Intercepting file transfers in multi-node topologies

US 9,015,330 B2
Filed: 01/11/2010
Issued: 04/21/2015
Est. Priority Date: 01/11/2010
Status: Active Grant

First Claim

Patent Images

1. One or more computer-readable storage devices having stored thereon computer program instructions for intercepting and processing a payload sent from a sending client to a receiving client, the program instructions executable by one or more processors to perform actions including:

a) receiving, at a first intermediate server, a session setup message sent between the sending client and the receiving client in a session setup protocol;

b) inserting identifying information in the session setup message, the identifying information indicating a first server role corresponding to the first intermediate server;

c) receiving the identifying information in the session setup message, receiving from a second intermediate server an indication of a second server role different from the first server role, and determining an intercept server role based on the identifying information, the intercept server role being a role other than a role corresponding to a home server associated with the sending client or the receiving client, wherein determining the intercept server role comprises selecting one of the first server role or the second server role to be the intercepting server role;

d) sending an identification of the intercept server role in a subsequent message; and

e) in response to receiving the subsequent message, processing a payload received in one or more messages of a secondary protocol, and sending the payload to the receiving client.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for intercepting and processing a payload sent between clients. A home server determines the roles that are intermediate to the clients by having intermediate servers insert identity information into a message of a session setup protocol. The home server selects a role to be the intercepting role, and sends a notification and aggregate information to a server of the selected role. A server of the intercepting role intercepts and processes the payload when it is sent between the clients. Payload processing may include content inspection or filtering based on any of a number of factors.

Citations

19 Claims

1. One or more computer-readable storage devices having stored thereon computer program instructions for intercepting and processing a payload sent from a sending client to a receiving client, the program instructions executable by one or more processors to perform actions including:
- a) receiving, at a first intermediate server, a session setup message sent between the sending client and the receiving client in a session setup protocol;
  
  b) inserting identifying information in the session setup message, the identifying information indicating a first server role corresponding to the first intermediate server;
  
  c) receiving the identifying information in the session setup message, receiving from a second intermediate server an indication of a second server role different from the first server role, and determining an intercept server role based on the identifying information, the intercept server role being a role other than a role corresponding to a home server associated with the sending client or the receiving client, wherein determining the intercept server role comprises selecting one of the first server role or the second server role to be the intercepting server role;
  
  d) sending an identification of the intercept server role in a subsequent message; and
  
  e) in response to receiving the subsequent message, processing a payload received in one or more messages of a secondary protocol, and sending the payload to the receiving client.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The one or more computer-readable storage devices of claim 1, the actions further including selectively inserting, at another intermediate server, other identifying information into the session setup message, based on whether the other intermediate server has received the identifying information from the first intermediate server.
  - 3. The one or more computer-readable storage devices of claim 1, the session setup protocol is Session Initiation Protocol (SIP), inserting the identifying information comprising inserting the identifying information in a header field of the session setup message, sending the identification of the intercept server role comprising inserting the identification of the intercept server role in a header field of the subsequent message.
  - 4. The one or more computer-readable storage devices of claim 1, the actions further including selectively inserting, at another intermediate server, other identifying information into the session setup message, based on at least one of a configuration of the other intermediate server, a load of the other intermediate server, or whether the other intermediate server has received the identifying information from the first intermediate server.
  - 5. The one or more computer-readable storage devices of claim 1, the actions further including:
    - a) aggregating information sent between the sending client and receiving client in the session setup protocol, the aggregated information including an address of the sending client, an address of the receiving client, and security data descriptive of a security mechanism to be used for sending the payload; and
      
      b) inserting the aggregated information in the subsequent message.
  - 6. The one or more computer-readable storage devices of claim 1, the actions further including performing content inspection of the payload.
  - 7. The one or more computer-readable storage devices of claim 1, the actions further comprising, at each of two or more intermediate servers, inserting, in the session setup protocol message, role determination information descriptive of at least one of a load of the server role corresponding to the intermediate server or a capability of the server role corresponding to the intermediate server;
    - determining the intercepting server role comprising determining the intercepting server role based on the role determination information of the two or more intermediate servers.
  - 8. The one or more computer-readable storage devices of claim 1, the first intermediate server is stateless with respect to a session setup transaction that includes the session setup protocol message.

9. A computer-based system for processing and forwarding a payload sent from a sending client to a receiving client in a secondary protocol, the system comprising:
- a) a home server that is topologically intermediate between a sending client and a receiving client, the home server receiving client session data descriptive of the sending client, the receiving client, or a session between the sending client and receiving client;
  
  b) one or more intermediate servers that are topologically intermediate between the sending client and receiving client, each intermediate server having a corresponding server role that is different from a server role of the home server;
  
  each of the one or more intermediate servers configured to perform intermediate server actions including;
  
  i. receiving a session setup protocol message sent between the sending client and the receiving client;
  
  ii. inserting, in the session setup protocol message, information identifying the intermediate server role; and
  
  iii. in response to receiving a notification message from the home server, performing payload intercept actions including intercepting the payload sent in the secondary protocol and processing the payload;
  
  the home server configured to perform home server actions including;
  
  i. receiving, from each of the one or more intermediate servers, the information identifying the corresponding intermediate server role;
  
  ii. determining, based on the received information, an intercepting server role; and
  
  iii. sending the notification message in the session setup protocol including notification information indicating the determined intercepting server role.
- View Dependent Claims (10, 11, 12)
- - 10. The computer-based system of claim 9, the home server actions further comprising inserting the client session information in a header of the notification message.
  - 11. The computer-based system of claim 9, the intermediate server actions further comprising inserting, in the session setup protocol message, information descriptive of at least one of a load of the intermediate server role or a capability of the intermediate server role, determining the intercepting server role is based on at least one of the load of the intermediate server role or the capability of the intermediate server role.
  - 12. The computer-based system of claim 9, the system enabling a first server associated with the intercepting server role to insert the information identifying the intermediate server role, and a second server associated with the intercepting server role to perform the payload intercept actions, the first server and the second server being different servers.

13. A computer-based system for intercepting and processing a payload transmitted from a sending client to a receiving client, comprising:
- a) a server having one or more processors;
  
  b) computer program instructions that, when executed by the one or more processors, determine a set of at least two server roles including a first server role and a second server role topologically located between the sending client and the receiving client by employing one or more messages of a session setup protocol, the one or more messages including indications of the at least two server roles, each indication of a server role of the at least two server roles inserted by a corresponding server of the server role;
  
  c) computer program instructions that, when executed by the one or more processors, employ a policy to select one of the first server role or the second server role to be an intercepting server role to intercept and process the payload based on the determined set of at least one server role; and
  
  d) computer program instructions that, when executed by the one or more processors, notify a server of the intercepting server role of the selection by inserting a notification in a message that is not addressed to the server.
- View Dependent Claims (14, 15, 16, 17, 18, 19)
- - 14. The computer-based system of claim 13, further comprising a plurality of servers that each inserts, into one of the one or more messages of the session setup protocol, identifying information that identifies a corresponding server role of the at least two server roles.
  - 15. The computer-based system of claim 13, further comprising means for enabling the server of the intercepting server role to intercept the payload without having received any of the one or more session setup protocol messages employed to determine the set of at least two server roles, the means for enabling including a mechanism employing a different server of the intercepting server role to insert information identifying the intercepting server role in at least one of the one or more messages of the session setup protocol.
  - 16. The computer-based system of claim 13, the intercepting server role is selectively determined to be a director role and selectively determined to be an edge role, based on information received in the one or more messages.
  - 17. The computer-based system of claim 13, further comprising a server programmed to perform actions including selectively inserting into the one or more messages of the session setup protocol, identification information, based on whether a previous server role has inserted identification information into the one or more messages.
  - 18. The computer-based system of claim 13, further comprising a server that inserts, into a subsequent message of the session setup protocol, notification information including an identification of the selected intercepting server role, the subsequent message sent from the receiving client to the sending client.
  - 19. The computer-based system of claim 13, further comprising a server that, in response to receiving the notification information:
    - downloads the payload from the sending client;
      
      performs at least one of content inspection or filtering of the payload; and
      
      forwards the payload to the receiving client.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Inventors
Shah, Shrey
Primary Examiner(s)
RECEK, JASON D

Application Number

US12/684,990
Publication Number

US 20110173334A1
Time in Patent Office

1,926 Days
Field of Search

709/224, 709/228
US Class Current

709/228
CPC Class Codes

H04L 67/01   Protocols

H04L 67/10   in which an application is ...

H04L 67/141   Setup of application sessio...

H04L 67/288   Distributed intermediate de...

Intercepting file transfers in multi-node topologies

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Intercepting file transfers in multi-node topologies

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links