Service denial notification in secure socket layer (SSL) processing

US 9,888,290 B1
Filed: 03/24/2016
Issued: 02/06/2018
Est. Priority Date: 03/24/2016
Status: Active Grant

First Claim

Patent Images

1. A data communication gateway, comprising:

a processor;

a non-transitory memory; and

an application stored in the non-transitory memory that, when executed by the processor;

receives a secure socket layer (SSL) client hello message identifying a server and an application layer communication protocol from a client executing on one of a user equipment (UE), a laptop computer, a notebook computer, a tablet computer, a desktop computer, or a set-top box,determines to deny an application layer communication service access of the client to the identified server, andin response to determining to deny application layer communication service access of the client to the identified server, sending a SSL server hello message comprising a client redirection extension to the client, where the client redirection extension identifies a web server configured to provide a courtesy message associated with the service denial in response to a hypertext transfer protocol (HTTP) GET message or a secure hypertext transfer protocol (HTTPS) GET message, where the web server is different from the server identified in the SSL client hello message.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A data communication gateway. The gateway comprises a processor, a non-transitory memory, and an application stored in the non-transitory memory. When executed by the processor, the application receives a secure socket layer (SSL) client hello message identifying a server and an application layer communication protocol from a client executing on one of a user equipment (UE), a laptop computer, a notebook computer, a tablet computer, or a desktop computer and determines to deny an application layer communication service access of the client to the identified server. In response to determining to deny service access, sending a SSL server hello message comprising a client redirection extension to the client that identifies a web server configured to provide a courtesy message associated with the service denial in response to a hypertext transfer protocol (HTTP) GET message or a secure hypertext transfer protocol (HTTPS) GET message.

32 Citations

View as Search Results

20 Claims

1. A data communication gateway, comprising:
- a processor;
  
  a non-transitory memory; and
  
  an application stored in the non-transitory memory that, when executed by the processor;
  
  receives a secure socket layer (SSL) client hello message identifying a server and an application layer communication protocol from a client executing on one of a user equipment (UE), a laptop computer, a notebook computer, a tablet computer, a desktop computer, or a set-top box,determines to deny an application layer communication service access of the client to the identified server, andin response to determining to deny application layer communication service access of the client to the identified server, sending a SSL server hello message comprising a client redirection extension to the client, where the client redirection extension identifies a web server configured to provide a courtesy message associated with the service denial in response to a hypertext transfer protocol (HTTP) GET message or a secure hypertext transfer protocol (HTTPS) GET message, where the web server is different from the server identified in the SSL client hello message.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The data communication gateway of claim 1, wherein the non-transitory memory comprises a blacklist of domain names and Internet protocol (IP) addresses, and the application determines to deny the application layer communication service access of the client to the identified server because the server is identified in the blacklist.
  - 3. The data communication gateway of claim 2, wherein the blacklist of domain names and IP addresses is associated with parental controls and the UE is associated with a wireless communication service subscription that has parental controls authorized for the subscription.
  - 4. The data communication gateway of claim 1, wherein the UE is associated with a wireless communication service subscription that has parental controls authorized for the subscription, where the non-transitory memory comprises a plurality of different blacklists, where each blacklist comprises domain names and IP addresses, where some of the different blacklists are associated with different categories of parental controls and where the application further:
    - determines a category of parental controls authorized for the UE,selects one of the blacklists stored in the non-transitory memory based on the category of parental controls authorized for the UE, andcompares the identity of the server to the selected blacklist, andwhere the application determines to deny the application layer communication service access of the client to the identified server because the server is identified in the selected blacklist.
  - 5. The data communication gateway of claim 1, where the UE is one of a mobile phone, a personal digital assistant (PDA), a media player, a headset computer, or a wearable computer.
  - 6. The data communication gateway of claim 1, wherein the application determines to deny the application layer communication service access of the client based on a wireless communication service subscription associated with the UE exceeding a data consumption threshold defined in a service plan of the subscription.
  - 7. The data communication gateway of claim 6, where the courtesy message associated with the service denial provides a selection input for upgrading the service plan of the subscription.
  - 8. The data communication gateway of claim 1, wherein the application layer communication protocol identified in the SSL client hello message is a HTTP application layer communication protocol.

9. A user equipment (UE), comprising:
- a processor;
  
  a non-transitory memory;
  
  a display;
  
  a cellular radio transceiver; and
  
  an application stored in the non-transitory memory that, when executed by the processor;
  
  establishes a first transmission control protocol (TCP) connection to a content server,sends a secure socket layer (SSL) client hello message over the first TCP connection via the cellular radio transceiver, where the SSL client hello message identifies the content server and an application layer communication protocol,receives a SSL server hello message over the first TCP connection via the cellular radio transceiver, where the SSL sever hello message comprises a client redirection extension that identifies a web server, where the web server is different from the server identified in the SSL client hello message,in response to the SSL server hello message comprising the client redirection extension, tears down the first TCP connection to the content server,in response to the SSL server hello message comprising the client redirection extension, establishes a second TCP connection to the web server,sends one of a hypertext transfer protocol (HTTP) GET or a secure hypertext transfer protocol (HTTPS) GET over the second TCP connection via the radio transceiver to the web server,receives a courtesy message over the second TCP connection via the radio transceiver from the web server, where the courtesy message comprises information about a denial of communication service associated with the application layer communication protocol identified in the SSL client hello message, andpresents information from the courtesy message on the display.
- View Dependent Claims (10, 11)
- - 10. The UE of claim 9, where the UE is one of a mobile phone, a personal digital assistant (PDA), a media player, a headset computer, or a wearable computer.
  - 11. The UE of claim 9, where the application is a web browser application.

12. A method of mediating data communication service, comprising:
- receiving a secure socket layer (SSL) client hello message identifying a server and an application layer communication protocol by a data communication gateway from a client executing on one of a user equipment (UE), a laptop computer, a notebook computer, a tablet computer, a desktop computer, or a set-top box;
  
  determining by the data communication gateway to deny an application layer communication service access of the client to the identified server; and
  
  in response to determining to deny application layer communication service access of the client to the identified server, sending a SSL server hello message comprising a client redirection extension by the data communication gateway to the client, where the client redirection extension identifies a web server configured to provide a courtesy message associated with the service denial in response to a hypertext transfer protocol (HTTP) GET message or a secure hypertext transfer protocol (HTTPS) GET message, where the web server is different from the server identified in the SSL client hello message.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
- - 13. The method of claim 12, wherein the data communication gateway determines to deny the application layer communication service access based on a communication service subscriber associated with the UE exceeding a data consumption threshold defined in a service plan of the subscriber.
  - 14. The method of claim 12, wherein the data communication gateway determines to deny the application layer communication service access based on the web server being identified on a blacklist.
  - 15. The method of claim 12, wherein the data communication gateway determines to deny the application layer communication service access based on applying parental controls defined for a service plan of a communication service subscriber associated with the UE.
  - 16. The method of claim 15, wherein determining to deny the application layer communication service access further comprises:
    - determining a category of parental controls authorized for the UE;
      
      selecting a blacklist of domain names and Internet protocol (IP) addresses, where the blacklist is selected based on the category of parental controls; and
      
      comparing the identity of the server to the blacklist of domain names and IP addresses.
  - 17. The method of claim 12, wherein the application layer communication protocol identified in the SSL client hello message is a HTTP application layer communication protocol.
  - 18. The method of claim 12, further comprising sending a SSL client hello message by the data communication gateway to the server identified in the SSL client hello message received from the UE.
  - 19. The method of claim 18, further comprising receiving a SSL server hello message from the server identified in the SSL client hello message received from the UE by the data communication gateway.
  - 20. The method of claim 19, further comprising discarding by the data communication gateway the SSL server hello message received from the server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
T-Mobile Innovations LLC (Deutsche Telekom AG)
Original Assignee
Sprint Communications Company LP (Deutsche Telekom AG)
Inventors
Malhotra, Rajil, Mazza, Tania S., Pavanasam, Chidambaram, Subramanyan, Badri P.
Primary Examiner(s)
Kumar, Pankaj
Assistant Examiner(s)
Newlin, Timothy

Application Number

US15/080,542
Time in Patent Office

684 Days
Field of Search
US Class Current
CPC Class Codes

H04L 12/14   Charging , metering or bill...

H04L 12/1403   Architecture for metering, ...

H04L 63/166   at the transport layer

H04L 67/02   based on web technology, e....

H04L 67/563   Data redirection of data ne...

H04M 15/53   using mediation

H04M 15/83   Notification aspects

H04M 15/85   characterised by the type o...

H04M 15/856   Unsuccessful event

H04N 21/2541   Rights Management protectin...

H04N 21/2543   Billing , e.g. for subscrip...

H04N 21/26225   involving billing parameter...

H04N 21/4627   Rights management associate...

H04N 21/4751   for defining user accounts,...

H04N 21/6125   involving transmission via ...

H04N 21/64322   IP

Service denial notification in secure socket layer (SSL) processing

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

32 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Service denial notification in secure socket layer (SSL) processing

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

32 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links