View All Documents & Correspondence
Method And System For Accessing An Edge Device
Abstract: The disclosure relates to method and system for accessing an edge device is disclosed. The method may include receiving a request from a user device to access a target edge device of a plurality of edge devices and sending a tunnelling request to the target edge device to create a tunnel between the cloud server and the target edge device. The method may further include registering the tunnel to the target edge device using a token and mapping the token with a plurality of ports to initiate a connection with the edge device via a port of the plurality of predefined ports. The method may further include populating an affinity cookie at the target edge device and initiating an access session between the user device and the target edge device based on the token and the affinity cookie.
Notices, Deadlines & Correspondence
Patent Information
Applicants
HCL Technologies Limited
Inventors
1. Simy Chacko
2. Venkatesh Shankar
3. Ramesh Gurusamy
4. Jose Vincent
Specification
This disclosure relates generally to Internet of Things (IOT) networks, and more particularly to a method and system for a trusted and secured access of an edge device in an IOT network.
Background
[002] An Internet of Things (IoT) network includes IoT devices that connect and exchange data with other devices and servers over Internet or other communications networks. Examples of IoT devices may include home consumer devices (e.g. light bulbs and security devices), home appliances (e.g. refrigerators and washers), etc. The IoT network may further include edge devices at which data is collected and processed, such that at an intersection of two networks, an edge device can control data flow. These edge devices may be separate or inbuilt with the IoT devices. The edge devices may perform functions of transmission, routing, processing, monitoring, filtering, translation, and storage of data passing between networks.
[003] As will be appreciated, a variety of methods can be used to access an edge device. For example, web-based user interfaces may assist edge devices and connected embedded systems in device configuration, control, and monitoring. Further, an HTTP(S) connection between the web browser and the device's web server may be required for securely accessing the edge device. For example, webpages are supposed to use TLS 1.2+ for HTTP(S) connection access. However, this may require certificates to be issued by a trusted third party. This may not be possible to achieve with edge device deployment, since hostname/IP of edge devices are determined only at the time of deployment, and it is difficult and costly to get certificate from public Certificate Authority (CA) providers.
[004] Since a secure remote access to edge devices is one of fundamental building blocks of the IoT networks, there is a growing demand for technology that allows the interaction between user, cloud, and IOT devices to be performed securely in a way that protects the privacy of the data being exchanged in the interactions.
SUMMARY
[005] In an embodiment, a method of accessing an edge device is disclosed. In one example, the method may include receiving an access request from a user device to access a target edge device of a plurality of edge devices. The access request may include an identity of the target edge device. The method may further include sending a tunnelling request to the target edge device to create a tunnel between the cloud server and the target edge device. The method may further include registering the tunnel to the target edge device using a token. The token may be randomly generated by the target edge device based on the tunnelling request. The method may further include mapping the token with a plurality of ports by the cloud server to initiate a connection with the edge device via a port of the plurality of predefined ports. The method may further include populating an affinity cookie at the target edge device, and initiating an access session between the user device and the target edge device based on the token and the affinity cookie.
[006] In another embodiment, an edge device is disclosed. In one example, the edge device may include a processor and a memory communicatively coupled to the processor, wherein the memory stores processor-executable instructions, which, on execution, may cause the processor to receive an access request from a user device to access a target edge device of a plurality of edge devices. The access request may include an identity of the target edge device. The processor-executable instructions, on execution, may further cause the processor to send a tunnelling request to the target edge device to create a tunnel between the cloud server and the target edge device. The processor-executable instructions, on execution, may further cause the processor to register the tunnel to the target edge device using a token. The token may be randomly generated by the target edge device based on the tunnelling request. The processor-executable instructions, on execution, may further cause the processor to map the token with a plurality of ports by the cloud server to initiate a connection with the edge device via a port of the plurality of predefined ports. The processor-executable instructions, on execution, may further cause the processor to populate an affinity cookie at the target edge device. The processor-executable instructions, on execution, may further cause the processor to initiate an access session between the user device and the target edge device based on the token and the affinity cookie.
[007] It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the invention, as claimed.
BRIEF DESCRIPTION OF THE DRAWINGS
[008] The accompanying drawings, which are incorporated in and constitute a part of this disclosure, illustrate exemplary embodiments and, together with the description, serve to explain the disclosed principles.
[009] FIG. 1 is a block diagram of an environment for accessing an edge device, in accordance with some embodiments of the present disclosure.
[010] FIG. 2 is a block diagram illustrating various modules within a memory of a cloud server configured to access an edge device, in accordance with some embodiments of the present disclosure.
[011] FIG. 3 illustrates a block diagram of an environment comprising an exemplary cloud server and an exemplary edge device, in accordance with some embodiments of the present disclosure.
[012] FIG. 4 is a flowchart of a method of accessing an edge device, in accordance with some embodiments of the present disclosure.
[013] FIG. 5 illustrates a block diagram of an exemplary computer system for implementing various embodiments.
DETAILED DESCRIPTION
[014] Exemplary embodiments are described with reference to the accompanying drawings. Wherever convenient, the same reference numbers are used throughout the drawings to refer to the same or like parts. While examples and features of disclosed principles are described herein, modifications, adaptations, and other implementations are possible without departing from the spirit and scope of the disclosed embodiments. It is intended that the following detailed description be considered as exemplary only, with the true scope and spirit being indicated by the following claims. Additional illustrative embodiments are listed below.
[015] One or more techniques for accessing an edge device are disclosed in this disclosure. An identity of each edge device is obtained and a certificate is issued to allows access to the edge device via a tunnel through the use of cookies, port matching and http-proxy at a cloud server side. In other words, access to the edge device is provided through a cloud server via a Uniform Resource Locator (URL), thereby making the edge device access dynamic and scalable.
[016] A large number of edge devices may be connected to a cloud server. To allow access to the edge device, a user (of the user device) may be first authenticated. Upon successful authentication, the cloud server sends a command to the edge device via push notification. A request to initiate an access session via tunneling is made through an access cookie and token. Further, a device identity is captured from user’s request. For example, the device identity may include a device serial number followed by domain helps to identify and verify the HTTPS certificate. Accordingly, the cloud server initiates a tunnelling to the edge device. The edge device then performs registering of the tunnel using a randomly generated token in cloud server.
[017] The cloud server may register the request and map the request with any available (predefined) port, using the token. The cloud server may further incorporate a custom reverse proxy agent and a tunneling agent to perform various operations. For example, the port with the token is made available from the custom reverse proxy agent. On a successful mapping, a cookie is populated at the edge device to establish the connection. As will be appreciated, the cookie may be a session affinity to ensure the distinct connection and binding between the cloud server and the edge device for the user request. The edge device receives the token and the cookie from the tunnel server, and responds back to the user for accessing the remote services user interface. The user invokes the UI with token and cookie that is taken via the remote services user interface and communicates with the tunnelling agent and binds the user’s request to the port with the provided token.
[018] The above techniques provide for protecting and providing high security for data, infrastructure etc. in an edge device deployment environment. The techniques provide for securing and maintaining integrity of the connection between a user device and an edge device and establishing a seamless connection between the edge devices and the cloud server. As such, the techniques have minimal configuration overhead. Further, the techniques are compliant and safe to use with existing applications. Moreover, the techniques provide for an efficient, low-cost, easily scalable solution for accessing edge devices in the IoT environment.
[019] Referring now to FIG. 1, a block diagram of an environment 100 for accessing an edge device 110 is illustrated, in accordance with some embodiments of the present disclosure. With reference to FIG. 1, the environment 100 may include a user device 102, a cloud server 104, and the edge device 110.
[020] The user device 102 may be configured to access a server network (for example, the cloud server 104) and communicate with the edge device 110 via a secured gateway. By way of an example, a uniform resource locator (URL) or other address may be entered at the user device 102 directing the web browser to a particular server (such as, the cloud server 104). The web browser may generate a Hyper Text Transfer Protocol (HTTP) request and communicate the HTTP request to the cloud server 104. The cloud server 104 may accept the HTTP request and communicate with the edge device 110 using one or more Hyper Text Markup Language (HTML) files responsive to the HTTP request.
[021] In some embodiments, the user device 102 may include a computer system such as a desktop computer, notebook or laptop computer, netbook, a tablet computer, an e-book reader, a GPS device, a camera, a personal digital assistant (PDA), a handheld electronic device, a cellular telephone, a smartphone, an augmented/virtual reality device, an other suitable electronic device, or any suitable combination thereof and may also include a web browser, such as MICROSOFT INTERNET EXPLORER, GOOGLE CHROME or MOZILLA FIREFOX, and may have one or more add-ons, plug-ins, or other extensions, such as TOOLBAR or YAHOO TOOLBAR.
[022] In an embodiment, the cloud server 104 may be communicatively coupled to the edge device 110. The cloud server 104 may include suitable logic, circuitry, interfaces, and/or code that may be configured to store, maintain, and execute one or more software platforms and programs, such as AI programs and machine learning programs, online chat applications, and one or more databases that include historical data of answers in response to user queries (or query responses) for online interaction with one or more users.
[023] The cloud server 104 may be configured to perform one or more functionalities. For example, the one or more functionalities may include receiving an access request from the user device 102 to access a target edge device (i.e. the edge device 110) of a plurality of edge devices. The access request may include an identity of the target edge device. The one or more functionalities may further include sending a tunnelling request to the target edge device 110 to create a tunnel between the cloud server 104 and the target edge device 110, and registering the tunnel to the target edge device 110 using a token. The token may be randomly generated by the target edge device 110 based on the tunnelling request. The one or more functionalities may further include mapping the token with a plurality of ports to initiate a connection with the target edge device 110 via a port of the plurality of predefined ports, and upon mapping, populating an affinity cookie at the target edge device 110. The target edge device 110 may send the token and the affinity cookie to the cloud server 104 via the tunnel. The one or more functionalities may further include initiating an access session between the user device 102 and the target edge device 110 based on the token and the affinity cookie.
[024] In order to perform the above one or more functionalities, the in some embodiments, the cloud server 104 may include a processor 106 that is communicatively coupled to a memory 108. The memory 108, for example, may be a non-volatile memory or a volatile memory. Examples of non-volatile memory may include, but are not limited to, a flash memory, a Read Only Memory (ROM), a Programmable ROM (PROM), Erasable PROM (EPROM), and Electrically EPROM (EEPROM) memory. Examples of volatile memory may include, but are not limited to, a Dynamic Random Access Memory (DRAM) and a Static Random-Access Memory (SRAM). The memory 108 may further include various modules that enable the cloud server 104 for accessing the edge device 110. These modules are further explained in detail in conjunction with FIG. 2.
[025] It may be noted that the cloud server 104, the edge device 110, and the user device 102 may be wirelessly connected via a cloud network. In some embodiments, the cloud network may be a wireless network and the examples may include, but are not limited to, the Internet of Things network, a Wireless Local Area Network (WLAN), a Wi-Fi network, a Long Term Evolution (LTE) network, a Worldwide Interoperability for Microwave Access (WiMAX) network, a Bluetooth network, and a General Packet Radio Service (GPRS) network.
[026] The edge device 110 may be configured to perform one or more functionalities in coordination with the cloud server 104. These one or more functionalities, for example, may include receiving the tunnelling request to create the tunnel between the cloud server 104 and the edge device 110, in response to the cloud server 104 receiving the access request from the user device 192 to access the edge device 110. The access request may include an identity of the edge device 110. The one or more functionalities may include generating a token based on the tunnelling request to register at the cloud server 104 the tunnel to the edge device 110. The tunnel may be registered using the token, in that the token may be mapped with a plurality of predefined ports to initiate a connection between the cloud server 104 and the edge device 110 via a port of the plurality of predefined ports. Upon mapping, an affinity cookie is populated at the edge device 110. The one or more functionalities may further include sending the token and the affinity cookie to the cloud server 104 via the tunnel. An access session is initiated between the user device 102 and the edge device 110 based on the token and the affinity cookie.
[027] To perform the above one or more functionalities, the edge device 110 may include a processor 112 and a memory 114. The memory 114 may store instructions that, when executed by the processor 112, cause the processor 112 to perform one or more functionalities, in accordance with aspects of the present disclosure. The memory 114 may also store various data (for example, user credentials, device serial number, domain name and the like) that may be captured, processed, and/or required by the edge device 110. The memory 114 of the edge device 110 may include various modules which are explained in detail in conjunction with FIG. 3.
[028] As will be appreciated by one skilled in the art, a variety of processes, for example, the processes discussed herein, may be employed for accessing the edge device 110. In particular, as will be appreciated by those of ordinary skill in the art, control logic and/or automated routines for performing the techniques and steps described herein may be implemented by the cloud server 104 either by hardware, software, or combinations of hardware and software. For example, suitable code may be accessed and executed by the one or more processors on the cloud server 104 to perform some or all of the techniques described herein. Similarly, application specific integrated circuits (ASICs) configured to perform some or all of the processes described herein may be included in the one or more processors on the cloud server 104.
[029] Referring now to FIG. 2, a block diagram 200 of a cloud server 202 (corresponding to the cloud server 104) is illustrated, in accordance with some embodiments of the present disclosure. As shown in FIG. 2, the cloud server 202 may include a memory 204 (corresponding to the memory 108). In some embodiments, the memory 204 may include an authentication module 206, a remote services user interface (UI) module 208, and a tunnel server 210. The tunnel server 210 may further include a tunneling management module 212 and a tunneling operator module 214. The tunneling operator module 214 may further include a custom reverse proxy agent 214A and a tunneling agent 214B.
[030] The authentication module 206 may be configured to authenticate a user, when the user is trying to access an edge device (e.g. the edge device 110) via the cloud server 202 using a user device (e.g. the user device 102). In some embodiments, the authentication module 206 may authenticate the user based on user credentials, which may include, but not limited to, a name, a username, a password, a fingerprint, a retina scan of the user. Upon successful authentication, an authorization certificate may be provided to the user to access the edge device 110. In some embodiments, the authorization certificate may be accessible via a uniform resource locator (URL) (for example, https://device-serial-no.remoteservices.com).
[031] The remote services UI module 208 may be configured to enable to a user to use the remote services UI user to make the request to access the edge device. The remote services UI module 208 may further perform various operations via the tunnelling management module 212 along with the support of a UI. In some embodiments, the remote services UI module 208 may be configured to receive an access request from the user device 102 to access a target edge device (for example, the edge device 110) of a plurality of edge devices (not shown in FIG. 2). It may be noted that the access request may be received from the user using the UI and via the remote services UI module 208. The access request may include an identity of the target edge device 110. For example, the identity of the target edge device 110 may include a device serial number and a domain name. Once an access to the target edge device 110 is approved, an access session may be started between the user device 102 and the edge device 110. It may be noted that the access session between the user device 102 and the target edge device 110 may be for a predetermined time period.
[032] The tunnelling management module 212 of the tunnel server 210 may be configured to send notification to the edge device 110 for tunneling. The tunnelling management module 212 may be further configured to manage user connections, manage affinity, and to interact with remote services UI module 208. The tunnelling management module 212 may predominantly be configured to register the edge device 110 in the tunnel server 210.
[033] The tunneling operator module 214 may be configured to register a tunnel to the target edge device 110 using a token. The tunnel may be registered using the tunneling agent 214B which may be incorporated in the tunneling operator module 214. A tunneling request may be sent to the target edge device 110 via a push notification. The tunneling agent 214B may initiate interaction via the tunnel between the user device 102 and the edge device 110.
[034] Referring now to FIG. 3, a block diagram of an environment 300 including an exemplary cloud server 300A (corresponding to the cloud server 104) and an exemplary edge device 300B (corresponding to the edge device 110) is illustrated, in accordance with some embodiments. As shown in FIG. 3, the cloud server 300A may include a memory 302A (corresponding to the memory 108) which may further include a receiving module 304, a tunnelling request sending module 306, a registering module 308, a mapping module 310, a populating module 312, and an access session initiating module 314.
[035] The receiving module 304 may receive an access request from the user device 102 to access the target edge device 300B. As an example, a user may send the access request from the user device 102 to the cloud server 300A to access the target edge device 300B of a plurality of edge devices. It may be noted that the cloud server 300A may authenticate the user device 102 based on user credentials and upon successful authentication, the cloud server 300A may allow the user device 102 to access the target edge device 300B. The authentication may be made and managed in the cloud server 300A.
[036] The tunnelling request sending module 306 may send a tunneling request to the target edge device 300B to create a tunnel between the cloud server 300A and the target edge device 300B. It may be noted that the tunnelling request may be sent to the target edge device 300B via a push notification.
[037] The registering module 308 may register the tunnel to the target edge device 300B using a token. The token may be randomly generated by the target edge device 300B based on the tunnelling request. In some embodiments, the tunnel may be registered using the tunnelling agent 214B. The mapping module 310 may map the token with a plurality of ports to initiate a connection with the edge device 300B via a port of the plurality of predefined ports. For example, the plurality of ports may be provided by the custom reverse proxy agent 214A.
[038] Upon mapping, the populating module 312 may populate an affinity cookie at the target edge device 300B. The target edge device 300B may the send the token and the affinity cookie to the cloud server 300A via the tunnel. It may be noted that the affinity cookie may be a session affinity to ensure a distinct connection and binding between the cloud server 300A and the target edge device 300B for the user request.
[039] The access session initiating module 314 may initiate the access session between the user device 102 and the target edge device 300B based on the token and the affinity cookie so as to enable the user to perform various operations on the target edge device 300B. It may be noted that the access session between the user device 102 and the target edge device 300B may be for a predetermined time period.
[040] The edge device 300B may include a memory 302B which may further include a receiving module 316, a token generating module 318, and a transmission module 320. The edge device 300B and the memory 302B may be analogous to the edge device 110 and the memory 114 of the environment 100.
[041] In an embodiment, the receiving module 316 may receive the tunneling request to create a tunnel between the cloud server 300A and the edge device 300B. In some embodiments, the receiving module 316 may receive the access request from the user device 102 to access the edge device 300B. It may be noted that the access request may be received from the user via the remote services UI module 208. The access request may include an identity of the edge device 300B. The identity of the edge device may further include a device serial number and domain name.
[042] The token generating module 318 may generate the token based on the tunneling request to register at the cloud server 300A the tunnel to the edge device 300B. It may be noted that the tunnel may be registered using the token. The token may be mapped with a plurality of predefined ports to initiate a connection between the cloud server 300A and the edge device 300B via a port of the plurality of predefined ports. Upon mapping, the affinity cookie may be populated at the edge device 300B.
[043] The transmission module 320 may send the token and the affinity cookie to the cloud server 300A via the tunnel. In some embodiments, based on the token and the affinity cookie, an access session may be initiated between the user device 102 and the edge device 300B. It may be noted that the access session between the user device 102 and the edge device 300B may be for a predetermined time period.
[044] Referring now to FIG. 4, a flowchart of a method 400 of accessing an edge device 110 is illustrated, in accordance with some embodiments of the present disclosure. In some embodiments, the method 400 may be performed by the cloud server 104.
[045] At step 402, an access request from the user device 102 may be received to access a target edge device (i.e. the edge device 110) of a plurality of available edge devices. In some embodiments, the access request may be received from the user device 102 via the remote services User Interface. The access request may include an identity of the target edge device 110. The identity of the target edge device may include a device serial number and domain name. By way of an example, the may user send the access request from the user device 102 to the cloud server 104 to access the target edge device 110 of the plurality of edge devices. Further, the cloud server 104 may authenticate the user device 102 based on user credentials, and upon successful authentication the user device 102, the user device 102 may be allowed to access the target edge device 110. It may be noted that the authentication may be performed by the cloud server 104.
[046] In some embodiments, the user device 102 (i.e. the user) may be first authenticated. For example, the user may be authenticated based on user credentials, which may include, but not limited to, a name, a username, a password, a fingerprint, a retina scan of the user. Upon successful authentication, the user device 102 may be allowed to access the target edge device 110.
[047] At step 404, a tunneling request may be sent to the target edge device 110 to create a tunnel between the cloud server 104 and the target edge device 110. It may be noted that the tunneling request may be sent to the target edge device 110 via a push notification.
[048] At step 406, the tunnel to the target edge device 110 may be registered using a token. It may be noted that the tunnel may be registered by the tunnelling agent 214B. Further, the token may be randomly generated by the target edge device 110 based on the tunneling request.
[049] At step 408, the token may be mapped with a plurality of ports to initiate a connection with the target edge device 110 via a port of the plurality of predefined ports. The plurality of ports may be provided by a custom reverse proxy agent 214A. Upon successful mapping, at step 410, an affinity cookie maybe populated at the target edge device 110. The target edge device 110 may the send the token and the affinity cookie to the cloud server 104 via the tunnel.
[050] At step 412 an access session may be initiated between the user device 102 and the target edge device 110 based on the token and the affinity cookie, thereby enabling the user to connect and access the target edge device 110. In some embodiments, the access session may be established for a predetermined time period, upon which the access session may be automatically terminated. In some embodiments, when any new request is initiated by the user for accessing the edge device 110, a new connection may be established for further proceeding.
[051] As will be also appreciated, the above-described techniques may take the form of computer or controller implemented processes and apparatuses for practicing those processes. The disclosure can also be embodied in the form of computer program code containing instructions embodied in tangible media, such as floppy diskettes, solid state drives, CD-ROMs, hard drives, or any other computer-readable storage medium, wherein, when the computer program code is loaded into and executed by a computer or controller, the computer becomes an apparatus for practicing the invention. The disclosure may also be embodied in the form of computer program code or signal, for example, whether stored in a storage medium, loaded into and/or executed by a computer or controller, or transmitted over some transmission medium, such as over electrical wiring or cabling, through fiber optics, or via electromagnetic radiation, wherein, when the computer program code is loaded into and executed by a computer, the computer becomes an apparatus for practicing the invention. When implemented on a general-purpose microprocessor, the computer program code segments configure the microprocessor to create specific logic circuits.
[052] The disclosed methods and systems may be implemented on a conventional or a general-purpose computer system, such as a personal computer (PC) or server computer. Referring now to FIG. 5, an exemplary computing system 500 that may be employed to implement processing functionality for various embodiments (e.g., as a SIMD device, client device, server device, one or more processors, or the like) is illustrated. Those skilled in the relevant art will also recognize how to implement the invention using other computer systems or architectures. The computing system 500 may represent, for example, a user device such as a desktop, a laptop, a mobile phone, personal entertainment device, DVR, and so on, or any other type of special or general-purpose computing device as may be desirable or appropriate for a given application or environment. The computing system 500 may include one or more processors, such as a processor 502 that may be implemented using a general or special purpose processing engine such as, for example, a microprocessor, microcontroller or other control logic. In this example, the processor 502 is connected to a bus 504 or other communication medium. In some embodiments, the processor 502 may be an Artificial Intelligence (AI) processor, which may be implemented as a Tensor Processing Unit (TPU), or a graphical processor unit, or a custom programmable solution Field-Programmable Gate Array (FPGA).
[053] The computing system 500 may also include a memory 506 (main memory), for example, Random Access Memory (RAM) or other dynamic memory, for storing information and instructions to be executed by the processor 502. The memory 506 also may be used for storing temporary variables or other intermediate information during execution of instructions to be executed by the processor 502. The computing system 500 may likewise include a read only memory (“ROM”) or other static storage device coupled to bus 804 for storing static information and instructions for the processor 502.
[054] The computing system 500 may also include storage devices 508, which may include, for example, a media drive 510 and a removable storage interface. The media drive 510 may include a drive or other mechanism to support fixed or removable storage media, such as a hard disk drive, a floppy disk drive, a magnetic tape drive, an SD card port, a USB port, a micro USB, an optical disk drive, a CD or DVD drive (R or RW), or other removable or fixed media drive. A storage media 512 may include, for example, a hard disk, magnetic tape, flash drive, or other fixed or removable medium that is read by and written to by the media drive 510. As these examples illustrate, the storage media 512 may include a computer-readable storage medium having stored therein particular computer software or data.
[055] In alternative embodiments, the storage devices 508 may include other similar instrumentalities for allowing computer programs or other instructions or data to be loaded into the computing system 500. Such instrumentalities may include, for example, a removable storage unit 514 and a storage unit interface 516, such as a program cartridge and cartridge interface, a removable memory (for example, a flash memory or other removable memory module) and memory slot, and other removable storage units and interfaces that allow software and data to be transferred from the removable storage unit 514 to the computing system 500.
[056] The computing system 500 may also include a communications interface 518. The communications interface 518 may be used to allow software and data to be transferred between the computing system 500 and external devices. Examples of the communications interface 518 may include a network interface (such as an Ethernet or other NIC card), a communications port (such as for example, a USB port, a micro USB port), Near field Communication (NFC), etc. Software and data transferred via the communications interface 518 are in the form of signals which may be electronic, electromagnetic, optical, or other signals capable of being received by the communications interface 518. These signals are provided to the communications interface 518 via a channel 520. The channel 520 may carry signals and may be implemented using a wireless medium, wire or cable, fiber optics, or other communications medium. Some examples of the channel 520 may include a phone line, a cellular phone link, an RF link, a Bluetooth link, a network interface, a local or wide area network, and other communications channels.
[057] The computing system 500 may further include Input/Output (I/O) devices 522. Examples may include, but are not limited to a display, keypad, microphone, audio speakers, vibrating motor, LED lights, etc. The I/O devices 522 may receive input from a user and also display an output of the computation performed by the processor 502. In this document, the terms “computer program product” and “computer-readable medium” may be used generally to refer to media such as, for example, the memory 506, the storage devices 808, the removable storage unit 514, or signal(s) on the channel 520. These and other forms of computer-readable media may be involved in providing one or more sequences of one or more instructions to the processor 502 for execution. Such instructions, generally referred to as “computer program code” (which may be grouped in the form of computer programs or other groupings), when executed, enable the computing system 800 to perform features or functions of embodiments of the present invention.
[058] In an embodiment where the elements are implemented using software, the software may be stored in a computer-readable medium and loaded into the computing system 500 using, for example, the removable storage unit 514, the media drive 510 or the communications interface 518. The control logic (in this example, software instructions or computer program code), when executed by the processor 502, causes the processor 502 to perform the functions of the invention as described herein.
[059] As will be appreciated by those skilled in the art, the techniques described in the various embodiments discussed above are not routine, or conventional, or well understood in the art. The techniques discussed above provide for accessing an edge device. Further, the techniques may provide a unique way of protecting and providing high security for data, and infrastructure in an edge device deployment environment. The techniques may help in reducing the overall cost by minimizing the configuration overheads and application development cost. The techniques further help in making the scaling process easy compliant/safe.
[060] In light of the above-mentioned advantages and the technical advancements provided by the disclosed method and system, the claimed steps as discussed above are not routine, conventional, or well understood in the art, as the claimed steps enable the following solutions to the existing problems in conventional technologies. Further, the claimed steps clearly bring an improvement in the functioning of the device itself as the claimed steps provide a technical solution to a technical problem.
[061] The specification has described method and system for accessing an edge device. The illustrated steps are set out to explain the exemplary embodiments shown, and it should be anticipated that ongoing technological development will change the manner in which particular functions are performed. These examples are presented herein for purposes of illustration, and not limitation. Further, the boundaries of the functional building blocks have been arbitrarily defined herein for the convenience of the description. Alternative boundaries can be defined so long as the specified functions and relationships thereof are appropriately performed. Alternatives (including equivalents, extensions, variations, deviations, etc., of those described herein) will be apparent to persons skilled in the relevant art(s) based on the teachings contained herein. Such alternatives fall within the scope and spirit of the disclosed embodiments.
[062] Furthermore, one or more computer-readable storage media may be utilized in implementing embodiments consistent with the present disclosure. A computer-readable storage medium refers to any type of physical memory on which information or data readable by a processor may be stored. Thus, a computer-readable storage medium may store instructions for execution by one or more processors, including instructions for causing the processor(s) to perform steps or stages consistent with the embodiments described herein. The term “computer-readable medium” should be understood to include tangible items and exclude carrier waves and transient signals, i.e., be non-transitory. Examples include random access memory (RAM), read-only memory (ROM), volatile memory, nonvolatile memory, hard drives, CD ROMs, DVDs, flash drives, disks, and any other known physical storage media.
[063] It is intended that the disclosure and examples be considered as exemplary only, with a true scope and spirit of disclosed embodiments being indicated by the following claims.
CLAIMS
We claim:
1. A method of accessing an edge device, the method comprising:
receiving by a cloud server, an access request from a user device to access a target edge device of a plurality of edge devices, wherein the access request comprises an identity of the target edge device;
sending, by the cloud server, a tunnelling request to the target edge device to create a tunnel between the cloud server and the target edge device;
registering, by the cloud server, the tunnel to the target edge device using a token, wherein the token is randomly generated by the target edge device based on the tunnelling request;
mapping, by the cloud server, the token with a plurality of ports to initiate a connection with the edge device via a port of the plurality of predefined ports;
upon mapping, populating, by the cloud server, an affinity cookie at the target edge device, wherein the target edge device is to send the token and the affinity cookie to the cloud server via the tunnel; and
initiating, by the cloud server, an access session between the user device and the target edge device based on the token and the affinity cookie.
2. The method as claimed in claim 1, wherein the access request is received from the user via a remote services User Interface.
3. The method as claimed in claim 1, further comprising:
authenticating the user device based on user credentials; and
allowing the user device to access the target edge device based on successful authentication.
4. The method as claimed in claim 1, wherein the identity of the target edge device comprises a device serial number and domain name.
5. The method as claimed in claim 1, wherein the plurality of ports is provided by a custom reverse proxy agent.
6. The method as claimed in claim 1, wherein the tunnel is registered using a tunnelling agent.
7. The method as claimed in claim 1, wherein the tunnelling request is sent to the target edge device via a push notification.
8. The method as claimed in claim 1, wherein the access session between the user device and the target edge device is for a predetermined time period.
9. An edge device comprising:
a processor; and
a memory storing a plurality of instructions, wherein the plurality of instructions, upon execution by the processor, cause the processor to:
receive a tunnelling request to create a tunnel between a cloud server and the edge device, in response to the cloud server receiving an access request from a user device to access the edge device, wherein the access request comprises an identity of the edge device;
generate a token based on the tunnelling request to register at the cloud server the tunnel to the edge device, wherein the tunnel is registered using the token, wherein the token is to be mapped with a plurality of predefined ports to initiate a connection between the cloud server and the edge device via a port of the plurality of predefined ports, and wherein, upon mapping, an affinity cookie is populated at the edge device; and
send the token and the affinity cookie to the cloud server via the tunnel, wherein an access session is initiated between the user device and the edge device based on the token and the affinity cookie.
10. The edge device as claimed in claim 9, wherein the access request is received from the user via a remote services User Interface.
11. The edge device as claimed in claim 9, wherein the user device is authenticated based on user credentials, and wherein the user device is authorized to access the edge device based on successful authentication.
12. The edge device as claimed in claim 9, wherein the identity of the edge device comprises a device serial number and domain name.
13. The edge device as claimed in claim 9, wherein the plurality of ports is provided by a custom reverse proxy agent.
14. The edge device as claimed in claim 9, wherein the tunnel in registered using a tunnelling agent.
15. The edge device as claimed in claim 9, wherein the tunnelling request is received by the edge device via a push notification.
16. The edge device as claimed in claim 9, wherein the access session between the user device and the edge device is for a predetermined time period.
Documents
Application Documents
| # | Name | Date |
|---|---|---|
| 1 | 202211000210-STATEMENT OF UNDERTAKING (FORM 3) [03-01-2022(online)].pdf | 2022-01-03 |
| 2 | 202211000210-REQUEST FOR EXAMINATION (FORM-18) [03-01-2022(online)].pdf | 2022-01-03 |
| 3 | 202211000210-REQUEST FOR EARLY PUBLICATION(FORM-9) [03-01-2022(online)].pdf | 2022-01-03 |
| 4 | 202211000210-PROOF OF RIGHT [03-01-2022(online)].pdf | 2022-01-03 |
| 5 | 202211000210-POWER OF AUTHORITY [03-01-2022(online)].pdf | 2022-01-03 |
| 6 | 202211000210-FORM-9 [03-01-2022(online)].pdf | 2022-01-03 |
| 7 | 202211000210-FORM 18 [03-01-2022(online)].pdf | 2022-01-03 |
| 8 | 202211000210-FORM 1 [03-01-2022(online)].pdf | 2022-01-03 |
| 9 | 202211000210-FIGURE OF ABSTRACT [03-01-2022(online)].jpg | 2022-01-03 |
| 10 | 202211000210-DRAWINGS [03-01-2022(online)].pdf | 2022-01-03 |
| 11 | 202211000210-DECLARATION OF INVENTORSHIP (FORM 5) [03-01-2022(online)].pdf | 2022-01-03 |
| 12 | 202211000210-COMPLETE SPECIFICATION [03-01-2022(online)].pdf | 2022-01-03 |
| 13 | 202211000210-FER.pdf | 2022-05-09 |
| 14 | 202211000210-OTHERS [01-11-2022(online)].pdf | 2022-11-01 |
| 15 | 202211000210-FER_SER_REPLY [01-11-2022(online)].pdf | 2022-11-01 |
| 16 | 202211000210-CORRESPONDENCE [01-11-2022(online)].pdf | 2022-11-01 |
| 17 | 202211000210-COMPLETE SPECIFICATION [01-11-2022(online)].pdf | 2022-11-01 |
| 18 | 202211000210-CLAIMS [01-11-2022(online)].pdf | 2022-11-01 |
| 19 | 202211000210-US(14)-HearingNotice-(HearingDate-20-06-2024).pdf | 2024-05-24 |
| 20 | 202211000210-FORM-26 [18-06-2024(online)].pdf | 2024-06-18 |
| 21 | 202211000210-Correspondence to notify the Controller [18-06-2024(online)].pdf | 2024-06-18 |
| 22 | 202211000210-Correspondence to notify the Controller [18-06-2024(online)]-1.pdf | 2024-06-18 |
| 23 | 202211000210-FORM-26 [20-06-2024(online)].pdf | 2024-06-20 |
| 24 | 202211000210-FORM-26 [20-06-2024(online)]-1.pdf | 2024-06-20 |
| 25 | 202211000210-Written submissions and relevant documents [03-07-2024(online)].pdf | 2024-07-03 |
| 26 | 202211000210-FORM-26 [03-07-2024(online)].pdf | 2024-07-03 |
| 27 | 202211000210-PatentCertificate25-09-2024.pdf | 2024-09-25 |
| 28 | 202211000210-IntimationOfGrant25-09-2024.pdf | 2024-09-25 |
Search Strategy
| 1 | searchstrategyE_09-05-2022.pdf |