Method and apparatus for protecting indentities of mobile devices on a wireless network
First Claim
1. A method of operating a processing system on a network, the method comprising:
- encrypting an identifier of a mobile device on a wireless network; and
using the encrypted identifier to validate a request from a service initiator directed to the mobile device.
4 Assignments
0 Petitions
Accused Products
Abstract
A method and apparatus for protecting the identities of mobile devices on a wireless network are described. A proxy gateway couples the wireless network to a wired network and maintains data associating a set of service initiators with a set of cryptographic keys. Upon receiving a request from a mobile client device directed to an origin server on the wired network, the proxy gateway identifies the cryptographic key for that origin server and sends to the origin server a proxy request. The proxy request includes an identifier of the mobile device, encrypted using the cryptographic key. When the proxy gateway receives a request from a service initiator on the wired network to push information to a mobile device, it uses the cryptographic key for that service initiator to decode a client identifier in the request and thereby determine whether the request is valid.
-
Citations
41 Claims
-
1. A method of operating a processing system on a network, the method comprising:
-
encrypting an identifier of a mobile device on a wireless network; and
using the encrypted identifier to validate a request from a service initiator directed to the mobile device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method of operating a processing system on a network, the method comprising:
-
encrypting an identifier of a mobile device on a wireless network;
including the encrypted identifier in a proxy request to a remote processing system on a network, based on a request from the mobile device; and
using the encrypted identifier to control handling of requests by a plurality of remote processing systems on the network to provide information to the mobile device. - View Dependent Claims (10, 11, 13, 14, 15, 16, 18, 19)
-
-
12. A method of operating a proxy on a network, the method comprising:
-
storing an association of service providers and cryptographic keys;
receiving a request from a mobile device, the request directed to a remote server on the network;
using the stored association to identify a cryptographic key associated with the remote server;
using the identified cryptographic key to encode an identifier of the mobile device;
incorporating the encoded identifier into a proxy request; and
sending the proxy request to the remote server on behalf of the mobile device.
-
-
17. A method of operating a proxy on a network, the method comprising:
-
storing an association of service initiators and cryptographic keys, including a plurality of cryptographic keys and one or more network addresses associated with each of the cryptographic keys;
receiving a request from a service initiator on the network to push information to a mobile device;
determining whether the stored association includes a cryptographic key associated with the service initiator;
if the stored association includes a cryptographic key associated with the service initiator, using said cryptographic key to decode a device identifier in the request from the service initiator;
determining whether the decoded device identifier corresponds to the mobile device; and
allowing the request from the service initiator to be fulfilled only if the stored association includes a cryptographic key associated with the service initiator and the decoded device identifier corresponds to the mobile client device.
-
-
20. A method of operating a proxy on a network, the method comprising:
-
storing an association of service providers and cryptographic keys, including a plurality of cryptographic keys and one or more network addresses associated with each of the cryptographic keys;
receiving a request from a mobile client device, the request directed to a network address representing a remote server on the network;
using the stored association to identify a cryptographic key associated with the remote server;
generating a proxy request based on the request received from the mobile client device, by using the identified cryptographic key to encode an identifier of the mobile client device and incorporating the encoded identifier into the proxy request; and
sending the proxy request to the remote server on behalf of the mobile client device. - View Dependent Claims (21, 22, 24, 27, 28, 29, 30, 31, 32, 33, 35, 36, 38, 39, 40, 41)
-
-
23. A method of operating a proxy on a network, the method comprising:
-
storing an association of service initiators and cryptographic keys, including a plurality of cryptographic keys and one or more network addresses associated with each of the cryptographic keys;
receiving a request from a mobile client device, the request directed to a network address representing a remote server on the network;
using the stored association to identify a cryptographic key associated with the remote server;
generating a proxy request based on the request received from the mobile client device, by using the identified cryptographic key to encode an identifier of the mobile client device and incorporating the encoded identifier into the proxy request;
sending the proxy request to the remote server on behalf of the mobile client device;
receiving a request from a service initiator on the network to push information to the mobile client device;
determining whether the stored association includes a cryptographic key associated with the service initiator;
if the stored association includes a cryptographic key associated with the service initiator, using said cryptographic key to decode a client identifier in the request from the service initiator;
determining whether the decoded client identifier corresponds to the mobile client device; and
allowing the request from the service initiator to be fulfilled only if the stored association includes a cryptographic key associated with the service initiator and the decoded client identifier corresponds to the mobile client device.
-
-
25. A method of operating a server, the method comprising:
-
receiving a request to provide first information to a mobile client device on a wireless network, the request including an encrypted identifier of the mobile client device;
sending the first information in response to the request, for communication to the mobile client device; and
sending a request to push second information to the mobile client device by including the encrypted identifier in the request to push the second information to the client device, such that the encrypted identifier in the request to push the second information is used to validate the request to push the second information.
-
-
26. An apparatus comprising:
-
means for encrypting an identifier of a mobile device on a wireless network; and
means for using the encrypted identifier to control action upon a request from a service initiator to provide information to the mobile device.
-
-
34. A processing system coupled to a wireless network and to a wired network, the processing system comprising:
-
a processor; and
a storage facility coupled to the processor and storing instructions which configure the processing system to;
encrypt an identifier of a mobile device on the wireless network;
include the encrypted identifier in a proxy request to a remote processing system on the wired network, based on a request from the mobile device; and
use the encrypted identifier to control handling of requests by a plurality of remote processing systems on the wired network to provide information to the mobile device.
-
-
37. A proxy gateway connected to a wireless network and to a wired network, the proxy gateway configured to provide a plurality of mobile devices on the wireless network with access to a plurality of processing systems on the wired network, the proxy gateway comprising:
-
a processor; and
a storage medium having stored therein instructions which configure the proxy gateway to perform the method comprising storing an association of service providers and cryptographic keys;
receiving a request from a mobile device on the wireless network, the request directed to a remote server on the wired network;
using the stored association to identify a cryptographic key associated with the remote server;
using the identified cryptographic key to encode an identifier of the mobile device;
incorporating the encoded identifier into a proxy request; and
sending the proxy request to the remote server on behalf of the mobile device.
-
Specification