Secure federation of data communications networks

US 8,112,796 B2
Filed: 01/09/2009
Issued: 02/07/2012
Est. Priority Date: 05/27/2004
Status: Active Grant

First Claim

Patent Images

1. A method performed by an edge proxy server having a central processing unit for federating a network in a clearinghouse federation mode, comprising:

receiving a list of trusted entities;

receiving by the central processing unit a message from a sending computing device, the message indicating a recipient;

upon receiving the message from the sending computing device,determining whether the recipient indicated by the message is associated with a trusted entity specified by the received list;

if the recipient indicated by the message is associated with a trusted entity specified by the received list,identifying a computing device associated with the trusted entity as a next hop for the received message and forwarding the message to the identified computing device associated with the trusted entity; and

if the recipient indicated by the message is not associated with a trusted entity specified by the received list,forwarding the received message to a clearinghouse server so that the clearinghouse server can identify a next hop for the message so that the message can be forwarded to the recipient specified in the message, the next hop identifying a computing device to which the message will be routed next, the clearinghouse server configured to enable federation of networks, thereby causing the sending computing device and the recipient to establish a session in which subsequent messages do not transit the clearinghouse server.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques for secure federation of data communications networks are provided. The techniques employ an edge proxy server to route messages depending on a federation mode. In Direct federation mode, an edge proxy server of a network is configured to exchange messages with a specified set of entities, such as other networks, servers, other devices, or users. In Automatic federation mode, an edge proxy server may accept all incoming messages from entities that have a valid certificate. In Clearinghouse federation mode, the edge proxy server forwards all outgoing messages to a specified, trusted clearinghouse server.

30 Citations

View as Search Results

20 Claims

1. A method performed by an edge proxy server having a central processing unit for federating a network in a clearinghouse federation mode, comprising:
- receiving a list of trusted entities;
  
  receiving by the central processing unit a message from a sending computing device, the message indicating a recipient;
  
  upon receiving the message from the sending computing device,determining whether the recipient indicated by the message is associated with a trusted entity specified by the received list;
  
  if the recipient indicated by the message is associated with a trusted entity specified by the received list,identifying a computing device associated with the trusted entity as a next hop for the received message and forwarding the message to the identified computing device associated with the trusted entity; and
  
  if the recipient indicated by the message is not associated with a trusted entity specified by the received list,forwarding the received message to a clearinghouse server so that the clearinghouse server can identify a next hop for the message so that the message can be forwarded to the recipient specified in the message, the next hop identifying a computing device to which the message will be routed next, the clearinghouse server configured to enable federation of networks, thereby causing the sending computing device and the recipient to establish a session in which subsequent messages do not transit the clearinghouse server.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1 including verifying that the message was received on a valid connection.
  - 3. The method of claim 1 wherein a header field of the received message includes a digital certificate.
  - 4. The method of claim 1 further comprising establishing using a session initiation protocol a session between a sender of the received message and the recipient specified in the received message.
  - 5. The method of claim 4 wherein subsequent messages in the session initiation protocol session transit the clearinghouse server.
  - 6. The method of claim 4 wherein subsequent messages in the session initiation protocol session transit the edge proxy server without transiting the clearinghouse server.
  - 7. The method of claim 1 wherein the edge proxy server trusts a message it receives from the clearinghouse server and so does not check whether the message it received from the clearinghouse server includes a digital certificate.
  - 8. The method of claim 1 wherein if the recipient indicated by the message is associated not with a trusted entity specified by the received list, identifying the clearinghouse server as a next hop for the received message and forwarding the message to the clearinghouse server.
  - 9. The method of claim 1 wherein the clearinghouse server indicates to which domains it can forward messages.
  - 10. The method of claim 9 further comprising receiving a list of clearinghouse servers from which it can receive messages and ignoring any message that is not received from one of the listed clearinghouse servers.

11. A computer-readable storage device storing computer-executable instructions that, when executed, cause an edge proxy server to perform a method for federating a network in a clearinghouse federation mode, the method comprising:
- receiving a list of trusted entities;
  
  receiving a message from a sending computing device, the message indicating a recipient;
  
  determining whether the recipient indicated by the message is associated with a trusted entity specified by the received list;
  
  if the recipient indicated by the message is associated with a trusted entity specified by the received list, identifying a computing device associated with the trusted entity as a next hop for the received message and forwarding the message to the identified computing device associated with the trusted entity; and
  
  if the recipient indicated by the message is not associated Pet-with a trusted entity specified by the received list, identifying a clearinghouse server as a next hop for the received message and forwarding the message to the clearinghouse server so that the clearinghouse server can identify a next hop for the message so that the message can be forwarded to the recipient specified in the message, the next hop identifying a computing device to which the message will be routed next, the clearinghouse server configured to enable federation of networks.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The method of claim 11 wherein subsequent messages in a session between a sender of the received message and the recipient transit the clearinghouse server.
  - 13. The method of claim 11 wherein subsequent messages in a session between a sender of the received message and the recipient transit the edge proxy server without transiting the clearinghouse server.
  - 14. The method of claim 11 wherein the edge proxy server does not check whether messages it receives from the clearinghouse server includes a digital certificate.
  - 15. The method of claim 11 wherein the edge proxy server does not verify a validity of any digital certificate included with messages the edge proxy server receives from the clearinghouse server.

16. An edge proxy server having a central processing unit for federating a network in a clearinghouse federation mode, comprising:
- a processor and memory;
  
  a component that is configured to receive a message from a sending computing device, the message indicating a recipient;
  
  a received list of trusted entities;
  
  a component that is configured to process the received message based on the recipient indicated for the message, wherein if the recipient indicated by the message is associated with a trusted entity specified by the received list, the component configured to process identifies a computing device associated with the trusted entity as a next hop for the received message and forwarding the message to the identified computing device associated with the trusted entity, and if the recipient indicated by the message is not associated with a trusted entity specified by the received list, the component configured to process identifies a clearinghouse server as a next hop for the received message and forwards the received message to the clearinghouse server so that the clearinghouse server can identify a next hop for the message so that the message can be forwarded to the recipient specified in the message, the next hop identifying a computing device to which the message will be routed next, the clearinghouse server configured to enable federation of networks.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The system of claim 16 wherein the edge proxy server further comprises a transport component that is configured to establish a session with a computing device with which the edge proxy server exchanges messages.
  - 18. The system of claim 17 wherein the transport component controls a session it establishes with the computing device with which the edge proxy server exchanges messages.
  - 19. The system of claim 16 wherein the edge proxy server further comprises a routing component that is configured to determine whether the received message should be forwarded based on contents of a header field in the received message.
  - 20. The system of claim 19 wherein the routing component determines whether the received message should be forwarded based on an indication of a federation mode in which the edge proxy server is configured to operate.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Buch, Jeremy, Kimchi, Gur, Shoroff, Srikanth
Primary Examiner(s)
Zand, Kambiz
Assistant Examiner(s)
BAYOU, YONAS A

Application Number

US12/351,781
Publication Number

US 20090164664A1
Time in Patent Office

1,124 Days
Field of Search

726/12
US Class Current

726/12
CPC Class Codes

H04L 63/0823 using certificates cryptogr...

H04L 63/10 for controlling access to d...

Secure federation of data communications networks

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

30 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Secure federation of data communications networks

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

30 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links