Peer-to-peer contact exchange
A system may publish authenticated contact information in a publicly available index store, retrieve the contact information, and validate it. The claimed method and system may provide a client-based, server optional approach to publishing. The publicly available index store may be a distributed hash table used in a peer-to-peer network. The system may be used in other secure directory service applications where a server may not be available or where server trust may be minimal.
Latest Microsoft Patents:
Directory services may typically be provided using a network server. In order to utilize the directory services, a user may be required to connect to the server and have a user account in order to access the directory service. Additionally, the user may have to trust the server to provide data integrity and data authentication. If the directory service is intended for a smaller group of connected entities, for example an ad hoc network, then creating and setting up a directory server for that ad hoc network may be inefficient. For example, ad hoc networks may typically be transient in nature, and the cost of setting up a dedicated server for short durations and for a small number of users may be too costly, due to administrator time, equipment resource capacity (some server must be reallocated or added), and user time (user may be involved in account creation and setup). Moreover, while server based systems may be common, new serverless systems such as peer-to-peer networks, may provide greater flexibility in creating ad hoc networks because they may not require a dedicated server to facilitate communications. However, to enable secure communications over these ad hoc networks using existing encryption processes, a directory service may be required to facilitate public key exchange that does not rely on a server based model.
SUMMARYA system may publish authenticated contact information in a publicly available index store. The system may also provide a method of retrieving the contact information and validating it. The claimed method and system may be client based, with a server being optional. The publicly available index store may be a distributed hash table used in a peer-to -peer network. The system may be used in other secure directory service applications where a server may not be available or where server trust may be minimal.
In one embodiment, the system may be used as a general message publishing system. In another embodiment, the system may be used to provide selective publication in which a posted record may only be retrieved and read by an intended recipient.
Although the following text sets forth a detailed description of numerous different embodiments, it should be understood that the legal scope of the description is defined by the words of the claims set forth at the end of this patent. The detailed description is to be construed as exemplary only and does not describe every possible embodiment since describing every possible embodiment would be impractical, if not impossible. Numerous alternative embodiments could be implemented, using either current technology or technology developed after the filing date of this patent, which would still fall within the scope of the claims.
It should also be understood that, unless a term is expressly defined in this patent using the sentence “As used herein, the term ‘——————’ is hereby defined to mean . . . ” or a similar sentence, there is no intent to limit the meaning of that term, either expressly or by implication, beyond its plain or ordinary meaning, and such term should not be interpreted to be limited in scope based on any statement made in any section of this patent (other than the language of the claims). To the extent that any term recited in the claims at the end of this patent is referred to in this patent in a manner consistent with a single meaning, that is done for sake of clarity only so as to not confuse the reader, and it is not intended that such claim term be limited, by implication or otherwise, to that single meaning. Finally, unless a claim element is defined by reciting the word “means” and a function without the recital of any structure, it is not intended that the scope of any claim element be interpreted based on the application of 35 U.S.C. §112, sixth paragraph.
The blocks of the claimed method and apparatus are operational with numerous other general purpose or special purpose computing system environments or configurations. Examples of well known computing systems, environments, and/or configurations that may be suitable for use with the methods or apparatus of the claims include, but are not limited to, personal computers, server computers, hand-held or laptop devices, multiprocessor systems, microprocessor-based systems, set top boxes, programmable consumer electronics, network PCs, minicomputers, mainframe computers, distributed computing environments that include any of the above systems or devices, and the like.
The blocks of the claimed method and apparatus may be described in the general context of computer-executable instructions, such as program modules, being executed by a computer. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types. The methods and apparatus may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote computer storage media including memory storage devices.
With reference to
Computer 110 typically includes a variety of computer readable media. Computer readable media may be any available media that may be accessed by computer 110 and includes both volatile and nonvolatile media, removable and non-removable media. By way of example, and not limitation, computer readable media may comprise computer storage media and communication media. Computer storage media includes both volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information such as computer readable instructions, data structures, program modules or other data. Computer storage media includes, but is not limited to, RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, digital versatile disks (DVD) or other optical disk storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium which may be used to store the desired information and which may accessed by computer 110. Communication media typically embodies computer readable instructions, data structures, program modules or other data in a modulated data signal such as a carrier wave or other transport mechanism and includes any information delivery media. The term “modulated data signal” means a signal that has one or more of its characteristics set or changed in such a manner as to encode information in the signal. By way of example, and not limitation, communication media includes wired media such as a wired network or direct-wired connection, and wireless media such as acoustic, RF, infrared and other wireless media. Combinations of the any of the above should also be included within the scope of computer readable media.
The system memory 130 includes computer storage media in the form of volatile and/or nonvolatile memory such as read only memory (ROM) 131 and random access memory (RAM) 132. A basic input/output system 133 (BIOS), containing the basic routines that help to transfer information between elements within computer 110, such as during start-up, is typically stored in ROM 131. RAM 132 typically contains data and/or program modules that are immediately accessible to and/or presently being operated on by processing unit 120. By way of example, and not limitation,
The computer 110 may also include other removable/non-removable, volatile/nonvolatile computer storage media. By way of example only,
The drives and their associated computer storage media discussed above and illustrated in
These and other input devices are often connected to the processing unit 120 through a user input interface 160 that is coupled to the system bus, but may be connected by other interface and bus structures, such as a parallel port, game port or a universal serial bus (USB). A monitor 191 or other type of display device is also connected to the system bus 121 via an interface, such as a video interface 190. In addition to the monitor, computers may also include other peripheral output devices such as speakers 197 and printer 196, which may be connected through an output peripheral interface 190.
The computer 110 may operate in a networked environment using logical connections to one or more remote computers, such as a remote computer 180. The remote computer 180 may be a personal computer, a server, a router, a network PC, a peer device or other common network node, and typically includes many or all of the elements described above relative to the computer 110, although only a memory storage device 181 has been illustrated in
When used in a LAN networking environment, the computer 110 is connected to the LAN 171 through a network interface or adapter 170. When used in a WAN networking environment, the computer 110 typically includes a modem 172 or other means for establishing communications over the WAN 173, such as the Internet. The modem 172, which may be internal or external, may be connected to the system bus 121 via the user input interface 160, or other appropriate mechanism. In a networked environment, program modules depicted relative to the computer 110, or portions thereof, may be stored in the remote memory storage device. By way of example, and not limitation,
Peer-to-peer (P2P) systems employ a network of nodes that communicate with each other in a decentralized manner, e.g., without the aid of a central server. Each node (e.g., an application or a device) in the peer-to-peer network may communicate with another node on the network through a direct connection, or each node may communicate indirectly using one or more intermediate nodes to relay communications to an intended node.
Connection security may be based on a symmetric key encryption process, as may be commonly known in the art. In order to implement this encryption security, however, peer entities may need to first exchange certificates and/or public keys which enable a secure connection to be initially established. In some existing systems, such as that illustrated in
An embodiment of the claimed server-independent indexing process may use a serverless index store, such as a distributed hash table (DHT) 400 illustrated in
An embodiment of the claimed server-independent indexing process may use a particular record format, as illustrated in
The CUI may be derived from a public key using an algorithm, such as a hash or encryption algorithm. The CUI may be verified to correspond or match with its public key using the algorithm. In one embodiment, the CUI may be used to represent a longer user identifier, such as a public key, in a shorter more user manageable form such as the peer names used in a P2P system described in U.S. patent application Ser. No. 10/882,079, entitled “Callsigns.”
The record of
The user may then query the index store to retrieve a record based on the CTJI 703. Once the CUI is retrieved, the CUI may be verified using the public key contained in the record to ensure that they correspond to each other 704. This process block may be used to verify that the record corresponds to the CUI. The CUI may be made statistically unique to the public key in any number of ways. In one embodiment, the peer communication system may pre-establish a common mapping process, for example using a recognized hash function. This initial verification process helps to ensure that the record may indeed correspond to the given CUI.
If the CUI maps properly, then the signature of the record may then be used to determine whether the signature is signed by a corresponding private key of the publisher 705. This may authenticate the message by providing evidence that the message originated from the publisher, as it may be assumed that the publisher owns the private key corresponding to the public key used for the encryption.
If the record/message is properly signed, a message format and/or syntax check 706 may then be performed on the contact information of the record. This may be used, for example, to ensure that the message was not hacked to match the signature. While providing a hacked message to match an encrypted signature may be statistically difficult, it may not be impossible. Hacking, however, may result in a message that does not conform to intended or expected format. Thus, a first check of the message may be made to determine whether the message format complies with an expected format. For example, where contact information is communicated, the contact information may require a ten character format. If the record format does not provide this ten character format, then someone or something may have tampered with the message 711.
Alternatively, or in addition, the semantics of the message may be checked. For example, the contact information may be limited to a list of options and specific relations between those options. Therefore, if the format requires two entries, and the first entry is related to the second entry (semantics) and they do not match this expected format, then someone or something may have tampered with the message 711.
If all of the verifications processes 704, 705, 706 have been completed successfully, then the record may be authentic and subsequently used 707, for example, the public key may be used to establish communication links. If any of the verification steps 704, 705, 706 fails, then someone or something may have been tampered with the message 711. In the case of a public key exchange system, a connection may be refused.
In another embodiment illustrated in
In another enhancement of the above embodiment, the key may be a group public key, which is owned by a group of peers. In this embodiment, any member of the group may lookup a record under the group public key and perform the authentication process. The group of users may have access to the record and may be specifically targeted for receipt of a posted message.
It should be emphasized that while the specific embodiments described above may be associated with a public key exchange directory, the contact information may represent other data. For example, instead of contact information, the record may be a generic message posting. Thus, the claimed system may be used as a general publication system over any publicly accessible index store. The claimed system may also be used to provide directory services other than public key lookup. The claimed system enables existing distributed index stores, such as distributed hash tables, to function as secured directory services work without relying on a server.
Additionally, the claimed system may be used on existing server based directories where the server security may be minimal, thereby requiring the authentication process provided by the claimed system. In ad hoc systems such as peer groups and peer-to-peer networks, a serverless process of public key publication and retrieval may make the creation of such networks more efficient by reducing the need for a hosted, dedicated server to provide the directory service. The claimed method and system may also minimize user involvement because the public/private key encryption process may eliminate the need for a user to explicitly sign on to a server.
Claims
1. A method of using a publicly available index store for a secure publication system, the method comprising:
- configuring a first computing device to be a publisher of contact information corresponding to the publisher, wherein: the contact information is required to be known by both the publisher and another node to enable an initial establishment of a secure connection between the another node and the publisher, and the contact information targeted for retrieval by only a user of the contact information; the first computing device includes a first memory, a first processing unit, and first computer-executable instructions stored in the first memory and executable by the first processing unit to publish the contact information; at the publisher: providing a first cryptographically unique identifier that is statistically unique to a public key of the publisher; obtaining a second cryptographically unique identifier that is statistically unique to a public key of the user of the contact information; appending the second cryptographically unique identifier to the first cryptographically unique identifier to form a combination key; creating a publisher signature by signing the contact information with a publisher private key; creating a single record corresponding to the contact information, wherein the single record includes and is indexed by the combination key, and wherein the single record includes the publisher public key, the publisher signature, and all of the contact information corresponding to the publisher; and inserting the record into a publicly available index store;
- configuring a second computing device to be the user of the contact information, the second computing device including a second memory, a second processing unit, and second computer-executable instructions stored in the second memory and executable by the second processing unit to use the contact information to establish a secure connection with the publisher; and
- at the user: obtaining the first cryptographically unique identifier; retrieving the single record from the publicly available index store based on the combination key; determining whether the first cryptographically unique identifier relates to the publisher public key included in the single record; determining whether the contact information is signed by a private key corresponding to the publisher public key included in the single record; establishing the secure connection with the publisher using at least a portion of the single record upon determining the first cryptographically unique identifier relates to the publisher public key included in the single record and the contact information is signed by the private key corresponding to the publisher public key included in the single record; and refusing to establish the secure connection with the publisher upon determining the first cryptographically unique identifier does not relate to the publisher public key included in the single record or the contact information is not signed by the private key corresponding to the publisher public key included in the single record,
- wherein the publisher and the user are different nodes in a peer-to-peer network.
2. The method of claim 1, further comprising:
- determining, by the second computing device, whether the contact information has an expected format and syntax;
- establishing the secure connection with the publisher using the at least the portion of the single record upon determining the contact information is determined to have the expected format and syntax; and
- refusing to establish the secure connection with the publisher upon determining the contact information has an unexpected format or syntax.
3. The method of claim 1, wherein the index store is one of a distributed hash table and a directory server.
4. The method of claim 1, wherein the first cryptographically unique identifier is derived from the public key of the user using a hash function.
5. The method of claim 1, wherein the single record further includes a duration parameter that is proportional to an encryption strength.
6. The method of claim 5, further comprising at the second computing device:
- establishing the secure connection with the publisher using the at least the portion of the single record upon determining that a duration indicated by the duration parameter has not expired; and
- refusing to establish the secure connection with the publisher upon determining that the duration indicated by the duration parameter has expired.
7. The method of claim 1, wherein the first cryptographically unique identifier comprises a group public key.
8. A computer system comprising:
- a plurality of peer nodes forming a peer-to-peer network;
- a distributed hash table of the peer-to-peer network;
- a first peer node from the plurality of peer nodes, the first peer node configured to: publish contact information corresponding to the first peer node wherein the contact information is required to be known by both the first peer node and a second peer node from the plurality of peer nodes to enable an initial establishment of a secure connection between the first peer node and the second peer node, and the contact information targeted for retrieval by only the second peer node, create a first cryptographically unique identifier that is statistically unique to a public key of the first peer node, create a signature by signing the contact information with a private key of the first peer node, obtain a second cryptographically unique identifier that is statistically unique to a public key of the second peer node, append the second cryptographically unique identifier to the first cryptographically unique identifier to form a combination key, create a single record corresponding to the contact information, wherein the single record includes and is indexed by the combination key, and wherein the single record includes the public key of the first peer node, the signature, and all of the contact information corresponding to the first peer node; and insert the single record into the distributed hash table; and
- the second peer node from the plurality of peer nodes, the second peer node configured to: obtain the first cryptographically unique identifier; retrieve the single record from the distributed hash table based on the combination key, determine whether the first cryptographically unique identifier relates to the public key of the first peer node included in the single record, determine whether the contact information is signed by a private key corresponding to the public key of the first peer node included in the single record, determine whether the contact information has an expected format and syntax, establish a secure connection with the first peer node using at least a portion of the single record upon determining: the first cryptographically unique identifier relates to the public key of the first peer node included in the single record, the contact information is signed by the private key corresponding to the public key of the first peer node included in the single record, and the contact information has the expected format and syntax; and refuse to establish the secure connection with the first peer node upon determining: the first cryptographically unique identifier does not relate to the public key of the first peer node included in the single record, the contact information is not signed by the private key corresponding to the public key of the first peer node included in the single record, or the contact information has an unexpected format or syntax.
9. The system of claim 8, wherein the contact information is encrypted using a public key of the second peer node and the contact information is decrypted using a private key of the second peer node.
10. The system of claim 8, wherein the single record further includes a duration parameter, wherein the duration parameter is proportional to the strength of an encryption algorithm used to generate the public key of the first peer node and the private key corresponding to the public key of the first peer node.
11. The system of claim 10, wherein the second peer node is configured to:
- establish the secure connection with the first peer node using the at least the portion of the single record upon determining that a duration indicated by the duration parameter has not expired; and
- refuse to establish the secure connection with the first peer node upon determining that the duration indicated by the duration parameter has expired.
12. A memory storage device on a first node having computer-executable instructions for performing operations comprising:
- receiving a second cryptographically unique identifier corresponding to a second node;
- retrieving an entry from an index store based on a combination key, the combination key including a first cryptographically unique identifier corresponding to the first node appended to the second cryptographically unique identifier corresponding to the second node, wherein: the entry contains a complete set of contact information corresponding to the second node and a public key corresponding to the second node; the entry further contains the combination key and is indexed by the combination key; the complete set of contact information is required to be known by both the first node and the second node to enable an initial establishment of a secure connection between the first node and the second node; the complete set of contact information and the public key corresponding to the second node are together signed by a private key corresponding to the public key corresponding to the second node; and the entry was previously entered into the index store by the second node;
- determining whether the second cryptographically unique identifier relates to the public key corresponding to the second node;
- determining whether the complete set of contact information and the public key corresponding to the second node are signed by the private key corresponding to the second node;
- establishing the secure connection between the first node and the second node using at least a portion of the entry upon determining the second cryptographically unique identifier relates to the public key corresponding to the second node included in the entry and the contact information is signed by the private key corresponding to the public key corresponding to the second node included in the entry; and
- refusing to establish the secure connection between the first and the second node upon determining the second cryptographically unique identifier does not relate to the public key corresponding to the second node included in the entry or the contact information is not signed by the private key corresponding to the public key corresponding to the second node included in the entry,
- wherein the first node and the second node are different nodes in a peer-to-peer network.
13. The memory storage device of claim 12, further comprising:
- determining whether the complete set of contact information has an expected format and syntax;
- establishing the secure connection between the first node and the second node using the at least the portion of the single record upon determining the complete set of contact information has the expected format and syntax; and
- refusing to establish the secure connection between the first node and the second node upon determining the complete set of contact information has an unexpected format or syntax.
14. The memory storage device of claim 12, further comprising determining whether a duration parameter of the entry has expired.
15. The memory storage device of claim 14, wherein a duration indicated by the duration parameter is proportional to a level of encryption used to generate the public key corresponding to the second node included in the entry and the private key corresponding to the second node.
16. The memory storage device of claim 12, wherein the complete set of contact information is encrypted using a public key of a computer associated with the second cryptographically unique identifier, and wherein the complete set of contact information is decrypted using a private key corresponding to the first node.
17. The method of claim 1, wherein establishing the secure connection with the publisher using the at least the portion of the single record comprises establishing the secure connection with the publisher using the publisher public key included in the single record.
18. The system of claim 8, wherein the second peer node establishes the secure connection with the first peer node using the public key of the first peer node included in the single record.
19. The method of claim 1, further comprising:
- at the publisher, encrypting the contact information using the public key of the user; and
- at the user, decrypting the contact information using a private key of he user.
5005200 | April 2, 1991 | Fischer |
5848244 | December 8, 1998 | Wilson |
5987376 | November 16, 1999 | Olson et al. |
6088805 | July 11, 2000 | Davis et al. |
6128738 | October 3, 2000 | Doyle et al. |
6233606 | May 15, 2001 | Dujari |
6269099 | July 31, 2001 | Borella et al. |
6279110 | August 21, 2001 | Johnson et al. |
6308266 | October 23, 2001 | Freeman |
6327652 | December 4, 2001 | England et al. |
6341349 | January 22, 2002 | Takaragi et al. |
6367009 | April 2, 2002 | Davis et al. |
6397303 | May 28, 2002 | Arimilli et al. |
6405290 | June 11, 2002 | Arimilli et al. |
6424718 | July 23, 2002 | Holloway |
6598083 | July 22, 2003 | Renier et al. |
6671804 | December 30, 2003 | Kent |
6782103 | August 24, 2004 | Arthan et al. |
6782294 | August 24, 2004 | Reich et al. |
6789189 | September 7, 2004 | Wheeler et al. |
6938166 | August 30, 2005 | Sarfati et al. |
6941366 | September 6, 2005 | Antes et al. |
6941384 | September 6, 2005 | Aiken, Jr. et al. |
7051202 | May 23, 2006 | Tsunoo |
7129891 | October 31, 2006 | Meunier |
7929689 | April 19, 2011 | Huitema et al. |
20010013050 | August 9, 2001 | Shah |
20010019609 | September 6, 2001 | Tsunoo |
20020032765 | March 14, 2002 | Pezzutti |
20020143989 | October 3, 2002 | Huitema et al. |
20020156875 | October 24, 2002 | Pabla |
20030018701 | January 23, 2003 | Kaestle |
20030018813 | January 23, 2003 | Antes et al. |
20030028585 | February 6, 2003 | Yeager et al. |
20030079024 | April 24, 2003 | Hough et al. |
20030083544 | May 1, 2003 | Richards et al. |
20030196060 | October 16, 2003 | Miller |
20040010688 | January 15, 2004 | Matsuzaki et al. |
20040034794 | February 19, 2004 | Mayer |
20040054885 | March 18, 2004 | Bartram et al. |
20040064693 | April 1, 2004 | Pabla et al. |
20040181689 | September 16, 2004 | Kiyoto |
20040243819 | December 2, 2004 | Bourne et al. |
20040260761 | December 23, 2004 | Leaute et al. |
20050010794 | January 13, 2005 | Carpentier et al. |
20050027871 | February 3, 2005 | Bradley |
20050053220 | March 10, 2005 | Stochosky |
20050055280 | March 10, 2005 | Jeans |
20050076218 | April 7, 2005 | Brown |
20050091284 | April 28, 2005 | Weissman et al. |
20050135381 | June 23, 2005 | Dubnicki et al. |
20050160291 | July 21, 2005 | Eden et al. |
20050160477 | July 21, 2005 | Saito |
20050182928 | August 18, 2005 | Kamalanathan et al. |
20050193219 | September 1, 2005 | Vanstone |
20070055877 | March 8, 2007 | Persson et al. |
20070245144 | October 18, 2007 | Wilson |
20080222127 | September 11, 2008 | Bergin |
1 248 441 | October 2002 | EP |
1 361 728 | November 2003 | EP |
1473899 | November 2004 | EP |
2851704 | February 2003 | FR |
WO-2004049130 | November 2003 | WO |
WO-2005/026872 | March 2005 | WO |
WO-2005/078993 | August 2005 | WO |
- International Search Report for PCT/US2007/010092 mailed Oct. 15, 2007.
- Written Opinion for PCT/US2007/010092 mailed Oct. 15, 2007.
- Jianming Lv et al., “WonGoo: A Pure Peer-to-Peer Full Text Information Retrieval System Based On Semantic Overlay Networks;” Institute of Computing Technology Chinese Academy of Sciences Beijing, China; Proceeding of the Third IEEE International Symposium on Network Computing and Applications (NCA '04); dated Apr. 2004; 8 pages; http://portal.acm.org/citation.cfm?id=1025126.1025936.
- Ajmani et al., “ConChord: Cooperative SDSI Certificate Storage and Name Resolution,” First International Workshop on Peer-to-Peer Systems (IPTPS), Mar. 2002.
- Beaver, K., “Are P2P Applications Worth the Risk?” 2005 TechTarget, http://searchsecurity.techtarget.com/tip/1,289483,sid14—gci929175,00.html, 5 pages.
- Campbell, C., “Securing Your Peer-to-Peer Networks,” TechTarget, Sep. 12, 2001, http://searchsecurity.techtarget.com/originalContent/0,289142,sid14—gci769396,00.html?MOTT=9.25.
- Ellison, C., et al., Simple Public Key Certificate, (Internet Draft 1999), at http://www.world.std.com/˜cme/spki.txt (Aug. 6, 2001).
- Ellison, C., et al., SPKI Certificate Theory, (The Internet Society 1999), at http://www.ietf.org/rfc/rfc2693.txt?number=2693 (Aug. 6, 2001).
- Ellison, C., SPKI Requirements, (The Internet Society 1999), at http://www.ietf.org/rfc/rfc2692.txt?number=2692 (Aug. 6, 2001).
- Erdelsky, P., The Birthday Paradox, EFG, at http://www.efgh.com/math/birthday.htm (Mar. 8, 2002).
- Housley et al., “Internet X.509 Public Key Infrastructure Certificate and CRL Profile.” Network Working Group (Jan. 1999), pp. 1-121, retrieved from http://www..ietf.org/rfc/rfc2459.txt?number=2459 Sep. 18, 2003.
- Kim et al., “A Secure Platform for Peer-to-Peer Computing in the Internet,” Proceedings of the 35th Hawaii International Conference on System Sciences, IEEE Computer Society, 2002, pp. 3948-3957.
- Langley, A., The Freenet Protocol, The Free Network Project, at http://freenet.sourceforge.net/index/php?page=protocol (May 21, 2001).
- Mazieres et al., “Separating Key Management from File System Security,” Operating Systems Review ACM, vol. 33, No. 5, Dec. 1999, pp. 124-139.
- Red-Black Tree, National Institute of Standards and Technology, at http://www.nist.gov/dads/HTML/redblack.html (Mar. 5, 2002).
- J. Schlyter & W. Griffin, “Using DNS To Securely Publish Secure Shell (SSH) Key Fingerprints,”The Internet Society (2006), ftp://ftp.rfc-editor.org/in-notes/rfc4255.txt, dated Oct. 2, 2006, 9 pages.
- Balke et al., “Caching for Improved Retrieval in Peer-to-Peer Networks,” L3S Research Center and University of Hannover, 6 pages; http://www.13s.de/apis/paper/gi-itg05.pdf (2005).
- Chen et al., “A Scalable Semantic Indexing Framework for Peer-to-Peer Information Retrieval,” 8 pages; http://hdir2005.isti.cnr.it/camera-ready/7.Chen.pdf (2005).
- Chien, E., “Malicious Threats of Peer-to-Peer Networking,” Symantec, http://enterprisesecurity.symantec.com/PDF/malicious—threats.pdf (Dec. 2001).
- Dabek et al.,Building Peer-to-Peer Systems With Chord, a Distributed Lookup Serivce, at MIT Laboratory for Computer Science, 6 pages, at http://pdos.lcs.mit.edu/chord (May 2001).
- DeFigueiredo et al., “Analysis of Peer-to-Peer Network Security Using Gnutella,” http://www.cs.berkeley.edu/˜daw/teaching/cs261-f02/reports/defig.pdf (2002).
- Druschel et al., PAST: A large-scale, persistent peer-to-peer storage utility, at Rice University and Microsoft Research, 6 pages (Nov. 2001).
- Lai et al., Measuring Link Bandwidths Using a Deterministic Model of Packet Delay, at Department of Computer Science at Stanford University, 13 pages (Oct. 2000).
- Rowstron et al., Pastry: Scalable, distributed object location and routing for large-scale peer-to-peer systems, at Microsoft Research, Ltd., St. George House and Rice University, 20 pages (Nov. 2001).
- Rowstron et al., SCRIBE: The design of a large-scale event notification infrastructure, at Microsoft Research, Ltd., St. George House and Rice University, 20 pages (2001).
- Rowstron et al., Storage management and caching in PAST, a large-scale, persistent peer-to-peer storage utility, at Microsoft Research, Ltd., St. George House and Rice University, 14 pages (2001).
- “Notice of Allowance”, U.S. Appl. No. 10/882,079, (Mar. 4, 2011), 8 pages.
- “Secure Hash Standard”, Federal Information Processing Standards Publication 180-1, available at <http://www.itl.nist.gov/fipspubs/fip180-1.htm>,(Apr. 17, 1995),16 pages.
- “Final Office Action”, U.S. Appl. No. 11/175,951, (Mar. 12, 2009), 17 pages.
- “Finding Friendly People Near Me”, http://www.new2uk.org/Templates/n2uk-finding-home.html, (Jul. 1, 2005), 1 page.
- “MSN Launches New Internet Search Service Designed to Give More-Precise Answers in Less Time” http://www.microsoft.com/presspass/perss/2005/feb05/02-01NewEnginePR.mspx, (Feb. 1, 2005), 3 pages.
- “Non Final Office Action”, U.S. Appl. No. 11/175,951, (Jul. 29, 2008), 11 pages.
- “What is AOL Messenger”, retrieved from <http://www.aol.com.au/site/website/aolproducts/aim/whatis.php> on Jul. 1, 2005, 2 pages.
- “Yahoo! Address Book explanation”, retrieved from <http://messenger.yahoo.com/addressbook.php> on Jul. 1, 2005, 2 pages.
- “Foreign Office Action”, Australian Application No. 2007240567, (May 9, 2011), 2 pages.
Type: Grant
Filed: Apr 21, 2006
Date of Patent: Jul 26, 2011
Patent Publication Number: 20070250700
Assignee: Microsoft Corporation (Redmond, WA)
Inventors: Gursharan Sidhu (Seattle, WA), Noah Horton (Sammamish, WA), Sandeep K. Singhal (Kirkland, WA)
Primary Examiner: Vivek Srivastava
Assistant Examiner: Anthony Brown
Application Number: 11/408,894
International Classification: H04L 29/00 (20060101);