Communication device, control method of communication device, program and communication method

US 7,421,577 B2
Filed: 03/31/2004
Issued: 09/02/2008
Est. Priority Date: 03/31/2003
Status: Active Grant

First Claim

Patent Images

1. A communication device, comprising:

an executing unit configured to execute software;

a memory configured to store permission data, the permission data indicating permissible behavior for an application, the application being a group of functions provided by execution of the software;

a checking unit configured to check, by accessing an external device before the software is executed, whether the permission data are valid; and

an execution control unit configured to;

permit the executing unit to execute the software when, on the basis of a result of the check carried out by the checking unit, the permission data are determined to be valid, and when, on the basis of the permission data, that the software to be executed is determined to include permissible behavior, and;

not permit the executing unit to execute the software when, on the basis of the result of the check executed by the checking unit, the permission data are determined to be invalid or when, on the basis of the permission data, that the software to be executed is determined not to include permissible behavior.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention provides a means for reflecting modifications made in a server to data with regard to a scope of rights, which are granted to an application program operable in a communication device such as a mobile station, on data stored in the communication device. To achieve the aim, in a system according to the present invention, Java-AP software is provided to a mobile station by transmitting an ADF, a SDF and a JAR file from servers to the mobile station in that order. The SDF is a file containing data indicating restrictions of behavior of a Java-AP in a mobile station. The SDF also contains data indicating a validity state of the SDF, namely ‘valid’ or ‘invalid’, which is managed by management server device 18. Before a mobile station runs a Java-APP which is installed in the mobile station, the mobile station accesses management server device 18 and checks whether a SDF corresponding to the Java-APP is valid. When the SDF is valid, the mobile station runs the Java-APP following the restrictions indicated in the SDF.

55 Citations

View as Search Results

21 Claims

1. A communication device, comprising:
- an executing unit configured to execute software;
  
  a memory configured to store permission data, the permission data indicating permissible behavior for an application, the application being a group of functions provided by execution of the software;
  
  a checking unit configured to check, by accessing an external device before the software is executed, whether the permission data are valid; and
  
  an execution control unit configured to;
  
  permit the executing unit to execute the software when, on the basis of a result of the check carried out by the checking unit, the permission data are determined to be valid, and when, on the basis of the permission data, that the software to be executed is determined to include permissible behavior, and;
  
  not permit the executing unit to execute the software when, on the basis of the result of the check executed by the checking unit, the permission data are determined to be invalid or when, on the basis of the permission data, that the software to be executed is determined not to include permissible behavior.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. A communication device according to claim 1, further comprising,a determining unit configured to determine whether it is necessary to carry out the check by the checking unit, the checking unit either carrying out or not carrying out the check on the basis of a determination made by the determining unit.
  - 3. A communication device according to claim 2, wherein,the determining unit comprises:
    - a counting unit configured to count a number of executions of the software; and
      
      a frequency data memory configured to store frequency data indicating how frequently it is necessary to carry out the check; and
      
      wherein,the determining unit is configured to determine, on the basis of a number of executions of the software, as counted by the counting unit, and on the basis of the frequency data stored in the frequency data memory, whether it is necessary to carry out a check by the checking unit.
  - 4. A communication device according to claim 2, wherein,the determining unit comprises:
    - a timer configured to provide time data indicating a present time; and
      
      a time interval data memory for storing time interval data indicating a time interval at which it is necessary to carry out the check; and
      
      wherein,the determining unit is configured to calculate, on the basis of time data provided by the timer, a time period between a present time and a time recorded at a most recent execution of the software, and determines whether it is necessary to carry out the check by the checking unit on the basis of the calculated time period and the time interval data stored in said time interval data memory.
  - 5. A communication device according to claim 1, further comprising:
    - a count data memory configured to store count data indicating a number of times that the software is allowed to be executed in a condition that the checking unit is unable to make the check; and
      
      the execution control unit is configured to permit the executing unit to execute the software in a condition that the checking unit is unable to make the check up to a number of times which is indicated by the count data stored in the count data memory.
  - 6. A communication device according to claim 1, further comprising:
    - an updating unit configured to obtain update data from the external device, and updating the permission data stored in the memory on the basis of the update data.
  - 7. A communication device according to claim 6, wherein:
    - the updating unit is configured to;
      
      transmit, to the external device, update timing data indicating a timing of a most recent update of the permission data stored in the memory, when the checking unit makes the check;
      
      receive update data transmitted from the external device in response to the transmission of the update timing data; and
      
      update the permission data stored in the memory on the basis of the update data.
  - 8. A communication device according to claim 1, further comprising:
    - a terminating unit configured to instruct the executing unit to terminate execution of the software when the application attempts to conduct behavior which the application is not permitted to conduct.
  - 9. A communication device according to claim 1, wherein:
    - the permission data contain information on usage of at least one of an internal hardware resource of the communication device, an external hardware resource of the communication device, a software resource and a communication network resource.
  - 10. A communication device according to claim 1, wherein the application comprises a Java application;
    - andwherein the permission data comprises a scope of rights which are granted to the Java application.
  - 11. A communication device according to claim 1, wherein the permission data indicates that the application is allowed to access information designated as confidential.
  - 12. A communication device according to claim 1, wherein the permission data indicates that the application is allowed to access telephone directory information.
  - 13. A communication device according to claim 1, wherein permission data indicates that the application is allowed to access e-mail information.
  - 14. A communication device according to claim 1, wherein permission data indicates that the application is allowed to reconfigure the communication device.
  - 15. A communication device according to claim 1, wherein permission data indicates that the application is allowed to access configuration information relating to the communication device.

16. A method for controlling a communication device, the method comprising:
- transmitting to the communication device permission data, the permission data indicating permissible behavior for an application, the application being a group of functions provided by execution of software in the communication device;
  
  checking, by communicating data between the communication device and an external device, whether the permission data are valid, before the software is executed in the communication device;
  
  permitting the software to be executed only when the permission data are determined to be valid on the basis of a result of the check and when the software to be executed is determined to include permissible behavior on the basis of the permission data, anddisallowing the executing unit to execute the software when, on the basis of the result of the check executed by the checking unit, the permission data are determined to be invalid or when, on the basis of the permission data, that the software to be executed is determined not to include permissible behavior.
- View Dependent Claims (17)
- - 17. The method according to claim 16, wherein the permission data indicates that the application is allowed to access information designated as confidential.

18. A computer readable storage medium storing a program for causing a computer to execute a process, the process comprising:
- storing, in a memory, permission data indicating permissible behavior for an application, the application being a group of functions provided by execution of software;
  
  checking, by accessing an external device, whether the permission data are valid, before the software is executed;
  
  permitting the software to be executed only when the permission data are determined to be valid on the basis of a result of the check and when the software to be executed is determined to include permissible behavior on the basis of the permission data; and
  
  disallowing the software to be executed when, on the basis of the result of the check, the permission data are determined to be invalid or when, on the basis of the permission data, that the software to be executed is determined not to include permissible behavior.
- View Dependent Claims (19)
- - 19. The computer readable storage medium according to claim 18, wherein the permission data indicates that the application is allowed to access information designated as confidential.

20. A communication method in a communication system comprising (a) a software data providing server device which stores software data containing software for providing a group of functions forming an application, (b) a management server device which stores security descriptor data containing permission data indicating permissible behavior for the application, and (c) an application descriptor data providing server device which stores application descriptor data indicating a storage location of the software data and a storage location of the security descriptor data, the method comprising:
- transmitting the application descriptor data from said communication system to said communication device;
  
  transmitting data indicating the storage location of the security descriptor data contained in the application descriptor data from said communication device to said communication system;
  
  transmitting the security descriptor data from said communication system to said communication device on the basis of the data indicating the storage location of the security descriptor data;
  
  storing the security descriptor data in said communication device;
  
  transmitting data indicating the storage location of the software data contained in the security descriptor data from said communication device to said communication system;
  
  transmitting the software data from said communication system to said communication device on the basis of the data indicating the storage location of the software data;
  
  installing, in said communication device, the software contained in the software data transmitted from said communication system to said communication device;
  
  checking, by communicating data between said communication device and said communication system before the software is executed in said communication device, whether the security descriptor data stored in said communication device are valid;
  
  permitting said software to be executed in said communication device only when the security descriptor data are determined to be valid on the basis of a result of the check and when the software to be executed is determined to include permissible behavior on the basis of the permission data; and
  
  disallowing the software to be executed in said communication device when the security descriptor data are determined to be invalid on the basis of the result of the check or when, on the basis of the permission data, that the software to be executed is determined not to include permissible behavior.
- View Dependent Claims (21)
- - 21. The method according to claim 20, wherein the permission data indicates that the application is allowed to access information designated as confidential.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
NTT Docomo Incorporated (Nippon Telegraph and Telephone Corporation)
Original Assignee
NTT Docomo Incorporated (Nippon Telegraph and Telephone Corporation)
Inventors
Tsuda, Masayuki, Tomioka, Atsuki, Ichikawa, Yuichi, Yamada, Kazuhiro, Naruse, Naoki, Kamiya, Dai, Oi, Tatsuro, Washio, Satoshi, Watanabe, Nobuyuki, Yamane, Naoki, Hattori, Yasunori, Murakami, Keiichi, Takeshita, Masato, Nishida, Masakazu, Asai, Mao
Primary Examiner(s)
Sheikh, Ayaz
Assistant Examiner(s)
CHEN, SHIN HON

Application Number

US10/815,106
Publication Number

US 20040260939A1
Time in Patent Office

1,616 Days
Field of Search

713/158, 713/168, 713/169, 713/170, 713/156, 713/175, 726/10
US Class Current

713/156
CPC Class Codes

G06F 21/1077   Recurrent authorisation

G06F 21/53   by executing in a restricte...

G06F 21/54   by adding security routines...

G06F 2221/2137   Time limited access, e.g. t...

Communication device, control method of communication device, program and communication method

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

55 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Communication device, control method of communication device, program and communication method

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

55 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links