System for enforcing security policies on mobile communications devices
First Claim
1. A system for enforcing security policies on mobile communications devices, the mobile communications devices being adapted to be used in a mobile communications network in operative association with a subscriber identity module, the system having a client-server architecture and comprising:
- a server including a computer operated by a mobile communications network operator; and
a client resident on a mobile communications device on which security policies are to be enforced,wherein said server is adapted to;
determine security policies to be applied on said mobile communications device;
send thereto a security policy to be applied; and
send to the client a policy apply message instructing the client to apply a specified security policy already stored in the client,the server comprising a server authentication function adapted to authenticate the security policy to be sent to the mobile communications device; and
wherein the mobile communication device, when instructed by said client, is adapted to;
receive the security policy to be applied from the server;
assess authenticity of the security policy received from the server by exploiting a client authentication function resident on the subscriber identity module; and
apply the received security policy;
the mobile communication device further comprising;
an interface component, which, when the subscriber identity module is executed by the mobile communications device, interacts with the subscriber identity module;
the interface component invoking the client authentication function on the subscriber identity module when the client receives the security policy; and
the client authentication function resident on the subscriber identity module calculating authentication information on the security policy received from the server; and
a manager module, upon receipt from the server of the policy apply message, causes the client to;
invoke the client authentication function for assessing an integrity of the identified security policy by exploiting the authentication information; and
pass the specified security policy to an enforcer module for applying the specified security policy.
1 Assignment
0 Petitions
Accused Products
Abstract
A system for enforcing security policies on mobile communications devices is adapted to be used in a mobile communications network in operative association with a subscriber identity module. The system having a client-server architecture includes a server operated by a mobile communications network operator and a client resident on a mobile communications device on which security policies are to be enforced. The server is adapted to determine security policies to be applied on said mobile communications device, and to send thereto a security policy to be applied. The client is adapted to receive the security policy to be applied from the server, and to apply the received security policy. The server includes a server authentication function adapted to authenticate the security policy to be sent to the mobile communications device; the client is further adapted to assess authenticity of the security policy received from the server by exploiting a client authentication function resident on the subscriber identity module.
-
Citations
24 Claims
-
1. A system for enforcing security policies on mobile communications devices, the mobile communications devices being adapted to be used in a mobile communications network in operative association with a subscriber identity module, the system having a client-server architecture and comprising:
-
a server including a computer operated by a mobile communications network operator; and a client resident on a mobile communications device on which security policies are to be enforced, wherein said server is adapted to; determine security policies to be applied on said mobile communications device; send thereto a security policy to be applied; and send to the client a policy apply message instructing the client to apply a specified security policy already stored in the client, the server comprising a server authentication function adapted to authenticate the security policy to be sent to the mobile communications device; and wherein the mobile communication device, when instructed by said client, is adapted to;
receive the security policy to be applied from the server;assess authenticity of the security policy received from the server by exploiting a client authentication function resident on the subscriber identity module; and apply the received security policy; the mobile communication device further comprising; an interface component, which, when the subscriber identity module is executed by the mobile communications device, interacts with the subscriber identity module; the interface component invoking the client authentication function on the subscriber identity module when the client receives the security policy; and the client authentication function resident on the subscriber identity module calculating authentication information on the security policy received from the server; and a manager module, upon receipt from the server of the policy apply message, causes the client to; invoke the client authentication function for assessing an integrity of the identified security policy by exploiting the authentication information; and pass the specified security policy to an enforcer module for applying the specified security policy. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
-
-
22. A method of enforcing security policies on mobile communications devices, wherein the mobile communications devices are adapted to be used in a mobile communications network in operative association with a subscriber identity module, comprising:
-
determining, by a server of the mobile communications network, a security policy to be applied on a mobile communications device, and sending the security policy to the mobile communications device; and receiving, by the mobile communications device, the security policy and enforcing the security policy; said sending the security policy comprising authenticating the security policy to be sent to the mobile communications device; and receiving the security policy and enforcing the security policy comprising; interacting, by an interface component of the mobile communications device, with a subscriber identity module; and invoking, by the interface component of the mobile communications device, a client authentication function on the subscriber identity module when the mobile communications device receives the security policy to calculate authentication information on the security policy received from the server; and the method further comprising; sending, by the server to the mobile communication device, a policy apply message instructing the mobile communication device to apply a specified security policy already stored thereon; invoking, by the mobile communication device, the client authentication function for assessing an integrity of the identified security policy by exploiting the authentication information; and passing, by the mobile communication device, the specified security policy to an enforcer module for applying the specified security policy.
-
-
23. A non-transitory computer-readable medium comprising instructions, which when executed by a mobile communications device, cause the mobile communications advice to perform a method comprising:
-
receiving from a server of a mobile communications network a security policy to be enforced on the mobile communications device; executing an interface component of a manager module to interact with a subscriber identity module associated with the mobile communications network, the subscriber identity module providing an identification of the mobile communications device with the mobile communications network; invoking through the interface component of the manager module a client authentication function on the subscriber identity module to calculate authentication information on the security policy, received from the server; assessing an authenticity of the security policy through the client authentication function on the subscriber identity module; and applying the authenticated security policy; and the method further comprising; receiving a policy apply message instructing the mobile communication device to apply a specified security policy already stored thereon; invoking the client authentication function for assessing an integrity of the identified security policy by exploiting the authentication information; and passing the specified security policy to an enforcer module for applying the specified security policy.
-
-
24. A non-transitory computer-readable medium comprising instructions, which when executed by a subscriber identity module associated with a mobile communication device, cause the subscriber identity module to perform a method comprising:
-
interacting with an interface component of the mobile communication device; receiving a command from the interface component to invoke a client authentication function on the subscriber identity module; receiving a security policy from a manager module of the mobile communications device; calculating authentication information on the security policy; assessing an authenticity of the security policy in response to the command; indicating to the manager module whether the security policy is authentic; receiving a policy apply message instructing the mobile communication device to apply a specified security policy already stored thereon; invoking the client authentication function for assessing an integrity of the identified security policy by exploiting the authentication information; and passing the specified security policy to an enforcer module for applying the specified security policy.
-
Specification