Streamlined service subscription in distributed architectures

US 7,376,840 B2
Filed: 09/30/2002
Issued: 05/20/2008
Est. Priority Date: 09/30/2002
Status: Active Grant

First Claim

Patent Images

1. A method of providing a service in a distributed architecture environment, the environment including a client, a content provider and a request processing entity, the method comprising:

making a subscription request of the content provider by the client;

generating a subscription description based on the subscription request;

adding a digital signature to the subscription description by the client;

generating a token based on the signed subscription description;

including the token in a request made of the request processing entity;

verifying the digital signature of the client by the request processing entity;

processing the request by the request processing entity; and

providing, by the content provider, the service to the client based on results of the processed request.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Cryptography is used to generate a token that both authorizes request processing and establishes constraints on that authorization. A mobile communications device user or client subscribes to an information service of a content provider. A description of the subscribed service is generated. The client applies a digital signature to the description and optionally encrypts the signed description. A token is generated based on the signed description. The content provider presents the token to the request processing entity of a mobile service provider in order to establish trust between the content provider and the request processing entity. The request processing entity decrypts the token and verifies the signature of the client. The request of the content provider is validated through a comparison of the request with the constraints indicated in the decrypted token. Valid requests are processed. For example, a request for location information about the client is fulfilled in order for the content provider to push a local weather report to the mobile device of the client.

Citations

31 Claims

1. A method of providing a service in a distributed architecture environment, the environment including a client, a content provider and a request processing entity, the method comprising:
- making a subscription request of the content provider by the client;
  
  generating a subscription description based on the subscription request;
  
  adding a digital signature to the subscription description by the client;
  
  generating a token based on the signed subscription description;
  
  including the token in a request made of the request processing entity;
  
  verifying the digital signature of the client by the request processing entity;
  
  processing the request by the request processing entity; and
  
  providing, by the content provider, the service to the client based on results of the processed request.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The method of claim 1 wherein the generating of the token comprises encrypting the signed subscription description.
  - 3. The method of claim 1 wherein the generating of the subscription description comprises generating a one-way hash of a page describing the subscription.
  - 4. The method of claim 1 wherein the generating of the subscription description comprises generating a page describing the subscription.
  - 5. The method of claim 2 wherein the encrypting is based on a public key of the request processing entity.
  - 6. The method of claim 2 wherein the encrypting comprises combining a one-way hash of a page describing the subscription with a digital envelope.
  - 7. The method of claim 1 wherein the processing of the request comprises providing the content provider with information about the client.
  - 8. The method of claim 1 wherein the processing of the request comprises providing the content provider with information.
  - 9. The method of claim 7 wherein the providing of the content provider with information comprises providing the content provider with information about a location of a mobile device of the client.
  - 10. The method of claim 1 wherein the processing of the request comprises:
    - updating a database or directory of the request processing entity with information about the subscription.
  - 11. The method of claim 1 further comprising, before the processing of the request, checking the request against an authorization revocation list by the request processing entity, thereby ensuring a continued validity of the request.
  - 12. The method of claim 10 further comprising:
    - receiving, by the request processing entity, an additional request from the content provider in regard to the subscription;
      
      validating, by the request processing entity, the additional request based on information in the database or directory;
      
      processing, by the request processing entity, the validated additional request.
  - 13. The method of claim 12 wherein the receiving of the additional request comprises receiving a request without a token.
  - 14. The method of claim 1 wherein generating the subscription description comprises identifying constraints on information provided by the request processing entity to the content provider.
  - 15. The method of claim 2 wherein the encrypting is based on a key provided by an authentication, authorization and accounting infrastructure.

16. A method of providing a service in a distributed architecture environment, the environment including a client, a first entity providing a first good and/or service to the client and a second entity providing a second good and/or service to the client wherein the first entity must request an aspect of the second good or service from the second entity in order to deliver the first good or service to the client and wherein the second entity must have assurance that honoring the request of the first entity is authorized, the method comprising:
- ordering a first good or service from the first entity by the client;
  
  generating a description of the aspect of the second good or service;
  
  signing the description by an authorizing entity;
  
  generating a token based on the signed description;
  
  including, by the first entity, the token with the request made of the second entity;
  
  verifying, by the second entity, the signature of the authorizing entity;
  
  honoring, by the second entity, the request; and
  
  delivering the first good or service to the client by the first entity based on the honored request.
- View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
- - 17. The method of claim 16 wherein the signing of the description comprises the client signing the description.
  - 18. The method of claim 16 wherein the honoring of the request comprises a mobile communications service provider delivering information about the client to the first entity.
  - 19. The method of claim 16 wherein the generating of a token comprises encrypting the signed description and wherein the method further comprises decrypting the token by the second entity.
  - 20. The method of claim 19 wherein the encrypting is based on a public key of the second entity.
  - 21. The method of claim 16 wherein the honoring of the request comprises providing the first entity with information about the client.
  - 22. The method of claim 16 wherein the honoring of the request comprises providing the first entity with information about a location of a mobile device of the client.
  - 23. The method of claim 16 wherein the honoring of the request comprises:
    - updating a database or directory of the second entity with information about the description of the aspect of the second good or service.
  - 24. The method of claim 23 further comprising:
    - receiving, by the second entity, an additional request from the first entity according to the aspect of the second good or service;
      
      validating, by the second entity, the additional request based on information in the database or directory;
      
      honoring, by the second entity, the validated additional request.
  - 25. The method of claim 16 wherein the generating of a description of the aspect of the second good or service comprises identifying constraints on information provided by the second entity to the first.
  - 26. The method of claim 19 wherein the encrypting is based on a key provided by an authentication, authorization and accounting infrastructure.

27. A system for providing a service in a distributed architecture environment, the environment including a client, a content provider and a request processing entity, the system comprising:
- means for making a subscription request of the content provider by the client;
  
  means for generating a subscription description based on the subscription request;
  
  means for adding a digital signature to the subscription description by the client;
  
  means for generating a token based on the signed subscription description;
  
  means for including the token in a request made of the request processing entity;
  
  means for verifying the digital signature of the client by the request processing entity;
  
  means for processing the request by the request processing entity; and
  
  means for providing, by the content provider, the service to the client based on results of the processed request.
- View Dependent Claims (28, 29, 30, 31)
- - 28. The system of claim 27 wherein the request processing entity is further operative to check the request against an authorization revocation list, thereby ensuring a continued validity of the request before processing the request or preventing the processing of the request if the authorization revocation list indicates that the authorization has been revoked.
  - 29. The system of claim 27 wherein the request processing entity is comprised within a mobile positioning center.
  - 30. The system of claim 27 wherein the request processing entity is comprised within a gateway mobile location center.
  - 31. The system of claim 27 wherein the request processing entity is further operative to receive an encrypted token and decrypt the encrypted token.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Alcatel-Lucent USA, Inc. (Nokia Corporation)
Original Assignee
Lucent Technologies, Inc. (Nokia Corporation)
Inventors
Vemuri, Kumar Venkata, McCann, Peter James
Primary Examiner(s)
Zand; Kambiz
Assistant Examiner(s)
Wyszynski; Aubrey H

Application Number

US10/260,843
Publication Number

US 20040064707A1
Time in Patent Office

2,059 Days
Field of Search

713/185
US Class Current

713/185
CPC Class Codes

H04L 63/0823 using certificates cryptogr...

H04L 63/123 received data contents, e.g...

Streamlined service subscription in distributed architectures

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

31 Claims

Specification

Solutions

Use Cases

Quick Links

Streamlined service subscription in distributed architectures

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

31 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links