Zero configuration communication between a browser and a networked media device
First Claim
1. A method of a client device comprising:
- constraining an executable environment in a security sandbox;
executing a sandboxed application in the executable environment using a processor and a memory; and
automatically instantiating a connection between the sandboxed application and a sandbox reachable service of a networked media device.
2 Assignments
0 Petitions
Accused Products
Abstract
A method, apparatus and system related to zero configuration communication between a browser and a networked media device are disclosed. In one embodiment, a method of a client device includes constraining an executable environment in a security sandbox, executing a sandboxed application in the executable environment using a processor and a memory, and automatically instantiating a connection between the sandboxed application and a sandbox reachable service of a networked media device. The method may include processing an identification data associated with the sandbox reachable service sharing a public address with the client device. The method may also include determining a private address pair of the sandbox reachable service based on the identification data. Further, the method may include establishing a communication session between the sandboxed application and the sandbox reachable service using a cross-site scripting technique of the security sandbox or appending a header of a hypertext transfer protocol.
722 Citations
51 Claims
-
1. A method of a client device comprising:
-
constraining an executable environment in a security sandbox; executing a sandboxed application in the executable environment using a processor and a memory; and automatically instantiating a connection between the sandboxed application and a sandbox reachable service of a networked media device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
2. The method of claim 1 further comprising at least one of:
-
processing an identification data associated with the sandbox reachable service sharing a public address with the client device; determining a private address pair of the sandbox reachable service based on the identification data; and establishing a communication session between the sandboxed application and the sandbox reachable service using a cross-site scripting technique of the security sandbox.
-
-
3. The method of claim 2 further comprising:
appending a header of a hypertext transfer protocol to permit the networked media device to communicate with the sandboxed application as a permitted origin domain through a Cross-origin resource sharing (CORS) algorithm, wherein the header is either one of a origin header when the CORS algorithm is applied and a referrer header in an alternate algorithm.
-
4. The method of claim 2 further comprising:
accessing a pairing server when processing the identification data associated with the sandbox reachable service sharing the public address with the client device, wherein the pairing server performs a discovery lookup of any device that has announced that it shares the public address associated with the client device, and wherein the sandbox reachable service announces itself to the pairing server prior to the establishment of the communication session between the sandboxed application and the sandbox reachable service.
-
5. The method of claim 4 further comprising at least one of:
-
wherein the sandbox reachable service announces an availability of the sandbox reachable service across a range of public addresses such that the sandboxed application communicates with the sandbox reachable service in any one of the range of the public addresses, wherein the range of public addresses is known by the pairing server so that the announcement of the availability of the sandbox reachable service across the range of public addresses is unnecessary, wherein the sandbox reachable service communicates at least one of a global unique identifier and an alphanumeric name to the pairing server along with the private address pair of the sandbox reachable service, and wherein the private address pair includes a private IP address and a port number associated with the sandbox reachable service.
-
-
6. The method of claim 2 further comprising:
-
eliminating a communication through a centralized infrastructure when the sandboxed application and the sandbox reachable service communicate in a shared network common to the client device and the networked media device when the connection is established, wherein the shared network is at least one of a local area network, a multicast network, an anycast network, and a multilan network; minimizing a latency in the communication session when the sandboxed application and the sandbox reachable service communicate in the shared network common to the client device and the networked media device when the connection is established; and improving privacy in the communication session when the sandboxed application and the sandbox reachable service communicate in the shared network common to the client device and the networked media device when the connection is established.
-
-
7. The method of claim 1 further comprising:
-
wherein the sandboxed application is at least one of a web page, a script, a binary executable, an intermediate bytecode, an abstract syntax tree, and an executable application in the security sandbox, wherein the sandboxed application comprises at least one of a markup language application such as a HyperText Markup Language 5 (HTML5) application, a Javascript®
application, an Adobe®
Flash®
application, a Microsoft®
Silverlight®
application, a JQuery®
application, and an Asynchronous Javascript® and
a XML (AJAX) application, andwherein an access control algorithm governs a policy through which a secondary authentication is required when establishing a communication between the sandboxed application and the networked media device.
-
-
8. The method of claim 7 further comprising:
utilizing an exception to a same origin policy through a use of at least one of a hyperlink, a form, the script, a frame, a header, and an image when establishing the connection between the sandboxed application and the sandbox reachable service.
-
9. The method of claim 1 further comprising:
-
extending the security sandbox with a discovery algorithm and a relay algorithm through a discovery module and a relay module added to the security sandbox; and bypassing a pairing server having the discovery algorithm and the relay algorithm when establishing the connection between the sandboxed application and the sandbox reachable service when the security sandbox is extended with the discovery algorithm and the relay algorithm through the discovery module and the relay module added to the security sandbox.
-
-
10. The method of claim 9 further comprising:
-
applying the discovery algorithm of the security sandbox to determine that the networked media device having the sandbox reachable service communicates in a shared network common to the client device and the networked media device; and applying the relay algorithm of the security sandbox to establish the connection between the sandboxed application and the sandbox reachable service of the networked media device.
-
-
11. The method of claim 10:
wherein the discovery algorithm utilizes a protocol comprising at least one of a Bonjour®
protocol, a SSDP protocol, a LSD uTorrent®
protocol, a multicast protocol, an anycast protocol, and another Local Area Network (LAN) based protocol that discovers services in a LAN based on a broadcast from any one of an operating system service, the security sandbox, the client device, the sandbox reachable service, and the networked media device.
-
12. The method of claim 1:
-
wherein a cookie associated with the security sandbox is used to store a remote access token on a storage of the client device, wherein the remote access token identifies at least one of a set of communicable private Internet Protocol (IP) addresses and hardware addresses associated with sandbox reachable services that previously operated on a common shared network with the client device, and wherein the client device can communicate with the sandbox reachable services that previously operated on the common shared network through the remote access token.
-
-
13. The method of claim 1:
-
wherein the client device and the networked media device reside on networks that are incommunicable with each other comprising at least one of a firewall separation, a different network separation, a physical separation, an unreachable connection separation, and wherein the sandboxed application of the security sandbox of the client device and the sandbox reachable service of the networked media device communicate with each other through a relay service employed by a pairing server having a discovery module and a relay module to facilitate a trusted communication between the sandboxed application and the sandbox reachable service.
-
-
14. The method of claim 13:
-
wherein the trusted communication is facilitated in a manner such that the sandboxed application never learns at least one of a private IP address and a hardware address of the networked media device when; a first Network Address Translator (NAT) device coupled with a network on which the client device operates to receive communications from a public IP address of a different network on which the sandbox reachable service operates, and wherein a second NAT device coupled with the different network on which the networked media device operates to translate the private IP address of the networked media device to the public IP address visible to the sandboxed application.
-
-
15. The method of claim 14:
-
wherein the networked media device comprises a plurality of sandbox reachable applications including the sandbox reachable application, and wherein a service agent module of the networked media device coordinates communications with the discovery module of at least one of the security sandbox and the pairing server, wherein the security sandbox is at least one of an operating system on which the sandboxed application is hosted and a browser application of the operating system, and wherein the networked media device is at least one of a television, a projection screen, a multimedia display, a touchscreen display, an audio device, and a multidimensional visual presentation device.
-
-
16. The method of claim 15 further comprising:
-
utilizing at least one of a WebSocket and a long polling service message query interface to reduce a latency of message delivery during the trusted communication between the sandboxed application and the sandbox reachable service; and optimizing a polling period between polling such that it is less than a timeout period of a session through the relay service.
-
-
17. The method of claim 16 further comprising:
-
initiating the relay service through at least one of a series of web pages where information is communicated using hyperlinks that point at the pairing server, and a form having a confirmation dialog that is submitted back to the pairing server, and wherein a global unique identifier is masked through the pairing server when the confirmation dialog is served from the pairing server.
-
-
2. The method of claim 1 further comprising at least one of:
-
-
18. A method of a networked device comprising:
-
announcing a sandbox reachable service of the networked device to a discovery module using a processor and memory; and automatically instantiating a communication between the sandbox reachable service of the networked device and a client device when a relay module sends a request from a sandboxed application of the client device to the sandbox reachable service. - View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34)
-
19. The method of claim 18 wherein the client device to operate in at least one manner such that the client device:
-
to process an identification data associated with the sandbox reachable service sharing a public address with the client device; to determine a private address pair of the sandbox reachable service based on the identification data; and to establish a communication session between the sandboxed application and the sandbox reachable service using a cross-site scripting technique of a security sandbox.
-
-
20. The method of claim 19 further comprising:
appending a header of a hypertext transfer protocol to permit the networked device to communicate with the sandboxed application as a permitted origin domain through a Cross-origin resource sharing (CORS) algorithm, wherein the header is either one of a origin header when the CORS algorithm is applied and a referrer header in an alternate algorithm.
-
21. The method of claim 19 wherein the client device:
to access a pairing server when processing the identification data associated with the sandbox reachable service sharing the public address with the client device, wherein the pairing server performs a discovery lookup of any devices that have announced that they share the public address associated with the client device, and wherein the sandbox reachable service announces itself to the pairing server prior to the establishment of the communication session between the sandboxed application and the sandbox reachable service.
-
22. The method of claim 21 further comprising at least one of:
-
announcing an availability of the sandbox reachable service across a range of public addresses such that the sandboxed application communicates with the sandbox reachable service in any one of the range of the public addresses; and communicating at least one of a global unique identifier, a hardware address, and an alphanumeric name to the pairing server along with the private address pair of the sandbox reachable service, and wherein the private address pair includes a private IP address and a port number associated with the sandbox reachable service.
-
-
23. The method of claim 19 further comprising:
-
eliminating a communication through a centralized infrastructure when the sandboxed application and the sandbox reachable service communicate in a shared network common to the client device and the networked device when the communication is established, wherein the shared network is at least one of a local area network, a multicast network, an anycast network, and a multilan network; minimizing a latency in the communication session when the sandboxed application and the sandbox reachable service communicate in the shared network common to the client device and the networked device when the communication is established; and improving privacy in the communication session when the sandboxed application and the sandbox reachable service communicate in the shared network common to the client device and the networked device when the communication is established.
-
-
24. The method of claim 18:
-
wherein the sandboxed application is at least one of a web page, a script, a binary executable, an intermediate bytecode, an abstract syntax tree, and an executable application in a security sandbox, wherein the sandboxed application comprises at least one of a markup language application such as a HyperText Markup Language 5 (HTML5) application, a Javascript®
application, an Adobe®
Flash®
application, a Microsoft®
Silverlight®
application, a JQuery®
application, and an Asynchronous Javascript® and
a XML (AJAX) application, andwherein an access control algorithm governs a policy through which a secondary authentication is required when establishing a communication between the sandboxed application and the networked device.
-
-
25. The method of claim 24 wherein the client device:
to utilize an exception to a same origin policy through a use of at least one of a hyperlink, a form, the script, a frame, a header, and an image when establishing the communication between the sandboxed application and the sandbox reachable service.
-
26. The method of claim 18 wherein the client device:
-
to extend a security sandbox with a discovery algorithm and a relay algorithm through the discovery module and the relay module added to the security sandbox; and to bypass a pairing server having the discovery algorithm and the relay algorithm when establishing the communication between the sandboxed application and the sandbox reachable service when the security is extended with the discovery algorithm and the relay algorithm through the discovery module and the relay module added to the security sandbox.
-
-
27. The method of claim 26 wherein the client device:
-
to apply the discovery algorithm of the security sandbox to determine that the networked device having the sandbox reachable service communicates in a shared network common to the client device and the networked device; and to apply the relay algorithm of the security sandbox to establish the communication between the sandboxed application and the sandbox reachable service of the networked device.
-
-
28. The method of claim 27:
wherein the discovery algorithm utilizes a protocol comprising at least one of a Bonjour®
protocol, a SSDP protocol, a LSD uTorrent®
protocol, a multicast protocol, an anycast protocol, and another Local Area Network (LAN) based protocol that discovers services in a LAN based on a broadcast from any one of an operating system service, the security sandbox, the client device, the sandbox reachable service, and the networked device.
-
29. The method of claim 28:
-
wherein a cookie associated with the security sandbox is used to store a remote access token on a storage of the client device, wherein the remote access token identifies at least one of a set of communicable private Internet Protocol (IP) addresses and hardware addresses associated with sandbox reachable services that previously operated on a common shared network with the client device, and wherein the client device can communicate with the sandbox reachable services that previously operated on the common shared network through the remote access token.
-
-
30. The method of claim 29:
-
wherein the client device and the networked device reside on networks that are incommunicable with each other comprising at least one of a firewall separation, a different network separation, a physical separation, an unreachable connection separation, and wherein the sandboxed application of the security sandbox of the client device and the sandbox reachable service of the networked device communicate with each other through a relay service employed by the pairing server having the discovery module and the relay module to facilitate a trusted communication between the sandboxed application and the sandbox reachable service.
-
-
31. The method of claim 30:
wherein the trusted communication is facilitated in a manner such that the sandboxed application never learns at least one of a private IP address and a hardware address of the networked device when; a first Network Address Translator (NAT) device coupled with a network on which the client device operates to receives communications from a public IP address of a different network on which the sandbox reachable service operates, and wherein a second NAT device coupled with the different network on which the networked device operates to translates the private IP address of the networked device to the public IP address visible to the sandboxed application.
-
32. The method of claim 31:
-
wherein the networked device comprises a plurality of sandbox reachable applications including the sandbox reachable application, and wherein a service agent module of the networked device coordinates communications with the discovery module of at least one of the security sandbox and the pairing server, wherein the security sandbox is at least one of an operating system on which the sandboxed application is hosted and a browser application of the operating system, and wherein the networked device is at least one of a television, a projection screen, a multimedia display, a touchscreen display, an audio device, a weather measurement device, a traffic monitoring device, a status update device, a global positioning device, a geospatial estimation device, a tracking device, a bidirectional communication device, a unicast device, a broadcast device, and a multidimensional visual presentation device.
-
-
33. The method of claim 32 wherein the client device:
-
to utilize at least one of a WebSocket and a long polling service message query interface to reduce a latency of message delivery during the trusted communication between the sandboxed application and the sandbox reachable service; and to optimize a polling period between polling such that it is less than a timeout period of a session through the relay service.
-
-
34. The method of claim 33 wherein the client device:
-
to initiate the relay service through at least one of a series of web pages where information is communicated using hyperlinks that point at the pairing server, and a form having a confirmation dialog that is submitted back to the pairing server, and wherein a global unique identifier is masked through the pairing server when the confirmation dialog is served from the pairing server.
-
-
19. The method of claim 18 wherein the client device to operate in at least one manner such that the client device:
-
-
35. A system comprising:
-
a networked device to announce a sandbox reachable service of the networked device to a discovery module using a processor and memory; and a client device to constrain an executable environment in a security sandbox, to execute a sandboxed application in the security sandbox, and to automatically instantiate a connection between the sandboxed application and the sandbox reachable service of the networked device. - View Dependent Claims (36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51)
-
36. The system of claim 35 wherein the client device:
-
to process an identification data associated with the sandbox reachable service sharing a public address with the client device; to determine a private address pair of the sandbox reachable service based on the identification data; and to establish a communication session between the sandboxed application and the sandbox reachable service using a cross-site scripting technique of the security sandbox.
-
-
37. The system of claim 36:
wherein the communication session is established by appending a header of a hypertext transfer protocol to permit the networked device to communicate with the sandboxed application as a permitted origin domain through a Cross-origin resource sharing (CORS) algorithm, wherein the header is either one of a origin header when the CORS algorithm is applied and a referrer header in an alternate algorithm.
-
38. The system of claim 36 wherein the client device:
to access a pairing server when processing the identification data associated with the sandbox reachable service sharing the public address with the client device, wherein the pairing server performs a discovery lookup of any device that have announced that they share the public address associated with the client device, and wherein the sandbox reachable service announces itself to the pairing server prior to the establishment of the communication session between the sandboxed application and the sandbox reachable service.
-
39. The system of claim 38 wherein the networked device to at least one of:
-
announce an availability of the sandbox reachable service across a range of public addresses such that the sandboxed application communicates with the sandbox reachable service in any one of the range of the public addresses, communicate at least one of a global unique identifier and an alphanumeric name to the pairing server along with at least one of a hardware address associated with the networked device, a public address pair associated with a sandbox reachable service of the networked device, and a private address pair associated with the sandbox reachable service of the networked device, and wherein the private address pair includes a private IP address and a port number associated with the sandbox reachable service.
-
-
40. The system of claim 39 wherein the client device:
-
to eliminate a communication through a centralized infrastructure when the sandboxed application and the sandbox reachable service communicate in a shared network common to the client device and the networked device when the connection is established, wherein the shared network is at least one of a local area network, a multicast network, an anycast network, and a multilan network; to minimize a latency in the communication session when the sandboxed application and the sandbox reachable service communicate in the shared network common to the client device and the networked device when the connection is established; and to improve privacy in the communication session when the sandboxed application and the sandbox reachable service communicate in the shared network common to the client device and the networked device when the connection is established.
-
-
41. The system of claim 35:
-
wherein the sandboxed application is at least one of a web page, a script, a binary executable, an intermediate bytecode, an abstract syntax tree, and an executable application in the security sandbox, wherein the sandboxed application comprises at least one of a markup language application such as a HyperText Markup Language 5 (HTML5) application, a Javascript®
application, an Adobe®
Flash®
application, a Microsoft®
Silverlight®
application, a JQuery®
application, and an Asynchronous Javascript® and
a XML (AJAX) application, andwherein an access control algorithm governs a policy through which a secondary authentication is required when establishing a communication between the sandboxed application and the networked device.
-
-
42. The system of claim 41 wherein the client device:
to utilize an exception to a same origin policy through a use of at least one of a hyperlink, a form, the script, a frame, a header, and an image when establishing the connection between the sandboxed application and the sandbox reachable service.
-
43. The system of claim 35 wherein the client device:
-
to extend the security sandbox with a discovery algorithm and a relay algorithm through the discovery module and a relay module added to the security sandbox, and to bypass a pairing server having the discovery algorithm and the relay algorithm when establishing the connection between the sandboxed application and the sandbox reachable service when the security is extended with the discovery algorithm and the relay algorithm through the discovery module and the relay module added to the security sandbox.
-
-
44. The system of claim 43 wherein the client device:
-
to apply the discovery algorithm of the security sandbox to determine that the networked device having the sandbox reachable service communicates in a shared network common to the client device and the networked device, and to apply the relay algorithm of the security sandbox to establish the connection between the sandboxed application and the sandbox reachable service of the networked device.
-
-
45. The system of claim 44:
wherein the discovery algorithm utilizes a protocol comprising at least one of a Bonjour®
protocol, a SSDP protocol, a LSD uTorrent®
protocol, a multicast protocol, an anycast protocol, and another Local Area Network (LAN) based protocol that discovers services in a LAN based on a broadcast from any one of an operating system service, the security sandbox, the client device, the sandbox reachable service, and the networked device.
-
46. The system of claim 45:
-
wherein a cookie associated with the security sandbox is used to store a remote access token on a storage of the client device, wherein the remote access token identifies at least one of a set of communicable private Internet Protocol (IP) addresses and hardware addresses associated with sandbox reachable services that previously operated on a common shared network with the client device, and wherein the client device can communicate with the sandbox reachable services that previously operated on the common shared network through the remote access token.
-
-
47. The system of claim 46:
-
wherein the client device and the networked device reside on networks that are incommunicable with each other comprising at least one of a firewall separation, a different network separation, a physical separation, an unreachable connection separation, and wherein the sandboxed application of the security sandbox of the client device and the sandbox reachable service of the networked device communicate with each other through a relay service employed by the pairing server having the discovery module and the relay module to facilitate a trusted communication between the sandboxed application and the sandbox reachable service.
-
-
48. The system of claim 47:
wherein the trusted communication is facilitated in a manner such that the sandboxed application never learns at least one of a private IP address and a hardware address of the networked device when; a first Network Address Translator (NAT) device coupled with a network on which the client device operates to receives communications from a public IP address of a different network on which the sandbox reachable service operates, and wherein a second NAT device coupled with the different network on which the networked device operates to translates the private IP address of the networked device to the public IP address visible to the sandboxed application.
-
49. The system of claim 48:
-
wherein the networked device comprises a plurality of sandbox reachable applications including the sandbox reachable application, and wherein a service agent module of the networked device coordinates communications with the discovery module of at least one of the security sandbox and the pairing server, wherein the security sandbox is at least one of an operating system on which the sandboxed application is hosted and a browser application of the operating system, and wherein the networked device is at least one of a television, a projection screen, a multimedia display, a touchscreen display, an audio device, a weather measurement device, a traffic monitoring device, a status update device, a global positioning device, a geospatial estimation device, a tracking device, a bidirectional communication device, a unicast device, a broadcast device, and a multidimensional visual presentation device.
-
-
50. The system of claim 49 wherein the client device:
-
to utilize at least one of a WebSocket and a long polling service message query interface to reduce a latency of message delivery during the trusted communication between the sandboxed application and the sandbox reachable service, and to optimize a polling period between polling such that it is less than a timeout period of a session through the relay service.
-
-
51. The system of claim 50 wherein the client device:
-
to initiate the relay service through at least one of a series of web pages where information is communicated using hyperlinks that point at the pairing server, and a form having a confirmation dialog that is submitted back to the pairing server, and wherein a global unique identifier is masked through the pairing server when the confirmation dialog is served from the pairing server.
-
-
36. The system of claim 35 wherein the client device:
-
Specification
- Resources
-
Current AssigneeFree Stream Media Corporation
-
Original AssigneeFree Stream Media Corporation
-
InventorsHarrison, David, Brittenson, Jan, Kailash, Karthik
-
Primary Examiner(s)Smithers, Matthew
-
Application NumberUS13/736,031Publication NumberTime in Patent Office1,002 DaysField of Search709/228, 709/208, 726/1, 726/11US Class Current1/1CPC Class CodesG06F 15/16 Combinations of two or more...G06F 21/123 by using dedicated hardware...G06F 21/34 involving the use of extern...G06F 21/53 by executing in a restricte...H04L 12/189 in combination with wireles...H04L 47/806 Broadcast or multicast trafficH04L 49/201 Multicast operation; Broadc...H04L 63/10 for controlling access to d...H04L 65/60 Network streaming of media ...H04L 65/611 for multicast or broadcast ...H04L 67/02 based on web technology, e....H04L 67/10 in which an application is ...H04L 67/125 involving control of end-de...H04L 67/141 Setup of application sessio...H04W 8/24 Transfer of terminal data