Method and system for secure alert messaging

US 7,587,609 B2
Filed: 06/29/2007
Issued: 09/08/2009
Est. Priority Date: 02/18/2003
Status: Active Grant

First Claim

Patent Images

1. A secure messaging system, comprising:

a first messaging server and a separate alert messaging database operating in a private network; and

a second messaging server and an application server operating in a demilitarized zone (DMZ) network interposed between the private network and a public network;

the first messaging server in the private network receiving an alert message destined for an intended recipient in the public network, sending the alert message to the separate alert messaging database in the private network for storage, generating an electronic message notification to inform the intended recipient of the alert message, and sending the message notification to the second messaging server in the DMZ network that communicates with the intended recipient;

the second messaging server in the DMZ network receiving the electronic notification from the first messaging server in the private network and sending the message notification to a client device associated with the intended recipient in the public network;

the application server operating in the DMZ network receiving a request from the client device for the alert message corresponding to the message notification, retrieving the alert message from the alert messaging database in the private network, and sending the alert message to the client device for presentation to the intended recipient, thereby avoiding direct communication between the first messaging server operating in the private network and the client device operating in the public network.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An alert messaging system and method to securely transmit and receive alert messages via secure connection among one or more messaging servers and at least one client user station using a token-based, one-way handshake mechanism.

Citations

8 Claims

1. A secure messaging system, comprising:
- a first messaging server and a separate alert messaging database operating in a private network; and
  
  a second messaging server and an application server operating in a demilitarized zone (DMZ) network interposed between the private network and a public network;
  
  the first messaging server in the private network receiving an alert message destined for an intended recipient in the public network, sending the alert message to the separate alert messaging database in the private network for storage, generating an electronic message notification to inform the intended recipient of the alert message, and sending the message notification to the second messaging server in the DMZ network that communicates with the intended recipient;
  
  the second messaging server in the DMZ network receiving the electronic notification from the first messaging server in the private network and sending the message notification to a client device associated with the intended recipient in the public network;
  
  the application server operating in the DMZ network receiving a request from the client device for the alert message corresponding to the message notification, retrieving the alert message from the alert messaging database in the private network, and sending the alert message to the client device for presentation to the intended recipient, thereby avoiding direct communication between the first messaging server operating in the private network and the client device operating in the public network.
- View Dependent Claims (2, 3)
- - 2. The system of claim 1 wherein the DMZ network interposed between the private network and the public network comprises:
    - a region formed interposed between the first messaging server in the private network and the second messaging server and a second firewall interposed between the second messaging server and the public network.
  - 3. The system of claim 1, further comprising:
    - a plurality of second messaging servers operating in the DMZ network;
      
      upon receipt of the alert message, the first messaging server operating in the private network determining one of the plurality of second messaging servers assigned to the intended recipient, and sending the message notification corresponding to the alert message to the assigned one of the plurality of second messaging servers in the DMZ network.

4. A method for secure messaging in a system comprising a first messaging server and a separate alert messaging database operating in a private network and a second messaging server and an application server operating in a demilitarized zone (DMZ) network interposed between the private network and a public network, the method comprising:
- at the first messaging server in the private network, receiving an alert message destined for an intended recipient in the public network;
  
  sending the alert message from the first messaging server to the separate alert messaging database in the private network for storage;
  
  at the first messaging server in the private network, generating an electronic message notification to inform the intended recipient of the alert message;
  
  sending the message notification from the first messaging server to the second messaging server in the DMZ network that communicates with the intended recipient;
  
  sending the message notification from the second messaging server in the DMZ network to a client device associated with the intended recipient;
  
  at the application server operating in the DMZ network, receiving a request from the client device for the alert message corresponding to the message notification and, in response, retrieving the alert message from the alert messaging database in the private network and sending the alert message to the client device for presentation to the intended recipient in the public network, thereby avoiding direct communication between the first messaging server in the private network and the client device in the public network.
- View Dependent Claims (5, 6, 7, 8)
- - 5. The method of claim 4, further comprising, at the second messaging server operating in the DMZ network:
    - receiving a connection request from a user through a client device operating in the public network to access message notifications destined for the user as the intended recipient from the first messaging server in the private network;
      
      verifying authentication credentials of the user and authorization for the user to access alert messages from the first messaging server;
      
      upon a successful verification, establishing a connection with the client device in the public network;
      
      receiving electronic notifications of alert messages from the first messaging server in the private network destined for user as the intended recipient in the public network; and
      
      sending the message notifications to the client device.
  - 6. The method of claim 4 further comprising:
    - forwarding the message notification to the client device from the second messaging server over a first communication path from the DMZ network to the public network; and
      
      sending the alert message to the client device from the application server over a second communication path from the DMZ network to the public network.
  - 7. The method of claim 4 further comprising at the application server operating in the DMZ network:
    - receiving a registration request from the client device in the public network to receive message notifications from the first messaging server in the private network through the second messaging server in the DMZ network;
      
      generating a registration response comprising authentication credentials and connection information causing the client to access the second messaging server in the DMZ network; and
      
      sending the registration response to the client device in the public network to receive the message notifications from the second messaging server in the DMZ network.
  - 8. The method of claim 4, wherein the system further comprises a plurality of second messaging servers operating in the DMZ network, the method further comprising at the first messaging server operating in the private network:
    - upon receipt of the alert message, determining one of the plurality of second messaging servers assigned to the intended recipient; and
      
      sending the message notification corresponding to the alert message to the assigned one of the plurality of second messaging servers in the DMZ network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
UBS Business Solutions AG (UBS Ag)
Original Assignee
UBS Financial Services Incorporated (UBS Ag)
Inventors
Arnone, David J., Kosoy, Alex, Olivares, David R., Samtani, Gunjan, Sexton, David J.
Primary Examiner(s)
Smithers, Matthew B

Application Number

US11/824,115
Publication Number

US 20070255957A1
Time in Patent Office

802 Days
Field of Search

726/20
US Class Current

713/182
CPC Class Codes

H04L 12/1895   for short real-time informa...

H04L 43/0811   by checking connectivity

H04L 67/52   specially adapted for the l...

H04L 67/63   Routing a service request d...

H04L 69/329   in the application layer [O...

H04L 9/40   Network security protocols

Method and system for secure alert messaging

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

8 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for secure alert messaging

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

8 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links