최소 단어 이상 선택하여야 합니다.
최대 10 단어까지만 선택 가능합니다.
다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
NTIS 바로가기다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
DataON 바로가기다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
Edison 바로가기다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
Kafe 바로가기국가/구분 | United States(US) Patent 등록 |
---|---|
국제특허분류(IPC7판) |
|
출원번호 | US-0967364 (2013-08-15) |
등록번호 | US-9706265 (2017-07-11) |
발명자 / 주소 |
|
출원인 / 주소 |
|
대리인 / 주소 |
|
인용정보 | 피인용 횟수 : 0 인용 특허 : 500 |
A method, apparatus and system related to zero configuration communication between a sandboxed program and a networked service are disclosed. In one aspect a system includes a networked device configured to announce a networked service to a discovery service, and/or perform the discovery service for
A method, apparatus and system related to zero configuration communication between a sandboxed program and a networked service are disclosed. In one aspect a system includes a networked device configured to announce a networked service to a discovery service, and/or perform the discovery service for a private network; and/or a client device configured to execute a sandboxed program in a security sandbox. The system also includes automatically instantiating a connection between the sandboxed program and the networked device and/or the networked service. The discovery agent may be running with the sandboxed program is configured to query the discovery service for a service information associated with of the networked device and/or the networked service. The service information may include a global unique identifier (GUID), an alphanumeric name, a public address pair, and/or a private address pair.
1. A system comprising: a networked device, residing in a private network of Internet, and configured to: announce a networked service to a discovery service, andenable performing the discovery service for the private network;a client device residing in a same private network of the Internet as the
1. A system comprising: a networked device, residing in a private network of Internet, and configured to: announce a networked service to a discovery service, andenable performing the discovery service for the private network;a client device residing in a same private network of the Internet as the networked device, the client device being configured to execute a sandboxed program in a security sandbox and to automatically instantiate a connection between the sandboxed program and at least one of the networked device and the networked service; anda Network Address Translator (NAT) straddling both the same private network and a public network of the Internet,wherein, as part of the automatic instantiation of the connection between the sandboxed program and the at least one of the networked device and the networked service, the NAT is configured to translate a private address of an announce message related to the announcement of the networked service to a public address thereof including a public Internet Protocol (IP) address,the sandboxed program is configured to address a discovery message to the discovery service from a private address thereof,the NAT is configured to translate the private address of the sandboxed program to a public address thereof including a public IP address when the discovery message transits the NAT,the discovery service is configured to perform a lookup based on the public IP address of the sandboxed program to determine at least one device having a same public IP address to determine that the sandboxed program and the at least one of the networked device and the networked service reside in the same private network, andin accordance with the determination that the sandboxed program and the at least one of the networked device and the networked service reside in the same private network, the discovery service is configured to respond with service information for the at least one of the networked device and the networked service. 2. The system of claim 1: wherein a discovery agent running with the sandboxed program is configured to query the discovery service for the service information associated with the at least one of the networked device and the networked service, wherein the service information comprises at least one of a global unique identifier (GUID), an alphanumeric name, a public address pair, and a private address pair. 3. The system of claim 2: wherein at least one of the discovery agent and the sandboxed program is configured to bypass the discovery service by caching the service information associated with the at least one of the networked device and the networked service. 4. The system of claim 2: wherein the discovery agent is further configured to serve as a trusted intermediary between an untrusted sandboxed program and the at least one of the networked device and the networked service,wherein the trusted intermediary is configured to guard at least one of the GUID, the alphanumeric name, the public address pair, and the private address pair associated with the at least one of the networked device and the networked service from the untrusted sandboxed program, andwherein the trusted intermediary and the untrusted sandboxed program are configured to communicate via a mutually agreed programming interface. 5. The system of claim 2: wherein the discovery agent is further configured to enforce a communications policy imposing an access restriction to the at least one of the networked device and the networked service. 6. The system of claim 1: wherein the at least one of the networked device and the networked service is configured to at least one of offer an access token to the sandboxed program and manage an access of the sandboxed program to the at least one of the networked device and the networked service, wherein the access token uniquely identifies the sandboxed program, andwherein the sandboxed program is configured to communicate with the at least one of the networked device and the networked service by passing the access token. 7. The system of claim 6: wherein the access token is offered to the sandboxed program on at least one of the private network and a local area network (LAN) with the at least one of the networked device and the networked service. 8. The system of claim 1, further comprising: a relay service configured to forward a packet between the sandboxed program and the at least one of the networked device and the networked service. 9. The system of claim 8: wherein the relay service comprises at least one of a Traversal Using Relays around NAT (TURN) server, a Simple Traversal of User Datagram Protocol over NATs (STUN) server, a STUN and TCP too (STUNT) server, the discovery service, a simple relay, a simple Transmission Control Protocol (TCP) relay, a simple User Datagram Protocol (UDP) relay, a GUID-relay, a TCP GUID-routing-relay, and a UDP GUID-routing-relay. 10. The system of claim 1: wherein the discovery service comprises at least one of a logically centralized discovery service, a private discovery service, and an extension to the security sandbox, andwherein the discovery service is configured to at least one of: provide an application-layer routing between the sandboxed program and the at least one of the networked device and the networked service, andperform a traditional discovery method comprising at least one of a multicast protocol, a unicast protocol, an anycast protocol, a broadcast protocol, a Bonjour® protocol, a Simple Service Discovery Protocol (SSDP), a Local Service Discovery (LSD) uTorrent® protocol, a Service Location Protocol (SLP), a Universal Plug and Play (UPnP) protocol, a Multicast Domain Name System (MDNS) protocol, and a Domain Name System-based Service Discovery (DNS-SD) protocol. 11. The system of claim 1: wherein the networked service comprises at least one of a discoverable service and an undiscoverable service, wherein the discoverable service comprises at least one of the networked service of the networked device, a gateway discoverable service, an elected discoverable service, and an unelected discoverable service, wherein when the discoverable service comprises the gateway discoverable service, the gateway discoverable service is configured to announce the undiscoverable service to the discovery service and to provide a sandbox-reachable interface on behalf of the undiscoverable service, andwherein when the discoverable service comprises the elected discoverable service, the elected discoverable service is configured to at least one of: announce an other networked service to the discovery service, and act as the discovery service for the private network. 12. The system of claim 1: wherein the sandboxed program is configured to bypass the discovery service when establishing the connection between the sandboxed program and the at least one of the networked device and the networked service. 13. The system of claim 1: wherein the networked device is configured to announce an availability of the networked service across a range of public IP addresses such that the sandboxed program communicates with the at least one of the networked device and the networked service in any one of the range of public IP addresses. 14. The system of claim 1: wherein the sandboxed program is configured to process a hardware address associated with the sandboxed program from the at least one of the networked device and the networked service. 15. The system of claim 1: wherein the networked device is further configured to announce a service description of the networked service to the discovery service,wherein the sandboxed program is configured to query the discovery service for a particular service description, andwherein the discovery service returns the networked service with the service description that matches the particular service description. 16. The system of claim 1: wherein the sandboxed program is configured to associate the at least one of the networked device and the networked service with a user account, andwherein the user account is accessed when establishing the connection between the at least one of the networked device and the networked service and at least one of the client device and an other client device. 17. The system of claim 1: wherein the sandboxed program is configured to obtain an explicit permission to communicate with any device other than an origin server. 18. The system of claim 1: wherein the at least one of the networked device and the networked service is further configured to send a number of periodic keep-alive messages to the discovery service. 19. The system of claim 1: wherein a private IP address associated with the at least one of the networked device and the networked service remains unknown to the client device when: the NAT is configured to process a communication from a public IP address of a different network on which the at least one of the networked device and the networked service operates, anda second NAT coupled with the different network is configured to translate the private IP address to the public IP address. 20. The system of claim 1: wherein the at least one of the networked device and the networked service is further configured to communicate with the sandboxed program by polling a message queue, andwherein the message queue is configured to store a message from the sandboxed program. 21. The system of claim 1: wherein a NAT traversal mechanism comprises at least one of a DeMilitarized Zone (DMZ), an explicit port mapping, a user manual configuration, a casting of the at least one of the networked device and the networked service as a communication initiator, an announcement to the discovery service with a source port that is bound to a port on which the at least one of the networked device and the networked service listens, the discovery service sending a SYN from the port on which the at least one of the networked device and the networked service listens, a hole punching process, a port prediction, and using a server to learn an address of an outermost NAT residing in a path between the server and the at least one of the networked device and the networked service along with communicating the address via an external mechanism. 22. A method comprising: announcing, by a networked device residing in a private network of Internet, a networked service to a discovery service;enable performing, by the networked device, the discovery service for the private network;executing, by a client device residing in a same private network of the Internet as the networked device, a sandboxed program in a security sandbox; andautomatically instantiating, by the client device, a connection between the sandboxed program and at least one of the networked device and the networked service based on: translating, through a NAT straddling both the same private network and a public network of the Internet, a private address of an announce message related to the announcement of the networked service to a public address thereof including a public IP address,addressing, from a private address of the sandboxed program, a discovery message to the discovery service,translating, through the NAT, the private address of the sandboxed program to a public address thereof including a public IP address when the discovery message transits the NAT,performing, through the discovery service, a lookup based on the public IP address of the sandboxed program to determine at least one device having a same public IP address to determine that the sandboxed program and the at least one of the networked device and the networked service reside in the same private network, andin accordance with the determination that the sandboxed program and the at least one of the networked device and the networked service reside in the same private network, responding, through the discovery service, with service information for the at least one of the networked device and the networked service. 23. The method of claim 22, further comprising: querying, by a discovery agent running with the sandboxed program, the discovery service for the service information associated with the at least one of the networked device and the networked service, wherein the service information comprises at least one of a GUID, an alphanumeric name, a public address pair, and a private address pair. 24. The method of claim 23, further comprising: bypassing, by at least one of the discovery agent and the sandboxed program, the discovery service by caching the service information associated with the at least one of the networked device and the networked service. 25. The method of claim 23, further comprising: serving, by the discovery agent, as a trusted intermediary between an untrusted sandboxed program and the at least one of the networked device and the networked service,wherein the trusted intermediary is configured to guard at least one of the GUID, the alphanumeric name, the public address pair, and the private address pair associated with the at least one of the networked device and the networked service from the untrusted sandboxed program, andwherein the trusted intermediary and the untrusted sandboxed program are configured to communicate via a mutually agreed programming interface. 26. The method of claim 23, further comprising: enforcing, by the discovery agent, a communications policy imposing an access restriction to the at least one of the networked device and the networked service. 27. The method of claim 22, further comprising: forwarding, by a relay service, a packet between the sandboxed program and the at least one of the networked device and the networked service. 28. The method of claim 27: wherein the relay service comprises at least one of a Traversal Using Relays around NAT (TURN) server, a Simple Traversal of User Datagram Protocol over NATs (STUN) server, a STUN and TCP too (STUNT) server, the discovery service, a simple relay, a simple Transmission Control Protocol (TCP) relay, a simple User Datagram Protocol (UDP) relay, a GUID-relay, a TCP GUID-routing-relay, and a UDP GUID-routing-relay. 29. The method of claim 22, further comprising: at least one of providing, by the discovery service, an application-layer routing between the sandboxed program and the at least one of the networked device and the networked service and performing, by the discovery service, a traditional discovery method comprising at least one of a multicast protocol, a unicast protocol, an anycast protocol, a broadcast protocol, a Bonjour® protocol, a Simple Service Discovery Protocol (SSDP), a Local Service Discovery (LSD) uTorrent® protocol, a Service Location Protocol (SLP), a Universal Plug and Play (UPnP) protocol, a Multicast Domain Name System (MDNS) protocol, and a Domain Name System-based Service Discovery (DNS-SD) protocol,wherein the discovery service comprises at least one of a logically centralized discovery service, a private discovery service, and an extension to the security sandbox. 30. The method of claim 22: wherein the networked service comprises at least one of a discoverable service and an undiscoverable service, wherein the discoverable service comprises at least one of the networked service of the networked device, a gateway discoverable service, an elected discoverable service, and an unelected discoverable service, wherein when the discoverable service comprises the gateway discoverable service, the gateway discoverable service is configured to announce the undiscoverable service to the discovery service and to provide a sandbox-reachable interface on behalf of the undiscoverable service, andwherein when the discoverable service comprises the elected discoverable service, the elected discoverable service is configured to at least one of: announce an other networked service to the discovery service, andact as the discovery service for the private network. 31. The method of claim 22, further comprising: bypassing, by the sandboxed program, the discovery service when establishing the connection between the sandboxed program and the at least one of the networked device and the networked service. 32. The method of claim 22, further comprising: announcing, by the networked device, an availability of the networked service across a range of public IP addresses such that the sandboxed program communicates with the at least one of the networked device and the networked service in any one of the range of public IP addresses. 33. The method of claim 22, further comprising: at least one of offering, by the at least one of the networked device and the networked service, an access token to the sandboxed program and managing, by the at least one of the networked device and the networked service, an access of the sandboxed program to the at least one of the networked device and the networked service, wherein the access token uniquely identifies the sandboxed program, andwherein the sandboxed program is configured to communicate with the at least one of the networked device and the networked service by passing the access token. 34. The method of claim 33: wherein the access token is offered to the sandboxed program on at least one of the private network and a LAN with the at least one of the networked device and the networked service. 35. The method of claim 22, further comprising: processing, by the sandboxed program, a hardware address associated with the sandboxed program from the at least one of the networked device and the networked service. 36. The method of claim 22, further comprising: announcing, by the networked device, a service description of the networked service to the discovery service;querying, by the sandboxed program, the discovery service for a particular service description; andreturning, by the discovery service, the networked service with the service description that matches the particular service description. 37. The method of claim 22, further comprising: associating, by the sandboxed program, the at least one of the networked device and the networked service with a user account, andwherein the user account is accessed when establishing the connection between the at least one of the networked device and the networked service and at least one of the client device and an other client device. 38. The method of claim 22, further comprising: obtaining, by the sandboxed program, an explicit permission to communicate with any device other than an origin server. 39. The method of claim 22, further comprising: sending, by the at least one of the networked device and the networked service, a number of periodic keep-alive messages to the discovery service. 40. The method of claim 22: wherein a private IP address associated with the at least one of the networked device and the networked service remains unknown to the client device when: the NAT is configured to process a communication from a public IP address of a different network on which the at least one of the networked device and the networked service operates, anda second NAT coupled with the different network is configured to translate the private IP address to the public IP address. 41. The method of claim 22, further comprising: communicating, by the at least one of the networked device and the networked service, with the sandboxed program by polling a message queue, andwherein the message queue is configured to store a message from the sandboxed program. 42. The method of claim 22: wherein a NAT traversal mechanism comprises at least one of a DeMilitarized Zone (DMZ), an explicit port mapping, a user manual configuration, a casting of the at least one of the networked device and the networked service as a communication initiator, an announcement to the discovery service with a source port that is bound to a port on which the at least one of the networked device and the networked service listens, the discovery service sending a SYN from the port on which the at least one of the networked device and the networked service listens, a hole punching process, a port prediction, and using a server to learn an address of an outermost NAT residing in a path between the server and the at least one of the networked device and the networked service along with communicating the address via an external mechanism.
Copyright KISTI. All Rights Reserved.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.