Method and apparatus for secure IM communications using an IM module
First Claim
Patent Images
1. A method for enabling secure instant message (IM) communication, the method comprising:
- receiving, at a first computer system configured to proxy IM communications within a first communications network between IM clients of the same IM network unmodified in each of a plurality of IM network protocols, a plurality of policies for each IM network in a plurality of IM networks that are applicable to characteristics of IMs associated with a corresponding IM network protocol in the plurality of IM network protocols, each policy received at the computer system defining;
a set of characteristics pertaining to at least one IM network protocol in the plurality of IM network protocols or content of one or more IMs in the at least one IM network protocol in the plurality of IM network protocols, andan action to be performed using the computer system when one or more characteristics of at least one of the IMs handled by the computer system satisfy the set of characteristics defined in the policy;
receiving, at the first computer system, an IM in a first IM network protocol in the plurality of IM network protocols from a first IM client associated with the first communications network, the IM being addressed to an instant messaging username;
sending a query in at least one of the plurality of IM network protocols from the first computer system to the instant messaging username in response to performance of an action defined in at least one policy determined from the plurality of policies that are applicable to characteristics of IMs in the first IM network protocol based on one or more characteristics pertaining to the first IM network protocol of the IM or to content of the IM, the query requesting security capabilities of a second IM client associated with the instant messaging username;
receiving, at the first computer system, a response in at least one of the plurality of IM network protocols to the query requesting security capabilities of the second IM client from a second computer system, the second computer system configured to proxy IM communications within a second communications network between IM clients of the same IM network unmodified in each of a plurality of IM network protocols, wherein the response to the query requesting security capabilities of the second IM client comprises security capabilities information of the second computer system configured to proxy IM communications within a second communications network between IM clients of the same IM network unmodified in each of a plurality of IM network protocols;
determining, at the first computer system, whether the second IM client associated with the instant messaging username receives IMs through the second computer system via a public IM network using one of the plurality of IM network protocols based on the response;
determining, at the first computer system, whether the second computer system is capable of receiving secure IM communications from the first computer system for the second IM client based on the response;
based on positive determinations that the second IM client associated with the instant messaging username receives IMs through the second computer system and the second computer system is capable of receiving secure IM communications for the second IM client from the first computer system, encrypting at least a portion of the IM at the first computer system; and
sending the encrypted at least a portion of the IM to the instant messaging username using the first computer system, wherein the second computer system receives the encrypted at least a portion of the IM, decrypts at least a portion of the IM, and sends the decrypted at least a portion of the IM to the instant messaging username.
7 Assignments
0 Petitions
Accused Products
Abstract
Techniques for enabling secure communications between IM modules are provided. An IM is received from a first IM client for a second IM client at a first IM module. It is determined if the second IM client can receive IMs through a second IM module that is capable of receiving secure communications from the first IM module. If the second IM module is capable of receiving secure communications from the first IM module, an encrypted IM is sent from the first IM module to the second IM client. The encrypted IM is received at the second IM module, which decrypts the IM and sends the decrypted IM to the second IM client.
87 Citations
33 Claims
-
1. A method for enabling secure instant message (IM) communication, the method comprising:
-
receiving, at a first computer system configured to proxy IM communications within a first communications network between IM clients of the same IM network unmodified in each of a plurality of IM network protocols, a plurality of policies for each IM network in a plurality of IM networks that are applicable to characteristics of IMs associated with a corresponding IM network protocol in the plurality of IM network protocols, each policy received at the computer system defining; a set of characteristics pertaining to at least one IM network protocol in the plurality of IM network protocols or content of one or more IMs in the at least one IM network protocol in the plurality of IM network protocols, and an action to be performed using the computer system when one or more characteristics of at least one of the IMs handled by the computer system satisfy the set of characteristics defined in the policy; receiving, at the first computer system, an IM in a first IM network protocol in the plurality of IM network protocols from a first IM client associated with the first communications network, the IM being addressed to an instant messaging username; sending a query in at least one of the plurality of IM network protocols from the first computer system to the instant messaging username in response to performance of an action defined in at least one policy determined from the plurality of policies that are applicable to characteristics of IMs in the first IM network protocol based on one or more characteristics pertaining to the first IM network protocol of the IM or to content of the IM, the query requesting security capabilities of a second IM client associated with the instant messaging username; receiving, at the first computer system, a response in at least one of the plurality of IM network protocols to the query requesting security capabilities of the second IM client from a second computer system, the second computer system configured to proxy IM communications within a second communications network between IM clients of the same IM network unmodified in each of a plurality of IM network protocols, wherein the response to the query requesting security capabilities of the second IM client comprises security capabilities information of the second computer system configured to proxy IM communications within a second communications network between IM clients of the same IM network unmodified in each of a plurality of IM network protocols; determining, at the first computer system, whether the second IM client associated with the instant messaging username receives IMs through the second computer system via a public IM network using one of the plurality of IM network protocols based on the response; determining, at the first computer system, whether the second computer system is capable of receiving secure IM communications from the first computer system for the second IM client based on the response; based on positive determinations that the second IM client associated with the instant messaging username receives IMs through the second computer system and the second computer system is capable of receiving secure IM communications for the second IM client from the first computer system, encrypting at least a portion of the IM at the first computer system; and sending the encrypted at least a portion of the IM to the instant messaging username using the first computer system, wherein the second computer system receives the encrypted at least a portion of the IM, decrypts at least a portion of the IM, and sends the decrypted at least a portion of the IM to the instant messaging username. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A system for enabling secure instant message (IM) communications, the system comprising:
-
a database configured to store a plurality of policies for each IM network in a plurality of IM networks that are applicable to characteristics of IMs associated with a corresponding IM network protocol in a plurality of IM network protocols each policy defining; a set of characteristics pertaining to at least one IM network protocol in the plurality of IM network protocols or content of one or more IMs in the at least one IM network protocol in the plurality of IM network protocols, and an action to be performed when one or more characteristics of at least one of the IMs satisfy the set of characteristics defined in the policy; a first computer system having a communications interface communicatively coupled to a first set of IM clients associated with a first communications network in a plurality of IM clients, wherein the first computer system is configured to proxy within the first communications network IMs sent from and destined for a first IM client in the first set of IM clients; and a second computer system having a communications interface communicatively coupled to a second set of IM clients associated with a second communications network in the plurality of IM clients, wherein the second computer system is configured to proxy within the second communications network IMs sent from and destined for a second IM client in the second set of IM clients; wherein the first computer system is further configured to; receive an IM in a first IM network protocol in the plurality of IM network protocols from the first IM client that is address to an instant messaging username, send a query to the instant messaging username in response to performance of an action defined in at least one policy determined from the plurality of policies that are applicable to characteristics of IMs in the first IM network protocol based on one or more characteristics pertaining to the first IM network protocol of the IM or to content of the IM, the query requesting security capabilities of the second IM client, receive a response to the query requesting security capabilities of the second IM client from the second computer system, response specifying security capabilities information of the second computer system, determine that the second IM client receives IMs through the second computer system via a public IM network using one of the plurality of IM network protocols based on the response, determine that the second computer system is capable of receiving secure IM communications from the first computer system based on the response, encrypt at least a portion of the IM, and send the encrypted at least a portion of the IM to the instant messaging username; wherein the second computer system is further configured to; receive the encrypted at least a portion of the IM, decrypt at least a portion of the encrypted IM, and send the decrypted at least a portion of the encrypted IM to the instant message username. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. A first instant message (IM) system configured to send and receive secure IM communications, the first IM system comprising:
-
a database configured to store a plurality of policies for each IM network in a plurality of IM networks that are applicable to characteristics of IMs associated with a corresponding IM network protocol in a plurality of IM network protocols each policy defining; a set of characteristics pertaining to at least one IM network protocol in the plurality of IM network protocols or content of one or more IMs in the at least one IM network protocol in the plurality of IM network protocols, and an action to be performed when one or more characteristics of at least one of the IMs satisfy the set of characteristics defined in the policy; a processor; and a memory coupled to the processor and configured to store a set of program modules executable by the processor, the set of program modules including; a receiver module configured to receive an IM in a first IM network protocol in the plurality of IM network protocols from a first IM client, the IM being addressed to an instant message username; a secure communication analyzer module configured to; determine whether a second IM client associated with the instant message username receives IMs through a second IM system via a public IM network using one of the plurality of IM network protocols based on information received from the second IM system in response to one or more queries sent to the instant messaging username requesting security capabilities of the second IM client, and determine whether the second IM system is capable of receiving secure IM communications from the first IM system based on the information received from the second IM system; an encrypting processor module configured to encrypt at least a portion of the based on a determination that the second IM client associated with the instant message username receives IMs through the second IM system and the second IM system is capable of receiving secure IM communications from the first IM system; and a communicator module configured to; send a query to the instant messaging username in response to performance of an action defined in at least one policy determined from the plurality of policies that are applicable to characteristics of IMs in the first IM network protocol based on one or more characteristics pertaining to the first IM network protocol of the IM or to content of the IM, the query requesting the security capabilities of the any IM clients associated with the instant messaging username, and send the encrypted at least a portion of the IM to the instant message username; wherein the second IM system receives the encrypted at least a portion of the IM, decrypts at least a portion of the encrypted IM, and sends the decrypted at least a portion of the encrypted IM to the instant messaging username. - View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31, 32, 33)
-
Specification