System and method for device management security of trap management object
First Claim
1. A Device Management (DM) client device, comprising:
- a computer processor;
a memory for storing processor-executable instructions which, when executed by the computer processor, implement a DM message transmission/reception block, a Management Object (MO) storage block and a security management block;
the DM message transmission/reception block for receiving an addition command to add a recipient node to a Trap Management Object (Trap MO);
the MO storage block for storing the Trap MO including authority information which represents that a DM server device has authority to make the addition command and a plurality of MOs which include a notification target MO; and
the security management block for determining, when receiving the addition command, if the DM server device has authority to make the addition command by checking the authority information of the Trap MO via a lookup on a list, determining if the DM server device has authority to make an execution command by checking, via the lookup on the list, the notification target MO requested to be registered, and registering the notification target MO as the recipient node in the Trap MO when the DM server device has the authority to make the addition command and execution command.
1 Assignment
0 Petitions
Accused Products
Abstract
The present invention relates to a system and method for device management security, and more particularly to a system and method for device management security of a trap management object (Trap MO), which can prevent a non-authorized device management server from indirectly controlling device management of a mobile terminal through use of the Trap MO defined in Open Mobile Alliance Device Management (OMA DM). To this end, when a DM client receives a request to register a notification target MO as a recipient node registration from a DM server, the DM client determines if the DM server has authority for both addition and execution and allows only an authorized DM server to register a recipient node in the Trap MO, so that only a DM server having authority for execution of an MO can execute the MO and control the device management of a mobile terminal. Accordingly, it is possible to enhance device management security of the mobile terminal against non-authorized DM servers.
13 Citations
17 Claims
-
1. A Device Management (DM) client device, comprising:
-
a computer processor; a memory for storing processor-executable instructions which, when executed by the computer processor, implement a DM message transmission/reception block, a Management Object (MO) storage block and a security management block; the DM message transmission/reception block for receiving an addition command to add a recipient node to a Trap Management Object (Trap MO); the MO storage block for storing the Trap MO including authority information which represents that a DM server device has authority to make the addition command and a plurality of MOs which include a notification target MO; and the security management block for determining, when receiving the addition command, if the DM server device has authority to make the addition command by checking the authority information of the Trap MO via a lookup on a list, determining if the DM server device has authority to make an execution command by checking, via the lookup on the list, the notification target MO requested to be registered, and registering the notification target MO as the recipient node in the Trap MO when the DM server device has the authority to make the addition command and execution command. - View Dependent Claims (6, 7, 8)
-
-
2. A method for device management security of a Trap Management Object (Trap MO) in a Device Management (DM) client device, the method comprising the steps of:
-
receiving the Trap MO including authority information which represents that a DM server device has authority to make an addition command to add a recipient node to the Trap MO; storing the Trap MO and a plurality of MOs including a notification target MO in a memory; receiving the addition command from the DM server device; determining, by a processor, if the DM server device has authority to make the addition command by checking the authority information of the Trap MO via a lookup on a list;
determining if the DM server device has authority to make an execution command by checking, via the lookup on the list, the notification target MO requested to be registered; andregistering the notification target MO as a recipient node in the Trap MO when the DM server device has authority to make the addition command and the execution command. - View Dependent Claims (3, 4, 5, 17)
-
-
9. A Device Management (DM) server device comprising:
-
a computer processor; a memory for storing processor-executable instructions which, when executed by the computer processor, implement a DM message transmission/reception block, a Management Object (MO) storage block and a security management block; the DM message transmission/reception block for transmitting to a DM client device a DM message having a Trap Management Object (Trap MO) including authority information which represents that a DM server device has authority to make an addition command to add a recipient node to the Trap MO so that the DM client device determines, when receiving the addition command, whether the DM server device has authority to make the addition command by checking the authority information of the Trap MO via a lookup on a list, receiving the DM message, and receiving a registration confirmation message from the DM client device in response to the DM message; and the MO storage block for storing the Trap MO and a plurality of MOs which include a notification target MO. - View Dependent Claims (10, 11, 12)
-
-
13. A method for Device Management (DM) security of a Trap Management Object (Trap MO) in DM server device, the method comprising:
-
transmitting to a DM client device a DM message having a Trap MO including authority information which represents that the DM server device has authority to make an addition command to add a recipient node to the Trap MO to a DM client device so that the DM client determines, when receiving the addition command, whether the DM server device has authority to make the addition command by checking the authority information of the Trap MO via a lookup on a list; storing, in a memory, the Trap MO and a plurality of Management Objects (MOs) which include a notification target MO; transmitting the addition command to register, by a processor, information of the notification target MO; and receiving a registration confirmation message from the DM client device in response to the DM message, wherein the DM server device has authority to make the addition command and to make an execution command. - View Dependent Claims (14, 15, 16)
-
Specification