Implicit population of access control lists

Implicit population of access control lists
RE45254

communication applications may include lists of users with which a user of the application communicates. If two users of a communications application each include the other user on their user lists, an implicit trust may be established between the users. For example, if user A includes user B in her list and user B includes user A in his list, then it may be determined that each user knows and/or trusts the other user. As a result, a connection or communications pathway may be automatically created between the client devices of the users to facilitate communications between the users based on the implicit trust.

PTO Wrapper PDF
Dossier Espace Google

Patent RE45254
Priority Dec 31 2002
Filed May 31 2013
Issued Nov 18 2014
Expiry Dec 31 2022 TERM.DISCL.
Inventors Roskind, J…
Assg.orig AMERICA ON…
Assg.curr Facebook, …
Entity Large
Referenced by 18
References 404
Maint.: all paid

CROSS-REFERENCE TO R…
TECHNICAL FIELD
BACKGROUND
SUMMARY
DESCRIPTION OF DRAWI…
DETAILED DESCRIPTION

9. A system comprising:

a first client device;

a second client device; and

a server configured to that:

access accesses a first user list associated with a first user of the a first client device;

access accesses a second user list associated with a second user of the a second client device, wherein the first user list and the second user list are maintained separately from one another;

analyze analyzes the accessed first user list to determine whether an identifier of the second user is included in the first user list;

analyze analyzes the accessed second user list to determine whether an identifier of the first user is included in the second user list; and

regulate a communications pathway regulates communications between the first client device and the second client device based on both the determination of whether the identifier of the first user is included on the second user list and the determination of whether the identifier of the second user is included on the first user list.

1. A method comprising:

logging, by a server, a first client device into a the server;

logging, by the server, a second client device into the server;

accessing, using by the server, a first user list associated with a first user of the first client device;

accessing, using by the server, a second user list associated with a second user of the second client device, wherein the first user list and the second user list are maintained separately from one another;

analyzing, using by the server, the accessed first user list to determine whether an identifier of the second user is included in the first user list;

analyzing, using by the server, the accessed second user list to determine whether an identifier of the first user is included in the second user list; and

regulating, using by the server, a communications pathway communications between the first client device and the second client device based on both the determination of whether the identifier of the first user is included on the second user list and the determination of whether the identifier of the second user is included on the first user list.

17. A host system comprising:

an interface to receive a communication from a first client device associated with a first user and to transmit a communication to a second client device associated with a second user;

storage to store a first user list associated with the first user and to store a second user list associated with the second user; and

a host configured to server that:

determine determines an identifier of the first user and an identifier of the second user;

access accesses the first user list associated with the first user of the first client device;

access accesses the second user list associated with the second user of the second client device, wherein the first user list and the second user list are maintained separately from one another;

analyze analyzes the accessed first user list to determine whether an identifier of the second user is included in the first user list;

analyze analyzes the accessed second user list to determine whether an identifier of the first user is included in the second user list; and

2. The method of claim 1 wherein regulating the communications pathway communications includes establishing a virtual private network.

3. The method of claim 1 wherein regulating the communications pathway communications includes establishing a peer-to-peer connection between the first client device and the second client device.

4. The method of claim 1 wherein the first user list and the second user list comprise lists of identities for whom online presence is monitored.

5. The method of claim 1 further comprising receiving, at the server, a request from a first communications program executing on the first client device to establish a communications pathway communication with a second communications program executing on the second client device, wherein:

analyzing, using by the server, the accessed first user list to determine whether the identifier of the second user is included in the first user list comprises analyzing, using the server, the accessed first user list to determine whether the identifier of the second user is included in the first user list in response to receiving the request;

analyzing, using by the server, the accessed second user list to determine whether the identifier of the first user is included in the second user list comprises analyzing, using the server, the accessed second user list to determine whether the identifier of the first user is included in the second user list in response to receiving the request; and

regulating the communications pathway communications between the first client device and the second client device comprises establishing the communications pathway one or more communication types or pathways between the first communications program and the second communications program.

6. The method of claim 1 further comprising receiving a message from a first communications application executing on the first client device directed to a second communications application executing on the second client device, wherein:

analyzing, using by the server, the accessed first user list to determine whether the identifier of the second user is included in the first user list comprises analyzing, using by the server, the accessed first user list to determine whether the identifier of the second user is included in the first user list in response to receiving the message;

analyzing, using by the server, the accessed second user list to determine whether the identifier of the first user is included in the second user list comprises analyzing, using by the server, the accessed second user list to determine whether the identifier of the first user is included in the second user list in response to receiving the message; and

7. The method of claim 1, wherein regulating, using by the server, a communications pathway communications between the first client device and the second client device, comprises automatically establishing a communications pathway one or more communication types or pathways between the first client device and the second client device.

8. The method of claim 1, wherein regulating, using by the server, a communications pathway communications between the first client device and the second client device, comprises sending a shared secret to the first client device and the second device, which enables the first client device and the second client device to authenticate themselves.

10. The system of claim 9 wherein, to regulate the communications pathway communications between the first client device and the second client device, the server is configured to establish establishes a virtual private network.

11. The system of claim 9 wherein, to regulate the communications pathway communications between the first client device and the second client device, the server is configured to establish establishes a peer-to-peer connection between the first client device and the second client device.

12. The system of claim 9 wherein the first user list and the second user list comprise lists of identities for whom online presence is monitored.

13. The system of claim 9 wherein:

the server is configured to receive receives a request from a first communications program executing on the first client device to establish a communications pathway communications with a second communications program executing on the second client device;

to analyze the accessed first user list to determine whether the identifier of the second user is included in the first user list, the server is configured to analyze analyzes the accessed first user list to determine whether the identifier of the second user is included in the first user list in response to receiving the request;

to analyze the accessed second user list to determine whether the identifier of the first user is included in the second user list the server is configured to analyze analyzes the accessed second user list to determine whether the identifier of the first user is included in the second user list in response to receiving the request; and

to regulate the communications pathway communications between the first client device and the second client device, the server is configured to establish the communications pathway establishes one or more communication types or pathways between the first communications program and the second communications program.

14. The system of claim 9 wherein:

the server is configured to receive receives a message from a first communications application executing on the first client device directed to a second communications application executing on the second client device;

to analyze the accessed second user list to determine whether the identifier of the first user is included in the second user list, the server is configured to analyze analyzes the accessed second user list to determine whether the identifier of the first user is included in the second user list in response to receiving the message; and

15. The system of claim 9, wherein the server is further configured to automatically establish a communications pathway establishes one or more communications types or pathways between the first client device and the second client device.

16. The system of claim 9, wherein the server is further configured to send sends a shared secret to the first client device and the second device, which enables the first client device and the second client device to authenticate themselves.

18. The system of claim 17 wherein, to regulate the communications pathway communications between the first client device and the second client device, the host is configured to establish server establishes a virtual private network.

19. The system of claim 17 wherein, to regulate the communications pathway communications between the first client device and the second client device, the host is configured to establish server establishes a peer-to-peer connection between the first client device and the second client device.

20. The system of claim 17 wherein the first user list and the second user list comprise lists of identities for whom online presence is monitored.

21. The system of claim 17 wherein:

the communication from the first client device is a request received from a first communications program executing on the first client device to establish a communications pathway communications with a second communications program executing on the second client device;

to analyze the accessed first user list to determine whether the identifier of the second user is included in the first user list, the host is configured to analyze server analyzes the accessed first user list to determine whether the identifier of the second user is included in the first user list in response to receiving the request;

to analyze the accessed second user list to determine whether the identifier of the first user is included in the second user list, the host is configured to analyze server analyzes the accessed second user list to determine whether the identifier of the first user is included in the second user list in response to receiving the request; and

to regulate the communications pathway communications between the first client device and the second client device, the host is configured to establish the communications pathway server establishes one or more communication types or pathways between the first communications program and the second communications program.

22. The system of claim 17 wherein:

the communication from the first client device is a message from a first communications application executing on the first client device directed to a second communications application executing on the second client device;

to analyze the accessed second user list to determine whether the identifier of the first user is included in the second user list the host is configured to analyze server analyzes the accessed second user list to determine whether the identifier of the first user is included in the second user list in response to receiving the message; and

23. The system of claim 17, wherein the host is further configured to server automatically establish a communications pathway establishes one or more communications types or pathways between the first client device and the second client device.

24. The system of claim 17, wherein the host is further configured to send server sends a shared secret to the first client device and the second device, which enables the first client device and the second client device to authenticate themselves.

0. 25. The method of claim 1, wherein regulating communications between the first client device and the second client device comprises establishing one or more communication pathways.

0. 26. The method of claim 25, wherein establishing one or more communication pathways comprises simultaneously establishing a first communications type or pathway and a second communications type or pathway between the first client device and the second client device based on the determination of whether the identifier of the first user is included on the second user list and the determination of whether the identifier of the second user is included on the first user list.

0. 27. The method of claim 1, wherein regulating communications between the first client device and the second client device comprises allowing the first client and the second client to view whether or not other users are online, exchange instant messages, participate in group chat rooms, trade files, find other users with similar interests, get customized news and stock quotes, or search the World Wide Web.

0. 28. The system of claim 9, wherein regulating communications between the first client device and the second client device comprises establishing one or more communication pathways.

0. 29. The system of claim 28, wherein establishing one or more communication pathways comprises simultaneously establishing a first communications type or pathway and a second communications type or pathway between the first client device and the second client device based on the determination of whether the identifier of the first user is included on the second user list and the determination of whether the identifier of the second user is included on the first user list.

0. 30. The system of claim 9, wherein regulating communications between the first client device and the second client device comprises allowing the first client and the second client to view whether or not other users are online, exchange instant messages, participate in group chat rooms, trade files, find other users with similar interests, get customized news and stock quotes, or search the World Wide Web.

0. 31. The system of claim 17, wherein regulating communications between the first client device and the second client device comprises establishing one or more communication pathways.

0. 32. The system of claim 31, wherein establishing one or more communication pathways comprises simultaneously establishing a first communications type or pathway and a second communications type or pathway between the first client device and the second client device based on the determination of whether the identifier of the first user is included on the second user list and the determination of whether the identifier of the second user is included on the first user list.

0. 33. The system of claim 17, wherein regulating communications between the first client device and the second client device comprises allowing the first client and the second client to view whether or not other users are online, exchange instant messages, participate in group chat rooms, trade files, find other users with similar interests, get customized news and stock quotes, or search the World Wide Web.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application is a continuation application of and claims priority to U.S. application Ser. No. 11/782,461, now U.S. Pat. No. 7,490,238, filed Jul. 24, 2007, which is a continuation of U.S. application Ser. No. 10/334,142, now U.S. Pat. No. 7,263,614, filed on Dec. 31, 2002, the entire contents all of which are hereby incorporated by reference.

TECHNICAL FIELD

The following description relates to network communications.

BACKGROUND

With the rapid proliferation and affordability of computers, the Internet has become the communications medium of choice for many users. Although the Internet is a public medium, techniques have been developed for using the Internet to enable private communications between networks. One such private communications technique is used to enable instant messaging.

Instant messaging allows users to rapidly communicate with other users of a communications network. Generally, client messaging software runs on a client A device 102 and provides a communications interface for entry of a message. The intended message recipient may be entered manually or may be selected from a user list, such as a Buddy List™ from America Online, Inc. Instant messaging may be used to communicate text messages, images, and sounds or voice.

SUMMARY

In one general aspect, messaging applications, systems, and methods may be used to automatically configure a communications pathway based on an implicit trust between users. Each user of a communications application may have a user list that identifies other users to which a message may be sent. If two users of the communications application each include the other user on their user lists, an implicit trust may be inferred between the users. For example, if user A includes user B in her user list and user B includes user A in his. user list, then it may be inferred or determined that each user knows and/or implicitly trusts the other user. As a result, a connection or communications pathway may be automatically created and/or configured between the client devices of the users to facilitate communications between the users based on the implicit trust.

The communications application may be an instant messaging application. The communications pathway may be implemented as a virtual private network.

In another general aspect, a communications pathway between a first client A device 102 associated with the first user and a second client A device 102 associated with the second user may be established upon determining that the first user is included on a user list associated with a communications application of the second user and that the second user is included on the user list associated with a communications application of the first user. The communications pathway may be a virtual private network.

To establish the communications pathway, an Internet protocol address of the first user may be provided to the second client device, and an Internet protocol address of the second user may be provided to the first client device. A shared secret also may be provided to the first and second client devices. The first client device may contact the Internet protocol address of the second client A device 102 and present the shared secret. The second client device may validate the identity of the first client B device 104 based on the presented shared secret.

In another general aspect, upon determining that an Internet protocol address (e.g., a global Internet protocol address of a firewall associated with the first client device) of a communication received from a first client device is different from the Internet protocol address (e.g., a local source Internet protocol address) of the first client device, a determination may be made that a direct communications pathway between the first client A device 102 and the second client device may not be established. In this case, to establish the communications pathway a hole may be opened in the firewall associated with the first client device for an Internet protocol address associated with the second client device.

To open the hole, a request for a proxy forward may be sent to the firewall. The firewall selects a target Internet protocol address and a port number. The target Internet protocol address is provided to a host (e.g., an instant messaging host) associated with the communications application. The host sends the target Internet protocol address to the second client device. The second client device responds to the host with an Internet protocol address associated with the second client device. The host provides the Internet protocol address associated with the second client device to the firewall associated with the first client device to enable the proxy forward for the Internet protocol address associated with the second client device.

The Internet protocol address associated with the second client device may be the Internet protocol address of a firewall associated with the second client device.

Other features will be apparent from the description, the drawings, and the claims.

DESCRIPTION OF DRAWINGS

FIGS. 1-4 and 7 are block diagrams of an exemplary communications system including communications pathways.

FIGS. 5 and 6 are flow charts of an exemplary process used to establish implicit communications.

Like reference symbols in the various drawings indicate like elements.

DETAILED DESCRIPTION

Some communications techniques include the use of a contact list or user list. Communications applications employing these techniques facilitate communications by allowing a user to select an intended recipient of a message from the user list. Although such applications provide a useful interface for transmitting messages, the user lists also may be helpful to facilitate other types of communications. For example, if two users include each other on their user lists, an implicit trust between the users may be inferred. Based on the implicit trust, a communications pathway may be established between the users to facilitate communications, as described in detail below.

Referring to FIG. 1, a communications system 100 includes a client A device 102 and a client B device 104 that are associated with users A and B. Client device 102 and 104 include communication applications 115 and 116 (e.g., IM applications). When client A device 102 connects to the external network 110, the communications application 115 may connect with the host network 120 connected to the external network 110 (e.g., by logging-on to the host network 120) using communications link 112. The client A device 102 also may connect to an IM host 125 that is part of the host network 120. Similarly, when client B device 104 connects to the external network 110, the communications application 116 may connect with the host network 120 and the IM host 125 using communications link 113. Once a client device 102 or 104 has connected to the IM host 120, the communications applications 115 and 116 may send and receive messages.

If user A sends a message to user B, the IM host 125 may determine that the user list of user B or a particular portion of the user list (e.g., a group, such as buddies, family, or garners) includes user A, and that the user list (or particular portion of the user list) of user A includes user B. Based on this determination, the IM host 125 may infer that there is an implicit trust between user A and user B or that user A and user B have granted access of their client devices to each other. The IM host 125 automatically creates a communications pathway between the client devices 102 and 104 by sending a message to each of client devices 102 and 104. Each message includes the IP address and port of the other client A device 102 and a shared secret.

Each client device may contact the other client device using the specified IP address and port. In addition, each client device may present the shared secret to the other client device to validate. The client devices 102 and 104 then enter negotiations to establish the details (e.g., a communications protocol and encryption) of the communications pathway 130.

The external network 110 may be implemented using one or more local area networks (LANs), wide area networks (WANs), global networks, or any combination of these networks (e.g., the World Wide Web or the Internet). These networks may include any number of components and/or devices (e.g., hubs, routers, switches, servers, repeaters, storage devices, communications interfaces, and various communications media) and various other supporting components (e.g., software, operators/administrators/technicians, and other infrastructure).

The client devices 102 and 104 may be operated by one or more users to access the external network 110 and any associated devices and/or components. An example of a client device is a general-purpose computer capable of responding to and executing instructions in a defined manner. Client devices also may include a special-purpose computer, a personal computer (“PC”), a workstation, a server, a laptop, a Web-enabled phone, a Web-enabled personal digital assistant (“PDA”), an interactive television set, a set top box, an on-board (i.e., vehicle-mounted) computer, or a combination of one or more these devices capable of responding to and executing instructions. The client device may include any number of other devices, components, and/or peripherals, such as memory/storage devices, input devices, output devices, user interfaces, and/or communications interfaces.

The client A device 102 also may include one or more software applications (e.g., an operating system, a browser application, a microbrowser application, a server application, a proxy application, a gateway application, a tunneling application, an e-mail application, an IM client application, an online service provider client application, and/or an interactive television client application) loaded on the client device to command and direct the client device. Applications include a computer program, a piece of code, an instruction, or some combination thereof, for independently or collectively instructing the client device to interact and operate as desired.

The applications may be embodied permanently or temporarily in any type of machine, device, component, physical or virtual equipment, storage medium, or propagated signal capable of providing instructions to the client device. In particular, the applications may be stored on a storage media or device (e.g., read only memory (ROM), a random access memory (RAM), a volatile/non-volatile memory, a magnetic disk, or a propagated signal or wave) readable by the client device, such that if the storage medium or device is read by the client device, the steps or instructions specified are performed.

Each of the client devices 102 and 104 also includes one or more a corresponding communications interface 117 or 118 that allow the client device to send information to and receive information from the corresponding communications links 112 or 113.

The communications links 112 and 113 may be configured to send and receive signals (e.g., electrical, electromagnetic, or optical) that convey or carry data streams representing various types of analog and/or digital content. For example, the communications links 112 and 113 may be implemented using various communications media and one or more networks comprising one or more network devices (e.g., servers, routers, switches, hubs, repeaters, and storage devices). The one or more networks may include WANs, LANs, a plain old telephone service (POTS) network, a digital subscriber line (DSL) network, an integrated services digital network (ISDN), and a synchronous optical network (SONNET), or a combination of one or more of these networks. In addition, the communications links 112 and 113 may include one or more wireless links that transmit and receive electromagnetic signals, such as, for example, radio, infrared, and microwave signals, to convey information.

Communications applications, such as communications applications 115 and 116, loaded and/or running on a client device may command and direct communications by the client device. The communications applications may work in conjunction with or enable the corresponding communications interface 117 or 118 to exchange data with other devices, networks, and communications media. Examples of communications applications include a browser application, a microbrowser application, a server application, a proxy application, a gateway application, a tunneling application, an e-mail application, an instant messaging (IM) application, an interactive television application, and/or an Internet service provider (ISP) application.

As described above, one example of a communications application is the IM application. The IM application may provide an IM user interface that allows a user to send and receive messages. The IM user interface may include an IM message display area including one or more windows/frames to enter and present messages. The IM user interface also may include icons, menus, and/or other inputs to control the interface, configure interface settings, and activate features of the interface.

One feature of an IM application is a list of users or contacts, such as, for example, the Buddy List for AOL's Instant Messenger. The user list may be populated with identifiers (e.g., screen names) of one or more users. The user identifiers that populate the user list may be divided into one or more categories of users (e.g., friends, family, coworkers, buddies, and garners).

The user list also provides an indication of whether a user associated with an identifier is currently able to receive messages (e.g., is currently connected to the external network 110 and able to engage in a one-to-one and/or peer-to-peer communication with another client device). A user may send a message to another user by manually entering a user identifier or selecting a user identifier from the list.

When the IM application is activated and the client device is connected to the external network 110, the IM application causes the client device to contact the host network 120, which is connected to the external network 110. The host network 120 may include one or more login servers (not shown) to enable communications with and to authorize access by a client A device 102 and other networks to various elements of the host network 120 and/or the IM host 125. The IM host 125 may include one or more IM servers and storage devices that manage and enable IM communications provided by the host network 120.

To access the IM host 125 and begin an IM session, the client device 102 or 104 establishes a connection to the login server. The login server determines whether a particular user is authorized to access the IM host 125 by verifying a user identifier and/or a password. If the user is authorized to access the IM host 125, the login server identifies a particular IM server (not shown) for use during the user's session. The client device establishes a connection to the IM host 125 and the designated server through the corresponding communications link 112 or 113.

Once a connection to the IM server has been established, the client device may directly or indirectly transmit data to and access content from the IM server. By accessing the IM server, a user may use the IM application to view whether or not particular users are online, exchange instant messages with users, participate in group chat rooms, trade files, such as pictures, invitations, or documents, find other users with similar interests, get customized news and stock quotes, and search the World Wide Web.

The IM host 125 also may include a user profile server (not shown) connected to a database that may store user profile data. The user profile server may be used to enter, retrieve, edit, manipulate, or otherwise process user profile data. In one implementation, a user's profile data includes, for example, a user list, identified interests, a geographic location, an Internet protocol address associated with the client device, a general account, and demographic information. The user may enter, edit and/or delete profile data using an installed IM application on the client device.

Because the user data profile may be accessed by the IM host 125, the user does not have to reenter or update such information in the event that the user accesses the IM host 125 using a new or different client device. Accordingly, when a user accesses the IM host 125, the IM server can instruct the user profile server to retrieve the user's profile data from the database and to provide, for example, the user list to the IM server. The user profile server also may communicate with other servers in the host network 120 to share user profile data. The user profile data also may be saved locally on a client device. In this implementation, the client device may provide the user profile or user profile data to the host network 120 at specified times or when requested. In another implementation, the user profile may be stored locally at the client A device 102 and at the host network 120 and may be periodically synchronized (e.g., at login).

One communications pathway 130 that may be established between the client devices is a virtual private network (VPN). A VPN, also known as an encrypted tunnel, allows two physically separated networks or client devices to be connected over a WAN, such as the Internet, without exposing transmitted data to viewing by unauthorized parties. VPNs require at least two cooperating devices. The communication path between these devices may be viewed as a secure tunnel through the insecure external network 110. Wrapped around the tunnel is a series of functions, which may include authentication, access control, and data encryption, that protect the transmitted data from being viewed or used by others. The VPN may be established by the IM application or other communication application working in conjunction with the communications interface 117 or 118 and/or other devices (e.g., a firewall).

In one implementation, a communications pathway 130 maybe established as follows. When a first user sends an instant message to second user, the IM host 125 receives the message, and, if the second user is connected to the host network 120, sends the message to the second user. In addition, the IM host may determine whether each user is listed in the user list of the other user (e.g., by contacting the profile server or by querying the client devices). If each user is listed in the user list of the other user, the IM host 125 may determine that permission has been granted implicitly by each user to give the other user access to their client device.

The IM host 125 may then send a message to each client device including the IP address and port of the other client A device 102 and a shared secret. The shared secret may include information (e.g., an identification, a key, or a certificate) that enables a client device to prove and/or authenticate the identity of a user. In another implementation, the shared secret may be provided to each client B device 104y a third party host (e.g., an Internet certificate site, such as Verisign) that facilitates communications.

Using the information in the message from the IM host 125, each client device may attempt to establish a communications pathway 130. For example, each device may contact the other client A device 102 the IP address and port specified in the message. After establishing contact with the other client device, the shared secret is presented to prove the identity of the contacting client device. Once the shared secret is verified by the other client device, the client devices may enter negotiations to establish the details of the communications pathway 130 (e.g., a communications protocol and encryption). If two communications pathways are established, one may be dropped during the negotiations.

Once the communications pathway 130 is established, the client devices may exchange data using the communications pathway 130. Both client devices are provided with, in effect, a virtual network communication card that is able to exchange information directly with the other client device. This process is transparent to the users of the client devices.

In another implementation, a client device may send a request to the IM host 125 to establish a connection with another client device. In this case, the IM host 125 responds to the request by determining whether the implicit access has been granted between the requesting client A device 102 and the target client device. If so, the requesting client device is provided with the IP address and port of the target device and a shared secret. The target device also is provided with the shared secret. Establishing of the communications pathway 130 may then proceed as described above.

Either or both client devices may attempt to establish a communications pathway 130. If both client devices attempt to establish the communications pathway 130, only one of the attempts needs to be successful. However, if more than one communications pathway 130 is established, one of the two pathways may be dropped as part of the negotiations. Once the communications pathway 130 is established, client devices 102 and 104 may exchange data using the pathway 130.

As shown in FIG. 2, a communications system 200 includes client A device 102 connected to an intranet 240 or other system configuration that includes a firewall 250 (or other device, such as a server performing filtering or network address translation). The firewall 250 may enforce an access control policy between the intranet 240 and the external network 110, and provides at least two basic mechanisms: one to block traffic and the other to permit traffic. The firewall 250 maybe implemented by one or more applications running on the client device (e.g., a personal firewall) or one or more separate devices, such as, for example, a router. The firewall 250 may provide one or more functions, such as packet filtering, network address translation (NAT), and proxy services. In addition, the firewall may provide encrypted authentication and virtual private networking, in addition to other features (e.g., content filtering and virus scanning).

If either client device 102 or 104 sends a message to the IM host 125, the IM host 125 determines whether the user associated with each client device is included in the user list of the other user. If each user is included in the list of the other user, the IM host 125 may provide the IP address/port of each client A device 102 and a shared secret to the other device. Each client device 102 and 104 may attempt to establish contact with the other client device.

However, as shown in FIG. 2, client B device 104 is not able to establish contact with client A device 102 because the IP address provided by the IM host 125 does not result in a connection. For example, if the IM host 125 provides the IP address and port number of client A device 102, an error is generated because the IP address is a local IP address of the intranet 240 (and not understood by devices outside of the intranet 240. If the IP address/port of the firewall 250 is provided, the firewall 250 blocks any connection attempted by client B device 104 because the firewall 250 expects a message from the IP address of the IM host 125 (which is different than that of client B device 104).

Notwithstanding the difficulties that may be encountered establishing a connection due to the firewall associated with client A device 102, the communications pathway 130 from client A device 102 to client B device 104 may established. For instance, client A device 102 may contact client B device 104 at the specified IP address/port and present the shared secret to client B device 104 to prove the identity of client A device 102, which client B device 104 verifies. Then, the client devices 102 and 104 may enter negotiations to establish the details of the communications pathway 130.

In another implementation of the communications system 200, when an instant message is sent to either client device, the IM host 125 may determine that the IP address and port associated with client A device 102 does not match the actual IP address being used to establish communications (e.g., because firewall 250 substitutes the local IP address with a global IP address of the firewall 250). From this information, the IM host 125 may be configured to deduce that the client A device 102 is behind a firewall (or similar device). Through a similar process, the IM host 125 may determine that the client B device 104 is not behind a firewall. In this case, if an attempt is made to establish a communications pathway 130 by either client device, the IM host 125 may send a message to the client A device 102 that provides the IP address and port of the client B device 104 and a shared secret, and also may send the shared secret to client B device 104 to facilitate communications. Client A device 102 then proceeds to contact client B device 104 and establish a communications pathway 130 as described above.

As shown in FIG. 3, a communications system 300 includes client devices 102 and 104 that are both connected to respective intranets 330 and 340, or otherwise behind firewalls (or other NAT devices). Client A device 102 connects to firewall 350 to access the external network 110 using communications link 112. Similarly, client B device 104 connects to firewall 360 to access the external network 110. Although firewalls 350 and 360 are shown as separate elements of the intranets 330 and 340, the firewalls also maybe implemented by client devices 102 and 104.

If a message is sent by user A to user B, the IM host 125 may determine that user A is listed on the user list of user B (or a group of the list of user B), and that user B is listed on the user list of user A (or a group of the list user A). Based on this determination, the IM host 125 may infer that user A and user B have implicitly granted access to each other. If the IM host 125 attempts to give the local IP address or the global IP address of the associated firewall of either client A device 102 or 104 to the other, a communications pathway 130 may not result for the reasons explained above with regard to FIG. 2. However, this implementation may provide a connection as follows.

First, the IM host 125 may determine that a direct connection cannot be made by the client devices. For example, the IM host 125 may determine that the global IP addresses used to establish communications with the IM host 125 do not match the local IP addresses purported to be used by the IM applications of the client devices. The IM host 125 also may determine that direct connection may not be made as a default because all other attempts to establish a communications pathway fail. In either case, the IM host 125 may inform one client device (e.g., client A device 102) that a direct connection may not be established, whether or not it is physically impossible to achieve such a connection.

In this instance, the communications application 115 of client A device 102 may contact the firewall 350 and request that the firewall 350 open a hole. For example, the communications application 115 may request that the firewall 350 create a proxy forward to pass traffic from client B device 104 to client A device 102. The firewall 350 randomly selects a port number and replies to the communication application 115 of client A device 102 with the selected port number and the public IP address of the firewall 350. The selected IP address/port data effectively designate a hole in firewall 350 that may be opened to allow direct communications with client A device 102.

The communications application 115 may provide the selected IP address/port data to the IM host 125. The IM host 125 sends the selected IP address/port data to the communications application 116 of client B device 104 along with a shared secret. The IM host 125 also provides the IP address of firewall 360 to the communications application 115 of client A device 102 along with the shared secret. The communications application 115 passes the IP address of firewall 360 to firewall 350. Firewall 350 opens the hole only for firewall 360 using the IP address of firewall 360.

The communications application 116 of client B device 104 connects to the specified IP address and port of firewall 350 (through firewall 360). As a result, the traffic from the communications application 116 arriving at the firewall 350 appears to originate from firewall 360, and the traffic is proxied forward to the communications application 115 of client A device 102. The communications application 115 may verify the identity of client B device 104 using the shared secret. Communications applications 115 and 116 may negotiate the details of the communications pathway 130 (e.g., a VPN) and establish the communications pathway 130.

FIG. 4 shows a communications system 400 that includes an intranet 410 in which both client A device 102 and client B device 104 are located behind a firewall 450. However, even though the client devices 102 and 104 are behind the firewall 450, the local IP address and port of each client device allow direct communications between the client devices to be established because the local IP address information is recognized by devices within the intranet 410. In this case, a communications pathway 460 may be directly established by the client devices using the infrastructure of the intranet 410 in a manner as described with regard to FIG. 1 above.

The IM user interface may include a feature or setting to allow a user to block one or more users, a group of users, or all users on the user list from establishing a communications pathway. In addition, the IM user interface may include a setting to disable or prohibit the IM application from establishing any communications pathway regardless of whether each of two users includes the other user on their user lists. The IM user interface also may be configured to allow the communication pathway to be established for a specified group of users on the list (e.g., a user category, such as buddies, family, coworkers, and/or gamers).

FIG. 5 shows an exemplary process 500 to establish a communications pathway (e.g., a VPN). Initially, a user A starts an IM session (510). A determination is made as to whether user A is included in the list of user B (515). If not, a VPN is not established (517).

If user A is in the list of user B, a determination is made as to whether user B is in the list of user A (520). If not, a VPN is not established (517).

Optionally, a determination may be made whether automatic VPN connections are enabled (525). If not, a VPN is not established (517).

If user B is in the list of user A and the automatic VPN connections are enabled, then an attempt to establish a VPN (530) is made as described below with respect to FIG. 6. If the VPN is established (540), the VPN is maintained until the IM session is over, either client device requests that the VPN be closed, or either client device disconnects from the external network (550). Once the IM session is finished, the VPN is closed (560).

FIG. 6 shows an exemplary a process 600 for setting up or establishing a communications pathway, such as a VPN. First, the IM host provides information about each client device (e.g., the client's IP address, port, and a shared secret that may be used to authenticate user/client identity) to the client devices (610). After receiving the information, each client may attempt to establish a VPN using the information (615), for example, by contacting the IP address/port provided and offering the shared secret for validation/authentication. If either client device is able to contact the other client device using the information, the VPN may be established as negotiated between the client devices.

Upon determining that a VPN was established (620), a determination is made as to whether more than one VPN was established (e.g., both clients were able to contact each other with the information provided and therefore established two VPNs) (630). If more than one VPN was established between the clients, one of the two VPNs is dropped during the negotiations (635).

Upon determining that a VPN was not established (620), one of the client devices (e.g., client A device 102) may contact its firewall to request a proxy forward be created for the other client device (e.g., client B device 104) (640). The client A device 102 receives a target public IP address and random port number selected by its associated firewall. Client device A sends the target IP/Port information to a host (645). The host returns the public IP address of the firewall of client B device 104 (650). Client device A provides the IP address to its firewall, which opens a hole in the firewall for the firewall of client B (655). The host sends the target IP/port information to the firewall of client B (660). The firewall of client B contacts firewall of client A to establish a VPN (665). If a VPN is not established (670), an error message is generated (675) (e.g., automatic VPN could not be configured).

As shown in FIG. 7, a communications system 700 includes client devices 102 and 104 connected to an external network 110. In addition, peripheral devices 750 and 760 (e.g., a gaming device, such as an X-Box™ or Playstation™) are connected to each client device 110. The peripheral devices 750 and 760 may employ an exploring application to determine whether they are connected to any other peripheral devices. If another gaming device is detected, the gaming devices 750 and 760 may establish a connection using a data exchange protocol.

In the implementation shown in FIG. 7, the local communications applications 115 and 116 on the client devices 102 and 104 may be programmed to mimic the data exchange protocol of the peripheral devices (e.g., to appear as peripheral devices). Client devices 102 and 104 (using the communications application on each client device) may automatically establish a communications pathway (e.g., VPN) as described above. As a result, the peripheral devices 750 and 760 may exchange data (e.g., game data that is used to play a multiplayer/device game) with the communications applications as if the communications application were another peripheral device. The communications application 115 may pass the data to the other communications application 116 using the communications pathway 130. The other communications application 116 passes the data to its connected peripheral device 760. As a result, an automatic (or configurable) communications link may be established between the peripheral devices (e.g., to play a game). To the peripheral devices 750 and 760, it appears as if each device is communicating with another local peripheral device.

A number of exemplary implementations have been described. Nevertheless, it is understood that various modifications may be made. For example, suitable results may be achieved if the steps of the disclosed techniques are performed in a different order and/or if components in a disclosed architecture, device, or circuit are combined in a different manner and/or replaced or supplemented by other components. Accordingly, other implementations are within the scope of the following claims.

INVENTORS:

Roskind, James A.

THIS PATENT IS REFERENCED BY THESE PATENTS:

Patent	Priority	Assignee	Title
10341289,	Mar 05 2004	Meta Platforms, Inc	Systems and methods of calculating communications strengths
9176838,	Oct 19 2012	Intel Corporation	Encrypted data inspection in a network environment
9185067,	Nov 18 1918	Meta Platforms, Inc	System and method for analyzing communications
9405843,	Dec 01 1999	Meta Platforms, Inc	System and method for analyzing communications
9462046,	Apr 02 2003	Meta Platforms, Inc	Degrees of separation for handling communications
9514233,	Dec 01 1999	Meta Platforms, Inc	System and method for analyzing communications
9516125,	Mar 26 2003	Meta Platforms, Inc	Identifying and using identities deemed to be known to a user
9531826,	Mar 26 2003	Meta Platforms, Inc	Managing electronic messages based on inference scores
9619575,	Dec 01 1999	Meta Platforms, Inc	System and method for analyzing communications
9705834,	Dec 01 1999	Meta Platforms, Inc	System and method for analyzing communications
9727631,	Sep 29 2005	Meta Platforms, Inc	Automatic categorization of entries in a contact list
9736255,	Mar 26 2003	Meta Platforms, Inc	Methods of providing access to messages based on degrees of separation
9749276,	Dec 01 1999	Meta Platforms, Inc	System and method for analyzing communications
9749279,	Nov 30 2000	Meta Platforms, Inc	System and method for analyzing communications
9813370,	Dec 01 1999	Meta Platforms, Inc	System and method for analyzing communications
9819629,	Dec 01 1999	Meta Platforms, Inc	System and method for analyzing communications
9893897,	Oct 19 2012	Intel Corporation	Encrypted data inspection in a network environment
RE48102,	Dec 31 2002	Meta Platforms, Inc	Implicit population of access control lists

THIS PATENT REFERENCES THESE PATENTS:

Patent	Priority	Assignee	Title
4837798,	Jun 02 1986	Avaya Technology Corp	Communication system having unified messaging
5086394,	May 12 1989		Introduction system for locating compatible persons
5276905,	Feb 08 1989	KONINKLIJKE PHILIPS N V	Mobile radio transmission system using preferred home service area
5327486,	Mar 22 1993	BRAZOS HOLDINGS LLC	Method and system for managing telecommunications such as telephone calls
5548637,	Sep 09 1993	REMOTE LOCATOR SYSTEMS, LLC	Method and apparatus for locating personnel and objects in response to telephone inquiries
5553110,	Nov 19 1993	Canon Kabushiki Kaisha	X-ray mask structure, process for production thereof, apparatus and method for X-ray exposure with the X-ray mask structure, and semiconductor device produced by the X-ray exposure method
5557659,	Jun 22 1993	AVAYA Inc	Electronic mail system having integrated voice messages
5583920,	May 25 1994	Verizon Patent and Licensing Inc	Intelligent peripheral in video dial tone network
5608786,	Dec 23 1994	PayPal, Inc	Unified messaging system and method
5610910,	Aug 17 1995	RPX CLEARINGHOUSE LLC	Access to telecommunications networks in multi-service environment
5650994,	May 16 1995	Verizon Patent and Licensing Inc	Operation support system for service creation and network provisioning for video dial tone networks
5694616,	Dec 30 1994	International Business Machines Corporation; IBM Corporation	Method and system for prioritization of email items by selectively associating priority attribute with at least one and fewer than all of the recipients
5721906,	Mar 24 1994	NCR Corporation	Multiple repositories of computer resources, transparent to user
5742905,	Sep 19 1994	ACCESS CO , LTD	Personal communications internetworking
5764916,	Sep 27 1996	NYTELL SOFTWARE LLC	Method and apparatus for real time communication over a computer network
5774670,	Oct 06 1995	Meta Platforms, Inc	Persistent client state in a hypertext transfer protocol based client-server system
5790800,	Oct 13 1995	Hewlett Packard Enterprise Development LP	Client application program mobilizer
5793365,	Jan 02 1996	Oracle America, Inc	System and method providing a computer user interface enabling access to distributed workgroup members
5802470,	Jan 11 1996	AT&T MOBILITY II, LLC	Automated wireless-call completion using a paging network
5835724,	Jul 03 1996	GOOGLE LLC	System and method for communication information using the internet that receives and maintains information concerning the client and generates and conveys the session data to the client
5848134,	Jan 31 1996	LINE CORPORATION	Method and apparatus for real-time information processing in a multi-media system
5850594,	Aug 26 1996	Google Technology Holdings LLC	Method and apparatus for efficiently transmitting addresses and messages from portable messaging units over a wireless communication channel
5859979,	Nov 24 1993	Intel Corporation	System for negotiating conferencing capabilities by selecting a subset of a non-unique set of conferencing capabilities to specify a unique set of conferencing capabilities
5867162,	Dec 06 1996	Oracle America, Inc	Methods, systems, and computer program products for controlling picklists
5870744,	Jun 30 1997	Intel Corporation	Virtual people networking
5872521,	Aug 30 1995	Google Technology Holdings LLC	Method and apparatus for marking messages in selective call receivers
5878219,	Mar 12 1996	Meta Platforms, Inc	System for integrating access to proprietary and internet resources
5893091,	Apr 11 1997	Immediata Corporation	Multicasting with key words
5893099,	Nov 10 1997	International Business Machines Corporation	System and method for processing electronic mail status rendezvous
5919247,	Jul 24 1996	BMC SOFTWARE, INC	Method for the distribution of code and data updates
5920692,	Mar 24 1997	International Business Machines Corp.	Method and system for a remote notification service for a multi-user server architecture
5940488,	Nov 15 1996	Cisco Technology, Inc	Telecommunication management system and user interface
5946617,	Jun 28 1996	Symbol Technologies, LLC	Cellular communication system with remote power source for providing power to access points
5948058,	Oct 30 1995	NEC Corporation	Method and apparatus for cataloging and displaying e-mail using a classification rule preparing means and providing cataloging a piece of e-mail into multiple categories or classification types based on e-mail object information
5951643,	Oct 06 1997	NCR Voyix Corporation	Mechanism for dependably organizing and managing information for web synchronization and tracking among multiple browsers
5951646,	Nov 25 1996	Meta Platforms, Inc	System and method for scheduling and processing image and sound data
5951652,	Oct 06 1997	NCR Voyix Corporation	Dependable data element synchronization mechanism
5954798,	Oct 06 1997	NCR Voyix Corporation	Mechanism for dependably managing web synchronization and tracking operations among multiple browsers
5956716,	Jun 07 1995	Intervu, Inc	System and method for delivery of video data over a computer network
5960173,	Dec 22 1995	Oracle America, Inc	System and method enabling awareness of others working on similar tasks in a computer work environment
5983369,	Jun 17 1996	Sony Corporation; Sony Electronics INC	Online simultaneous/altering-audio/video/voice data based service and support for computer systems
5987113,	Dec 23 1996	RPX CLEARINGHOUSE LLC	Long distance phone tag service
5987407,	Oct 28 1997	GOOGLE LLC	Soft-clipping postprocessor scaling decoded audio signal frame saturation regions to approximate original waveform shape and maintain continuity
5991791,	Mar 24 1994	NCR Corporation	Security aspects of computer resource repositories
5995023,	Sep 28 1993	Robert Bosch GmbH	Orientation and navigation device with satellite support
6002402,	Apr 09 1997	CDD TECHNOLOGIES, LLC	System and method for producing a drag-and-drop object from a popup menu item
6006179,	Oct 28 1997	GOOGLE LLC	Audio codec using adaptive sparse vector quantization with subband vector classification
6009413,	Nov 10 1994	Meta Platforms, Inc	System for real time shopping
6012051,	Feb 06 1997	Meta Platforms, Inc	Consumer profiling system with analytic decision processor
6014135,	Apr 04 1997	Meta Platforms, Inc	Collaboration centric document processing environment using an information centric visual user interface and information presentation method
6014638,	May 29 1996	Meta Platforms, Inc	System for customizing computer displays in accordance with user preferences
6026403,	Mar 24 1994	NCR Corporation	Computer system for management of resources
6026429,	Jun 07 1995	Microsoft Technology Licensing, LLC	Seamless integration of internet resources
6049533,	Oct 04 1995	Cisco Technology, Inc	Network communication system with information rerouting capabilities
6065047,	Jan 24 1996	Meta Platforms, Inc	System for providing subscriber with access to a content area customized for the combination of subscriber's responses to topic prompt, subtopic prompt, and action prompt
6070171,	May 15 1997	MICROMIND, INC A CORPORATION OF NEW YORK	Method and system for copy-tracking distributed software featuring tokens containing a key field and a usage field
6073138,	Jun 11 1998	TRADECO ASIA LTD	System, method, and computer program product for providing relational patterns between entities
6081830,	Oct 09 1997	Gateway, Inc	Automatic linking to program-specific computer chat rooms
6085223,	Oct 20 1995	ATT& GLOBAL INFORMATION SOLUTIONS COMPANY; AT&T Global Information Solutions Company	Method and apparatus for providing database information to non-requesting clients
6088435,	Dec 13 1994	AT&T Corp.	Interactive telephone networking service
6112181,	Nov 06 1997	INTERTRUST TECHNOLOGIES CORP	Systems and methods for matching, selecting, narrowcasting, and/or classifying based on rights management and/or other information
6134432,	Jun 17 1997	MESSAGE4U PTY LTD	System and process for allowing wireless messaging
6144991,	Feb 19 1998	HANGER SOLUTIONS, LLC	System and method for managing interactions between users in a browser-based telecommunications network
6151584,	Nov 20 1997	NCR Voyix Corporation	Computer architecture and method for validating and collecting and metadata and data about the internet and electronic commerce environments (data discoverer)
6161130,	Jun 23 1998	Microsoft Technology Licensing, LLC	Technique which utilizes a probabilistic classifier to detect "junk" e-mail by automatically updating a training and re-training the classifier based on the updated training set
6166730,	Dec 03 1997	COX COMMUNICATIONS, INC	System for interactively distributing information services
6175831,	Jan 17 1997	DEGREES OF CONNECTION LLC	Method and apparatus for constructing a networking database and system
6192395,	Dec 23 1998	TUMBLEWEED HOLDINGS LLC	System and method for visually identifying speaking participants in a multi-participant networked event
6195354,	Jul 16 1997	RPX CLEARINGHOUSE LLC	Route selection for path balancing in connection-oriented packet switching networks
6199103,	Jun 24 1997	TUMBLEWEED HOLDINGS LLC	Electronic mail determination method and system and storage medium
6212548,	Jul 30 1998	TUMBLEWEED HOLDINGS LLC	System and method for multiple asynchronous text chat conversations
6212550,	Jan 21 1997	Google Technology Holdings LLC	Method and system in a client-server for automatically converting messages from a first format to a second format compatible with a message retrieving device
6223213,	Jul 31 1998	Microsoft Technology Licensing, LLC	Browser-based email system with user interface for audio/video capture
6233577,	Feb 17 1998	UNWIRED PLANET IP MANAGER, LLC; Unwired Planet, LLC	Centralized certificate management system for two-way interactive communication devices in data networks
6247043,	Jun 11 1998	SAP SE	Apparatus, program products and methods utilizing intelligent contact management
6249740,	Jan 21 1998	Kabushikikaisha Equos Research	Communications navigation system, and navigation base apparatus and vehicle navigation apparatus both used in the navigation system
6260148,	Apr 05 1999	Microsoft Technology Licensing, LLC	Methods and systems for message forwarding and property notifications using electronic subscriptions
6269369,	Nov 02 1997	AMAZON COM HOLDINGS, INC	Networked personal contact manager
6301609,	Jul 07 1999	Alcatel Lucent	Assignable associate priorities for user-definable instant messaging buddy groups
6311211,	Apr 19 1996	JUNO ONLINE SERVICES, INC	Method and apparatus for delivering electronic advocacy messages
6314450,	Apr 30 1997	Sony Corporation	Method and apparatus for collecting data and storage medium for data collection program
6317776,	Dec 17 1998	International Business Machines Corporation	Method and apparatus for automatic chat room source selection based on filtered audio input amplitude of associated data streams
6324541,	Jun 11 1998	TRADECO ASIA LTD	System, method, and computer program product for providing relational patterns between entities
6330590,	Jan 05 1999	CYREN INC	Preventing delivery of unwanted bulk e-mail
6347332,	Dec 30 1999		System for network-based debates
6349327,	Dec 22 1995	Sun Microsystems, Inc.	System and method enabling awareness of others working on similar tasks in a computer work environment
6351698,	Jan 29 1999	Kabushikikaisha Equos Research	Interactive vehicle control system
6363392,	Oct 16 1998	Microsoft Technology Licensing, LLC	Method and system for providing a web-sharable personal database
6366962,	Dec 18 1998	Intel Corporation	Method and apparatus for a buddy list
6374246,	Aug 27 1997	Matsushita Electric Industrial Co., Ltd.	Message service system that provides flexible route control and user interface adaption
6374290,	Apr 01 1999	CA, INC	Self moderated virtual communities
6389127,	Aug 08 1997	Meta Platforms, Inc	Telephone status notification system
6389372,	Jun 29 1999	GOOGLE LLC	System and method for bootstrapping a collaborative filtering system
6393464,	Jun 10 1999	UNBOUND COMMUNICATIONS, INC	Method for controlling the delivery of electronic mail messages
6400381,	Jun 11 1999	International Business Machines Corporation	Web places
6405035,	Aug 24 2000	CLUSTER, LLC; Optis Wireless Technology, LLC	System and method for forwarding messages to a subscriber device
6405249,	Jan 23 1998	Sony Corporation	Information processing apparatus and method, information processing system and program providing medium
6415318,	Apr 04 1997	Microsoft Technology Licensing, LLC	Inter-enterprise messaging system using bridgehead servers
6421439,	Mar 24 1999	Microsoft Technology Licensing, LLC	System and method for user affiliation in a telephone network
6421675,	Mar 16 1998	S L I SYSTEMS, INC	Search engine
6421709,	Dec 22 1997	Comcast IP Holdings I, LLC	E-mail filter and method thereof
6425012,	Dec 28 1998	Koninklijke Philips Electronics N V	System creating chat network based on a time of each chat access request
6430344,	Feb 23 2001	FURUKAWA ELECTRIC NORTH AMERICA, INC	Communication cable having enhanced crush resistance
6430604,	Aug 03 1999	International Business Machines Corporation; IBM Corporation	Technique for enabling messaging systems to use alternative message delivery mechanisms
6446112,	Mar 18 1998	SONY INTERNATIONAL EUROPE GMBH	IRC name translation protocol
6449344,	Oct 06 1996	Microsoft Technology Licensing, LLC	Communication system
6449634,	Jan 29 1999	ZETA GLOBAL CORP	Method and system for remotely sensing the file formats processed by an E-mail client
6480885,	Sep 15 1998	TUMBLEWEED HOLDINGS LLC	Dynamically matching users for group communications based on a threshold degree of matching of sender and recipient predetermined acceptance criteria
6484196,	Mar 20 1998	Advanced Web Solutions	Internet messaging system and method for use in computer networks
6501834,	Nov 21 2001	AT&T Corp.	Message sender status monitor
6507866,	Jul 19 1999	RPX Corporation	E-mail usage pattern detection
6525747,	Aug 02 1999	Amazon Technologies, Inc	Method and system for conducting a discussion relating to an item
6529475,	Dec 16 1998	RPX CLEARINGHOUSE LLC	Monitor for the control of multimedia services in networks
6535586,	Dec 30 1998	AT&T Corp	System for the remote notification and retrieval of electronically stored messages
6539421,	Sep 24 1999	Meta Platforms, Inc	Messaging application user interface
6542750,	Jun 10 2000	GOOGLE LLC	Method and system for selectively connecting mobile users based on physical proximity
6549937,	Jul 21 1999	Microsoft Technology Licensing, LLC	System and method for multi-protocol communication in a computer network
6557027,	Aug 05 1999	International Business Machines Corporation	System and method for managing on-line discussion having multiple topics in a collaborative data processing environment
6559863,	Feb 11 2000	International Business Machines Corporation	System and methodology for video conferencing and internet chatting in a cocktail party style
6564248,	Jun 03 1997	Smith Micro Software	E-mail system with video e-mail player
6564261,	May 10 1999	Telefonaktiebolaget LM Ericsson	Distributed system to intelligently establish sessions between anonymous users over various networks
6571234,	May 11 1999	CXT SYSTEMS, INC	System and method for managing online message board
6574599,	Mar 31 1999	Microsoft Technology Licensing, LLC	Voice-recognition-based methods for establishing outbound communication through a unified messaging system including intelligent calendar interface
6580790,	Feb 09 2000	AT&T Corp.	Calling assistance system and method
6606647,	Jan 11 1999	CERBERUS BUSINESS FINANCE, LLC	Server and method for routing messages to achieve unified communications
6615241,	Jul 18 1998	Net Exchange, LLC	Correspondent-centric management email system uses message-correspondent relationship data table for automatically linking a single stored message with its correspondents
6636733,	Sep 19 1997	HELFERICH PATENT LICENSING LLC	Wireless messaging method
6640218,	Jun 02 2000	HUDSON BAY MASTER FUND LTD	Estimating the usefulness of an item in a collection of information
6640230,	Sep 27 2000	International Business Machines Corporation; IBM Corporation	Calendar-driven application technique for preparing responses to incoming events
6647383,	Sep 01 2000	Lucent Technologies Inc	System and method for providing interactive dialogue and iterative search functions to find information
6654683,	Sep 27 1999		Method and system for real-time navigation using mobile telephones
6677968,	Feb 24 1997	Meta Platforms, Inc	User definable on-line co-user lists
6677976,	Oct 16 2001	Sprint Communications Company, LP	Integration of video telephony with chat and instant messaging environments
6678719,	Dec 20 1999	COMCAST MO GROUP, INC	Virtual workplace intercommunication tool
6691162,	Sep 21 1999	Microsoft Technology Licensing, LLC	Monitoring users of a computer network
6697807,	Jun 15 2000	GENERATE, INC	Method of and system for comparing database records to determine connections between parties over a network
6701348,	Dec 22 2000	MYLIFE COM, INC	Method and system for automatically updating contact information within a contact database
6714791,	Feb 23 2001	Microsoft Technology Licensing, LLC	System, apparatus and method for location-based instant messaging
6714793,	Mar 06 2000	Meta Platforms, Inc	Method and system for instant messaging across cellular networks and a public data network
6714916,	Nov 02 1997	Amazon Technologies, Inc	Crossing paths notification service
6731308,	Mar 09 2000	Oracle America, Inc	Mechanism for reciprocal awareness of intent to initiate and end interaction among remote users
6732155,	Dec 01 2000	Microsoft Technology Licensing, LLC	Dynamic controlling of attribute-specific list for improved object organization
6738822,	Sep 30 1997	Canon Kabushiki Kaisha	Relay apparatus, system and method, and storage medium
6747970,	Apr 29 1999	ALCATEL USA MARKETING, INC	Methods and apparatus for providing communications services between connectionless and connection-oriented networks
6748421,	Dec 23 1998	Canon Kabushiki Kaisha	Method and system for conveying video messages
6750881,	Feb 24 1997	Meta Platforms, Inc	User definable on-line co-user lists
6757365,	Oct 16 2000	Microsoft Technology Licensing, LLC	Instant messaging via telephone interfaces
6757732,	Mar 16 2000	Genband US LLC; SILICON VALLEY BANK, AS ADMINISTRATIVE AGENT	Text-based communications over a data network
6772188,	Jul 14 2000	Meta Platforms, Inc	Method and apparatus for communicating with an entity automatically identified in an electronic communication
6781608,	Jun 30 2000	Meta Platforms, Inc	Gradual image display
6785554,	Sep 15 1999	Qualcomm Incorporated	Modified finger assignment algorithm for high data rate calls
6785681,	Jul 31 2001	Intel Corporation	Generating a list of people relevant to a task
6788769,	Oct 13 1999	MOBIVITY, INC	Internet directory system and method using telephone number based addressing
6795863,	Aug 10 1999	MIDCONTINENTAL GROUP CORPORATION	System, device and method for combining streaming video with e-mail
6799039,	Apr 17 2000	Apple Inc	Network resource sharing during handover of a mobile station between cellular wireless networks
6800031,	Apr 15 2002	Microsoft Technology Licensing, LLC	Method of conducting an interactive competition
6807574,	Oct 22 1999	Microsoft Technology Licensing, LLC	Method and apparatus for content personalization over a telephone interface
6816578,	Nov 27 2001	Microsoft Technology Licensing, LLC	Efficient instant messaging using a telephony interface
6832245,	Dec 01 1999	Meta Platforms, Inc	System and method for analyzing communications of user messages to rank users and contacts based on message content
6839737,	Jul 19 2000	GOOGLE LLC	Messaging system for indicating status of a sender of electronic mail and method and computer program product therefor
6857006,	Sep 16 1998	MITSUI & CO , LTD	Multimedia direct communication system linked with HTTP protocol
6879665,	Apr 27 1999	OATH INC	Method and apparatus for sending messages in a data processing system
6901559,	Jan 06 2000	Microsoft Technology Licensing, LLC	Method and apparatus for providing recent categories on a hand-held device
6904026,	Sep 19 1997	Comcast Cable Communications, LLC	Updating of internet access point settings in a mobile communication system
6907243,	Jun 09 1999	Cisco Technology, Inc; CISCO SYSTEMS, INC , A CORPORATION OF CALIFORNIA	Method and system for dynamic soft handoff resource allocation in a wireless network
6912563,	Dec 19 2000	LIVEPERSON, INC	Methods and systems for proactive on-line communications
6912564,	May 04 2000	Meta Platforms, Inc	System for instant messaging the sender and recipients of an e-mail message
6917965,	Sep 15 1998	Microsoft Technology Licensing, LLC	Facilitating annotation creation and notification via electronic mail
6920478,	May 11 2000	Chikka Pte Ltd	Method and system for tracking the online status of active users of an internet-based instant messaging system
6941345,	Dec 03 1999	Apple Inc	Real-time, text-based messaging between devices in plural communities
6968179,	Jul 27 2000	Microsoft Technology Licensing, LLC	Place specific buddy list services
6990513,	Jun 22 2000	Microsoft Technology Licensing, LLC	Distributed computing services platform
6993327,	Oct 29 2001	Google Technology Holdings LLC	Multicast distribution of presence information for an instant messaging system
6993564,	Dec 22 2000	AT&T Corp	Method of authorizing receipt of instant messages by a recipient user
6996520,	Nov 22 2002	Transclick, Inc.; TRANSCLICK, INC	Language translation system and method using specialized dictionaries
7035865,	Aug 28 2001	International Business Machines Corporation	Calendar-enhanced awareness for instant messaging systems and electronic status boards
7039639,	Mar 31 1999	International Business Machines Corporation	Optimization of system performance based on communication relationship
7039676,	Oct 31 2000	Microsoft Technology Licensing, LLC	Using video image analysis to automatically transmit gestures over a network in a chat or instant messaging session
7043530,	Feb 22 2000	AT&T Corp	System, method and apparatus for communicating via instant messaging
7058036,	Feb 25 2000	Sprint Spectrum L.P.	Method and system for wireless instant messaging
7058690,	May 11 2001	KABUSHIKI KAISHA SQUARE ENIX ALSO AS SQUARE ENIX CO , LTD	Method for registering user information to exchange message on network
7065186,	Nov 08 1999	RPX CLEARINGHOUSE LLC	Telephone based access to instant messaging
7082047,	Dec 03 2001	Intel Corporation	Ferroelectric memory input/output apparatus
7082407,	Apr 09 1999	Amazon Technologies, Inc	Purchase notification service for assisting users in selecting items from an electronic catalog
7085834,	Dec 22 2000	ORACLE, USA; Oracle International Corporation; Oracle Corporation	Determining a user's groups
7117254,	Jun 16 2003	Meta Platforms, Inc	Method of inducing content uploads in a social network
7120687,	May 31 2002	GOOGLE LLC	Monitoring digital images
7124123,	Jun 30 2003	GOOGLE LLC	Intelligent processing in the context of away and offline instant messages
7127232,	May 08 2003	Bell South Intellectual Property Corporation; Bellsouth Intellectual Property Corporation	Multiple access internet portal revenue sharing
7162202,	Jun 28 2002	Nokia Siemens Networks Oy	Creating user groups in mobile terminal communities
7171473,	Nov 17 1999	RPX Corporation	System using HTTP protocol for maintaining and updating on-line presence information of new user in user table and group table
7177880,	Dec 19 2002	GLOBALFOUNDRIES U S INC	Method of creating and displaying relationship chains between users of a computerized network
7181498,	Oct 31 2003	YAHOO ASSETS LLC	Community-based green list for antispam
7185059,	Sep 17 2002	Uber Technologies, Inc	Multi-system instant messaging (IM)
7188153,	Jun 16 2003	Meta Platforms, Inc	System and method for managing connections in an online social network
7190956,	May 15 2001	Google Technology Holdings LLC	Instant message proxy for circuit switched mobile environment
7200634,	May 10 2000	CHIKKA COM PTE LTD	Instant messaging account system
7202814,	Sep 26 2003	UNIFY, INC	System and method for presence-based area monitoring
7222156,	Jan 25 2001	Microsoft Technology Licensing, LLC	Integrating collaborative messaging into an electronic mail program
7233992,	Apr 26 1999	INTRALINKS, INC	Computerized method and system for managing the exchange and distribution of confidential documents
7263614,	Dec 31 2002	Meta Platforms, Inc	Implicit access for communications pathway
7269590,	Jan 29 2004	Slack Technologies, LLC; SLACK TECHNOLOGIES, INC	Method and system for customizing views of information associated with a social network user
7275215,	Jul 29 2002	Cerulean Studios, LLC	System and method for managing contacts in an instant messaging environment
7283805,	Nov 20 2000	AT&T MOBILITY II LLC	Methods and systems for providing application level presence information in wireless communication
7313760,	Dec 19 2002	Microsoft Technology Licensing, LLC	Contact picker
7316028,	Dec 21 2001	Hewlett Packard Enterprise Development LP	Method and system for transmitting information across a firewall
7436780,	Dec 17 2003	Time Warner, Inc	Method and apparatus for approximating location of node attached to a network
7437413,	Aug 06 1998	Fujitsu Limited	Text messaging system and method
7454470,	Dec 01 1999	Meta Platforms, Inc	System and method for analyzing communications
7490238,	Dec 31 2002	Meta Platforms, Inc	Implicit population of access control lists
7711106,	Jun 30 2003	Mavenir LTD	Telephone based method and system for adding contacts to a personal network address book
7716287,	Mar 05 2004	Meta Platforms, Inc	Organizing entries in participant lists based on communications strengths
7774711,	Sep 29 2005	Meta Platforms, Inc	Automatic categorization of entries in a contact list
7945674,	Apr 02 2003	Meta Platforms, Inc	Degrees of separation for handling communications
7949759,	Apr 02 2003	Meta Platforms, Inc	Degrees of separation for handling communications
7954146,	Dec 31 2002	Meta Platforms, Inc	Implicit population of access control lists
8060566,	Dec 01 2004	GOOGLE LLC	Automatically enabling the forwarding of instant messages
8185638,	Apr 02 2003	Meta Platforms, Inc	Degrees of separation for handling communications
8560706,	Apr 02 2003	Meta Platforms, Inc	Degrees of separation for handling communications
20010002469,
20010005861,
20010013050,
20010032246,
20010052019,
20020015061,
20020021307,
20020023132,
20020023134,
20020028595,
20020042816,
20020049717,
20020055975,
20020056123,
20020059201,
20020065856,
20020065894,
20020077080,
20020083136,
20020086732,
20020091667,
20020103801,
20020112181,
20020116463,
20020116641,
20020133292,
20020133369,
20020147777,
20020174010,
20020175953,
20020178161,
20020181703,
20020184089,
20020193942,
20020199095,
20030004855,
20030004872,
20030009385,
20030009523,
20030018726,
20030023875,
20030028524,
20030028595,
20030037112,
20030043201,
20030046198,
20030050916,
20030055831,
20030065721,
20030084103,
20030088554,
20030093483,
20030093580,
20030101226,
20030105822,
20030131061,
20030140103,
20030167324,
20030172349,
20030182394,
20030187813,
20030212804,
20030225847,
20030233416,
20030236835,
20040015548,
20040015553,
20040054729,
20040054736,
20040056901,
20040117443,
20040122681,
20040122810,
20040122855,
20040128322,
20040128356,
20040179039,
20040186738,
20040201624,
20040210844,
20040215648,
20040215721,
20040215793,
20040221309,
20040260762,
20050004989,
20050015432,
20050021750,
20050027382,
20050038688,
20050038856,
20050043989,
20050044152,
20050050143,
20050055416,
20050055450,
20050060377,
20050076240,
20050076241,
20050080859,
20050080863,
20050086211,
20050091311,
20050102202,
20050102257,
20050114229,
20050153681,
20050154913,
20050171799,
20050177486,
20050197846,
20050198131,
20050198172,
20050198173,
20050198268,
20050216300,
20050246420,
20060031366,
20060031772,
20060075044,
20060129678,
20060167991,
20060168054,
20060173824,
20060173963,
20060182248,
20060190536,
20060212561,
20060248573,
20060277187,
20070156664,
20070250566,
20070271607,
20080082620,
20080115087,
20080186164,
20080228598,
20080255989,
20090043844,
20090070306,
20090089316,
20100205546,
20100325113,
20120005078,
20130073556,
20130080529,
20140108571,
EP862304,
EP1176840,
GB2319137,
GB2357932,
GB2368747,
JP2000259514,
JP2000284999,
JP2000499001,
JP2001084320,
JP2008314826,
WO16201,
WO24154,
WO60809,
WO79396,
WO106748,
WO122258,
WO124036,
WO143357,
WO167787,
WO172020,
WO180079,
WO203216,
WO2062039,
WO2073886,
WO209437,
WO235781,
WO200428178,
WO2005086723,
WO2005089286,
WO2006068955,
WO9710558,
WO9714234,
WO9746955,
WO9816045,
WO9847270,
WO9908434,
WO9934628,
WO9948011,

ASSIGNMENT RECORDS Assignment records on the USPTO

/////

Executed on	Assignor	Assignee	Conveyance	Frame	Reel	Doc
Jun 04 2003	ROSKIND, JAMES A	AMERICA ONLINE, INC	ASSIGNMENT OF ASSIGNORS INTEREST SEE DOCUMENT FOR DETAILS	033966	0795	pdf
Apr 03 2006	AMERICA ONLINE, INC	AOL LLC	CHANGE OF NAME SEE DOCUMENT FOR DETAILS	034012	0718	pdf
Dec 04 2009	AOL LLC	AOL Inc	ASSIGNMENT OF ASSIGNORS INTEREST SEE DOCUMENT FOR DETAILS	033966	0798	pdf
Jun 14 2012	AOL Inc	Facebook, Inc	ASSIGNMENT OF ASSIGNORS INTEREST SEE DOCUMENT FOR DETAILS	034014	0682	pdf
May 31 2013		Facebook, Inc.	(assignment on the face of the patent)

MAINTENANCE FEES AND DATES: Maintenance records on the USPTO

Date	Maintenance Fee Events
Dec 01 2014	M1551: Payment of Maintenance Fee, 4th Year, Large Entity.
Oct 16 2018	M1552: Payment of Maintenance Fee, 8th Year, Large Entity.
Oct 31 2022	M1553: Payment of Maintenance Fee, 12th Year, Large Entity.

Date	Maintenance Schedule
Nov 18 2017	4 years fee payment window open
May 18 2018	6 months grace period start (w surcharge)
Nov 18 2018	patent expiry (for year 4)
Nov 18 2020	2 years to revive unintentionally abandoned end. (for year 4)
Nov 18 2021	8 years fee payment window open
May 18 2022	6 months grace period start (w surcharge)
Nov 18 2022	patent expiry (for year 8)
Nov 18 2024	2 years to revive unintentionally abandoned end. (for year 8)
Nov 18 2025	12 years fee payment window open
May 18 2026	6 months grace period start (w surcharge)
Nov 18 2026	patent expiry (for year 12)
Nov 18 2028	2 years to revive unintentionally abandoned end. (for year 12)