ENABLING SECURE ACCESS TO A DISCOVERED LOCATION SERVER FOR A MOBILE DEVICE

US 20130212663A1
Filed: 02/07/2013
Published: 08/15/2013
Est. Priority Date: 02/10/2012
Status: Active Grant

First Claim

Patent Images

1. A method for obtaining a secure connection between a first server and a client, the method comprising:

establishing a secure communication session between a second server and the client, wherein the second server is trusted by the first server, and the second server is configured to authenticate the client;

receiving, by the client, a client token using the secure communication session, wherein the client token is defined for the first server and contains data associated with the first server, the second server, the client, and a digital signature;

requesting, by the client, secure communication access to the first server, wherein the requesting includes transferring the client token to the first server; and

receiving, by the client, a grant of secure communication access to the first server based on authentication of the client by the first server, wherein the authentication is based on the client token validating the client and the digital signature validating the client token.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for obtaining a secure connection between a first server and a client. The method may comprise establishing a secure communication session between a second server and the client, wherein the second server is trusted by the first server, and the second server is configured to authenticate the client. The client may receive a client token, wherein the client token contains data associated with the first server, the second server, the client, and a digital signature. Then, the client may request secure communication access to the first server, wherein the request includes transferring the client token to the first server. Finally, the client may receive a grant of secure communication access to the first server based on authentication of the client by the first server, wherein the authentication is based on the client token validating the client and the digital signature validating the client token.

Citations

42 Claims

1. A method for obtaining a secure connection between a first server and a client, the method comprising:
- establishing a secure communication session between a second server and the client, wherein the second server is trusted by the first server, and the second server is configured to authenticate the client;
  
  receiving, by the client, a client token using the secure communication session, wherein the client token is defined for the first server and contains data associated with the first server, the second server, the client, and a digital signature;
  
  requesting, by the client, secure communication access to the first server, wherein the requesting includes transferring the client token to the first server; and
  
  receiving, by the client, a grant of secure communication access to the first server based on authentication of the client by the first server, wherein the authentication is based on the client token validating the client and the digital signature validating the client token.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The method of claim 1, further comprising:
    - receiving, by the client, a digital certificate using the secure communication session; and
      
      transferring the digital certificate to the first server in the request, wherein the first server uses the digital certificate to validate the digital signature.
  - 3. The method of claim 2, wherein the transferring of the digital certificate to the first server occurs only once, and the digital certificate is sent in an initial access message from the client to the first server.
  - 4. The method of claim 2, wherein the client token and digital certificate are bit strings, and the client token and digital certificate are not encoded or decoded by the client.
  - 5. The method of claim 2, wherein the second server is a home secure user plane location (SUPL) location platform (H-SLP), the client is a SUPL Enabled Terminal (SET) and the first server is a Discovered SLP (D-SLP).
  - 6. The method of claim 5, wherein the H-SLP authenticates the SET using an alternative client authentication (ACA) method, a generic bootstrapping architecture (GBA), or a device certificates method.
  - 7. The method of claim 5, wherein the client token is a SET Token and the digital certificate is a SLP certificate.
  - 8. The method of claim 7, wherein the SET Token contains a SET identity, a H-SLP identity, a D-SLP identity and a digital signature of the H-SLP.
  - 9. The method of claim 8, wherein the SET Token further contains a provided position of the SET.
  - 10. The method of claim 9, wherein the D-SLP authenticates the SET by verifying that a current position of the SET is within a threshold distance of the provided position of the SET.
  - 11. The method of claim 8, wherein the SET Token further contains an initial time and duration of a D-SLP authorization.
  - 12. The method of claim 11, wherein the D-SLP authenticates the SET by verifying that a current time is within the initial time and duration of the D-SLP authorization.
  - 13. The method of claim 1, further comprising authenticating, by the client, the first server using public key authentication before transferring the client token to the first server.
  - 14. The method of claim 1, wherein the first server has received a digital certificate associated with the second server from a previous secure communication session between the first server and the second server, and the first server uses the digital certificate to validate the digital signature.
  - 15. The method of claim 1, further comprising storing, by the client, the client token until the client token is revoked by the second server.
  - 16. The method of claim 15, wherein the client token is revoked when the client receives a new client token from the second server defined for the first server.
  - 17. The method of claim 1, wherein the client token is used by the first server to verify inclusion of the first server'"'"'s own identity.

18. A client for obtaining a secure connection with a first server, the client comprising:
- one or more processors; and
  
  memory storing computer-readable instructions that, when executed by the one or more processors, cause the client to;
  
  establish a secure communication session between a second server and the client, wherein the second server is trusted by the first server, and the second server is configured to authenticate the client;
  
  receive a client token using the secure communication session, wherein the client token is defined for the first server and contains data associated with the first server, the second server, the client, and a digital signature;
  
  request secure communication access to the first server, wherein the request includes transferring the client token to the first server; and
  
  receive a grant of secure communication access to the first server based on authentication of the client by the first server, wherein the authentication is based on the client token validating the client and the digital signature validating the client token.
- View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29)
- - 19. The client of claim 18, further comprising computer-readable instructions that, when executed by the one or more processors, cause the client to:
    - receive a digital certificate using the secure communication session; and
      
      transfer the digital certificate to the first server in the request, wherein the first server uses the digital certificate to validate the digital signature.
  - 20. The client of claim 19, wherein the transfer of the digital certificate to the first server occurs only once, and the digital certificate is sent in an initial access message from the client to the first server.
  - 21. The client of claim 19, wherein the client token and digital certificate are bit strings, and the client token and digital certificate are not encoded or decoded by the client.
  - 22. The client of claim 19, wherein the second server is a home secure user plane location (SUPL) location platform (H-SLP), the client is a SUPL Enabled Terminal (SET) and the first server is a Discovered SLP (D-SLP).
  - 23. The client of claim 22, wherein the client token is a SET Token and the digital certificate is a SLP certificate.
  - 24. The client of claim 23, wherein the SET Token contains a SET identity, a H-SLP identity, a D-SLP identity and a digital signature of the H-SLP.
  - 25. The client of claim 24, wherein the SET Token further contains a provided position of the SET.
  - 26. The client of claim 24, wherein the SET Token further contains an initial time and duration of a D-SLP authorization.
  - 27. The client of claim 18, further comprising computer-readable instructions that, when executed by the one or more processors, cause the client to authenticate the first server using public key authentication before the transferring the client token to the first server.
  - 28. The client of claim 18, further comprising memory configured to store the client token until the client token is revoked by the second server.
  - 29. The client of claim 28, wherein the client token is revoked when the client receives a new client token from the second server defined for the first server.

30. One or more computer-readable media storing computer-executable instructions for obtaining a secure connection between a first server and a client that, when executed, cause one or more computing devices included in the client to:
- establish a secure communication session between a second server and the client, wherein the second server is trusted by the first server, and the second server is configured to authenticate the client;
  
  receive a client token using the secure communication session, wherein the client token is defined for the first server and contains data associated with the first server, the second server, the client, and a digital signature;
  
  request secure communication access to the first server, wherein the request includes transferring the client token to the first server; and
  
  receive a grant of secure communication access to the first server based on authentication of the client by the first server, wherein the authentication is based on the client token validating the client and using the digital signature validating the client token.

31. A apparatus for obtaining a secure connection between a first server and a client, the apparatus comprising:
- means for establishing a secure communication session between a second server and the client, wherein the second server is trusted by the first server, and the second server is configured to authenticate the client;
  
  means for receiving, by the client, a client token using the secure communication session, wherein the client token is defined for the first server and contains data associated with the first server, the second server, the client, and a digital signature;
  
  means for requesting, by the client, secure communication access to the first server, wherein the requesting includes transferring the client token to the first server;
  
  means for receiving, by the client, a grant of secure communication access to the first server based on authentication of the client by the first server, wherein the authentication is based on the client token validating the client and the digital signature validating the client token.
- View Dependent Claims (32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42)
- - 32. The apparatus of claim 31, further comprising:
    - means for receiving, by the client, a digital certificate using the secure communication session; and
      
      means for transferring the digital certificate to the first server in the request, wherein the first server uses the digital certificate to validate the digital signature.
  - 33. The apparatus of claim 32, wherein the transferring of the digital certificate to the first server occurs only once, and the digital certificate is sent in an initial access message from the client to the first server.
  - 34. The apparatus of claim 32, wherein the client token and digital certificate are bit strings, and the client token and digital certificate are not encoded or decoded by the client.
  - 35. The apparatus of claim 32, wherein the second server is a home secure user plane location (SUPL) location platform (H-SLP), the client is a SUPL Enabled Terminal (SET) and the first server is a Discovered SLP (D-SLP).
  - 36. The apparatus of claim 35, wherein the client token is a SET Token and the digital certificate is a SLP certificate.
  - 37. The apparatus of claim 36, wherein the SET Token contains a SET identity, a H-SLP identity, a D-SLP identity and a digital signature of the H-SLP.
  - 38. The apparatus of claim 37, wherein the SET Token further contains a provided position of the SET.
  - 39. The apparatus of claim 37, wherein the SET Token further contains an initial time and duration of a D-SLP authorization.
  - 40. The apparatus of claim 31, further comprising means for authenticating the first server using public key authentication before transferring the client token to the first server.
  - 41. The apparatus of claim 31, further comprising means for storing the client token until revoked by the second server.
  - 42. The apparatus of claim 41, wherein the client token is revoked when the client receives a new client token from the second server defined for the first server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Qualcomm, Inc.
Original Assignee
Qualcomm, Inc.
Inventors
EDGE, Stephen William, WACHTER, Andreas Klaus, HAWKES, Philip Michael

Granted Patent

US 9,491,620 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/7
CPC Class Codes

H04L 63/0823   using certificates cryptogr...

H04L 63/0884   by delegation of authentica...

H04L 63/107   wherein the security polici...

H04W 12/069   using certificates or pre-s...

H04W 4/02   Services making use of loca...

H04W 4/029   Location-based management o...

H04W 4/20   Services signaling; Auxilia...

H04W 8/02   Processing of mobility data...

H04W 8/06   Registration at serving net...

ENABLING SECURE ACCESS TO A DISCOVERED LOCATION SERVER FOR A MOBILE DEVICE

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

42 Claims

Specification

Solutions

Use Cases

Quick Links

ENABLING SECURE ACCESS TO A DISCOVERED LOCATION SERVER FOR A MOBILE DEVICE

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

42 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links