WO2010104771A1 - Use of snmp for management of small footprint devices - Google Patents
Use of snmp for management of small footprint devices Download PDFInfo
- Publication number
- WO2010104771A1 WO2010104771A1 PCT/US2010/026477 US2010026477W WO2010104771A1 WO 2010104771 A1 WO2010104771 A1 WO 2010104771A1 US 2010026477 W US2010026477 W US 2010026477W WO 2010104771 A1 WO2010104771 A1 WO 2010104771A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- managed
- command
- small footprint
- managed device
- snmp
- Prior art date
Links
- 238000000034 method Methods 0.000 claims abstract description 35
- 230000008569 process Effects 0.000 claims abstract description 7
- 230000009471 action Effects 0.000 claims description 2
- 238000012545 processing Methods 0.000 abstract description 16
- 238000004891 communication Methods 0.000 description 58
- 238000007726 management method Methods 0.000 description 12
- 230000007246 mechanism Effects 0.000 description 9
- 230000005540 biological transmission Effects 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 3
- 230000008901 benefit Effects 0.000 description 2
- 230000008878 coupling Effects 0.000 description 2
- 238000010168 coupling process Methods 0.000 description 2
- 238000005859 coupling reaction Methods 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000002093 peripheral effect Effects 0.000 description 2
- 230000004044 response Effects 0.000 description 2
- GKJZMAHZJGSBKD-NMMTYZSQSA-N (10E,12Z)-octadecadienoic acid Chemical compound CCCCC\C=C/C=C/CCCCCCCCC(O)=O GKJZMAHZJGSBKD-NMMTYZSQSA-N 0.000 description 1
- 230000004075 alteration Effects 0.000 description 1
- 230000010267 cellular communication Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000004883 computer application Methods 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000002708 enhancing effect Effects 0.000 description 1
- 230000000977 initiatory effect Effects 0.000 description 1
- 238000013507 mapping Methods 0.000 description 1
- 230000004224 protection Effects 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 230000008685 targeting Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/02—Standardisation; Integration
- H04L41/0213—Standardised network management protocols, e.g. simple network management protocol [SNMP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0853—Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/16—Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2212/00—Encapsulation of packets
Definitions
- the present invention relates generally to device networks and mechanisms for managing the same.
- Protocol Data Unit consisting of the type of operation that one wishes to perform followed by a sequence of name-value pairs.
- the semantics of the PDU are that the operation should be performed on each of the named data elements using the value associated with the name.
- the second shortcoming is that the same command must be used applied to all the name-value pairs in the PDU. If one wants to SET a variable before doing a GET on a second variable, two separate and distinct PDUs are required (i.e., two messages). This requires a greater amount of messaging and message processing, thereby consuming network (e.g., bandwidth) and processing (e.g., processing units and memory) resources.
- network e.g., bandwidth
- processing e.g., processing units and memory
- ICCs Integrated Circuit Cards
- IEFC RFC 3416 While maintaining complete compliance with IEFC RFC 3416 and employing all the desirable secure communication features of SNMPv3, embodiments of the present invention define means of applying this protocol that appropriate for use with small footprint devices, such as ICCs.
- one embodiment of the present invention provides mechanisms for connecting small footprint devices into networks managed by SNMP, thus providing a means to manage data stored in the small footprint device using a secure, lightweight communication protocol, such as the SNMP communication protocol or variants thereof.
- a second embodiment of the present invention provides mechanisms that enable the tamper-resistant properties of an ICC to enhance the security of processing SNMP messages.
- a device management method generally comprises: generating a command message at a manager, the command message including at least one object identifier, each object identifier comprising a variable identification portion and a command information portion; and transmitting the command message to a managed device.
- the managed device may correspond to a small footprint device and the command message may comprise an SNMP message.
- Small footprint devices may include any type of constrained resource.
- the resources may be constrained across one or more dimensions in that the small footprint device may have a relatively small amount of memory, processing ability, bandwidth, firmware space, etc. that limits the device's ability to receive and/or process commands and messages containing commands.
- Examples of small footprint devices include, but are not limited to, ICCs, smart cards, Subscriber Identity Module (SIM) cards, Security Authentication Module (SAM) cards, printers, readers, components within a printer or reader, wireless sensor network nodes , network appliances and peripherals, electronic locks and locking mechanisms, protocol converters (e.g., a Wiegand to SDI converter) or the like.
- OID Object Identifier
- An OID is a finite sequence of numbers separated by dots.
- SNMP uses the OID data type defined in ISO/EEC 8825-1, the entire contents of which are hereby incorporated herein by reference, to represent names.
- ISO/IEC 8825-1 defines an OID name as a sequence of non-zero integer values and gives a digital encoding for such names.
- ISO/IEC 8825-1 provides neither a semantic for the sequence of integers nor any guarantee that there will be two OID names for the same object or two objects with the same OID name.
- An entity or enterprise can request a leaf node of this internationally-recognized OID registry tree and this leaf becomes the root of a namespace within the global OID namespace that is managed by the entity.
- the OID for the root of an entity tree in the OED registry namespace is represented as follows:
- OIDs might be the name of a particular reader with a particular color, connector type, and indicator type used to communicate with a particular card type. This means that all bytes after the root byte allocated to an entity are controlled by the entity that has been allocated the root and as long as these bytes follow the encoding rules of ISO/IEC 8825-1 these OIDs are compliant with IETF RFC 3416 and can be used in SNMP messages wherever an OID is called for.
- an ICC for example, to embody the security and access control mechanisms of an arbitrary SNMP-managed device, thereby enhancing the security profile of that device by performing SNMP functions inside a tamper-resistant and/or tamper-evident device or boundary.
- Fig. 1 depicts a first configuration of a managed system in accordance with embodiments of the present invention
- Fig. 2 depicts a second configuration of a managed system in accordance with embodiments of the present invention
- Fig. 3 depicts a managed device in accordance with embodiments of the present invention
- Fig. 4 depicts an exemplary data structure used in accordance with embodiments of the present invention
- Fig. 5 is a flow chart depicting a small footprint device management method in accordance with embodiments of the present invention.
- the invention will be illustrated below in conjunction with an exemplary access control system. Although well suited for use with, e.g., a system using access control readers and/or credentials, the invention is not limited to use with any particular type of access control system or configuration of system elements. Those skilled in the art will recognize that the disclosed techniques may be used in any application in which it is desirable to control small footprint devices with a lightweight control protocol or to enhance the security of existing SNMP-managed devices.
- the exemplary systems and methods of this invention will also be described in relation to analysis software, modules, and associated analysis hardware. However, to avoid unnecessarily obscuring the present invention, the following description omits well- known structures, components and devices that may be shown in block diagram form that are well known, or are otherwise summarized. For purposes of explanation, numerous details are set forth in order to provide a thorough understanding of the present invention. It should be appreciated, however, that the present invention may be practiced in a variety of ways beyond the specific details set forth herein.
- the managed system 100 generally includes a communication network 104 that connects one or more managed devices 108 to a manager 1 16.
- the managed devices 108 may be any type of processing resource capable of being remotely controlled over the communication network 104.
- Exemplary communication networks 104 that may be used in accordance with at least some embodiments of the present invention include, without limitation, wired networks that utilize the one or more of the Wiegand protocol, RS422, RS485, TCP/IP, etc. or wireless networks that employ one or more of Wi-Fi, Bluetooth, Zigbee, optical coupling, audio coupling, and combinations thereof.
- the managed device 108 comprises one or more of a credential reader ⁇ e.g., contact reader, contactless reader, NFC-based phone, magstripe reader, Wiegand reader, barcode scanner/reader, or any other machine reading device capable of reading, writing, or rewriting a credential, or printer ⁇ e.g., a device adapted to create printed credentials that may or may not be machine readable such as contact or contactless credentials), or a combination thereof.
- the managed device 108 may correspond to a small footprint device itself.
- the managed device 108 may have one, two, three, or more small footprint devices within its borders ⁇ i.e., inserted in the managed device 108 or integral to the managed device 108).
- a credential 1 12 inserted into the managed device 108 may be considered a small footprint device.
- the managed device 108 may be adapted to communicate with credentials 1 12 via contactless and/or contact-based communication protocols.
- Examples of communication protocols employed by the managed device 108 to communication with a credential 1 12 include, without limitation, RF-based communications ⁇ e.g., ISO 14443A, ISO14443B, ISO 15693, Near Field Communications, Bluetooth, Zigbee, Wi-Fi, and any other type of communication protocol that utilizes an RF field at 125kHz or 13.56MHz, for example), magnetic-based communications, light-based communications, wire-based communications including ISO 7816, 1 2 C, SPI, as well as other known or yet to be developed communication protocols.
- RF-based communications e.g., ISO 14443A, ISO14443B, ISO 15693, Near Field Communications, Bluetooth, Zigbee, Wi-Fi, and any other type of communication protocol that utilizes an RF field at 125kHz or 13.56MHz, for example
- magnetic-based communications e.g., light-based communications
- the communication network 104 is adapted to carry messages between the components connected thereto.
- a manager 1 16 sends messages to and receives messages from a managed device 108 via the communication network 104.
- the communication network 104 may comprise any type of known communication network including wired and wireless or combinations of communication networks and may span long or small distances.
- the protocols used by the communication network 104 to manager 116/managed device 108 communications may include, but is not limited to, the TCP/IP protocol, Power-Over-Ethernet (POE), Wi-Fi, Wiegand Protocol, RS 232, RS 485, RS422, Current Loop, F2F, Bluetooth, Zigbee, GSM, SMS, Wi-Fi, optical, audio and so forth.
- the Internet is an example of the communication network 104 that constitutes an IP network consisting of many computers and other communication devices located locally and all over the world, which are connected through many telephone systems and other means.
- the communication network 104 examples include, without limitation, a standard Plain Old Telephone System (POTS), an Integrated Services Digital Network (ISDN), the Public Switched Telephone Network (PSTN), a Local Area Network (LAN), a Wide Area Network (WAN), a Session Initiation Protocol (SIP) network, a cellular communication network, a satellite communication network, any type of enterprise network, and any other type of packet-switched or circuit-switched network known in the art.
- POTS Plain Old Telephone System
- ISDN Integrated Services Digital Network
- PSTN Public Switched Telephone Network
- LAN Local Area Network
- WAN Wide Area Network
- SIP Session Initiation Protocol
- cellular communication network any type of enterprise network
- satellite communication network any type of enterprise network
- the manager 1 16 may be adapted to, at various points in time, send messages, possibly including commands, to one or more managed device 108.
- the types of messages sent to the managed devices 108 may vary depending upon the functionality of the managed device 108 and the internal resources and capabilities of the managed device 108.
- the manager 116 is adapted to generate and send SNMP messages to a managed device 108 directed toward a particular managed object associated with the managed device 108 (i.e., the managed device 108 or an object within the managed device 108). Every managed data object within a managed device has a unique OID.
- MIB Management Information Base
- the MIB may correspond to a data store, database or other organized data structure connected to the communication network 104 and accessible by the manager 116.
- Objects in the MIB are defined using the mechanisms defined IETF RFC 2578, Structure of Management Information Version 2(SMIv2).
- SMIv2 Structure of Management Information Version 2
- Variables within a managed object may be accessed and managed by the manager 1 16 using the GET operation, SET operation, or any other type of SNMP operation.
- the term "variable” refers to an instance of a non-aggregate object type defined according to the conventions set forth in the SMIv2 [RFC2578] and the textual conventions based on the SMI [RFC2579].
- variable binding refers to the pairing of the name of a variable and its associated value. Accordingly, the GET operation can be used by the manager 1 16 to retrieve the current value of a particular variable and the SET operation can be used by the manager 116 to change the value of a particular variable to a new value.
- the manager 1 16 is adapted to send additional commands in the SNMP format to the managed device 108.
- the command may be defined in well known ICC standards, such as ISO/TEC 7816.
- the command standards being known to the manager 1 16 and managed device 108 can serve as the mapping of commands in the OID (e.g., by a command identifier) to commands to be executed by the managed device 108.
- An SNMP command sent to the managed device 108 may comprise a single OED including a sequence of bytes beginning with the identifier of the managed data object followed by command information, which may also be a sequence of bytes directly following the sequence of object-identifying bytes in the OID.
- a command to an ICC may comprise a sequence of bytes denoted as follows:
- the initial sequence of bytes (1.3.6.1.4.1.29240. l)is the variable identifier (henceforth "VAR") identifying the data object - the ICC - to be managed, the next four bytes (CLA. INS. Pl . P2) are called by ISO/IEC 7816-4 the command body of the ICC operation and the trailing bytes (L. Di. D 2 .... D L) are called by ISO/IEC 7816-4 the command data of the ICC operation .
- VAR variable identifier
- this command can be sent to the managed device 108 using SNMP by using an SNMP SET PDU with reference to the OID:
- the SNMP data associated with this OID in the PDU encoding is set to NULL because the data to be used in the operation is in the OED .
- Multiple commands performing two different operations within the managed device 108 can be sent with one SNMP message by making reference to the following OID:
- the bytes with superscript 1 comprise the first command to be executed by the managed device 108 and the bytes with superscript 2 comprise the second command to be executed by the managed device 108.
- the commands may be executed in order of appearance in the OID ⁇ e.g., the first command is executed before the second command) or they may be executed based on other considerations, such as whether one command is directed toward a sensitive variable and the other is not.
- SNMP managed devices 108 are neither tamper-resistant nor tamper- evident and according to RFC 3414 "User-based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMPv3)", the entire contents of which are hereby incorporated herein by reference, these devices store sensitive data such as cryptographic keys and perform operations using this data such as encryption and decryption.
- USM User-based Security Model
- SNMPv3 Simple Network Management Protocol
- the security features of the SNMP communication protocol address the security of data being sent to and received from the managed device 108, but they do not address the security and privacy of the data residing within the managed device 108.
- the managed device is not itself physically and/or logically secure ⁇ e.g., if the managed device 108 is a printer, a router, a desktop computer, an IP telephone, an application running on a general-purpose operating system, or the like), then the existence of an SNMP-accessible variable together with its current value is open to discovery and rhal-use by unauthorized entities.
- the managed device 108 may comprise an ICC within the secure area 208 of the device.
- the ICC 204 may be in communication with an SNMP agent 212 that is responsible for initially receiving the command from the manager 116 and determining whether the command is to be processed by the managed device 108 (i.e., is directed toward a non-sensitive variable) or by the ICC 204.
- the node VAR marked the boundary between data processing done outside the ICC and data processing done inside an ICC.
- the processing of all variables rooted at the address identified by VAR is handled inside the ICC 204.
- This processing can be exactly the normal command processing for the variable as is stipulated by IETF RFC 3416 or it can be a form of processing such as previously described.
- the small footprint device 204 may be physically integral to the managed device 108 or may be inserted to and removed from the managed device 108. Regardless of configuration, specific sections of the managed device's 108
- Management Information Base is protected from both physical and logical compromise due to the physical and logical security properties of the small footprint device 204.
- the fact that a variable exists at all together with all processing for that variable using SNMP keys to protect the current value of the variable in transmission is contained within the secure area 204.
- the secure area 208 corresponds to the boundary of the small footprint device 204 (e.g., when the small footprint device 204 is an ICC).
- the managed device 108 comprises the ability to be managed via SNMP or house small footprint devices 204 capable of being managed via SNMP.
- the managed device 108 may comprise an SNMP agent 208 stored in local memory 308 that, when executed by a local processor 304, allows the managed device 108 to receive and react to SNMP commands sent from the manager 1 16.
- the processor 304 may be adapted to process certain SNMP commands that are directed toward variables bound to non-sensitive data.
- the SNMP command is directed toward a variable bound to sensitive data 320
- the SNMP command is forwarded to the small footprint device 204 where the command is executed.
- the description of the variable in the device MIB causes the SNMP agent 208 to forward the SNMP packet to the small footprint device 204
- the small footprint device may implement within its physically and logically secure boundary one of the defined SNMP commands such as GET or SET or it may a more specific command as described above directed toward the variable bound to sensitive data 320.
- the memory 208 may comprise volatile and/or non-volatile memory.
- non-volatile memory include Read Only Memory (ROM), Erasable Programmable ROM (EPROM), Electronically Erasable PROM (EEPROM), Flash memory, and the like.
- volatile memory include Random Access Memory (RAM), Dynamic RAM (DRAM), Static RAM (SRAM), or buffer memory.
- the memory 208 and the processor 304 are designed to utilize known security features to prevent unauthorized access to the contents of the memory 208 such as side channel analysis, DPA, and the like.
- variables 320 in the small footprint device 204 may also comprise non-sensitive variables. This may depend upon the nature of the small footprint device 204 and whether it resides in a secure area 208.
- the processor 304 may include any general-purpose programmable processor, digital signal processor (DSP) or controller for executing application programming (e.g., application programming residing in memory 308).
- DSP digital signal processor
- the processor 304 may comprise a specially configured Application Specific Integrated Circuit (ASIC).
- ASIC Application Specific Integrated Circuit
- the processor 304 may also be provided with control circuitry capable of manipulating an access control device.
- the access control device is designed to secure a point of access or resource being protected by the managed device 108.
- the processor 304 is enabled to communicate with the access control device via a network interface 312 or via some other dedicated access control interface.
- Examples of a typical access control device include, without limitation, an electronic lock, a magnetic lock, or an electric strike for a door, a lock for a computer system, a lock for a database, a lock on a financial account, a lock on access to a computer, or a lock on a computer application.
- the processor 304 actuates the access control device by sending a signal to the access control device via the network interface 312 based on results of an access decision made by the processor 304.
- the access control device may be integral to the managed device 108 in one embodiment, in which case an access control device interface would not be necessary.
- an access control device is external to the managed device 108, thus necessitating some sort of interface between the managed device 108 and access control device. Examples of an access control device interface include any type of data port such as a Wiegand port, Hi-OTM port, USB port, serial data port, parallel data port, a conventional wire, an Ethernet port, a wireless communication port such as a Bluetooth data interface, or any other type of wired or wireless communication interface.
- the communications between the managed device 108 and the external device may also practice embodiments of the present invention described herein
- the network interface 312 may also be adapted to connect the managed device 108 to the communication network 104. Accordingly, communication packets or messages sent by the manager 116 to the managed device 108 are received initially by the managed device 108 at the network interface 312. These messages may be forwarded to the processor 304 for further analysis and processing.
- the network interface 312 provides communication capabilities between the managed device 108 and external servers or other network nodes. Such a communication interface may include a USB port, a wired modem, a wireless modem, a network adapter such as an Ethernet card and Ethernet port, a serial data port, a parallel data port, or any other communication adapter or port known in the art.
- the managed device 108 may also comprise a credential communication interface 316 used to communicate back and forth with the credential 1 12.
- the credential communication interface 316 may comprise an RF communication interface (e.g., an RF antenna), a magnetic communication interface (e.g., a magnetic stripe reader), an optical communication interface (e.g., an infrared detector and transmitter), an audio communication interface, an electrical contact communication interface, a slot or port for physically receiving a credential 1 12, or any other means of communicating information to/from a credential 112.
- a power source may also be included in the managed device 108 to provide power to the various devices contained within the managed device 108.
- the power source may comprise internal batteries and/or an AC-DC converter such as a switch mode power supply or voltage regulator connected to an external AC power source.
- the communication between the SNMP-managed device and the access control device can also benefit from the embodiments of the present invention.
- the SNMP-managed device is using SNMP to control the access control device.
- Fig. 4 an exemplary data structure 400 hierarchy will be described in accordance with at least some embodiments of the present invention.
- the data structure 400 may comprise a number of possible OIDs that can be used for targeting SNMP commands that are executable by small footprint devices.
- OIDs used in accordance with at least some embodiments of the present invention may be registered as a series of integer sub-identifiers, each sub-identifier integer being separated from adjacent sub-identifier integers by a delimiter such as a period or the like.
- the boundaries may be defined by the number of bits (i.e., byte boundary) if the data is represented in a binary data stream.
- Other well known data types that essentially provide similar functionality using a hierarchically-assigned namespace in which successive numbers of the nodes, starting at the root of the tree, identify each node in the tree include Uniform Resource Locators (URL), Uniform Resource Names (URN), Uniform Resource Identifiers (URI), Uniform Resource Characteristics (URC) among others.
- An entity may be assigned a particular number by the Internet Assigned Numbers Authority (IANA), RFC 4122, or others.
- the data structure 300 may correspond to an MIB tree, some or all of which may be stored in a centrally located MIB and/or an MIB stored in memory 308 of the managed device 108.
- an entity has the possibility of being provided exclusive assignment of an OID namespace, such assignment starting with the originating ISO node and ending with the number assigned by IANA. From that root node, the entity can create their own OIDs with the assurance that no other OID of the same value has been created by any other entity.
- the OID may also be configured to include command information (e.g., commands to be performed, parameters to be used, and/or data to be employed for an identified parameter).
- the commands in the OID may correspond to standardized commands that are already known by a small footprint device. The command portion of the OID, therefore, only has to identify which of the standardized commands are to be executed for a particular variable.
- the method is initiated when the manager 1 16 identifies one or riiore devices to be managed (step 504). This step may include locating a managed device 108 that is under the control of the manager 1 16. The method may be initiated in response to an automatic determination that a device needs some amount of management (e.g., a triggering event has occurred or the device has not been managed for more than a predetermined amount of time). Alternatively, the method may be initiated by an administrative user interacting with the manager 108 to identify the device(s) to be managed.
- a triggering event e.g., a triggering event has occurred or the device has not been managed for more than a predetermined amount of time.
- the manager 116 further identifies which variable or variables within the device 108 need to be retrieved, changed, updated, etc.
- the manager 116 uses in the MIB associated with the device to determine identification information for the variable. More specifically, the manager 116 determines the OLD associated with the variable to be managed together with the nature of the data needed to manipulate the variable. With this information, the manager 1 16 continues by generating a control command (step 508).
- the control command is adapted to include the object identifier of the variable to be managed, the commands and parameters that will be used to manage the variable, and any additional data that will be necessary to manage the device variable ⁇ e.g., the new value for the variable).
- the command generated by the manager 116 may comprise a single SNMP message in the form of an OID without an associated data value.
- the OID contains the identification information for the device and/or variable, the commands and parameters that will be used to manage the variable, and any additional data, if necessary. All of this information is concatenated into a single string, the result of which is a single OID.
- the SNMP message may be adapted to include two, three, or more commands, all of which can be included in the same OID. This allows the manager 1 16 to initiate multiple actions at the managed device 108 with a single message. More specifically, the message may comprise data in the form of code defining new commands and functionality providing extensibility.
- the message is sent to the identified device(s) (step 512).
- the manager 1 16 transmits the message across the communication network 104 to the managed device 108.
- This is usually accomplished by encapsulating the SNMP message in a TCP and/or UDP packet that is capable of being transmitted across the communication network 104.
- the SNMP message contains the OID generated by the manager and the TCP or UDP packet identifies the address of the target device.
- the TCP or UDP packet is used as a transmission mechanism for the SNMP message across the communication network.
- the SNMP message may be encapsulated in any type of message capable of transmission across the communication network 104 in accordance with communication protocols of the communication network 104. Accordingly, embodiments of the present invention are not necessarily limited to the use of a TCP and/or UDP packet.
- the managed device 108 then receives the message (step 516) and processes the message in according to IETF STD 26 - Simple Network Management Protocol (step 520). When the managed device 108 receives the message it may forward it to an internal small footprint device 204 or may execute the message command itself if the command is directed toward a variable directly accessible by the managed device 108.
- the command requires the alteration of a variable in the device being managed (i.e., the command is a SET command), then that variable is altered based on the data supplied in the command.
- the command is a GET command, then the identified variable value is determined and a message is transmitted back to the manager 1 16 that includes the value of the variable.
- the communications between the manager 1 16 and the managed device 108 may be encrypted or otherwise protected from unwanted viewing using the teachings of IETF RFC 3414 or other means. While the above-described flowchart has been discussed in relation to a particular sequence of events, it should be appreciated that changes to this sequence can occur without materially effecting the operation of the invention. Additionally, the exact sequence of events need not occur as set forth in the exemplary embodiments.
- the exemplary techniques illustrated herein are not limited to the specifically illustrated embodiments but can also be utilized with the other exemplary embodiments and each described feature is individually and separately claimable.
- the systems, methods and protocols of this invention can be implemented on a special purpose computer in addition to or in place of the described access control equipment, a programmed microprocessor or microcontroller and peripheral integrated circuit element(s), an ASIC or other integrated circuit, a digital signal processor, a hardwired electronic or logic circuit such as discrete element circuit, a programmable logic device such as TPM, PLD, PLA, FPGA, PAL, a communications device, such as a server, personal computer, any comparable means, or the like.
- any device capable of implementing a state machine that is in turn capable of implementing the methodology illustrated herein can be used to implement the various data messaging methods, protocols and techniques according to this invention.
- the disclosed methods may be readily implemented in software..
- the disclosed system may be implemented partially or fully in hardware using standard logic circuits or VLSI design. Whether software or hardware is used to implement the systems in accordance with this invention is dependent on the speed and/or efficiency requirements of the system, the particular function, and the particular software or hardware systems or microprocessor or microcomputer systems being utilized.
- the analysis systems, methods and protocols illustrated herein can be readily implemented in hardware and/or software using any known or later developed systems or structures, devices and/or software by those of ordinary skill in the applicable art from the functional description provided herein and with a general basic knowledge of the computer arts.
- the disclosed methods may be readily implemented in software that can be stored on a storage medium, executed on a programmed general-purpose computer with the cooperation of a controller and memory, a special purpose computer, a microprocessor, or the like.
- the systems and methods of this invention can be implemented as program embedded on personal computer such as an integrated circuit card applet, JAVA® or CGI script, as a resource residing on a server or computer workstation, as a routine embedded in a dedicated communication system or system component, or the like.
- the system can also be implemented by physically incorporating the system and/or method into a software and/or hardware system, such as the hardware and software systems of a communications device or system.
Abstract
Description
Claims
Priority Applications (10)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
BRPI1006454A BRPI1006454A2 (en) | 2009-03-13 | 2010-03-08 | use of snmp management of small footprint devices |
MX2011009618A MX2011009618A (en) | 2009-03-13 | 2010-03-08 | Use of snmp for management of small footprint devices. |
CN2010800209549A CN102422598A (en) | 2009-03-13 | 2010-03-08 | Use of SNMP for management of small footprint devices |
EP10751224.6A EP2406919A4 (en) | 2009-03-13 | 2010-03-08 | Use of snmp for management of small footprint devices |
JP2011554098A JP2012520506A (en) | 2009-03-13 | 2010-03-08 | Method, system, apparatus, and medium for using SMNP to manage a small tracking device |
CA2755367A CA2755367A1 (en) | 2009-03-13 | 2010-03-08 | Use of snmp for management of small footprint devices |
RU2011141076/08A RU2011141076A (en) | 2009-03-13 | 2010-03-08 | APPLICATION OF A SIMPLE NETWORK MANAGEMENT PROTOCOL (SNMP) FOR MANAGING DEVICES WITH SMALL MEMORY VALUES |
AU2010222859A AU2010222859A1 (en) | 2009-03-13 | 2010-03-08 | Use of SNMP for management of small footprint devices |
IL215092A IL215092A0 (en) | 2009-03-13 | 2011-09-11 | Use of snmp for management of small footprint devices |
ZA2011/07097A ZA201107097B (en) | 2009-03-13 | 2011-09-28 | Use of snmp for management of small footprint devices |
Applications Claiming Priority (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US16017709P | 2009-03-13 | 2009-03-13 | |
US61/160,177 | 2009-03-13 | ||
US12/480,505 US9032058B2 (en) | 2009-03-13 | 2009-06-08 | Use of SNMP for management of small footprint devices |
US12/480,505 | 2009-06-08 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2010104771A1 true WO2010104771A1 (en) | 2010-09-16 |
Family
ID=42728680
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/US2010/026477 WO2010104771A1 (en) | 2009-03-13 | 2010-03-08 | Use of snmp for management of small footprint devices |
Country Status (13)
Country | Link |
---|---|
US (1) | US9032058B2 (en) |
EP (1) | EP2406919A4 (en) |
JP (1) | JP2012520506A (en) |
KR (1) | KR20120002587A (en) |
CN (1) | CN102422598A (en) |
AU (1) | AU2010222859A1 (en) |
BR (1) | BRPI1006454A2 (en) |
CA (1) | CA2755367A1 (en) |
IL (1) | IL215092A0 (en) |
MX (1) | MX2011009618A (en) |
RU (1) | RU2011141076A (en) |
WO (1) | WO2010104771A1 (en) |
ZA (1) | ZA201107097B (en) |
Families Citing this family (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8314965B2 (en) * | 2010-03-18 | 2012-11-20 | Emerge Print Management, Llc | Patrol device field installation notification method and system |
US8330984B2 (en) * | 2010-03-18 | 2012-12-11 | Emerge Paint Management, LLC | Field metering patrol system and method for metering and monitoring printers |
US8854177B2 (en) * | 2010-12-02 | 2014-10-07 | Viscount Security Systems Inc. | System, method and database for managing permissions to use physical devices and logical assets |
US8836470B2 (en) | 2010-12-02 | 2014-09-16 | Viscount Security Systems Inc. | System and method for interfacing facility access with control |
KR101866270B1 (en) * | 2011-02-21 | 2018-07-05 | 삼성전자주식회사 | Data sharing system and method thereof |
US20120246305A1 (en) * | 2011-03-23 | 2012-09-27 | Hughes Network Systems, Llc | System and method for management of cots devices in managed networks based on device auto-detection |
US10192054B2 (en) * | 2013-09-13 | 2019-01-29 | Intel Corporation | Automatic pairing of IO devices with hardware secure elements |
CN109560958B (en) * | 2017-09-27 | 2022-02-18 | 精工爱普生株式会社 | Device management system, device and method, relay management device, and recording medium |
WO2020180424A1 (en) | 2019-03-04 | 2020-09-10 | Iocurrents, Inc. | Data compression and communication using machine learning |
US11639617B1 (en) | 2019-04-03 | 2023-05-02 | The Chamberlain Group Llc | Access control system and method |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5572195A (en) * | 1994-08-01 | 1996-11-05 | Precision Tracking Fm, Inc. | Sensory and control system for local area networks |
US6675351B1 (en) * | 1999-06-15 | 2004-01-06 | Sun Microsystems, Inc. | Table layout for a small footprint device |
US20050105508A1 (en) * | 2003-11-14 | 2005-05-19 | Innomedia Pte Ltd. | System for management of Internet telephony equipment deployed behind firewalls |
EP1724684A1 (en) * | 2005-05-17 | 2006-11-22 | BUSI Incubateur d'entreprises d'AUVEFGNE | System and method for task scheduling, signal analysis and remote sensor |
US7506041B1 (en) * | 2003-08-01 | 2009-03-17 | Avocent Corporation | Secure management protocol |
US20100077091A1 (en) * | 2008-09-22 | 2010-03-25 | Sarkar Sujoy | Method And System For Managing A Hierarchical Information Base With An Application Layer Protocol |
Family Cites Families (148)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US3958088A (en) | 1974-03-29 | 1976-05-18 | Xerox Corporation | Communications systems having a selective facsimile output |
US3920896A (en) | 1974-03-29 | 1975-11-18 | Xerox Corp | Communications systems having a selective facsimile output |
US4703503A (en) | 1986-10-03 | 1987-10-27 | Hitohisa Asai | Cryptographic system using pseudocomplements of vector Boolean algebra |
FR2653914A1 (en) | 1989-10-27 | 1991-05-03 | Trt Telecom Radio Electr | SYSTEM FOR AUTHENTICATING A MICROCIRCUIT CARD BY A PERSONAL MICROCOMPUTER, AND METHOD FOR ITS IMPLEMENTATION |
US5036461A (en) | 1990-05-16 | 1991-07-30 | Elliott John C | Two-way authentication system between user's smart card and issuer-specific plug-in application modules in multi-issued transaction device |
US5657388A (en) | 1993-05-25 | 1997-08-12 | Security Dynamics Technologies, Inc. | Method and apparatus for utilizing a token for resource access |
US5438650A (en) * | 1992-04-30 | 1995-08-01 | Ricoh Company, Ltd. | Method and system to recognize encoding type in document processing language |
US5596718A (en) | 1992-07-10 | 1997-01-21 | Secure Computing Corporation | Secure computer network using trusted path subsystem which encrypts/decrypts and communicates with user through local workstation user I/O devices without utilizing workstation processor |
US5377997A (en) * | 1992-09-22 | 1995-01-03 | Sierra On-Line, Inc. | Method and apparatus for relating messages and actions in interactive computer games |
US5649118A (en) | 1993-08-27 | 1997-07-15 | Lucent Technologies Inc. | Smart card with multiple charge accounts and product item tables designating the account to debit |
US5461217A (en) | 1994-02-08 | 1995-10-24 | At&T Ipm Corp. | Secure money transfer techniques using smart cards |
JP3521955B2 (en) | 1994-06-14 | 2004-04-26 | 株式会社日立製作所 | Hierarchical network management system |
US5979773A (en) | 1994-12-02 | 1999-11-09 | American Card Technology, Inc. | Dual smart card access control electronic data storage and retrieval system and methods |
DE69637733D1 (en) * | 1995-02-13 | 2008-12-11 | Intertrust Tech Corp | SYSTEMS AND METHOD FOR SAFE TRANSMISSION |
US6219718B1 (en) * | 1995-06-30 | 2001-04-17 | Canon Kabushiki Kaisha | Apparatus for generating and transferring managed device description file |
US5758083A (en) | 1995-10-30 | 1998-05-26 | Sun Microsystems, Inc. | Method and system for sharing information between network managers |
US5999629A (en) * | 1995-10-31 | 1999-12-07 | Lucent Technologies Inc. | Data encryption security module |
US5889941A (en) * | 1996-04-15 | 1999-03-30 | Ubiq Inc. | System and apparatus for smart card personalization |
US6088450A (en) | 1996-04-17 | 2000-07-11 | Intel Corporation | Authentication system based on periodic challenge/response protocol |
US5828830A (en) | 1996-10-30 | 1998-10-27 | Sun Microsystems, Inc. | Method and system for priortizing and filtering traps from network devices |
US6335927B1 (en) | 1996-11-18 | 2002-01-01 | Mci Communications Corporation | System and method for providing requested quality of service in a hybrid network |
US5987513A (en) * | 1997-02-19 | 1999-11-16 | Wipro Limited | Network management using browser-based technology |
US6157966A (en) | 1997-06-30 | 2000-12-05 | Schlumberger Malco, Inc. | System and method for an ISO7816 complaint smart card to become master over a terminal |
AU755458B2 (en) | 1997-10-14 | 2002-12-12 | Visa International Service Association | Personalization of smart cards |
US6490680B1 (en) | 1997-12-04 | 2002-12-03 | Tecsec Incorporated | Access control and authorization system |
DE19838628A1 (en) | 1998-08-26 | 2000-03-02 | Ibm | Extended smart card communication architecture and method for communication between smart card application and data carrier |
US6782506B1 (en) | 1998-02-12 | 2004-08-24 | Newriver, Inc. | Obtaining consent for electronic delivery of compliance information |
US6616535B1 (en) | 1998-03-09 | 2003-09-09 | Schlumberger Systems | IC card system for a game machine |
US6421746B1 (en) | 1998-03-26 | 2002-07-16 | Micron Electronics, Inc. | Method of data and interrupt posting for computer devices |
JP3112076B2 (en) | 1998-05-21 | 2000-11-27 | 豊 保倉 | User authentication system |
US6360258B1 (en) * | 1998-08-31 | 2002-03-19 | 3Com Corporation | Network management software library allowing a sending and retrieval of multiple SNMP objects |
US6757280B1 (en) | 1998-10-02 | 2004-06-29 | Canon Kabushiki Kaisha | Assigning unique SNMP identifiers |
IL126552A (en) | 1998-10-13 | 2007-06-03 | Nds Ltd | Remote administration of smart cards for secure access systems |
US6257486B1 (en) | 1998-11-23 | 2001-07-10 | Cardis Research & Development Ltd. | Smart card pin system, card, and reader |
US6272542B1 (en) | 1998-12-10 | 2001-08-07 | International Business Machines Corporation | Method and apparatus for managing data pushed asynchronously to a pervasive computing client |
US6356949B1 (en) * | 1999-01-29 | 2002-03-12 | Intermec Ip Corp. | Automatic data collection device that receives data output instruction from data consumer |
US6615264B1 (en) | 1999-04-09 | 2003-09-02 | Sun Microsystems, Inc. | Method and apparatus for remotely administered authentication and access control |
US20040040026A1 (en) | 1999-06-08 | 2004-02-26 | Thinkpulse, Inc. | Method and System of Linking a Smart Device Description File with the Logic of an Application Program |
US7096282B1 (en) | 1999-07-30 | 2006-08-22 | Smiths Medical Pm, Inc. | Memory option card having predetermined number of activation/deactivation codes for selectively activating and deactivating option functions for a medical device |
US7020697B1 (en) | 1999-10-01 | 2006-03-28 | Accenture Llp | Architectures for netcentric computing systems |
JP2001109638A (en) | 1999-10-06 | 2001-04-20 | Nec Corp | Method and system for distributing transaction load based on estimated extension rate and computer readable recording medium |
JP2001147868A (en) * | 1999-11-19 | 2001-05-29 | Mitsubishi Electric Corp | Remote transmission and reception system for control equipment |
US6601200B1 (en) * | 1999-11-24 | 2003-07-29 | International Business Machines Corporation | Integrated circuit with a VLSI chip control and monitor interface, and apparatus and method for performing operations on an integrated circuit using the same |
AU2001230955A1 (en) * | 2000-01-18 | 2001-07-31 | Richard Liming | System and method providing a spatial location context |
GB0001230D0 (en) | 2000-01-19 | 2000-03-08 | Softcard Solutions Ltd | Smart card application builder system |
US6853864B2 (en) * | 2000-02-02 | 2005-02-08 | Catholic University Of America, The | Use of electromagnetic fields in cancer and other therapies |
CN1152350C (en) | 2000-02-18 | 2004-06-02 | 西帕克公司 | Method and device for identification and authentication |
US7051098B2 (en) | 2000-05-25 | 2006-05-23 | United States Of America As Represented By The Secretary Of The Navy | System for monitoring and reporting performance of hosts and applications and selectively configuring applications in a resource managed system |
US20020199096A1 (en) | 2001-02-25 | 2002-12-26 | Storymail, Inc. | System and method for secure unidirectional messaging |
WO2002021413A2 (en) | 2000-09-05 | 2002-03-14 | Zaplet, Inc. | Methods and apparatus providing electronic messages that are linked and aggregated |
US6959394B1 (en) | 2000-09-29 | 2005-10-25 | Intel Corporation | Splitting knowledge of a password |
US7036146B1 (en) | 2000-10-03 | 2006-04-25 | Sandia Corporation | System and method for secure group transactions |
US6823453B1 (en) | 2000-10-06 | 2004-11-23 | Hewlett-Packard Development Company, L.P. | Apparatus and method for implementing spoofing-and replay-attack-resistant virtual zones on storage area networks |
US7143347B2 (en) | 2001-02-02 | 2006-11-28 | Opentv, Inc. | Method and apparatus for reformatting of content for display on interactive television |
US7033611B2 (en) * | 2001-02-23 | 2006-04-25 | Biora Bioex Ab | Matrix protein compositions for guided connective tissue growth |
JP4574052B2 (en) * | 2001-04-18 | 2010-11-04 | キヤノン株式会社 | PRINT CONTROL DEVICE, ITS CONTROL METHOD, AND PRINT SYSTEM |
FI111115B (en) | 2001-06-05 | 2003-05-30 | Nokia Corp | Method and system for key exchange in a computer network |
CN1177435C (en) | 2001-08-24 | 2004-11-24 | 华为技术有限公司 | Hierarchical management system for distributed network management platform |
US7242694B2 (en) | 2001-10-31 | 2007-07-10 | Juniper Networks, Inc. | Use of group poll scheduling for broadband communication systems |
US7853643B1 (en) | 2001-11-21 | 2010-12-14 | Blue Titan Software, Inc. | Web services-based computing resource lifecycle management |
US6857566B2 (en) | 2001-12-06 | 2005-02-22 | Mastercard International | Method and system for conducting transactions using a payment card with two technologies |
US7206936B2 (en) | 2001-12-19 | 2007-04-17 | Northrop Grumman Corporation | Revocation and updating of tokens in a public key infrastructure system |
US7092915B2 (en) | 2002-01-07 | 2006-08-15 | International Business Machines Corporation | PDA password management tool |
US7181489B2 (en) | 2002-01-10 | 2007-02-20 | International Business Machines Corporation | Method, apparatus, and program for distributing a document object model in a web server cluster |
US7624441B2 (en) | 2002-01-17 | 2009-11-24 | Elad Barkan | CA in a card |
US7107460B2 (en) | 2002-02-15 | 2006-09-12 | International Business Machines Corporation | Method and system for securing enablement access to a data security device |
ITTO20020325A1 (en) * | 2002-04-12 | 2003-10-13 | Telecom Italia Lab Spa | ,, PROCEDURE FOR ORGANIZING COMMUNICATION BETWEEN MANAGING OBJECTS AND OBJECTS MANAGED IN A TELEMATIC NETWORK. RELATED ARCHITECTURE AND PRODUCT |
US7936710B2 (en) | 2002-05-01 | 2011-05-03 | Telefonaktiebolaget Lm Ericsson (Publ) | System, apparatus and method for sim-based authentication and encryption in wireless local area network access |
US6965674B2 (en) * | 2002-05-21 | 2005-11-15 | Wavelink Corporation | System and method for providing WLAN security through synchronized update and rotation of WEP keys |
US7898385B2 (en) | 2002-06-26 | 2011-03-01 | Robert William Kocher | Personnel and vehicle identification system using three factors of authentication |
US7035949B2 (en) | 2002-07-29 | 2006-04-25 | M-System Flash Dist Pioneers Ltd. | Multipurpose processor, system and method |
US7070091B2 (en) * | 2002-07-29 | 2006-07-04 | The Code Corporation | Systems and methods for interfacing object identifier readers to multiple types of applications |
CN1675878A (en) | 2002-08-20 | 2005-09-28 | 皇家飞利浦电子股份有限公司 | Mobile network authentication for protecting stored content |
US20050044385A1 (en) | 2002-09-09 | 2005-02-24 | John Holdsworth | Systems and methods for secure authentication of electronic transactions |
US7395435B2 (en) | 2002-09-20 | 2008-07-01 | Atmel Corporation | Secure memory device for smart cards |
US7194628B1 (en) | 2002-10-28 | 2007-03-20 | Mobile-Mind, Inc. | Methods and systems for group authentication using the naccache-stern cryptosystem in accordance with a prescribed rule |
US20040083378A1 (en) | 2002-10-29 | 2004-04-29 | Research Triangle Software, Inc. | Method, systems and devices for handling files while operated on in physically different computer devices |
US7130452B2 (en) | 2002-12-03 | 2006-10-31 | International Business Machines Corporation | System and method for multi-party validation, authentication and/or authorization via biometrics |
US20040158625A1 (en) | 2002-12-30 | 2004-08-12 | Wind River Systems, Inc. | System and method for efficient master agent utilization |
US20040204778A1 (en) | 2003-01-06 | 2004-10-14 | Harish Lalapeth | Method for persisting SNMP MIB data in files |
US7349980B1 (en) | 2003-01-24 | 2008-03-25 | Blue Titan Software, Inc. | Network publish/subscribe system incorporating Web services network routing architecture |
US7295524B1 (en) | 2003-02-18 | 2007-11-13 | Airwave Wireless, Inc | Methods, apparatuses and systems facilitating management of airspace in wireless computer network environments |
US7188769B2 (en) | 2003-04-07 | 2007-03-13 | Silverbrook Research Pty Ltd | Laser scanner using rotating holographic optical element |
US6880752B2 (en) | 2003-04-16 | 2005-04-19 | George V. Tarnovsky | System for testing, verifying legitimacy of smart card in-situ and for storing data therein |
US7469343B2 (en) | 2003-05-02 | 2008-12-23 | Microsoft Corporation | Dynamic substitution of USB data for on-the-fly encryption/decryption |
US7464385B1 (en) * | 2003-05-09 | 2008-12-09 | Vignette Corporation | Method and system for performing bulk operations on transactional items |
EP1486908A1 (en) | 2003-06-12 | 2004-12-15 | Axalto S.A. | Smart card with two I/O ports for linking secure and insecure environments |
JP2005011151A (en) | 2003-06-20 | 2005-01-13 | Renesas Technology Corp | Memory card |
GB0315156D0 (en) | 2003-06-28 | 2003-08-06 | Ibm | Identification system and method |
US8301809B2 (en) | 2003-07-02 | 2012-10-30 | Infortrend Technology, Inc. | Storage virtualization computer system and external controller thereof |
US20050061875A1 (en) | 2003-09-10 | 2005-03-24 | Zai Li-Cheng Richard | Method and apparatus for a secure RFID system |
US8244843B1 (en) * | 2003-10-20 | 2012-08-14 | ByteSphere Technologies, LLC | System and method for automated discovery and procurement of management information bases (MIBs) |
US7762470B2 (en) | 2003-11-17 | 2010-07-27 | Dpd Patent Trust Ltd. | RFID token with multiple interface controller |
US7213766B2 (en) | 2003-11-17 | 2007-05-08 | Dpd Patent Trust Ltd | Multi-interface compact personal token apparatus and methods of use |
US7471199B2 (en) | 2004-01-09 | 2008-12-30 | Intermec Ip Corp. | Mobile key using read/write RFID tag |
US7725784B2 (en) * | 2004-02-17 | 2010-05-25 | Institut National Polytechnique De Grenoble | Integrated circuit chip with communication means enabling remote control of testing means of IP cores of the integrated circuit |
AU2004316030B2 (en) | 2004-02-25 | 2011-04-28 | Accenture Global Services Limited | RFID protected media system and method using combination of RFID enabled objects |
EP1735947B1 (en) | 2004-02-27 | 2008-06-18 | Research In Motion Limited | System and method for communicating asynchronously with synchronous web services using a mediator service |
US7500108B2 (en) | 2004-03-01 | 2009-03-03 | Microsoft Corporation | Metered execution of code |
US20050228993A1 (en) | 2004-04-12 | 2005-10-13 | Silvester Kelan C | Method and apparatus for authenticating a user of an electronic system |
US7620041B2 (en) | 2004-04-15 | 2009-11-17 | Alcatel-Lucent Usa Inc. | Authentication mechanisms for call control message integrity and origin verification |
US20050262229A1 (en) | 2004-04-16 | 2005-11-24 | Samsung Electronics Co., Ltd. | Object conduit MIB for communicating over SNMP between distributed objects |
EP1749261A4 (en) | 2004-04-22 | 2009-09-30 | Fortress Gb Ltd | Multi-factor security system with portable devices and security kernels |
CN100502390C (en) | 2004-06-08 | 2009-06-17 | 华为技术有限公司 | Asynchronous communication mechanism processing method based on simple network management protocol |
JP4351591B2 (en) * | 2004-07-07 | 2009-10-28 | 富士通株式会社 | Server system and server |
US7581253B2 (en) * | 2004-07-20 | 2009-08-25 | Lenovo (Singapore) Pte. Ltd. | Secure storage tracking for anti-virus speed-up |
FR2873467A1 (en) | 2004-07-26 | 2006-01-27 | Proton World Internatinal Nv | RECORDING A KEY IN AN INTEGRATED CIRCUIT |
WO2006015145A2 (en) | 2004-07-29 | 2006-02-09 | Rsa Security Inc. | Methods and apparatus for rfid device authentication |
US7472186B2 (en) | 2004-09-09 | 2008-12-30 | International Business Machines Corporation | Method for using SNMP as an RPC mechanism for exporting the data structures of a remote library |
JP4820073B2 (en) | 2004-09-10 | 2011-11-24 | ソニー株式会社 | Information processing system, electronic device, information processing method, computer-processable program, and recording medium |
US7406592B1 (en) | 2004-09-23 | 2008-07-29 | American Megatrends, Inc. | Method, system, and apparatus for efficient evaluation of boolean expressions |
US7788103B2 (en) * | 2004-10-18 | 2010-08-31 | Nuance Communications, Inc. | Random confirmation in speech based systems |
US7784089B2 (en) | 2004-10-29 | 2010-08-24 | Qualcomm Incorporated | System and method for providing a multi-credential authentication protocol |
US20060132304A1 (en) | 2004-12-06 | 2006-06-22 | Cabell Dennis J | Rule-based management of objects |
JP2006180223A (en) | 2004-12-22 | 2006-07-06 | Fujitsu Ltd | Communication system |
JP4869259B2 (en) * | 2005-02-11 | 2012-02-08 | ジエマルト・エス・アー | System and method for data communication allowing a slave device to become a network peer |
EP1705941A1 (en) | 2005-03-24 | 2006-09-27 | BRITISH TELECOMMUNICATIONS public limited company | Secure communication of password information in a network |
JP2006268682A (en) | 2005-03-25 | 2006-10-05 | Fujitsu Ltd | Authentication system, control method therefor, information processing system and portable authentication device |
EP1710725B1 (en) | 2005-04-06 | 2018-10-31 | Assa Abloy AB | Secure digital credential sharing arrangement |
US7716355B2 (en) * | 2005-04-18 | 2010-05-11 | Cisco Technology, Inc. | Method and apparatus for processing simple network management protocol (SNMP) requests for bulk information |
US7945788B2 (en) | 2005-05-03 | 2011-05-17 | Strong Bear L.L.C. | Removable drive with data encryption |
US8967476B2 (en) | 2005-09-09 | 2015-03-03 | Assa Abloy Ab | Synchronization techniques in multi-technology/multi-frequency RFID reader arrays |
US20070064623A1 (en) | 2005-09-16 | 2007-03-22 | Dell Products L.P. | Method to encapsulate SNMP over serial attached SCSI for network management operations to manage external storage subsystems |
US8090945B2 (en) | 2005-09-16 | 2012-01-03 | Tara Chand Singhal | Systems and methods for multi-factor remote user authentication |
US20070067833A1 (en) | 2005-09-20 | 2007-03-22 | Colnot Vincent C | Methods and Apparatus for Enabling Secure Network-Based Transactions |
EP1788530A3 (en) | 2005-11-21 | 2007-09-05 | Assa Abloy Identification Technology Group AB | Method of migrating RFID transponders in situ |
WO2007076476A2 (en) | 2005-12-22 | 2007-07-05 | Mastercard International Incorporated | Methods and systems for two-factor authentication using contactless chip cards or devices and mobile devices or dedicated personal readers |
US9118656B2 (en) | 2006-01-26 | 2015-08-25 | Imprivata, Inc. | Systems and methods for multi-factor authentication |
US7877469B2 (en) | 2006-02-01 | 2011-01-25 | Samsung Electronics Co., Ltd. | Authentication and authorization for simple network management protocol (SNMP) |
US8769127B2 (en) | 2006-02-10 | 2014-07-01 | Northrop Grumman Systems Corporation | Cross-domain solution (CDS) collaborate-access-browse (CAB) and assured file transfer (AFT) |
US8166114B2 (en) | 2006-02-21 | 2012-04-24 | Strangeloop Networks, Inc. | Asynchronous context data messaging |
US7788371B2 (en) * | 2006-03-20 | 2010-08-31 | Cisco Technology, Inc. | Exporting management information base data using IPFIX |
US7500606B2 (en) | 2006-04-14 | 2009-03-10 | Harexinfotech, Inc. | Method of settling signatureless payment of bank card sales slip in mobile terminal, and system therefor |
US7822406B2 (en) | 2006-04-21 | 2010-10-26 | Cisco Technology, Inc. | Simplified dual mode wireless device authentication apparatus and method |
US7552467B2 (en) | 2006-04-24 | 2009-06-23 | Jeffrey Dean Lindsay | Security systems for protecting an asset |
US8429724B2 (en) | 2006-04-25 | 2013-04-23 | Seagate Technology Llc | Versatile access control system |
WO2008105779A2 (en) | 2006-05-22 | 2008-09-04 | Corestreet, Ltd. | Secure id checking |
US20080022380A1 (en) | 2006-05-25 | 2008-01-24 | Gemalto, Inc. | Method of patching applications on small resource-constrained secure devices |
WO2008001322A2 (en) | 2006-06-30 | 2008-01-03 | International Business Machines Corporation | Message handling at a mobile device |
US8090944B2 (en) | 2006-07-05 | 2012-01-03 | Rockstar Bidco Lp | Method and apparatus for authenticating users of an emergency communication network |
US8074271B2 (en) | 2006-08-09 | 2011-12-06 | Assa Abloy Ab | Method and apparatus for making a decision on a card |
US20080133391A1 (en) | 2006-09-05 | 2008-06-05 | Kerry Ivan Kurian | User interface for sociofinancial systems and methods |
US20080257952A1 (en) | 2007-04-18 | 2008-10-23 | Andre Luis Zandonadi | System and Method for Conducting Commercial Transactions |
EP2048591B1 (en) | 2007-10-09 | 2018-01-24 | Vodafone Holding GmbH | Method for communication, communication device and secure processor |
US7925733B2 (en) * | 2007-12-12 | 2011-04-12 | International Business Machines Corporation | Generating unique object identifiers for network management objects |
JP5093598B2 (en) * | 2008-03-28 | 2012-12-12 | 富士通株式会社 | Control relay program, control relay device, and control relay method |
EP2338244B1 (en) | 2008-09-12 | 2021-06-16 | Assa Abloy Ab | Use of a secure element for writing to and reading from machine readable credentials |
US8136736B2 (en) | 2008-12-09 | 2012-03-20 | Vasco Data Security, Inc. | Slim electronic device with detector for unintentional activation |
-
2009
- 2009-06-08 US US12/480,505 patent/US9032058B2/en not_active Expired - Fee Related
-
2010
- 2010-03-08 JP JP2011554098A patent/JP2012520506A/en active Pending
- 2010-03-08 RU RU2011141076/08A patent/RU2011141076A/en not_active Application Discontinuation
- 2010-03-08 MX MX2011009618A patent/MX2011009618A/en active IP Right Grant
- 2010-03-08 KR KR1020117024084A patent/KR20120002587A/en not_active Application Discontinuation
- 2010-03-08 CA CA2755367A patent/CA2755367A1/en not_active Abandoned
- 2010-03-08 AU AU2010222859A patent/AU2010222859A1/en not_active Abandoned
- 2010-03-08 BR BRPI1006454A patent/BRPI1006454A2/en not_active IP Right Cessation
- 2010-03-08 CN CN2010800209549A patent/CN102422598A/en active Pending
- 2010-03-08 EP EP10751224.6A patent/EP2406919A4/en not_active Withdrawn
- 2010-03-08 WO PCT/US2010/026477 patent/WO2010104771A1/en active Application Filing
-
2011
- 2011-09-11 IL IL215092A patent/IL215092A0/en unknown
- 2011-09-28 ZA ZA2011/07097A patent/ZA201107097B/en unknown
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5572195A (en) * | 1994-08-01 | 1996-11-05 | Precision Tracking Fm, Inc. | Sensory and control system for local area networks |
US6675351B1 (en) * | 1999-06-15 | 2004-01-06 | Sun Microsystems, Inc. | Table layout for a small footprint device |
US7506041B1 (en) * | 2003-08-01 | 2009-03-17 | Avocent Corporation | Secure management protocol |
US20050105508A1 (en) * | 2003-11-14 | 2005-05-19 | Innomedia Pte Ltd. | System for management of Internet telephony equipment deployed behind firewalls |
EP1724684A1 (en) * | 2005-05-17 | 2006-11-22 | BUSI Incubateur d'entreprises d'AUVEFGNE | System and method for task scheduling, signal analysis and remote sensor |
US20100077091A1 (en) * | 2008-09-22 | 2010-03-25 | Sarkar Sujoy | Method And System For Managing A Hierarchical Information Base With An Application Layer Protocol |
Non-Patent Citations (1)
Title |
---|
See also references of EP2406919A4 * |
Also Published As
Publication number | Publication date |
---|---|
US20100235487A1 (en) | 2010-09-16 |
CA2755367A1 (en) | 2010-09-16 |
US9032058B2 (en) | 2015-05-12 |
AU2010222859A1 (en) | 2011-10-06 |
MX2011009618A (en) | 2012-02-28 |
EP2406919A4 (en) | 2013-05-29 |
EP2406919A1 (en) | 2012-01-18 |
BRPI1006454A2 (en) | 2018-02-27 |
KR20120002587A (en) | 2012-01-06 |
RU2011141076A (en) | 2013-04-20 |
ZA201107097B (en) | 2012-06-27 |
IL215092A0 (en) | 2011-11-30 |
JP2012520506A (en) | 2012-09-06 |
CN102422598A (en) | 2012-04-18 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US9032058B2 (en) | Use of SNMP for management of small footprint devices | |
US8527613B2 (en) | Provisioned firmware updates using object identifiers | |
US7751339B2 (en) | Method and apparatus for simply configuring a subscriber appliance for performing a service controlled by a separate service provider | |
EP1384369B1 (en) | Method and system for establishing a communications pipe between a personal security device and a remote computer system | |
US11102014B2 (en) | Method for handling data in a secure container | |
EP2557755B1 (en) | Securely Performing Commands from a Remote Source | |
Cooper et al. | Fido device onboard specification 1.1 | |
CN113630374A (en) | Method for realizing safety communication with target device through network | |
US11831775B1 (en) | Using secure tokens for stateless software defined networking | |
WO2021047765A1 (en) | Profile handling of a batch of identity modules | |
CN112333214B (en) | Safe user authentication method and system for Internet of things equipment management | |
US11949664B2 (en) | Machine to machine communications | |
US10033528B2 (en) | Method of communicating between a server and a secure element | |
Scheid et al. | Edge2BC: a Practical Approach for Edge-to-Blockchain IoT Transactions | |
JP6874318B2 (en) | Electronic information storage medium, IC card, support information update method, and support information update program | |
Martín et al. | Learning from failures: A lightweight approach to run-time behavioural adaptation | |
Logger | II. BACKGROUND |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
WWE | Wipo information: entry into national phase |
Ref document number: 201080020954.9 Country of ref document: CN |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 10751224 Country of ref document: EP Kind code of ref document: A1 |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2011554098 Country of ref document: JP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2755367 Country of ref document: CA Ref document number: 2010222859 Country of ref document: AU Ref document number: MX/A/2011/009618 Country of ref document: MX |
|
ENP | Entry into the national phase |
Ref document number: 2010222859 Country of ref document: AU Date of ref document: 20100308 Kind code of ref document: A |
|
WWE | Wipo information: entry into national phase |
Ref document number: 7822/DELNP/2011 Country of ref document: IN |
|
REEP | Request for entry into the european phase |
Ref document number: 2010751224 Country of ref document: EP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2010751224 Country of ref document: EP |
|
ENP | Entry into the national phase |
Ref document number: 2011141076 Country of ref document: RU Kind code of ref document: A Ref document number: 20117024084 Country of ref document: KR Kind code of ref document: A |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
REG | Reference to national code |
Ref country code: BR Ref legal event code: B01A Ref document number: PI1006454 Country of ref document: BR |
|
ENP | Entry into the national phase |
Ref document number: PI1006454 Country of ref document: BR Kind code of ref document: A2 Effective date: 20110912 |