System and method for over the air configuration security

US 7,188,243 B2
Filed: 04/27/2001
Issued: 03/06/2007
Est. Priority Date: 02/16/2001
Status: Expired due to Fees

First Claim

Patent Images

1. A computer-implemented method for maintaining configuration information on a mobile device, comprising:

receiving a message, wherein the message identifies the source of the message and changes to settings of the mobile device;

identifying, by a push router of the mobile device, the source of the received message, wherein the push router assigns a security role to the received message based on the identified source of the received message and inserts an identifier into the received message to identify the assigned security role;

passing the message to a configuration manager;

parsing, by the configuration manager, the message to identify at least one configuration service provider, among a plurality of configuration service providers, responsible for the settings identified in the message;

determining whether the assigned security role of the message, assigned by the push router, is sufficient to invoke the identified configuration service provider;

failing the transaction when the assigned security role of the message is not sufficient;

passing the message to the configuration service provider when the assigned security role of the message is sufficient, wherein the identified configuration security provider determines whether the assigned security role of the message is sufficient for settings associated with the configuration service provider;

failing the transaction when the assigned security role of the message is insufficient for the settings; and

performing the changes to the settings of the mobile device when the configuration service provider determines that the security role of the message is sufficient.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for assigning security credentials to particular components within a mobile device, and for ensuring that only configuration messages having sufficient access privilege to those components are allowed access, based on the security credentials. The security credentials or “roles” describe which settings a particular configuration message has authority to modify or query. Access is disallowed to settings for which a message does not have adequate security credentials.

35 Citations

View as Search Results

13 Claims

1. A computer-implemented method for maintaining configuration information on a mobile device, comprising:
- receiving a message, wherein the message identifies the source of the message and changes to settings of the mobile device;
  
  identifying, by a push router of the mobile device, the source of the received message, wherein the push router assigns a security role to the received message based on the identified source of the received message and inserts an identifier into the received message to identify the assigned security role;
  
  passing the message to a configuration manager;
  
  parsing, by the configuration manager, the message to identify at least one configuration service provider, among a plurality of configuration service providers, responsible for the settings identified in the message;
  
  determining whether the assigned security role of the message, assigned by the push router, is sufficient to invoke the identified configuration service provider;
  
  failing the transaction when the assigned security role of the message is not sufficient;
  
  passing the message to the configuration service provider when the assigned security role of the message is sufficient, wherein the identified configuration security provider determines whether the assigned security role of the message is sufficient for settings associated with the configuration service provider;
  
  failing the transaction when the assigned security role of the message is insufficient for the settings; and
  
  performing the changes to the settings of the mobile device when the configuration service provider determines that the security role of the message is sufficient.
- View Dependent Claims (2, 3, 4)
- - 2. The computer-implemented method of claim 1, wherein the source of the message is identified from authentication and decryption of the received message.
  - 3. The computer-implemented method of claim 1, wherein the message includes a shared key that identifies the source of the message.
  - 4. The computer-implemented method of claim 1, wherein determining whether the assigned security role of the message, assigned by the push router, is sufficient to invoke the identified configuration service provider further comprises comparing the assigned security role of the message to an assigned security role of the configuration service provider.

5. A computer-readable storage medium having computer-executable components for managing security on a mobile device, comprising:
- a stored setting having an assigned security role that identifies a privilege that an entity attempting to access the stored setting must satisfy in order to access the stored setting;
  
  a router, of the mobile device, configured to receive a configuration message over a wireless communication link, the router being further configured to identify a source of the configuration message and insert a security role identifier into the received configuration message based on the identified source, the router being further configured to pass the configuration message to other components of the mobile device, the configuration message including an instruction that affects a configuration setting;
  
  a configuration manager, of the mobile device, configured to receive the configuration message from the router and to parse the configuration message to identify a configuration service provider, of the mobile device, responsible for the instruction, wherein the configuration manager passes the configuration message to the configuration service provider when the assigned security role of the configuration message provides a privilege to access the configuration service provider; and
  
  the configuration service provider being configured to receive the configuration message from the configuration manager, determine whether the assigned security role of the configuration message has sufficient privilege to access the stored setting[s], and execute the instructions when the configuration service provider determines that the assigned security role has sufficient privilege to access the stored setting.
- View Dependent Claims (6, 7, 8, 9)
- - 6. The computer-readable storage medium of claim 5, wherein the configuration service provider is configured to manage at least one configuration setting stored on the mobile device, and wherein the processing of the instruction is performed by the configuration service provider.
  - 7. The computer-readable storage medium of claim 6, wherein the configuration service provider has an assigned security role that identifies a privilege that must be associated with an instruction that affects a configuration setting which the configuration service provider maintains.
  - 8. The computer-readable storage medium of claim 7, wherein the configuration manager is further configured to determine if the instruction that affects the configuration setting is in agreement with the security role assigned to the configuration service provider that maintains the affected configuration setting, and if so, the configuration manager is further configured to pass the instruction to the configuration service provider to be handled.
  - 9. The computer-readable storage medium of claim 8, wherein the configuration service provider determines if the instruction is in agreement with the security role assigned to the stored setting prior to processing the instruction, and if not, terminating the processing of the instruction.

10. A computer-readable storage medium having computer-executable instructions for maintaining configuration information on a mobile device, comprising:
- receiving a configuration message, wherein the configuration message includes a header field that identifies a source and an instruction field that identifies a configuration setting on the mobile device;
  
  identifying, by a push router of the mobile device, the source of the received configuration message from the header field, wherein the push router inserts a security role identifier into a security role field of the received configuration message, wherein the security role is based on the identified source of the received configuration message;
  
  passing the configuration message to a configuration manager of the mobile device;
  
  parsing, by the configuration manager, the configuration message to identify at least one configuration service provider of the mobile device, among a plurality of configuration service providers, responsible for the setting identified in the configuration message;
  
  determining whether the inserted security role identifier of the configuration message, assigned by the push router, is sufficient to invoke the identified configuration service provider;
  
  failing the transaction when the inserted security role identifier of the configuration message is not sufficient;
  
  passing the message to the configuration service provider when the inserted security role identifier of the configuration message is sufficient, wherein the identified configuration security provider determines whether the inserted security role identifier of the configuration message is sufficient for the setting associated with the configuration service provider;
  
  failing the transaction when the inserted security role identifier of the configuration message is insufficient for the setting; and
  
  performing changes to the setting of the mobile device when the configuration service provider determines that the inserted security role identifier of the configuration message is sufficient.
- View Dependent Claims (11, 12, 13)
- - 11. The computer-readable storage medium of claim 10, wherein the source of the message is identified from authentication and decryption of the received message.
  - 12. The computer-readable storage medium of claim 10, wherein the configuration message includes a shared key that identifies the source of the configuration message.
  - 13. The computer-readable storage medium of claim 10, wherein determining whether the inserted security role identifier of the configuration message, assigned by the push router, is sufficient to invoke the identified configuration service provider further comprises comparing the inserted security role identifier of the configuration message to an assigned security role of the configuration service provider.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Shell, Scott R., Zhu, Yuhang, Peev, Igor B., Butler, Lee M.
Primary Examiner(s)
Sheikh; Ayaz
Assistant Examiner(s)
HENNING, MATTHEW T

Application Number

US09/843,901
Publication Number

US 20020144151A1
Time in Patent Office

2,139 Days
Field of Search

713/166, 726/14, 726/28, 455/419
US Class Current

713/166
CPC Class Codes

H04L 63/102   Entity profiles

H04W 12/08   Access security

H04W 12/35   Protecting application or s...

H04W 8/18   Processing of user or subsc...

H04W 88/02   Terminal devices

System and method for over the air configuration security

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

35 Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for over the air configuration security

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

35 Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links