System and method for over the air configuration security

US 20020144151A1
Filed: 04/27/2001
Published: 10/03/2002
Est. Priority Date: 02/16/2001
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for maintaining configuration information on a mobile device, comprising:

receiving a message including a request associated with configuration information stored on the mobile device;

associating a security role with the received message;

determining at least one configuration setting within the configuration information affected by the received message;

comparing the security role with a security privilege associated with the at least one configuration setting; and

if the security role is in agreement with the security privilege associated with the at least one configuration setting, processing the request associated with the configuration information.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Described is a system and method for assigning security credentials to particular components within a mobile device, and for ensuring that only configuration messages having sufficient access privilege to those components are allowed access, based on the security credentials. The security credentials or “roles” describe which settings a particular configuration message has authority to modify or query. Access is disallowed to settings for which a message does not have adequate security credentials.

Citations

28 Claims

1. A computer-implemented method for maintaining configuration information on a mobile device, comprising:
- receiving a message including a request associated with configuration information stored on the mobile device;
  
  associating a security role with the received message;
  
  determining at least one configuration setting within the configuration information affected by the received message;
  
  comparing the security role with a security privilege associated with the at least one configuration setting; and
  
  if the security role is in agreement with the security privilege associated with the at least one configuration setting, processing the request associated with the configuration information.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The computer-implemented method of claim 1, wherein associating the security role with the received message comprises assigning a particular security role based on a source of the message.
  - 3. The computer-implemented method of claim 2, wherein the source of the message is identified from information within the message.
  - 4. The computer-implemented method of claim 3, wherein the information within the message includes a shared key that identifies the source of the message.
  - 5. The computer-implemented method of claim 1, wherein processing the request associated with the configuration information further comprises comparing the security role with another security privilege associated with a configuration service provider, the configuration service provider being responsible for managing the configuration information stored on the mobile device.
  - 6. The computer-implemented method of claim 5, wherein if the security role is not in agreement with the other security privilege, the request is not processed.
  - 7. The computer-implemented method of claim 5, wherein if the security role is in agreement with the security privilege associated with the at least one configuration setting and with the other security privilege associated with the configuration service provider, the configuration service provider processes the request by accessing the configuration information.

8. A computer-readable medium having computer-executable components for managing security on a mobile device, comprising:
- a stored setting having an assigned security role that identifies a privilege that an entity attempting to access the stored setting must satisfy in order to access the stored setting;
  
  a router configured to receive a configuration message over a wireless communication link, the router being further configured to identify a source of the configuration message and to pass the configuration message to other components of the mobile device, the configuration message including an instruction that affects a configuration setting; and
  
  a configuration manager configured to receive the configuration message from the router and to parse the configuration message to identify the configuration setting affected by the configuration message, the configuration manager being further configured to compare security privileges associated with the source of the configuration message to security roles assigned to configuration settings stored on the mobile device, wherein if the configuration setting identified in the configuration message identifies the stored setting, and wherein if the source of the configuration message has sufficient privilege to access the stored setting, the configuration manager causes the instruction that affects the configuration setting to be processed.
- View Dependent Claims (9, 10, 11, 12, 14, 15, 16, 17, 18, 19)
- - 9. The computer-readable medium of claim 8, further comprising a configuration service provider configured to manage at least one configuration setting stored on the mobile device, and wherein the processing of the instruction is performed by the configuration service provider.
  - 10. The computer-readable medium of claim 9, wherein the configuration service provider has an assigned security role that identifies a privilege that must be associated with an instruction that affects a configuration setting which the configuration service provider maintains.
  - 11. The computer-readable medium of claim 10, wherein the configuration manager is further configured to determine if the instruction that affects the configuration setting is in agreement with the security role assigned to the configuration service provider that maintains the affected configuration setting, and if so, the configuration manager is further configured to pass the instruction to the configuration service provider to be handled.
  - 12. The computer-readable medium of claim 11, wherein the configuration service provider determines if the instruction is in agreement with the security role assigned to the stored setting prior to processing the instruction, and if not, terminating the processing of the instruction.
  - 14. The computer-implemented method of claim 13, wherein associating the security role with the instruction comprises assigning a particular security role based on a source of the configuration message.
  - 15. The computer-implemented method of claim 14, wherein the source of the message is identified from information within the configuration message.
  - 16. The computer-implemented method of claim 15, wherein the information within the configuration message includes a shared key that identifies the source of the configuration message.
  - 17. The computer-implemented method of claim 13, wherein processing the instruction comprises comparing the security role of the instruction with another security role associated with a configuration service provider, the configuration service provider being responsible for queries of and changes to the configuration setting.
  - 18. The computer-implemented method of claim 17, wherein if the security role of the instruction is not in agreement with the security role of the configuration service provider, the instruction is not processed.
  - 19. The computer-implemented method of claim 18, wherein if the security role of the instruction is in agreement with the security role of the configuration setting and with the security role of the configuration service provider, the configuration service provider processes the instruction.

13. A computer-readable medium having computer-executable instructions for maintaining configuration information on a mobile device, comprising:
- receiving a configuration message including an instruction associated with a configuration setting stored on the mobile device;
  
  associating a security role with the instruction;
  
  comparing the security role of the instruction with a security role associated with the configuration setting stored on the mobile device; and
  
  if the security role of the instruction is in agreement with the security role of the configuration setting, processing the instruction.

20. A computer-readable medium within a mobile device, comprising:
- a data structure associated with a configuration setting and a configuration service provider, the configuration setting being associated with a software component resident on the mobile device, the configuration service provider being responsible for maintaining the configuration setting, wherein the data structure comprises a first field including a security role associated with the configuration setting, the security role of the configuration setting identifying a setting privilege which must be had in order to access the configuration setting; and
  
  a second field including a security role associated with the configuration service provider, the security role of the configuration service provider identifying a provider privilege which must be had in order to make use of the configuration service provider.
- View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28)
- - 21. The computer-readable medium of claim 20, further comprising a configuration message received over a wireless communication link between a source of the configuration message and the mobile device, the second data structure including an instruction to access the configuration setting, the instruction having an associated security role based on the source of the configuration message.
  - 22. The computer-readable medium of claim 21, further comprising a configuration manager configured to cause the instruction to be processed if the security role of the instruction is in agreement with the security role of the configuration setting.
  - 23. The computer-readable medium of claim 21, further comprising a configuration manager configured to cause the instruction to be processed if the security role of the instruction is in agreement with the security role of the configuration service provider.
  - 24. The computer-readable medium of claim 21, further comprising a configuration manager configured to invoke the configuration service provider if the security role of the instruction is in agreement with the security role of the configuration service provider, the configuration service provider being further configured to process the instruction if the security role of the instruction is in agreement with the security role of the configuration setting.
  - 25. The computer-readable medium of claim 20, wherein the first field further comprises a policy field that identifies the configuration setting as a policy setting.
  - 26. The computer-readable medium of claim 25, wherein the policy setting can only be modified by an instruction generated by a particular source.
  - 27. The computer-readable medium of claim 26, wherein the particular source includes administrative privileges.
  - 28. The computer-readable medium of claim 25, wherein the policy setting may only be modified locally.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Shell, Scott R., Butler, Lee M.

Granted Patent

US 7,188,243 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/201
CPC Class Codes

H04L 63/102   Entity profiles

H04W 12/08   Access security

H04W 12/35   Protecting application or s...

H04W 8/18   Processing of user or subsc...

H04W 88/02   Terminal devices

System and method for over the air configuration security

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

28 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for over the air configuration security

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

28 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links