Method and apparatus for providing access control to local services of mobile devices
First Claim
1. A method for restricting access to local services of a mobile device, said method comprising:
- (a) receiving a message from a computing device through a network, the message having a service identity associated therewith;
(b) determining whether the message seeks access to the local services of the mobile device;
(c) comparing the service identity associated with the message against one or more authorized service identities at least when said determining (b) determines that the message seeks access to the local services of the mobile device; and
(d) permitting the message to access the local services of the mobile device only when said comparing (c) indicates that the service identity associated with the message matches at least one of the one or more of authorized service identities.
6 Assignments
0 Petitions
Accused Products
Abstract
Techniques for ensuring secure access to local service of mobile devices of a wireless communication system are disclosed. The techniques control access to local services of mobile devices such that only authorized services are able to remotely alter the local services of the mobile devices. Before permitting access to local services of a mobile device, the identity of the network site seeking to have access is checked to determine whether the network site is authorized for such access. If the network site is authorized, then access is permitted and the network site is able to modify or alter the local services of the mobile device. On the other hand, when the network site is not authorized, then the network site is denied access to the local service so that the local services provided by the network site are not open to attack or corruption from unscrupulous network sites.
289 Citations
36 Claims
-
1. A method for restricting access to local services of a mobile device, said method comprising:
-
(a) receiving a message from a computing device through a network, the message having a service identity associated therewith;
(b) determining whether the message seeks access to the local services of the mobile device;
(c) comparing the service identity associated with the message against one or more authorized service identities at least when said determining (b) determines that the message seeks access to the local services of the mobile device; and
(d) permitting the message to access the local services of the mobile device only when said comparing (c) indicates that the service identity associated with the message matches at least one of the one or more of authorized service identities. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
wherein the message contains executable code that causes the local services to be processed so that system parameters in the mobile device are modified to alter the operation of the mobile device, and wherein said permitting (d) comprises executing the message when the service identity associated with the message matches at least one of the one or more of authorized service identities, and wherein the stored parameters are altered by the execution of the message.
-
-
11. A computer readable medium having computer program code for ensuring secure access to local services of a mobile device, said computer readable medium comprising:
-
computer program code for receiving executable code from a computing device through a network, the executable code having a service identity associated therewith;
computer program code for executing the executable code; and
computer program code for preventing the executable code from accessing the local services of the mobile device during execution unless the service identity associated with the executable code matches at least one of a plurality of authorized service identities. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
computer program code for determining whether the executable code seeks access to the local services of the mobile device; and
computer program code for comparing the service identity associated with the executable code against one or more authorized service identities at least when said computer program code for determining determines that the executable code seeks access to the local services of the mobile device.
-
-
17. A computer readable medium as recited in claim 16, wherein said computer program code for determining and said computer program code for comparing are performed before said computer program code for executing.
-
18. A computer readable medium as recited in claim 16, wherein said computer program code for determining and said computer program code for comparing are performed during said computer program code for executing.
-
19. A computer readable medium having computer program code for ensuring secure access to local services of a mobile device, said computer readable medium comprising:
-
computer program code for receiving a message from a computer through a network, the message having a service identity associated therewith; and
computer program code for preventing the message from accessing the local services of the mobile device unless the service identity associated with the message matches at least one of a plurality of authorized service identities. - View Dependent Claims (20, 21, 22, 23)
computer program code for preventing the message from accessing the local services of the mobile device when a connection between the mobile device and the computer on the network that supplies the message is determined to be unsecure.
-
-
21. A computer readable medium as recited in claim 19,
wherein said computer readable medium is provided within the mobile device, and wherein the network is the Internet and where the computer is a server computer coupled to the Internet. -
22. A computer readable medium as recited in claim 19, wherein the message comprises provisioning information that causes the local services of the mobile device to update system parameters therein so that the mobile device is provisioned with respect to the provisioning information.
-
23. A computer readable medium as recited in claim 19, wherein said computer readable medium further comprises:
-
computer program code for determining whether the message seeks access to the local services of the mobile device; and
computer program code for comparing the service identity associated with the message against one or more authorized service identities at least when said computer program code for determining determines that the message seeks access to the local services of the mobile device.
-
-
24. A mobile device capable of connecting to a network of computers through a wireless link, said mobile device comprising:
-
a display screen that displays graphics and text;
a message buffer that temporarily stores a message from a computer on the network of computers, the message having a service identity associated therewith;
an application that utilizes the message received from the computer on the network of computers;
a local services data area that stores local services data which controls operation of said mobile device;
an authorization storage area that stores authorized service identities that are permitted to access said local services data area;
an access controller that controls access to said local services data area such that the local services data cannot be altered by said application utilizing the message, unless the service identity associated with the message matches at least one of the authorized service identities. - View Dependent Claims (25, 26, 27, 28, 29, 30)
-
-
31. A wireless communication system, comprising:
-
a wired network having a plurality of server computers;
a wireless carrier network operatively connected to said wired network;
a plurality of wireless mobile devices, each supporting certain local services, the certain local services that are used in determining system parameters that are independently set in each of said wireless mobile devices, wherein messages are supplied to said wireless mobile devices from the server computers of said wired network via said wireless carrier network, and wherein each of said wireless mobile devices operates, upon receiving one of the messages, to prevent the one of the messages from accessing the system parameters of said each of said wireless mobile devices unless a service identity associated with the one of the messages matches at least one of a plurality of authorized service identities. - View Dependent Claims (32, 33, 34, 35, 36)
a proxy server coupled between said wired network and said wireless carrier network, said proxy server responsible for verifying if the one of the messages is from an authorized one of said plurality of server computers.
-
-
36. A system as recited in claim 35, wherein each of said plurality of wireless mobile devices has an access control table comprising the plurality of authorized service identities, said access control table being able to be updated by said proxy server when a communication session between said wireless mobile device and said proxy server is secure and authenticated.
Specification