Automatic provisioning and onboarding of offline or disconnected machines
US-12182236-B2 · Dec 31, 2024 · US
Virtual relay device for providing a secure connection to a remote device
US11030305B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11030305-B2 |
| Application number | US-201213664505-A |
| Country | US |
| Kind code | B2 |
| Filing date | Oct 31, 2012 |
| Priority date | Oct 4, 2010 |
| Publication date | Jun 8, 2021 |
| Grant date | Jun 8, 2021 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Virtual machines in a network may be isolated by encrypting transmissions between the virtual machines with keys possessed only by an intended recipient. Within a network, the virtual machines may be logically organized into a number of community-of-interest (COI) groups. Each COI may use an encryption key to secure communications within the COI, such that only other virtual machines in the COI may decrypt the message. Remote devices may gain access to virtual machines in a network through a virtual device relay. The virtual device relay receives data from the remote device, such as a tablet or cellular phone, and forwards the data to one of the virtual machines, when the virtual device relay shares a COI with the destination virtual machine.
First claim
Opening claim text (preview).
What is claimed is: 1. A method of providing a remote device access to a shared network, comprising: receiving, at a router, an incoming connection request to open an IPsec tunnel to the shared network from the remote device belonging to a community of interest having a unique key; initiating a virtual device host, wherein the virtual device host executes a virtual device relay for the remote device; hosting the router and the virtual device relay on a server; routing, to the virtual device host, data received from the incoming connection; receiving, at the virtual device relay, data from the remote device, the data being encrypted with the unique key; and forwarding the data to a second host on the shared network having the same community of interest by the virtual device relay, such that the second host can use the unique key to decrypt the data; wherein the remote device and the second host can securely communicate through the virtual device relay by use of the unique key. 2. The method of claim 1 , further comprising: receiving authentication information from the remote device; and assigning the community-of-interest to the virtual device relay based on the authentication information. 3. The method of claim 2 , further comprising assigning a second community-of-interest to the virtual device relay based on the authentication information. 4. The method of claim 1 , in which the remote device is a mobile device. 5. A computer program product comprising: a non-transitory computer-readable medium comprising: code to receive at a router an incoming connection request to open an IPsec tunnel to a shared network from a remote device belonging to a community of interest having a unique key; code to initiate a virtual device host, wherein the virtual device host executes a virtual device relay for the remote device; code to host the router and the virtual device relay in a virtualized environment; code to route, to the virtual device host, data received from the incoming connection; code to receive, at the virtual device relay, data from a remote device, the data being encrypted with the unique key; and code to forward the data to a second host on the shared network having the same community of interest by the virtual device relay, such that the second host can use the unique key to decrypt the data; wherein the remote device and the second host can securely communicate through the virtual relay by use of the unique key. 6. The computer program product of claim 5 , in which the medium comprises: code to receive authentication information from the remote device; and code to assign the community-of-interest to the virtual device relay based on the authentication information. 7. The computer program product of claim 6 , in which the medium comprises code to assign a second community-of-interest to the virtual device relay based on the authentication information. 8. An apparatus, comprising: a memory; and a processor coupled to the memory, in which the processor is configured: to receive at a router an incoming connection request to open an IPsec tunnel to a shared network from a remote device belonging to a community of interest having a unique key; to initiate a first, virtual device host, wherein the first, virtual device host is configured to executes a plurality of virtual device relays for the remote device, each of the virtual device relays being assigned to one or more communities-of-interest of a plurality of communities-of-interest; to host the router and the virtual device relay in a virtualized environment; to route to the virtual device host, data received from the incoming connection to receive, at the virtual device relay, data from the remote device, the data being encrypted with the unique key; and to forward the data to a second host on the shared network having the same community of interest by the virtual device relay, such that the second host can use the unique key to decrypt the data, wherein the remote device and the second host can securely communicate through the virtual device relay by use of the unique key. 9. The apparatus of claim 8 , in which the processor is further configured: to receive authentication information from the remote device; and to assign the community-of-interest to the virtual device relay based on the authentication information. 10. The apparatus of claim 9 , in which the processor is further configured to assign a second community-of-interest to the virtual device relay based on the authentication information. 11. The apparatus of claim 8 , in which the remote device is a mobile device.
Assignees
Inventors
Classifications
- G06F21/53Primary
by executing in a restricted environment, e.g. sandbox or secure virtual machine · CPC title
- H04L63/0263Primary
Rule management · CPC title
Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines · CPC title
Isolation or security of virtual machine instances · CPC title
by securing the transmission between two devices or processes · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11030305B2 cover?
- Virtual machines in a network may be isolated by encrypting transmissions between the virtual machines with keys possessed only by an intended recipient. Within a network, the virtual machines may be logically organized into a number of community-of-interest (COI) groups. Each COI may use an encryption key to secure communications within the COI, such that only other virtual machines in the COI…
- Who is the assignee on this patent?
- Unisys Corp
- What technology area does this patent fall under?
- Primary CPC classification G06F21/53. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Jun 08 2021 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).