System and method for over the air configuration security
First Claim
Patent Images
1. A computer-implemented method for maintaining configuration information on a mobile device, comprising:
- receiving a message, wherein the message identifies the source of the message and changes to settings of the mobile device;
identifying, by a push router of the mobile device, the source of the received message, wherein the push router assigns a security role to the received message based on the identified source of the received message and inserts an identifier into the received message to identify the assigned security role;
passing the message to a configuration manager;
parsing, by the configuration manager, the message to identify at least one configuration service provider, among a plurality of configuration service providers, responsible for the settings identified in the message;
determining whether the assigned security role of the message, assigned by the push router, is sufficient to invoke the identified configuration service provider;
failing the transaction when the assigned security role of the message is not sufficient;
passing the message to the configuration service provider when the assigned security role of the message is sufficient, wherein the identified configuration security provider determines whether the assigned security role of the message is sufficient for settings associated with the configuration service provider;
failing the transaction when the assigned security role of the message is insufficient for the settings; and
performing the changes to the settings of the mobile device when the configuration service provider determines that the security role of the message is sufficient.
3 Assignments
0 Petitions
Accused Products
Abstract
A system and method for assigning security credentials to particular components within a mobile device, and for ensuring that only configuration messages having sufficient access privilege to those components are allowed access, based on the security credentials. The security credentials or “roles” describe which settings a particular configuration message has authority to modify or query. Access is disallowed to settings for which a message does not have adequate security credentials.
35 Citations
13 Claims
-
1. A computer-implemented method for maintaining configuration information on a mobile device, comprising:
-
receiving a message, wherein the message identifies the source of the message and changes to settings of the mobile device; identifying, by a push router of the mobile device, the source of the received message, wherein the push router assigns a security role to the received message based on the identified source of the received message and inserts an identifier into the received message to identify the assigned security role; passing the message to a configuration manager; parsing, by the configuration manager, the message to identify at least one configuration service provider, among a plurality of configuration service providers, responsible for the settings identified in the message; determining whether the assigned security role of the message, assigned by the push router, is sufficient to invoke the identified configuration service provider; failing the transaction when the assigned security role of the message is not sufficient; passing the message to the configuration service provider when the assigned security role of the message is sufficient, wherein the identified configuration security provider determines whether the assigned security role of the message is sufficient for settings associated with the configuration service provider; failing the transaction when the assigned security role of the message is insufficient for the settings; and performing the changes to the settings of the mobile device when the configuration service provider determines that the security role of the message is sufficient. - View Dependent Claims (2, 3, 4)
-
-
5. A computer-readable storage medium having computer-executable components for managing security on a mobile device, comprising:
-
a stored setting having an assigned security role that identifies a privilege that an entity attempting to access the stored setting must satisfy in order to access the stored setting; a router, of the mobile device, configured to receive a configuration message over a wireless communication link, the router being further configured to identify a source of the configuration message and insert a security role identifier into the received configuration message based on the identified source, the router being further configured to pass the configuration message to other components of the mobile device, the configuration message including an instruction that affects a configuration setting; a configuration manager, of the mobile device, configured to receive the configuration message from the router and to parse the configuration message to identify a configuration service provider, of the mobile device, responsible for the instruction, wherein the configuration manager passes the configuration message to the configuration service provider when the assigned security role of the configuration message provides a privilege to access the configuration service provider; and the configuration service provider being configured to receive the configuration message from the configuration manager, determine whether the assigned security role of the configuration message has sufficient privilege to access the stored setting[s], and execute the instructions when the configuration service provider determines that the assigned security role has sufficient privilege to access the stored setting. - View Dependent Claims (6, 7, 8, 9)
-
-
10. A computer-readable storage medium having computer-executable instructions for maintaining configuration information on a mobile device, comprising:
-
receiving a configuration message, wherein the configuration message includes a header field that identifies a source and an instruction field that identifies a configuration setting on the mobile device; identifying, by a push router of the mobile device, the source of the received configuration message from the header field, wherein the push router inserts a security role identifier into a security role field of the received configuration message, wherein the security role is based on the identified source of the received configuration message; passing the configuration message to a configuration manager of the mobile device; parsing, by the configuration manager, the configuration message to identify at least one configuration service provider of the mobile device, among a plurality of configuration service providers, responsible for the setting identified in the configuration message; determining whether the inserted security role identifier of the configuration message, assigned by the push router, is sufficient to invoke the identified configuration service provider; failing the transaction when the inserted security role identifier of the configuration message is not sufficient; passing the message to the configuration service provider when the inserted security role identifier of the configuration message is sufficient, wherein the identified configuration security provider determines whether the inserted security role identifier of the configuration message is sufficient for the setting associated with the configuration service provider; failing the transaction when the inserted security role identifier of the configuration message is insufficient for the setting; and performing changes to the setting of the mobile device when the configuration service provider determines that the inserted security role identifier of the configuration message is sufficient. - View Dependent Claims (11, 12, 13)
-
Specification