Open enhanced federation security techniques
First Claim
Patent Images
1. A method, comprising:
- receiving a request for an instant messaging connection from a federated client;
determining, by a processor, that the federated client is an untrusted client;
comparing a total request number with a total limit number to generate a threat status indicator value for the untrusted client, the total request number representing a number of unique uniform resource identifiers (URIs) contacted by requests for an instant messaging connection made by the untrusted client, the number of unique URIs comprising both valid and invalid URIs, the total request number formed using a hash table comprising a plurality of buckets, the total request number determined based on a number of buckets to which hash values corresponding to the requests for an instant messaging connection are mapped;
when the threat status indicator value indicates that the total limit number has not been reached, authorizing the request from the untrusted client; and
when the threat status indicator value indicates that the total limit number has been exceeded, associating a threat watch indicator with the untrusted client, adding the untrusted client to a list of suspicious peers based on the threat watch indicator, and performing enhanced security analysis based on behavior of the suspicious peers.
2 Assignments
0 Petitions
Accused Products
Abstract
Techniques to protect from open enhanced federation user enumeration are described. An apparatus may include a network interface operative to establish connections. The access edge server may further include an open enhanced federation (OEF) module communicatively coupled to the network interface. The OEF module may be operative to manage connections between multiple federated networks. In one embodiment, for example, the OEF module may comprise a peer authentication module operative to determine whether a peer making the request is an untrusted peer domain. The OEF module may further comprise a peer tracking module operative to retrieve a total request number and a total limit number associated with the untrusted peer, and compare the total request number with the total limit number to form a threat status indicator value. The OEF module may also comprise a peer authorization module operative to authorize the request based on the threat status indicator value. Other embodiments are described and claimed.
19 Citations
11 Claims
-
1. A method, comprising:
-
receiving a request for an instant messaging connection from a federated client; determining, by a processor, that the federated client is an untrusted client; comparing a total request number with a total limit number to generate a threat status indicator value for the untrusted client, the total request number representing a number of unique uniform resource identifiers (URIs) contacted by requests for an instant messaging connection made by the untrusted client, the number of unique URIs comprising both valid and invalid URIs, the total request number formed using a hash table comprising a plurality of buckets, the total request number determined based on a number of buckets to which hash values corresponding to the requests for an instant messaging connection are mapped; when the threat status indicator value indicates that the total limit number has not been reached, authorizing the request from the untrusted client; and when the threat status indicator value indicates that the total limit number has been exceeded, associating a threat watch indicator with the untrusted client, adding the untrusted client to a list of suspicious peers based on the threat watch indicator, and performing enhanced security analysis based on behavior of the suspicious peers. - View Dependent Claims (2, 3, 4)
-
-
5. An article of manufacture comprising a machine-readable storage medium, wherein the medium is not a signal, containing instructions that if executed enable a system to:
-
receive a request for an instant messaging connection from a federated client;
determine that the federated client is an untrusted client;compare a total request number with a total limit number associated with the untrusted client to generate a threat status indicator value for the untrusted client, the total request number representing a number of unique uniform resource identifiers (URIs) contacted by requests for an instant messaging connection made by the untrusted client, the number of unique URIs comprising both valid and invalid URIs, the total request number formed using a hash table comprising a plurality of buckets, the total request number determined based on a number of buckets to which hash values corresponding to the requests for an instant messaging connection are mapped; when the threat status indicator value indicates that the total limit number has not been reached, authorize the request; and when the threat status indicator value indicates that the total limit number has been exceeded, associate a threat watch indicator with the untrusted client, add the untrusted client to a list of suspicious peers based on the threat watch indicator, and perform enhanced security analysis based on behavior of the suspicious peers. - View Dependent Claims (6, 7, 8)
-
-
9. An apparatus, comprising:
-
a processor; a network interface operative to establish instant messaging connections; an open enhanced federation (OEF) module communicatively coupled to the network interface, the OEF module operable by the processor to manage instant messaging connections between multiple federated clients and multiple federated networks, to maintain a list of suspicious peers, and to perform enhanced security analysis based on behavior of the suspicious peers, the OEF module comprising; a client authentication module operative to determine whether a federated client making the request is an untrusted client; a client tracking module operative to retrieve a total request number and a total limit number associated with the untrusted client, and compare the total request number with the total limit number to form a threat status indicator value, the total request number representing a number of unique uniform resource identifiers (URIs) contacted by requests for an instant messaging connection made by the untrusted client, the number of unique URIs comprising both valid and invalid URIs, the total request number formed using a hash table comprising a plurality of buckets, the total request number determined based on a number of buckets to which hash values corresponding to the requests for an instant messaging connection are mapped; a client authorization module operative to authorize the request when the threat status indicator value indicates that the total limit number has not been reached, and to associate a threat watch indicator with the untrusted client and add the untrusted client to the list of suspicious peers based on the threat watch indicator when the threat status indicator value indicates that the total limit number has been exceeded. - View Dependent Claims (10, 11)
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeMicrosoft Technology Licensing LLC (Microsoft Corporation)
-
Original AssigneeMicrosoft Corporation
-
InventorsBuch, Jeremy T., Trommsdorff, Michael, Undery, James
-
Primary Examiner(s)Zecher, Cordelia
-
Application NumberUS11/821,605Publication NumberTime in Patent Office2,017 DaysField of Search726/4US Class Current726/4CPC Class CodesH04L 51/04 Real-time or near real-time...H04L 51/212 using filtering or selectiv...H04L 63/08 for authentication of entit...H04L 63/10 for controlling access to d...H04L 63/126 the source of the received ...
