Secure push and status communication between client and server

US 8,099,764 B2
Filed: 12/17/2007
Issued: 01/17/2012
Est. Priority Date: 12/17/2007
Status: Active Grant

First Claim

Patent Images

1. A method of authentication and authorization between a client, a server, and a gateway to facilitate communicating a message between the client and the server through the gateway, the client having a trusted relationship with each of the gateway and the server, the method comprising:

registering the client with the gateway using a computing system including at least one processing unit and memory, including;

forming a push channel between the client and the gateway to allow the gateway to communicate with the client, andreceiving, by the client, an address space identifying the gateway, wherein the address space is a uniform resource locator having a hierarchical format that encodes identification information associated with the gateway and the client;

constructing, by the client, the address space identifying the gateway and the client;

communicating, by the client, the address space to the server;

receiving, by the client, an identity identifying the server; and

if the client authorizes to receive a message from the server through the gateway, informing, by the client, the authorization to the gateway, including;

putting the identity identifying the server on a list of servers which are authorized to send messages to the client; and

communicating the list of servers to the gateway.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods of authentication and authorization between a client, a server, and a gateway to facilitate communicating a message between a client and a server through a gateway. The client has a trusted relationship with each of the gateway and the server. A method includes registering the client with the gateway. The client also constructs the address space identifying the gateway and the client. The client communicates the address space to the server. The client receives an identity identifying the server. If the client authorizes to receive a message from the server through the gateway, the client informs the authorization to the gateway. The client puts the identity identifying the server on a list of servers which are authorized to send messages to the client. In addition, the client communicates the list of servers to the gateway.

Citations

14 Claims

1. A method of authentication and authorization between a client, a server, and a gateway to facilitate communicating a message between the client and the server through the gateway, the client having a trusted relationship with each of the gateway and the server, the method comprising:
- registering the client with the gateway using a computing system including at least one processing unit and memory, including;
  
  forming a push channel between the client and the gateway to allow the gateway to communicate with the client, andreceiving, by the client, an address space identifying the gateway, wherein the address space is a uniform resource locator having a hierarchical format that encodes identification information associated with the gateway and the client;
  
  constructing, by the client, the address space identifying the gateway and the client;
  
  communicating, by the client, the address space to the server;
  
  receiving, by the client, an identity identifying the server; and
  
  if the client authorizes to receive a message from the server through the gateway, informing, by the client, the authorization to the gateway, including;
  
  putting the identity identifying the server on a list of servers which are authorized to send messages to the client; and
  
  communicating the list of servers to the gateway.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, further comprising receiving the message from the gateway, wherein the gateway authenticates a server communication between the server and the gateway, wherein the gateway forwards the message to the client when the identity identifying the server is on the list of servers authorized to send messages to the client.
  - 3. The method of claim 1, the method further comprising:
    - selecting servers to be authorized to send messages to the client; and
      
      revoking any authorized server to send messages to the client at any time without a notice to the authorized server.
  - 4. The method of claim 1, the method further comprising:
    - maintaining a communication link between the client and the gateway.
  - 5. The method of claim 1, wherein the uniform resource locator includes:
    - (i) a domain name of the gateway, the domain name providing the server with the address to which to send messages;
      
      (ii) a client name identifying the client so that the gateway knows to whom to send messages; and
      
      (iii) an application name which identifies a client application residing on the client that receives messages.
  - 6. The method of claim 1, the method further comprising:
    - generating a list of servers which are authorized to send messages to the client.
  - 7. The method of claim 6, the method further comprising:
    - publishing the address space to the authorized servers.

8. A system for authenticating and authorizing a client and a server through a gateway to facilitate message communication, the system comprising:
- at least one processing unit; and
  
  a memory encoding instructions that, when executed by the processing unit, cause the processing unit to create;
  
  a push channel controller programmed to control an open channel between the client and the gateway;
  
  a client registration and status module programmed to register the client, the client registration and status module communicating with the push channel controller to track a communication link status of the client, the client registration and status module distributing the communication link status of the client to the server, the link status indicating whether the client'"'"'s link status is online or offline, and the client registration and status module sending keep-alive messages to the client to determine the link status, a frequency of the sending of the keep-alive messages being adjusted based on a tolerance set by the server; and
  
  a push authorization module programmed to authorize a message to be sent to the client based on comparing an identity of the server to an authorization list of approved servers.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The system of claim 8, further comprising:
    - a message forwarder programmed to receive the message from the server, consult with the push authorization module on authorization, and deliver the message to the client subject to the authorization of the push authorization module and based on an address space identifying the client in the message.
  - 10. The system of claim 8, wherein the client registration and status module distributes the communication link status of the client to servers subscribing to a notification on the communication link status when the communication link status changes.
  - 11. The system of claim 8, wherein message communications are aggregated over a single communication channel for messages of multiple clients if the messages come from a same server and use a same gateway, the single channel being a Security Socket Layer or Transport Layer Security communication channel.
  - 12. The system of claim 8, wherein the authorization list includes a configuration list maintained by the gateway and a client initiated list maintained by the client.
  - 13. The system of claim 12, wherein the message is authorized to be sent to the client if the server is on both the configuration list and the client initiated list.
  - 14. The system of claim 12, wherein the message is authorized to be sent to the client if the server is on either the configuration list or the client initiated list.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Herzog, Shai, Klein, Johannes, Gavrilescu, Alexandru
Primary Examiner(s)
Najjar, Saleh
Assistant Examiner(s)
Pan, Joseph

Application Number

US11/957,815
Publication Number

US 20090158397A1
Time in Patent Office

1,492 Days
Field of Search

713/155, 713/168, 713/170, 726/4, 726/21, 380/229, 380/247, 709/206, 709/227
US Class Current

726/4
CPC Class Codes

H04L 12/1859   adapted to provide push ser...

H04L 51/58   Message adaptation for wire...

H04L 63/08   for authentication of entit...

H04L 63/101   Access control lists [ACL]

H04L 63/102   Entity profiles

H04L 63/166   at the transport layer

H04L 67/01   Protocols

H04L 67/04   specially adapted for termi...

H04L 67/303   Terminal profiles

H04L 67/55   Push-based network services

H04W 12/082   using revocation of authori...

H04W 4/12   Messaging; Mailboxes; Annou...

Secure push and status communication between client and server

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Secure push and status communication between client and server

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links