Method, system and gateway allowing secured end-to-end access to WAP services

US 7,237,261 B1
Filed: 06/13/2000
Issued: 06/26/2007
Est. Priority Date: 09/07/1999
Status: Expired due to Term

First Claim

Patent Images

1. A method by which a mobile subscriber with a WAP-enabled terminal can access a WEB or WAP server, comprising the steps of:

said terminal sending a request for said server to a WAP gateway, wherein encryption in the wireless interface between said WAP-enabled terminal and said gateway is based on WTLS (Wireless Transport Layer Security), and wherein an encryption protocol used by said server is based on one or both of the SSL or the TLS security protocol; and

converting between WTLS and said one or both of the SSL or the TLS security protocol in a secured domain of said server administrated by an administrator,wherein a plurality of WTLS encrypted packets sent by said terminal are routed by said gateway to said secured domain with said gateway not decrypting any portion of at least some number of the encrypted packets transported during a session.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Method with which a mobile subscriber with a WAP-enabled terminal (1) can access a WAP or WEB server (5),

- wherein said terminal (1) sends a request for said server to a WAP gateway (3)
- wherein the security in the air interface (2) between the said WAP-enabled terminal (1) and said gateway (3) is based on WTLS (Wireless Transport Layer Security),
- wherein the security protocol used by said server (5) is based on the SSL and/or TLS security protocol,
- wherein the conversion between WTLS and SSL and/or TLS is effected in a secured domain of said server (5) administrated by an administrator,
- and wherein the packets sent by said terminal (1) are routed by said gateway (3) to said secured domain, without decrypting all the packets transmitted during a session.

55 Citations

View as Search Results

36 Claims

1. A method by which a mobile subscriber with a WAP-enabled terminal can access a WEB or WAP server, comprising the steps of:
- said terminal sending a request for said server to a WAP gateway, wherein encryption in the wireless interface between said WAP-enabled terminal and said gateway is based on WTLS (Wireless Transport Layer Security), and wherein an encryption protocol used by said server is based on one or both of the SSL or the TLS security protocol; and
  
  converting between WTLS and said one or both of the SSL or the TLS security protocol in a secured domain of said server administrated by an administrator,wherein a plurality of WTLS encrypted packets sent by said terminal are routed by said gateway to said secured domain with said gateway not decrypting any portion of at least some number of the encrypted packets transported during a session.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 2. Method according to claim 1, wherein said gateway routes said packets to a proxy in said secured domain, said proxy using at least one protocol layer of the WAP protocol.
  - 3. Method according to claim 2, wherein said packets are routed according to one or both of the URL or the domain name of the requested page in said gateway.
  - 4. Method according to claim 2, wherein said packets are routed by said gateway according to a port number embedded in said packets.
  - 5. Method according to claim 4, wherein said encrypted packets are routed according to different port numbers to different secured domains.
  - 6. Method according to claim 4, wherein said port number is extracted in an application layer of said gateway from the URL of the requested page.
  - 7. Method according to claim 6, wherein said port number is extracted from only a restricted number of packets during a session, and wherein the routing of at least one of the following packets depends on this extracted port number.
  - 8. Method according to claim 7, wherein a proxy server in said secured domain extracts one or both of the URL or the port number of the received packets and wherein the proxy server sends back a command to said gateway if it receives a packet with a different one or both of an URL or a port number.
  - 9. Method according to claim 4, wherein said port number is extracted from said URL of the required web page in said terminal.
  - 10. Method according to claim 9, wherein said port number is extracted by a browser from said URL of the required web page.
  - 11. Method according to claim 8, wherein the browser in said terminal only copies said port number in said packets if an end-to-end secured connection is requested.
  - 12. Method according to claim 3, wherein said packets in said gateway are routed to a secured domain if said port number is comprised in a predefined range.
  - 13. Method according to claim 3, wherein said gateway sends a redirect command to said terminal if an end-to-end secured connection is requested.
  - 14. Method according to claim 13, wherein said redirect command is time-limited.
  - 15. Method according to claim 13, wherein a proxy server in said secured domain extracts one or both of the URL or the port number of the received packets and sends a redirect command back to said terminal as soon as the session is to be routed to said gateway.
  - 16. Method according to claim 13, wherein said redirect command contains a forwarding address which is extracted from a document made accessible by said WEB or WAP server.
  - 17. Method according to claim 13, wherein said redirect command contains a document which includes the forwarding address.
  - 18. A method according to claim 1, by which a mobile user with a WAP-enabled terminal can access a WEB or WAP server, whereinsaid terminal sends a request for said server to said WAP gateway, wherein a browser in said terminal extracts the port number of the demanded WEB or WAP page and copies it to packets sent to said gateway;
    - and whereinsaid packets are routed, using said gateway, according to this port number.
  - 19. The method of claim 1, wherein said gateway determines whether an end-to-end secured routing is requested according to the URL of the requested page.

20. A gateway comprising:
- means for receiving packets WTLS-encrypted according to the WTLS protocol from WAP-enabled terminals;
  
  means for converting said packets into SSL-encrypted requests; and
  
  means for transmitting said SSL-encrypted requests to a receiving server, wherein said gateway can recognize WTLS-encrypted packets that are to be sent on transparently and can convert said WTLS-encrypted packets into said SSL-encrypted request without decrypting the information contained in at least some number of said WTLS-encrypted packets.
- View Dependent Claims (21, 22, 23, 24, 25, 26)
- - 21. Gateway according to claim 20, wherein said WTLS-encrypted packets are routed according to one or both of the URL or the domain name of the requested page.
  - 22. Gateway according to the claim 20, wherein said WTLS-encrypted packets are routed according to the port number of the requested page.
  - 23. Gateway according to claim 22, wherein said WTLS-encrypted packets are routed to different secured domains according to different port numbers.
  - 24. Gateway according to claim 22, wherein said port number is extracted from the URL of the requested page in an application layer of said gateway.
  - 25. Gateway according to claim 22, whereinsaid port number is extracted during a session only from a restricted number of WTLS-encrypted packets, and whereinthe routing of at least one following WTLS-encrypted packet depends on said extracted port number.
  - 26. The gateway of claim 20, wherein said gateway determines whether an end-to-end secured routing is requested according to the URL of the requested page.

27. A method for performing end-to-end secure data transfer between a terminal and a server, wherein said terminal is connected to said server via a wireless connection between said terminal and a gateway, said method comprising the steps of:
- said terminal requesting a secure communication session with said server via said gateway, said requesting including the steps of;
  
  said terminal generating a request including request packets encrypted using a WTLS protocol,said terminal sending said request to said gateway,said gateway forwarding said request to said server or to another server, wherein said gateway does not decrypt all of said request packets, andsaid server or said another server decrypting some number of said request packets using said WTLS protocol;
  
  andsaid server or said another server serving data to said terminal via said gateway, said serving including the steps of;
  
  said server or said another server sending said data including data packets encrypted using said WTLS protocol to said gateway;
  
  said gateway forwarding said data packets to said terminal, wherein said gateway does not decrypt any portion of at least some number of said data packets; and
  
  said terminal decrypting said data packets using said WTLS protocol.
- View Dependent Claims (28, 29, 30, 31)
- - 28. The method of claim 27, wherein said gateway must decrypt some but not all of said request packets to forward said request to said server or said another server.
  - 29. The method of claim 28, wherein said gateway must decrypt some but not all of said data packets to forward said data to said terminal.
  - 30. The method of claim 27, wherein a browser on said terminal provides information to said gateway for forwarding said request to said server or said another server without said gateway decrypting any of said request packets.
  - 31. The method of claim 30, wherein said information includes one or more of:
    - a port number, a domain name, and an URL.

32. A system for performing end-to-end secure data transfer between a terminal and a server, said system comprising:
- a gateway adapted for receiving a request for a secure session with said server from the terminal, wherein said request includes request packets encrypted using a WTLS protocol, and wherein said gateway is also adapted for forwarding said request to said server or to another server, wherein said gateway does not decrypt all of said request packets for performing said forwarding;
  
  said server or said another server adapted for decrypting some number of said request packets using said WTLS protocol and also adapted for serving data including data packets encrypted using said WTLS protocol to said gateway, whereinsaid gateway forwards said data to said terminal without decrypting any portion of at least some number of said data packets, and whereinthe terminal decrypts said data packets using said WTLS protocol.
- View Dependent Claims (33, 34, 35, 36)
- - 33. The system of claim 32, wherein said gateway must decrypt some but not all of said request packets to forward said request to said server or said another server.
  - 34. The system of claim 33, wherein said gateway must decrypt some but not all of said data packets to forward said data to the terminal.
  - 35. The system of claim 33, wherein a browser on the terminal provides information to said gateway for forwarding said request to said server or said another server without said gateway decrypting any of said request packets.
  - 36. The system of claim 35, wherein said information includes one or more of a port number, a domain name, and an URL.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
InterDigital Patent Holdings, Inc. (InterDigital, Inc.)
Original Assignee
Swisscom AG (Government of Switzerland)
Inventors
Huber, Adriano, Loher, Urs
Primary Examiner(s)
Vu; Kim
Assistant Examiner(s)
GYORFI, THOMAS A

Application Number

US09/592,916
Time in Patent Office

2,569 Days
Field of Search

713/201, 713/200, 713/153, 455/419, 709/245, 726/12, 726/14, 726/7
US Class Current

726/12
CPC Class Codes

H04L 63/0428   wherein the data content is...

H04L 63/166   at the transport layer

H04L 63/20   for managing network securi...

H04W 12/03   Protecting confidentiality,...

Method, system and gateway allowing secured end-to-end access to WAP services

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

55 Citations

36 Claims

Specification

Solutions

Use Cases

Quick Links

Method, system and gateway allowing secured end-to-end access to WAP services

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

55 Citations

36 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links