DE102004049706A1 - Method and device for embedded systems, in particular reconfigurable mobile radio terminals, with loadable software modules - Google Patents

Method and device for embedded systems, in particular reconfigurable mobile radio terminals, with loadable software modules

Info

Publication number
DE102004049706A1
DE102004049706A1 DE200410049706 DE102004049706A DE102004049706A1 DE 102004049706 A1 DE102004049706 A1 DE 102004049706A1 DE 200410049706 DE200410049706 DE 200410049706 DE 102004049706 A DE102004049706 A DE 102004049706A DE 102004049706 A1 DE102004049706 A1 DE 102004049706A1
Authority
DE
Germany
Prior art keywords
modules
authorization
software module
activated
software
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
DE200410049706
Other languages
German (de)
Inventor
Eiman Bushra Mohyeldin
Christoph Dr. Niedermeier
Reiner Dr. Schmid
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Siemens AG
Original Assignee
Siemens AG
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Siemens AG filed Critical Siemens AG
Priority to DE200410049706 priority Critical patent/DE102004049706A1/en
Publication of DE102004049706A1 publication Critical patent/DE102004049706A1/en
Application status is Withdrawn legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/51Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/60Software deployment
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/22Processing or transfer of terminal data, e.g. status or physical capabilities
    • H04W8/24Transfer of terminal data
    • H04W8/245Transfer of terminal data from a network towards a terminal

Abstract

The invention consists essentially in a method and / or a device for embedded systems, in particular reconfigurable mobile radio terminals, with loadable software modules, with the aid of a system loader, an interface allocation database and authorization modules representative of the relevant parties (device manufacturers, mobile radio operators or service provider), affected authorization modules are determined, which then each check a signature of the newly activated software module based on specified in each authorization module permission criteria a respective activation permission and at the / the system loader provides the newly activated software module interface information and it activated, provided that all the authorization modules concerned have an activation authorization in common. It is advantageous, for example, that activation takes place on the basis of the current terminal configuration, for the review, no third instance is required and the relevant parties in the software module itself need not be defined. When deciding on the activation, criteria can also be used depending on different networks, which can also take into account the requirements of network operators who are not direct contractual partners of the customers.

Description

  • method and device for embedded systems, in particular reconfigurable mobile radio terminals, with loadable software modules
  • The The invention relates to a method and apparatus for embedded Systems (embedded systems) with loadable software modules, in particular Reconfigurable mobile devices, but also so-called appliances such as. MP3 players, automatic controllers etc.
  • at mobile devices These loadable software modules primarily affect the implementation programmable transceiver, the implementation of operating software or the modification of other parts of the functionality of this mobile devices but also the implementation of application software, if that Impact on functioning of the respective network.
  • Mobile terminals with Software programmable transceivers, so-called "software Defined Radio "(SDR) Terminals allow a significant change in the operation of Mobile networks relevant properties of these terminals. The programmability the transceiver and the associated Functions affect the properties of the terminal that the Requirements of the regulatory authorities subject and is of importance to the network management of Operators of mobile networks. The reconfigurable transceivers achieved flexibility allows such extensive changes, that the proper functioning of the device after software changes no longer be ensured solely by the design of the device. Especially is compliance with the requirements of regulatory authorities and radio standards affected, what for the operating license of the terminals is of crucial importance is. However, such reconfigurable terminals should be the modification continue to share their functionality allow the user to enjoy the significant advantage of SDR technology, namely the flexibility, in full benefit.
  • Even within the permissible Framework conditions, such as Conditions of the regulatory authority, can reconfigurable terminals behaviors are programmed which runs counter to the interests of the network operator or the service provider. So could for example, when mode switching decision algorithms are used which are not compatible with an ordered network administration. Become in such algorithms the interests of the network operator not or insufficiently taken into account, efficient management of radio resources is no longer possible.
  • One Another aspect when dealing with software modules that are on the terminal to be used is that in conjunction with the terminal type actually approved and meaningful software modules under certain circumstances still can not be activated either the behavior of the software meets the requirements of a network operator or service providers does not comply or even counteracts or but since the software was downloaded the terminal has changed, e.g. by installing a new firmware version, and thereby is no longer compatible with the software module in question.
  • For application software These aspects play only a minor role, this has in the Normally little influence on the functionality of the network. For operating software of the terminal, e.g. Protocol stacks, decision algorithms for mode switching or firmware updates, these issues are of paramount importance.
  • The The object underlying the invention is now a method and a device for embedded systems, in particular reconfigurable mobile radio terminals, with indicate loadable software modules such that activation of critical software modules is possible only if all parties, the of the functionality of the Module, ie e.g. Network operators and device manufacturers, have agreed and that this approval possible without lengthy processes and manual intervention takes place.
  • These The object is with respect to the method by the features of Claim 1 and in terms of the device by the features of claim 7 solved according to the invention. The Further features relate to advantageous embodiments of the method according to the invention.
  • The invention consists essentially in a method and / or a device for embedded systems, in particular reconfigurable mobile radio terminals, with loadable software modules, with the aid of a system loader, an interface allocation database and authorization modules, representative of the relevant parties (device manufacturers, mobile radio operators or service provider), affected authorization modules are determined, which then each check a signature of the newly activated software module based on specified in each authorization module permission criteria a respective activation permission and at the / the system loader provides the newly activated software module interface information and it activated, provided by all concerned authority modules together have an activation permit. It is advantageous here, for example, that activation takes place on the basis of the current terminal configuration, no third instance is required for the check and the relevant parties in the software module itself need not be defined. When deciding on the activation, criteria can also be used depending on different networks, which can also take into account the requirements of network operators who are not direct contractual partners of the customers.
  • The Invention will now be described with reference to a drawing embodiment in the form of a mobile station explained in more detail.
  • In The drawing is a reconfigurable mobile device with software modules MA..MC and a newly activated software modules MD, wherein between the modules MA and MC, an interface S1, the Modules MB and MC an interface S2 and the modules MD and MC a new interface S3 exists.
  • This Reconfigurable mobile terminal also has a device with a so-called system loader SL, an interface mapping database (Interface Mapping Database) DB and so-called authorization modules AM1..AM3 on.
  • This so-called system loader SL controls the activation of applications / software modules and lets the Exam, whether a particular software module may be activated by the Authorization modules AM1..AM3 execute.
  • One essential criterion for this exam are the interfaces used by a newly activated software module S3, z. B. Interfaces to libraries and components.
  • One another criterion for this exam can but also provide parameters that have the functionality of a affect newly activated software module itself.
  • For every interface S1 ... S3 is defined which authorization modules must agree. Of the System loader can determine from the list of interfaces used which authorization modules are to be consulted. For this exists the Interface Assignment Database DB containing information for each interface contains which authorization modules AM1, ..., AM3 have to agree.
  • The Authorization modules can executed several times and each representative of particular parties, e.g. for device manufacturers, Mobile operators, service providers, act what is here through the three authorization modules AM1, .., AM3 is indicated by way of example.
  • ever by height The security requirements to the system may be such an authorization module be performed by a hardware module or by a software module.
  • to Control of the authorization transmitted by the System loader SL the interface description or the signature of the software module MD to be loaded to a respective authorization module. This answers with the selection of the interfaces that the system loader to make available to the respective software module. This will be an individual, for Each software module specially defined selection of access to Operating system functions and other modules created. Thus, can a module can only access interfaces if the parties concerned through the associated Authorization modules have agreed.
  • Becomes the authorization module executed as a hardware component, so this can be about one for the home network operator acting SIM card or a representative acting on behalf of the terminal manufacturer SIM card analog hardware component (Equipment Identity Module) act.
  • Other Parties such as service providers or even foreign network operators could executed in software Provide authorization modules installed on the terminal as needed and activated after appropriate authorization by the system loader become.
  • task of the examining Authorization module is, on request of the system loader SL, the consistency complete Software configurations or software configurations and hardware configurations with the demands of the party whose interests they represent, to consider and the result of this test to inform the system loader SL. Between the system loader and the tested Hardware Components or software modules must have a trust relationship (trust relationship), through the secure exchange of authentication features will be produced.
  • The authorization components can obtain the information needed for the check either from their own database DB on the device or via the mobile network from a database server to always be up to date Stand to be. It makes sense that often required data, such as data for often used software modules, held on the device to keep the test time low. Data for rarely used modules can be obtained via the mobile network as needed. In addition, the data on the device can be updated via the mobile network.
  • Another function of the data update via a radio interface is the following:
    When logging into a new network, network-specific authorization requests are transmitted to the responsible module, which in this way can take into account the particular rules of the network used.
  • The Authorization modules are also able to store the information thus obtained internally, to reduce the communication effort. Such data can with a time limited validity Be provided and in case of need by notifications prematurely as invalid explained become. With that you can new findings, such as the discovery of serious mistakes in one Software module, considered become. If authorization is denied due to such reasons, a corresponding error message has to be provided to the user, which points to alternatives (newer version, update etc.).
  • The course of the method according to the invention is typically as follows:
    The system loader SL determines which interfaces S3 are to be addressed by the software module MD to be activated. This can be done, for example, with the help of a link list. On the basis of the information in the interface allocation database DB, the authorization modules concerned, here for example the authorization modules AM1 and AM2, are determined from the totality of the existing authorization modules AM1 .. AM3. The authorization modules selected in this way subsequently receive an interface description or a signature of the module MD to be activated, and make a decision as to whether the module may be activated on the basis of the criteria available to them. Only if all affected authorization modules, here z. As the authorization modules AM1 and AM2 agree, the system loader SL the software module to be activated MD information about the interfaces S3 available and activates it, in all other cases, the activation is denied.
  • The Authorization modules can In doing so, consider various criteria in order to assess admissibility to decide the activation.
  • First becomes the identity checked by the software module, by verifying the signature. Is the identity verified, can check the authorization module whether the use of the software module by the party for whom it has been approved.
  • In addition, still can other authorization rules determine whether the activation will be performed should. Possible Criteria are: device type, version other software modules used, exclusion lists, i. no activation with the simultaneous presence of certain others Software modules.
  • advantages
    • 1. The consistency of a configuration becomes always when a module is activated based on the current configuration of the terminal. Method, the identity of a software module only when software download check, can a such topicality do not offer.
    • 2. Participants such as network operators and terminal manufacturers can by their deputies participate in the verification process in the form of the authorization modules and must do not delegate this task to a third party. This is Ensures that the decisions are made by one entity who has the trust of the interested party and whose decisions can be determined by the party concerned. The elaborate Realization of systems that protect the interests of multiple stakeholders consolidate, can be avoided. The task, the approval Achieving the stakeholder will depend on the manufacturer of the software Module, which must create the appropriate conditions.
    • 3. Authorization modules entrusted with verification can Information that they have for the exam need, either in their local store or off if necessary to load a database on the network. In this way it is ensured that an optimum between actuality of the information and the Efficiency of the inspection process can be found.
    • 4. The authorization modules can be used both as hardware components (safer Variant) as well as software components (more flexible variant) be.
    • 5. Authorized modules will only have access to the shared ones Interfaces. This ensures that all relevant authorization modules are representative for the respective parties without the list being more relevant Parties must be defined in the software module itself.
    • 6. When deciding on the activation of a module, a wide variety of criteria, for example, depending on different network ken, find use. In this way, the requirements of network operators who are not direct contractual partners of the customer (eg in the Visited Network) can also be taken into account.

Claims (7)

  1. Procedure for embedded systems, in particular reconfigurable mobile radio terminals, with loadable software modules, - at a system loader (SL) at least determines which interfaces (S3) addressed by a newly activated software module (MD) should be - at the one affected by all existing authorization modules (AM1 ... AM3) Authorization modules (AM1, AM2) with the help of at least these determined interfaces and an interface mapping database (DB), - in which the affected authorization modules then at least one interface description of the newly activated software module (MD) and based on Permission criteria specified in the authorization modules respectively check, whether the newly activated software module may be activated, and - at the system loader provides interface information to the newly activated software module to disposal Provides and activates it, provided all affected authorization modules jointly determine that the newly activated software module may be activated.
  2. The method of claim 1, wherein the in the authorization modules The permission criteria also define the device type and / or versions of others Software modules used for this new software module to be activated and / or exclusion lists of certain other software modules.
  3. The method of claim 1 or 2, wherein a respective Authorization module gives the system loader a list of its permission criteria and / or its allowed software modules, if the new activating software module the criteria of the respective authorization module not fulfilled.
  4. Method according to one of the preceding claims, in the network-specific newly obtained when logging into a new network Permission criteria to a competent Authorization module transmitted and saved there.
  5. The method of claim 4, wherein the permission criteria with a time limited validity be provided and / or in case of need by notifications prematurely invalid explained become.
  6. Method according to one of the preceding claims, in the authorization modules are representative of device manufacturers, Mobile operators or service providers act.
  7. Device for embedded systems, in particular for reconfigurable mobile radio terminals, with Software modules, - at a system loader (SL) is present such that at least determined which interfaces (S3) to activate from a new one Software module (MD) should be addressed, - in the Interface Assignment Database (DB) is present such that with the help of at least these determined interfaces from all existing authorization modules (AM1 ... AM3) affected authorization modules (AM1, AM2) are determinable, - at the affected authorization modules such that they have at least one interface description of the newly activated software module (MD) and based on Permission criteria specified in the authorization modules respectively check, whether the newly activated software module may be activated, and - at the system loader is present such that the newly activated Software module interface information provided and it will be activated, provided all affected authorization modules jointly determine that the newly activated software module may be activated.
DE200410049706 2004-10-12 2004-10-12 Method and device for embedded systems, in particular reconfigurable mobile radio terminals, with loadable software modules Withdrawn DE102004049706A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
DE200410049706 DE102004049706A1 (en) 2004-10-12 2004-10-12 Method and device for embedded systems, in particular reconfigurable mobile radio terminals, with loadable software modules

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
DE200410049706 DE102004049706A1 (en) 2004-10-12 2004-10-12 Method and device for embedded systems, in particular reconfigurable mobile radio terminals, with loadable software modules
PCT/EP2005/054315 WO2006040222A2 (en) 2004-10-12 2005-09-01 Method and device for embedded systems, particularly reconfigurable mobile radio terminals, with loadable software modules

Publications (1)

Publication Number Publication Date
DE102004049706A1 true DE102004049706A1 (en) 2006-04-20

Family

ID=35953833

Family Applications (1)

Application Number Title Priority Date Filing Date
DE200410049706 Withdrawn DE102004049706A1 (en) 2004-10-12 2004-10-12 Method and device for embedded systems, in particular reconfigurable mobile radio terminals, with loadable software modules

Country Status (2)

Country Link
DE (1) DE102004049706A1 (en)
WO (1) WO2006040222A2 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9094397B2 (en) 2011-01-14 2015-07-28 Intel Mobile Communications GmbH Radio devices, regulation servers, and verification servers

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH07230380A (en) * 1994-02-15 1995-08-29 Internatl Business Mach Corp <Ibm> Method and system for managing use of applied job program
US5951639A (en) * 1996-02-14 1999-09-14 Powertv, Inc. Multicast downloading of software and data modules and their compatibility requirements
IL120420A (en) * 1997-03-10 1999-12-31 Security 7 Software Ltd Method and system for preventing the downloading and execution of executable objects
US6965999B2 (en) * 1998-05-01 2005-11-15 Microsoft Corporation Intelligent trust management method and system
AU2699502A (en) * 2000-11-28 2002-06-11 4Thpass Inc Method and system for maintaining and distributing wireless applications
US7380238B2 (en) * 2002-04-29 2008-05-27 Intel Corporation Method for dynamically adding new code to an application program
US20040123152A1 (en) * 2002-12-18 2004-06-24 Eric Le Saint Uniform framework for security tokens

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9094397B2 (en) 2011-01-14 2015-07-28 Intel Mobile Communications GmbH Radio devices, regulation servers, and verification servers

Also Published As

Publication number Publication date
WO2006040222A3 (en) 2006-07-06
WO2006040222A2 (en) 2006-04-20

Similar Documents

Publication Publication Date Title
US8887257B2 (en) Electronic access client distribution apparatus and methods
KR101234194B1 (en) Apparatus and method for downloading of sim data in mobile communication system
CA2819781C (en) Method for managing content on a secure element connected to an equipment
US8565726B2 (en) System, method and device for mediating connections between policy source servers, corporate repositories, and mobile devices
RU2515809C2 (en) Methods for facilitating secure self-initialisation of subscriber devices in communication system
JP6322143B2 (en) Integrated Mobile Trusted Service Manager
CN100502551C (en) Network and method for registration of mobile devices and management of the mobile devices
US7890640B2 (en) Access control in client-server systems
JP6533203B2 (en) Mobile device supporting multiple access control clients and corresponding method
EP1875758B1 (en) Limited configuration access to mobile terminal features
US20110167470A1 (en) Mobile data security system and methods
US20120047237A1 (en) Method, Server, Computer Program and Computer Program Product for Communicating with Secure Element
JP4644038B2 (en) Method and system for securely copying information from a SIM card to at least one communication body
JP2014524174A (en) Apparatus and method for managing identification information in a multi-network system
KR101378109B1 (en) System of multiple domains and domain ownership
US20040043788A1 (en) Management of parameters in a removable user identity module
JP2015092374A (en) Apparatus and methods for managing firmware verification on wireless device
DE69729356T2 (en) Method and device for securing the access of a station to at least one server
US9137656B2 (en) System and method for remote provisioning of embedded universal integrated circuit cards
US9923724B2 (en) Method and apparatus for installing profile
US9628981B2 (en) Method for changing MNO in embedded SIM on basis of special privilege, and embedded SIM and recording medium therefore
US20130326596A1 (en) Apparatus and methods for providing authorized device access
CN102422658B (en) Method and apparatus for programming a mobile device with multiple service accounts
EP1935196B1 (en) Radio communication device comprising at least one radio communication module and one sim card, corresponding radio communication module and sim card
DE602005000025T2 (en) Method and arrangement for operating an open network with a proxy

Legal Events

Date Code Title Description
OP8 Request for examination as to paragraph 44 patent law
8139 Disposal/non-payment of the annual fee