Apparatus and methods for secure architectures in wireless networks

US 8,320,880 B2
Filed: 05/19/2006
Issued: 11/27/2012
Est. Priority Date: 07/20/2005
Status: Active Grant

First Claim

Patent Images

1. A method for securely exchanging information, comprising:

authenticating, at a wireless device, an identity of a client application resident on the wireless device based upon a request by the client application to access a device resource on the wireless device, wherein the request is based on a remotely received information retrieval configuration, the remotely received information retrieval configuration being distinct from the client application; and

providing the client application with access to a predetermined portion of the device resource based upon a result of the authentication.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Apparatus, methods, computer readable media and processors may provide a secure architecture within which a client application on a wireless device may, in some aspects, exchange information securely with resident device resources, and in other aspects, with a remote server over a wireless network.

28 Citations

View as Search Results

27 Claims

1. A method for securely exchanging information, comprising:
- authenticating, at a wireless device, an identity of a client application resident on the wireless device based upon a request by the client application to access a device resource on the wireless device, wherein the request is based on a remotely received information retrieval configuration, the remotely received information retrieval configuration being distinct from the client application; and
  
  providing the client application with access to a predetermined portion of the device resource based upon a result of the authentication.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1, wherein authenticating the identity of the client application further comprising receiving an access request comprising a security mechanism, and wherein providing the client application with access to a predetermined portion of the device resource further comprises providing access to a predetermined one of a plurality of portions of the device resource based on at least one of the security mechanism and the authenticated identity.
  - 3. The method of claim 1, receiving a predetermined authentication procedure from a remote device affiliated with the wireless device, wherein authenticating the identity of the client application further comprises authenticating based on the predetermined authentication procedure.
  - 4. The method of claim 1, wherein authenticating the identity of the client application further comprises:
    - receiving a request for access to the device resource, the request for access comprising a first authentication mechanism;
      
      generating a second authentication mechanism based on a known, authenticated security mechanism; and
      
      authenticating the client application if the first authentication mechanism matches the second authentication mechanism.
  - 5. The method of claim 1, wherein the request comprises a security mechanism, and wherein providing the client application with access to a predetermined portion of the device resource further comprises mapping the client application to the predetermined portion of access to the device resource based on the security mechanism.
  - 6. The method of claim 1, further comprising denying resource access to an authenticated client application based upon a period of non-activity of the client application.
  - 7. The method of claim 1, further comprising denying resource access to an authenticated client application based upon an improper attempted access level.
  - 8. The method of claim 1, further comprising receiving secure data over a wireless network, including:
    - establishing a connection with a remote device over a wireless network;
      
      transmitting authenticating information to the remote device, the remote device operable to authenticate the wireless device based upon the authenticating information;
      
      setting up an encryption protocol with the remote device;
      
      receiving encrypted data from the remote device based on the encryption protocol; and
      
      decrypting the encrypted data.
  - 9. The method of claim 8, wherein setting up an encryption protocol with the remote device includes generating a session key and transmitting an encrypted session key using public key encryption.
  - 10. The method of claim 9, wherein decrypting the encrypted data includes decrypting the encrypted data using the generated session key.
  - 11. The method of claim 1, further comprising collecting information from the predetermined portion of the device resource based on the information retrieval configuration.
  - 12. The method of claim 1, further comprising transmitting the collected information over a wireless network to a remote device associated with the configuration.
  - 13. The method of claim 11, wherein the collected information comprises at least one of wireless device-related data and network-related data.

14. A method for securely exchanging information, comprising:
- authenticating an identity of a client application resident on the wireless device based upon a request by the client application to access a device resource on the wireless device, wherein the request is based on a remotely received information retrieval configuration; and
  
  providing the client application with access to a predetermined portion of the device resource based upon a result of the authentication,wherein authenticating the identity of the client application comprises;
  
  receiving a random message from the client application comprising a request for a specific access level;
  
  receiving an application message digest transmitted by the client application, the application message digest comprising a result of the client application applying a first security mechanism to the random message;
  
  generating a device message digest, the device message digest comprising a result of the wireless device applying a second security mechanism to the received random message, the second security mechanism comprising a predetermined authentication security mechanism; and
  
  authenticating the client application if the application message digest matches the device message digest.

15. A non-transitory machine-readable medium comprising instructions which, when executed by a machine, cause the machine to perform operations comprising:
- authenticating an identity of a client application resident on a wireless device based upon a request by the client application to access a device resource on the wireless device, wherein the request is based on a remotely received information retrieval configuration, the remotely received information retrieval configuration being distinct from the client application; and
  
  providing the client application with access to a predetermined portion of the device resource based upon a result of the authentication.

16. At least one processor configured to perform the actions of:
- authenticating an identity of a client application resident on a wireless device based upon a request by the client application to access a device resource on the wireless device, wherein the request is based on a remotely received information retrieval configuration, the remotely received information retrieval configuration being distinct from the client application; and
  
  providing the client application with access to a predetermined portion of the device resource based upon a result of the authentication.

17. A wireless device, comprising:
- means for authenticating an identity of a client application resident on the wireless device based upon a request by the client application to access a device resource on the wireless device, wherein the request is based on a remotely received information retrieval configuration, the remotely received information retrieval configuration being distinct from the client application; and
  
  means for providing the client application with access to a predetermined portion of the device resource based upon a result of the authentication.

18. A wireless communication device, comprising:
- a non-transitory device resource comprising at least one of device-related data or network-related data; and
  
  a non-transitory resource interface module operable to receive an access request for access to the device resource, wherein the access request is based on a remotely received information retrieval configuration, wherein the access request comprises a client application module identification and a security mechanism, wherein the remotely received information retrieval configuration is distinct from the client application module identified by the client application module identification, the resource interface module operable to authenticate the client application module identification and a corresponding predetermined access level to the device resource based on the security mechanism.
- View Dependent Claims (19, 20, 21, 22, 23)
- - 19. The device of claim 18, wherein the resource interface module comprises a mapping of the client application module identification to the predetermined access level to the device resource.
  - 20. The device of claim 18, further comprising a non-transitory client application module for retrieving at least one of the device-related data or the network-related data, the client application module comprising the security mechanism operable to authenticate and provide access to the device resource, the client application operable to generate the access request.
  - 21. The device of claim 20, the client application module further comprising the configuration operable to direct the client application module to collect at least one of the device-related data or the network-related data.
  - 22. The device of claim 20, the client application module further comprising an external interface security procedure operable to authenticate an external device to the client application based on predetermined security procedures established by a remote device affiliated with the wireless communication device.
  - 23. The device of claim 22, the client application module further comprising an external security mechanism operable to establish a secure communication with the external device.

24. A non-transitory computer program product residing on a non-transitory processor-readable medium and comprising instructions configured to cause a processor to:
- authenticate identity information of a client application resident on a wireless device based upon a request by the client application to access a device resource on the wireless device, wherein the request is based on a remotely received information retrieval configuration, wherein the identity information is resident on the wireless device independent of the request, and wherein the remotely received information retrieval configuration is distinct from the client application; and
  
  provide the client application with access to a predetermined portion of the device resource based upon a result of the authentication.
- View Dependent Claims (25, 26, 27)
- - 25. The computer program product of claim 24, wherein the instructions configured to cause the processor to authenticate the identity of the client application comprise instructions configured to cause the processor to receive an access request comprising a security mechanism, and wherein the instructions configured to cause the processor to provide the client application with access to a predetermined portion of the device resource comprise instructions configured to cause the processor to provide access to a predetermined one of a plurality of portions of the device resource based on at least one of the security mechanism and the authenticated identity.
  - 26. The computer program product of claim 24, further comprising instructions configured to cause the processor to receive a predetermined authentication procedure from a remote device affiliated with the wireless device, wherein the instructions configured to cause the processor to authenticate the identity of the client application comprise instructions configured to cause the processor to authenticate based on the predetermined authentication procedure.
  - 27. The computer program product of claim 24, wherein the instructions configured to cause the processor to authenticate the identity of the client application further comprise instructions configured to cause the processor to:
    - receive a request for access to the device resource, the request for access comprising a first authentication mechanism;
      
      generate a second authentication mechanism based on a known, authenticated security mechanism; and
      
      authenticate the client application if the first authentication mechanism matches the second authentication mechanism.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Qualcomm, Inc.
Original Assignee
Qualcomm, Inc.
Inventors
Fok, Kenny, Yip, Eric Chi Chung
Primary Examiner(s)
AJIBADE AKONAI, OLUMIDE

Application Number

US11/438,512
Publication Number

US 20070190977A1
Time in Patent Office

2,384 Days
Field of Search

455/410, 455/411, 455/418, 455/419, 455/466, 455/423, 455/425, 455/550.1, 455/551, 455/558, 713/150, 713/151, 713/152, 713/153, 713/162, 713/164, 713/168, 713/169, 713/170, 713/171, 713/182, 713/154, 713/155, 713/201, 380/247, 380/248, 380/249, 380/250, 380/270, 380277-285, 235/380
US Class Current

455/411
CPC Class Codes

G06F 21/445   by mutual authentication, e...

H04W 12/04   Key management, e.g. using ...

H04W 12/069   using certificates or pre-s...

H04W 12/122   Counter-measures against at...

H04W 88/02   Terminal devices

Apparatus and methods for secure architectures in wireless networks

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

28 Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

Apparatus and methods for secure architectures in wireless networks

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

28 Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links