System for Enforcing Security Policies on Mobile Communications Devices
1 Assignment
0 Petitions
Accused Products
Abstract
A system for enforcing security policies on mobile communications devices is adapted to be used in a mobile communications network in operative association with a subscriber identity module. The system having a client-server architecture includes a server operated by a mobile communications network operator and a client resident on a mobile communications device on which security policies are to be enforced. The server is adapted to determine security policies to be applied on said mobile communications device, and to send thereto a security policy to be applied. The client is adapted to receive the security policy to be applied from the server, and to apply the received security policy. The server includes a server authentication function adapted to authenticate the security policy to be sent to the mobile communications device; the client is further adapted to assess authenticity of the security policy received from the server by exploiting a client authentication function resident on the subscriber identity module.
578 Citations
72 Claims
-
1-48. -48. (canceled)
-
49. A system for enforcing security policies on mobile communications devices, the mobile communications devices being adapted to be used in a mobile communications network in operative association with a subscriber identity module, the system having a client-server architecture and comprising:
-
a server operated by a mobile communications network operator; and a client resident on a mobile communications device on which security policies are to be enforced, wherein said server is adapted to determine security policies to be applied on said mobile communications device, and to send thereto a security policy to be applied, and wherein said client is adapted to receive the security policy to be applied from the server, and to apply the received security policy, the server comprising a server authentication function adapted to authenticate the security policy to be sent to the mobile communications device; and wherein the client is further adapted to assess authenticity of the security policy received from the server by exploiting a client authentication function resident on the subscriber identity module. - View Dependent Claims (50, 51, 52, 53, 54, 55, 56, 57, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69)
-
- 58. The system of claim 58, wherein the server is further adapted to send to the client a policy apply message instructing the client to apply a specified security policy already stored in the local database.
-
70. A method of enforcing security policies on mobile communications devices, wherein the mobile communications devices are adapted to be used in a mobile communications network in operative association with a subscriber identity module, comprising:
-
having the mobile communications network determine a security policy to be applied on a mobile communications device, and send the security policy to the mobile communications device, and having the mobile communications device receive the security policy and enforce it, said sending the security policy comprising authenticating the security policy to be sent to the mobile communications device, and said having the mobile communications device receive the security policy and enforce it comprising having the mobile communications device assess the authenticity of the received security policy exploiting an authentication function resident on the subscriber identity module.
-
-
71. A mobile communications device capable of being adapted to be used in a mobile communications network in operative association with a subscriber identity module, wherein the mobile communications device comprises an adaptation to receive from the mobile communications network a security policy to be enforced, and to apply the received security policy, the mobile communications device comprising a further adaptation to assess authenticity of the security policy received from the mobile communications network by exploiting an authentication function resident on the subscriber identity module operatively associated therewith,
-
72. A subscriber identify module capable of being adapted to be operatively associated with a mobile communications device for enabling use of the mobile communications device in a mobile communications network, the subscriber identify module comprising an adaptation to implement an authentication function adapted to assess authenticity of a security policy received by the mobile communications device.
Specification