Method and apparatus for maintaining security in a push server
First Claim
1. A method of delivering notifications from an information server to a push server, said push server for sending information to a plurality of subscribing clients, said method comprising:
- receiving in said push server a push request from said information server, said push request including a certificate from said information server;
authenticating said information server by validating the integrity of said certificate, and determining if said certificate was issued from an acceptable certificate authority in an acceptable certificate authority list;
processing said push request in said push server if said certificate was issued by an acceptable certificate authority in said acceptable certificate authority list and said certificate was validated; and
pushing updated information in said push request to a thin-client system if said push request contains said updated information and said processing succeeded, said thin-client device only communicating with said information server through said push server.
6 Assignments
0 Petitions
Accused Products
Abstract
A secure push server is disclosed. The push server is used for sending notifications to different wireless clients on different wireless networks. The push server allows information service providers to send notifications to the wireless clients. The information service providers initiate a request to the push server that includes updated information. The request also includes a certificate from the information service provider. The push server authenticates the request from the information service provider by verifying the certificate. The push server also determines if the certificate was issued from an acceptable certificate authority by examining an acceptable certificate authority list. Finally, the push server checks the content of the notification to be sure it does not interfere with other information service providers. After performing the security checks, the push server processes the notification request.
452 Citations
28 Claims
-
1. A method of delivering notifications from an information server to a push server, said push server for sending information to a plurality of subscribing clients, said method comprising:
-
receiving in said push server a push request from said information server, said push request including a certificate from said information server;
authenticating said information server by validating the integrity of said certificate, and determining if said certificate was issued from an acceptable certificate authority in an acceptable certificate authority list;
processing said push request in said push server if said certificate was issued by an acceptable certificate authority in said acceptable certificate authority list and said certificate was validated; and
pushing updated information in said push request to a thin-client system if said push request contains said updated information and said processing succeeded, said thin-client device only communicating with said information server through said push server. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
verifying that said push request refers to information that originates from a server within a domain closely associated with said information server.
-
-
3. The method as claimed in claim 1 wherein processing said push request comprises:
-
examining a default security policy; and
allowing said push request if said default policy is to allow access else denying said push request if said default policy is to deny access.
-
-
4. The method as claimed in claim 3 wherein processing said push request comprises:
-
examining an access control list; and
allowing said push request if said default policy is to deny access and said information server is listed in said access control exception list.
-
-
5. The method as claimed in claim 1 wherein processing said push request comprises:
-
examining an access control list; and
allowing or denying said push request depending on if said information server is in said access control list.
-
-
6. The method as claimed in claim 1 wherein processing said push request comprises sending a notification across a wireless network to a wireless thin-client device.
-
7. The method as claimed in claim 1 wherein receiving in said push server a push request from said information server comprises receiving an SSL connection from said information server directed to said push server.
-
8. The method as claimed in claim 1 wherein said certificate comprises an X.509 digital certificate.
-
9. The method as claimed in claim 1 further comprising:
-
determining if said push request refers to an earlier push request; and
verifying that said push request comes from a same entity that sent said earlier push request if said push request refers to said earlier push request.
-
-
10. The method as claimed in claim 1 further comprising:
-
examining a URL in said push request; and
rejecting said push request if said URL refers to a domain not closely associated with a domain name in said certificate.
-
-
11. The method as claimed in claim 10 wherein rejecting said push request if said request contains a URL that refers to a reference domain name not closely associated with said domain name in said certificate comprises requiring a net_loc of said URL to be said domain name or an immediate superdomain of said domain name.
-
12. The method as claimed in claim 1 further comprising:
-
examining said push request to determine if said request contains a URL; and
rejecting said push request if said URL is not absolute or does not contain a net_loc.
-
-
13. An apparatus for delivering notifications to a set of wireless thin-client devices on a wireless network, said apparatus comprising:
-
a computer network;
an information server, said information server coupled to said computer network, said information server for pushing information to a plurality of clients, said information server having a site certificate; and
a push server, said push server coupled to said wireless network, said push server coupled to said computer network, said push server accepting push requests that include said site certificate from said information server, said push server verifying said site certificate and processing each said push request after validating the integrity of said site certificate, said push server pushing a piece of information to at least one of said wireless thin-client devices if said validation succeeded and said push request included said piece of information, said thin-client device only communicating with said information server through said push server. - View Dependent Claims (14, 15, 16, 17, 18, 19)
-
-
20. A method of delivering notifications from an information server to a thin-client system through a push server, said method comprising:
-
receiving in said push server a push request from said information server having updated information;
authenticating said information server with said push server;
verifying that a content of said push request originates from an acceptable source; and
pushing said updated information in said push request to said thin-client system if said push request contains said updated information, said thin-client device only communicating with said information server through said push server. - View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28)
examining said push request to see if said push request contains a URL; and
rejecting said push request when said URL refers to a domain name not closely associated with an authenticated domain name in a certificate.
-
-
26. The method as claimed in claim 25 wherein rejecting said push request when said URL refers to a domain name not closely associated with said authenticated domain name in a certificate comprises requiring said URL to be said authenticated domain name or an immediate superdomain of said authenticated domain name.
-
27. The method as claimed in claim 20 further comprising:
-
examining if said push request refers to an earlier push request; and
verifying that said push request comes from a same entity that sent said earlier push request if said push request refers to said earlier push request.
-
-
28. The method as claimed in claim 20 further comprising:
-
examining an access control list; and
processing or denying said push request depending on if a domain name associated with said information server is in said access control list.
-
Specification