On-machine communication verification

US 20060095765A1
Filed: 10/29/2004
Published: 05/04/2006
Est. Priority Date: 10/29/2004
Status: Active Grant

First Claim

Patent Images

1. In a computing device, a method of efficiently establishing a secure communication used to receiving information from one or more modules on the computing device by utilizing a shared memory in determining a transport address used to the secure communication, the method including acts of:

generating random data used to identify a transport address of a listener, the transport address used to verify that a connector resides on a computing device;

storing the random data in a secured shared memory accessible by at least the listener and the connector, but inaccessible to modules outside the computing device to maintain the security thereof;

listening for communication activity at the transport address identified by the random data; and

receiving at the transport address information for establishing communication with the connector.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention provides for validating that one or more modules reside on the same machine. When a second module wishes to establish communication with a first module, a shared memory that is accessible by the modules—but inaccessible by modules outside the machine—is used to store random data. The first module listens on a transport address corresponding to the random data for communication activity. The second module retrieves the random data from the shared memory, and then uses this data for determining the appropriate transport address to send information to when establishing the communication with the first module.

Citations

40 Claims

1. In a computing device, a method of efficiently establishing a secure communication used to receiving information from one or more modules on the computing device by utilizing a shared memory in determining a transport address used to the secure communication, the method including acts of:
- generating random data used to identify a transport address of a listener, the transport address used to verify that a connector resides on a computing device;
  
  storing the random data in a secured shared memory accessible by at least the listener and the connector, but inaccessible to modules outside the computing device to maintain the security thereof;
  
  listening for communication activity at the transport address identified by the random data; and
  
  receiving at the transport address information for establishing communication with the connector.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein the random data is one or more of a string, number, uniform resource identifier or name used to uniquely identify the transport address.
  - 3. The method of claim 1, wherein the random data is a number, the method further including acts of:
    - converting the number to one or more of a string, uniform resource identifier or name for uniquely identifying the transport address.
  - 4. The method of claim 1, wherein the information is received via a transport protocol chosen from the list of Named Pipe, TCP/IP, HTTP or UDP.
  - 5. The method of claim 1, wherein the random data is hashed using a hash function that transforms the random data for appropriately identifying the transport address.
  - 6. The method of claim 1, further comprising acts of:
    - generating second random data used to further verify that the connector resides on the computing device; and
      
      storing the second random data in the secured shared memory, wherein the information received for establishing communication with the connector includes data for proving that the connector has knowledge of the second random data.
  - 7. The method of claim 6, further comprising acts of:
    - generating third and fourth random data, wherein the third random data is used to identify a second transport address of the listener;
      
      storing the third and fourth random data in the secured shard memory;
      
      listening for communication activity at the second transport address; and
      
      receiving at the second transport address second information for establishing a second communication with the connector, the second information including data for proving that the connector has knowledge of the third random data.
  - 8. The method of claim 7, wherein after a predetermined period of time, listener discontinues the communication with the connector over the transport address.
  - 9. The method of claim 6, further including acts of:
    - generating third random data, the third random data used to verify that the listener resides on the computing device;
      
      storing the third random data in the shared memory; and
      
      transferring over the established communication to the connector information corresponding to the third random data for proving that the listener generated the third random data.
  - 10. The method of claim 6, wherein the information received at the transport address includes information corresponding to third random data generated by the connector used to verify that the listener resides on the computing device, the method further including an act of:
    - storing the third information in the shared memory for proving that the listener has knowledge of the third random data.

11. In a computing device, a method of efficiently establishing a secure communication for transferring information to a module on the computing device by utilizing a shared memory in determining a transport address used to the secure communication, the method including acts of:
- accessing a secured shared memory accessible by at least a listener and a connector on a computing device, the secured shared-memory inaccessible to modules outside the computing device to maintain the security thereof;
  
  retrieving from the shared memory random data used to identify a transport address of the listener, the transport address used to verify that the connector resides on the computing device; and
  
  sending to the transport address information for establishing communication with the listener.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The method of claim 11, wherein the random data is one or more of a string, number, uniform resource identifier or name used to uniquely identify the transport address.
  - 13. The method of claim 11, wherein the random data is a number, the method further including acts of:
    - converting the number to one or more of a string, uniform resource identifier or name for uniquely identifying the transport address.
  - 14. The method of claim 11, wherein the information is sent via a transport protocol chosen from the list of Named Pipe, TCP/IP, HTTP or UDP.
  - 15. The method of claim 11, wherein the random data is hashed using a hash function that transforms the random data for appropriately identifying the transport address.
  - 16. The method of claim 11, further comprising an act of:
    - retrieving from the secured shared memory second random data used to further verify that the connector resides on the computing device, wherein the information sent to the transport address for establishing communication with the listener includes data for proving that the connector has knowledge of the second random data.
  - 17. The method of claim 16, further comprising acts of:
    - retrieving form the shared memory third and fourth random data, wherein the third random data is used to identify a second transport address of the listener; and
      
      sending to the second transport address second information for establishing a second communication with the listener, the second information including data corresponding to the fourth random data for proving that the connector has knowledge of the fourth random data.
  - 18. The method of claim 17, wherein after a predetermined period of time, connector discontinues the communication with the listener over the transport address.
  - 19. The method of claim 16, further including acts of:
    - generating third random data, wherein the information sent to the transport address for establishing the communication with the listener includes data corresponding to the third random data; and
      
      retrieving from the secured shared memory the data corresponding to the third random data, for verifying that the listener has knowledge of the third random data.
  - 20. The method of claim 16, further including acts of:
    - receiving from the listener data corresponding to third random data generated by the listener, the third random data used to verify that the listener resides on the computing device; and
      
      retrieving from the secured shared memory the data corresponding to the third random data for verifying that the listener has knowledge of the third random data.

21. In a computing device, a method of efficiently establishing a secure communication between two or more modules by utilizing a shared memory to verify that at least one of the two or more modules resides on the computing device, the method including a step for:
- establishing communication between a connector and a listener of a computing device to transfer information to a transport address of the listener, which is used to verify that the connector resides on the computing device, wherein the transport address corresponds to random data maintained in a secure shared memory accessible to at least the listener and connector, but inaccessible to modules outside the computing device.
- View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30)
- - 22. The method of claim 21, wherein the random data is one or more of a string, number, uniform resource identifier or name used to uniquely identify the transport address.
  - 23. The method of claim 22, wherein the random data is hashed using a hash function that transforms the random data for appropriately identifying the transport address.
  - 24. The method of claim 22, wherein the transport protocol is one of a Named Pipe, TCP/IP, HTTP or UDP.
  - 25. The method of claim 21, wherein the random data is a number, the method further including acts of:
    - converting the number to one or more of a string, uniform resource identifier or name for uniquely identifying the transport address.
  - 26. The method of claim 21, further comprising acts of:
    - generating second random data used to further verify that the connector resides on the computing device;
      
      storing the second random data in the secured shared memory;
      
      retrieving from the secured shared memory the second random data, wherein the information sent to and received at the transport address for establishing communication between the listener and connector includes data for proving that the connector has knowledge of the second random data.
  - 27. The method of claim 26, further comprising acts of:
    - generating third and fourth random data, wherein the third random data is used to identify a second transport address of the listener;
      
      storing the third and fourth random data in the secured shard memory;
      
      listening for communication activity at the second transport address;
      
      retrieving from the shared memory the third and fourth random data;
      
      using the third random data to identify the second transport address of the listener;
      
      sending to the second transport address second information for establishing a second communication with the listener, the second information including data corresponding to the fourth random data for proving that the connector has knowledge of the fourth random data;
      
      receiving at the second transport address the second information for establishing a second communication with the connector; and
      
      using the received data corresponding to the fourth random data for further verifying that the connector resides on the computing device.
  - 28. The method of claim 27, wherein after a predetermined period of time, listener discontinues the communication with the connector over the transport address.
  - 29. The method of claim 26, further including acts of:
    - generating third random data, the third random data used to verify that the listener resides on the computing device;
      
      storing the third random data in the shared memory;
      
      transferring over the established communication to the connector information corresponding to the third random data for proving that the listener generated the third random data;
      
      receiving from the listener the data corresponding to the third random data; and
      
      retrieving from the secured shared memory the data corresponding to the third random data to verify that the listener has knowledge of the third random data.
  - 30. The method of claim 26, further including acts of:
    - generating third random data, wherein the information sent to the transport address for establishing the communication with the listener includes data corresponding to the third random data;
      
      storing the third information in the shared memory for proving that the listener has knowledge of the third random data; and
      
      retrieving from the secured shared memory the data corresponding to the third random data for verifying that the listener resides on the computing device.

31. In a computing device, a computer program product for implementing a method of efficiently establishing a secure communication between two or more modules by utilizing a shared memory to verify that at least one of the two or more modules resides on the computing device, the computer program product comprising one or more computer readable media having stored thereon computer executable instructions that, when executed by a processor, can cause the messaging system to perform the following:
- generate random data used to identify a transport address of a listener, the transport address used to verify that a connector resides on a computing device;
  
  store the random data in a secured shared memory accessible by at least the listener and the connector, but inaccessible to modules outside the computing device to maintain the security thereof;
  
  listen for communication activity at the transport address identified by the random data;
  
  retrieve the random data from the shared memory to identify the transport address for sending information to the listener;
  
  send the information to the transport address for establishing communication with the listener; and
  
  receive at the transport address information via a transport protocol for establishing communication with the connector.
- View Dependent Claims (32, 33, 34, 35, 36, 37, 38, 39, 40)
- - 32. The computer program product of claim 31, wherein the random data is one or more of a string, number, uniform resource identifier or name used to uniquely identify the transport address.
  - 33. The computer program product of claim 32, wherein the random data is hashed using a hash function that transforms the random data for appropriately identifying the transport address.
  - 34. The computer program product of claim 31, wherein the random data is a number, the computer program product further comprising computer executable instructions that can cause the messaging system to perform the following:
    - convert the number to one or more of a string, uniform resource identifier or name for uniquely identifying the transport address.
  - 35. The computer program product of claim 31, wherein the transport protocol is one of a Named Pipe, TCP/IP, HTTP or UDP.
  - 36. The computer program product of claim 31, further comprising computer executable instructions that can cause the messaging system to perform the following:
    - generate second random data used to further verify that the connector resides on the computing device;
      
      store the second random data in the secured shared memory;
      
      retrieving from the secured shared memory the second random data, wherein the information sent to and received at the transport address for establishing communication between the listener and connector includes data for proving that the connector has knowledge of the second random data.
  - 37. The computer program product of claim 36, further comprising computer executable instructions that can cause the messaging system to perform the following:
    - generate third and fourth random data, wherein the third random data is used to identify a second transport address of the listener;
      
      store the third and fourth random data in the secured shard memory;
      
      listen for communication activity at the second transport address;
      
      retrieve from the shared memory the third and fourth random data;
      
      use the third random data to identify the second transport address of the listener;
      
      send to the second transport address second information for establishing a second communication with the listener, the second information including data corresponding to the fourth random data for proving that the connector has knowledge of the fourth random data;
      
      receive at the second transport address the second information for establishing a second communication with the connector; and
      
      use the received data corresponding to the fourth random data for further verifying that the connector resides on the computing device.
  - 38. The computer program product of claim 37, wherein after a predetermined period of time, listener discontinues the communication with the connector over the transport address.
  - 39. The computer program product of claim 36, further comprising computer executable instructions that can cause the messaging system to perform the following:
    - generate third random data, the third random data used to verify that the listener resides on the computing device;
      
      store the third random data in the shared memory;
      
      transfer over the established communication to the connector information corresponding to the third random data for proving that the listener generated the third random data;
      
      receive from the listener the data corresponding to the third random data; and
      
      retrieve from the secured shared memory the data corresponding to the third random data to verify that the listener has knowledge of the third random data.
  - 40. The computer program product of claim 36, further comprising computer executable instructions that can cause the messaging system to perform the following;
    - generate third random data, wherein the information sent to the transport address for establishing the communication with the listener includes data corresponding to the third random data;
      
      store the third information in the shared memory for proving that the listener has knowledge of the third random data; and
      
      retrieve from the secured shared memory the data corresponding to the third random data for verifying that the listener resides on the computing device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Pessach, Janiv

Granted Patent

US 7,424,739 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/168
CPC Class Codes

H04L 63/20 for managing network securi...

On-machine communication verification

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

40 Claims

Specification

Solutions

Use Cases

Quick Links

On-machine communication verification

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

40 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links