Secure personal server system and method
US-2016197886-A1 · Jul 7, 2016 · US
Secure communications with internet-enabled devices
US10135792B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10135792-B2 |
| Application number | US-201615040762-A |
| Country | US |
| Kind code | B2 |
| Filing date | Feb 10, 2016 |
| Priority date | Aug 25, 2015 |
| Publication date | Nov 20, 2018 |
| Grant date | Nov 20, 2018 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A network device allows inbound connections from external addresses to a computer on a local network while forbidding output connections from the computer to that external address unless preceded by an inbound connection therefrom. In some embodiments, the computer is allowed to accept inbound connections from external addresses but is not permitted to initiate outbound connections to other computers in the local network unless preceded by an inbound connection. In some embodiments, a request from an external address is processed by the network device by transmitting network information for the computer to the external address and temporarily changes network rules to allow connections from the external address. In some embodiments, if the computer attempts a disallowed connection, the connection attempt is routed through a proxy server by providing network data for the proxy server to the computer.
First claim
Opening claim text (preview).
What is claimed is: 1. A system comprising: a first computer and a second computer coupled to an external network; wherein the first computer is programmed to: receive a request forwarded from the second computer to provide one or more third network identifiers needed to establish a data exchange between the second computer and a third computer, the third computer being in the external network, the second computer having no record of the one or more third network identifiers; evaluate whether the second computer is authorized to initiate direct inbound connections to the third computer; when the second computer is authorized to initiate direct inbound connections to the third computer, provide to the second computer the one or more third network identifiers; and when the second computer is not authorized to initiate direct inbound connections to the third computer, provide to the second computer, one or more fourth network identifiers corresponding to a fourth computer that is programmed to forward traffic between the second and third computers without transmitting the one or more third network identifiers to the second computer; and the fourth computer, the fourth computer being further programmed to establish an outbound connection from the third computer to the fourth computer before providing the one or more fourth network identifiers of the fourth computer to the second computer, the outbound connection from the third computer to the fourth computer being a reverse connection to the third computer. 2. The system of claim 1 , wherein the one or more third network identifiers are selected from the group consisting of a destination IP address and a destination port for the inbound connections to the third computer. 3. The system of claim 1 , wherein the first computer is further programmed to evaluate whether the second computer is authorized to initiate direct inbound connection to the third computer by requesting the second computer to provide authorization credentials. 4. The system of claim 1 , wherein the fourth computer is programmed to execute a virtual private network (VPN) server enabled to support reverse connections inside a VPN tunnel established from the third computer to the fourth computer. 5. The system of claim 1 , wherein the second computer is programmed to, if the second computer is authorized to initiate direct inbound connections to the third computer, initiate the direct inbound connections to the third computer using interactive connectivity establishment (ICE) framework over user datagram protocol (UDP); wherein the second computer is programmed to, if the second computer is not authorized to initiate direct inbound connections to the third computer, initiate a connection between the second computer and the fourth computer using hypertext transfer protocol (HTTP). 6. The system of claim 1 , wherein the first computer is programmed to execute a domain name server (DNS) and to provide to the second computer with the at least one of the one or more third network identifiers and the one or more fourth network identifiers in response to a domain resolution request from the second computer. 7. The system of claim 1 , wherein the third computer is a network-enabled home appliance. 8. The system of claim 1 , wherein the third computer comprises at least one of a gateway, a router, a bridge, a switch and a firewall. 9. A method comprising: providing a first device connected to a computer network; initiating, by the first device, a first connection to a second device; receiving, from a third device connected to the computer network, a request for an access to the first device, the request being received by a fourth device connected to the computer network, and, after receiving the request: (a) evaluating, by the fourth device, whether the third device is allowed to directly access the first device; (b) after performing (a), when the third device is determined to be allowed to directly access the first device, providing, by the fourth device, the third device with one or more network identifiers of the first device, thereby enabling the third device to connect to the first device while bypassing the second device; (c) after performing (a), when the third device is determined not to be allowed to directly access the first device, providing the third device with one more network identifiers enabling the third device to connect to the first device through the second device using the first connection between the first device and the second device, thereby enabling the third device to connect to the first device without using the one or more network identifiers of the first device; the first connection being an outbound connection from the first device to the second device, the second device being programmed to establish the first connection before the one or more network identifiers enabling the third device to connect to the first device through the second device using the first connection are provided to the third device, the first connection being a reverse connection to the first computer. 10. The method of claim 9 , wherein the first connection uses using hypertext transfer protocol (HTTP). 11. The method of claim 9 , executing, by the second computer, a virtual private network (VPN) server enabled to support reverse connections inside a VPN tunnel established from the first computer to the second computer. 12. The method of claim 9 , wherein the one or more network identifiers of the first device are selected from the group consisting of a destination IP address and a destination port for a direct inbound connections to the first device. 13. The method of claim 9 , where evaluating whether the third device is allowed to directly access the first device comprises requesting the third device to provide authorization credentials. 14. The method of claim 9 , further comprising, when the third device is determined to be allowed to directly access the first device, initiating, by the third device, the direct inbound connections to the first device using interactive connectivity establishment (ICE) framework over user datagram protocol (UDP). 15. The method of claim 9 , wherein the fourth device comprises a domain name server (DNS); wherein providing, by the fourth device, to the second device the one or more third network identifiers is performed in response to receiving a domain resolution request from the third device.
Assignees
Inventors
Classifications
Filtering policies (mail message filtering H04L51/212) · CPC title
using address mapping retrieval, e.g. simple traversal of user datagram protocol through session traversal utilities for NAT [STUN] · CPC title
Session establishment or de-establishment · CPC title
Denial of Service · CPC title
Firewall traversal, e.g. tunnelling or, creating pinholes · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10135792B2 cover?
- A network device allows inbound connections from external addresses to a computer on a local network while forbidding output connections from the computer to that external address unless preceded by an inbound connection therefrom. In some embodiments, the computer is allowed to accept inbound connections from external addresses but is not permitted to initiate outbound connections to other com…
- Who is the assignee on this patent?
- Anchorfree Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/0281. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Nov 20 2018 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 12 related publications on this page (citations in our corpus or others sharing the same primary CPC).