SECURITY GATEWAY FOR ONLINE CONSOLE-BASED GAMING

US 20080177997A1
Filed: 03/24/2008
Published: 07/24/2008
Est. Priority Date: 06/10/2002
Status: Active Grant

First Claim

Patent Images

1. A method of providing an online service between a private network and a game console, the method comprising:

communicatively coupling a security gateway between the game console and the private network for secure communications;

receiving, from the game console, a request to establish a secure communication channel with the security gateway in order to allow the game console to communicate with one or more servers within the private network configured to provide online services via the security gateway the request includes at least an initiation message an authenticator, and a security ticket the authenticator is encrypted using a first key and the security ticket is encrypted using a second key, and the first key is different than the second key;

authenticating the game console using the security gateway based at least in part on the initiation message and the security ticket received from the game console;

transmitting from the security gateway a response to the request to establish a secure communication channel the response including at least a portion of the initiation message at least a portion of the response authenticating the security gateway to the game console;

establishing one or more security keys to be used by the security gateway and the game console to encrypt information to be sent to one another, the one of more security keys being based on at least portions of the security ticket and the initiation message;

maintaining within the security gateway the one or more security keys as being associated with the game console; and

generating a requested service in response to a request from the game console, wherein the generating of the requested service is abstracted from the authentication performed by the security gateway.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An exemplary implementation of a security gateway for online console-based gaming operates as a gateway between a public network (e.g., the Internet), and a private network (e.g., an internal data center network). The security gateway allows secure communication channels to be established with game consoles via the public network, and allows secure communication between game consoles on the public network and service devices on the private network.

83 Citations

View as Search Results

15 Claims

1. A method of providing an online service between a private network and a game console, the method comprising:
- communicatively coupling a security gateway between the game console and the private network for secure communications;
  
  receiving, from the game console, a request to establish a secure communication channel with the security gateway in order to allow the game console to communicate with one or more servers within the private network configured to provide online services via the security gateway the request includes at least an initiation message an authenticator, and a security ticket the authenticator is encrypted using a first key and the security ticket is encrypted using a second key, and the first key is different than the second key;
  
  authenticating the game console using the security gateway based at least in part on the initiation message and the security ticket received from the game console;
  
  transmitting from the security gateway a response to the request to establish a secure communication channel the response including at least a portion of the initiation message at least a portion of the response authenticating the security gateway to the game console;
  
  establishing one or more security keys to be used by the security gateway and the game console to encrypt information to be sent to one another, the one of more security keys being based on at least portions of the security ticket and the initiation message;
  
  maintaining within the security gateway the one or more security keys as being associated with the game console; and
  
  generating a requested service in response to a request from the game console, wherein the generating of the requested service is abstracted from the authentication performed by the security gateway.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. A method as recited in claim 1, further comprising:
    - receiving at the security gateway a service request from the game console;
      
      decrypting the service request using the security gateway;
      
      forwarding the service request from the security gateway to a corresponding server within the private network;
      
      generating the requested service using the corresponding server in response to the service request from the game console;
      
      transmitting the requested service from the corresponding server to the security gateway;
      
      encrypting the requested service using the security gateway; and
      
      transmitting the encrypted requested service to the game console using the security gateways wherein the generating of the requested service is abstracted from the authentication and encryption performed by the security gateway.
  - 3. A method as recited in claim 1, wherein the request includes an authenticated indication of one or more of a plurality of services that the game console is permitted to access via the security gateway, and wherein the private network includes a plurality of servers, each server being configured to provide at least one of the plurality of services.
  - 4. A method as recited in claim 1, further comprising maintaining, as being associated with the game console, a fully qualified address for the game console, wherein the fully qualified address for the game console comprises one or more of:
    - an Ethernet MAC address of the game console;
      
      a local IP address of the game console;
      
      an IP address and port from which data packets are received from the game console;
      
      a device number of the security gateway;
      
      a Security Parameters Index (SPI) of the secure communication channel; and
      
      an identity of the game console.
  - 5. A method as recited in claim 1, further comprising maintaining, as being associated with the game console, a fully qualified address for the game console, wherein the fully qualified address for the game console comprises:
    - an Ethernet MAC address of the game console;
      
      a local IP address of the game console;
      
      an IP address and port from which data packets are received from the game console;
      
      a device number of the security gateway;
      
      a Security Parameters Index (SPI) of the secure communication channel; and
      
      an identity of the game console.
  - 6. A method as recited in claim 1, further comprising negotiating, with the game console, one or more session parameters describing how communication between the game console and the security gateway should occur.
  - 7. A method as recited in claim 1, wherein the one or more security keys are further to be used by the security gateway and the game console to authenticate information to be received from one another.

8. One or more computer readable media having stored thereon a plurality of instructions that, when executed by one or more processors, causes the one or more processors to:
- receive, from a game console, a request to establish a secure communication channel with a security gateway in order to allow the game console to communicate with a private network that includes one or more servers configured to provide online services to the game console via the security gateway, the request includes at least an initiation message, an authenticator, and a security ticket, the authenticator is encrypted using a first key and the security ticket is encrypted using a second key, and the first key is different than the second key;
  
  authenticate the game console using the security gateway based at least in part on the initiation message and the security ticket received from the game console;
  
  transmit from the security gateway a response to the request to establish a secure communication channel, the response including at least a portion of the initiation message, at least a portion of the response authenticates authenticate the security gateway to the game console;
  
  establish one or more security keys to be used by the security gateway and the game console to authenticate information to be sent to one another, the one of more security keys being based on at least portions of the security ticket and the initiation message; and
  
  maintain within the security gateway the one or more security keys as being associated with the game console, wherein generating a requested service in response to a request from the game console is abstracted from the authentication performed by the security gateway.

9. One or more computer readable media having stored thereon a plurality of instructions that, when executed by one or more processors, causes the one or more processors to:
- establish, for each of a plurality of game consoles, a different security association corresponding to the game console, wherein each security association has one or more related security keys to be used to encrypt data to be communicated to and from the corresponding game console using a security gateway configured between the plurality of game consoles and a private network that includes one or more service devices configured to provide online services to the plurality of game consoles;
  
  maintain, for each of the plurality of game consoles, information related to the security association using the security gateway until the game console is no longer available, wherein the information related to the security association includes the one or more security keys; and
  
  use the maintained information related to the security association corresponding to the game console in communicating data, received from at least one of the service devices, to the game console using the security gateway wherein generation of a requested service by the private network in response to a request from at least one of the game consoles is abstracted from the establishment and maintenance of the security associations performed by the security gateway,wherein at least one security association is established based at least in part on;
  
  a request received from the game console, the request including at least an initiation message, an authenticator, and a security ticket, the authenticator is encrypted using a first key and the security ticket is encrypted using a second key, and the first key is different than the second key;
  
  authenticating the game console using the security gateway based at least in part on the initiation message and the security ticket received from the game console;
  
  transmitting from the security gateway a response to the request to establish a secure communication channel the response including at least a portion of the initiation message, at least a portion of the response authenticating the security gateway to the game console; and
  
  establishing one or more security keys to be used by the security gateway and the game console to encrypt information to be sent to one another, the one of more security keys being based on at least portions of the security ticket and the initiation message.
- View Dependent Claims (10, 11, 12, 13, 14)
- - 10. One or more computer readable media as recited in claim 9, wherein the information related to the security association corresponding to a particular game console includes an authenticated indication of one or more of a plurality of services that the particular game console is permitted to access.
  - 11. One or more computer readable media as recited in claim 9, wherein the information related to the security association corresponding to a particular game console includes one or more of:
    - an Ethernet MAC address of the particular game console;
      
      a local IP address of the particular game console;
      
      an IP address and port from which data packets are received from the particular game console;
      
      a Security Parameters Index (SPI) of the security association; and
      
      an identity of the particular game console.
  - 12. One or more computer readable media as recited in claim 9, further comprising computer executable instructions that, when executed, cause the one or more processors to:
    - receive at the security gateway a service request from the game console;
      
      decrypt the service request using the security gateway;
      
      forward the service request from the security gateway to a corresponding service device within the private network;
      
      generate the requested service using the corresponding service device in response to the service request from the game console;
      
      transmit the requested service from the corresponding service device to the security gateway;
      
      encrypt the requested service using the security gateway; and
      
      transmit the encrypted requested service to the game console using the security gateway, wherein the generation of the requested service is abstracted from the decryption and encryption performed by the security gateway.
  - 13. One or more computer readable media as recited in claim 9, wherein the one or more processors are part of the security gateway.
  - 14. One or more computer readable media as recited in claim 9, wherein the one or more security keys are further to be used to authenticate data to be communicated to and from the corresponding game console.

15. A method comprising:
- communicatively linking a security gateway between a plurality of game consoles and a private network that includes one or more service devices configured to provide online services;
  
  using the security gateway to establish, for each of the plurality of game consoles, a different security association corresponding to the game console, wherein each security association has one or more related security keys to be used to authenticate data to be communicated to and from the corresponding game console via the security gateway;
  
  using the security gateway to maintain, for each of the plurality of game consoles, information related to the security association until the game console is no longer available, wherein the information related to the security association includes the one or more security keys;
  
  using the maintained information related to the security association corresponding to the game console in communicating data, received from at least one of the service devices, to the game console via the security gateway; and
  
  generating a requested service using the private network in response to a request from at least one of the game consoles, wherein the generation of the requested service is abstracted from the establishment and maintenance of the security associations performed by the security gateway,wherein the step of using the security gateway to establish for each of the plurality of game consoles, a different security association corresponding to the game console further comprises;
  
  receiving a request from the game console, the request including at least an initiation message, an authenticator, and a security ticket, the authenticator is encrypted using a first key and the security ticket is encrypted using a second key, and the first key is different than the second key;
  
  authenticating the game console using the security gateway based at least in part on the initiation message, the authenticator, and the security ticket received from the game console;
  
  transmitting from the security gateway a response to the request to establish a secure communication channel, the response including at least a portion of the initiation message, at least a portion of the response authenticating the security gateway to the game console; and
  
  establishing one or more security keys to be used by the security gateway and the game console to encrypt information to be sent to one another, the one of more security keys being based on at least portions of the security ticket and the initiation message.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Danieli, Damon V., Wohlgemuth, Sean Christian, Neustadter, Eric, Multerer, Boyd C., Chen, Ling T., VanAntwerp, Mark D., Morais, Dinarte R., Courage, Michael, Caiafa, Daniel

Granted Patent

US 7,650,495 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/153
CPC Class Codes

H04L 61/00   Network arrangements, proto...

H04L 63/0209   Architectural arrangements,...

H04L 63/0428   wherein the data content is...

H04L 63/12   Applying verification of th...

H04L 67/131   Protocols for games, networ...

SECURITY GATEWAY FOR ONLINE CONSOLE-BASED GAMING

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

83 Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

SECURITY GATEWAY FOR ONLINE CONSOLE-BASED GAMING

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

83 Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links