Method and apparatus for maintaining security in a push server

US 6,742,127 B2
Filed: 01/28/2002
Issued: 05/25/2004
Est. Priority Date: 04/30/1998
Status: Expired due to Term

First Claim

Patent Images

1. A method of delivering notifications from an information server to a mobile client through a push server, the method comprising:

receiving in the push server a push request from the information server having updated information;

authenticating the information server with the push server;

verifying that content of the push request originates from an acceptable source; and

pushing the updated information in the push request to the mobile client if the push request contains the updated information and the push request originates from an acceptable source, the mobile client only communicating with the information server through the push server.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A secure push server is disclosed. The push server is used for sending notifications to different wireless clients on different wireless networks. The push server allows information service providers to send notifications to the wireless clients. The information service providers initiate a request to the push server that includes updated information. The request also includes a certificate from the information service provider. The push server authenticates the request from the information service provider by verifying the certificate. The push server also determines if the certificate was issued from an acceptable certificate authority by examining an acceptable certificate authority list. Finally, the push server checks the content of the notification to be sure it does not interfere with other information service providers. After performing the security checks, the push server processes the notification request.

106 Citations

View as Search Results

43 Claims

1. A method of delivering notifications from an information server to a mobile client through a push server, the method comprising:
- receiving in the push server a push request from the information server having updated information;
  
  authenticating the information server with the push server;
  
  verifying that content of the push request originates from an acceptable source; and
  
  pushing the updated information in the push request to the mobile client if the push request contains the updated information and the push request originates from an acceptable source, the mobile client only communicating with the information server through the push server.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. A method as recited in claim 1, wherein the push server resides in a proxy server that proxies communications between a plurality of mobile devices on a wireless network and a plurality of servers on a landline network.
  - 3. A method as recited in claim 2, wherein the landline network is the Internet.
  - 4. A method as recited in claim 1, further comprising verifying in the push server that the push request refers to information that originates from a server within a domain closely associated with the information server.
  - 5. A method as recited in claim 1, further comprising processing the push request in the push server if the push request contains the updated information and if the push request originates from an acceptable source, including:
6. A method as recited in claim 5, wherein said processing the push request further comprises:
- examining an access control list; and
  
  allowing the push request if the default security policy is to deny access and the information server is listed in said access control exception list.
7. A method as recited in claim 5, wherein said processing the push request comprises:
- examining an access control list; and
  
  allowing or denying the push request depending on whether the information server is listed in the access control list.
8. A method as recited in claim 1, wherein pushing the updated information comprises sending a notification across the wireless network to a wireless computing device.
9. A method as recited in claim 1, wherein the receiving in the push server a push request from the information server comprises initiating a secure socket layer (SSL) connection from the information server to the push server.
10. A method as recited in claim 1, wherein the certificate comprises an X.509 digital certificate.
11. A method as recited in claim 1, further comprising:
- determining whether the push request refers to an earlier push request;
  
  verifying that the push request comes from the same entity that sent the earlier push request if the push request refers to the earlier push request.
12. A method as recited in claim 1, further comprising:
- examining a uniform resource locator (URL) in the push request; and
  
  rejecting the push request if the URL refers to a domain not closely associated with a domain name in the certificate.
13. A method as recited in claim 12, wherein said rejecting the push request comprises rejecting the push request if a domain name address portion of the URL is not said domain name or an immediate superdomain of said domain name.
14. A method as recited in claim 1, further comprising:
- examining the push request to determine whether the push request contains a URL; and
  
  rejecting the push request if the URL is not absolute or does not contain a non-empty domain name address portion.

15. A processing system coupled to a wireless network and to a computer network, the processing system comprising:
- a processor; and
  
  a memory coupled to the processor to store instructions which, when executed by the processor, cause the processing system to perform a process which includes, receiving a push request that includes a set of information and a site certificate of an information server coupled to the computer network, the information server for pushing information to a plurality of clients;
  
  validating the integrity of the site certificate;
  
  processing the push request after validating the integrity of the site certificate; and
  
  pushing the set of information to a mobile client device on the wireless network if the integrity of the site certificate was validated successfully, the mobile client device communicating with the information server only through the processing system.
- View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29)
- - 16. A processing system as recited in claim 15, wherein the processing system is a proxy server that proxies communications between a plurality of mobile client devices on the wireless network and a plurality of servers on the computer network.
  - 17. A processing system as recited in claim 16, wherein the computer network is a landline computer network.
  - 18. A processing system as recited in claim 17, wherein the landline network is the Internet.
  - 19. A processing system as recited in claim 15, further comprising verifying in the processing system that the push request refers to information that originates from a server within a domain closely associated with the information server.
  - 20. A processing system as recited in claim 15, wherein said processing the push request comprises:
21. A processing system as recited in claim 20, wherein said processing the push request further comprises:
- examining an access control list; and
  
  allowing the push request if the default security policy is to deny access and the information server is listed in said access control exception list.
22. A processing system as recited in claim 15, wherein said processing the push request comprises:
- examining an access control list; and
  
  allowing or denying the push request depending on whether the information server is listed in the access control list.
23. A processing system as recited in claim 15, wherein pushing the set of information comprises sending a notification across the wireless network to a wireless computing device.
24. A processing system as recited in claim 15, wherein the receiving a push request comprises initiating a secure socket layer (SSL) connection from the information server to the processing system.
25. A processing system as recited in claim 15, wherein the certificate comprises an X.509 digital certificate.
26. A method as recited in claim 15, further comprising:
- determining whether the push request refers to an earlier push request;
  
  verifying that the push request comes from the same entity that sent the earlier push request if the push request refers to the earlier push request.
27. A processing system as recited in claim 17, further comprising:
- examining a uniform resource locator (URL) in the push request; and
  
  rejecting the push request if the URL refers to a domain name not closely associated with a domain name in the certificate.
28. A processing system as recited in claim 27, wherein said rejecting the push request comprises rejecting the push request if a domain name address portion of the URL is not said domain name or an immediate superdomain of said domain name.
29. A processing system as recited in claim 15, further comprising:
- examining the push request to determine whether the push request contains a URL; and
  
  rejecting the push request if the URL is not absolute or does not contain a non-empty domain name address portion.

30. A push server for delivering notifications from an information server on a landline data network to a mobile client device on a wireless telecommunications network, the push server comprising:
- means for receiving a push request at the push server from the information server on the landline data network, the push request including a certificate from the information server;
  
  means for authenticating the information server in the push server by validating the integrity of the certificate, and determining if the certificate was issued from an acceptable certificate authority in an acceptable certificate authority list;
  
  means for processing the push request in the push server if the certificate was issued by an acceptable certificate authority in the acceptable certificate authority list and the certificate was validated; and
  
  means for pushing updated information in the push request from the push server to the mobile client device on the wireless telecommunications network if the push request contains the updated information and the processing succeeded, the mobile client device only communicating with the information server through the push server.
- View Dependent Claims (31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43)
- - 31. A push server as recited in claim 30, further comprising means for proxying communications between mobile devices on the wireless telecommunications network and servers on the landline data network.
  - 32. A push server as recited in claim 31, wherein the landline data network is the Internet.
  - 33. A push server as recited in claim 30, further comprising means for verifying in the push server that the push request refers to information that originates from a server within a domain closely associated with the information server.
  - 34. A push server as recited in claim 30, further comprising:
35. A push server as recited in claim 34, wherein said means for processing the push request further comprises:
- means for examining an access control list; and
  
  means for allowing the push request if the default security policy is to deny access and the information server is listed in said access control exception list.
36. A push server as recited in claim 30, wherein said means for processing the push request comprises:
- means for examining an access control list; and
  
  means for allowing or denying the push request depending on whether the information server is listed in the access control list.
37. A push server as recited in claim 30, wherein said means for pushing the updated information comprises means for sending a notification across the wireless network to a wireless computing device.
38. A push server as recited in claim 30, wherein said means for receiving in the push server a push request from the information server comprises means for initiating a secure socket layer (SSL) connection from the information server to the push server.
39. A push server as recited in claim 30, wherein the certificate comprises an X.509 digital certificate.
40. A push server as recited in claim 30, further comprising:
- means for determining whether the push request refers to an earlier request; and
  
  means for verifying that the push request comes from the same entity that sent the earlier push request if the push request refers to the earlier push request.
41. A push server as recited in claim 30, further comprising:
- means for examining a universal resource locator (URL) in the push request; and
  
  means for rejecting the push request if the URL refers to a domain not closely associated with a domain name in the certificate.
42. A push server as recited in claim 41, wherein said means for rejecting the push request comprises means for rejecting the push request if a domain name address portion of the URL is not said domain name or an immediate superdomain of said domain name.
43. A push server as recited in claim 30, further comprising:
- means for examining the push request to determine whether the push request contains a URL; and
  
  means for rejecting the push request if the URL is not absolute or does not contain a non-empty domain name address portion.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Unwired Planet LLC (JP Morgan Chase & Co)
Original Assignee
Openwave Systems Incorporated (JP Morgan Chase & Co)
Inventors
Ramasubramani, Seetharaman, King, Peter F., Fox, Mark A.
Primary Examiner(s)
HUA, LY

Application Number

US10/059,949
Publication Number

US 20040068665A1
Time in Patent Office

848 Days
Field of Search

713/200, 713/201
US Class Current

726/10
CPC Class Codes

H04L 12/1859   adapted to provide push ser...

H04L 12/189   in combination with wireles...

H04L 63/0823   using certificates cryptogr...

H04L 63/101   Access control lists [ACL]

H04L 63/102   Entity profiles

H04L 63/126   the source of the received ...

H04L 63/1458   Denial of Service

H04L 63/1466   Active attacks involving in...

H04L 67/04   specially adapted for termi...

H04L 67/55   Push-based network services

H04L 69/329   in the application layer [O...

H04L 9/40   Network security protocols

H04W 12/069   using certificates or pre-s...

H04W 12/086   using security domains

H04W 12/106   Packet or message integrity

H04W 12/122   Counter-measures against at...

Method and apparatus for maintaining security in a push server

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

106 Citations

43 Claims

Specification

Use Cases

Quick Links

Others

Method and apparatus for maintaining security in a push server

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

106 Citations

43 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others