Electrical computers and digital processing systems: multicomput – Computer-to-computer session/connection establishing – Network resources access controlling
Reexamination Certificate
1998-07-17
2001-09-18
Lim, Krisna (Department: 2153)
Electrical computers and digital processing systems: multicomput
Computer-to-computer session/connection establishing
Network resources access controlling
C709S219000, C709S225000
Reexamination Certificate
active
06292833
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Field of the Invention
The present invention relates to mobile devices and, more particularly, to secure access to local services of mobile devices.
2. Description of the Related Art
A wireless network is often used to transmit messages from one location in a network to a destination location in the network. These messages contain data to be supplied to the destination location. In some cases the messages are responses to requests for information from a source location. In other cases the messages are notification messages that are sent to the destination location without any specific request. The wireless network typically includes various mobile devices. Also, the network that the wireless network is coupled to often includes many remote servers that store various kinds of information.
Mobile devices are provisioned (i.e., configured) to operate in specific ways. The provisioning can be preset in the mobile phone, can be performed by a user, or can be performed when the mobile device connects to the wireless network. Often, the mobile devices will be provisioned over the air after the mobile device connects to the wireless network. The provisioning of a mobile device determines how various basic functions of the mobile device will operate. Typically, a mobile device has a set of local services that provides the basic functions of the mobile device. Examples of such basic functions include setting or updating wireless voice and data protocol parameters, address books, and various other parameters that can be used to enable or disable certain telephony and data features of the mobile devices.
The provisioning of a mobile device over the air means that local service parameters are acquired or set within the mobile device to control its operation by accessing provisioning information from the network. For example, a mobile device can request provisioning information from a particular remote server on the network, the mobile device can then be provisioned in accordance with the provisioning information acquired from the particular remote server. The particular remote server is ordinarily a service provider for a particular service to be enjoyed by the mobile device. As such, the service provider contains the necessary provisioning information to provision a mobile device over the air.
Often, the provisioning information acquired from the particular remote server is executable or binary code. The executable or binary code contains interfaces, data or operations that cause the mobile device to modify local service parameters so that some of the functions of the mobile device are set or altered. Examples of the executable or binary code include scripts, JAVA applets and compressed Mark-up Language data files.
Conventionally, because a mobile device can be provisioned from remote servers over a network, there are problems concerning unauthorized provisioning of a mobile device. In an open wireless network environment, it is plausible for any remote sites or service provider to access the local services provided by a mobile device. For example, a remote site or service provider can provision a mobile device to change the local service parameters supported by the mobile device. As a result, the local services of the mobile devices are open to malicious attack from hackers and the like which can cause the mobile device inoperative or operable in undesirable states. As an example, a virus code could be undesirably downloaded as provisioning information from an unscrupulous remote server to a mobile device and consequently would erase or damage local service parameters currently stored in the mobile device so that the mobile device no longer operates properly.
Thus, there is a need for ensuring secure access to local service parameters of mobile devices.
SUMMARY OF THE INVENTION
Broadly speaking, the invention relates to techniques for restricting access to local services of mobile devices. The local services may include functions of modifying wireless voice/date protocols, configuration or system parameters, bookmarks, addresses, subscriber provisioning information and other parameters that may enable or disable certain telephony and data features of the mobile devices. The mobile devices include, but are not limited to, mobile computing devices, cellular phones, palm-sized computer devices, and Personal Digital Assistants (PDAs). The mobile devices are capable of communicating wirelessly with one or more service providers or remote servers on a network. The invention provides secure access to the local services of mobile devices such that only authorized services (e.g., from authorized servers or network sites) are able to remotely invoke or update the local services of the mobile devices. According to the invention, before permitting access to local services of a mobile device, the identity of a remote service seeking to have the access is checked to determine whether the remote service is authorized for such access. If the remote service is authorized, then the access is permitted and the remote service is able to execute or update the local services of the mobile device. Conversely, when the remote service is not authorized, then the access is denied so that the local services provided by the mobile device are not open to attack or corruption from unauthorized remote services from unscrupulous servers or network sites.
The invention can be implemented in numerous ways including a method, a computer readable medium, an apparatus, and a system. Several embodiments of the invention are discussed below.
As a method for ensuring secure access to local services of a mobile device, one embodiment of the invention includes the acts of: receiving a message from a computer through a network, the message having a service identity associated therewith; determining whether the message seeks access to the local services of the mobile device; comparing the service identity associated with the message against one or more authorized service identities at least when the determining act determines that the message seeks access to the local services of the mobile device; and permitting the message to access the local services of the mobile device only when the comparing act indicates that the service identity associated with the message matches at least one of the one or more authorized service identities.
As a computer readable medium having computer program code for ensuring secure access to local services of a mobile device, one embodiment of the invention includes: computer program code for receiving executable code from a computer through a network, the executable code having a service identity associated therewith; computer program code for executing the executable code; and computer program code for preventing the executable code from accessing the local services of the mobile device during execution unless the service identity associated with the executable code matches at least one of a plurality of authorized service identities.
As a mobile device capable of connecting to a network of computers through a wireless link, one embodiment of the invention includes: a display screen that displays graphics and text; a message buffer that temporarily stores a message from a computer on the network of computers, the message having a service identity associated therewith; an application that utilizes the message received from the computer on the network of computers; a local services data area that stores local services data which controls the operation of the mobile device; an authorization storage area that stores authorized service identities that are permitted to access the local services data area; and an access controller that controls access to the local services data area such that the local services data cannot be altered by the application utilizing the message, unless the service identity associated with the message matches at least one of the authorized service identities.
As a wireless communication system, one embodiment of the invention includes a wired net
King Peter F.
Liao Hanqing
Martin, Jr. Bruce K.
Beyer Weaver & Thomas LLP
Lim Krisna
Openwave Systems Inc.
LandOfFree
Method and apparatus for providing access control to local... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method and apparatus for providing access control to local..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method and apparatus for providing access control to local... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2540089