Search

US-12627500-B2 - Providing remote access to an internet-connected device

US12627500B2US 12627500 B2US12627500 B2US 12627500B2US-12627500-B2

Abstract

An example operation may include one or more of establishing a connection with a local area network (LAN) network via a routing apparatus comprising a plurality of network connection ports, receiving a packet via a network connection port from among the plurality of network connections ports, detecting that the packet is of a new virtual local area network (VLAN), and automatically configuring a VLAN interface for new VLAN and deploying the VLAN interface at the routing apparatus.

Inventors

  • Lewis T. Donzis
  • Lee Carl Ziegenhals

Assignees

  • PERFTECH, INC.

Dates

Publication Date
20260512
Application Date
20240328

Claims (20)

  1. 1 . An Internet-connected device comprising: a processor that executes instructions in a memory to configure the processor to: execute a non-discoverable handshake between the Internet-connected device and a remote device to authenticate the remote device, receive an encrypted open request from the remote device, decrypt the encrypted open request based on a private key of the Internet-connected device and a public key of the remote device, open a hole in a firewall of the Internet-connected device, enable access to the Internet-connected device based on the decrypted open request, hash a name of the Internet-connected device, and publish the hashed name and an IP address of the Internet-connected device with a Domain Name Server (DNS).
  2. 2 . The Internet-connected device of claim 1 , wherein the processor is configured to: execute the non-discoverable handshake via a User Datagram Protocol (UDP).
  3. 3 . The Internet-connected device of claim 1 , wherein the name of the Internet-connected device is a public key.
  4. 4 . The Internet-connected device of claim 1 , wherein the processor is configured to: receive an encrypted token request from the remote device, and decrypt the encrypted token request based on the private key of the Internet-connected device and the public key of the remote device.
  5. 5 . The Internet-connected device of claim 4 , wherein the processor is configured to: create a reply token, encrypt the reply token with the private key of the Internet-connected device and the public key of the remote device, and transmit the encrypted reply token to the remote device.
  6. 6 . The Internet-connected device of claim 1 , wherein the Internet-connected device comprises a router, and the remote device comprises a software application installed on the remote device, and wherein the processor is configured to: execute the non-discoverable handshake between the router and the software application installed on the remote device.
  7. 7 . The Internet-connected device of claim 1 , wherein the processor is configured to: receive hypertext transfer protocol secure (HTTPS) commands via the hole in the firewall, and configure one or more settings of the Internet-connected device based on the HTTPS commands.
  8. 8 . The Internet-connected device of claim 1 , wherein the processor is configured to: create the private key of the Internet-connected device and a public key of the Internet-connected device, and share the public key of the Internet-connected device with the remote device prior to executing the non-discoverable handshake.
  9. 9 . A method comprising: executing a non-discoverable handshake between an Internet-connected device and a remote device to authenticate the remote device; receiving an encrypted open request from the remote device; decrypting the encrypted open request based on a private key of the Internet-connected device and a public key of the remote device; opening a hole in a firewall of the Internet-connected device; enabling access to the Internet-connected device based on the decrypted open request; hashing a name of the Internet-connected device, and publishing the hashed name and an IP address of the Internet-connected device with a Domain Name Server (DNS).
  10. 10 . The method of claim 9 , wherein the executing comprises: executing the non-discoverable handshake via a User Datagram Protocol (UDP).
  11. 11 . The method of claim 9 , wherein the name of the Internet-connected device is a public key.
  12. 12 . The method of claim 9 , wherein the executing comprises: receiving an encrypted token request from the remote device; and decrypting the encrypted token request based on the private key of the Internet-connected device and the public key of the remote device.
  13. 13 . The method of claim 12 , wherein the executing comprises: creating a reply token; encrypting the reply token with the private key of the Internet-connected device and the public key of the remote device; and transmitting the encrypted reply token to the remote device.
  14. 14 . The method of claim 9 , wherein the Internet-connected device comprises a router, and the remote device comprises a software application installed on the remote device, and wherein the executing of the non-discoverable handshake comprises: executing the non-discoverable handshake between the router and the software application installed on the remote device.
  15. 15 . The method of claim 9 , wherein the method comprises: receiving hypertext transfer protocol secure (HTTPS) commands via the hole in the firewall; and configuring one or more settings of the Internet-connected device based on the HTTPS commands.
  16. 16 . The method of claim 9 , wherein the method comprises: creating the private key of the Internet-connected device and a public key of the Internet-connected device; and sharing the public key of the Internet-connected device with the remote device prior to executing the non-discoverable handshake.
  17. 17 . A non-transitory computer-readable storage medium comprising instructions that, when executed by a processor, cause the processor to perform: executing a non-discoverable handshake between an Internet-connected device and a remote device to authenticate the remote device; receiving an encrypted open request from the remote device; decrypting the encrypted open request based on a private key of the Internet-connected device and a public key of the remote device; and opening a hole in a firewall of the Internet-connected device; and enabling access to the Internet-connected device based on the decrypted open request; hashing a name of the Internet-connected device, and publishing the hashed name and an IP address of the Internet-connected device with a Domain Name Server (DNS).
  18. 18 . The non-transitory computer-readable storage medium of claim 17 , wherein the executing comprises: executing the non-discoverable handshake via a User Datagram Protocol (UDP).
  19. 19 . The non-transitory computer-readable storage medium of claim 17 , wherein the instructions cause the processor to perform: hashing a name of the Internet-connected device and publishing the hashed name with an IP address of the Internet-connected device with a Domain Name Server (DNS).
  20. 20 . The non-transitory computer-readable storage medium of claim 17 , wherein the instructions cause the processor to perform: receiving an encrypted token request from the remote device; and decrypting the encrypted token request based on the private key of the Internet-connected device and the public key of the remote device.

Description

BACKGROUND One of the benefits of a router is that it allows for connectivity between different devices and networks. For example, multiple devices can be connected to the Internet and to each other through a single router. In a home environment, a router can connect multiple devices such as laptops, smartphones, tablets, televisions, smart wearables, vehicles, and the like, to the internet and allow them to communicate with each other. In a business environment, routers can be used to connect multiple computers and servers to the Internet and to each other, allowing for seamless communication between employees and users outside the business. Configurations in networks play a critical role as they keep networks fully functioning and free from downtime. However, managing the configurations of a router typically requires a human (e.g., an admin, etc.) to make changes at regular intervals of time. But a person requires time to update the router, and even then, the person may fail to identify security flaws or make the changes correctly. This can result in downtime for an entire network of devices. SUMMARY One example embodiment provides an apparatus that includes one or more of a memory, a plurality of network connection ports, and a processor configured to execute a non-discoverable handshake between the Internet-connected device and a remote device to authenticate the remote device, receive an encrypted open request from the remote device, decrypt the encrypted open request based on a private key of the Internet-connected device and a public key of the remote device, and open a hole in a firewall of the Internet-connected device and enable access to the Internet-connected device based on the decrypted open request. Another example embodiment provides a method that includes one or more of executing a non-discoverable handshake between an Internet-connected device and a remote device to authenticate the remote device, receiving an encrypted open request from the remote device, decrypting the encrypted open request based on a private key of the Internet-connected device and a public key of the remote device, and opening a hole in a firewall of the Internet-connected device and enabling access to the Internet-connected device based on the decrypted open request. A further example embodiment provides a computer-readable medium comprising instructions, that when read by a processor, cause the processor to perform one or more of executing a non-discoverable handshake between an Internet-connected device and a remote device to authenticate the remote device, receiving an encrypted open request from the remote device, decrypting the encrypted open request based on a private key of the Internet-connected device and a public key of the remote device, and opening a hole in a firewall of the Internet-connected device and enabling access to the Internet-connected device based on the decrypted open request. BRIEF DESCRIPTION OF THE DRAWINGS FIG. 1A is a diagram illustrating a network computing environment including a plurality of routing apparatuses according to example embodiments. FIG. 1B is a diagram illustrating components that may be included in a routing apparatus according to example embodiments. FIGS. 2A-2D are diagrams illustrating a process of automatic detection and configuration of a new virtual local area network (VLAN) according to example embodiments. FIGS. 3A-3C are diagrams illustrating a process of a remote device directly accessing an Internet-connected device according to example embodiments. FIGS. 4A-4E are diagrams illustrating a process of transparent replacement of an Internet Protocol (IP) network router according to example embodiments. FIG. 5 is a diagram illustrating a method of automatically configuring a new VLAN according to example embodiments. FIG. 6 is a diagram illustrating a method of enabling direct remote access to an Internet-connected device according to example embodiments. FIG. 7 is a diagram illustrating a method of automatically replacing a network router according to example embodiments. DETAILED DESCRIPTION It is to be understood that although this disclosure includes a detailed description of cloud computing, implementation of the teachings recited herein is not limited to a cloud computing environment. Rather, embodiments of the instant solution are capable of being implemented in conjunction with any other type of computing environment now known or later developed. The example embodiments are directed to a routing apparatus (also referred to herein as a router, etc.) The router may be geared for gigabit Internet, and also designed to accommodate future generation speeds. For example, the router may include multiple Ethernet ports that have a 1 Gbps Ethernet capacity or more. The router may enable thousands of connected devices and may collect and store activity data of the connected devices. The router may include a dual-channel memory and may support both Internet Protocol