Patent Grant
9338153
1. Field of the Invention
This invention relates generally to user authentication, secure user plan location (SUPL), authentication credentials, and public key infrastructure (PKI).
2. Background of Related Art
Authentication transactions are used to securely identify users, processes, and/or devices attempting to access a particular restricted service. Existing authentication transactions are implemented via a pull technology, i.e., a style of network communication in which clients request and pull information from centralized servers. Pull based authentication transactions may be executed via numerous pull based technologies, e.g., Home Location Registers (HLRs), Home Subscriber Servers (HSS), Triple A (AAA), Public Key Infrastructure (PKI) (a pull based technology that exposes the use of an online certificate status protocol (OCSP)), etc. Each existing pull based technology encompasses a well defined interface, designed to enable clients to query their service.
In particular, a client entity (e.g. a client device, user, process, etc.) 500 in a pull based technology sends an initial request for data to a receiving authenticator server 511, as depicted in step 52 of
In a conventional pull based authentication transaction, a client entity (e.g. a client device, user, process, etc.) initiates a request (a pull transaction) for information and/or verification of authentication credentials to an authentication server, to which the authentication server subsequently responds.
In particular, to implement a pull based authentication transaction, a secure tunnel 600 is first established between a client entity 500 and an authenticator server 511, over an access network 610, as depicted in step 60 of
To minimize impacts on authentication servers and client entities, pull servers are often positioned at locations near one another. Positioning pull servers at nearby locations (i.e. server co-location) helps minimize round trip delay and network latency. Unfortunately, server co-location also results in reduced resiliency through geographic distribution.
A service to securely pushed non-privileged authentication credentials to registered client entities comprises an authentication credentials push service (ACPS). In accordance with the principles of the present invention, an authentication credentials push service (ACPS) distinguishes between privileged (i.e. private, forgeable) authentication credentials and non-privileged (i.e. non-forgeable, non-sensitive) authentication credentials, to provide access to non-privileged authentication credentials absent a pull transaction. The present invention improves the performance and reduces delay of authentication transactions by permitting authentication credentials that include only non-privileged authentication information to be freely distributed for use amongst authentication servers.
In accordance with the principles of the present invention, the authentication credentials push service (ACPS) comprises a classification server to classify authentication credentials as either privileged or non-privileged. The authentication credentials push service (ACPS) restricts access (i.e. access is permitted via a pull transaction) to all authentication credentials classified as privileged, and classifies all non-privileged authentication credentials as available for the push service.
In accordance with the principles of the present invention, authentication servers register with the authentication credentials push service (ACPS) to become consumers of the push service. The authentication credentials push service (ACPS) comprises a push server to push non-privileged authentication credentials to registered authentication servers at predetermined intervals.
In accordance with the principles of the present invention, individual authentication credentials push services (ACPS) have access to different authentication credentials. An authentication server can use a dynamic name service (DNS) lookup to find a specific authentication credentials push service (ACPS) to fulfill its authentication requirements.
Features and advantages of the present invention become apparent to those skilled in the art from the following description with reference to the drawings, in which:
The present invention comprises an authentication credentials push service (ACPS) that securely pushes non-privileged (i.e. public) authentication credentials to registered client entities (i.e. authentication servers). The inventive authentication credentials push service (ACPS) distinguishes between privileged and non-privileged authentication credentials to provide access to non-privileged authentication credentials absent a pull transaction.
Various types of authentication credentials may be used to authenticate a transaction request. For instance, authentication credentials may include public and/or private authentication information. The present inventors have realized that conventional pull based authentication transactions do not distinguish amongst authentication credentials. Rather, most conventional authentication systems treat all authentication credentials as private/privileged information that may be shared only via a pull transaction.
However, the inventors herein realized that use of a pull transaction in the middle of an authentication transaction may cause significant transaction delay and may substantially degrade the performance of an authentication server. Moreover, insertion of a pull transaction in the middle of an authentication transaction often results in decreased scalability, decreased throughput, server co-location, and a lack of distinction amongst credentials.
For instance, an authentication transaction which must rely on an external pull transaction requires more system and network resources to complete the transaction. In particular, pull based authentication transactions require additional computer resources and time to request, receive, and process information during a pull transaction.
Further, pull based authentication transactions must request authentication credentials on an individual basis when credentials for individual users/devices require authentication at different server locations. Consequently, in many instances, authentication servers are unable to group pull transactions to improve efficiency, thereby resulting in reduced scalability.
When a pull transaction is implemented during an authentication transaction, the authentication transaction must go on hold until the external pull transaction is complete. Such a hold may add significant transaction delay, and may result in additional queuing capability and client entity impacts.
Moreover, an authentication server has no control over the responsiveness of a service from which a pull transaction is requested. For instance, due to other simultaneous activities, a pull server may experience abnormal delays. Abnormal delays at a pull server may lead to further downstream impacts on an authentication server and client entities.
The present inventors have appreciated that authentication servers sometimes require additional non-privileged authentication information (in addition to privileged authentication information) to authenticate transaction requests. However, conventional authentication services typically treat all authentication credentials as privileged/private information that may be shared only via a pull based transaction.
For instance, for authentication transactions in which additional non-privileged authentication information is required, conventional authentication servers may use inline queries to request (pull) this additional information from a designated service. In particular, an authentication server may use an inline query to acquire, e.g., an exposed Certificate Revocation List (CRL) (i.e. public information) relevant to a client entity requesting authentication. The authentication server may then use this Certificate Revocation List (CRL) for authentication purposes, e.g., an authentication server may verify the status of the certificate to authenticate a client entity. An authentication server may additionally initiate pull transactions to request device and/or user characteristics from a credentials database/other designated service.
However, use of a pull transaction in the middle of an authentication transaction may cause significant transaction delay and may substantially degrade the performance of an authentication server. In particular, insertion of a pull transaction in the middle of an authentication transaction often results in decreased scalability, decreased throughput, server co-location, and a lack of distinction amongst credentials. Even so, conventional authentication transactions use pull transactions to acquire nearly all authentication credentials used to fulfill authentication requests.
In accordance with the principles of the present invention, an authentication credentials push service (ACPS) distinguishes between privileged and non-privileged authentication credentials to provide access to non-privileged authentication credentials absent a pull transaction. The authentication credentials push service (ACPS) provides a service to securely push non-privileged authentication credentials to registered clients. By enabling non-privileged authentication credentials to be accessed without a pull transaction, the present invention minimizes the number of pull transactions required during an authentication transaction and thus reduces delay and improves the performance of authentication transactions.
In accordance with the principles of the present invention, to provide non-privileged authentication credentials via a push service, the authentication credentials push service (ACPS) comprises a classification server to classify authentication credentials as either ‘privileged’ or ‘non-privileged’. In particular, the classification server classifies credentials containing private, forgeable information, such as username/password combinations, etc., as privileged authentication credentials. Moreover, the classification server classifies authentication credentials containing only non-forgeable, non-sensitive information, such as information regarding a current state of a requesting client entity (e.g., an IP address, host name, operating system, etc.) as non-privileged authentication credentials. Non-privileged authentication credentials include credentials that may be made publicly available.
Non-privileged authentication credentials must be used in combination with privileged authentication credentials to authenticate a transaction request and are not sufficient for authentication when used alone. Nonetheless, non-privileged authentication credentials play a valid and important role in transaction authentication. For instance, non-privileged authentication credentials are often used to perform validity checks. Exemplary non-privileged authentication credentials include: certificate revocation status, public keys, certificates, location information, device information, etc.
In accordance with the principles of the present invention, the authentication credentials push service (ACPS) awards an access restriction to each authentication credential, based on a classification of its contents. In particular, a system administrator identifies which authentication credentials are classified as privileged and which are classified as non-privileged either via an authentication credentials push service (ACPS) system configuration or via user to machine interfaces (graphical user interfaces (GUI)). Credentials identified as being of a privileged nature are treated with restricted access (as is the case in the marketplace today). In accordance with conventional authentication transactions, privileged (restricted access) authentication credentials are typically accessible via pull based transactions, only. Privileged authentication credentials may also be used in out of band sequences (which the ACPS may additionally support). Alternatively, authentication credentials identified as being of a non-privileged nature are classified as being available for the push service.
In accordance with the principles of the present invention, clients (authentication servers) register with the authentication credentials push service (ACPS) to become consumers of the push service (i.e. to receive push notifications). Once registered, clients may optionally identify certain types of credentials, and/or certain users, devices, etc., for which they would like to receive push notifications.
In accordance with the principles of the present invention, the authentication credentials uses a push server to distribute push notifications containing non-privileged authentication credentials to registered client entities at predetermined intervals.
In particular, as depicted in step 10 of
In accordance with the principles of the present invention, to improve performance and minimize delay during authentication transactions, authentication credentials that include only non-privileged information may be freely distributed for use by authentication servers 510.
In accordance with the principles of the present invention, the authentication credentials push service (ACPS) 100 uses a predefined application layer message format designed for transportation over secure transports, e.g., secure sockets layer (SSL)/transport layer security (TLS), internet protocol security (IPSec), etc. An inventive authentication credentials push service protocol (ACPP) makes use of simple object access protocol (SOAP) with attachments, and uses hypertext transfer protocol (secure) (http(s)) as a transport protocol.
The present invention does not define a credentials attribute tag for the authentication credentials push service (ACPS) protocol (ACPP). Instead, credentials tags are defined per installation to allow flexibility for non-privileged credentials used in each authentication context.
In accordance with the principles of the present invention, the authentication credentials push service (ACPS) 100 supports authentication credential pushes, authentication credential pulls, requests for registration, and other queries/requests as they are deemed necessary. The authentication credentials push service (ACPS) 100 additionally supports transmission of text and binary data (base 64 encoded).
In accordance with the principles of the present invention, the following requests are supported by the authentication credentials push service (ACPS) 100: registration requests (i.e. RegistrationReq), deregistration requests (i.e. DeregistrationReq), non-privileged user credentials requests (i.e. UserCredentialsReq), and poll user credentials requests (i.e. PollUserCredentialsReq).
As depicted in step 20 of
In accordance with the principles of the present invention, to request registration to the inventive push service, an authentication server 510 initiates a registration request message to the authentication credentials push service (ACPS) 100. A registration request message preferably includes the following required elements: transaction ID, registrationReq, VASPID, VASID, timestamp, realm, and one or more user ID elements.
In particular, a transaction ID element is preferably included in the SOAP header of a registration request message. The transaction ID element holds a unique identifier for the registration request message and preferably holds up to 40 characters or more. Moreover, a registrationReq element in a registration request message identifies the message as a registration request. The registration request element is preferably defined as the root element of the SOAP body.
A VASPID element in a registration request message contains a user ID for a requesting authentication server 510. Similarly, the VASID element in a registration request message holds a password for a requesting authentication server 510.
The timestamp element in the registration request message holds the time that the registration request message was sent to the authentication credentials push service (ACPS) 100. Moreover, the one or more user ID elements included in a registration request message correspond to user IDs (e.g. cell phone numbers, etc.) supported by the requesting authentication server 510.
Finally, a realm element in a registration request message holds realm(s) or domain(s) that may be used to identify a block of authentication credentials. In accordance with the principles of the present invention, each registration request message must contain one or more realm elements or one or more user ID elements. A registration request message may include both realm and user ID elements, however only one of the two types of elements (realm and user ID) is required.
A registration request message may also include attributes to explicitly identify certain types of authentication credentials a requesting authentication server 510 wishes to receive in push notifications.
In accordance with the principles of the present invention, the authentication credentials push service (ACPS) 100 returns a registration response message in response to a registration request message received from an authentication server 510. A registration response message preferably includes the following elements: transactionID, registrationResponse, statusCode, statusText, and details.
In accordance with the principles of the present invention, a transaction ID element in a registration response message is identical to a transaction ID element in a corresponding registration request message. A transaction ID element is preferably included in the SOAP header of the registration response message and may hold up to 40 characters.
Moreover, a registrationRsp element in a registration response message indicates that the message is a registration response. The registrationRsp element is preferably defined as the root element of the SOAP body.
A statusCode element in a registration response message holds a registration status code, e.g., passed, failed, etc., relevant to a corresponding registration request. Similarly, the statusText element in the registration response message holds status text relevant to a corresponding registration request. Likewise, the details element holds details regarding the status of a corresponding registration request. In accordance with the principles of the present invention, a details element conditionally populates a registration response message.
A registration request message may additionally include any other miscellaneous data regarding a corresponding request for registration.
In accordance with the principles of the present invention, a deregistration request message is a message sent from an authentication server 510 to the authentication credentials push service (ACPS) 100, to request termination of service registration. A deregistration request message preferably includes the following required (i.e. required in an outbound message) elements: transaction ID, deregistrationReq, VASPID, VASID, and timestamp.
In accordance with the principles of the present invention, a transaction ID element is preferably included in the SOAP header of a deregistration request message. The transaction ID element holds a unique identifier for the deregistration request message and preferably holds up to 40 characters.
Moreover, a deregistrationReq element in a deregistration request message identifies the message as a deregistration request. The deregistrationReq element is preferably defined as the root element of the SOAP body.
A VASPID element in a deregistration request message holds a user ID for a requesting authentication server 510. Similarly, a VASID element in a deregistration request message holds a password for a requesting authentication server 510. The timestamp element in a deregistration request message holds the time that the deregistration request message was sent to the authentication credentials push service (ACPS) 100.
Other miscellaneous data regarding a request for deregistration may also be included in a deregistration request message.
In accordance with the principles of the present invention, the authentication credentials push service (ACPS) 100 returns a deregistration response message to an authentication server 510 in response to a deregistration request previously received therefrom. In accordance with the principles of the present invention, the following elements are preferably included (but are not required) in a deregistration response message: transactionID, deregistrationRsp, statusCode, statusText, and details.
In particular, a transaction ID element is preferably included in the SOAP header of a deregistration response message. In accordance with the principles of the present invention, a transaction ID element in a deregistration response message is identical to a transaction ID element in a corresponding deregistration request message. A transaction ID element preferably holds up to 40 characters.
Moreover, a deregistrationRsp element in a deregistration response message indicates that the message is a deregistration response. The deregistration response element is preferably defined as the root element of the SOAP body.
Moreover, a statusCode element in a deregistration response message holds a status code, e.g., passed, failed, etc., relevant to a corresponding deregistration request. Similarly, the statusText element in the deregistration response message holds status text relevant to the corresponding deregistration request. Likewise, the details element holds details regarding the status of the corresponding deregistration request. In accordance with the principles of the present invention, a details element conditionally populates a deregistration response message.
Other miscellaneous data regarding a request for deregistration may also be included in a deregistration response message.
In accordance with the principles of the present invention, the inventive authentication credentials push service (ACPS) 100 supports complete updates (i.e. updates that include all data, changed and unchanged) and delta updates (i.e. updates that include only data that has changed).
Moreover, the inventive authentication credentials push service (ACPS) 100 supports periodic and immediate credential push modes. In a periodic credential push mode, the authentication credentials push service (ACPS) 100 sends periodic credential updates to relevant authentication servers 510, based on a total number of updates and/or time intervals. Alternatively, in immediate credential push mode, the authentication credentials push service (ACPS) 100 pushes updated credentials to relevant authentication servers 510 as soon as updates are acquired.
In accordance with the principles of the present invention, a push server pushes user credentials request messages containing non-privileged authentication credentials to registered authentication servers 510 at predetermined intervals. A user credentials request message preferably comprises the following elements: transaction ID, message integrity code (an optional message element), userCredentialsReq, VASPID, VASID, timestamp, allCredentials, validityPeriod, one or more userID elements, one or more credentials elements, and one or more validityPeriod elements.
In accordance with the principles of the present invention, a transaction ID element is preferably included in the SOAP header of a user credentials request message. The transaction ID element holds a unique identifier for the user credentials request message and preferably holds up to 40 characters. Moreover, a message integrity code element in a user credentials request message contains a hash algorithm value of message contents and a pre-shared key. Contents of a pre-shared key are decided based upon configuration.
In accordance with the principles of the present invention, a userCredentialsReq element in a user credentials request message identifies the message as a user credentials request. The userCredentialsReq element is preferably defined as the root element of the SOAP body.
A VASPID element in a user credentials request message holds a user ID for the originating entity. Similarly, a VASID element in a user credentials request message holds a password for the originating entity. The timestamp element in a user credentials request message holds the time that the user credentials request message was sent to an authentication server 510.
Moreover, a userID element in a user credentials request message contains a unique identifier (e.g., a cell phone number) for a client entity for which authentication credentials are being transmitted. One or more userIDs may be included in a user credentials request message. Further, a user credentials request message includes one or more credentials elements for each userID element included therein.
In accordance with the principles of the present invention, the authentication credentials push service (ACPS) 100 may use the same request to pass credentials, regardless of whether a full list or an updated (only) list of credentials is currently available.
In particular, an allCredentials element in a user credentials request message may contain a value of ‘true’ or ‘false’ (i.e. the allCredentials element is a Boolean element). In accordance with the principles of the present invention, if the value of an allCredentials element is ‘false’, then the user credentials request message contains only updated credentials. Alternatively, if the value of an allCredentials element is ‘true’, then the user credentials request message contains a full list of credentials (i.e. updated and non-updated) for each userID element included therein.
Moreover, a validityPeriod element in a user credentials request message holds a timestamp indicating when a particular authentication credential was created. The authentication credentials request message includes a validityPeriod element for each authentication credential, per user and/or per attribute level, included therein. An authentication server 510 uses a validityPeriod element to determine the validity of pushed credentials.
In accordance with the principles of the present invention, an authentication server 510 returns a user credentials response message in response to a user credentials request message received from the authentication credentials push service (ACPS) 100. A user credentials response message preferably contains the following elements: transactionID, userCredentialsRsp, statusCode, statusText, and details.
In particular, a transaction ID element is preferably included in the SOAP header of a user credentials response message. In accordance with the principles of the present invention, a transaction ID element in a user credentials response message is identical to a transaction ID element in a corresponding user credentials request message. A transaction ID element preferably holds up to 40 characters or more.
Moreover, a userCredentialsRsp element in a user credentials response message indicates that the message is a user credentials response message. The userCredentialsRsp element is preferably defined as the root element of the SOAP body.
Moreover, a statusCode element in a user credentials response message holds a status code, e.g., passed, failed, etc., relevant to a corresponding user credentials request. Similarly, the statusText element in the user credentials response message holds status text relevant to the corresponding user credentials request. Likewise, the details element holds details regarding the status of the corresponding user credentials request. In accordance with the principles of the present invention, a details element conditionally populates a user credentials response message.
A user credentials response message may also include any other miscellaneous data regarding a corresponding user credentials request.
In accordance with the principles of the present invention, a registered authentication server 510 may send a poll user credentials request message to the authentication credentials push service (ACPS) 100 to request updated authentication credentials. A poll user credentials request message preferably comprises the following required elements: transaction ID, pollUserCredentialsReq, VASPID, VASID, Timestamp, Realm, allCredentials, ValidityPeriod, and one or more userIDs.
In accordance with the principles of the present invention, a transaction ID element is preferably included in the SOAP header of a poll user credentials request message. The transaction ID element holds a unique identifier for the poll user credentials request message and preferably holds up to 40 characters.
Moreover, a pollUserCredentialsReq in a poll user credentials request message identifies the message as a poll user credentials request. The pollUserCredentialsReq element is preferably defined as the root element of the SOAP body.
A VASPID element in a poll user credentials request message holds a user ID for a requesting authentication server 510. Similarly, a VASID element in a poll user credentials request message holds a password for the requesting authentication server 100. Moreover, a timestamp element in a poll user credentials request message holds the time that the poll user credentials request message was sent to the authentication credentials push service (ACPS) 100.
In accordance with the principles of the present invention, a poll user credentials request message includes one or more userID elements corresponding to user IDs (e.g. cell phone numbers, etc.) supported by the requesting authentication server 510.
A realm element in a poll user credentials request message holds realm(s) or domain(s) that may be used to identify a block of authentication credentials. In accordance with the principles of the present invention, each poll user credentials request message must contain one or more realm elements or one or more user ID elements. A poll user credentials request message may include both realm and user ID elements, however only one of the two types of elements (realm and user ID) is required.
A poll user credentials request message may also include attributes to explicitly identify certain types of authentication credentials that an authentication server wishes to receive in push notifications.
In accordance with the principles of the present invention, an allCredentials element in a poll user credentials request message may contain a true or false value (i.e. the allCredentials element is a Boolean element). In particular, when the value of an allCredentials element is ‘false’ in a poll user credentials request message, an authentication server 510 is requesting that only updated credentials be returned in a poll user credentials response message. Alternatively, when the value of an allCredentials element in a poll user credentials request message is ‘true’, an authentication server 510 is requesting that that a full list of credentials (updated and not updated) for indicated userIDs be returned in a poll user credentials response message.
Moreover, a validityPeriod element in a poll user credentials request message holds a timestamp. This validityPeriod element is used to request that the authentication credentials push service (ACPS) 100 return all credentials matching realm and/or userID values specified in the poll user credentials request message, that have been updated following the value in this validityPeriod (timestamp) element.
In accordance with the principles of the present invention, a poll user credentials response message is sent from the authentication credentials push service (ACPS) 100 to an authentication server 510 in response to a user credentials request message previously received therefrom. A poll user credentials response message preferably contains the following elements: transactionID, messageIntegrityCode, pollUserCredentialsRsp, VASPID, VASID, Timestamp, UserID, AllCredentials, Credentials, and ValidityPeriod.
In accordance with the principles of the present invention, a transaction ID element in a poll user credentials response message is identical to a transaction ID element in a corresponding poll user credentials request message. A transaction ID element is preferably included in the SOAP header of the poll user credentials response message and may hold up to 40 characters or more.
A message integrity code element in a poll user credentials response message contains a hash algorithm value of message contents and a pre-shared key. Contents of a pre-shared key are decided based upon configuration.
Moreover, a pollUserCredentialsRsp element is included in a poll user credentials response message to identify the message as a poll user credentials response. The pollUserCredentialsRsp element is preferably defined as the root element of the SOAP body.
The VASPID element in a poll user credentials response message holds a user ID for the originating entity. Similarly, the VASID element in a poll user credentials response message holds a password for the originating entity.
The timestamp element in a poll user credentials response message holds the time the poll user credentials response message is sent from the authentication credentials push service (ACPS) 100 to an authentication server 510.
Moreover, a userID element in a poll user credentials response message holds a unique identifier, e.g., a cell phone number, for a client entity for which authentication credentials are being transmitted. One or more userIDs may be included in a poll user credentials response message. Further, one or more credentials elements may be included in a poll user credentials response message for each userID indicated therein.
In accordance with the principles of the present invention, an allCredentials element in a poll user credentials response message contains a true or false value (i.e. the allCredentials element is a Boolean element). If the value of the allCredentials element is ‘false’, then only updates made to credentials are included in the poll user credentials response message. Alternatively, if the value of the allCredentials element is ‘true’, then the poll user credentials response message contains a full list of credentials (updated and non-updated) for each userID indicated therein.
Moreover, a validityPeriod element in a poll user credentials response message holds a timestamp that indicates when a particular authentication credential was created. A validity element is included in the poll user credentials response message for each authentication credential, per user and/or per attribute level, indicated therein.
In accordance with the principles of the present invention, each authentication credentials push service (ACPS) 100 gains access to non-privileged authentication credentials via an out of band means. Consequently, individual authentication credentials push services (ACPS) 100 may have access to different authentication credentials. In accordance with the principles of the present invention, authentication servers 510 may use a domain name system (DNS) service to lookup a specific authentication credentials push service (ACPS) 100 based on specific authentication requirements.
In accordance with the principles of the present invention, an authentication credentials push service (ACPS) 100 registers with a designated domain name system (DNS) service via standard dynamic DNS update (secure/non-secure) mechanisms. For instance, an authentication credentials push service (ACPS) 100 may register itself with one identifier for the authentication credentials push service (ACPS) 100, and may simultaneously maintain additional DNS registrations for typical network access and routing functions. By registering with a designated DNS service, an authentication credentials push service (ACPS) 100 identifies itself as being ‘available’. An authentication server 510 may then implement a DNS lookup to gain information necessary to connect with a particular authentication credentials push service (ACPS) 100.
In particular, as depicted in step 30 of
As depicted in step 36, the authentication credentials push service 100 then initiates a health check timer, based on the time to live parameter (TTL) sent to the DNS server 300 (in step 32). In accordance with the principles of the present invention, if the authentication credentials push service (ACPS) 100 fails before the health check timer (i.e. time to live parameter) has expired, then the DNS record expires and the DNS server 300 no longer forwards to the authentication credentials push service (ACPS) 100. Alternatively, as depicted in step 38, if the authentication credentials push service (ACPS) 100 does not fail before the health check timer (i.e. time to live parameter) has expired, then the authentication credentials push service (ACPS) 100 sends another update for address (A) and pointer (DNS) record type (PTR) records to the DNS server 300, along with a new time to live (TTL) parameter. In step 40, the DNS server 300 sends a response to the authentication credentials push server (ACPS) 100 to acknowledge receipt of the update.
If an authentication credentials push service (ACPS) 100 abnormally terminates (e.g. unexpectedly goes offline or can't complete a periodic update process for some reason), then the dynamic DNS record expires when the time to live (TTL) value expires.
For a graceful shutdown, the authentication credentials push service (ACPS) 100 sends out an additional update message to remove entries from the DDNS server 300.
In particular, as depicted in step 41 of
An authentication credentials push service (ACPS) 100 performs the call flow depicted in
The invention has particular applicability to the arena of authentication, including web applications with authentication, whether it be consumers of authentication or the servers responsible for authentication, e.g., AAA, RADIUS, Diameter, HSS, VPN, etc.
While the invention has been described with reference to the exemplary embodiments thereof, those skilled in the art will be able to make various modifications to the described embodiments of the invention without departing from the true spirit and scope of the invention.
The present invention claims priority from U.S. Provisional No. 61/622,829, filed Apr. 11, 2012, entitled “Secure Distribution of Non-Privileged Authentication Credentials”, the entirety of which is expressly incorporated herein by reference.
| Number | Name | Date | Kind |
|---|---|---|---|
| 1103073 | O'Connell | Jul 1914 | A |
| 4445118 | Taylor et al. | Apr 1984 | A |
| 4494119 | Wimbush | Jan 1985 | A |
| 4651156 | Martinez | Mar 1987 | A |
| 4706275 | Kamil | Nov 1987 | A |
| 4891638 | Davis | Jan 1990 | A |
| 4891650 | Scheffer | Jan 1990 | A |
| 4910767 | Brugliera et al. | Mar 1990 | A |
| 4952928 | Carroll | Aug 1990 | A |
| 4972484 | Theile | Nov 1990 | A |
| 5014206 | Scribner | May 1991 | A |
| 5043736 | Darnell | Aug 1991 | A |
| 5055851 | Scheffer | Oct 1991 | A |
| 5068656 | Sutherland | Nov 1991 | A |
| 5068891 | Marshall | Nov 1991 | A |
| 5070329 | Jasinaki | Dec 1991 | A |
| 5081667 | Drori | Jan 1992 | A |
| 5119104 | Heller | Jun 1992 | A |
| 5126722 | Kamis | Jun 1992 | A |
| 5144283 | Arens | Sep 1992 | A |
| 5161180 | Chavous | Nov 1992 | A |
| 5166972 | Smith | Nov 1992 | A |
| 5177478 | Wagai | Jan 1993 | A |
| 5193215 | Olmer | Mar 1993 | A |
| 5208756 | Song | May 1993 | A |
| 5214789 | George | May 1993 | A |
| 5218367 | Scheffer | Jun 1993 | A |
| 5223844 | Mansell | Jun 1993 | A |
| 5239570 | Koster | Aug 1993 | A |
| 5265630 | Hartmann | Nov 1993 | A |
| 5266944 | Carroll | Nov 1993 | A |
| 5283570 | DeLuca | Feb 1994 | A |
| 5289527 | Tiedemann | Feb 1994 | A |
| 5293642 | Lo | Mar 1994 | A |
| 5299132 | Wortham | Mar 1994 | A |
| 5301354 | Schwendeman | Apr 1994 | A |
| 5311516 | Kuznicke | May 1994 | A |
| 5325302 | Izidon | Jun 1994 | A |
| 5327529 | Fults | Jul 1994 | A |
| 5334974 | Simms | Aug 1994 | A |
| 5335246 | Yokev | Aug 1994 | A |
| 5343493 | Karimullah | Aug 1994 | A |
| 5347568 | Moody | Sep 1994 | A |
| 5351235 | Lahtinen | Sep 1994 | A |
| 5361212 | Class | Nov 1994 | A |
| 5363425 | Mufti | Nov 1994 | A |
| 5365451 | Wang | Nov 1994 | A |
| 5374936 | Feng | Dec 1994 | A |
| 5379451 | Nakagoshi | Jan 1995 | A |
| 5381338 | Wysocki | Jan 1995 | A |
| 5387993 | Heller | Feb 1995 | A |
| 5388147 | Grimes | Feb 1995 | A |
| 5390339 | Bruckery | Feb 1995 | A |
| 5394158 | Chia | Feb 1995 | A |
| 5396227 | Carroll | Mar 1995 | A |
| 5398190 | Wortham | Mar 1995 | A |
| 5406614 | Hara | Apr 1995 | A |
| 5418537 | Bird | May 1995 | A |
| 5422813 | Schuchman | Jun 1995 | A |
| 5423076 | Westergren | Jun 1995 | A |
| 5432841 | Rimer | Jul 1995 | A |
| 5434789 | Fraker | Jul 1995 | A |
| 5454024 | Lebowitz | Sep 1995 | A |
| 5461390 | Hosher | Oct 1995 | A |
| 5470233 | Fruchterman | Nov 1995 | A |
| 5479408 | Will | Dec 1995 | A |
| 5479482 | Grimes | Dec 1995 | A |
| 5485161 | Vaughn | Jan 1996 | A |
| 5485163 | Singer | Jan 1996 | A |
| 5488563 | Chazelle | Jan 1996 | A |
| 5494091 | Freeman | Feb 1996 | A |
| 5497149 | Fast | Mar 1996 | A |
| 5506886 | Maine | Apr 1996 | A |
| 5508931 | Snider | Apr 1996 | A |
| 5513243 | Kage | Apr 1996 | A |
| 5515287 | Hakoyama | May 1996 | A |
| 5517199 | DiMattei | May 1996 | A |
| 5519403 | Bickley | May 1996 | A |
| 5530655 | Lokhoff | Jun 1996 | A |
| 5530914 | McPheters | Jun 1996 | A |
| 5532690 | Hertel | Jul 1996 | A |
| 5535434 | Siddoway | Jul 1996 | A |
| 5539395 | Buss | Jul 1996 | A |
| 5539398 | Hall | Jul 1996 | A |
| 5539829 | Lokhoff | Jul 1996 | A |
| 5543776 | L'Esperance | Aug 1996 | A |
| 5546445 | Dennison | Aug 1996 | A |
| 5552772 | Janky | Sep 1996 | A |
| 5555286 | Tendler | Sep 1996 | A |
| 5568119 | Schipper | Oct 1996 | A |
| 5568153 | Beliveau | Oct 1996 | A |
| 5574648 | Pilley | Nov 1996 | A |
| 5579372 | Angstrom | Nov 1996 | A |
| 5588009 | Will | Dec 1996 | A |
| 5592535 | Klotz | Jan 1997 | A |
| 5594780 | Wiedeman | Jan 1997 | A |
| 5604486 | Lauro | Feb 1997 | A |
| 5606313 | Allen | Feb 1997 | A |
| 5606618 | Lokhoff | Feb 1997 | A |
| 5606850 | Nakamura | Mar 1997 | A |
| 5610815 | Gudat | Mar 1997 | A |
| 5614890 | Fox | Mar 1997 | A |
| 5615116 | Gudat | Mar 1997 | A |
| 5621793 | Bednarek | Apr 1997 | A |
| 5628051 | Salin | May 1997 | A |
| 5629693 | Janky | May 1997 | A |
| 5633912 | Tsoi | May 1997 | A |
| 5636276 | Brugger | Jun 1997 | A |
| 5661652 | Sprague | Aug 1997 | A |
| 5661755 | Van de Kerkhof | Aug 1997 | A |
| 5682600 | Salin | Oct 1997 | A |
| 5689245 | Noreen | Nov 1997 | A |
| 5699053 | Jonsson | Dec 1997 | A |
| 5704029 | Wright, Jr. | Dec 1997 | A |
| 5721781 | Deo | Feb 1998 | A |
| 5731785 | Lemelson | Mar 1998 | A |
| 5740534 | Ayerst | Apr 1998 | A |
| 5761618 | Lynch | Jun 1998 | A |
| 5765152 | Erickson | Jun 1998 | A |
| 5767795 | Schaphorst | Jun 1998 | A |
| 5768509 | Gunluk | Jun 1998 | A |
| 5771353 | Eggleston | Jun 1998 | A |
| 5774533 | Patel | Jun 1998 | A |
| 5774670 | Montulli | Jun 1998 | A |
| 5787357 | Salin | Jul 1998 | A |
| 5794142 | Vanttila | Aug 1998 | A |
| 5797094 | Houde | Aug 1998 | A |
| 5797096 | Lupien | Aug 1998 | A |
| 5802492 | DeLorme | Sep 1998 | A |
| 5806000 | Vo | Sep 1998 | A |
| 5809415 | Rossmann | Sep 1998 | A |
| 5812086 | Bertiger | Sep 1998 | A |
| 5812087 | Krasner | Sep 1998 | A |
| 5822700 | Hult | Oct 1998 | A |
| 5828740 | Khuc | Oct 1998 | A |
| 5835907 | Newman | Nov 1998 | A |
| 5841396 | Krasner | Nov 1998 | A |
| 5857201 | Wright, Jr. | Jan 1999 | A |
| 5864667 | Barkan | Jan 1999 | A |
| 5874914 | Krasner | Feb 1999 | A |
| 5896369 | Warsta | Apr 1999 | A |
| 5920821 | Seazholtz | Jul 1999 | A |
| 5922074 | Richard | Jul 1999 | A |
| 5930250 | Klok | Jul 1999 | A |
| 5930701 | Skog | Jul 1999 | A |
| 5943399 | Banister | Aug 1999 | A |
| 5945944 | Krasner | Aug 1999 | A |
| 5946629 | Sawyer | Aug 1999 | A |
| 5946630 | Willars | Aug 1999 | A |
| 5950130 | Coursey | Sep 1999 | A |
| 5950137 | Kim | Sep 1999 | A |
| 5953398 | Hill | Sep 1999 | A |
| 5960362 | Grob | Sep 1999 | A |
| 5974054 | Couts | Oct 1999 | A |
| 5978685 | Laiho | Nov 1999 | A |
| 5983099 | Yao | Nov 1999 | A |
| 5987323 | Huotari | Nov 1999 | A |
| 5998111 | Abe | Dec 1999 | A |
| 5999124 | Sheynblat | Dec 1999 | A |
| 6014602 | Kithol | Jan 2000 | A |
| 6032051 | Hall | Feb 2000 | A |
| 6035025 | Hanson | Mar 2000 | A |
| 6049710 | Nilsson | Apr 2000 | A |
| 6052081 | Krasner | Apr 2000 | A |
| 6058300 | Hanson | May 2000 | A |
| 6058338 | Agashe et al. | May 2000 | A |
| 6061018 | Sheynblat | May 2000 | A |
| 6061346 | Nordman | May 2000 | A |
| 6064336 | Krasner | May 2000 | A |
| 6064875 | Morgan | May 2000 | A |
| 6067045 | Castelloe | May 2000 | A |
| 6070067 | Nguyen | May 2000 | A |
| 6075982 | Donovan | Jun 2000 | A |
| 6081229 | Soliman | Jun 2000 | A |
| 6081508 | West | Jun 2000 | A |
| 6085320 | Kaliski, Jr. | Jul 2000 | A |
| 6101378 | Barabash | Aug 2000 | A |
| 6104931 | Havinis | Aug 2000 | A |
| 6108533 | Brohoff | Aug 2000 | A |
| 6122503 | Daly | Sep 2000 | A |
| 6122520 | Want | Sep 2000 | A |
| 6124810 | Segal | Sep 2000 | A |
| 6131028 | Whitington | Oct 2000 | A |
| 6131067 | Girerd | Oct 2000 | A |
| 6133874 | Krasner | Oct 2000 | A |
| 6134483 | Vayanos | Oct 2000 | A |
| 6138003 | Kingdon | Oct 2000 | A |
| 6148197 | Bridges | Nov 2000 | A |
| 6148198 | Anderson | Nov 2000 | A |
| 6149353 | Nilsson | Nov 2000 | A |
| 6150980 | Krasner | Nov 2000 | A |
| 6154172 | Piccionelli | Nov 2000 | A |
| 6169891 | Gorham | Jan 2001 | B1 |
| 6169901 | Boucher | Jan 2001 | B1 |
| 6169902 | Kawamoto | Jan 2001 | B1 |
| 6173181 | Losh | Jan 2001 | B1 |
| 6178505 | Schneider | Jan 2001 | B1 |
| 6178506 | Quick, Jr. | Jan 2001 | B1 |
| 6181935 | Gossman | Jan 2001 | B1 |
| 6188354 | Soliman | Feb 2001 | B1 |
| 6188752 | Lesley | Feb 2001 | B1 |
| 6188909 | Alanara | Feb 2001 | B1 |
| 6189098 | Kaliski, Jr. | Feb 2001 | B1 |
| 6195557 | Havinis | Feb 2001 | B1 |
| 6198431 | Gibson | Mar 2001 | B1 |
| 6199045 | Giniger | Mar 2001 | B1 |
| 6199113 | Alegre | Mar 2001 | B1 |
| 6205330 | Winbladh | Mar 2001 | B1 |
| 6208290 | Krasner | Mar 2001 | B1 |
| 6208854 | Roberts | Mar 2001 | B1 |
| 6215441 | Moeglein | Apr 2001 | B1 |
| 6219557 | Havinis | Apr 2001 | B1 |
| 6223046 | Hamill-Keays | Apr 2001 | B1 |
| 6226529 | Bruno | May 2001 | B1 |
| 6239742 | Krasner | May 2001 | B1 |
| 6247135 | Feague | Jun 2001 | B1 |
| 6249680 | Wax | Jun 2001 | B1 |
| 6249744 | Morita | Jun 2001 | B1 |
| 6249873 | Richard | Jun 2001 | B1 |
| 6253203 | O'Flaherty | Jun 2001 | B1 |
| 6260147 | Quick, Jr. | Jul 2001 | B1 |
| 6266614 | Alumbaugh | Jul 2001 | B1 |
| 6275692 | Skog | Aug 2001 | B1 |
| 6275849 | Ludwig | Aug 2001 | B1 |
| 6278701 | Ayyagari | Aug 2001 | B1 |
| 6289373 | Dezonno | Sep 2001 | B1 |
| 6297768 | Allen, Jr. | Oct 2001 | B1 |
| 6307504 | Sheynblat | Oct 2001 | B1 |
| 6308269 | Proidl | Oct 2001 | B2 |
| 6313786 | Sheynblat | Nov 2001 | B1 |
| 6317594 | Gossman | Nov 2001 | B1 |
| 6321091 | Holland | Nov 2001 | B1 |
| 6321092 | Fitch | Nov 2001 | B1 |
| 6321257 | Kotala | Nov 2001 | B1 |
| 6324524 | Lent | Nov 2001 | B1 |
| 6327473 | Soliman | Dec 2001 | B1 |
| 6327479 | Mikkola | Dec 2001 | B1 |
| 6330454 | Verdonk | Dec 2001 | B1 |
| 6333919 | Gaffney | Dec 2001 | B2 |
| 6360093 | Ross | Mar 2002 | B1 |
| 6360102 | Havinis | Mar 2002 | B1 |
| 6363254 | Jones | Mar 2002 | B1 |
| 6367019 | Ansell | Apr 2002 | B1 |
| 6370389 | Isomursu | Apr 2002 | B1 |
| 6377209 | Krasner | Apr 2002 | B1 |
| 6400314 | Krasner | Jun 2002 | B1 |
| 6400958 | Isomursu | Jun 2002 | B1 |
| 6411254 | Moeglein | Jun 2002 | B1 |
| 6421002 | Krasner | Jul 2002 | B2 |
| 6427001 | Contractor | Jul 2002 | B1 |
| 6433734 | Krasner | Aug 2002 | B1 |
| 6434381 | Moore | Aug 2002 | B1 |
| 6442391 | Johansson | Aug 2002 | B1 |
| 6449473 | Raivisto | Sep 2002 | B1 |
| 6449476 | Hutchison, IV | Sep 2002 | B1 |
| 6456852 | Bar | Sep 2002 | B2 |
| 6463272 | Wallace | Oct 2002 | B1 |
| 6477150 | Maggenti | Nov 2002 | B1 |
| 6504491 | Christians | Jan 2003 | B1 |
| 6505049 | Dorenbosch | Jan 2003 | B1 |
| 6510387 | Fuchs | Jan 2003 | B2 |
| 6512922 | Burg | Jan 2003 | B1 |
| 6512930 | Sandegren | Jan 2003 | B2 |
| 6515623 | Johnson | Feb 2003 | B2 |
| 6519466 | Pande | Feb 2003 | B2 |
| 6522682 | Kohli | Feb 2003 | B1 |
| 6526026 | Menon | Feb 2003 | B1 |
| 6529500 | Pandharipande | Mar 2003 | B1 |
| 6529829 | Turetzky | Mar 2003 | B2 |
| 6531982 | White | Mar 2003 | B1 |
| 6538757 | Sansone | Mar 2003 | B1 |
| 6539200 | Schiff | Mar 2003 | B1 |
| 6539232 | Hendrey et al. | Mar 2003 | B2 |
| 6539304 | Chansarkar | Mar 2003 | B1 |
| 6542464 | Takeda | Apr 2003 | B1 |
| 6542734 | Abrol | Apr 2003 | B1 |
| 6542743 | Soliman | Apr 2003 | B1 |
| 6549776 | Joong | Apr 2003 | B1 |
| 6549844 | Egberts | Apr 2003 | B1 |
| 6553236 | Dunko | Apr 2003 | B1 |
| 6556832 | Soliman | Apr 2003 | B1 |
| 6560456 | Lohtia | May 2003 | B1 |
| 6560461 | Fomukong | May 2003 | B1 |
| 6560534 | Abraham | May 2003 | B2 |
| 6564261 | Gudjonsson | May 2003 | B1 |
| 6570530 | Gaal | May 2003 | B2 |
| 6571095 | Koodli | May 2003 | B1 |
| 6574558 | Kohli | Jun 2003 | B2 |
| 6580390 | Hay | Jun 2003 | B1 |
| 6584552 | Kuno | Jun 2003 | B1 |
| 6587691 | Granstam | Jul 2003 | B1 |
| 6594500 | Bender | Jul 2003 | B2 |
| 6597311 | Sheynblat | Jul 2003 | B2 |
| 6600927 | Hamilton | Jul 2003 | B2 |
| 6603973 | Foladare | Aug 2003 | B1 |
| 6606495 | Korpi | Aug 2003 | B1 |
| 6606554 | Edge | Aug 2003 | B2 |
| 6609004 | Morse | Aug 2003 | B1 |
| 6611757 | Brodie | Aug 2003 | B2 |
| 6618593 | Drutman | Sep 2003 | B1 |
| 6618670 | Chansarkar | Sep 2003 | B1 |
| 6621452 | Knockeart | Sep 2003 | B2 |
| 6621810 | Leung | Sep 2003 | B1 |
| 6628233 | Knockeart | Sep 2003 | B2 |
| 6633255 | Krasner | Oct 2003 | B2 |
| 6640184 | Rabe | Oct 2003 | B1 |
| 6650288 | Pitt | Nov 2003 | B1 |
| 6661372 | Girerd | Dec 2003 | B1 |
| 6665539 | Sih | Dec 2003 | B2 |
| 6665541 | Krasner | Dec 2003 | B1 |
| 6671620 | Garin | Dec 2003 | B1 |
| 6677894 | Sheynblat | Jan 2004 | B2 |
| 6680694 | Knockeart | Jan 2004 | B1 |
| 6680695 | Turetzky | Jan 2004 | B2 |
| 6687504 | Raith | Feb 2004 | B1 |
| 6691019 | Seeley | Feb 2004 | B2 |
| 6694258 | Johnson | Feb 2004 | B2 |
| 6697629 | Grilli | Feb 2004 | B1 |
| 6698195 | Hellinger | Mar 2004 | B1 |
| 6701144 | Kirbas | Mar 2004 | B2 |
| 6703971 | Pande | Mar 2004 | B2 |
| 6703972 | Van Diggelen | Mar 2004 | B2 |
| 6704651 | Van Diggelen | Mar 2004 | B2 |
| 6707421 | Drury | Mar 2004 | B1 |
| 6714793 | Carey | Mar 2004 | B1 |
| 6718174 | Vayanos | Apr 2004 | B2 |
| 6720915 | Sheynblat | Apr 2004 | B2 |
| 6721578 | Minear | Apr 2004 | B2 |
| 6721871 | Piispanen | Apr 2004 | B2 |
| 6724342 | Bloebaum | Apr 2004 | B2 |
| 6725159 | Krasner | Apr 2004 | B2 |
| 6728701 | Stoica | Apr 2004 | B1 |
| 6731940 | Nagendran | May 2004 | B1 |
| 6734821 | Van Diggelen | May 2004 | B2 |
| 6738013 | Orler | May 2004 | B2 |
| 6738800 | Aquilon | May 2004 | B1 |
| 6741842 | Goldberg | May 2004 | B2 |
| 6744856 | Karnik | Jun 2004 | B2 |
| 6744858 | Ryan | Jun 2004 | B1 |
| 6745038 | Callaway, Jr. | Jun 2004 | B2 |
| 6747596 | Orler | Jun 2004 | B2 |
| 6748195 | Phillips | Jun 2004 | B1 |
| 6751464 | Burg | Jun 2004 | B1 |
| 6756938 | Zhao | Jun 2004 | B2 |
| 6757544 | Rangarajan | Jun 2004 | B2 |
| 6757545 | Nowak | Jun 2004 | B2 |
| 6757828 | Jaffe | Jun 2004 | B1 |
| 6771742 | McCalmont | Aug 2004 | B2 |
| 6771971 | Smith | Aug 2004 | B2 |
| 6772340 | Peinado | Aug 2004 | B1 |
| 6775255 | Roy | Aug 2004 | B1 |
| 6775267 | Kung | Aug 2004 | B1 |
| 6775534 | Lindgren | Aug 2004 | B2 |
| 6775655 | Peinado | Aug 2004 | B1 |
| 6775802 | Gaal | Aug 2004 | B2 |
| 6778136 | Gronemeyer | Aug 2004 | B2 |
| 6778885 | Agashe | Aug 2004 | B2 |
| 6781963 | Crockett | Aug 2004 | B2 |
| 6788249 | Farmer | Sep 2004 | B1 |
| 6795444 | Vo | Sep 2004 | B1 |
| 6795699 | McGraw | Sep 2004 | B1 |
| 6799049 | Zellner | Sep 2004 | B1 |
| 6799050 | Krasner | Sep 2004 | B1 |
| 6801159 | Swope | Oct 2004 | B2 |
| 6804524 | Vandermeijden | Oct 2004 | B1 |
| 6807534 | Erickson | Oct 2004 | B1 |
| 6810323 | Bullock | Oct 2004 | B1 |
| 6813264 | Vassilovski | Nov 2004 | B2 |
| 6813560 | Van Diggelen | Nov 2004 | B2 |
| 6816111 | Krasner | Nov 2004 | B2 |
| 6816580 | Timmins | Nov 2004 | B2 |
| 6816710 | Krasner | Nov 2004 | B2 |
| 6816719 | Heinonen | Nov 2004 | B1 |
| 6816734 | Wong | Nov 2004 | B2 |
| 6820069 | Kogan | Nov 2004 | B1 |
| 6829475 | Lee | Dec 2004 | B1 |
| 6832373 | O'Neill | Dec 2004 | B2 |
| 6839020 | Geier | Jan 2005 | B2 |
| 6839021 | Sheynblat | Jan 2005 | B2 |
| 6839417 | Weisman | Jan 2005 | B2 |
| 6842715 | Gaal | Jan 2005 | B1 |
| 6847618 | Laursen | Jan 2005 | B2 |
| 6847822 | Dennison | Jan 2005 | B1 |
| 6853916 | Fuchs | Feb 2005 | B2 |
| 6856282 | Mauro | Feb 2005 | B2 |
| 6861980 | Rowitch | Mar 2005 | B1 |
| 6865171 | Nilsson | Mar 2005 | B1 |
| 6865395 | Riley | Mar 2005 | B2 |
| 6867733 | Sandhu | Mar 2005 | B2 |
| 6867734 | Voor | Mar 2005 | B2 |
| 6873854 | Crockett | Mar 2005 | B2 |
| 6876734 | Summers | Apr 2005 | B1 |
| 6882850 | McConnell et al. | Apr 2005 | B2 |
| 6885874 | Grube | Apr 2005 | B2 |
| 6885940 | Brodie | Apr 2005 | B2 |
| 6888497 | King | May 2005 | B2 |
| 6888932 | Snip | May 2005 | B2 |
| 6895238 | Newell | May 2005 | B2 |
| 6895249 | Gaal | May 2005 | B2 |
| 6900758 | Mann | May 2005 | B1 |
| 6903684 | Simic | Jun 2005 | B1 |
| 6904029 | Fors | Jun 2005 | B2 |
| 6907224 | Younis | Jun 2005 | B2 |
| 6907238 | Leung | Jun 2005 | B2 |
| 6912230 | Salkini | Jun 2005 | B1 |
| 6912395 | Benes | Jun 2005 | B2 |
| 6912545 | Lundy | Jun 2005 | B1 |
| 6915208 | Garin | Jul 2005 | B2 |
| 6917331 | Gronemeyer | Jul 2005 | B2 |
| 6930634 | Peng | Aug 2005 | B2 |
| 6937187 | Van Diggelen | Aug 2005 | B2 |
| 6937872 | Krasner | Aug 2005 | B2 |
| 6940826 | Simard | Sep 2005 | B1 |
| 6940950 | Dickinson et al. | Sep 2005 | B2 |
| 6941144 | Stein | Sep 2005 | B2 |
| 6944540 | King | Sep 2005 | B2 |
| 6947772 | Minear | Sep 2005 | B2 |
| 6950058 | Davis | Sep 2005 | B1 |
| 6957073 | Bye | Oct 2005 | B2 |
| 6961562 | Ross | Nov 2005 | B2 |
| 6963557 | Knox | Nov 2005 | B2 |
| 6965754 | King | Nov 2005 | B2 |
| 6965767 | Maggenti | Nov 2005 | B2 |
| 6968044 | Beason | Nov 2005 | B2 |
| 6970917 | Kushwaha | Nov 2005 | B1 |
| 6973320 | Brown | Dec 2005 | B2 |
| 6975266 | Abraham | Dec 2005 | B2 |
| 6978453 | Rao | Dec 2005 | B2 |
| 6980816 | Rohler | Dec 2005 | B2 |
| 6985747 | Chithambaram | Jan 2006 | B2 |
| 6993355 | Pershan | Jan 2006 | B1 |
| 6996720 | DeMello | Feb 2006 | B1 |
| 6999782 | Shaughnessy | Feb 2006 | B2 |
| 7024321 | Deninger | Apr 2006 | B1 |
| 7024393 | Peinado | Apr 2006 | B1 |
| 7047411 | DeMello | May 2006 | B1 |
| 7065351 | Carter | Jun 2006 | B2 |
| 7065507 | Mohammed | Jun 2006 | B2 |
| 7072667 | Olrik | Jul 2006 | B2 |
| 7079857 | Maggenti | Jul 2006 | B2 |
| 7103018 | Hansen | Sep 2006 | B1 |
| 7103574 | Peinado | Sep 2006 | B1 |
| 7106717 | Rosseau | Sep 2006 | B2 |
| 7110773 | Wallace | Sep 2006 | B1 |
| 7136466 | Gao | Nov 2006 | B1 |
| 7136838 | Peinado | Nov 2006 | B1 |
| 7151946 | Maggenti | Dec 2006 | B2 |
| 7174153 | Ehlers | Feb 2007 | B2 |
| 7177397 | McCalmont | Feb 2007 | B2 |
| 7177398 | Meer | Feb 2007 | B2 |
| 7177399 | Dawson | Feb 2007 | B2 |
| 7200380 | Havlark | Apr 2007 | B2 |
| 7209758 | Moll et al. | Apr 2007 | B1 |
| 7209969 | Lahti | Apr 2007 | B2 |
| 7218940 | Niemenna | May 2007 | B2 |
| 7221959 | Lindquist | May 2007 | B2 |
| 7245900 | Lamb | Jul 2007 | B1 |
| 7260186 | Zhu | Aug 2007 | B2 |
| 7260384 | Bales et al. | Aug 2007 | B2 |
| 7321773 | Hines | Jan 2008 | B2 |
| 7330899 | Wong | Feb 2008 | B2 |
| 7333480 | Clarke | Feb 2008 | B1 |
| 7369508 | Parantainen | May 2008 | B2 |
| 7369530 | Keagy | May 2008 | B2 |
| 7382773 | Schoeneberger | Jun 2008 | B2 |
| 7394896 | Norton | Jul 2008 | B2 |
| 7428571 | Ichimura | Sep 2008 | B2 |
| 7436785 | McMullen | Oct 2008 | B1 |
| 7440442 | Grabelsky et al. | Oct 2008 | B2 |
| 7573982 | Breen | Aug 2009 | B2 |
| 7602886 | Beech | Oct 2009 | B1 |
| 7711094 | Olshansky | May 2010 | B1 |
| 7783297 | Ishii | Aug 2010 | B2 |
| 20010011247 | O'Flaherty | Aug 2001 | A1 |
| 20010014085 | Johansson et al. | Aug 2001 | A1 |
| 20010040886 | Jimenez | Nov 2001 | A1 |
| 20010049274 | Degraeve | Dec 2001 | A1 |
| 20020037735 | Maggenti | Mar 2002 | A1 |
| 20020052214 | Maggenti | May 2002 | A1 |
| 20020061760 | Maggenti | May 2002 | A1 |
| 20020069529 | Wieres | Jun 2002 | A1 |
| 20020077083 | Zellner | Jun 2002 | A1 |
| 20020077084 | Zellner | Jun 2002 | A1 |
| 20020077118 | Zellner | Jun 2002 | A1 |
| 20020077897 | Zellner | Jun 2002 | A1 |
| 20020086676 | Hendry | Jul 2002 | A1 |
| 20020098832 | Fleischer | Jul 2002 | A1 |
| 20020102996 | Jenkins | Aug 2002 | A1 |
| 20020102999 | Maggenti | Aug 2002 | A1 |
| 20020111172 | DeWolf | Aug 2002 | A1 |
| 20020112047 | Kushwaha | Aug 2002 | A1 |
| 20020118650 | Jagadeesan | Aug 2002 | A1 |
| 20020123327 | Vataja | Sep 2002 | A1 |
| 20020126656 | Park | Sep 2002 | A1 |
| 20020138650 | Yamamoto | Sep 2002 | A1 |
| 20020156732 | Odijk | Oct 2002 | A1 |
| 20020158777 | Flick | Oct 2002 | A1 |
| 20020173317 | Nykanen | Nov 2002 | A1 |
| 20020191595 | Mar | Dec 2002 | A1 |
| 20030009277 | Fan | Jan 2003 | A1 |
| 20030009602 | Jacobs | Jan 2003 | A1 |
| 20030012148 | Peters | Jan 2003 | A1 |
| 20030013449 | Hose | Jan 2003 | A1 |
| 20030016804 | Sheha | Jan 2003 | A1 |
| 20030026245 | Ejzak | Feb 2003 | A1 |
| 20030037163 | Kitada | Feb 2003 | A1 |
| 20030040272 | Lelievre | Feb 2003 | A1 |
| 20030065788 | Salomaki | Apr 2003 | A1 |
| 20030072318 | Lam | Apr 2003 | A1 |
| 20030078064 | Chan | Apr 2003 | A1 |
| 20030081557 | Mettala | May 2003 | A1 |
| 20030086422 | Klinker et al. | May 2003 | A1 |
| 20030096626 | Sabo et al. | May 2003 | A1 |
| 20030100320 | Ranjan | May 2003 | A1 |
| 20030101329 | Lahti | May 2003 | A1 |
| 20030101341 | Kettler | May 2003 | A1 |
| 20030103484 | Oommen | Jun 2003 | A1 |
| 20030108176 | Kung | Jun 2003 | A1 |
| 20030109245 | McCalmont | Jun 2003 | A1 |
| 20030114157 | Spitz | Jun 2003 | A1 |
| 20030119521 | Tipnis | Jun 2003 | A1 |
| 20030119528 | Pew | Jun 2003 | A1 |
| 20030125042 | Olrik | Jul 2003 | A1 |
| 20030137961 | Tsirtsis | Jul 2003 | A1 |
| 20030153340 | Crockett | Aug 2003 | A1 |
| 20030153341 | Crockett | Aug 2003 | A1 |
| 20030153342 | Crockett | Aug 2003 | A1 |
| 20030153343 | Crockett | Aug 2003 | A1 |
| 20030161298 | Bergman | Aug 2003 | A1 |
| 20030196105 | Fineberg | Oct 2003 | A1 |
| 20030204640 | Sahinoja | Oct 2003 | A1 |
| 20030223381 | Schroderus | Dec 2003 | A1 |
| 20040002326 | Maher | Jan 2004 | A1 |
| 20040032485 | Stephens | Feb 2004 | A1 |
| 20040043775 | Kennedy | Mar 2004 | A1 |
| 20040044623 | Wake | Mar 2004 | A1 |
| 20040047461 | Weisman | Mar 2004 | A1 |
| 20040068665 | Fox et al. | Apr 2004 | A1 |
| 20040068724 | Gardner | Apr 2004 | A1 |
| 20040092250 | Valloppillil | May 2004 | A1 |
| 20040098497 | Banet | May 2004 | A1 |
| 20040132465 | Mattila | Jul 2004 | A1 |
| 20040148357 | Corrigan et al. | Jul 2004 | A1 |
| 20040181689 | Kiyoto | Sep 2004 | A1 |
| 20040184584 | McCalmont | Sep 2004 | A1 |
| 20040185875 | Diacakis | Sep 2004 | A1 |
| 20040190497 | Knox | Sep 2004 | A1 |
| 20040198332 | Lundsgaard | Oct 2004 | A1 |
| 20040198386 | Dupray | Oct 2004 | A1 |
| 20040203922 | Hines | Oct 2004 | A1 |
| 20040205151 | Sprigg | Oct 2004 | A1 |
| 20040229632 | Flynn | Nov 2004 | A1 |
| 20040235493 | Ekerborn | Nov 2004 | A1 |
| 20040242238 | Wang | Dec 2004 | A1 |
| 20040267445 | De Luca | Dec 2004 | A1 |
| 20050028034 | Gantman | Feb 2005 | A1 |
| 20050039178 | Marolia | Feb 2005 | A1 |
| 20050041578 | Huotari | Feb 2005 | A1 |
| 20050043037 | Loppe | Feb 2005 | A1 |
| 20050053209 | D'Evelyn | Mar 2005 | A1 |
| 20050071671 | Karaoguz | Mar 2005 | A1 |
| 20050083911 | Grabelsky | Apr 2005 | A1 |
| 20050086467 | Asokan | Apr 2005 | A1 |
| 20050090236 | Schwinke | Apr 2005 | A1 |
| 20050107673 | Ball | May 2005 | A1 |
| 20050112030 | Gaus | May 2005 | A1 |
| 20050119012 | Merheb | Jun 2005 | A1 |
| 20050132200 | Jaffe | Jun 2005 | A1 |
| 20050134504 | Harwood | Jun 2005 | A1 |
| 20050135569 | Dickinson et al. | Jun 2005 | A1 |
| 20050136885 | Kaltsukis | Jun 2005 | A1 |
| 20050149430 | Williams | Jul 2005 | A1 |
| 20050149626 | Manchester et al. | Jul 2005 | A1 |
| 20050169248 | Truesdale | Aug 2005 | A1 |
| 20050174991 | Keagy | Aug 2005 | A1 |
| 20050192822 | Hartenstein | Sep 2005 | A1 |
| 20050201529 | Nelson | Sep 2005 | A1 |
| 20050209995 | Aksu | Sep 2005 | A1 |
| 20050213716 | Zhu | Sep 2005 | A1 |
| 20050232252 | Hoover | Oct 2005 | A1 |
| 20050243778 | Wang | Nov 2005 | A1 |
| 20050250516 | Shim | Nov 2005 | A1 |
| 20050259675 | Tuohino | Nov 2005 | A1 |
| 20050265318 | Khartabil | Dec 2005 | A1 |
| 20050266864 | Chen et al. | Dec 2005 | A1 |
| 20050271029 | Iffland | Dec 2005 | A1 |
| 20050282518 | D'Evelyn | Dec 2005 | A1 |
| 20050287979 | Rollender | Dec 2005 | A1 |
| 20050287990 | Mononen | Dec 2005 | A1 |
| 20050289097 | Trossen | Dec 2005 | A1 |
| 20060008065 | Longman et al. | Jan 2006 | A1 |
| 20060023747 | Koren et al. | Feb 2006 | A1 |
| 20060026288 | Acharya | Feb 2006 | A1 |
| 20060036680 | Shim | Feb 2006 | A1 |
| 20060053225 | Poikselka | Mar 2006 | A1 |
| 20060058042 | Shim | Mar 2006 | A1 |
| 20060058102 | Nguyen et al. | Mar 2006 | A1 |
| 20060064307 | Pakkala | Mar 2006 | A1 |
| 20060068753 | Karpen | Mar 2006 | A1 |
| 20060079249 | Shim | Apr 2006 | A1 |
| 20060120517 | Moon | Jun 2006 | A1 |
| 20060128395 | Muhonen | Jun 2006 | A1 |
| 20060135177 | Winterbottom | Jun 2006 | A1 |
| 20060188083 | Breen | Aug 2006 | A1 |
| 20060193447 | Schwartz | Aug 2006 | A1 |
| 20060212558 | Sahinoja | Sep 2006 | A1 |
| 20060212562 | Kushwaha | Sep 2006 | A1 |
| 20060225090 | Shim et al. | Oct 2006 | A1 |
| 20060234639 | Kushwaha | Oct 2006 | A1 |
| 20060234698 | Fok | Oct 2006 | A1 |
| 20060239205 | Warren | Oct 2006 | A1 |
| 20060242230 | Smith | Oct 2006 | A1 |
| 20060258380 | Liebowitz | Nov 2006 | A1 |
| 20060293024 | Benco | Dec 2006 | A1 |
| 20060293066 | Edge | Dec 2006 | A1 |
| 20070003024 | Olivier | Jan 2007 | A1 |
| 20070019614 | Hoffmann | Jan 2007 | A1 |
| 20070022011 | Altberg | Jan 2007 | A1 |
| 20070026854 | Nath | Feb 2007 | A1 |
| 20070026871 | Wager | Feb 2007 | A1 |
| 20070027997 | Polk | Feb 2007 | A1 |
| 20070030539 | Nath | Feb 2007 | A1 |
| 20070036139 | Patel | Feb 2007 | A1 |
| 20070037585 | Shim | Feb 2007 | A1 |
| 20070041513 | Gende | Feb 2007 | A1 |
| 20070049288 | Lamprecht | Mar 2007 | A1 |
| 20070072624 | Niemaenmaa | Mar 2007 | A1 |
| 20070081635 | Croak | Apr 2007 | A1 |
| 20070082681 | Kim | Apr 2007 | A1 |
| 20070082682 | Kim | Apr 2007 | A1 |
| 20070115941 | Patel | May 2007 | A1 |
| 20070121601 | Kikinis | May 2007 | A1 |
| 20070149213 | Lamba | Jun 2007 | A1 |
| 20070160036 | Smith | Jul 2007 | A1 |
| 20070162228 | Mitchell | Jul 2007 | A1 |
| 20070167177 | Kraufvelin | Jul 2007 | A1 |
| 20070182547 | Wachter | Aug 2007 | A1 |
| 20070202897 | Smith | Aug 2007 | A1 |
| 20070206568 | Silver | Sep 2007 | A1 |
| 20070206613 | Silver | Sep 2007 | A1 |
| 20070242660 | Xu | Oct 2007 | A1 |
| 20070243885 | Shim | Oct 2007 | A1 |
| 20070244987 | Pedersen et al. | Oct 2007 | A1 |
| 20070263610 | Mitchell | Nov 2007 | A1 |
| 20070270164 | Maier | Nov 2007 | A1 |
| 20080014931 | Yared | Jan 2008 | A1 |
| 20080020733 | Wassingbo | Jan 2008 | A1 |
| 20080037715 | Prozeniuk | Feb 2008 | A1 |
| 20080063153 | Krivorot | Mar 2008 | A1 |
| 20080065775 | Polk | Mar 2008 | A1 |
| 20080109650 | Shim | May 2008 | A1 |
| 20080117859 | Shahidi | May 2008 | A1 |
| 20080173709 | Ghosh | Jul 2008 | A1 |
| 20080186164 | Emigh | Aug 2008 | A1 |
| 20080214202 | Toomey | Sep 2008 | A1 |
| 20080263169 | Brabec et al. | Oct 2008 | A1 |
| 20090137244 | Zhou et al. | May 2009 | A1 |
| 20090158136 | Rossano et al. | Jun 2009 | A1 |
| 20090158397 | Herzog et al. | Jun 2009 | A1 |
| 20090172804 | Spies et al. | Jul 2009 | A1 |
| 20090205027 | Salazar et al. | Aug 2009 | A1 |
| 20090265552 | Moshir et al. | Oct 2009 | A1 |
| 20090265763 | Davies et al. | Oct 2009 | A1 |
| 20090320123 | Yu | Dec 2009 | A1 |
| 20100094996 | Samaha | Apr 2010 | A1 |
| 20100100928 | Gasparini et al. | Apr 2010 | A1 |
| 20100162371 | Geil | Jun 2010 | A1 |
| 20100205242 | Marchioro, II | Aug 2010 | A1 |
| 20100311447 | Jackson | Dec 2010 | A1 |
| 20110053618 | Lin et al. | Mar 2011 | A1 |
| 20110145564 | Moshir et al. | Jun 2011 | A1 |
| 20110159862 | Jackson | Jun 2011 | A1 |
| 20110252146 | Santamaria et al. | Oct 2011 | A1 |
| 20110300830 | Ramrattan | Dec 2011 | A1 |
| 20110307947 | Kariv | Dec 2011 | A1 |
| 20120150968 | Yasrebi et al. | Jun 2012 | A1 |
| 20120192287 | Cai et al. | Jul 2012 | A1 |
| 20130111550 | Naveh | May 2013 | A1 |
| 20130171971 | Fujii | Jul 2013 | A1 |
| 20130191908 | Klein | Jul 2013 | A1 |
| 20130202108 | Kao | Aug 2013 | A1 |
| Number | Date | Country |
|---|---|---|
| 1387239 | Feb 2004 | EP |
| PCTSE9801887 | Oct 1998 | SE |
| PCTUS9928848 | Dec 1999 | WO |
| WO0145342 | Jun 2001 | WO |
| PCTUS0146666 | Nov 2001 | WO |
| WO2004025941 | Mar 2004 | WO |
| PCTUS2005022090 | Jun 2005 | WO |
| WO2005051033 | Jun 2005 | WO |
| WO2006075856 | Jul 2006 | WO |
| Entry |
|---|
| Intrado Inc., Qwest Detailed SR/ALI to MPC/GMLC Interface Specification for TCP/IP Implementation of TIA/EIA/J-STD-036 E2 with Phase I Location Description Addition, Intrado Informed Response; Apr. 2004; Issue 1.11; pp. 1-57. |
| International Search Report in PCT/US2007/23243 dated Apr. 2, 2008. |
| PCT International Search Report (PCTUS2007/23714) and Written Opinion of International Searching Authority, Apr. 18, 2008. |
| Le-Pond Chin, Jyh-Hong Wen, Ting-Way Liu, The Study of the Interconnection of GSM Mobile Communication System Over IP based Network, May 6, 2001, IEEE, Vehicular Technology Conference, vol. 3, pp. 2219-2223. |
| Location Based Services V2 Roaming Support (non proprietary), 80-V8470-2NP A, dated Jan. 27, 2005, pp. 1-56. |
| Qualcomm CDMA Technologies, MS Resident User Plane LBS Roaming—80-VC718-1 E, 2006, pp. 1-37. |
| Qualcomm CDMA Technologies, LBS Control Plane/User Plane Overview—80-VD378-1 NP B, 2006, pp. 1-36. |
| Bhalla et al, TELUS, Technology Strategy—LBS Roaming Summit, Sep. 19, 2006. |
| Alfredo Aguirre, Iusacell, First and Only Carrier in Mexico with a 3G CDMA Network, 2007. |
| Mike McMullen, Sprint, LBS Roaming Summit, Sep. 19, 2006. |
| Andrew Yeow, BCE, LBS Roaming Summit, Sep. 19, 2006, pp. 1-8. |
| Qualcomm CDMA Technologies, LBS Control Plane Roaming—80-VD377-1 NP A, 2006, pp. 1-10. |
| International Search Report received in PCT/US2013/21199 dated Mar. 26, 2013. |
| International Search Report received in PCT/US2012/068083 dated Feb. 8, 2013. |
| Number | Date | Country | |
|---|---|---|---|
| 20130291078 A1 | Oct 2013 | US |
| Number | Date | Country | |
|---|---|---|---|
| 61622829 | Apr 2012 | US |
