Secure Push and Status Communication between Client and Server

US 20090158397A1
Filed: 12/17/2007
Published: 06/18/2009
Est. Priority Date: 12/17/2007
Status: Active Grant

First Claim

Patent Images

1. A method of authentication and authorization between a client, a server, and a gateway to facilitate communicating a message between the client and the server through the gateway, the client having a trusted relationship with each of the gateway and the server, the method comprising:

registering the client with the gateway, including;

forming a push channel between the client and the gateway to allow the gateway to communicate with the client, andreceiving an address space identifying the gateway;

constructing the address space identifying the gateway and the client;

communicating the address space to the server;

receiving an identity identifying the server; and

if the client authorizes to receive a message from the server through the gateway,informing the authorization to the gateway, including;

putting the identity identifying the server on a list of servers which are authorized to send messages to the client; and

communicating the list of servers to the gateway.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods of authentication and authorization between a client, a server, and a gateway to facilitate communicating a message between a client and a server through a gateway. The client has a trusted relationship with each of the gateway and the server. A method includes registering the client with the gateway. The client also constructs the address space identifying the gateway and the client. The client communicates the address space to the server. The client receives an identity identifying the server. If the client authorizes to receive a message from the server through the gateway, the client informs the authorization to the gateway. The client puts the identity identifying the server on a list of servers which are authorized to send messages to the client. In addition, the client communicates the list of servers to the gateway.

97 Citations

View as Search Results

20 Claims

1. A method of authentication and authorization between a client, a server, and a gateway to facilitate communicating a message between the client and the server through the gateway, the client having a trusted relationship with each of the gateway and the server, the method comprising:
- registering the client with the gateway, including;
  
  forming a push channel between the client and the gateway to allow the gateway to communicate with the client, andreceiving an address space identifying the gateway;
  
  constructing the address space identifying the gateway and the client;
  
  communicating the address space to the server;
  
  receiving an identity identifying the server; and
  
  if the client authorizes to receive a message from the server through the gateway,informing the authorization to the gateway, including;
  
  putting the identity identifying the server on a list of servers which are authorized to send messages to the client; and
  
  communicating the list of servers to the gateway.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, further comprising receiving the message from the gateway, wherein the gateway authenticates a server communication between the server and the gateway, wherein the gateway forwards the message to the client when the identity identifying the server is on the list of servers authorized to send messages to the client.
  - 3. The method of claim 1, the method further comprising:
    - selecting servers to be authorized to send messages to the client; and
      
      revoking any authorized server to send messages to the client at any time without a notice to the authorized server.
  - 4. The method of claim 1, the method further comprising:
    - maintaining a communication link between the client and the gateway.
  - 5. The method of claim 1, wherein the address space is a uniform resource locator.
  - 6. The method of claim 1, the method further comprising:
    - generating a list of servers which are authorized to send messages to the client.
  - 7. The method of claim 6, the method further comprising:
    - publishing the address space to the authorized servers.

8. A system for authenticating and authorizing a client and a server through a gateway to facilitate message communication, the system comprising:
- a push channel controller programmed to control an open channel between the client and the gateway;
  
  a client registration and status module programmed to register the client, the client registration and status module communicating with the push channel controller to track a communication link status of the client, the client registration and status module distributing the communication link status of the client to the server;
  
  a push authorization module programmed to authorize a message to be sent to the client based on comparing an identity of the server to an authorization list of approved servers.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The system of claim 8, further comprising:
    - a message forwarder programmed to receive the message from the server, consult with the push authorization module on authorization, and deliver the message to the client subject to the authorization of the push authorization module and based on an address space identifying the client in the message.
  - 10. The system of claim 8, wherein the client registration and status module distributes the communication link status of the client to servers subscribing to a notification on the communication link status when the communication link status changes.
  - 11. The system of claim 8, wherein message communications are aggregated over a single communication channel for messages of multiple clients if the messages come from a same server and use a same gateway, the single channel being a Security Socket Layer or Transport Layer Security communication channel.
  - 12. The system of claim 8, wherein the authorization list includes a configuration list maintained by the gateway and a client initiated list maintained by the client.
  - 13. The system of claim 12, wherein the message is authorized to be sent to the client if the server is on both the configuration list and the client initiated list.
  - 14. The system of claim 12, wherein the message is authorized to be sent to the client if the server is on either the configuration list or the client initiated list.

15. A method of authentication between a client and a server to facilitate communication of a message between a client and a server through a gateway, the method comprising:
- requesting a token from the client;
  
  receiving the token from the client, the token identifying the client and the gateway and authorizing the server; and
  
  sending a message along with the token to the gateway, the gateway forwarding the message to the client after the token is validated by the gateway.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The method of claim 15, wherein the client issues the token to the server.
  - 17. The method of claim 15, the method further comprising:
    - using an ad hoc security mechanism to communicate between the client and the server, the ad hoc security mechanism working securely over non-secure networks.
  - 18. The method of claim 17, wherein using the ad hoc security mechanism includes providing a public key to the client.
  - 19. The method of claim 18, wherein using the ad hoc security mechanism includes decrypting random information encrypted by the gateway using the public key.
  - 20. The method of claim 15, wherein the token specifies usage restrictions authorized by the token, the usage restrictions including a range of start and expiration dates and a maximum number of messages to be sent.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Klein, Johannes, Gavrilescu, Alexandru, Herzog, Shai

Granted Patent

US 8,099,764 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/4
CPC Class Codes

H04L 12/1859   adapted to provide push ser...

H04L 51/58   Message adaptation for wire...

H04L 63/08   for authentication of entit...

H04L 63/101   Access control lists [ACL]

H04L 63/102   Entity profiles

H04L 63/166   at the transport layer

H04L 67/01   Protocols

H04L 67/04   specially adapted for termi...

H04L 67/303   Terminal profiles

H04L 67/55   Push-based network services

H04W 12/082   using revocation of authori...

H04W 4/12   Messaging; Mailboxes; Annou...

Secure Push and Status Communication between Client and Server

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

97 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Secure Push and Status Communication between Client and Server

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

97 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links