Method and apparatus for maintaining security in a push server
First Claim
Patent Images
1. A method of delivering notifications from an information server to a push server, said push server for sending information to a plurality of subscribing clients, said method comprising:
- receiving in said push server a push request from said information server, said push request including a certificate from said information server;
authenticating said information server by validating the integrity of said certificate, and determining if said certificate was issued from an acceptable certificate authority in an acceptable certificate authority list;
processing said push request in said push server if said certificate was issued by an acceptable certificate authority in said acceptable certificate authority list and said certificate was validated; and
pushing updated information in said push request to a thin-client system if said push request contains said updated information and said processing succeeded, said thin-client device only communicating with said information server through said push server.
6 Assignments
0 Petitions
Accused Products
Abstract
A secure push server is disclosed. The push server is used for sending notifications to different wireless clients on different wireless networks. The push server allows information service providers to send notifications to the wireless clients. The information service providers initiate a request to the push server that includes updated information. The request also includes a certificate from the information service provider. The push server authenticates the request from the information service provider by verifying the certificate. The push server also determines if the certificate was issued from an acceptable certificate authority by examining an acceptable certificate authority list. Finally, the push server checks the content of the notification to be sure it does not interfere with other information service providers. After performing the security checks, the push server processes the notification request.
452 Citations
28 Claims
-
1. A method of delivering notifications from an information server to a push server, said push server for sending information to a plurality of subscribing clients, said method comprising:
-
receiving in said push server a push request from said information server, said push request including a certificate from said information server;
authenticating said information server by validating the integrity of said certificate, and determining if said certificate was issued from an acceptable certificate authority in an acceptable certificate authority list;
processing said push request in said push server if said certificate was issued by an acceptable certificate authority in said acceptable certificate authority list and said certificate was validated; and
pushing updated information in said push request to a thin-client system if said push request contains said updated information and said processing succeeded, said thin-client device only communicating with said information server through said push server. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
verifying that said push request refers to information that originates from a server within a domain closely associated with said information server.
-
-
3. The method as claimed in claim 1 wherein processing said push request comprises:
-
examining a default security policy; and
allowing said push request if said default policy is to allow access else denying said push request if said default policy is to deny access.
-
-
4. The method as claimed in claim 3 wherein processing said push request comprises:
-
examining an access control list; and
allowing said push request if said default policy is to deny access and said information server is listed in said access control exception list.
-
-
5. The method as claimed in claim 1 wherein processing said push request comprises:
-
examining an access control list; and
allowing or denying said push request depending on if said information server is in said access control list.
-
-
6. The method as claimed in claim 1 wherein processing said push request comprises sending a notification across a wireless network to a wireless thin-client device.
-
7. The method as claimed in claim 1 wherein receiving in said push server a push request from said information server comprises receiving an SSL connection from said information server directed to said push server.
-
8. The method as claimed in claim 1 wherein said certificate comprises an X.509 digital certificate.
-
9. The method as claimed in claim 1 further comprising:
-
determining if said push request refers to an earlier push request; and
verifying that said push request comes from a same entity that sent said earlier push request if said push request refers to said earlier push request.
-
-
10. The method as claimed in claim 1 further comprising:
-
examining a URL in said push request; and
rejecting said push request if said URL refers to a domain not closely associated with a domain name in said certificate.
-
-
11. The method as claimed in claim 10 wherein rejecting said push request if said request contains a URL that refers to a reference domain name not closely associated with said domain name in said certificate comprises requiring a net_loc of said URL to be said domain name or an immediate superdomain of said domain name.
-
12. The method as claimed in claim 1 further comprising:
-
examining said push request to determine if said request contains a URL; and
rejecting said push request if said URL is not absolute or does not contain a net_loc.
-
-
13. An apparatus for delivering notifications to a set of wireless thin-client devices on a wireless network, said apparatus comprising:
-
a computer network;
an information server, said information server coupled to said computer network, said information server for pushing information to a plurality of clients, said information server having a site certificate; and
a push server, said push server coupled to said wireless network, said push server coupled to said computer network, said push server accepting push requests that include said site certificate from said information server, said push server verifying said site certificate and processing each said push request after validating the integrity of said site certificate, said push server pushing a piece of information to at least one of said wireless thin-client devices if said validation succeeded and said push request included said piece of information, said thin-client device only communicating with said information server through said push server. - View Dependent Claims (14, 15, 16, 17, 18, 19)
-
-
20. A method of delivering notifications from an information server to a thin-client system through a push server, said method comprising:
-
receiving in said push server a push request from said information server having updated information;
authenticating said information server with said push server;
verifying that a content of said push request originates from an acceptable source; and
pushing said updated information in said push request to said thin-client system if said push request contains said updated information, said thin-client device only communicating with said information server through said push server. - View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28)
examining said push request to see if said push request contains a URL; and
rejecting said push request when said URL refers to a domain name not closely associated with an authenticated domain name in a certificate.
-
-
26. The method as claimed in claim 25 wherein rejecting said push request when said URL refers to a domain name not closely associated with said authenticated domain name in a certificate comprises requiring said URL to be said authenticated domain name or an immediate superdomain of said authenticated domain name.
-
27. The method as claimed in claim 20 further comprising:
-
examining if said push request refers to an earlier push request; and
verifying that said push request comes from a same entity that sent said earlier push request if said push request refers to said earlier push request.
-
-
28. The method as claimed in claim 20 further comprising:
-
examining an access control list; and
processing or denying said push request depending on if a domain name associated with said information server is in said access control list.
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeUnwired Planet LLC (JP Morgan Chase & Co)
-
Original AssigneeOpenwave Systems Incorporated (JP Morgan Chase & Co)
-
InventorsFox, Mark A., King, Peter F., Ramasubramani, Seetharaman
-
Primary Examiner(s)HUA, LY
-
Application NumberUS09/132,166Time in Patent Office1,436 DaysField of Search713/200, 713/201, 709/232, 709/202, 709/206, 380/231, 380/30, 705/27, 705/8, 707/3, 707/9US Class Current726/4CPC Class CodesH04L 12/1859 adapted to provide push ser...H04L 12/189 in combination with wireles...H04L 63/0823 using certificates cryptogr...H04L 63/101 Access control lists [ACL]H04L 63/102 Entity profilesH04L 63/126 the source of the received ...H04L 63/1458 Denial of ServiceH04L 63/1466 Active attacks involving in...H04L 67/04 specially adapted for termi...H04L 67/55 Push-based network servicesH04L 69/329 in the application layer [O...H04L 9/40 Network security protocolsH04W 12/069 using certificates or pre-s...H04W 12/086 using security domainsH04W 12/106 Packet or message integrityH04W 12/122 Counter-measures against at...
