Firewall tunneling and security service

US 7,346,925 B2
Filed: 12/11/2003
Issued: 03/18/2008
Est. Priority Date: 12/11/2003
Status: Expired due to Fees

First Claim

Patent Images

1. A system that facilitates data sharing, comprising:

a request component that receives a request to access data stored behind a firewall;

an authorization component that verifies if the request is associated with a key that permits access to the data;

a permissions component that determines one or more levels of access permitted to entities outside the firewall including a complete access level and a plurality of limited access levels; and

a classifier that automatically performs load balancing of the data sharing process, learning a level of access of the requestor, determining levels of priority for scheduling the sharing of the data, and analyzing content of the data to determine permission levels.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A data-sharing scheme between entities disposed behind respective firewalls. A sharer of the data subscribes to a public service that enables a secure connection (similar to a peer-to-peer network) between at least one requestor and the data sharer. By subscribing, the sharer provides information to the service that enables the service to generate a private key. When the request is received from the requestor, the service retrieves the corresponding private key, authenticates the requestor, and transmits the key to the requestor thereby facilitating a secure tunnel for communicating the shared data. The requestor can then access the data directly from the sharer without the need for copying or moving the shared data to a server outside the firewall or for emailing.

88 Citations

View as Search Results

32 Claims

1. A system that facilitates data sharing, comprising:
- a request component that receives a request to access data stored behind a firewall;
  
  an authorization component that verifies if the request is associated with a key that permits access to the data;
  
  a permissions component that determines one or more levels of access permitted to entities outside the firewall including a complete access level and a plurality of limited access levels; and
  
  a classifier that automatically performs load balancing of the data sharing process, learning a level of access of the requestor, determining levels of priority for scheduling the sharing of the data, and analyzing content of the data to determine permission levels.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The system of claim 1, further comprising a communications component that establishes a secure tunnel to a requestor of the data.
  - 3. The system of claim 2, the data communicated through the tunnel is encrypted.
  - 4. The system of claim 2, the communications component only permits access to the particular data.
  - 5. The system of claim 2, the communications component only permits uni-directional flow of the data after the request is processed.
  - 6. The system of claim 1 provides for authorizing storage of the data from outside to behind the firewall.
  - 7. The system of claim 1, the request is received from a requestor located behind a requestor firewall, wherein a secure tunnel is created and extended from the data behind the firewall through the requestor firewall to the requestor.
  - 8. A computer system that includes a computer readable medium having stored thereon the components of claim 1.
  - 9. A computer readable medium having stored thereon computer executable instructions for carrying out the system of claim 1.
  - 10. The system of claim 1, the data is shared based upon at least one of a location identification (ID), a personal ID, a globally unique ID, and a uniform resource identifier.

11. A system that facilitates the sharing of data, comprising:
- a request component that receives a request from a requestor to access data stored behind a firewall;
  
  a communications component that establishes a secure tunnel from the data to the requestor of the data; and
  
  a classifier that automatically performs load balancing of the data sharing process, learning a level of access of the requestor, determining levels of priority for scheduling the sharing of the data, and analyzing content of the data to determine permission levels.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The system of claim 11, further comprising a permissions component that determines one or more levels of access permitted to entities outside the firewall, the one or more levels of access include a complete access level and a plurality of limited access levels.
  - 13. The system of claim 11, the request is used to determine the location of the data.
  - 14. The system of claim 11 is in the form of a service that is at least one of local to the data and remote from the data.
  - 15. The system of claim 11, at least one of a sharer of the data and the requestor opens a Transmission Control Protocol (TCP) connection to the system via HyperText Transfer Protocol (HTTP)-based proxy.
  - 16. The system of claim 11, further comprising an authorization component that uses the request to determine a location of the data.
  - 17. The system of claim 11 determines that both the requestor and a sharer of the data are online and authenticated before establishing the secure tunnel therebetween.
  - 18. The system of claim 17 monitors the sharing of the data, and shuts down the secure tunnel after the data sharing has completed.
  - 19. The system of claim 17, further comprising a cache that facilitates expeditious data transfer and request processing.
  - 20. The system of claim 11, the data includes a class of different data files.

21. A method that facilitates data sharing, comprising:
- receiving a request from a requestor to access data of a sharer stored behind a firewall;
  
  verifying if the request is associated with a key that permits access to the data;
  
  determining one or more levels of access for the requestor;
  
  establishing a secure tunnel between a sharer of the data and the requestor; and
  
  transmitting rules data with the shared data such that the shared data can be manipulated only in conformity with the rules data.
- View Dependent Claims (22, 23, 24)
- - 22. The method of claim 21, further comprising monitoring the status of the secure tunnel with a monitor file such that the tunnel is closed based on the monitor file, which file is independent of an overseeing service.
  - 23. The method of claim 21, further comprising creating a mirror of the data at the requestor for at least the purpose of collaboration where the data is edited.
  - 24. The method of claim 23, the sharer receives the edited data and at least one of overwrites the data and creates a new version thereof.

25. A system that facilitates data sharing, comprising:
- means for receiving a plurality of requests from at least one requestor to access data of a sharer stored behind a firewall;
  
  means for routing the plurality of requests to one or more available services;
  
  means for verifying if the request is associated with a key that permits access to the data;
  
  means for establishing a secure tunnel between a sharer of the data and the requestor; and
  
  means for automatically estimating a level of security of an environment of the sharer in which the data is stored.
- View Dependent Claims (26, 27)
- - 26. The system of claim 25, further comprising means for determining which of the one or more available services to route selected requests of the plurality of requests.
  - 27. The system of claim 25, further comprising means for load balancing the plurality of requests between the one or more available services.

28. A computer-readable medium having computer-executable instructions for performing a method of sharing data, the method comprising:
- receiving a request from a requestor to access data of a sharer stored behind a firewall;
  
  verifying if the request is associated with a key that permits access to the data;
  
  determining one or more levels of access for the requestor; and
  
  establishing a secure tunnel between a sharer of the data and the requestor, wherein the requestor must store the data with at least the same level of security in which the data is stored at the sharer.
- View Dependent Claims (29, 30, 31, 32)
- - 29. The method of claim 28, the data is communicated between the sharer and the requestor by at least one of the sharer pushing the data to the requestor and the requestor pulling the data from the sharer.
  - 30. The method of claim 28, further comprising dynamically creating a shared space for the shared data based on information that includes at least one of a physical location, a network location, date and time, and a virtual location.
  - 31. The method of claim 30, further comprising automatically altering a share name of the shared space using the information.
  - 32. The method of claim 30, further comprising automatically creating an additional code that facilitates redirection to and access of the shared data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Marcjan, Cezary
Primary Examiner(s)
Zand; Kambiz
Assistant Examiner(s)
Cervetti; David Garcia

Application Number

US10/733,219
Publication Number

US 20050132221A1
Time in Patent Office

1,559 Days
Field of Search

726/4, 726/12
US Class Current

726/12
CPC Class Codes

H04L 2212/00   Encapsulation of packets

H04L 63/029   Firewall traversal, e.g. tu...

H04L 63/0428   wherein the data content is...

H04L 63/101   Access control lists [ACL]

Firewall tunneling and security service

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

88 Citations

32 Claims

Specification

Solutions

Use Cases

Quick Links

Firewall tunneling and security service

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

88 Citations

32 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links