Hybrid system architecture for secure peer-to-peer-communications
First Claim
1. A system for providing peer-to-peer communication services via a data network, comprising:
- a plurality of peer devices, each peer device having a user interface and a network interface for enabling communications over the data network;
a peer server, coupled for data communication via the data network, for providing session establishment services for the peer devices;
at least a respective one of the peer devices having a programmable controller and program storage;
a peer client program in the program storage, execution of the peer client program by the programmable controller causing the respective one of the peer devices to conduct signaling communications with the peer server via the data network and to conduct a peer-to-peer communication in a session with an other one of the peer devices via the data network; and
a web server, coupled for data communication via the data network, for providing a web page interface for a browser implemented by one of the peer devices lacking a peer client program and for providing a proxy peer client program for use by the peer device lacking a peer client program, to enable signaling communications via the data network with the peer server and a peer-to-peer communication with an other one of the peer devices via the data network.
5 Assignments
0 Petitions
Accused Products
Abstract
The disclosed hybrid architecture provides secure peer-to-peer communication between devices such as computers, wireless devices, personal digital assistants (PDAs), web enabled phones or the like. This architecture includes a server or Peer Switch, which acts as an intermediary to facilitate the session and provide authentication to ensure system security. In some cases it may also provide the capability necessary to traverse firewalls and deal with proxies and other obstacles to peer-to-peer communications. The hybrid architecture allows centralized administration and policy management of authentication, obstacle transversal and security methods, to ensure the overall system integrity required by business systems. Typical peer user devices implement peer client programming, for signaling communication with the server and for peer-to-peer communications with other peer devices. A web server may also provide access via standard browsers, for users having devices lacking the peer client software.
-
Citations
46 Claims
-
1. A system for providing peer-to-peer communication services via a data network, comprising:
-
a plurality of peer devices, each peer device having a user interface and a network interface for enabling communications over the data network;
a peer server, coupled for data communication via the data network, for providing session establishment services for the peer devices;
at least a respective one of the peer devices having a programmable controller and program storage;
a peer client program in the program storage, execution of the peer client program by the programmable controller causing the respective one of the peer devices to conduct signaling communications with the peer server via the data network and to conduct a peer-to-peer communication in a session with an other one of the peer devices via the data network; and
a web server, coupled for data communication via the data network, for providing a web page interface for a browser implemented by one of the peer devices lacking a peer client program and for providing a proxy peer client program for use by the peer device lacking a peer client program, to enable signaling communications via the data network with the peer server and a peer-to-peer communication with an other one of the peer devices via the data network. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A system for providing peer-to-peer communication services via a data network, comprising:
-
a plurality of peer devices, each peer device having a user interface and a network interface for enabling communications over the data network;
a peer server, coupled for data communication via the data network, for providing session establishment services the peer devices, of users grouped together as members in a plurality of communities;
at least a respective one of the peer devices of a member in an identified community having a programmable controller and program storage; and
a peer client program in the program storage, execution of the peer client program by the programmable controller causing the respective one of the peer devices to conduct signaling communications via the data network with the peer server to establish a communication session with a peer device of a member in the identified community, and to conduct a peer-to-peer communication with the peer device of the peer member in the identified community via the data network. - View Dependent Claims (14, 16)
-
-
15. The system as in claim 15, wherein the session establishment services provided by the peer server include presence mapping regarding peer devices of members of the respective ones of the communities.
-
17. A program product, comprising executable code transportable by at least one machine readable medium, wherein execution of the code by a programmable user device causes the programmable user device to perform signaling communications via a data network with a peer server and peer-to-peer communications via the data network with another user device, the executable code comprising:
-
a peer service manager routine for managing accessing of local information on the programmable user device for sharing via the peer-to-peer communications, and for handling network connections for the signaling communications and for the peer-to-peer communications; and
;
a peer service user interface program acting as a front-end for the peer service manager routine and controlling input and output of information via one or more user interface components of the programmable user device. - View Dependent Claims (18, 19, 20)
-
-
21. A program product, comprising executable code transportable by at least one machine readable medium, wherein execution of the code by a programmable user device causes the programmable user device to perform signaling communications via a data network with a peer server and peer-to-peer communications via the data network with another user device, the executable code comprising:
-
a peer service manager routine for managing accessing of local information on the programmable user device for peer-to-peer communications, and for handling network connections for the signaling communications and the peer-to-peer communications; and
;
a peer mail service user interface program acting as a front-end for the peer service manager routine and controlling user input and output operations to enable peer-to-peer e-mail exchange via the peer service manager routine and the peer-to-peer communications. - View Dependent Claims (22, 23, 24)
-
-
25. A peer server, comprising:
-
a programmable server computer comprising data and program storage, a central processing unit for execution of programming from the storage, and an interface for communication via a data communication network;
a peer service application resident in the storage; and
a database of peer information maintained in the storage, wherein;
the database identifies peer users and shared data items that the peer users make available for sharing with other peer users, and the peer service application causes the programmable server computer to authenticate users, as peer users log in with the server, and to dynamically maintain information in the database, as the peer users log in and out with the server from respective peer devices and modify information regarding data items available for sharing among the peer users. - View Dependent Claims (26, 27, 28, 29, 30, 31)
-
-
32. A peer service web server, comprising:
-
a programmable server computer comprising program storage, a central processing unit for execution of programming from the storage, and an interface for communication via a data communication network;
a web server program in the program storage, execution of the web server program by the central processing unit causing the programmable server computer to provide browser interaction with user devices via the data network;
a shared proxy peer client application program in the program storage, execution of the peer client application program by the central processing unit causing the programmable server computer to interface through the web server program to provide a peer service user interface via browser interaction with a plurality of the user devices; and
a peer manager routine in the program storage, execution of the peer manager routine by the central processing unit causing the programmable server computer to manage network connections for signaling communications with a peer service server functionality and peer-to-peer communications with remote computing devices for peer user devices accessing the peer service web server via the browser interaction. - View Dependent Claims (33)
-
-
34. A peer user device comprising:
-
a programmable computing device comprising program storage, a central processing unit for execution of programming from the storage, an interface for communication via a data communication network, and one or more elements providing an interface for user input and output;
a peer service manager routine in the program storage, for managing accessing of local information on the programmable computing device for peer-to-peer communications through the network, and for handling network connections for the signaling communications with a server and for the peer-to-peer communications; and
;
a peer service user interface program in the program storage, acting as a front-end for the peer service manager routine to enable peer-to-peer communications and associated user input and output. - View Dependent Claims (35, 36, 37, 38, 39, 40)
-
-
41. A method of establishing a desired connection for a peer-to-peer communication session through a data network between an originating peer device and an intended destination peer device, wherein at least the intended destination peer device is behind a firewall, the method comprising:
-
establishing communication through the network, from each of the peer devices to a broker device;
communicating a request for a desired connection with the intended destination peer device, from the originating peer device to the broker device through the network, the request for connection including session related data assigned by the originating peer device;
sending a request to establish connection, from the broker device to the intended destination peer device through the network, the request to establish connection containing the session related data assigned by the originating peer device;
responsive to the receipt of the request to establish connection, sending an acceptance from the intended destination peer device to the broker device, the acceptance including session related data assigned by the intended destination peer device;
sending an acknowledgment of the request for the desired connection, to the originating peer device from the broker device, the acknowledgment of the request for the desired connection containing the session related data assigned by the intended destination peer device;
sending an initial session packet of the desired connection with the intended destination peer device through the data network from the originating peer device, so that the broker device receives the initial session packet from the originating peer device;
sending an initial session packet of the desired connection through the data network from the intended destination peer device, so that the broker device receives the initial session packet from the intended destination peer device;
formulating an acknowledgement of the initial session packet from the originating peer device, based on information from the initial session packet received from the intended destination peer device;
transmitting the acknowledgement of the initial session packet from the originating peer device, through the network from the broker device to the originating peer device;
formulating an acknowledgement of the initial session packet from the intended destination peer device, based on information from the initial session packet received from the originating peer device;
transmitting the acknowledgement of the initial session packet from the intended destination peer device, through the network from the broker device to the intended destination peer device;
conducting peer-to-peer communications through the network, between the originating peer device and the intended destination peer device, responsive to the acknowledgements of the initial session packets sent by the broker computer. - View Dependent Claims (42, 43)
-
-
44. A method of establishing a desired connection for a peer-to-peer communication session through a network between an originating peer device and an intended destination peer device, wherein each peer device is behind a proxy server, the method comprising:
-
sending a request for a connection through the network from the originating peer device to a broker server;
generating two random values;
supplying the random values from the broker server to a peer proxy;
sending a first one of the random values through the network from the broker server to the originating peer device;
sending a second one of the random values through the network from the broker server to the intended destination peer device;
initiating a first connection, across a first proxy server, from the originating peer device to the peer proxy;
sending the first random value via the first connection to the peer proxy;
initiating a second connection, across a second proxy server, from the intended destination peer device to the peer proxy;
sending the second random value via the second connection to the peer proxy;
upon receipt of the first and second random values from the originating peer device and the intended destination peer device, enabling communications between the first and second connections. - View Dependent Claims (45, 46)
-
Specification