Method and apparatus for secure IM communications using an IM module

US 7,673,004 B1
Filed: 01/07/2005
Issued: 03/02/2010
Est. Priority Date: 08/31/2004
Status: Active Grant

First Claim

Patent Images

1. A method for enabling secure instant message (IM) communication, the method comprising:

receiving, at a first computer system configured to proxy IM communications within a first communications network between IM clients of the same IM network unmodified in each of a plurality of IM network protocols, a plurality of policies for each IM network in a plurality of IM networks that are applicable to characteristics of IMs associated with a corresponding IM network protocol in the plurality of IM network protocols, each policy received at the computer system defining;

a set of characteristics pertaining to at least one IM network protocol in the plurality of IM network protocols or content of one or more IMs in the at least one IM network protocol in the plurality of IM network protocols, andan action to be performed using the computer system when one or more characteristics of at least one of the IMs handled by the computer system satisfy the set of characteristics defined in the policy;

receiving, at the first computer system, an IM in a first IM network protocol in the plurality of IM network protocols from a first IM client associated with the first communications network, the IM being addressed to an instant messaging username;

sending a query in at least one of the plurality of IM network protocols from the first computer system to the instant messaging username in response to performance of an action defined in at least one policy determined from the plurality of policies that are applicable to characteristics of IMs in the first IM network protocol based on one or more characteristics pertaining to the first IM network protocol of the IM or to content of the IM, the query requesting security capabilities of a second IM client associated with the instant messaging username;

receiving, at the first computer system, a response in at least one of the plurality of IM network protocols to the query requesting security capabilities of the second IM client from a second computer system, the second computer system configured to proxy IM communications within a second communications network between IM clients of the same IM network unmodified in each of a plurality of IM network protocols, wherein the response to the query requesting security capabilities of the second IM client comprises security capabilities information of the second computer system configured to proxy IM communications within a second communications network between IM clients of the same IM network unmodified in each of a plurality of IM network protocols;

determining, at the first computer system, whether the second IM client associated with the instant messaging username receives IMs through the second computer system via a public IM network using one of the plurality of IM network protocols based on the response;

determining, at the first computer system, whether the second computer system is capable of receiving secure IM communications from the first computer system for the second IM client based on the response;

based on positive determinations that the second IM client associated with the instant messaging username receives IMs through the second computer system and the second computer system is capable of receiving secure IM communications for the second IM client from the first computer system, encrypting at least a portion of the IM at the first computer system; and

sending the encrypted at least a portion of the IM to the instant messaging username using the first computer system, wherein the second computer system receives the encrypted at least a portion of the IM, decrypts at least a portion of the IM, and sends the decrypted at least a portion of the IM to the instant messaging username.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques for enabling secure communications between IM modules are provided. An IM is received from a first IM client for a second IM client at a first IM module. It is determined if the second IM client can receive IMs through a second IM module that is capable of receiving secure communications from the first IM module. If the second IM module is capable of receiving secure communications from the first IM module, an encrypted IM is sent from the first IM module to the second IM client. The encrypted IM is received at the second IM module, which decrypts the IM and sends the decrypted IM to the second IM client.

87 Citations

View as Search Results

33 Claims

1. A method for enabling secure instant message (IM) communication, the method comprising:
- receiving, at a first computer system configured to proxy IM communications within a first communications network between IM clients of the same IM network unmodified in each of a plurality of IM network protocols, a plurality of policies for each IM network in a plurality of IM networks that are applicable to characteristics of IMs associated with a corresponding IM network protocol in the plurality of IM network protocols, each policy received at the computer system defining;
  
  a set of characteristics pertaining to at least one IM network protocol in the plurality of IM network protocols or content of one or more IMs in the at least one IM network protocol in the plurality of IM network protocols, andan action to be performed using the computer system when one or more characteristics of at least one of the IMs handled by the computer system satisfy the set of characteristics defined in the policy;
  
  receiving, at the first computer system, an IM in a first IM network protocol in the plurality of IM network protocols from a first IM client associated with the first communications network, the IM being addressed to an instant messaging username;
  
  sending a query in at least one of the plurality of IM network protocols from the first computer system to the instant messaging username in response to performance of an action defined in at least one policy determined from the plurality of policies that are applicable to characteristics of IMs in the first IM network protocol based on one or more characteristics pertaining to the first IM network protocol of the IM or to content of the IM, the query requesting security capabilities of a second IM client associated with the instant messaging username;
  
  receiving, at the first computer system, a response in at least one of the plurality of IM network protocols to the query requesting security capabilities of the second IM client from a second computer system, the second computer system configured to proxy IM communications within a second communications network between IM clients of the same IM network unmodified in each of a plurality of IM network protocols, wherein the response to the query requesting security capabilities of the second IM client comprises security capabilities information of the second computer system configured to proxy IM communications within a second communications network between IM clients of the same IM network unmodified in each of a plurality of IM network protocols;
  
  determining, at the first computer system, whether the second IM client associated with the instant messaging username receives IMs through the second computer system via a public IM network using one of the plurality of IM network protocols based on the response;
  
  determining, at the first computer system, whether the second computer system is capable of receiving secure IM communications from the first computer system for the second IM client based on the response;
  
  based on positive determinations that the second IM client associated with the instant messaging username receives IMs through the second computer system and the second computer system is capable of receiving secure IM communications for the second IM client from the first computer system, encrypting at least a portion of the IM at the first computer system; and
  
  sending the encrypted at least a portion of the IM to the instant messaging username using the first computer system, wherein the second computer system receives the encrypted at least a portion of the IM, decrypts at least a portion of the IM, and sends the decrypted at least a portion of the IM to the instant messaging username.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1, wherein receiving, at the first computer system, the response in the at least one of the plurality of IM network protocols to the query requesting security capabilities of the second IM client from the second computer system comprises receiving, at the first computer system, a security certificate of the second computer system.
  - 3. The method of claim 1, further comprising:
    - determining, with the first computer system, a type of secure IM that can be sent to the instant message username associated with the second IM client based on the security capabilities information of the second computer system.
  - 4. The method of claim 1, wherein encrypting the at least a portion of the IM at the first computer system comprises using the security capabilities information to encrypt the at least a portion of the IM at the first computer system.
  - 5. The method of claim 1, further comprisingsending another IM from the first computer system in one of the plurality of IM network protocols to the first IM client indicating that a secure IM can be sent to the second IM client based on a positive determination that the second computer system can receive secure IM communications.
  - 6. The method of claim 2, wherein receiving, at the first computer system, the security certificate of the second computer system comprises receiving, at the first computer system, a security key for the second computer system.
  - 7. The method of claim 6, further comprising:
    - authenticating, at the first computer system, the second computer system using the security key, thereby determining at the first computer system that the second computer system is capable of receiving secure IM communications.
  - 8. The method of claim 1, wherein receiving, at the first computer system, the security capabilities information of the second computer system comprises receiving, at the first computer system, a company name associated with the second computer system.
  - 9. The method of claim 8, wherein determining at the first computer system whether the second computer system is capable of receiving secure IM communications from the first computer system for the second IM client comprises performing a look up for the company name in a registry to determine if the second computer system is capable of receiving secure IM communications.
  - 10. The method of claim 1, further comprising:
    - sending another IM from the first computer system in one of the plurality of IM network protocols to the second IM client indicating that a secure IM cannot be sent to the second IM client if it is determined that the second computer system cannot receive secure IM communications.
  - 11. The method of claim 1, wherein sending the encrypted at least a portion of the IM to the instant message username using the first computer system comprises sending the encrypted at least a portion of the IM to the instant message username over the public IM network using the one of the plurality of IM network protocols.
  - 12. The method of claim 1, wherein sending the encrypted at least a portion of the IM using the first computer system comprises sending the encrypted at least a portion of the IM using the first computer system in a new IM different from the IM received.
  - 13. The method of claim 1, wherein at least one of the first IM client and second IM client comprises a public IM client.

14. A system for enabling secure instant message (IM) communications, the system comprising:
- a database configured to store a plurality of policies for each IM network in a plurality of IM networks that are applicable to characteristics of IMs associated with a corresponding IM network protocol in a plurality of IM network protocols each policy defining;
  
  a set of characteristics pertaining to at least one IM network protocol in the plurality of IM network protocols or content of one or more IMs in the at least one IM network protocol in the plurality of IM network protocols, andan action to be performed when one or more characteristics of at least one of the IMs satisfy the set of characteristics defined in the policy;
  
  a first computer system having a communications interface communicatively coupled to a first set of IM clients associated with a first communications network in a plurality of IM clients, wherein the first computer system is configured to proxy within the first communications network IMs sent from and destined for a first IM client in the first set of IM clients; and
  
  a second computer system having a communications interface communicatively coupled to a second set of IM clients associated with a second communications network in the plurality of IM clients, wherein the second computer system is configured to proxy within the second communications network IMs sent from and destined for a second IM client in the second set of IM clients;
  
  wherein the first computer system is further configured to;
  
  receive an IM in a first IM network protocol in the plurality of IM network protocols from the first IM client that is address to an instant messaging username,send a query to the instant messaging username in response to performance of an action defined in at least one policy determined from the plurality of policies that are applicable to characteristics of IMs in the first IM network protocol based on one or more characteristics pertaining to the first IM network protocol of the IM or to content of the IM, the query requesting security capabilities of the second IM client,receive a response to the query requesting security capabilities of the second IM client from the second computer system, response specifying security capabilities information of the second computer system,determine that the second IM client receives IMs through the second computer system via a public IM network using one of the plurality of IM network protocols based on the response,determine that the second computer system is capable of receiving secure IM communications from the first computer system based on the response,encrypt at least a portion of the IM, andsend the encrypted at least a portion of the IM to the instant messaging username;
  
  wherein the second computer system is further configured to;
  
  receive the encrypted at least a portion of the IM,decrypt at least a portion of the encrypted IM, andsend the decrypted at least a portion of the encrypted IM to the instant message username.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22)
- - 15. The system of claim 14, wherein the second computer system is further configured to send a response to one or more queries from the first computer system requesting security capabilities of the second IM client, the response comprising a security certificate of the second computer system.
  - 16. The system of claim 15, wherein the first computer system is configured to authenticate the security certificate of the second computer system to determine if the second computer system can receive secure IM communications from the first computer system.
  - 17. The system of claim 14, wherein the security capabilities information comprises a security key configured to authenticate the second computer system.
  - 18. The system of claim 14, wherein the security capabilities information comprises a company name associated with the second computer system.
  - 19. The system of claim 18, wherein the first computer system is further configured to look up the company name associated with the second computer system in a registry to determine if the second computer system can receive secure IM communications from the first computer system.
  - 20. The system of claim 14, wherein at least one of the first and second IM clients comprise a public IM client.
  - 21. The system of claim 14, wherein the first computer system is further configured to send the encrypted at least a portion of the IM over the public IM network using the one of the plurality of IM network protocols.
  - 22. The system of claim 14, wherein the first computer system is further configured to send the encrypted at least a portion of the IM in a new IM different from the IM received.

23. A first instant message (IM) system configured to send and receive secure IM communications, the first IM system comprising:
- a database configured to store a plurality of policies for each IM network in a plurality of IM networks that are applicable to characteristics of IMs associated with a corresponding IM network protocol in a plurality of IM network protocols each policy defining;
  
  a set of characteristics pertaining to at least one IM network protocol in the plurality of IM network protocols or content of one or more IMs in the at least one IM network protocol in the plurality of IM network protocols, andan action to be performed when one or more characteristics of at least one of the IMs satisfy the set of characteristics defined in the policy;
  
  a processor; and
  
  a memory coupled to the processor and configured to store a set of program modules executable by the processor, the set of program modules including;
  
  a receiver module configured to receive an IM in a first IM network protocol in the plurality of IM network protocols from a first IM client, the IM being addressed to an instant message username;
  
  a secure communication analyzer module configured to;
  
  determine whether a second IM client associated with the instant message username receives IMs through a second IM system via a public IM network using one of the plurality of IM network protocols based on information received from the second IM system in response to one or more queries sent to the instant messaging username requesting security capabilities of the second IM client, anddetermine whether the second IM system is capable of receiving secure IM communications from the first IM system based on the information received from the second IM system;
  
  an encrypting processor module configured to encrypt at least a portion of the based on a determination that the second IM client associated with the instant message username receives IMs through the second IM system and the second IM system is capable of receiving secure IM communications from the first IM system; and
  
  a communicator module configured to;
  
  send a query to the instant messaging username in response to performance of an action defined in at least one policy determined from the plurality of policies that are applicable to characteristics of IMs in the first IM network protocol based on one or more characteristics pertaining to the first IM network protocol of the IM or to content of the IM, the query requesting the security capabilities of the any IM clients associated with the instant messaging username, andsend the encrypted at least a portion of the IM to the instant message username;
  
  wherein the second IM system receives the encrypted at least a portion of the IM, decrypts at least a portion of the encrypted IM, and sends the decrypted at least a portion of the encrypted IM to the instant messaging username.
- View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31, 32, 33)
- - 24. The first IM system of claim 23, further comprising a query server module configured to generate the one or more queries sent to the instant message username requesting the security capabilities of the second IM client.
  - 25. The first IM system of claim 24, further comprising a response receiver module configured to receive a response to the one or more queries sent to the instant messaging username requesting security capabilities of the second IM client, the response comprising security capabilities information of the second IM system.
  - 26. The first IM system of claim 25, further comprising an authenticator module configured to authenticate the security capabilities information to determine if the second IM system can receive secure IM communications from the first IM system.
  - 27. The first IM system of claim 26, wherein the security capabilities information comprises a security key used to authenticate the second IM system.
  - 28. The first IM system of claim 26, wherein the security capabilities information comprises a company name used to identify the second IM system.
  - 29. The first IM system of claim 28, further comprising a registry query processor module configured to look up the company name in a registry to determine whether or not the second IM system can receive secure IM communications.
  - 30. The first IM system of claim 23, wherein the communicator module is configured to send an IM to the second IM client indicating that a secure IM cannot be sent to the second IM client if it is determined that the second IM system cannot receive secure IM communications.
  - 31. The first IM system of claim 23, wherein the encrypted at least a portion of the IM is sent over the public IM network.
  - 32. The first IM system of claim 23, wherein the at least a portion of the IM is encrypted and sent in a new IM different from the IM received.
  - 33. The first IM system of claim 23, wherein at least one of the first IM client and second IM client comprises a public IM client.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Actiance, Inc.
Original Assignee
Facetime Communications Incorporated
Inventors
Sherstinsky, Alex, Petviashvili, Joseph, Christensen, Jonathan, Mandel, Eugene
Primary Examiner(s)
Bui; Kieu Oanh
Assistant Examiner(s)
Song; Hee

Application Number

US11/031,419
Time in Patent Office

1,880 Days
Field of Search

726/11, 726/14, 709/206, 709/229, 709/232, 709/246, 709/314, 709/207, 713/150, 713/151, 713/153, 713/154, 713/160, 713/161, 713/164, 713/168, 713/175, 713/200, 713/201, 713/156, 380/259, 705/50, 705/55, 705/51
US Class Current

709/206
CPC Class Codes

H04L 51/04   Real-time or near real-time...

H04L 63/0428   wherein the data content is...

H04L 63/20   for managing network securi...

Method and apparatus for secure IM communications using an IM module

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

87 Citations

33 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for secure IM communications using an IM module

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

87 Citations

33 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links