Zero configuration communication between a browser and a networked media device

US 9,154,942 B2
Filed: 01/07/2013
Issued: 10/06/2015
Est. Priority Date: 11/26/2008
Status: Active Grant

First Claim

Patent Images

1. A method of a client device comprising:

constraining an executable environment in a security sandbox;

executing a sandboxed application in the executable environment using a processor and a memory; and

automatically instantiating a connection between the sandboxed application and a sandbox reachable service of a networked media device.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method, apparatus and system related to zero configuration communication between a browser and a networked media device are disclosed. In one embodiment, a method of a client device includes constraining an executable environment in a security sandbox, executing a sandboxed application in the executable environment using a processor and a memory, and automatically instantiating a connection between the sandboxed application and a sandbox reachable service of a networked media device. The method may include processing an identification data associated with the sandbox reachable service sharing a public address with the client device. The method may also include determining a private address pair of the sandbox reachable service based on the identification data. Further, the method may include establishing a communication session between the sandboxed application and the sandbox reachable service using a cross-site scripting technique of the security sandbox or appending a header of a hypertext transfer protocol.

722 Citations

51 Claims

1. A method of a client device comprising:
- constraining an executable environment in a security sandbox;
  
  executing a sandboxed application in the executable environment using a processor and a memory; and
  
  automatically instantiating a connection between the sandboxed application and a sandbox reachable service of a networked media device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The method of claim 1 further comprising at least one of:
    - processing an identification data associated with the sandbox reachable service sharing a public address with the client device;
      
      determining a private address pair of the sandbox reachable service based on the identification data; and
      
      establishing a communication session between the sandboxed application and the sandbox reachable service using a cross-site scripting technique of the security sandbox.
  - 3. The method of claim 2 further comprising:
    - appending a header of a hypertext transfer protocol to permit the networked media device to communicate with the sandboxed application as a permitted origin domain through a Cross-origin resource sharing (CORS) algorithm, wherein the header is either one of a origin header when the CORS algorithm is applied and a referrer header in an alternate algorithm.
  - 4. The method of claim 2 further comprising:
    - accessing a pairing server when processing the identification data associated with the sandbox reachable service sharing the public address with the client device,wherein the pairing server performs a discovery lookup of any device that has announced that it shares the public address associated with the client device, andwherein the sandbox reachable service announces itself to the pairing server prior to the establishment of the communication session between the sandboxed application and the sandbox reachable service.
  - 5. The method of claim 4 further comprising at least one of:
    - wherein the sandbox reachable service announces an availability of the sandbox reachable service across a range of public addresses such that the sandboxed application communicates with the sandbox reachable service in any one of the range of the public addresses,wherein the range of public addresses is known by the pairing server so that the announcement of the availability of the sandbox reachable service across the range of public addresses is unnecessary,wherein the sandbox reachable service communicates at least one of a global unique identifier and an alphanumeric name to the pairing server along with the private address pair of the sandbox reachable service, andwherein the private address pair includes a private IP address and a port number associated with the sandbox reachable service.
  - 6. The method of claim 2 further comprising:
    - eliminating a communication through a centralized infrastructure when the sandboxed application and the sandbox reachable service communicate in a shared network common to the client device and the networked media device when the connection is established, wherein the shared network is at least one of a local area network, a multicast network, an anycast network, and a multilan network;
      
      minimizing a latency in the communication session when the sandboxed application and the sandbox reachable service communicate in the shared network common to the client device and the networked media device when the connection is established; and
      
      improving privacy in the communication session when the sandboxed application and the sandbox reachable service communicate in the shared network common to the client device and the networked media device when the connection is established.
  - 7. The method of claim 1 further comprising:
    - wherein the sandboxed application is at least one of a web page, a script, a binary executable, an intermediate bytecode, an abstract syntax tree, and an executable application in the security sandbox,wherein the sandboxed application comprises at least one of a markup language application such as a HyperText Markup Language 5 (HTML5) application, a Javascript®
      
      application, an Adobe®
      
      Flash®
      
      application, a Microsoft®
      
      Silverlight®
      
      application, a JQuery®
      
      application, and an Asynchronous Javascript® and
      
      a XML (AJAX) application, andwherein an access control algorithm governs a policy through which a secondary authentication is required when establishing a communication between the sandboxed application and the networked media device.
  - 8. The method of claim 7 further comprising:
    - utilizing an exception to a same origin policy through a use of at least one of a hyperlink, a form, the script, a frame, a header, and an image when establishing the connection between the sandboxed application and the sandbox reachable service.
  - 9. The method of claim 1 further comprising:
    - extending the security sandbox with a discovery algorithm and a relay algorithm through a discovery module and a relay module added to the security sandbox; and
      
      bypassing a pairing server having the discovery algorithm and the relay algorithm when establishing the connection between the sandboxed application and the sandbox reachable service when the security sandbox is extended with the discovery algorithm and the relay algorithm through the discovery module and the relay module added to the security sandbox.
  - 10. The method of claim 9 further comprising:
    - applying the discovery algorithm of the security sandbox to determine that the networked media device having the sandbox reachable service communicates in a shared network common to the client device and the networked media device; and
      
      applying the relay algorithm of the security sandbox to establish the connection between the sandboxed application and the sandbox reachable service of the networked media device.
  - 11. The method of claim 10:
    - wherein the discovery algorithm utilizes a protocol comprising at least one of a Bonjour®
      
      protocol, a SSDP protocol, a LSD uTorrent®
      
      protocol, a multicast protocol, an anycast protocol, and another Local Area Network (LAN) based protocol that discovers services in a LAN based on a broadcast from any one of an operating system service, the security sandbox, the client device, the sandbox reachable service, and the networked media device.
  - 12. The method of claim 1:
    - wherein a cookie associated with the security sandbox is used to store a remote access token on a storage of the client device,wherein the remote access token identifies at least one of a set of communicable private Internet Protocol (IP) addresses and hardware addresses associated with sandbox reachable services that previously operated on a common shared network with the client device, andwherein the client device can communicate with the sandbox reachable services that previously operated on the common shared network through the remote access token.
  - 13. The method of claim 1:
    - wherein the client device and the networked media device reside on networks that are incommunicable with each other comprising at least one of a firewall separation, a different network separation, a physical separation, an unreachable connection separation, andwherein the sandboxed application of the security sandbox of the client device and the sandbox reachable service of the networked media device communicate with each other through a relay service employed by a pairing server having a discovery module and a relay module to facilitate a trusted communication between the sandboxed application and the sandbox reachable service.
  - 14. The method of claim 13:
    - wherein the trusted communication is facilitated in a manner such that the sandboxed application never learns at least one of a private IP address and a hardware address of the networked media device when;
      
      a first Network Address Translator (NAT) device coupled with a network on which the client device operates to receive communications from a public IP address of a different network on which the sandbox reachable service operates, andwherein a second NAT device coupled with the different network on which the networked media device operates to translate the private IP address of the networked media device to the public IP address visible to the sandboxed application.
  - 15. The method of claim 14:
    - wherein the networked media device comprises a plurality of sandbox reachable applications including the sandbox reachable application, and wherein a service agent module of the networked media device coordinates communications with the discovery module of at least one of the security sandbox and the pairing server,wherein the security sandbox is at least one of an operating system on which the sandboxed application is hosted and a browser application of the operating system, andwherein the networked media device is at least one of a television, a projection screen, a multimedia display, a touchscreen display, an audio device, and a multidimensional visual presentation device.
  - 16. The method of claim 15 further comprising:
    - utilizing at least one of a WebSocket and a long polling service message query interface to reduce a latency of message delivery during the trusted communication between the sandboxed application and the sandbox reachable service; and
      
      optimizing a polling period between polling such that it is less than a timeout period of a session through the relay service.
  - 17. The method of claim 16 further comprising:
    - initiating the relay service through at least one of a series of web pages where information is communicated using hyperlinks that point at the pairing server, and a form having a confirmation dialog that is submitted back to the pairing server, andwherein a global unique identifier is masked through the pairing server when the confirmation dialog is served from the pairing server.

18. A method of a networked device comprising:
- announcing a sandbox reachable service of the networked device to a discovery module using a processor and memory; and
  
  automatically instantiating a communication between the sandbox reachable service of the networked device and a client device when a relay module sends a request from a sandboxed application of the client device to the sandbox reachable service.
- View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34)
- - 19. The method of claim 18 wherein the client device to operate in at least one manner such that the client device:
    - to process an identification data associated with the sandbox reachable service sharing a public address with the client device;
      
      to determine a private address pair of the sandbox reachable service based on the identification data; and
      
      to establish a communication session between the sandboxed application and the sandbox reachable service using a cross-site scripting technique of a security sandbox.
  - 20. The method of claim 19 further comprising:
    - appending a header of a hypertext transfer protocol to permit the networked device to communicate with the sandboxed application as a permitted origin domain through a Cross-origin resource sharing (CORS) algorithm, wherein the header is either one of a origin header when the CORS algorithm is applied and a referrer header in an alternate algorithm.
  - 21. The method of claim 19 wherein the client device:
    - to access a pairing server when processing the identification data associated with the sandbox reachable service sharing the public address with the client device,wherein the pairing server performs a discovery lookup of any devices that have announced that they share the public address associated with the client device, andwherein the sandbox reachable service announces itself to the pairing server prior to the establishment of the communication session between the sandboxed application and the sandbox reachable service.
  - 22. The method of claim 21 further comprising at least one of:
    - announcing an availability of the sandbox reachable service across a range of public addresses such that the sandboxed application communicates with the sandbox reachable service in any one of the range of the public addresses; and
      
      communicating at least one of a global unique identifier, a hardware address, and an alphanumeric name to the pairing server along with the private address pair of the sandbox reachable service, andwherein the private address pair includes a private IP address and a port number associated with the sandbox reachable service.
  - 23. The method of claim 19 further comprising:
    - eliminating a communication through a centralized infrastructure when the sandboxed application and the sandbox reachable service communicate in a shared network common to the client device and the networked device when the communication is established, wherein the shared network is at least one of a local area network, a multicast network, an anycast network, and a multilan network;
      
      minimizing a latency in the communication session when the sandboxed application and the sandbox reachable service communicate in the shared network common to the client device and the networked device when the communication is established; and
      
      improving privacy in the communication session when the sandboxed application and the sandbox reachable service communicate in the shared network common to the client device and the networked device when the communication is established.
  - 24. The method of claim 18:
    - wherein the sandboxed application is at least one of a web page, a script, a binary executable, an intermediate bytecode, an abstract syntax tree, and an executable application in a security sandbox,wherein the sandboxed application comprises at least one of a markup language application such as a HyperText Markup Language 5 (HTML5) application, a Javascript®
      
      application, an Adobe®
      
      Flash®
      
      application, a Microsoft®
      
      Silverlight®
      
      application, a JQuery®
      
      application, and an Asynchronous Javascript® and
      
      a XML (AJAX) application, andwherein an access control algorithm governs a policy through which a secondary authentication is required when establishing a communication between the sandboxed application and the networked device.
  - 25. The method of claim 24 wherein the client device:
    - to utilize an exception to a same origin policy through a use of at least one of a hyperlink, a form, the script, a frame, a header, and an image when establishing the communication between the sandboxed application and the sandbox reachable service.
  - 26. The method of claim 18 wherein the client device:
    - to extend a security sandbox with a discovery algorithm and a relay algorithm through the discovery module and the relay module added to the security sandbox; and
      
      to bypass a pairing server having the discovery algorithm and the relay algorithm when establishing the communication between the sandboxed application and the sandbox reachable service when the security is extended with the discovery algorithm and the relay algorithm through the discovery module and the relay module added to the security sandbox.
  - 27. The method of claim 26 wherein the client device:
    - to apply the discovery algorithm of the security sandbox to determine that the networked device having the sandbox reachable service communicates in a shared network common to the client device and the networked device; and
      
      to apply the relay algorithm of the security sandbox to establish the communication between the sandboxed application and the sandbox reachable service of the networked device.
  - 28. The method of claim 27:
    - wherein the discovery algorithm utilizes a protocol comprising at least one of a Bonjour®
      
      protocol, a SSDP protocol, a LSD uTorrent®
      
      protocol, a multicast protocol, an anycast protocol, and another Local Area Network (LAN) based protocol that discovers services in a LAN based on a broadcast from any one of an operating system service, the security sandbox, the client device, the sandbox reachable service, and the networked device.
  - 29. The method of claim 28:
    - wherein a cookie associated with the security sandbox is used to store a remote access token on a storage of the client device,wherein the remote access token identifies at least one of a set of communicable private Internet Protocol (IP) addresses and hardware addresses associated with sandbox reachable services that previously operated on a common shared network with the client device, andwherein the client device can communicate with the sandbox reachable services that previously operated on the common shared network through the remote access token.
  - 30. The method of claim 29:
    - wherein the client device and the networked device reside on networks that are incommunicable with each other comprising at least one of a firewall separation, a different network separation, a physical separation, an unreachable connection separation, andwherein the sandboxed application of the security sandbox of the client device and the sandbox reachable service of the networked device communicate with each other through a relay service employed by the pairing server having the discovery module and the relay module to facilitate a trusted communication between the sandboxed application and the sandbox reachable service.
  - 31. The method of claim 30:
    - wherein the trusted communication is facilitated in a manner such that the sandboxed application never learns at least one of a private IP address and a hardware address of the networked device when;
      
      a first Network Address Translator (NAT) device coupled with a network on which the client device operates to receives communications from a public IP address of a different network on which the sandbox reachable service operates, andwherein a second NAT device coupled with the different network on which the networked device operates to translates the private IP address of the networked device to the public IP address visible to the sandboxed application.
  - 32. The method of claim 31:
    - wherein the networked device comprises a plurality of sandbox reachable applications including the sandbox reachable application, and wherein a service agent module of the networked device coordinates communications with the discovery module of at least one of the security sandbox and the pairing server,wherein the security sandbox is at least one of an operating system on which the sandboxed application is hosted and a browser application of the operating system, andwherein the networked device is at least one of a television, a projection screen, a multimedia display, a touchscreen display, an audio device, a weather measurement device, a traffic monitoring device, a status update device, a global positioning device, a geospatial estimation device, a tracking device, a bidirectional communication device, a unicast device, a broadcast device, and a multidimensional visual presentation device.
  - 33. The method of claim 32 wherein the client device:
    - to utilize at least one of a WebSocket and a long polling service message query interface to reduce a latency of message delivery during the trusted communication between the sandboxed application and the sandbox reachable service; and
      
      to optimize a polling period between polling such that it is less than a timeout period of a session through the relay service.
  - 34. The method of claim 33 wherein the client device:
    - to initiate the relay service through at least one of a series of web pages where information is communicated using hyperlinks that point at the pairing server, and a form having a confirmation dialog that is submitted back to the pairing server, andwherein a global unique identifier is masked through the pairing server when the confirmation dialog is served from the pairing server.

35. A system comprising:
- a networked device to announce a sandbox reachable service of the networked device to a discovery module using a processor and memory; and
  
  a client device to constrain an executable environment in a security sandbox, to execute a sandboxed application in the security sandbox, and to automatically instantiate a connection between the sandboxed application and the sandbox reachable service of the networked device.
- View Dependent Claims (36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51)
- - 36. The system of claim 35 wherein the client device:
    - to process an identification data associated with the sandbox reachable service sharing a public address with the client device;
      
      to determine a private address pair of the sandbox reachable service based on the identification data; and
      
      to establish a communication session between the sandboxed application and the sandbox reachable service using a cross-site scripting technique of the security sandbox.
  - 37. The system of claim 36:
    - wherein the communication session is established by appending a header of a hypertext transfer protocol to permit the networked device to communicate with the sandboxed application as a permitted origin domain through a Cross-origin resource sharing (CORS) algorithm, wherein the header is either one of a origin header when the CORS algorithm is applied and a referrer header in an alternate algorithm.
  - 38. The system of claim 36 wherein the client device:
    - to access a pairing server when processing the identification data associated with the sandbox reachable service sharing the public address with the client device,wherein the pairing server performs a discovery lookup of any device that have announced that they share the public address associated with the client device, andwherein the sandbox reachable service announces itself to the pairing server prior to the establishment of the communication session between the sandboxed application and the sandbox reachable service.
  - 39. The system of claim 38 wherein the networked device to at least one of:
    - announce an availability of the sandbox reachable service across a range of public addresses such that the sandboxed application communicates with the sandbox reachable service in any one of the range of the public addresses,communicate at least one of a global unique identifier and an alphanumeric name to the pairing server along with at least one of a hardware address associated with the networked device, a public address pair associated with a sandbox reachable service of the networked device, and a private address pair associated with the sandbox reachable service of the networked device, andwherein the private address pair includes a private IP address and a port number associated with the sandbox reachable service.
  - 40. The system of claim 39 wherein the client device:
    - to eliminate a communication through a centralized infrastructure when the sandboxed application and the sandbox reachable service communicate in a shared network common to the client device and the networked device when the connection is established, wherein the shared network is at least one of a local area network, a multicast network, an anycast network, and a multilan network;
      
      to minimize a latency in the communication session when the sandboxed application and the sandbox reachable service communicate in the shared network common to the client device and the networked device when the connection is established; and
      
      to improve privacy in the communication session when the sandboxed application and the sandbox reachable service communicate in the shared network common to the client device and the networked device when the connection is established.
  - 41. The system of claim 35:
    - wherein the sandboxed application is at least one of a web page, a script, a binary executable, an intermediate bytecode, an abstract syntax tree, and an executable application in the security sandbox,wherein the sandboxed application comprises at least one of a markup language application such as a HyperText Markup Language 5 (HTML5) application, a Javascript®
      
      application, an Adobe®
      
      Flash®
      
      application, a Microsoft®
      
      Silverlight®
      
      application, a JQuery®
      
      application, and an Asynchronous Javascript® and
      
      a XML (AJAX) application, andwherein an access control algorithm governs a policy through which a secondary authentication is required when establishing a communication between the sandboxed application and the networked device.
  - 42. The system of claim 41 wherein the client device:
    - to utilize an exception to a same origin policy through a use of at least one of a hyperlink, a form, the script, a frame, a header, and an image when establishing the connection between the sandboxed application and the sandbox reachable service.
  - 43. The system of claim 35 wherein the client device:
    - to extend the security sandbox with a discovery algorithm and a relay algorithm through the discovery module and a relay module added to the security sandbox, andto bypass a pairing server having the discovery algorithm and the relay algorithm when establishing the connection between the sandboxed application and the sandbox reachable service when the security is extended with the discovery algorithm and the relay algorithm through the discovery module and the relay module added to the security sandbox.
  - 44. The system of claim 43 wherein the client device:
    - to apply the discovery algorithm of the security sandbox to determine that the networked device having the sandbox reachable service communicates in a shared network common to the client device and the networked device, andto apply the relay algorithm of the security sandbox to establish the connection between the sandboxed application and the sandbox reachable service of the networked device.
  - 45. The system of claim 44:
    - wherein the discovery algorithm utilizes a protocol comprising at least one of a Bonjour®
      
      protocol, a SSDP protocol, a LSD uTorrent®
      
      protocol, a multicast protocol, an anycast protocol, and another Local Area Network (LAN) based protocol that discovers services in a LAN based on a broadcast from any one of an operating system service, the security sandbox, the client device, the sandbox reachable service, and the networked device.
  - 46. The system of claim 45:
    - wherein a cookie associated with the security sandbox is used to store a remote access token on a storage of the client device,wherein the remote access token identifies at least one of a set of communicable private Internet Protocol (IP) addresses and hardware addresses associated with sandbox reachable services that previously operated on a common shared network with the client device, andwherein the client device can communicate with the sandbox reachable services that previously operated on the common shared network through the remote access token.
  - 47. The system of claim 46:
    - wherein the client device and the networked device reside on networks that are incommunicable with each other comprising at least one of a firewall separation, a different network separation, a physical separation, an unreachable connection separation, andwherein the sandboxed application of the security sandbox of the client device and the sandbox reachable service of the networked device communicate with each other through a relay service employed by the pairing server having the discovery module and the relay module to facilitate a trusted communication between the sandboxed application and the sandbox reachable service.
  - 48. The system of claim 47:
    - wherein the trusted communication is facilitated in a manner such that the sandboxed application never learns at least one of a private IP address and a hardware address of the networked device when;
      
      a first Network Address Translator (NAT) device coupled with a network on which the client device operates to receives communications from a public IP address of a different network on which the sandbox reachable service operates, andwherein a second NAT device coupled with the different network on which the networked device operates to translates the private IP address of the networked device to the public IP address visible to the sandboxed application.
  - 49. The system of claim 48:
    - wherein the networked device comprises a plurality of sandbox reachable applications including the sandbox reachable application, and wherein a service agent module of the networked device coordinates communications with the discovery module of at least one of the security sandbox and the pairing server,wherein the security sandbox is at least one of an operating system on which the sandboxed application is hosted and a browser application of the operating system, andwherein the networked device is at least one of a television, a projection screen, a multimedia display, a touchscreen display, an audio device, a weather measurement device, a traffic monitoring device, a status update device, a global positioning device, a geospatial estimation device, a tracking device, a bidirectional communication device, a unicast device, a broadcast device, and a multidimensional visual presentation device.
  - 50. The system of claim 49 wherein the client device:
    - to utilize at least one of a WebSocket and a long polling service message query interface to reduce a latency of message delivery during the trusted communication between the sandboxed application and the sandbox reachable service, andto optimize a polling period between polling such that it is less than a timeout period of a session through the relay service.
  - 51. The system of claim 50 wherein the client device:
    - to initiate the relay service through at least one of a series of web pages where information is communicated using hyperlinks that point at the pairing server, and a form having a confirmation dialog that is submitted back to the pairing server, andwherein a global unique identifier is masked through the pairing server when the confirmation dialog is served from the pairing server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Free Stream Media Corporation
Original Assignee
Free Stream Media Corporation
Inventors
Harrison, David, Brittenson, Jan, Kailash, Karthik
Primary Examiner(s)
Smithers, Matthew

Application Number

US13/736,031
Publication Number

US 20140195690A1
Time in Patent Office

1,002 Days
Field of Search

709/228, 709/208, 726/1, 726/11
US Class Current

1/1
CPC Class Codes

G06F 15/16   Combinations of two or more...

G06F 21/123   by using dedicated hardware...

G06F 21/34   involving the use of extern...

G06F 21/53   by executing in a restricte...

H04L 12/189   in combination with wireles...

H04L 47/806   Broadcast or multicast traffic

H04L 49/201   Multicast operation; Broadc...

H04L 63/10   for controlling access to d...

H04L 65/60   Network streaming of media ...

H04L 65/611   for multicast or broadcast ...

H04L 67/02   based on web technology, e....

H04L 67/10   in which an application is ...

H04L 67/125   involving control of end-de...

H04L 67/141   Setup of application sessio...

H04W 8/24   Transfer of terminal data

Zero configuration communication between a browser and a networked media device

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

722 Citations

51 Claims

Specification

Solutions

Use Cases

Quick Links

Zero configuration communication between a browser and a networked media device

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

722 Citations

51 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links