Systems and Methods for Providing Automated Access to Resources of Computer Systems
US-2024430261-A1 · Dec 26, 2024 · US
Method for protection of data shared between devices connected in a network and corresponding apparatus
US9467449B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9467449-B2 |
| Application number | US-201314044964-A |
| Country | US |
| Kind code | B2 |
| Filing date | Oct 3, 2013 |
| Priority date | Oct 4, 2012 |
| Publication date | Oct 11, 2016 |
| Grant date | Oct 11, 2016 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
The invention proposes a method and device for protection of data for devices connected in a network such as a local area network or LAN. The method and device can for example be implemented on a gateway, which acts as an interconnecting device between the devices in the LAN network and that can offer these devices an access to an external network such as a wide area network or WAN. The method and device thus offers a protected environment for applications that are executed on the gateway, such as applications downloaded from the WAN. The method and device gives the applications executed on the gateway controlled access to the LAN resources in order to protect the data that the LAN devices share within the LAN, while giving the applications access to the WAN.
First claim
Opening claim text (preview).
The invention claimed is: 1. A method for protection of data shared between network devices, wherein the method is implemented by an interconnecting device interconnecting the network devices, the interconnecting device being a central point for data sharing between the network devices, the interconnecting device making visible data stored by the network devices as directories of a file system of the interconnecting device that are accessible to the network devices, the method comprising: determining a set of network devices that a program to be executed by the interconnecting device is authorized to share data with; launching a contained execution environment for execution of the program by the interconnecting device; making visible at least one of the directories of the file system of the interconnecting device in the contained execution environment, each of the at least one of the directories of the file system in the interconnecting device pointing to a data storage directory of one of the network devices, the at least one of the directories being chosen as a function of the set of network devices; and executing the program in the contained execution environment by the interconnecting device. 2. The method according to claim 1 , wherein said network is a local area network and said interconnecting device interconnects said local area network with a wide area network, and said method further comprises downloading said program from said wide area network to said interconnecting device. 3. The method according to claim 2 , further comprising allocating to the contained execution environment an Internet Protocol address of a distinct address space different from an address space used for allocating Internet Protocol addresses to the network devices in the local area network, the distinct address space isolating the program in the contained execution environment from the network devices in the local area network while allowing the program to communicate with the wide area network. 4. The method according to claim 3 , wherein the allocating of the Internet Protocol address to the contained execution environment is provided by a Dynamic Host Configuration Protocol. 5. The method according to claim 2 , further comprising authenticating of the program for determining the set of network devices in the local area network that the program is authorized to share data with. 6. The method according to claim 2 , further comprising managing communication between said program and the network devices in the local area network by a firewall. 7. An interconnecting device for protection of data shared between network devices, wherein the interconnecting device interconnects the network devices, the interconnecting device being a central point for data sharing between the network devices, the interconnecting device making visible data stored by the network devices as directories of a file system of the interconnecting device that are accessible to the network devices, the interconnecting device comprising a processor circuit coupled to a memory, the processor circuit being configured to: determine a set of network devices that a program to be executed by the interconnecting device is authorized to share data with; launch a contained execution environment for execution of the program by interconnecting device; making visible at least one of the directories of the file system of the interconnecting device in the contained execution environment, each of the at least one of the directories of the file system in the interconnecting device pointing to a data storage directory of one of the network devices, the at least one of the directories being chosen as a function of the determined set of devices; and execute the program in the contained execution environment by the first interconnecting device. 8. The interconnecting device according to claim 7 , wherein the network is a local area network and said interconnecting device interconnects said local area network with a wide area network, and the processor circuit is further configured to download said program from said wide area network. 9. The interconnecting device according to claim 8 , wherein the processor circuit is further configured to allocate to the contained execution environment an Internet Protocol address of a distinct address space that different from an address space used for allocating Internet Protocol addresses to the network devices in the local area network, the distinct address space isolating the program in the contained execution environment from the network devices in the local area network while allowing the program to communicate with the wide area network. 10. The interconnecting device according to claim 8 , wherein the processor circuit is further configured to authenticate the program and that determines the set of network devices in the local area network that the program is authorized to share data with. 11. The interconnecting device according to claim 8 , wherein the processor circuit is further configured to implement a Dynamic Host Configuration Protocol function for allocation of Internet Protocol addresses to the network devices, and allocate an Internet Protocol address from a distinct address space to the contained execution environment. 12. The interconnecting device according to claim 8 , wherein the processor circuit is further configured to manage communication between said program and the network devices.
Assignees
Inventors
Classifications
describing content present in a home automation network, e.g. audio video content (retrieval from the Internet G06F16/95) · CPC title
Processing of data at an internetworking point of a home automation network · CPC title
Protocol conversion between an external network and a home network (controlling appliance services of a home automation network from a device located outside the home and the home network H04L12/2818; protocol conversion H04L69/08; adaptation of digital video signals for transport over a specific home network H04N7/24) · CPC title
- H04L63/10Primary
for controlling access to devices or network resources · CPC title
by executing in a restricted environment, e.g. sandbox or secure virtual machine · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9467449B2 cover?
- The invention proposes a method and device for protection of data for devices connected in a network such as a local area network or LAN. The method and device can for example be implemented on a gateway, which acts as an interconnecting device between the devices in the LAN network and that can offer these devices an access to an external network such as a wide area network or WAN. The method …
- Who is the assignee on this patent?
- Thomson Licensing
- What technology area does this patent fall under?
- Primary CPC classification H04L63/10. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Oct 11 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).