Method and apparatus for protecting identities of mobile devices on a wireless network
DC CAFCFirst Claim
1. A method of operating a proxy on a network, the method comprising:
- storing an association of service providers and cryptograpic keys;
receiving a request from a mobile device, the request dire ted to a remote server on the network;
using the stored association to identify a cryptographic key associated with the remote server;
using the identified cryptographic key to encode an Identifier of the mobile device;
incorporating the encoded identifier into a proxy request;
sending the proxy request to the remote server on behalf f the mobile device;
receiving a request from a service initiator on the network to push information to the mobile device;
determining whether the stored association includes a cryptographic key associated with the service initiator;
if the stored association includes a cryptographic key associated with the service initiator, using said cryptograhic key to decode a device identifier in the request from the service initiator;
determining whether the decoded device identifier corresponds to the mobile device; and
allowing the request from the service initiator to be fulfilled only if the stored association includes a cryptographic key associated with the service initiator and the decoded device identifier corresponds to the mobile device.
4 Assignments
Litigations
0 Petitions
Accused Products
Abstract
A method and apparatus for protecting the identities of mobile devices on a wireless network are described. A proxy gateway couples the wireless network to a wired network and maintains data associating a set of service initiators with a set of cryptographic keys. Upon receiving a request from a mobile client device directed to an origin server on the wired network, the proxy gateway identifies the cryptographic key for that origin server and sends to the origin server a proxy request. The proxy request includes an identifier of the mobile device, encrypted using the cryptographic key. When the proxy gateway receives a request from a service initiator on the wired network to push information to a mobile device, it uses the cryptographic key for that service initiator to decode a client identifier in the request and thereby determine whether the request is valid.
96 Citations
14 Claims
-
1. A method of operating a proxy on a network, the method comprising:
-
storing an association of service providers and cryptograpic keys;
receiving a request from a mobile device, the request dire ted to a remote server on the network;
using the stored association to identify a cryptographic key associated with the remote server;
using the identified cryptographic key to encode an Identifier of the mobile device;
incorporating the encoded identifier into a proxy request;
sending the proxy request to the remote server on behalf f the mobile device;
receiving a request from a service initiator on the network to push information to the mobile device;
determining whether the stored association includes a cryptographic key associated with the service initiator;
if the stored association includes a cryptographic key associated with the service initiator, using said cryptograhic key to decode a device identifier in the request from the service initiator;
determining whether the decoded device identifier corresponds to the mobile device; and
allowing the request from the service initiator to be fulfilled only if the stored association includes a cryptographic key associated with the service initiator and the decoded device identifier corresponds to the mobile device. - View Dependent Claims (2, 3, 4)
-
-
5. A method of operating a proxy on a network, the method comprising:
-
storing an association of service initiators and cryptographic keys, including a plurality of cryptographic keys and one or more network addresses associated with each of the cryptographic keys;
receiving a roquest from a service initiator on the network to push information to a mobile device;
determining whether the stored association includes a cryptographic key associated with the service initiator;
if the stored association includes a cryptographic key associated with the service initiator, using said cryptographic key to decode a device identifier in the request from the service initiator;
determining whether the decoded device identilier corresponds to the mobile device; and
allowing the request from the service initiator to be fulfilled only if the stored association includes a cryptographic key associated with the service initiator and the decode device identifier corresponds to the mobile client device. - View Dependent Claims (6, 7)
-
-
8. A method of operating a proxy on a network, the method comprising:
-
storing an association of service initiators and cryptographic keys including a plurality of cryptographic keys and one or mare network addresses associated with each of the cryptographic keys;
receiving a request from a mobile client device, the request directed to a network address representing a remote server on the network;
using the stored association to identify a cryptographic key associated with the remote server;
generating a proxy request based on the request received from the mobile client device, by using the identified cryptographic key to encode an identifier of the mobile client device and incorporating the encoded identifier into the proxy request;
sending the proxy request to the remote server on behalf of the mobile client device;
receiving a request from a service initiator on the network to push information to the mobile client device;
determining whether the stored association includes a cryptographic key associated with the service initiator;
if the stored association includes a cryptographic key associated with the service initiator, using said cryptographic key to decode a client identifier in the request from the service initiator;
determining whether the decoded client identifier corresponds to the mobile client device; and
allowing the request from the service initiator to be fulfilled only if the stored association includes a cryptographic key associated with the service initiator and the decoded client identifier corresponds to the mobile client device. - View Dependent Claims (9)
-
-
10. A method of operating a server, the method comprising:
-
receiving a request to provide first information to a mobile client device on a wireless network, the request including an encrypted identifier of a mobile client device;
sending the first information in response to the request, for communication to the mobile client device; and
sending a request to push second information to the mobile client device by including the encrypted identifier in the request to push the second information to the client device, such that the encrypted identifier in the request to push the second information is used to validate the request to push the second information.
-
-
11. A proxy gateway connected to a wireless network and to a wired network, the proxy gateway configured to provide a plurality of mobile devices on the wireless network with access to a plurality of processing systems on the wired network, the proxy gateway comprising:
-
a processor; and
a storage medium having stored therein instructions which configure the proxy gateway to perform the method comprising storing an association of service providers and cryptographic keys;
receiving a request from a mobile device on the wireless network, the request directed to a remote server on the wired network;
using the stored association to identify a cryptograpic key associated with the remote server;
using the identified cryptographic key to encode an identifier of the mobile device;
incorporating the encoded identifier into a proxy request;
sending the proxy request to the remote server on behalf of the mobile device;
receiving a request from a service initiator on the wired network to push information to one of the mobile devices on the wireless network;
determining whether the stored association includes cryptograghic key associated with said service initiator;
if the stored association includes a cryptographic key associated with said service initiator, using said cryptograghic key to decode device identifier in the request from said service initiator;
determining whether the decode device identifier corresponds to said one of the mobile devices, and allowing the request from the service initiator to be fulfilled only if the stored association includes a cryptographic key associated with said service initiator and the decode device identifier corresponds to said one of the mobile devices. - View Dependent Claims (12, 13, 14)
-
Specification