Security modes for a routing table distributed across multiple mesh nodes

US 7,987,290 B2
Filed: 12/21/2007
Issued: 07/26/2011
Est. Priority Date: 12/21/2007
Status: Expired due to Fees

First Claim

Patent Images

1. A method, comprising:

receiving, by a first node of a distributed mesh, a DRT flood message from a second node of the distributed mesh, wherein the first node stores a local portion of a Distributed Routing Table (DRT), the DRT being distributed across the mesh for determining addresses of individual nodes of the mesh, wherein the DRT is configured to implement a set of one or more DRT security modes allowing the DRT to be configured with one or more security settings for the mesh;

storing a security identification (ID) for the first node, the security ID for the first node having a first issuer;

determining a security identification (ID) for the second node, the security ID for the second node having a second issuer;

comparing the second issuer of the security ID for the second node with the first issuer of the security ID for the first node;

when the second issuer matches the first issuer;

authenticating the DRT flood message; and

updating the local portion of the DRT stored on the first node with a key or IP address included in the DRT flood message received from the second node; and

when the second issuer does not match the first issuer, failing the DRT flood message.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A mesh is joined by a node, wherein the mesh includes a Distributed Routing Table (DRT) for determining addresses of nodes in the mesh. A DRT message is processed in accordance with a security mode of the DRT.

17 Citations

View as Search Results

20 Claims

1. A method, comprising:
- receiving, by a first node of a distributed mesh, a DRT flood message from a second node of the distributed mesh, wherein the first node stores a local portion of a Distributed Routing Table (DRT), the DRT being distributed across the mesh for determining addresses of individual nodes of the mesh, wherein the DRT is configured to implement a set of one or more DRT security modes allowing the DRT to be configured with one or more security settings for the mesh;
  
  storing a security identification (ID) for the first node, the security ID for the first node having a first issuer;
  
  determining a security identification (ID) for the second node, the security ID for the second node having a second issuer;
  
  comparing the second issuer of the security ID for the second node with the first issuer of the security ID for the first node;
  
  when the second issuer matches the first issuer;
  
  authenticating the DRT flood message; and
  
  updating the local portion of the DRT stored on the first node with a key or IP address included in the DRT flood message received from the second node; and
  
  when the second issuer does not match the first issuer, failing the DRT flood message.
- View Dependent Claims (2, 3, 12, 13, 14, 15, 16)
- - 2. The method of claim 1, wherein at least a portion of the DRT flood message is encrypted, the method further comprising:
    - a decrypting the portion of the DRT flood message.
  - 3. The method of claim 1, further comprising:
    - receiving the security ID for the first node from a security identification service.
  - 12. The method of claim 1, wherein the security ID of the second node is included in the DRT flood message.
  - 13. The method of claim 1, wherein the DRT flood message signals a presence of a key for the second node.
  - 14. The method of claim 13, wherein updating the local portion of the DRT stored on the first node includes adding the key for the second node to the local portion of the DRT.
  - 15. The method of claim 1, wherein each of the individual nodes of the mesh stores a portion of the DRT as a local DRT.
  - 16. The method of claim 15, further comprising:
    - receiving a DRT lookup message asking the first node to search for a key for the second node in the local portion of the DRT stored on the first node.

4. One or more computer readable storage media including computer readable instructions that when executed by a computing device perform operations comprising:
- receiving a security identification (ID) from a security ID service;
  
  executing an application for use with a peer-to-peer mesh comprising a Distributed Routing Table (DRT) for determining addresses of nodes of the peer-to-peer mesh, wherein the DRT is configured to implement a set of DRT security modes allowing the DRT to be configured with DRT security settings for the peer-to-peer mesh, and wherein the application is pre-programmed with at least one of the DRT security settings; and
  
  processing a DRT message, from an individual node of the peer-to-peer mesh or joining the peer-to-peer mesh, in accordance with at least one of the DRT security modes using the security ID, wherein the at least one DRT security mode provides access to at least part of the DRT based on whether the DRT message is authenticated.
- View Dependent Claims (5, 6, 7, 8, 9, 10)
- - 5. The one or more computer readable storage media of claim 4 wherein the DRT message comprises a DRT flood message sent to a receiving node of the peer-to-peer mesh;
    - the operations further comprising providing the security ID to the receiving node when requested by the receiving node.
  - 6. The one or more computer readable storage media of claim 4 wherein processing the DRT message includes:
    - when the at least one DRT security mode includes a basic mode,receiving the DRT message, wherein the DRT message includes a DRT flood message;
      
      authenticating the DRT flood message using the security ID;
      
      when the DRT flood message is authenticated, processing the DRT flood message; and
      
      when the DRT flood message is not authenticated, failing the DRT flood message.
  - 7. The one or more computer readable storage media of claim 4 wherein processing the DRT message includes:
    - when the at least one DRT security mode includes a membership mode,receiving the DRT message, wherein the DRT message includes a DRT lookup message;
      
      authenticating the DRT lookup message using the security ID;
      
      when the DRT lookup message is authenticated, processing the DRT lookup message; and
      
      when the DRT lookup message is not authenticated, failing the DRT lookup message.
  - 8. The one or more computer readable storage media of claim 4 wherein processing the DRT message includes:
    - when the at least one DRT security mode includes a confidentiality mode,constructing the DRT message;
      
      encrypting a portion of the DRT message; and
      
      sending the DRT message.
  - 9. The one or more computer readable storage media of claim 4 wherein processing the DRT message includes:
    - when the DRT security mode includes a confidentiality mode,receiving the DRT message, wherein a portion of the DRT message is encrypted;
      
      decrypting the encrypted portion of the DRT message; and
      
      processing the DRT message.
  - 10. The one or more computer readable storage media of claim 9 wherein the computer readable instructions when executed further perform operations comprising:
    - establishing an encryption scheme with the individual node.

11. A peer-to-peer mesh, comprising:
- a plurality of nodes, wherein individual nodes store corresponding portions of a Distributed Routing Table (DRT) as local DRTs, and wherein the DRT is configured to implement a set of DRT security modes; and
  
  a first security module corresponding to a first node of the plurality of nodes, wherein the first security module is configured to operate in accordance with at least one DRT security mode of the set of DRT security modes by;
  
  receiving a DRT message from a second node of the plurality of nodes;
  
  comparing a security identification (ID) of the first node with a security ID of the second node;
  
  when issuers of the security ID of the first node and the security ID of the second node match, authenticating the DRT message and accessing the local DRT for the first node, based on the DRT message; and
  
  failing the DRT message when the issuers of the security IDs of the first node and the second node do not match.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The peer-to-peer mesh of claim 11, wherein the DRT message comprises a DRT flood message published by the second node and signaling a presence of a key for the second node.
  - 18. The peer-to-peer mesh of claim 17, wherein the first security module is further configured to add the key to the local DRT for the first node, when the issuer of the security ID of the first node matches the issuer of the security ID of the second node.
  - 19. The peer-to-peer mesh of claim 11, wherein the DRT message comprises a DRT lookup message asking one or more of the individual nodes to search the local DRTs for a key for the an individual node.
  - 20. The peer-to-peer mesh of claim 19, further comprising:
    - when the DRT lookup message is authenticated, responding to the DRT lookup message with a network address corresponding to the key for the individual node; and
      
      when the DRT lookup message is failed, ignoring the DRT lookup message or responding to the DRT lookup message with an error message.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Ransom, Kevin C., Barton, Tyler M., Pamulapati, Ramakrishna P., Singhal, Sandeep K., Dewey, Jeremy L., Manion, Todd R.
Primary Examiner(s)
Pwu; Jeffrey
Assistant Examiner(s)
Musa; Abdelnabi O

Application Number

US11/963,782
Publication Number

US 20090164663A1
Time in Patent Office

1,313 Days
Field of Search

709/243, 709/244, 709/242, 709/245, 709/241
US Class Current

709/243
CPC Class Codes

H04L 45/00   Routing or path finding of ...

H04L 45/44   Distributed routing

H04L 45/54   Organization of routing tables

H04L 63/0823   using certificates cryptogr...

H04L 63/20   for managing network securi...

Security modes for a routing table distributed across multiple mesh nodes

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

17 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Security modes for a routing table distributed across multiple mesh nodes

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

17 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links