Discovery, access control, and communication with networked services from within a security sandbox
First Claim
Patent Images
1. A method comprising:
- receiving, from a first device, a globally unique identifier for a service offered by the first device and a first public internet protocol (IP) address for the first device that was translated by a network address translator;
receiving a discovery request that includes a second public IP address for a first sandbox;
determining, for the first sandbox, a list of services offered;
determining that the first and second public IP addresses are identical;
sending the list of services to the first sandbox, the list of services including the service offered by the first device and including the globally unique identifier;
receiving a service request for the service offered by the first device, the service request including the globally unique identifier; and
forwarding the service request to the first device using the globally unique identifier.
2 Assignments
0 Petitions
Accused Products
Abstract
Particular embodiments permit a computer program running within a security sandbox to discover and communicate with networked services for example print servers, or remote control programming interfaces for TVs, stereos, and game boxes. The sandbox allows the computer program to originate unicast connections to a limited set of hosts but otherwise provides no access to the network. Particular embodiments may require no prior install, zero configuration, no account names or passwords, and yet resists spam. This is achieved by using centralized global infrastructure to coordinate the communications rather than local multicast, anycast, or datalink broadcast.
-
Citations
20 Claims
-
1. A method comprising:
-
receiving, from a first device, a globally unique identifier for a service offered by the first device and a first public internet protocol (IP) address for the first device that was translated by a network address translator; receiving a discovery request that includes a second public IP address for a first sandbox; determining, for the first sandbox, a list of services offered; determining that the first and second public IP addresses are identical; sending the list of services to the first sandbox, the list of services including the service offered by the first device and including the globally unique identifier; receiving a service request for the service offered by the first device, the service request including the globally unique identifier; and forwarding the service request to the first device using the globally unique identifier. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A device comprising:
-
a processor; and a discovery service stored on a memory and executed by the processor, the discovery service for receiving from a first device a globally unique identifier for a service offered by the first device and a first public internet protocol (IP) address for the first device that was translated by a network address translator, for receiving a discovery request that includes a second public IP address for the first sandbox, for determining for the first sandbox a list of services, for determining that the first and second public IP addresses are identical, for sending the list of services to the first sandbox, the list of services including the service offered by the first device and including the globally unique identifier, for receiving a service request for the service offered by the first device, the service request including the globally unique identifier and for forwarding the service request to the first device using the globally unique identifier. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A computer program product comprising a non-transitory computer usable medium including a computer readable program, wherein the computer readable program when executed on a computer causes the computer to perform steps comprising:
-
receiving, from a first device, a globally unique identifier for a service offered by the first device and a first public internet protocol (IP) address for the first device that was translated by a network address translator; receiving, from a first sandbox, a discovery request that includes a second public IP address for the first sandbox; determining, for the first sandbox, a list of services offered; determining that the first and second public IP addresses are identical; sending the list of services to the first sandbox, the list of services including the service offered by the first device and including the globally unique identifier; receiving a service request for the service offered by the first device, the service request including the globally unique identifier; and forwarding the service request to the first device using the globally unique identifier. - View Dependent Claims (18, 19, 20)
-
Specification