Method and apparatus for providing dynamic security management

US 7,712,126 B2
Filed: 02/08/2005
Issued: 05/04/2010
Est. Priority Date: 02/11/2004
Status: Expired due to Fees

First Claim

Patent Images

1. A method of providing a dynamic security management in an apparatus, the apparatus comprising:

a platform for running an application;

a security manager for handling access of the application to functions existing in the apparatus;

an application interface between the platform and the application;

a set of access permissions stored in the apparatus and used by the security manager for controlling access of the application to functions through the application interface the method comprising;

configuring at least one processor to perform the functions of;

downloading into the apparatus an object containing additional access permissions and other permission information to be associated with security policy contained in the downloaded object as well as access permissions already existing in the apparatus, wherein the permissions are applicable to at least one function, the object comprising new routines and/or new functions;

verifying the object and the associated permissions linked to the existing access permissions;

providing the security with a hierarchical structure including the access permissions in the security policy and the object containing additional access permissions and other permission information; and

installing the access permissions together with the existing permissions, the object enhancing the application interface with the new routines and/or new functions.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and devices provide dynamic security management in an apparatus, such as a mobile telephone terminal. The apparatus includes a platform for running an application; a security manager for handling access of the application to functions existing in the apparatus; an application interface (API) between the platform and the application; a set of access permissions stored in the apparatus and used by the security manager for controlling access of the application to functions through the application interface. Methods can include downloading into the apparatus an object containing access permissions applicable to at least one function; verifying the object; and installing the access permissions together with the existing permissions.

16 Citations

View as Search Results

35 Claims

1. A method of providing a dynamic security management in an apparatus, the apparatus comprising:
- a platform for running an application;
  
  a security manager for handling access of the application to functions existing in the apparatus;
  
  an application interface between the platform and the application;
  
  a set of access permissions stored in the apparatus and used by the security manager for controlling access of the application to functions through the application interface the method comprising;
  
  configuring at least one processor to perform the functions of;
  
  downloading into the apparatus an object containing additional access permissions and other permission information to be associated with security policy contained in the downloaded object as well as access permissions already existing in the apparatus, wherein the permissions are applicable to at least one function, the object comprising new routines and/or new functions;
  
  verifying the object and the associated permissions linked to the existing access permissions;
  
  providing the security with a hierarchical structure including the access permissions in the security policy and the object containing additional access permissions and other permission information; and
  
  installing the access permissions together with the existing permissions, the object enhancing the application interface with the new routines and/or new functions.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. A method according to claim 1, wherein the object is verified by checking a certificate chain of the object.
  - 3. A method according to claim 1-further comprising verifying that a policy of the function allows updates.
  - 4. A method according claim 1, further comprising installing a library comprising new routines and/or new functions to be called by an application or another library stored in the apparatus to enable access of functions through the application interface.
  - 5. A method according to claim 4, wherein the new routines and/or new functions can access existing functions through the library.
  - 6. A method according to claim 5, wherein the security manger, when accessing functions, recursively checks the permissions of the application interfaces and libraries in a linked chain related to the called functions.
  - 7. A method according to claim 1, further comprising installing a new function so that the new function can access existing functions through the application interface.
  - 8. A method according to claim 7, wherein the new functions can access existing functions through a library.
  - 9. A method according claim 1, wherein the access permissions are contained in a policy file.
  - 10. A method according to claim 9. wherein the policy file has a structure linking access levels of existing functions with a domain associated with the downloaded object.
  - 11. A method according to claim 9, wherein the policy file has a structure linking access levels of existing functions with information contained in a certificate chain.
  - 12. A method according to claim 11, wherein the information includes a signature of the end entity certificate, a signature of an intermediate certificate, or specific level information (level OID).
  - 13. A method according to claim 10, wherein the policy file has a structure including logical expressions.

14. A method of providing a dynamic security management in an apparatus, the apparatus comprising:
- a platform for running an application;
  
  a security manager for handling access of the application to functions existing in the apparatus;
  
  an application interface between the platform and the application;
  
  a set of access permissions stored in the apparatus and used by the security manager for controlling access of the application to functions through the application interface, the method comprising;
  
  configuring at least one processor to perform the functions of;
  
  storing the access permissions in a security policy;
  
  downloading into the apparatus an object containing additional access permissions and other permission information to be associated with security policy contained in the downloaded object as well as the access permissions already existing in the security policy, wherein the permissions are applicable to at least one function and the object includes new routines and/or new functions;
  
  verifying the object and the associated permissions linked to the existing access permissions;
  
  providing the security policy with a hierarchical structure including the access permissions in the security policy and the object containing additional access permissions and other permission information so that the object enhances the application interface with the new routines and/or new functions; and
  
  installing the access permissions together with the existing permissions.
- View Dependent Claims (15, 16, 17)
- - 15. A method according to claim 14, wherein the security policy has a structure linking access levels of existing functions with a domain associated with the downloaded object.
  - 16. A method according to claim 15, wherein the security policy has a structure linking access levels of existing functions with information contained in a certificate chain.
  - 17. A method according to claim 16, wherein the information includes a signature of the end entity certificate, a signature of an intermediate certificate, or specific level information (level OID).

18. An apparatus with dynamic security management comprising:
- a platform for running an application;
  
  a security manager for handling access of the application to functions existing in the apparatus;
  
  an application interface between the platform and the application;
  
  a set of access permissions stored in the apparatus and used by the security manager for controlling access of the application to functions through the application interface wherein the apparatus is configured to download an object containing additional access permissions and other permission information to be associated with security policy contained in the downloaded objects as well as access permissions already existing in the apparatus, wherein the permissions are applicable to at least one function, the object comprising new routines and/or new functions;
  
  to verify the object and the associated permissions linked to the existing access permissions;
  
  to provide the security policy with a hierarchical structure including the access permissions in the security policy and the object containing additional access permissions and other permission information; and
  
  to install the access permissions together with the existing permissions, the object enhancing the application interface with the new routines and/or new functions.
- View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31)
- - 19. An apparatus according to claim 18, wherein the security manager is configured to verify the object by checking a certificate chain of the object.
  - 20. An apparatus according to claim 18 wherein the security manager is configured to verify that a policy of the function allows updates.
  - 21. An apparatus according to claim 18, wherein the apparatus is configured to install a library comprising new routines and/or new functions to be called by an application or another library stored in the apparatus to enable access of functions through the application interface.
  - 22. An apparatus according to claim 21, wherein the new routines and/or new functions can access existing functions through the library.
  - 23. An apparatus according to claim 22, wherein the security manger, when accessing functions, is configured to recursively check the permissions of the application interfaces and libraries in a linked chain related to the called functions.
  - 24. An apparatus according claim 18, wherein the apparatus is configured to install a new function so that the new function can access existing functions through the application interface.
  - 25. An apparatus according to claim 24, wherein the new functions can access existing functions through a library.
  - 26. An apparatus according to claim 18, wherein the access permissions are contained in a policy file.
  - 27. An apparatus according to claim 26, Previously Presented wherein the policy file has a structure linking access levels of existing functions with a domain associated with the downloaded object.
  - 28. An apparatus according to claim 26, wherein the policy file has a structure linking access levels of existing functions with information contained in a certificate chain.
  - 29. An apparatus according to claim 28, wherein the information includes a signature of the end entity certificate, a signature of an intermediate certificate, or specific level information (level OID).
  - 30. An apparatus according to claim 28, wherein the policy file has a structure including logical expressions.
  - 31. An apparatus according to claim 18, wherein the apparatus is a portable telephone, a pager, a communicator, a smart phone, or an electronic organiser.

32. An apparatus for providing a dynamic security management comprising:
- a platform for running an application;
  
  a security manager for handling access of the application to functions existing in the apparatus;
  
  an application interface between the platform and the application;
  
  a set of access permissions stored in the apparatus and used by the security manager for controlling access of the application to functions through the application interface, wherein the apparatus is configured to download an object containing additional access permissions to be associated with security policy contained in the downloaded objects as well as access permissions already existing in the apparatus, wherein the permissions are applicable to at least one function, said object comprising new routines and/or new functions;
  
  to verify the object and the associated permissions linked to the existing access permissions;
  
  to provide the security policy with a hierarchical structure including the access permissions in the security policy and the object containing additional access permissions and other permission information; and
  
  to install the access permissions together with the existing permissions;
  
  said object enhancing the application interface with the new routines and/or new functions.
- View Dependent Claims (33, 34, 35)
- - 33. An apparatus according to claim 32, wherein the security policy has a structure linking access levels of existing functions with a domain associated with the downloaded object.
  - 34. An apparatus according to claim 33, wherein the security policy has a structure linking access levels of existing functions with information contained in a certificate chain.
  - 35. An apparatus according to claim 34, wherein the information includes a signature of the end entity certificate, a signature of an intermediate certificate, or specific level information (level OID).

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Sony Corporation (Sony Group Corp.)
Original Assignee
Sony Ericsson Mobile Communications USA Incorporated (Sony Group Corp.)
Inventors
Andersson, Stefan, Aronsson, Par-Anders
Primary Examiner(s)
Chai; Longbit

Application Number

US10/589,171
Publication Number

US 20080244685A1
Time in Patent Office

1,911 Days
Field of Search

726/1
US Class Current

726/1
CPC Class Codes

G06F 21/53   by executing in a restricte...

H04L 63/0823   using certificates cryptogr...

H04L 63/102   Entity profiles

H04L 63/105   Multiple levels of security

H04L 67/34   involving the movement of s...

H04L 69/329   in the application layer [O...

H04W 12/08   Access security

H04W 12/37   Managing security policies ...

Method and apparatus for providing dynamic security management

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

16 Citations

35 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for providing dynamic security management

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

16 Citations

35 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links