Secure mobile wireless device

US 7,882,352 B2
Filed: 05/28/2003
Issued: 02/01/2011
Est. Priority Date: 05/28/2002
Status: Active Grant

First Claim

Patent Images

1. An apparatus comprising at least one processor and a memory storing installed native executable code, the apparatus further comprising:

a plurality of protected resources stored on said apparatus;

a plurality of servers; and

a trusted computing base having a kernel;

whereinaccess to each said protected resource is provided by a corresponding server;

the native executable code is assigned a set of capabilities which define the protected resource(s) on the apparatus which the native executable code can access;

said corresponding servers are configured, with the at least one processor, to police access to said protected resource(s) on the basis of the capabilities assigned to the native executable code;

the capabilities are stored in a location in the memory that is only accessible to the trusted computing base, wherein prior to install time, the executable code already contains the capabilities it has been granted, and wherein a loader is configured to refuse to load executables not permanently stored in the location in the memory which is only accessible to the trusted computing base; and

the kernel is configured, for each client-server communication, to pass the client capabilities to said servers.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A secure mobile wireless device in which executable code to be installed on the device is assigned a set of capabilities which define the protected resource(s) on the device which it can access. Hence, the present invention takes the idea of capabilities (known in the context of defining the capabilities or access privileges of different users in a multi-user system) and applies it to defining the capabilities or access privileges of different native executable code for secure, single-user mobile wireless devices.

48 Citations

View as Search Results

18 Claims

1. An apparatus comprising at least one processor and a memory storing installed native executable code, the apparatus further comprising:
- a plurality of protected resources stored on said apparatus;
  
  a plurality of servers; and
  
  a trusted computing base having a kernel;
  
  whereinaccess to each said protected resource is provided by a corresponding server;
  
  the native executable code is assigned a set of capabilities which define the protected resource(s) on the apparatus which the native executable code can access;
  
  said corresponding servers are configured, with the at least one processor, to police access to said protected resource(s) on the basis of the capabilities assigned to the native executable code;
  
  the capabilities are stored in a location in the memory that is only accessible to the trusted computing base, wherein prior to install time, the executable code already contains the capabilities it has been granted, and wherein a loader is configured to refuse to load executables not permanently stored in the location in the memory which is only accessible to the trusted computing base; and
  
  the kernel is configured, for each client-server communication, to pass the client capabilities to said servers.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The apparatus of claim 1 in which one of said capabilities grants access to a specific Application Programming Interface (API) (or range of APIs), file or other operating system protected resource(s).
  - 3. The apparatus of claim 1 in which the executable code is permanently stored in the location in the memory which is only accessible to the trusted computing base to preserve the integrity of the capabilities assigned to the executable code.
  - 4. The apparatus of claim 3 in which a loader is configured to refuse to load executables not permanently stored in the location in the memory which is only accessible to the trusted computing base, to preserve the integrity of the system.
  - 5. The apparatus of claim 1 in which said capabilities include system capabilities which are mandatory and control access to the kernel, file system and system data.
  - 6. The apparatus of claim 1 in which, for a library to be loaded in an executable, the loader is configured to verify that the library is assigned a superset of the capabilities granted to the requesting executable.
  - 7. The apparatus of claim 1 in which a capability is selected from a list of capabilities which comprise root capabilities, system capabilities and user-exposed capabilities.
  - 8. The apparatus of claim 7 in which the user-exposed capabilities allow the following functions:
    - (a) can spend subscribers money by using the phone network;
      
      (b) can read users private information;
      
      (c) can modify users private information;
      
      (d) can send information to a local network without spending subscribers money;
      
      (e) can know the device location.
  - 9. The apparatus of claim 1 in which one of the servers comprises the kernel.

10. A method comprising:
- providing access to each of a plurality of protected resources stored on a device by a corresponding server, the corresponding server being one of a plurality of servers of the device;
  
  assigning native executable code a set of capabilities which define the protected resource(s) on the device which the native executable code can access;
  
  causing storage of the capabilities in a location that is only accessible to a trusted computing base having a kernel, wherein prior to install time, the executable code already contains the capabilities it has been granted, and wherein a loader is configured to refuse to load executables not permanently stored in the location which is only accessible to the trusted computing base; and
  
  policing, by a processor, access to said protected resources at said corresponding servers on the basis of the capabilities assigned to the native executable code;
  
  wherein for each client-server communication, the kernel passes the client capabilities to said server.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The method of claim 10, wherein one of said capabilities grants access to a specific Application Programming Interface (API) (or range of APIs), file or other operating system protected resource(s).
  - 12. The method of claim 10, wherein the executable code is permanently stored in the location which is only accessible to the trusted computing base to preserve the integrity of the capabilities assigned to the executable code.
  - 13. The method of claim 12, wherein the loader is configured to refuse to load executables not permanently stored in the location which is only accessible to the trusted computing base to preserve the integrity of the system.
  - 14. The method of claim 10, wherein the capabilities include system capabilities which are mandatory and control access to the kernel, file system and system data.
  - 15. The method of claim 10, further comprising, in an instance in which an executable has requested to load a library:
    - verifying that the library is assigned a superset of the capabilities granted to the requesting executable; and
      
      only granting the request to load the library in an instance in which the library is assigned a superset of the capabilities granted to the requesting executable.
  - 16. The method of claim 10, in which a capability is selected from a list of capabilities which comprise root capabilities, system capabilities and user-exposed capabilities.
  - 17. The method of claim 16, in which the user-exposed capabilities allow the following functions:
    - (a) can spend subscribers money by using the phone network;
      
      (b) can read users private information;
      
      (c) can modify users private information;
      
      (d) can send information to a local network without spending subscribers money;
      
      (e) can know the device location.
  - 18. The method of claim 10, wherein one of the servers comprises the kernel.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nokia Technologies Oy (Nokia Corporation)
Original Assignee
Nokia Corporation
Inventors
Dive-Reclus, Corinne, May, Dennis, Harris, Jonathan
Primary Examiner(s)
Moazzami; Nasser
Assistant Examiner(s)
Abedin; Shanto M

Application Number

US10/515,740
Publication Number

US 20060053426A1
Time in Patent Office

2,806 Days
Field of Search

719/328, 719/327, 726/16, 726/27, 726/1, 726/22, 726/2, 726/14, 726/26, 717/168, 717/121, 713/187, 713/189, 713/100, 713/167, 713/194, 713/1, 713/152, 713/172, 713/176
US Class Current

713/164
CPC Class Codes

G06F 21/53   by executing in a restricte...

G06F 21/57   Certifying or maintaining t...

G06F 21/6218   to a system of files or obj...

G06F 21/6245   Protecting personal data, e...

G06F 2221/2113   Multi-level security, e.g. ...

G06F 2221/2115   Third party

G06F 2221/2141   Access rights, e.g. capabil...

Secure mobile wireless device

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

48 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Secure mobile wireless device

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

48 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links