PLATFORM FOR POLICY-DRIVEN COMMUNICATION AND MANAGEMENT INFRASTRUCTURE

US 20110066841A1
Filed: 09/14/2010
Published: 03/17/2011
Est. Priority Date: 09/14/2009
Status: Abandoned Application

First Claim

Patent Images

1. In a policy-based network management and communication infrastructure, a computer-implemented method of providing one-to-one communication between networked computational devices comprising the steps of:

at least one computational device automatically discovering at least one parent computational device and registering at least its location with said discovered parent computational device to form a discovered hierarchy of computational devices;

a first computational device automatically discovering at least one routing path through said discovered hierarchy to a second computational device; and

said first and second computational devices communicating with each other via said discovered routing path.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A policy-driven communication and management infrastructure may include components such as Agent, Server and Console, policy messages, and Relays to deliver security and system management to networked devices. An Agent resides on a Client, acting as a universal policy engine for delivering multiple management services. Relays, Clients additionally configured to each behave as though they were a root Server, Relaying information to and from other Clients, permit Clients to interact with the root Server through the Relay, enabling information exchange between Client and Server. Such information exchange allows Clients to gather information, such as new policy messages, from the Server, to pass status messages to the Server and to register their network address so that they can be readily located. Automatic Relay selection enables Clients and Relays to select their own parent Relays, thus allowing Clients and Relays to discover new routing paths through the network without administrator input.

143 Citations

View as Search Results

56 Claims

1. In a policy-based network management and communication infrastructure, a computer-implemented method of providing one-to-one communication between networked computational devices comprising the steps of:
- at least one computational device automatically discovering at least one parent computational device and registering at least its location with said discovered parent computational device to form a discovered hierarchy of computational devices;
  
  a first computational device automatically discovering at least one routing path through said discovered hierarchy to a second computational device; and
  
  said first and second computational devices communicating with each other via said discovered routing path.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
- - 2. The method of claim 1, wherein said infrastructure includes at least one of:
    - at least one Root Server;
      
      at least one Console;
      
      zero or more Relays; and
      
      zero or more proxy agents; and
      
      at least one Client.
  - 3. The method of claim 2, wherein said at least one Root Server comprises a computational device programmed to provide a control center and repository for system configuration data, software updates and patches and other management information;
    - wherein said Console comprises an operations control center for administrators that runs from the Server wherein said console includes graphical displays of device, group, and enterprise-wide device status and dashboards for executing management actions through the infrastructure and wherein said Console includes reporting functions and templates that enable graphical and tabular views of infrastructure status;
      
      wherein said at least one Relay comprises a non-dedicated computational device running Relay software as a shared service that acts as a concentration point for Fixlet messages on said infrastructure and reduces network bandwidth requirements for distribution of at least one of software, patches, updates and said Fixlet messages;
      
      wherein said at least one Client comprises an endpoint device in said network executing an Agent, said Agent comprising software that acts as a universal policy engine capable of delivering multiple management services that includes at least one of Client status reporting, patch and software distribution, and security policy enforcement.
  - 4. The method of claim 3, wherein said step of at least one computational device automatically discovering at least one parent computational device and registering at least its location with said discovered parent computational device to form a discovered hierarchy of computational devices comprises the steps of:
    - a Client determining if a Relay is in said Client'"'"'s subnet by pinging Relays having a TTL (time-to-live) of 1 and, responsive to no detection of a Relay, incrementing the TTL value and pinging until at least on Relay is detected;
      
      responsive to detection of a Relay, said Client attempting registration with said detected Relay;
      
      responsive to successful registration with said detected Relay, said Client using said Relay as a parent device;
      
      responsive to unsuccessful registration with said detected Relay, said Client continuing to increment TTL and pinging until a Relay is detected and registration is successful or until TTL is incremented to a predetermined value;
      
      responsive to no Relay being detected, said Client attempting to register with a Failover Relay;
      
      responsive to unsuccessful registration with said Failover Relay, said Client attempting to Register with a Server; and
      
      responsive to unsuccessful registration with said Server, said Client attempting detection of a Relay again after elapse of a predetermined MinRetry period.
  - 5. The method of claim 4, wherein said step of attempting to register with a Failover Relay comprises the steps of:
    - said Client attempting to interact with a Relay;
      
      responsive to a failure of said interaction, said Client saving time of said failure and attempting said interaction a second time;
      
      responsive to said second failure, attempting said interaction after a predetermined ResistFailure time elapses, said ResistFailure time starting at said saved time of Failure;
      
      responsive to a failure following said ResistFailure time expiration, said Client initiating an automatic Relay selection procedure.
  - 6. The method of claim 3, further comprising the step of:
    - said infrastructure providing means for credentialing a Client using a symmetric key pair in order to protect said Client and its parents from snooping attacks;
      
      a Server signing and sending content down said hierarchy to a predetermined Client;
      
      a predetermined Client encrypting and sending content up said hierarchy to a Server;
      
      a predetermined Client signing and sending content to a Server; and
      
      a Server encrypting and sending content down said hierarchy to said predetermined Client;
      
      a first predetermined Client and a second predetermined Client exchanging content that has been one or both of signed and encrypted.
  - 7. The method of claim 6, wherein the step of said infrastructure providing means for credentialing a Client using a symmetric key pair comprises the steps of:
    - a Server generating a private/public key pair and distributing copies of said public key to a plurality of Clients in said network;
      
      a plurality of Clients each generating a public/private key pair and distributing a plurality of copies of said Client generated key to parent devices and peer devices on said network.
  - 8. The method of claim 7, further comprising the steps of:
    - A Server granting a predetermined Client a unique ComputerID and associating said unique ComputerID to said public key generated and distributed by said predetermined Client;
      
      said Client signing content originating from said Client with said private key generated by said predetermined Client;
      
      responsive to a Server receiving said signed content from said predetermined Client, prior to update of said content, said Server verifying that said signed content is signed by a key that matches a public key associated to a ComputerID granted to said predetermined Client.
  - 9. The method of claim 7, further comprising the steps of:
    - a Server looking up a public key associated with a predetermined ComputerID; and
      
      one or both of the steps of;
      
      said Server signing content to be sent to the Client corresponding to said predetermined ComputerID; and
      
      said Server using said public key associated with said predetermined ComputerID to encrypt said signed content for sending to said Client corresponding to said predetermined ComputerID.
  - 10. The method of claim 7, further comprising the steps of;
    - A Client registering with a Server, wherein said Client sends said public key to its Server;
      
      responsive to detection of a cloned key, said Server invalidating a ComputerID associated to said cloned key; and
      
      said Server requiring said Client granted said ComputerID to generate a new key pair.
  - 11. The method of claim 7, further comprising either of the steps of:
    - a first Client and a second Client authenticating content exchanged with each other;
      
      and a Client and a Relay authenticating content exchanged with each other.
  - 12. The method of claim 7, further comprising the step of:
    - a Server sending an encrypted password down said hierarchy to a Client, wherein said Client decrypts said password prior to use.
  - 13. The method of claim 3, wherein said step of either of said first and second computational devices establishing communication with the other of said first and second computational devices via said discovered routing path comprises the step of:
    - said Console connecting to a predetermined Client via one or both of at least one Server and at least one Relay.
  - 14. The method of claim 13, further comprising any of the steps of:
    - establishing a synchronous encrypted tunnel between said Console and said Client;
      
      building a secured channel for asynchronously sending messages to individual Clients from said Console;
      
      creating an on-the-fly VPN (virtual private network);
      
      enabling one or both of file discovery and file sharing over a synchronous connection;
      
      mailboxing passwords over an asynchronous connection;
      
      establishing a remote desktop on a Client from a Console;
      
      remotely debugging Actions;
      
      connecting Users and ComputerIDs to automatically provide privileges to connect to a set of other computers;
      
      synchronously opening a connection to a Client and transferring logs from the Client up to the Console;
      
      routing through the infrastructure into a Relay inside a subnet and then allowing the last leg of communication to take place over an IP address that can directly connect to the target machine; and
      
      establishing a direct connection between a first Client and a second Client.
  - 15. The method of claim 13, further comprising the steps of:
    - routing a broadcast packet from said Console to a target computer in said network in order to wake-up said target computer.
  - 16. The method of claim 15, said step of routing a broadcast packet from said Console to a predetermined computer in said network in order to wake-up said computer comprising at least one of the following steps:
    - said Console using Client MAC (media access control) addresses provided at registration to identify Clients occupying the same subnet as said target Client;
      
      said Console sending at least one message down through said hierarchy to contact at least one Relay that is able to contact said target'"'"'s subnet;
      
      said at least one contacted Relay broadcasting messages to peers of said target, requesting that said target be woken up;
      
      at least one of said peers listening for messages sent out by said Relays and detecting said request messages and said sending wake-up message to said target;
      
      each of said Peers listening for duplicate traffic and suspending broadcast upon detection of said duplicate traffic.
  - 17. The method of claim 16, wherein said step of each of said Peers listening for duplicate traffic and suspending broadcast upon detection of said duplicate traffic comprises the step of:
    - said peers deciding which peer should take precedence over the remaining peers based a unique computer ID and a coalition order for determining precedence.
  - 18. The method of claim 3, wherein said step of either of said first and second computational devices establishing communication with the other of said first and second computational devices via said discovered routing path comprises the steps of:
    - deploying at least one Fixlet message to at least one Client that instructs said at least one Client to trust an arbitrary piece of content to run, so that responsibility for knowing that the content is safe to run is delegated to a trusted piece of software on said at least one Client;
      
      said Client identifying said arbitrary piece of content according to file size and hash;
      
      said Client requesting a Relay to provide said identified piece of content by providing said file size and said hash; and
      
      said Relay mirroring said requested piece of content back down through said hierarchy to said Client.
  - 19. The method of claim 18, further comprising the step of:
    - merging said mirrored content with an Action instructing said Client to run whatever the content tells said Client to run.
  - 20. The method of claim 18, wherein said content comprises dynamic content that changes and is updated frequently so that it is not known at the time of policy creation.
  - 21. The method of claim 20, wherein said dynamic content comprises updates to anti-virus and spyware definitions.
  - 22. The method of claim 18, comprising the steps of:
    - using variables to refer to said content in ActionScripts, wherein said Client is enable to look up dynamic information indirectly and fill it into said variables.
  - 23. The method of claim 20, further comprising the step of determining dependency resolution in order to install various pieces of software in an arbitrary collection of software, at least some items of which depend on other software being installed.
  - 24. The method of claim 20, further comprising the step of providing data in the form of a set of packages to a process on a Client itself that is able to analyze the set of packages, wherein said process produces a list of URLs, hashes, and sizes that need to be downloaded for the particular machine in order for it to update to a new version of a package.
  - 25. The method of claim 24, wherein any request to download from a URL that is not explicitly authorized is checked against a white-list of URLs and must meet at least one of the criteria specified in said white-list.

26. A platform for providing one-to-one communication between networked computational devices in a policy-based network management and communication infrastructure, comprising:
- at least one computational device programmed for automatically discovering at least one parent computational device and registering at least its location with said discovered parent computational device to form a discovered hierarchy of computational devices;
  
  a first computational device programmed for automatically discovering at least one routing path through said discovered hierarchy to a second computational device; and
  
  said first and second computational devices programmed for establishing communication with the other of said first and second computational devices via said discovered routing path.
- View Dependent Claims (27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 43, 44, 45, 46, 47, 48, 49, 50)
- - 27. The platform of claim 26, wherein said infrastructure includes at least one of:
    - at least one Root Server;
      
      at least one Console;
      
      at least one Relay; and
      
      at least one Client.
  - 28. The platform of claim 27, wherein said at least one Root Server comprises a computational device programmed to provide a control center and repository for system configuration data, software updates and patches and other management information;
    - wherein said Console comprises an operations control center for administrators that runs from the Server wherein said console includes graphical displays of device, group, and enterprise-wide device status and dashboards for executing management actions through the infrastructure and wherein said Console includes reporting functions and templates that enable graphical and tabular views of infrastructure status;
      
      wherein said at least one Relay comprises a non-dedicated computational device running Relay software as a shared service that acts as a concentration point for Fixlet messages on said infrastructure and reduces network bandwidth requirements for distribution of at least one of software, patches, updates and said Fixlet messages;
      
      wherein said at least one Client comprises an endpoint device in said network executing an Agent, said Agent comprising software that acts as a universal policy engine capable of delivering multiple management services that includes at least one of Client status reporting, patch and software distribution, and security policy enforcement.
  - 29. The platform of claim 28, wherein said at least one computational device programmed for automatically discovering at least one parent computational device and registering at least its location with said discovered parent computational device to form a discovered hierarchy of computational devices comprises:
    - a Client programmed for determining if a Relay is in said Client'"'"'s subnet by pinging Relays having a TTL (time-to-live) of 1 and, responsive to no detection of a Relay, incrementing the TTL value and pinging until at least on Relay is detected;
      
      responsive to detection of a Relay, said Client programmed for attempting registration with said detected Relay;
      
      responsive to successful registration with said detected Relay, said Client programmed for using said Relay as a parent device;
      
      responsive to unsuccessful registration with said detected Relay, said Client programmed for continuing to increment TTL and pinging until a Relay is detected and registration is successful or until TTL is incremented to a predetermined value;
      
      responsive to no Relay being detected, said Client programmed for attempting to register with a Failover Relay;
      
      responsive to unsuccessful registration with said Failover Relay, said Client programmed for attempting to Register with a Server;
      
      responsive to unsuccessful registration with said Server, said Client programmed for attempting detection of a Relay again after elapse of a predetermined MinRetry period.
  - 30. The method of claim 29, wherein said Client programmed for attempting to register with a Failover Relay comprisessaid Client programmed for attempting to interact with a Relay;
    - said Client programmed for, responsive to a failure of said interaction, saving time of said failure and attempting said interaction a second time;
      
      said Client programmed for, responsive to said second failure, attempting said interaction after a predetermined ResistFailure time elapses, said ResistFailure time starting at said saved time of Failure;
      
      said Client programmed for, responsive to a failure following said ResistFailure time expiration, initiating an automatic Relay selection procedure.
  - 31. The platform of claim 28, further comprising:
    - at least one computational device programmed for credentialing a Client using a symmetric key pair in order to protect said Client and its parents from snooping attacks;
      
      a Server programmed for signing and sending content down said hierarchy to a predetermined Client;
      
      a predetermined Client programmed for encrypting and sending content up said hierarchy to a Server;
      
      a predetermined Client programmed for signing and sending content to a Server; and
      
      a Server programmed for encrypting and sending content down said hierarchy to said predetermined Client;
      
      a first predetermined Client and a second predetermined Client programmed for exchanging content that has been one or both of signed and encrypted.
  - 32. The platform of claim 31, wherein said at least one computational device programmed for credentialing a Client using a symmetric key pair comprises;
    - a Server programmed for generating a private/public key pair and distributing copies of said public key to a plurality of Clients in said network;
      
      a plurality of Clients each programmed for generating a public/private key pair and distributing a plurality of copies of said Client generated key to parent devices and peer devices on said network.
  - 33. The platform of claim 32, further comprising:
    - a Server programmed for granting a predetermined Client a unique ComputerID and associating said unique ComputerID to said public key generated and distributed by said predetermined Client;
      
      said Client programmed for signing content originating from said Client with said private key generated by said predetermined Client;
      
      a Server programmed for verifying that said signed content is signed by a key that matches a public key associated to a ComputerID granted to said predetermined Client responsive to said Server receiving said signed content from said predetermined Client, prior to update of said content.
  - 34. The platform of claim 32, further comprising:
    - a Server programmed for looking up a public key associated with a predetermined ComputerID; and
      
      one or both of the steps of;
      
      said Server programmed for signing content to be sent to the Client corresponding to said predetermined ComputerID; and
      
      said Server programmed for using said public key associated with said predetermined ComputerID to encrypt said signed content for sending to said Client corresponding to said predetermined ComputerID.
  - 35. The platform of claim 32, further comprising:
    - a Client programmed for registering with a Server, wherein said Client sends said public key to its Server;
      
      said Server for invalidating a ComputerID associated to a cloned key, responsive to detection of said cloned key, andsaid Server programmed for requiring said Client granted said ComputerID to generate a new key pair.
  - 36. The platform of claim 32, further comprising either of:
    - a first Client and a second Client programmed for authenticating content exchanged with each other;
      
      and a Client and a Relay programmed for authenticating content exchanged with each other.
  - 37. The platform of claim 32, further comprising a Server programmed for sending an encrypted password down said hierarchy to a Client, wherein said Client is programmed for decrypting said password prior to use.
  - 38. The platform of claim 28, wherein either of said first and second computational devices being programmed for establishing communication with the other via said discovered routing path comprise:
    - said Console programmed for connecting to a predetermined Client via one or both of at least one Server and at least one Relay.
  - 39. The platform of claim 38, further comprising any of:
    - a computational device programmed for establishing a synchronous encrypted tunnel between said Console and said Client;
      
      a computational device programmed for building a secured channel for asynchronously sending messages to individual Clients from said Console;
      
      a computational device programmed for creating an on-the-fly VPN (virtual private network);
      
      a computational device programmed for enabling one or both of file discovery and file sharing over a synchronous connection;
      
      a computational device programmed for mailboxing passwords over an asynchronous connection;
      
      a computational device programmed for establishing a remote desktop on a Client from a Console;
      
      a computational device programmed for remotely debugging Actions;
      
      a computational device programmed for connecting Users and ComputerIDs to automatically provide privileges to connect to a set of other computers;
      
      a computational device programmed for synchronously opening a connection to a Client and transferring logs from the Client up to the Console;
      
      a computational device programmed for routing through the infrastructure into a Relay inside a subnet and then allowing the last leg of communication to take place over an IP address that can directly connect to the target machine; and
      
      a computational device programmed for establishing a direct connection between a first Client and a second Client.
  - 40. The platform of claim 38, further comprising:
    - a computational device programmed for routing a broadcast packet from said Console to a target computer in said network in order to wake-up said target computer.
  - 43. The platform of claim 28, wherein said first and second computational devices programmed for establishing communication with the other of said first and second computational devices via said discovered routing path are programmed for:
    - deploying at least one Fixlet message to at least one Client that instructs said at least one Client to trust an arbitrary piece of content to run, so that responsibility for knowing that the content is safe to run is delegated to a trusted piece of software on said at least one Client;
      
      said Client identifying said arbitrary piece of content according to file size and hash;
      
      said Client requesting a Relay to provide said identified piece of content by providing said file size and said hash; and
      
      said Relay mirroring said requested piece of content back down through said hierarchy to said Client.
  - 44. The platform of claim 43, further comprising a computational device programmed for merging said mirrored content with an Action instructing said Client to run whatever the content tells said Client to run.
  - 45. The platform of claim 43, wherein said content comprises dynamic content that changes and is updated frequently so that it is not known at the time of policy creation.
  - 46. The platform of claim 45, wherein said dynamic content comprises updates to anti-virus and spyware definitions.
  - 47. The platform of claim 43, further comprising a computational device programmed for:
    - using variables to refer to said content in ActionScripts, wherein said Client is enable to look up dynamic information indirectly and fill it into said variables.
  - 48. The platform of claim 45, further comprising a computational device programmed for determining dependency resolution in order to install various pieces of software in an arbitrary collection of software, at least some items of which depend on other software being installed.
  - 49. The platform of claim 45, further comprising a computational device programmed for providing data in the form of a set of packages to a process on a Client itself that is able to analyze the set of packages, wherein said process produces a list of URLs, hashes, and sizes that need to be downloaded for the particular machine in order for it to update to a new version of a package.
  - 50. The platform of claim 49, wherein any request to download from a URL that is not explicitly authorized is checked against a white-list of URLs and must meet at least one of the criteria specified in said white-list.

41. The platform of claim 41, said computational device programmed for routing a broadcast packet from said Console to a predetermined computer in said network in order to wake-up said computer comprising at least one of the following:
- said Console programmed for using Client MAC (media access control) addresses provided at registration to identify Clients occupying the same subnet as said target Client;
  
  said Console programmed for sending at least one message down through said hierarchy to contact at least one Relay that is able to contact said target'"'"'s subnet;
  
  said at least one contacted Relay programmed for broadcasting messages to peers of said target, requesting that said target be woken up;
  
  at least one of said peers programmed for listening for messages sent out by said Relays and detecting said request messages and said sending wake-up message to said target;
  
  each of said Peers programmed for listening for duplicate traffic and suspending broadcast upon detection of said duplicate traffic.
- View Dependent Claims (42)
- - 42. The platform of claim 41, wherein each of said peers programmed for listening for duplicate traffic and suspending broadcast upon detection of said duplicate traffic are programmed for:
    - deciding which peer should take precedence over the remaining peers based a unique computer ID and a coalition order for determining precedence.

51. In a platform providing one-to-one communication between networked computational devices, a method for at least one computational device to automatically discover at least one parent computational device comprising the steps of:
- a Client determining if a Relay is in said Client'"'"'s subnet by pinging Relays having a TTL (time-to-live) of 1 and, responsive to no detection of a Relay, incrementing the TTL value and pinging until at least on Relay is detected;
  
  responsive to detection of a Relay, said Client attempting registration with said detected Relay;
  
  responsive to successful registration with said detected Relay, said Client using said Relay as a parent device;
  
  responsive to unsuccessful registration with said detected Relay, said Client continuing to increment TTL and pinging until a Relay is detected and registration is successful or until TTL is incremented to a predetermined value;
  
  responsive to no Relay being detected, said Client attempting to register with a Failover Relay;
  
  responsive to unsuccessful registration with said Failover Relay, said Client attempting to Register with a Server; and
  
  responsive to unsuccessful registration with said Server, said Client attempting detection of a Relay again after elapse of a predetermined MinRetry period.

52. A computer program product method for at least one computational device to automatically discover at least one parent computational device in a platform for providing one-to-one communication between networked computational devices, comprising a tangible computer-readable storage medium having embodied thereon computer-readable instructions for:
- a Client determining if a Relay is in said Client'"'"'s subnet by pinging Relays having a TTL (time-to-live) of 1 and, responsive to no detection of a Relay, incrementing the TTL value and pinging until at least on Relay is detected;
  
  responsive to detection of a Relay, said Client attempting registration with said detected Relay;
  
  responsive to successful registration with said detected Relay, said Client using said Relay as a parent device;
  
  responsive to unsuccessful registration with said detected Relay, said Client continuing to increment TTL and pinging until a Relay is detected and registration is successful or until TTL is incremented to a predetermined value;
  
  responsive to no Relay being detected, said Client attempting to register with a Failover Relay;
  
  responsive to unsuccessful registration with said Failover Relay, said Client attempting to Register with a Server; and
  
  responsive to unsuccessful registration with said Server, said Client attempting detection of a Relay again after elapse of a predetermined MinRetry period.

53. In a platform providing one-to-one communication between networked computational devices, a method for credentialing a Client using a symmetric key pair in order to protect said Client and its parents from snooping attacks comprising the steps of:
- a Server signing and sending content down said hierarchy to a predetermined Client;
  
  a predetermined Client encrypting and sending content up said hierarchy to a Server;
  
  a predetermined Client signing and sending content to a Server; and
  
  a Server encrypting and sending content down said hierarchy to said predetermined Client;
  
  a first predetermined Client and a second predetermined Client exchanging content that has been one or both of signed and encrypted.

54. A computer program product for credentialing a Client using a symmetric key pair in order to protect said Client and its parents from snooping attacks in a platform providing one-to-one communication between networked computational devices, comprising a tangible computer-readable storage medium having embodied thereon computer-readable instructions for:
- a Server signing and sending content down said hierarchy to a predetermined Client;
  
  a predetermined Client encrypting and sending content up said hierarchy to a Server;
  
  a predetermined Client signing and sending content to a Server; and
  
  a Server encrypting and sending content down said hierarchy to said predetermined Client;
  
  a first predetermined Client and a second predetermined Client exchanging content that has been one or both of signed and encrypted.

55. In a platform providing one-to-one communication between networked computational devices, a method for either of first and second computational devices establishing communication with the other via a discovered routing path comprises the steps of;
- deploying at least one Fixlet message to at least one Client that instructs said at least one Client to trust an arbitrary piece of content to run, so that responsibility for knowing that the content is safe to run is delegated to a trusted piece of software on said at least one Client;
  
  said Client identifying said arbitrary piece of content according to file size and hash;
  
  said Client requesting a Relay to provide said identified piece of content by providing said file size and said hash; and
  
  said Relay mirroring said requested piece of content back down through said hierarchy to said Client.

56. A computer program product for first and second computational devices establishing communication with each other via a discovered routing path in a platform providing one-to-one communication between networked computational devices, comprising a tangible computer-readable storage medium having embodied thereon computer-readable instructions for:
- deploying at least one Fixlet message to at least one Client that instructs said at least one Client to trust an arbitrary piece of content to run, so that responsibility for knowing that the content is safe to run is delegated to a trusted piece of software on said at least one Client;
  
  said Client identifying said arbitrary piece of content according to file size and hash;
  
  said Client requesting a Relay to provide said identified piece of content by providing said file size and said hash; and
  
  said Relay mirroring said requested piece of content back down through said hierarchy to said Client.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Firebaugh, John Edward, Shih-Shuo Fan, Jonathan, Kus, Benjamin John, Spiegel, Jeremy Scott, Ward-Karet, Jesse, Loer, Peter Benjamin, Toto, Gregory Mitchell, Williams, Amrit Tsering, Loer, Christopher Jacob, GOODROW, Dennis Sidney

Application Number

US12/881,995
Publication Number

US 20110066841A1
Time in Patent Office

Days
Field of Search
US Class Current

713/150
CPC Class Codes

H04L 12/12   Arrangements for remote con...

H04L 43/0894   Packet rate

H04L 43/106   using time related informat...

H04L 45/122   by minimising distances, e....

H04L 45/64   using an overlay routing layer

H04L 47/25   with rate being modified by...

PLATFORM FOR POLICY-DRIVEN COMMUNICATION AND MANAGEMENT INFRASTRUCTURE

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

143 Citations

56 Claims

Specification

Solutions

Use Cases

Quick Links

PLATFORM FOR POLICY-DRIVEN COMMUNICATION AND MANAGEMENT INFRASTRUCTURE

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

143 Citations

56 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links