Authenticating users during and after suspicious voice calls and browsing
US-2024364684-A1 · Oct 31, 2024 · US
Secure communications with internet-enabled devices
US10581839B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10581839-B2 |
| Application number | US-201816161817-A |
| Country | US |
| Kind code | B2 |
| Filing date | Oct 16, 2018 |
| Priority date | Aug 25, 2015 |
| Publication date | Mar 3, 2020 |
| Grant date | Mar 3, 2020 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A network device allows inbound connections from external addresses to a computer on a local network while forbidding output connections from the computer to that external address unless preceded by an inbound connection therefrom. In some embodiments, the computer is allowed to accept inbound connections from external addresses but is not permitted to initiate outbound connections to other computers in the local network unless preceded by an inbound connection. In some embodiments, a request from an external address is processed by the network device by transmitting network information for the computer to the external address and temporarily changes network rules to allow connections from the external address. In some embodiments, if the computer attempts a disallowed connection, the connection attempt is routed through a proxy server by providing network data for the proxy server to the computer.
First claim
Opening claim text (preview).
The invention claimed is: 1. A method for managing remote communication with a plurality of internet-enabled devices inside a local network, the method comprising: (a) initiating, by a first device, a first authenticated connection over a computer network to a second device; (b) receiving, by the first device from the second device over the first connection, one or more network identifiers received by the second device from a third device; (c) changing, by the first device, one or more network management rules of the first device from blocking inbound connections to allowing one or more inbound connections from the one or more network identifiers of the third device referencing one or more network identifiers of the first device; (d) after performing (c), establishing, by the first device, at least one connection from the third device to the first device using a first identifier provided to the third device by the second device for accessing the first device; and (e) after performing (d), blocking the access from the third device to the first device by changing the one or more network management rules of the first device to blocking again one or more inbound connections to the first device from the one or more network identifiers of the third device in response to one or more predefined conditions. 2. The method of claim 1 , wherein the one or more network identifiers of the third device are selected from the group consisting of a source internet protocol (IP) address, a source port, a transport protocol, and a data pattern for the one or more inbound connections from the third device. 3. The method of claim 1 , wherein the one or more network identifiers of the first device are selected from the group consisting of a source internet protocol (IP) address, a source port, and a transport protocol. 4. The method of claim 1 , wherein allowing the one or more inbound connections from the third device comprises using a protocol selected from the group consisting of transport level security (TLS) protocol, hypertext transfer protocol (HTTP), web real time communications (WebRTC) protocol, and a protocol using interactive connectivity establishment (ICE) framework. 5. The method of claim 1 , wherein (b) receiving, by the first device from the second device over the first connection, one or more network identifiers for a third device is in response to authorization of the third device to connect to the first device, the authorization of the third device to connect to the first device being performed prior to the third device having any record of the first device. 6. The method of claim 1 , wherein the at least one predefined condition is selected from the group consisting of: a number of opened connections to the third device exceeding a number of allowed connections; a number of allowed connections to the third device unused following closing of one or more of the opened connections exceeding a first threshold; and a time interval since the one or more inbound connections were allowed exceeding a second threshold. 7. The method of claim 1 , wherein the at least one predefined condition comprises the first device blocking one or more inbound connections from a different network address than included in the one or more network identifiers of the third device. 8. The method of claim 1 , wherein changing the one or more network management rules comprises changing firewall rules on the first device. 9. The method of claim 1 , wherein the second device is at least one of a virtual private network (VPN) server and a router. 10. The method of claim 1 , further comprising at least one of: (a) transmitting the first identifier to the third device by the second device; (b) transmitting the first identifier to the third device from an intermediary server, the intermediary server storing the first identifier before receiving, by the first device, the one or more network identifiers of the third device. 11. A system for managing remote communication with a plurality of internet-enabled devices inside a local network, the system comprising: a first device connected to a computer network, wherein the first device includes a non-transitory computer readable medium storing a computer program having computer executable instructions for: (a) initiating, by a first device, a first authenticated connection over a computer network to a second device; (b) receiving, by the first device from the second device over the first connection, one or more network identifiers received by the second device from a third device; (c) changing, by the first device, one or more network management rules of the first device from blocking inbound connections to allowing one or more inbound connections from the one or more network identifiers of the third device referencing one or more network identifiers of the first device; (d) after performing (c), establishing, by the first device, at least one connection from the third device to the first device using a first identifier provided to the third device by the second device for accessing the first device; and (e) after performing (d), blocking the access from the third device to the first device by changing the one or more network management rules of the first device to blocking again one or more inbound connections to the first device from the one or more network identifiers of the third device in response to one or more predefined conditions. 12. The system of claim 11 , wherein the one or more network identifiers of the third device are selected from the group consisting of a source internet protocol (IP) address, a source port, a transport protocol, and a data pattern for the one or more inbound connections from the third device. 13. The system of claim 11 , wherein the one or more network identifiers of the first device are selected from the group consisting of a source internet protocol (IP) address, a source port, and a transport protocol. 14. The system of claim 11 , wherein allowing the one or more inbound connections from the third device comprises using a protocol selected from the group consisting of transport level security (TLS) protocol, hypertext transfer protocol (HTTP), web real time communications (WebRTC) protocol, and a protocol using interactive connectivity establishment (ICE) framework. 15. The system of claim 11 , wherein (b) receiving, by the first device from the second device over the first connection, one or more network identifiers for a third device is in response to authorization of the third device to connect to the first device, the authorization of the third device to connect to the first device being performed prior to the third device having any record of the first device. 16. The system of claim 11 , wherein the at least one predefined condition is selected from the group consisting of: a number of opened connections to the third device exceeding a number of allowed connections; a number of allowed connections to the third device unused following closing of one or more of the opened connections exceeding a first threshold; and a time interval since the one or more inbound connections were allowed exceeding a second threshold. 17. The system of claim 11 , wherein the at least one predefined condition comprises the first device blocking one or more inbound connections from a different network address than included in the one or more network identifiers of the third device. 18. The system of claim 11 , wherein changing the one or more network management rules comprises changing firewall rules on the first dev
Assignees
Inventors
Classifications
- H04L63/0853Primary
using an additional device, e.g. smartcard, SIM or a different communication terminal (cryptographic mechanisms or cryptographic arrangements for entity authentication involving additional secure or trusted devices H04L9/3234) · CPC title
- H04L63/083Primary
using passwords (cryptographic mechanisms or cryptographic arrangements for entity authentication using a predetermined code H04L9/3226) · CPC title
File encryption · CPC title
to assure secure storage of data (address-based protection against unauthorised use of memory G06F12/14; record carriers for use with machines and with at least a part designed to carry digital markings G06K19/00) · CPC title
for key exchange, e.g. in peer-to-peer networks (cryptographic mechanisms or cryptographic arrangements for key agreement H04L9/0838) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10581839B2 cover?
- A network device allows inbound connections from external addresses to a computer on a local network while forbidding output connections from the computer to that external address unless preceded by an inbound connection therefrom. In some embodiments, the computer is allowed to accept inbound connections from external addresses but is not permitted to initiate outbound connections to other com…
- Who is the assignee on this patent?
- Anchorfree Inc, Pango Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/0853. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Mar 03 2020 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).