Method and apparatus for maintaining security in a push server
First Claim
1. A method of delivering notifications from an information server to a mobile client through a push server, the method comprising:
- receiving in the push server a push request from the information server having updated information;
authenticating the information server with the push server;
verifying that content of the push request originates from an acceptable source; and
pushing the updated information in the push request to the mobile client if the push request contains the updated information and the push request originates from an acceptable source, the mobile client only communicating with the information server through the push server.
6 Assignments
0 Petitions
Accused Products
Abstract
A secure push server is disclosed. The push server is used for sending notifications to different wireless clients on different wireless networks. The push server allows information service providers to send notifications to the wireless clients. The information service providers initiate a request to the push server that includes updated information. The request also includes a certificate from the information service provider. The push server authenticates the request from the information service provider by verifying the certificate. The push server also determines if the certificate was issued from an acceptable certificate authority by examining an acceptable certificate authority list. Finally, the push server checks the content of the notification to be sure it does not interfere with other information service providers. After performing the security checks, the push server processes the notification request.
106 Citations
43 Claims
-
1. A method of delivering notifications from an information server to a mobile client through a push server, the method comprising:
-
receiving in the push server a push request from the information server having updated information;
authenticating the information server with the push server;
verifying that content of the push request originates from an acceptable source; and
pushing the updated information in the push request to the mobile client if the push request contains the updated information and the push request originates from an acceptable source, the mobile client only communicating with the information server through the push server. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
examining a default security policy; and
handling the push request according to the default security policy.
-
-
6. A method as recited in claim 5, wherein said processing the push request further comprises:
-
examining an access control list; and
allowing the push request if the default security policy is to deny access and the information server is listed in said access control exception list.
-
-
7. A method as recited in claim 5, wherein said processing the push request comprises:
-
examining an access control list; and
allowing or denying the push request depending on whether the information server is listed in the access control list.
-
-
8. A method as recited in claim 1, wherein pushing the updated information comprises sending a notification across the wireless network to a wireless computing device.
-
9. A method as recited in claim 1, wherein the receiving in the push server a push request from the information server comprises initiating a secure socket layer (SSL) connection from the information server to the push server.
-
10. A method as recited in claim 1, wherein the certificate comprises an X.509 digital certificate.
-
11. A method as recited in claim 1, further comprising:
-
determining whether the push request refers to an earlier push request;
verifying that the push request comes from the same entity that sent the earlier pushrequest if the push request refers to the earlier push request.
-
-
12. A method as recited in claim 1, further comprising:
-
examining a uniform resource locator (URL) in the push request; and
rejecting the push request if the URL refers to a domain not closely associated with a domain name in the certificate.
-
-
13. A method as recited in claim 12, wherein said rejecting the push request comprises rejecting the push request if a domain name address portion of the URL is not said domain name or an immediate superdomain of said domain name.
-
14. A method as recited in claim 1, further comprising:
-
examining the push request to determine whether the push request contains a URL; and
rejecting the push request if the URL is not absolute or does not contain a non-empty domain name address portion.
-
-
15. A processing system coupled to a wireless network and to a computer network, the processing system comprising:
-
a processor; and
a memory coupled to the processor to store instructions which, when executed by the processor, cause the processing system to perform a process which includes, receiving a push request that includes a set of information and a site certificate of an information server coupled to the computer network, the information server for pushing information to a plurality of clients;
validating the integrity of the site certificate;
processing the push request after validating the integrity of the site certificate; and
pushing the set of information to a mobile client device on the wireless network if the integrity of the site certificate was validated successfully, the mobile client device communicating with the information server only through the processing system. - View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29)
examining a default security policy; and
handling the push request according to the default security policy.
-
-
21. A processing system as recited in claim 20, wherein said processing the push request further comprises:
-
examining an access control list; and
allowing the push request if the default security policy is to deny access and the information server is listed in said access control exception list.
-
-
22. A processing system as recited in claim 15, wherein said processing the push request comprises:
-
examining an access control list; and
allowing or denying the push request depending on whether the information server is listed in the access control list.
-
-
23. A processing system as recited in claim 15, wherein pushing the set of information comprises sending a notification across the wireless network to a wireless computing device.
-
24. A processing system as recited in claim 15, wherein the receiving a push request comprises initiating a secure socket layer (SSL) connection from the information server to the processing system.
-
25. A processing system as recited in claim 15, wherein the certificate comprises an X.509 digital certificate.
-
26. A method as recited in claim 15, further comprising:
determining whether the push request refers to an earlier push request;
verifying that the push request comes from the same entity that sent the earlier push request if the push request refers to the earlier push request.
-
27. A processing system as recited in claim 17, further comprising:
-
examining a uniform resource locator (URL) in the push request; and
rejecting the push request if the URL refers to a domain name not closely associated with a domain name in the certificate.
-
-
28. A processing system as recited in claim 27, wherein said rejecting the push request comprises rejecting the push request if a domain name address portion of the URL is not said domain name or an immediate superdomain of said domain name.
-
29. A processing system as recited in claim 15, further comprising:
-
examining the push request to determine whether the push request contains a URL; and
rejecting the push request if the URL is not absolute or does not contain a non-empty domain name address portion.
-
-
30. A push server for delivering notifications from an information server on a landline data network to a mobile client device on a wireless telecommunications network, the push server comprising:
-
means for receiving a push request at the push server from the information server on the landline data network, the push request including a certificate from the information server;
means for authenticating the information server in the push server by validating the integrity of the certificate, and determining if the certificate was issued from an acceptable certificate authority in an acceptable certificate authority list;
means for processing the push request in the push server if the certificate was issued by an acceptable certificate authority in the acceptable certificate authority list and the certificate was validated; and
means for pushing updated information in the push request from the push server to the mobile client device on the wireless telecommunications network if the push request contains the updated information and the processing succeeded, the mobile client device only communicating with the information server through the push server. - View Dependent Claims (31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43)
means for processing the push request in the push server if the push request contains the updated information and if the push request originates from acceptable source, including, means for examining a default security policy; and
means for handling the push request according to the default security policy.
-
-
35. A push server as recited in claim 34, wherein said means for processing the push request further comprises:
-
means for examining an access control list; and
means for allowing the push request if the default security policy is to deny access and the information server is listed in said access control exception list.
-
-
36. A push server as recited in claim 30, wherein said means for processing the push request comprises:
-
means for examining an access control list; and
means for allowing or denying the push request depending on whether the information server is listed in the access control list.
-
-
37. A push server as recited in claim 30, wherein said means for pushing the updated information comprises means for sending a notification across the wireless network to a wireless computing device.
-
38. A push server as recited in claim 30, wherein said means for receiving in the push server a push request from the information server comprises means for initiating a secure socket layer (SSL) connection from the information server to the push server.
-
39. A push server as recited in claim 30, wherein the certificate comprises an X.509 digital certificate.
-
40. A push server as recited in claim 30, further comprising:
-
means for determining whether the push request refers to an earlier request; and
means for verifying that the push request comes from the same entity that sent the earlier push request if the push request refers to the earlier push request.
-
-
41. A push server as recited in claim 30, further comprising:
-
means for examining a universal resource locator (URL) in the push request; and
means for rejecting the push request if the URL refers to a domain not closely associated with a domain name in the certificate.
-
-
42. A push server as recited in claim 41, wherein said means for rejecting the push request comprises means for rejecting the push request if a domain name address portion of the URL is not said domain name or an immediate superdomain of said domain name.
-
43. A push server as recited in claim 30, further comprising:
-
means for examining the push request to determine whether the push request contains a URL; and
means for rejecting the push request if the URL is not absolute or does not contain a non-empty domain name address portion.
-
Specification