[특허]Secure end-to-end notification

Secure end-to-end notification 원문보기

IPC분류정보
국가/구분	United States(US) Patent 등록
국제특허분류(IPC7판)	H04L-009/00
출원번호	US-0062068 (2002-01-31)
등록번호	US-7299349 (2007-11-20)
발명자 / 주소	Cohen,Josh R. Kramer,Michael Hammond,Bradley M. Roberts,Paul Simon,Daniel R. Butler,Lee M. Zhu,Yuhang
출원인 / 주소	Microsoft Corporation
대리인 / 주소	Workman Nydegger
인용정보	피인용 횟수 : 10 인용 특허 : 7

초록 ▼

Providing secure end-to-end notifications from a notification source to a notification sink despite the notification mechanism including one or more message transit points between the notification source and the notification sink. Initially, security information (e.g., the master security, the cryptographic algorithm, and the like) is negotiated out-of-band from the one or more message transit points so that the message transit points are not apprised of the security information. When a designated event occurs, the notification source generates a push message that includes the notification encrypted using the pre-negotiated security information. When the notification sink receives the push message, the notification sink decrypts the notification using the pre-negotiated security information, as well as supplemental information provided in the push message. Thus, the message transit points only have access to the encrypted form of the notification.

대표청구항 ▼

What is claimed and desired to be secured by United States Letters Patent is: 1. In a network that includes at least one notification source and at least one notification sink, the network supporting a notification mechanism by which the notification source passes notifications to the notification sink via at least one message transit point, a method for securely passing a notification from the notification source to the notification sink using the notification mechanism while providing end-to-end security despite the existence of the at least one message transit point, the method comprising the following: an act of negotiating security information between the notification source and the notification sink out of band from the notification mechanism over which the notification source is configured to send notifications to the notification sink, which notifications are secured using the negotiated security information, the out-of-band negotiating occurring through a network connection that excludes the at least one message transit point, and such that the at least one message transit point through which the notification mechanism subsequently sends notifications from the notification source to the notification sink is bypassed during the out of band negotiating; after the security information has been negotiated, an act of using the security information to generate an HTTP message that includes an encrypted form of the notification, the HTTP message being included in a PAP message containing an ESP object, wherein the PAP message has at least one PAP header, and wherein the at least one PAP header include a schema document specifying an address of the notification sink for facilitating point-to-point transmission of the generated message, the generated HTTP message further including clear-text supplemental information that may be used by the notification sink to decrypt the notification using the security information; and an act of initiating transmission of the HTTP message to the notification sink via the at least one message transit point using the notification mechanism, wherein the notification sink is configured to decrypt the notification using the clear-text supplemental information included in the HTTP message and the security information previously negotiated between the notification source and the notification sink. 2. A method in accordance with claim 1, wherein the act of using the security information to generate an HTTP message that includes an encrypted form of the notification comprises the following: an act of using the security information to generate an HTTP message that includes an encrypted form of an automatically-generated notification. 3. A method in accordance with claim 1, wherein the act of using the security information to generate an HTTP message that includes an encrypted form of the notification comprises the following: an act of using the security information to generate an HTTP message that includes an encrypted form of a subscription-based notification. 4. A method in accordance with claim 1, wherein the at least one message transit point comprises a server maintained by a wireless carrier, wherein the act of initiating transmission of the HTTP message to the notification sink comprises the following: an act of initiating transmission of the HTTP message to a wireless device via the server maintained by the wireless carrier. 5. A method in accordance with claim 1, wherein the at least one message transit point comprises a server, wherein the act of initiating transmission of the HTTP message to the notification sink comprises the following: an act of transmitting the HTTP message to the server using a first protocol, wherein the server transmits the HTTP message to a wireless device using a second protocol. 6. A method in accordance with claim 5, wherein the act of transmitting the HTTP message to the server using a first protocol comprises the following: an act of transmitting the HTTP message to a Push Proxy Gateway (PPG). 7. A method in accordance with claim 6, wherein the HTTP message is included as a multipart segment. 8. A method in accordance with claim 7, wherein the server is configured to extract the HTTP message from the PAP message and transmit the HTTP message to the wireless device. 9. A method in accordance with claim 8, wherein the server is configured to extract the HTTP message from the PAP message and encode the HTTP message in a Push Over-the-Air protocol message. 10. A method in accordance with claim 1, wherein the clear-text supplemental information that may be used to decrypt the notification using the security information comprises a session identifier field. 11. A method in accordance with claim 1, wherein the encrypted form of the notification comprises a payload data field. 12. A method in accordance with claim 1, wherein the at least one message transmit point comprises a corporate server. 13. A method in accordance with claim 1, wherein the act of negotiating security information between the notification source and the notification sink comprises the following: an act of establishing a secure session between the notification source and the notification sink. 14. A method in accordance with claim 13, wherein the act of establishing a secure session between the notification source and the notification sink comprises the following: an act of establishing a Secure Socket Layer (SSL) session between the notification source and the notification sink. 15. A method in accordance with claim 1, wherein the act of negotiating security information between the notification source and the notification sink comprises: an act of negotiating a master secret shared by the notification source and the notification sink. 16. A method in accordance with claim 1, wherein the act of negotiating security information between the notification source and the notification sink comprises: an act of negotiating a cryptographic algorithm to be used when encrypting and decrypting notifications. 17. In a network that includes at least one notification source and at least one notification sink, the network supporting a notification mechanism by which the notification source passes notifications to the notification sink via at least one message transit point, a method for securely passing a notification from the notification source to the notification sink using the notification mechanism while providing end-to-end security despite the existence of the at least one message transit point, the method comprising the following: a step for drafting a message so as to ensure secure end-to-end notification between the notification source and the notification sink, including an act of negotiating security information between the notification source and the notification sink out of band from the notification mechanism over which the notification source is configured to send notifications to the notification sink, which notifications are secured using the negotiated security information, the out-of-band negotiating occurring through a network connection that excludes the at least one message transit point, and such that the at least one message transit point through which the notification mechanism subsequently sends notifications from the notification source to the notification sink is bypassed during the out of band negotiating, and wherein the drafted message is an HTTP message that includes an encrypted form of the notification, the HTTP message being included in a PAP message containing an ESP object and at least one PAP header, wherein the at least one PAP header includes a schema document specifying an address corresponding to the notification sink for facilitating point-to-point transmission of the drafted HTTP message, and the HTTP message further including clear-text supplemental information; and an act of initiating transmission of the HTTP message to the notification sink using the address of the notification sink and via the at least one message transit point using the notification mechanism, wherein the notification sink is configured to decrypt the notification using the clear-text supplemental information included in the HTTP message and the security information previously negotiated between the notification source and the notification sink. 18. A computer program product for use in a network that includes at least one notification source and at least one notification sink, the network supporting a notification mechanism by which the notification source passes notifications to the notification sink via at least one message transit point, the computer program product for implementing a method for securely passing a notification from the notification source to the notification sink using the notification mechanism while providing end-to-end security despite the existence of the at least one message transit point, the computer program product comprising: one or more computer-readable storage media having stored thereon computer executable instructions that, when executed by a processor, cause a computing system to perform the method for securely passing the notification, the method including: negotiating security information between the notification source and the notification sink out of band from the notification mechanism over which the notification source is configured to send notifications to the notification sink, which notifications are secured using the negotiated security information, the out-of-band negotiating occurring through a network connection that excludes the at least one message transit point, and such that the at least one message transit point through which the notification mechanism subsequently sends notifications from the notification source to the notification sink is bypassed during the out of band negotiating; using the security information to generate an HTTP message after the security information has been negotiated, the HTTP message including an encrypted form of the notification, and the HTTP message being included within a PAP message containing an ESP object and at least one PAP header, the at least one PAP header including a schema document specifying an address of the notification sink for facilitating point-to-point transmission of the generated HTTP message, the generated HTTP message further including clear-text supplemental information that may be used by the notification sink to decrypt the notification using the security information; and causing the HTTP message to be transmitted to the notification sink via the at least one message transit point using the notification mechanism, wherein the notification sink is configured to decrypt the notification using the clear-text supplemental information included in the HTTP message and the security information previously negotiated between the notification source and the notification sink. 19. A computer program product in accordance with claim 18, wherein causing the HTTP message to be transmitted to the notification sink comprise the following: causing the HTTP message to be transmitted to the server using a first protocol, wherein the server transmits the HTTP message to a wireless device using a second protocol. 20. A computer program product in accordance with claim 19, wherein causing the HTTP message to be transmitted to the server using a first protocol comprise the following: causing the HTTP message to be transmitted to a Push Proxy Gateway (PPG). 21. A computer program product in accordance with claim 18, wherein negotiating security information between the notification source and the notification sink comprises the following: establishing a secure session between the notification source and the notification sink. 22. In a network that includes at least one notification source and at least one notification sink, the network supporting a notification mechanism by which the notification source passes notifications to the notification sink via at least one message transit point, a method for securely receiving a notification from the notification source using the notification mechanism while providing end-to-end security despite the existence of the at least one message transit point, the method comprising the following: an act of negotiating security information between the notification source and the notification sink out of band from the notification mechanism over which the notification source is configured to send notifications to the notification sink, which notifications are secured using the negotiated security information, the out-of-band negotiating occurring through a network connection that excludes the at least one message transit point, and such that the at least one message transit point through which the notification mechanism subsequently sends notifications from the notification source to the notification sink is bypassed during the out of band negotiating; after the security information has been negotiated, an act of receiving an HTTP message from the notification source that was received via the at least one message transit point using the notification mechanism, wherein the HTTP message includes an encrypted form of the notification, the HTTP message being included in a PAP message with an ESP object and one or more PAP headers, wherein the one or more PAP headers includes a schema document specifying an address of the notification sink for facilitating point-to-point transmission of the HTTP message, the HTTP message further including clear-text supplemental information that may be used by the notification sink to decrypt the notification using security information; and an act of using the security information previously negotiated between the notification source and notification sink along with the clear-text supplemental information included in the HTTP message to decrypt the encrypted form of the notification also included in the HTTP message. 23. A method in accordance with claim 22, wherein the act of receiving the HTTP message in the PAP message with the ESP object comprises the following: an act of receiving the ESP object as a MIME attachment encoded with a Push Over-the-Air protocol message. 24. A computer program product for use in a network that includes at least one notification source and at least one notification sink, the network supporting a notification mechanism by which the notification source passes notifications to the notification sink via at least one message transit point, the computer program product for implementing a method for securely receiving a notification from the notification source to the notification sink using the notification mechanism while providing end-to-end security despite the existence of the at least one message transit point, the computer program product comprising: one or more computer-readable storage media having stored thereon computer-executable instructions that, when executed by a processor, cause a computing system to perform the method for securely receiving the notification, the method including: negotiating security information between the notification source and the notification sink out of band from the notification mechanism over which the notification source is configured to send notifications to the notification sink, which notifications are secured using the negotiated security information, the out-of-band negotiating occurring through a network connection that excludes the at least one message transit point, and such that the at least one message transit point through which the notification mechanism subsequently sends notifications from the notification source to the notification sink is bypassed during the out of band negotiating; detecting the receipt of an HTTP message from the notification source after negotiating the security information between the notification source and the notification sink, the HTTP message including an encrypted form of the notification, and the HTTP message including a PAP message containing an ESP object and at least one PAP header, wherein the at least one PAP header includes a schema document specifying an address of the notification sink for facilitating point-to-point transmission of the generated HTTP message, the HTTP message further including clear-text supplemental information that may be used by the notification sink to decrypt the notification using security information, wherein the HTTP message is received via the at least one message transit point using the notification mechanism; and using the security information previously negotiated between the notification source and notification sink along with the clear-text supplemental information included in the HTTP message to decrypt the encrypted form of the notification also included in the HTTP message. 25. A method as recited in claim 1, wherein the schema document is an XML document specifying the address of the notification sink. 26. A method as recited in claim 1, wherein negotiating security information comprises negotiating a session identifier unique within the notification sink, and wherein the generated HTTP message further includes a security association, the security association including the session identifier, an IP address of the notification sink, and a security protocol according to which the message is encrypted.

이 특허에 인용된 특허 (7)

Wesinger ; Jr. Ralph E. ; Coley Christopher D., Firewall providing enhanced network security and user transparency.
상세보기
Bannon Peter J. ; Cooper Elizabeth M., High speed method for maintaining cache coherency in a multi-level, set associative cache hierarchy.
상세보기
Hsu, Raymond T., Method and apparatus for data transport in a wireless communication system.
상세보기
King Peter F., Method and apparatus for establishing a secure connection over a one-way data path.
상세보기
Boyle, Stephen S.; Fox, Mark A.; Ramasubraman, Seetharaman; Schwartz, Bruce V.; Martin, Jr., Bruce K.; King, Peter F.; Liao, Hanqing, Method and apparatus for integrating narrowband and wideband data transports.
상세보기
Leung, Nikolai K. N.; Hsu, Raymond T., Method and apparatus for out-of-band transmission of broadcast service option in a wireless communication system.
상세보기
Stojancic,Mihailo M.; Maddury,Mahesh S.; Tomei,Kenneth J., Pre-computation and dual-pass modular arithmetic operation approach to implement encryption protocols efficiently in electronic integrated circuits.
상세보기

이 특허를 인용한 특허 (10)

Li, Ronggao, Method for implementing a push service.
상세보기
Munshi, Amaani; Munshi, Imtiaz, Method of transmission of encrypted documents.
상세보기
Hurley, Jesse D.; Voltz, Seth, Push type communications system.
상세보기
Barkie, Eric J.; Fletcher, Benjamin L.; Fonseca, Carlos A.; Liu, Leslie S.; Malone, Colm V.; Wei, Min, Pushing secure notifications to mobile computing devices.
상세보기
Barkie, Eric J.; Fletcher, Benjamin L.; Fonseca, Carlos A.; Liu, Leslie S.; Malone, Colm V.; Wei, Min, Pushing secure notifications to mobile computing devices.
상세보기
Barkie, Eric J.; Fletcher, Benjamin L.; Fonseca, Carlos A.; Liu, Leslie S.; Malone, Colm V.; Wei, Min, Pushing secure notifications to mobile computing devices.
상세보기
Kerzner, Daniel; Berman, Terry; Du, Yi; Damani, Shrimohan, Secure data updates.
상세보기
Wills, Fergus M.; McTavish, David J., Stateful push notifications.
상세보기
Burckart, Erik J.; Ivory, Andrew J.; Shook, Aaron K.; Stecher, David M., Using push notifications to reduce open browser connections.
상세보기
Burckart, Erik J.; Ivory, Andrew J.; Shook, Aaron K.; Stecher, David M., Using push notifications to reduce open browser connections.
상세보기

IPC	Description
A	생활필수품
A62	인명구조; 소방(사다리 E06C)
A62B	인명구조용의 기구, 장치 또는 방법(특히 의료용에 사용되는 밸브 A61M 39/00; 특히 물에서 쓰이는 인명구조 장치 또는 방법 B63C 9/00; 잠수장비 B63C 11/00; 특히 항공기에 쓰는 것, 예. 낙하산, 투출좌석 B64D; 특히 광산에서 쓰이는 구조장치 E21F 11/00)
A62B-1/08	.. 윈치 또는 풀리에 제동기구가 있는 것

내보내기 구분	파일저장 인쇄 메일전송
구성항목	기본정보 상세정보 관리번호, 국가코드, 자료구분, 상태, 출원번호, 출원일자, 공개번호, 공개일자, 등록번호, 등록일자, 발명명칭(한글), 발명명칭(영문), 출원인(한글), 출원인(영문), 출원인코드, 대표IPC 관리번호, 국가코드, 자료구분, 상태, 출원번호, 출원일자, 공개번호, 공개일자, 공고번호, 공고일자, 등록번호, 등록일자, 발명명칭(한글), 발명명칭(영문), 출원인(한글), 출원인(영문), 출원인코드, 대표출원인, 출원인국적, 출원인주소, 발명자, 발명자E, 발명자코드, 발명자주소, 발명자 우편번호, 발명자국적, 대표IPC, IPC코드, 요약, 미국특허분류, 대리인주소, 대리인코드, 대리인(한글), 대리인(영문), 국제공개일자, 국제공개번호, 국제출원일자, 국제출원번호, 우선권, 우선권주장일, 우선권국가, 우선권출원번호, 원출원일자, 원출원번호, 지정국, Citing Patents, Cited Patents
저장형식	Text(ASCII format) Excel format PIAS분석(.xls)
메일정보	받는사람 (필수) @ 보내는사람 (선택) @ 제목 내용 KISTI 검색결과 이메일 서비스
안내	총 건의 자료가 검색되었습니다. 다운받으실 자료의 인덱스를 입력하세요. (1-10,000) 검색결과의 순서대로 최대 10,000건 까지 다운로드가 가능합니다. 데이타가 많을 경우 속도가 느려질 수 있습니다.(최대 2~3분 소요) 다운로드 파일은 UTF-8 형태로 저장됩니다. 파일의 내용이 제대로 보이지 않을실 때는 웹브라우저 상단의 보기 -> 인코딩 -> 자동선택 여부를 확인하십시오. ~ Text(ASCII format) Excel format

연합인증

Secure end-to-end notification 원문보기

초록 ▼

대표청구항 ▼

연구과제 타임라인

이 특허에 인용된 특허 (7)

이 특허를 인용한 특허 (10)

관련 콘텐츠

특허 원문 보기

IPC 상위 출원인

AI-Helper ※ AI-Helper는 오픈소스 모델을 사용합니다.

선택된 텍스트

연합인증

Secure end-to-end notification 원문보기

초록 ▼

대표청구항 ▼

연구과제 타임라인

전체(0) 논문(0) 특허(0) 보고서(0)

전체(0) 논문(0) 특허(0) 보고서(0)

이 특허에 인용된 특허 (7)

이 특허를 인용한 특허 (10)

관련 콘텐츠

특허 원문 보기

IPC 상위 출원인

AI-Helper ※ AI-Helper는 오픈소스 모델을 사용합니다.

선택된 텍스트