Security architecture

US 8,286,221 B2
Filed: 02/07/2006
Issued: 10/09/2012
Est. Priority Date: 06/07/1999
Status: Expired due to Term

First Claim

Patent Images

1. An apparatus comprising:

an interface configured to communicate with at least one device and to receive therefrom requests to access an application;

an arbitration component configured todetermine, before a requesting device has accessed the application, and in response to a request from the requesting device communicating through the interface, whether the requesting device can access the application,access stored trust indications,receive from the interface an indication, originating from the requesting device and identifying the requesting device,grant access to the application without authorization of the requesting device if the requesting device has a stored trust indication associated therewith, andrequire authorization of the requesting device before granting access to the application if the requesting device has no stored trust indication associated therewith; and

a user interface configured to provide authorization.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A device for communicating with other devices to allow them to access applications, comprises: at least a first application; authentication means for authenticating a communicating device; and access control means accessible by a communicating device requesting access to the first application without the communicating device having been authenticated by the authentication means. The device is further arranged to arbitrate whether access of the communicating device to the first application is granted or refused wherein if the arbitration requires an authentication of the communicating device, the access control means instructs the authentication means to authenticate the communicating device.

32 Citations

View as Search Results

24 Claims

1. An apparatus comprising:
- an interface configured to communicate with at least one device and to receive therefrom requests to access an application;
  
  an arbitration component configured todetermine, before a requesting device has accessed the application, and in response to a request from the requesting device communicating through the interface, whether the requesting device can access the application,access stored trust indications,receive from the interface an indication, originating from the requesting device and identifying the requesting device,grant access to the application without authorization of the requesting device if the requesting device has a stored trust indication associated therewith, andrequire authorization of the requesting device before granting access to the application if the requesting device has no stored trust indication associated therewith; and
  
  a user interface configured to provide authorization.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 18, 21)
- - 2. An apparatus as claimed in claim 1, wherein the arbitration component is configured to receive indications originating from the requesting device identifying the requesting device and the application.
  - 3. An apparatus as claimed in claim 1 comprising a plurality of applications, wherein the arbitration component comprises a plurality of arbitration sub-components, and wherein each of the applications is connected to a different one of the sub-components.
  - 4. An apparatus as claimed in claim 3 wherein the plurality of arbitration sub-components are arranged in a hierarchy, wherein a first arbitration sub-component at the lowest level in the hierarchy provides access to at least a second arbitration sub-component and access to one or both of a third arbitration sub-component and an application, wherein access to each application is provided via one or more arbitration sub-components including the first arbitration sub-component and the application'"'"'s connected arbitration sub-component, if different, and wherein any arbitration sub-component is accessible by a requesting device requesting access to one of its connected applications without the requesting device having been authorized, and is arranged, with at least the second arbitration sub-component, to arbitrate whether access of the requesting device to the one connected application is granted or refused, wherein, if the requesting device has a stored trust indication associated therewith no apparatus user authorization is required and if the requesting device has no stored trust indication associated therewith apparatus user authorization is required.
  - 5. An apparatus as claimed in claim 1 having a device database which stores trust indications of different devices.
  - 6. An apparatus as claimed in claim 1 being portable, having a radio transceiver and wherein the user interface comprises a display and a user input device.
  - 7. The apparatus of claim 1, wherein the arbitration component is configured toaccess stored security indications associated with the application and with at least a second application, andrequire apparatus user authorization before granting access to the application if the requesting device has no stored trust indication associated therewith, in dependence upon the stored security indication associated with the application indicating that apparatus user authorization is required before granting untrusted devices access to the application.
  - 8. An apparatus claimed in claim 7 wherein the stored security indications associated with applications are indicative of whether user authorization is or is not required during arbitration, in independence of the identity of the requesting device.
  - 9. An apparatus as claimed in claim 7 wherein the arbitration component is configured to receive indications originating from the requesting device identifying the requesting device and the application.
  - 10. An apparatus as claimed in claim 7 comprising a plurality of applications, wherein the arbitration component comprises a plurality of arbitration sub-components, and wherein each of the applications is connected to a different one of the sub-components.
  - 11. An apparatus as claimed in claim 10 wherein the plurality of arbitration sub-components are arranged in a hierarchy, wherein a first arbitration sub-component at the lowest level in the hierarchy provides access to at least a second arbitration sub-component and access to one or both of a third arbitration sub-component and an application, wherein access to each application is provided via one or more arbitration sub-components including the first arbitration sub-component and the application'"'"'s connected arbitration sub-component, if different, and wherein any arbitration sub-component is accessible by a requesting device requesting access to one of its connected applications without the requesting device having been authorized, and is configured, with at least the second arbitration sub-component, to arbitrate whether access of the requesting device to the one connected application is granted or refused, wherein, if the requesting device has a stored trust indication associated therewith no apparatus user authorization is required and if the requesting device has no stored trust indication associated therewith apparatus user authorization is required in dependence upon the stored security indication associated with the requested application.
  - 12. An apparatus as claimed in claim 7 having a device database which stores trust indications of different devices.
  - 13. An apparatus as claimed in claim 7 having a service database for storing the security indications associated with the application and at least a second application.
  - 14. An apparatus as claimed in claim 7 being portable, having a radio transceiver and wherein the user interface comprises a display and a user input device.
  - 18. The apparatus of claim 1, wherein the arbitration component is configured to perform authentication before granting access to the application when there is no stored trust indication for the requesting device.
  - 21. The apparatus of claim 8, wherein the arbitration component is configured todetermine, in response to a request from an untrusted device communicating through the interface and requesting access to the second application, and based on the stored security indication associated with the second application, that apparatus user authorization is not required for the untrusted device to access the second application, andgrant the untrusted device access to the second application based on the determination that user authorization is not required for untrusted devices to access the second application.

15. A method comprising:
- storing, by an electronic device, at least one trust indication in association with at least one other device;
  
  receiving, by the electronic device and from an interface, an indication originating from a requesting device and identifying the requesting device; and
  
  determining, by the electronic device and before access to an application is established, whether the requesting device can access the application, the determining including determining whether there is a stored trust indication associated with the requesting device; and
  
  performing one of the following;
  
  granting access to the application without authorization of the requesting device based on the presence of a stored trust indication associated with the requesting device;
  
  orrequiring authorization of the requesting device before granting access to the application based on the absence of a stored trust indication associated with the requesting device.
- View Dependent Claims (16, 17, 22, 23, 24)
- - 16. A method as claimed in claim 15, wherein the indication originating from the requesting device further identifies the application.
  - 17. The method of claim 15, further comprising:
    - storing, by the electronic device, security indications associated with the application and at least a second application, the security indication associated with the second application indicating that electronic device user authorization is not required for untrusted devices to access the second application;
      
      determining that electronic device user authorization is required before granting untrusted devices access to the application, and wherein the performing comprises requiring electronic device user authorization before granting access to the application based on the absence of a stored trust indication associated with the requesting device and based on the determining that electronic device user authorization is required before granting untrusted devices access to the application.
  - 22. The method of claim 17, further comprising:
    - determining, in response to a request from an untrusted requesting device communicating through the interface and requesting access to the second application, and based on the stored security indication associated with the second application, that electronic device user authorization is not required for the untrusted device to access the second application, andgranting the untrusted device access to the second application based on the determination that electronic device user authorization is not required.
  - 23. The method of claim 15, whereinstoring at least one trust indication comprises storing at least one trust indication associated with the requesting device, andthe performing comprises granting access to the application without authorization of the requesting device based on the presence of a stored trust indication associated with the requesting device.
  - 24. The method of claim 15, wherein the performing comprises requiring authorization of the requesting device before granting access to the application based on the absence of a stored trust indication associated with the requesting device.

19. An apparatus comprising:
- at least one controller; and
  
  at least one memory having stored therein machine executable instructions, the at least one memory and stored instructions configured to, with the at least one controller, cause the apparatus to;
  
  determine, before a requesting device has accessed an application, and in response to a request from the requesting device communicating through an interface, whether the requesting device can access the application,access stored trust indications,receive from the interface an indication, originating from the requesting device, identifying the requesting device,grant access to the application without authorization of the requesting device if a stored trust indication is associated with the requesting device, andrequire authorization of the requesting device before granting access to the application if none of the stored trust indications is associated with the requesting device.
- View Dependent Claims (20)
- - 20. The apparatus of claim 19, wherein the at least one memory and stored instructions are configured to, with the at least one controller, cause the apparatus to:
    - receive indications originating from the requesting device identifying the requesting device and the application.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nokia Technologies Oy (Nokia Corporation)
Original Assignee
Nokia Corporation
Inventors
Muller, Thomas, Roter, Martin
Primary Examiner(s)
ZIA, SYED

Application Number

US11/275,964
Publication Number

US 20060143466A1
Time in Patent Office

2,436 Days
Field of Search

None
US Class Current

726/2
CPC Class Codes

H04L 63/0428   wherein the data content is...

H04L 63/08   for authentication of entit...

H04L 63/162   at the data link layer

H04W 12/068   using credential vaults, e....

H04W 88/18   Service support devices; Ne...

Security architecture

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

32 Citations

24 Claims

Specification

Use Cases

Quick Links

Others

Security architecture

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

32 Citations

24 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others