Mobile terminal, access control management device, and access control management method

US 8,135,385 B2
Filed: 10/13/2006
Issued: 03/13/2012
Est. Priority Date: 10/13/2005
Status: Expired due to Fees

First Claim

Patent Images

1. A mobile terminal, comprising:

an application execution unit configured to execute an application program;

an access control rule management unit configured to retain an access control rule defining whether the application program has an access authorization to a confidential resource in the mobile terminal and a determining unit;

an access control rule query unit configured to acquire, from an external device, the access control rule by designating at least one of an identifier of a user identity module installed in the mobile terminal and an identifier of the mobile terminal, and to retain the acquired access control rule in the access control management unit;

a query requirement determination unit configured to determine whether to update the access control rule when the application program accesses to the confidential resource, and to update the access control rule;

an authorization management unit configured to determine whether the application program has the access authorization based on the access control rule; and

a confidential resource management unit configured to determine whether to permit an access request to the confidential resource by the application program, based on a result of the determination of the authorization management unit;

whereinthe query requirement determination unit is configured to add, to the access control rule, at least one of a user authentication command, a lock command, and a deletion command for deleting confidential data and to update the access control rule when the mobile terminal is out of service for a certain period or more.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A mobile terminal (200) comprises an application execution unit (240) configured to execute an application program; an access control rule management unit (270) configured to retain an access control rule defining whether the application program has an access authorization to a confidential resource in the mobile terminal and a determining unit; an access control rule query unit (220) configured to acquire, from an external device, the access control rule by designating at least one of an identifier of a user identity module installed in the mobile terminal and an identifier of the mobile terminal, and to retain the acquired access control rule in the access control management unit; a query requirement determination unit (260) configured to determine whether to update the access control rule when the application program makes an access to the confidential resource, and to update the access control rule; an authorization management unit (230) configured to determine whether the application program has the access authorization based on the access control rule; and a confidential resource management unit (250) configured to determine whether to permit an access request to the confidential resource by the application program, based on a result of the determination of the authorization management unit (230).

29 Citations

View as Search Results

11 Claims

1. A mobile terminal, comprising:
- an application execution unit configured to execute an application program;
  
  an access control rule management unit configured to retain an access control rule defining whether the application program has an access authorization to a confidential resource in the mobile terminal and a determining unit;
  
  an access control rule query unit configured to acquire, from an external device, the access control rule by designating at least one of an identifier of a user identity module installed in the mobile terminal and an identifier of the mobile terminal, and to retain the acquired access control rule in the access control management unit;
  
  a query requirement determination unit configured to determine whether to update the access control rule when the application program accesses to the confidential resource, and to update the access control rule;
  
  an authorization management unit configured to determine whether the application program has the access authorization based on the access control rule; and
  
  a confidential resource management unit configured to determine whether to permit an access request to the confidential resource by the application program, based on a result of the determination of the authorization management unit;
  
  whereinthe query requirement determination unit is configured to add, to the access control rule, at least one of a user authentication command, a lock command, and a deletion command for deleting confidential data and to update the access control rule when the mobile terminal is out of service for a certain period or more.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The mobile terminal according to claim 1, whereinthe query requirement determination unit comprisesa cache control unit configured to check an expiration date set in the access control rule, and to call the access control rule query unit when the expiration date has expired.
  - 3. The mobile terminal according to claim 2, whereinthe query requirement determination unit is configured to update so as to release the user authentication command in the access control rule for a certain period, when a user authentication is successful in the authorization management unit.
  - 4. The mobile terminal according to claim 1, whereinthe authorization management unit comprisesa log transmission unit configured to record a log of the access to the confidential resource and to transmit the log to the external device.
  - 5. The mobile terminal according to claim 1, whereinthe confidential resource management unit comprisesa confidential data deletion unit configured to delete confidential data, when a deletion command for deleting the confidential data is included in the access control rule acquired by the access control rule query unit, andthe query requirement determination unit is configured to add, to the access control rule, the deletion command of the confidential data and to update the access control rule, when the user authentication is unsuccessful.
  - 6. The mobile terminal according to claim 1, whereinthe access control rule query unit is configured to acquire, from an access control management device, the access control rule by designating the identifier of the mobile terminal, when an access to a confidential resource associated with a specific user identity module is made in a state where the specific user identity module is not installed in the mobile terminal.

7. An access control management device, comprising:
- a user management unit configured to retain user information of a mobile terminal and an access control rule to be given to the mobile terminal;
  
  a user authentication unit configured to perform a user authentication;
  
  an access control rule response unit configured to respond with the access control rule of the mobile terminal to an inquiry from the mobile terminal, the inquiry including a designation of at least one of an identifier of a user identity module installed in the mobile terminal and an identifier of the mobile terminal;
  
  an access control request reception unit configured to receive, from a user, a registration request of the access control rule or a change request of the access control rule, the access control rule being for a mobile terminal or a plurality of mobile terminals;
  
  an access control rule verification management unit configured to manage a verification rule for verifying the registration request or the change request; and
  
  an access control rule verification unit configured to verify, according to the verification rule, the registration request or the change request; and
  
  a query requirement determination unit configured to add, to the access control rule, at least one of a user authentication command, a lock command, and a deletion command for deleting confidential data and to update the access control rule when the mobile terminal is out of service for a certain period or more.
- View Dependent Claims (8, 9, 10)
- - 8. The access control management device according to claim 7, wherein the access control request reception unit is configured to receive the registration request or the change request, which includes an expiration date.
  - 9. The access control management device according to claim 7, whereinthe access control rule response unit comprisesa push transmission unit configured to push-transmit the access control rule to the mobile terminal, when a push request is included in the registration request of the access control rule or the change request of the access control rule.
  - 10. The access control management device according to claim 7, whereinthe access control rule verification unit comprisesa log verification unit configured to receive an access control log from the mobile terminal and to verify the access control log.

11. An access control management method for limiting an access to a confidential resource in a mobile terminal by an application program, comprising:
- determining whether to update an access control rule when the application program make the access to the confidential resource, the access control rule defining whether the application program has an access authorization to the confidential resource in the mobile terminal and a determining unit;
  
  acquiring, from an external device, the access control rule by designating at least one of an identifier of a user identity module installed in the mobile terminal and an identifier of the mobile terminal, and retaining the acquired access control rule;
  
  determining whether the application program has the access authorization based on the access control rule;
  
  responding to an access request based on a result of the determination;
  
  adding, to the access control rule, at least one of a user authentication command, a lock command, and a deletion command for deleting confidential data; and
  
  updating the access control rule when the mobile terminal is out of service for a certain period or more.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
NTT Docomo Incorporated (Nippon Telegraph and Telephone Corporation)
Original Assignee
NTT Docomo Incorporated (Nippon Telegraph and Telephone Corporation)
Inventors
Ohta, Ken, Yoshikawa, Takashi, Kinno, Akira, Inamura, Hiroshi
Primary Examiner(s)
RAMPURIA, SHARAD K

Application Number

US12/089,936
Publication Number

US 20090221266A1
Time in Patent Office

1,978 Days
Field of Search

455410-411, 4554141-4144, 455418-420
US Class Current

455/411
CPC Class Codes

G06F 21/604   Tools and structures for ma...

G06F 21/629   to features or functions of...

G06F 21/74   operating in dual or compar...

G06F 21/88   Detecting or preventing the...

G06F 2221/2101   Auditing as a secondary aspect

G06F 2221/2105   Dual mode as a secondary as...

G06F 2221/2117   User registration

G06F 2221/2129   Authenticate client device ...

G06F 2221/2137   Time limited access, e.g. t...

G06F 2221/2141   Access rights, e.g. capabil...

G06F 2221/2143   Clearing memory, e.g. to pr...

G06F 2221/2151   Time stamp

G06F 2221/2153   Using hardware token as a s...

H04L 63/102   Entity profiles

H04W 12/06   Authentication

H04W 12/082   using revocation of authori...

H04W 12/126   Anti-theft arrangements, e....

Mobile terminal, access control management device, and access control management method

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

29 Citations

11 Claims

Specification

Solutions

Use Cases

Quick Links

Mobile terminal, access control management device, and access control management method

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

29 Citations

11 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links