Secure federation of data communications networks
First Claim
Patent Images
1. A method performed by an edge proxy server for federating a network in a direct federation mode, comprising:
- receiving an indication a list of authorized entities;
receiving a message;
verifying that the message was sent by an authorized and authenticated entity; and
after verifying that the message was sent by an authorized and authenticated entity,determining a next hop for the message wherein the next hop identifies a computing device to which the message will be routed next; and
forwarding the message to the next hop.
2 Assignments
0 Petitions
Accused Products
Abstract
Techniques for secure federation of data communications networks are provided. The techniques employ an edge proxy server to route messages depending on a federation mode. In Direct federation mode, an edge proxy server of a network is configured to exchange messages with a specified set of entities, such as other networks, servers, other devices, or users. In Automatic federation mode, an edge proxy server may accept all incoming messages from entities that have a valid certificate. In Clearinghouse federation mode, the edge proxy server forwards all outgoing messages to a specified, trusted clearinghouse server.
49 Citations
36 Claims
-
1. A method performed by an edge proxy server for federating a network in a direct federation mode, comprising:
-
receiving an indication a list of authorized entities; receiving a message; verifying that the message was sent by an authorized and authenticated entity; and after verifying that the message was sent by an authorized and authenticated entity, determining a next hop for the message wherein the next hop identifies a computing device to which the message will be routed next; and forwarding the message to the next hop. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method performed by an edge proxy server for federating a network in an automatic federation mode, comprising:
-
receiving a message; verifying that the message was sent by an authenticated entity; determining whether a certificate indicated in a header field of the received message appears in a list of revoked certificates; and when the received message is an incoming message, verifying that a uniform resource identifier indicated for a sender of the message matches a domain from which the message was received; and when the received message is an outgoing message, querying a domain name service. - View Dependent Claims (11)
-
-
12. An edge proxy server system for federating a network, comprising:
-
a component that receives an indication of a federation mode for the proxy server; a component that receives a message; a component that authenticates a sender of the received message based on the indicated federation mode; and a component that handles the message based on the indicated federation mode and whether the sender of the received message is authenticated. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30)
-
-
31. A computer-readable medium having computer-executable instructions for performing steps, comprising:
-
receiving an indication of authorized entities; receiving a message; determining whether an entity that sent the message is authorized; and when the entity that sent the message is authorized, authenticating the authorized entity, wherein the authenticating includes determining whether the message was received on a valid connection; and when the authorized entity is authenticated, determining a next hop for the message wherein the next hop identifies a computing device to which the message will be routed next; and forwarding the message to the next hop. - View Dependent Claims (32)
-
-
33. An edge proxy server for federating a network, comprising:
-
means for establishing sessions with computing devices; means for authorizing the computing devices; means for validating messages from or to the computing devices; means for determining a destination for the validated messages; and means for routing the messages to the determined destination depending on a federation mode. - View Dependent Claims (34, 35, 36)
-
Specification