Secure federation of data communications networks
First Claim
1. A method performed by an edge proxy server for federating a network in a direct federation mode, comprising:
- receiving an indication of authorized entities;
receiving a message;
verifying that the message was sent by an authorized and authenticated entity; and
after verifying that the message was sent by an authorized and authenticated entity, determining a next hop for the message; and
forwarding the message to the next hop.
2 Assignments
0 Petitions
Accused Products
Abstract
Techniques for secure federation of data communications networks are provided. The techniques employ an edge proxy server to route messages depending on a federation mode. In Direct federation mode, an edge proxy server of a network is configured to exchange messages with a specified set of entities, such as other networks, servers, other devices, or users. In Automatic federation mode, an edge proxy server may accept all incoming messages from entities that have a valid certificate. In Clearinghouse federation mode, the edge proxy server forwards all outgoing messages to a specified, trusted clearinghouse server.
-
Citations
40 Claims
-
1. A method performed by an edge proxy server for federating a network in a direct federation mode, comprising:
-
receiving an indication of authorized entities;
receiving a message;
verifying that the message was sent by an authorized and authenticated entity; and
after verifying that the message was sent by an authorized and authenticated entity, determining a next hop for the message; and
forwarding the message to the next hop. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method performed by an edge proxy server for federating a network in an automatic federation mode, comprising:
-
receiving a message;
verifying that the message was sent by an authenticated entity;
determining whether a certificate indicated in a header field of the received message appears in a list of revoked certificates; and
when the received message is an incoming message, verifying that a uniform resource identifier indicated for a sender of the message matches a domain from which the message was received; and
when the received message is an outgoing message, querying a domain name service. - View Dependent Claims (11)
-
-
12. A method performed by an edge proxy server for federating a network in a clearinghouse federation mode, comprising:
-
receiving a message;
forwarding the received message to a recipient specified in the message; and
establishing a session directly between a sender of the received message and a recipient of the received message. - View Dependent Claims (13, 14)
-
-
15. An edge proxy server system for federating a network, comprising:
-
a component that receives an indication of a federation mode for the proxy server;
a component that receives a message;
a component that authenticates a sender of the received message based on the indicated federation mode; and
a component that handles the message based on the indicated federation mode and whether the sender of the received message is authenticated. - View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33)
-
-
34. A computer-readable medium having computer-executable instructions for performing steps, comprising:
-
receiving an indication of authorized entities;
receiving a message;
determining whether an entity that sent the message is authorized; and
when the entity that sent the message is authorized, authenticating the authorized entity, wherein the authenticating includes determining whether the message was received on a valid connection; and
when the authorized entity is authenticated, determining a next hop for the message; and
forwarding the message to the next hop. - View Dependent Claims (35)
-
-
36. An edge proxy server for federating a network, comprising:
-
means for establishing sessions with computing devices;
means for authorizing the computing devices;
means for validating messages from or to the computing devices;
means for determining a destination for the validated messages;
means for routing the messages to the determined destination. - View Dependent Claims (37, 38, 39, 40)
-
Specification