address of the smart device client message box and both the public and the private IP address of the smart device client,retrieve a session based acknowledgement from the smart device client message box,wherein the session based acknowledgment includes both a current public and a current private IP address of the PCRS,send an access request to the PCRS,wait for the PCRS response,determine that the session based acknowledgment is valid,in response to receiving a valid session based acknowledgement, binding, by a router of the smart device client, a public IP address and a private IP address of the PCRS with the registered private IP address of the smart device client via an authentication process,routes incoming request from the PCRS to the smart device client,connect with the PCRS by at least one connection of;
  
  in response to the private IP address of the PCRS being in a same first Local Area Network (LAN) as the smart device client, the smart device client directly connects to the PCRS using the private IP address of the PCRS, andin response to the private IP address of the PCRS not being in the same first LAN as the smart device client, the smart device client connects through a first WAN to the public cloud network using the public IP address of the PCRS,establish a peer-to-peer communication with the PCRS,join a virtual local area network (VLAN) under the PCRS,access private network service through the at least one PCRS,start a communication session as a host,create and host a communication session,invite a communication guest,scan for a recognizable guest,start communication with a guest,receive a communication invitation and joins the communication session as a guest,scan for a recognizable host,log-in communication authentication,join a communication session, andstart communication with the host.
- View Dependent Claims (19, 20, 21)
- - 19. The smart device client of claim 18, wherein the program, in response to further execution, causes the smart device to:
    - access the PCRS behind a firewall with fixed or dynamic IP addresses, wherein the smart device client requires no outside or public cloud based routing server in a WAN and requires no additional router setup in a LAN; and
      
      access private network service through the PCRS.
  - 20. The smart device client of claim 18, wherein the program, in response to further execution, causes the smart device to:
    - access the PCRS behind a firewall with fixed or dynamic IP addresses, wherein the smart device client requires no outside or public cloud based routing server in a wide area network (WAN) and requires no additional router setup in a local area network (LAN); and
      
      conduct communication with at least another smart device client through the PCRS.
  - 21. The smart device client of claim 18, wherein communication comprises at least one of:
    - video, audio, text, or application, wherein the application includes at least one of a program, utility, operation, or remote desktop that is recognizable by both the host and guest.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Kingston Digital, Inc. (Kingston Technology Corporation)
Original Assignee
Kingston Digital, Inc. (Kingston Technology Corporation)
Inventors
Chen, Ben Wei
Primary Examiner(s)
Thiaw, Catherine
Assistant Examiner(s)
Pham, Quy

Application Number

US14/663,244
Publication Number

US 20150195270A1
Time in Patent Office

1,111 Days
Field of Search
US Class Current
CPC Class Codes

H04L 61/2514   between local and global IP...

H04L 61/2567   for reachability, e.g. inqu...

H04L 61/2589   over a relay server, e.g. t...

H04L 63/0272   Virtual private networks

H04L 63/029   Firewall traversal, e.g. tu...

H04L 63/0428   wherein the data content is...

H04L 63/08   for authentication of entit...

H04L 63/101   Access control lists [ACL]

H04L 63/104   Grouping of entities

H04L 67/10   in which an application is ...

H04L 67/1004   Server selection for load b...

H04W 12/03   Protecting confidentiality,...

H04W 12/80   Arrangements enabling lawfu...

Private and secure communication architecture without utilizing a public cloud based routing server

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Private and secure communication architecture without utilizing a public cloud based routing server

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links