Enhanced security using service provider authentication
First Claim
1. An apparatus for processing an application, comprising:
- a network interface comprising a receiver for receiving an application suite over a communications network, the application suite including an application, security information associated with the application, and a first carrier identification associated with the application, the first carrier identification identifying a first communication service provider whose customers are intended recipients of the application; and
a hardware processor configured to;
responsive to receiving the application suite, authenticate the security information against a root certificate to determine whether the application is bound to a trusted protection domain;
when the application is bound to a trusted protected domain, compare the first carrier identification to a second carrier identification responsive to receipt of the application suite, the second carrier identification identifying a second communication service provider that is providing communication service to the apparatus, andresponsive to identifying a match between the first and second carrier identifications, assign permissions to the application that provide access to privileged functionality on the apparatus.
4 Assignments
0 Petitions
Accused Products
Abstract
A method (100) and an apparatus (e.g., a network node (210)) for providing enhanced security using service provider authentication. In addition to authenticating an application signature (245) against a root certificate (235) stored on the network node (210), a first carrier identification (250) associated with the application (240) is compared to a second carrier identification (255). If the first and second carrier identifications match, then the application can be assigned to a trusted protection domain and granted permissions which provide privileged access to the network node. For example, the application can be granted permission to be installed and/or executed on the network node. Otherwise the application can be denied privileged access. Accordingly, a carrier'"'"'s applications will be only installed onto network nodes that are intended recipients of the applications.
-
Citations
21 Claims
-
1. An apparatus for processing an application, comprising:
-
a network interface comprising a receiver for receiving an application suite over a communications network, the application suite including an application, security information associated with the application, and a first carrier identification associated with the application, the first carrier identification identifying a first communication service provider whose customers are intended recipients of the application; and a hardware processor configured to; responsive to receiving the application suite, authenticate the security information against a root certificate to determine whether the application is bound to a trusted protection domain; when the application is bound to a trusted protected domain, compare the first carrier identification to a second carrier identification responsive to receipt of the application suite, the second carrier identification identifying a second communication service provider that is providing communication service to the apparatus, and responsive to identifying a match between the first and second carrier identifications, assign permissions to the application that provide access to privileged functionality on the apparatus. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method for providing enhanced security at a mobile communication device that is in communication with a communication network, the method comprising:
-
receiving, by a receiver of the mobile communication device from the communications network, an application suite that includes an application, security information associated with the application, and a first carrier identification associated with the application, the first carrier identification identifying a first wireless service provider whose customers are intended recipients of the application, the application being executable by the mobile communication device; responsive to receiving the application suite, authenticating the security information against a root certificate to determine whether the application is bound to a trusted protection domain; when the application is bound to a trusted protected domain, subsequent to receiving the application suite, comparing, by the mobile communication device, the first carrier identification to a second carrier identification, the second carrier identification identifying a second wireless service provider that is providing wireless communication service to the mobile communication device; and responsive to identifying a match between the first carrier identification and the second carrier identification, assigning, by the mobile communication device, permissions to the application to enable the application to access privileged functionality within the mobile communication device. - View Dependent Claims (11, 12, 13)
-
-
14. A method for providing enhanced security on a network node, the method comprising:
-
receiving, by a receiver of the network node, an application suite from a communications network, the application suite including at least one application, security information associated with the at least one application, and a first carrier identification associated with the at least one application, the first carrier identification identifying a first communication service provider whose customers are intended recipients of the at least one application; responsive to receiving the application suite, authenticating the security information against a root certificate stored on the network node to determine whether the at least one application is bound to a trusted protection domain; when the at least one application is bound to a trusted protected domain, comparing the first carrier identification to a second carrier identification, the second carrier identification identifying a second communication service provider that is providing communication service to the network node; and when the first carrier identification matches the second carrier identification, assigning, by the network node, permissions to the at least one application that provide access to privileged functionality on the network node. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21)
-
Specification