Discovery, access control, and communication with networked services from within a security sandbox

US 8,180,891 B1
Filed: 11/23/2009
Issued: 05/15/2012
Est. Priority Date: 11/26/2008
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving, from a first device, a globally unique identifier for a service offered by the first device and a first public internet protocol (IP) address for the first device that was translated by a network address translator;

receiving a discovery request that includes a second public IP address for a first sandbox;

determining, for the first sandbox, a list of services offered;

determining that the first and second public IP addresses are identical;

sending the list of services to the first sandbox, the list of services including the service offered by the first device and including the globally unique identifier;

receiving a service request for the service offered by the first device, the service request including the globally unique identifier; and

forwarding the service request to the first device using the globally unique identifier.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Particular embodiments permit a computer program running within a security sandbox to discover and communicate with networked services for example print servers, or remote control programming interfaces for TVs, stereos, and game boxes. The sandbox allows the computer program to originate unicast connections to a limited set of hosts but otherwise provides no access to the network. Particular embodiments may require no prior install, zero configuration, no account names or passwords, and yet resists spam. This is achieved by using centralized global infrastructure to coordinate the communications rather than local multicast, anycast, or datalink broadcast.

Citations

20 Claims

1. A method comprising:
- receiving, from a first device, a globally unique identifier for a service offered by the first device and a first public internet protocol (IP) address for the first device that was translated by a network address translator;
  
  receiving a discovery request that includes a second public IP address for a first sandbox;
  
  determining, for the first sandbox, a list of services offered;
  
  determining that the first and second public IP addresses are identical;
  
  sending the list of services to the first sandbox, the list of services including the service offered by the first device and including the globally unique identifier;
  
  receiving a service request for the service offered by the first device, the service request including the globally unique identifier; and
  
  forwarding the service request to the first device using the globally unique identifier.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the list of services includes a protected function that is available to programs running on a private network that the first device also runs on.
  - 3. The method of claim 2, wherein the protected function includes at least one of an instruction to delete a file, add content, add metadata and play content.
  - 4. The method of claim 1, further comprising:
    - receiving, from a first sandbox, an identifier corresponding to a second sandbox and a payload; and
      
      transmitting the payload to the second sandbox.
  - 5. The method of claim 4, wherein the first sandbox and the second sandbox communicate with each other via a programming interface.
  - 6. The method of claim 1, wherein a human name describing the first device is included in the list of services.
  - 7. The method of claim 1, wherein the globally unique identifier uniquely identifies the first device if the first public IP address of the first device changes.
  - 8. The method of claim 1, wherein the discovery request specifies a type of service.

9. A device comprising:
- a processor; and
  
  a discovery service stored on a memory and executed by the processor, the discovery service for receiving from a first device a globally unique identifier for a service offered by the first device and a first public internet protocol (IP) address for the first device that was translated by a network address translator, for receiving a discovery request that includes a second public IP address for the first sandbox, for determining for the first sandbox a list of services, for determining that the first and second public IP addresses are identical, for sending the list of services to the first sandbox, the list of services including the service offered by the first device and including the globally unique identifier, for receiving a service request for the service offered by the first device, the service request including the globally unique identifier and for forwarding the service request to the first device using the globally unique identifier.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The system of claim 9, wherein the list of services includes a protected function that is available to programs running on the private network that the first device also runs on.
  - 11. The system of claim 10, wherein the protected function includes at least one of an instruction to delete a file, add content, add metadata and play content.
  - 12. The system of claim 9, wherein the second device receives from a first sandbox an identifier corresponding to a second sandbox and a payload and transmitting the payload to the second sandbox.
  - 13. The system of claim 12, wherein the first sandbox and the second sandbox communicate with each other via a programming interface.
  - 14. The system of claim 9, wherein a human name describing the first device is included in the list of services.
  - 15. The system of claim 9, wherein the globally unique identifier uniquely identifies the first device if the first public IP address of the first device changes.
  - 16. The system of claim 9, wherein the first sandbox and the second sandbox communicate with each other via a programming interface.

17. A computer program product comprising a non-transitory computer usable medium including a computer readable program, wherein the computer readable program when executed on a computer causes the computer to perform steps comprising:
- receiving, from a first device, a globally unique identifier for a service offered by the first device and a first public internet protocol (IP) address for the first device that was translated by a network address translator;
  
  receiving, from a first sandbox, a discovery request that includes a second public IP address for the first sandbox;
  
  determining, for the first sandbox, a list of services offered;
  
  determining that the first and second public IP addresses are identical;
  
  sending the list of services to the first sandbox, the list of services including the service offered by the first device and including the globally unique identifier;
  
  receiving a service request for the service offered by the first device, the service request including the globally unique identifier; and
  
  forwarding the service request to the first device using the globally unique identifier.
- View Dependent Claims (18, 19, 20)
- - 18. The computer program product of claim 17, wherein a human name describing the first device is included in the list of services.
  - 19. The computer program product of claim 17, wherein the globally unique identifier uniquely identifies the first device if the first public IP address of the first device changes.
  - 20. The computer program product of claim 17, wherein the list of services includes a protected function that is available to programs running on a private network that the first device also runs on.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Free Stream Media Corporation
Original Assignee
Free Stream Media Corporation
Inventors
Harrison, David A.
Primary Examiner(s)
Ibrahim, Mohamed

Application Number

US12/592,377
Time in Patent Office

904 Days
Field of Search

709224-226
US Class Current

709/224
CPC Class Codes

G06F 16/783   using metadata automaticall...

G06F 21/10   Protecting distributed prog...

G06F 21/53   by executing in a restricte...

G06F 2221/033   Test or assess software

G06F 3/14   Digital output to display d...

G06Q 30/0255   based on user history

G06Q 30/0269   based on user profile or at...

G08C 17/02   using a radio link

H04L 12/18   for broadcast or conference...

H04L 2101/668   Internet protocol [IP] addr...

H04L 61/2514   between local and global IP...

H04L 61/2517   using port numbers

H04L 61/256   NAT traversal

H04L 61/2575   using address mapping retri...

H04L 61/4511   using domain name system [DNS]

H04L 61/4541   Directories for service dis...

H04L 61/5007   Internet protocol [IP] addr...

H04L 63/10   for controlling access to d...

H04L 63/102   Entity profiles

H04L 65/1069   Session establishment or de...

H04L 65/61 : for supporting one-way stre...

H04L 67/02 : based on web technology, e....

H04L 67/10 : in which an application is ...

H04L 67/141 : Setup of application sessio...

H04L 67/51 : Discovery or management the...

H04N 21/23424 : involving splicing one cont...

H04N 21/2541 : Rights Management protectin...

H04N 21/278 : Content descriptor database...

H04N 21/4126 : The peripheral being portab...

H04N 21/41407 : embedded in a portable devi...

H04N 21/4147 : PVR [Personal Video Recorde...

H04N 21/435 : Processing of additional da...

H04N 21/4415 : using biometric characteris...

H04N 21/466 : Learning process for intell...

H04N 21/6175 : involving transmission via ...

H04N 21/64322 : IP

H04N 21/812 : involving advertisement dat...

H04N 21/835 : Generation of protective da...

H04N 21/8352 : involving content or source...

H04N 21/8358 : involving watermark protect...

H04N 21/84 : Generation or processing of...

View All

Discovery, access control, and communication with networked services from within a security sandbox

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Discovery, access control, and communication with networked services from within a security sandbox

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links