EP1338168A2 - Procede et dispositif servant a empecher l'acces a des informations memorisees dans un noeud - Google Patents

Procede et dispositif servant a empecher l'acces a des informations memorisees dans un noeud

Info

Publication number
EP1338168A2
EP1338168A2 EP01996981A EP01996981A EP1338168A2 EP 1338168 A2 EP1338168 A2 EP 1338168A2 EP 01996981 A EP01996981 A EP 01996981A EP 01996981 A EP01996981 A EP 01996981A EP 1338168 A2 EP1338168 A2 EP 1338168A2
Authority
EP
European Patent Office
Prior art keywords
information
node
access
command
network
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP01996981A
Other languages
German (de)
English (en)
Inventor
Mazen Chmaytelli
Samir K. Khazaka
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Qualcomm Inc
Original Assignee
Qualcomm Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Qualcomm Inc filed Critical Qualcomm Inc
Publication of EP1338168A2 publication Critical patent/EP1338168A2/fr
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • H04W12/084Access security using delegated authorisation, e.g. open authorisation [OAuth] protocol

Definitions

  • the present invention relates to communications systems. More particularly, the present invention relates to control of information access.
  • a communications system comprises a communications network and a set of nodes that communicate with the network.
  • the communications links between the network and the nodes may be wired and/or wireless.
  • the network may also communicate with other networks, such that a node may communicate with an entity within the network, with another node connected to the network, and/or with an entity and/or a node on another network.
  • a communications network is a local-area network (LAN), where the entities within the network may include one or more servers and the individual nodes may include workstations, personal computers, and/or peripheral devices such as storage units and printers.
  • LAN local-area network
  • Another example of a communications network is a cellular network for wireless communications, where the entities within the network may include one or more base stations (having base station transceivers or 'BTSs') and administrative units (such as base station controllers (BSCs), mobile services switching centers (MSCs), and home and visitor location registers (HLRs and NLRs, respectively)) and the individual nodes may be mobile units (also called 'mobile stations') that communicate with one or more base stations over a radiolink.
  • BSCs base station controllers
  • MSCs mobile services switching centers
  • HLRs and NLRs home and visitor location registers
  • a mobile unit may be a cellular telephone, a computer or other processing device connected to a wireless modem, a wireless local loop (WLL) station, or a wireless personal digital assistant (PDA).
  • WLL wireless local loop
  • PDA wireless personal digital assistant
  • the mobile units may communicate with each other and/or with devices on other networks such as the Internet and/or the public switched telephone network (PSTN).
  • PSTN public switched telephone network
  • a mobile unit such as a cellular telephone is lost or stolen, the owner or account holder may instruct the service provider to reject attempts by the mobile unit to access the network. This action helps to prevent an unauthorized user from incurring usage charges to a service account associated with the unit.
  • the mobile unit may contain semiconductor flash random-access memory (or 'flash RAM 1 ) that holds confidential information such as telephone numbers.
  • the flash RAM may store additional confidential information such as e-mail addresses and messages, voicemail messages, schedules and personal contact information, passwords, and/or banking or credit account numbers. Even though the mobile unit may be refused access to the network if lost or stolen, confidential information stored on the mobile unit may remain accessible to an interloper and subject to abuse.
  • a node is instructed to prevent access to information stored at the node. This instructing occurs as a consequence of detecting a correspondence between a command to prevent access to information stored at the node (or at least a portion of such a command) on one hand, and an identifier associated with the node on the other hand.
  • FIG. 1 is a block diagram of a communications system according to an embodiment of the invention
  • FIG. 2 is an illustration of a command to prevent access to information stored at node 100;
  • FIG. 3 is a block diagram of a communications system according to an embodiment of the invention.
  • FIG. 4 illustrates a flowchart of a method according to an embodiment of the invention.
  • FIG. 5 is a block diagram of a network 150 according to an embodiment of the invention.
  • FIG. 6 is a block diagram of a cellular network for wireless communications 152 according to an embodiment of the invention.
  • FIG. 7 is a block diagram of a network 150a according to an embodiment of the invention.
  • FIG. 8 is a block diagram of a cellular network for wireless communications 152a according to an embodiment of the invention
  • FIG. 9 illustrates a flowchart of a method according to an embodiment of the invention
  • FIG. 10 is a block diagram of a node 100 according to an embodiment of the invention.
  • FIG. 11 is a block diagram of a node 102 according to an embodiment of the invention
  • FIG. 12 is a block diagram of a node 100a according to an embodiment of the invention
  • FIG. 13 illustrates a flowchart of a method according to an embodiment of the
  • FIG. 14 illustrates a flowchart of a method according to an embodiment of the invention
  • FIG. 15 illustrates a flowchart of a method according to an embodiment of the invention.
  • FIG. 16 illustrates a flowchart of a method according to an embodiment of the invention.
  • a link between a node and a network is transient.
  • the link between a mobile unit and the network does not exist when the mobile unit is not powered on. Even after such a link is created, its location and nature with respect to the network may change as the mobile unit moves from within the range of one network terminal (e.g., a base station or a sector thereof) to within the range of another. Therefore, it may not be possible for the network to identify a node connected in this fashion by using only a static location or
  • a link between a node and a network may be transient but static.
  • Such a network may include one or more terminals to which nodes may connect on a transient basis.
  • One example includes a personal computer (possibly connected to a LAN) that may communicate with one or more PDAs or similar devices through a serial or parallel port.
  • a network terminal that communicates with a node in this manner may be fixed, more than one node may connect to the network through that terminal (e.g. at different times) and/or a single node may connect to the network through different terminals (e.g. at different times), such that it may not be possible for the network to identify a node by using only a static location or address.
  • An identification token is one mechanism that may be used to identify a node that connects to a network through a transient link.
  • the node stores at least one such token, while the network stores a correspondence between the token and a network identity (in some cases, the network may have assigned the token to the node).
  • the node transmits the token to the network over a communications link.
  • the network receives the token, recognizes it, and associates the corresponding network identity with the mobile unit. This association may continue even as the link changes character within the network (e.g. as in a cellular telephone handoff situation).
  • the node-identity association may also undergo subsequent revalidation (e.g. periodically and/or upon specified events).
  • a mobile unit is programmed to store identity information as a 10-digit mobile identification number (MIN).
  • MIN 10-digit mobile identification number
  • the MIN includes four digits from the mobile unit's unique electronic serial number (ESN) and six digits from an identification string that is known to the network.
  • the MIN may be stored within the mobile unit in a nonvolatile memory, such as Read-Only Memory (“ROM”), Programmable ROM (“PROM”), Erasable PROM (“EPROM”), and/or Electrically EPROM (“EEPROM”) (e.g., flash memory).
  • ROM Read-Only Memory
  • PROM Programmable ROM
  • EPROM Erasable PROM
  • EEPROM Electrically EPROM
  • Presentation of the MIN (or a portion thereof) by the mobile unit upon communication with the network allows the network to associate the particular mobile unit with a known identity or profile that may contain information concerning service options, billing plan, home area, etc. In an IS-95B- or IS-2000-compliant system, this process is called 'registration.' This association also enables the network to properly route transmissions (such as incoming telephone calls) that are intended to terminate at the mobile unit. Once the node is associated with the known identity or profile, the association may continue even as the link between the node and the network moves from one terminal (e.g., a base station or a sector thereof) to another.
  • one terminal e.g., a base station or a sector thereof
  • FIGURE 1 shows a block diagram of a system according to an embodiment of the invention.
  • Node 100 passes an identification token to network 150 via communications link 140.
  • network 150 Over control link 160, network 150 also receives a command to prevent access to information stored at the node.
  • Communications link 140 and/or control link 160 may be conducted through intervening devices and may be wired and/or wireless (i.e. carried over one or more radio and/or optical frequencies).
  • the command to prevent access to information stored at node 100 includes an operation code (or 'opcode') that corresponds to the command action and an identifier that corresponds to node 100.
  • network 150 Upon detecting a correspondence between the identification token and at least a portion of the command (e.g. the identifier), transmits a command to node 100 to prevent access to local information.
  • network 150 receives the command to prevent access to information stored at node 100 via the public switched telephone network (PSTN).
  • PSTN public switched telephone network
  • the command to prevent access is communicated to network 150 using a Signaling System 7 (SS7) protocol (e.g. as detailed in ITU-T Q.701-Q.741, International Telecommunications Union, Geneva, Switzerland).
  • SS7 Signaling System 7
  • the command is communicated to network 150 by a service provider in response to a report from the user that the node has been lost or stolen.
  • FIGURE 4 illustrates a flowchart for a method according to an embodiment of the invention that may be performed within network 150.
  • a method as shown in FIGURE 4 is performed upon the occurrence of an access request or a registration event as described, for example, in section 6.6.5 ("Registration") of one of the TIA/EIA CDMA standards documents referenced above (e.g., power-up of a mobile unit, timer expiration, or zone change of a mobile unit).
  • a method as shown in FIGURE 4 is performed when a node that is not registered attempts to use the network (e.g. to place a telephone call).
  • network 150 receives a command to prevent access to information stored at node 100. As described above, this command may include an operation code and an identifier that corresponds to node 100.
  • this command may include an operation code and an identifier that corresponds to node 100.
  • token reception task PI 20 network 150 receives an identification token from a node via communications link 140. This token may be received as a part of a transmission such as an access request or a registration request.
  • the identification token includes information from which network 150 may uniquely identify the node and is based on identity information that is stored at the node.
  • network 150 determines a correspondence between the identification token received from node 100 and at least a portion of the command to prevent access to information stored at node 100 (e.g. the identifier). In one embodiment, the decision is based on a correspondence between at least a part of the identification token (e.g., the first six digits of a MIN) and the identifier. As more than one command to prevent access may be pending in network 150, it is possible that task P130 may be repeated to determine a correspondence between the identification token and a portion of another instance of a command to prevent access.
  • the determination in task PI 30 succeeds (e.g., if the identification token and the identifier correspond), then in command transmission task PI 40 network 150 transmits a command to node 100 to prevent access to local information. If the determination in task PI 30 fails, then the method may terminate with respect to the token received in task PI 20, although tasks PI 20 and PI 30 may be repeated with respect to other identification tokens.
  • FIGURE 5 shows a block diagram for a network 150 according to an embodiment of the invention-.
  • terminal 210 receives an identification token from node 100 over communications link 140.
  • Control unit 230 receives a command to prevent access to information stored at node 100 over control link 160. From terminal 210, control unit 230 receives the identification token.
  • control unit Upon detecting a correspondence between the identification token and at least a portion of the command to prevent access, control unit forwards a command to prevent access to local information to terminal 210 for transmission to node 100.
  • FIGURE 6 shows a block diagram for a cellular network for wireless communications 152 according to an exemplary implementation of network 150.
  • terminal 212 includes one or more base station transceivers (BTSs) 310 that communicate over radio links with mobile units.
  • Control unit 232 includes a base station controller (BSC) 333, which may perform link management functions such as handoff control, and a mobile services switching center (MSC) 336, which communicates with one or more BSCs, administrative units, and/or other networks such as (and/or via) the PSTN to perform higher-level functions such as call setup and management and user authentication.
  • BSC base station controller
  • MSC mobile services switching center
  • a network as described herein may also be coupled via a communications link to another network such as the Internet.
  • This communications link may include one or more wired connections and/or wireless links such as microwave or satellite links, and information (e.g. a command to prevent access to information stored at node 100) may be transferred across this communications link as one or more analog and/or digital signals.
  • the identification token may be any identifier suitable to identify node 100 to network 150.
  • the identification token is self-contained, providing all of the information necessary to uniquely characterize node 100 (e.g. a mobile unit's unique ESN).
  • the identification token may provide part of the information necessary for network 150 to uniquely characterize node 100.
  • the identification token may include all or part of a MIN as described above.
  • the identification token comprises the first six digits of the MIN.
  • the identification token may comprise all or part of an identifier such as the mobile unit's current IMSI or TMSI (International or Temporary Mobile Station Identification, respectively) or MSRN (Mobile Station Roaming Number).
  • IMSI or TMSI International or Temporary Mobile Station Identification, respectively
  • MSRN Mobile Station Roaming Number
  • Other situations and corresponding suitable tokens that are similar to the examples described above are possible with respect to other networks and/or other embodiments or variations of node 100. Note that in certain situations it may be undesirable for a mobile unit such as a cellular telephone to transmit an identification token that includes portions of the ESN (to prevent interception of the ESN by an interloper, for example).
  • FIGURE 7 shows a block diagram for a network 150a according to an embodiment of the invention.
  • database 240 receives the identification token from control unit 230 and returns an identifier suitable for comparison with at least a portion of the command to prevent access to information stored at node 100 (e.g. as received via control link 160).
  • database 240 receives at least a portion of the command to prevent access to information stored at node 100 (e.g. an identifier as illustrated in FIG. 2) and returns an identifier suitable for comparison with the identification token.
  • a network configured in accordance with one of these implementations may have benefits with respect to support for user mobility and/or management of identity-related functions such as security, authentication, billing, etc.
  • FIGURE 8 shows a block diagram for a cellular network for wireless communications 152a according to a particular implementation of network 150a.
  • database 242 includes a home location register (HLR) 340 and/or a visitor location register (NLR) 350.
  • HLR 340 stores primary copies of correspondences between identification tokens and identifiers (e.g. for mobile units whose users reside in the geographical vicinity), while NLR 350 stores temporary copies of such correspondences (e.g. for mobile units active in the geographical vicinity whose users may reside elsewhere).
  • MSC 336a receives the identification token and obtains a corresponding identifier that is suitable for comparison with an identifier from a command to prevent access (e.g. as received over control link 160).
  • one or both of HLR 340 and NLR 350 may be integrated into MSC 336a.
  • FIGURE 9 shows a flowchart for a method according to an implementation of a method as shown in FIGURE 3 that may be performed within an implementation of network 150a.
  • a method as shown in FIGURE 9 is performed upon the occurrence of an access request or a registration event as described, for example, in section 6.6.5 ("Registration") of one of the TIA/EIA CDMA standards documents referenced above (e.g., power-up of a mobile unit, timer expiration, or zone change of a mobile unit).
  • a method as shown in FIGURE 9 is performed when a node that is not registered attempts to use the network (e.g. to place a telephone call).
  • correspondence detection task PI 30 includes two subtasks P150 and P160.
  • a second identifier corresponding to the identification token received in task PI 20 is obtained (e.g. by referencing a database 240 as described above).
  • the second identifier is compared with the identifier received in task PI 10 (as a part of a command to prevent access to information stored at node 100). If a match is detected, then in command transmission task P140 a command to prevent access to local information is transmitted to node 100. If no match is detected, then the method may terminate with respect to the token received in task P120, although tasks P120 and P130 may be repeated with respect to other identification tokens.
  • a node 100 contains a receiver 110 that is configured to receive information from a network 150 over a communications link 140 and is coupled to a correspondence detector 120.
  • First storage area 130 which stores identity information (e.g., a MIN and/or an ESN), is also coupled to correspondence detector 120.
  • Correspondence detector 120 detects a correspondence between a token based on identity information and a string based on information received from network 150.
  • a comparator 122 may be used to implement correspondence detector 120 in an instance 102 of node 100. If a correspondence is detected, access to information in second storage area 132 is prevented. (Note that in an operation of other embodiments of node 100 (e.g. as shown in FIGURE 14), correspondence detector 120 may not be required, in that access to information in second storage area 132 may be prevented based on information received by receiver 110.)
  • first storage area 130 and second storage area 132 may be found in a different physical location than another element of node 100.
  • one implementation of node 100 may include a laptop computer connected to a wireless modem.
  • one or more elements of node 100 may be found within the wireless modem (e.g. receiver 110), while one or both of first storage area 130 and second storage area 132 may be found within the laptop computer (e.g. on the computer's hard disk drive).
  • FIGURE 12 illustrates an implementation 100a of a node 100 which contains a node transceiver 110a, a processor 120a, and memory 134.
  • Node transceiver 110a includes a transmitter 112 that allows node 100a to transmit information to network 150 over communications link 140.
  • Node transceiver 110a also includes a receiver 114 that allows node 100a to receive information from network 150 over communications link 140.
  • Such transmission and reception operations over communications link 140 may be conducted using the same or different data rates, communications protocols, carrier frequencies, and/or modulation schemes.
  • the operations and/or circuit configurations of transmitter 112 and receiver 114, respectively may be completely independent of one another or, alternatively, may be partially or fully integrated.
  • Processor 120a which may comprise one or more microprocessors, microcontrollers, or other arrays of logic elements, controls the operation of node 100a according to a sequence of commands that may be (A) stored in memory 134 or in another storage device within or coupled to node 100a, (B) entered by a user through an interface such as a data entry device (i.e., a keypad) (not shown), and/or (C) received from network 150 over communications link 140.
  • a sequence of commands may be (A) stored in memory 134 or in another storage device within or coupled to node 100a, (B) entered by a user through an interface such as a data entry device (i.e., a keypad) (not shown), and/or (C) received from network 150 over communications link 140.
  • Memory 134 which may comprise read-only memory (ROM), random-access memory (RAM), and/or nonvolatile memory, stores programmable parameters and may also store information including executable instructions, non-programmable parameters, and/or other data such as telephone numbers, passwords, account numbers, personal contact information, etc. (For example, executable instructions defining a method as illustrated in one or more of FIGURES 13-16 may be stored in memory 134 for execution by processor 120.) Identity information may also be stored in memory 134 and/or may be stored elsewhere within node 100a. In one instance of an operation of an implementation of node 100a, receipt of a command to prevent access to local information (and determination that the command is directed to node 100a) causes node 100a to prevent access to information stored at area 135 of memory 134.
  • ROM read-only memory
  • RAM random-access memory
  • nonvolatile memory stores programmable parameters and may also store information including executable instructions, non-programmable parameters, and/or other data such as telephone numbers, passwords, account numbers, personal contact
  • node 100 is a mobile unit such as a cellular telephone that communicates with a network 150 over a communications link 140 that complies with one of the CDMA standards referenced above.
  • the communications link 140 complies with a TDMA (time-division multiple access) standard such as GSM (Global System for Mobile Communications, as issued by European Telecommunications Standards Institute (ETSI), Sophie Antipolis, France) or a FDMA (frequency-division multiple access) standard such as the Advanced Mobile Phone System (AMPS).
  • GSM Global System for Mobile Communications, as issued by European Telecommunications Standards Institute (ETSI), ein Antipolis, France
  • FDMA frequency-division multiple access
  • node 100 may receive and transmit information according to the wireless BluetoothTM protocol (as defined in the Bluetooth Specification, ver 1.0B, published by the Bluetooth Special Interest Group, New York, NY).
  • node 100 may comprise a portable device (e.g., a laptop computer or PDA) that establishes a wired but temporary communications link 140 to network 150 by connecting to a terminal (e.g., a data communications port conforming to a standard such as Universal Serial Bus (USB) version 1.1 or 2.0, FireWire (IEEE 1394), or RS-232) of network 150.
  • a terminal e.g., a data communications port conforming to a standard such as Universal Serial Bus (USB) version 1.1 or 2.0, FireWire (IEEE 1394), or RS-232
  • USB Universal Serial Bus
  • FIGURE 13 shows a flowchart for a method according to another embodiment of the invention. Such a method may be performed within a node 100 as described herein.
  • a command to prevent access to local information is received (e.g.
  • This command may be sent in response to an access request or a registration event as described, for example, in section 6.6.5 ("Registration") of one of the TIA/EIA CDMA standards documents referenced above (e.g., power-up of a mobile unit, timer expiration, or zone change of a mobile unit).
  • the command to prevent access to local information may be received during a normal use of node 100 (for example, over a dedicated control channel associated with an ongoing cellular telephone call).
  • the command to prevent access to local information may be received over a non-dedicated channel such as a paging channel or broadcast channel.
  • the command to prevent access to local information includes an identifier that identifies a node (or a specified group of nodes) and may have a form as illustrated in FIGURE 2. As described above, this command may relate to information residing in second storage area 132 of node 100, which may be implemented as a predetermined area 135 of memory 134 on node 100a.
  • second storage area 132 is nonvolatile (e.g., information is retained in area 132 even after a supply of power is removed).
  • an identification token is retrieved from first storage area 130, which may be implemented in a node 100a as a part of memory 134 or as a separate storage element.
  • the identification token includes the first six digits of the MIN.
  • a correspondence between the identifier and the identification token is determined (e.g. by correspondence detector 120, which may be implemented in a node 100a as processor 120). If a correspondence is detected in task P330, then in task P340 access to local information (e.g. information stored in second storage area 132, or in area 135 of memory 134) is prevented. Such prevention may be accomplished by one or more of several techniques. For example, the information may be erased (e.g. deleted) or otherwise altered. Such an operation may include overwriting the information. Alternatively, the area where the information is stored may be altered such that it becomes incapable of storing information.
  • access to information may be prevented by altering a mechanism for locating the information.
  • access to information may be prevented by erasing or otherwise altering directory entries associated with the information.
  • Access to information may also be prevented by altering a stored reference password in a password-protected storage system.
  • access to information may be prevented by erasing or otherwise altering a decoding or decryption mechanism by which the information is transformed into an intelligible or otherwise useful form.
  • a key necessary to decode the stored information e.g. a string of symbols that is associated with a correspondence between the stored information and an unencrypted form of the stored information
  • processor 120 prevents access to the information stored on area 135 of memory 134 by overwriting the information with default data (e.g. zero values). If the determination in task P330 fails, then the method terminates.
  • FIGURE 14 shows a flowchart for a method according to another embodiment of the invention that may be performed within a node 100 as described herein.
  • a command to prevent access to local information is received (e.g. from a network 150 via a communications link 140) over a dedicated channel (for example, a dedicated control channel associated with an ongoing cellular telephone call).
  • This command may be sent subsequently to an access request (e.g. by node 100) or in response to a registration event as described, for example, in section 6.6.5 (“Registration") of one of the TIA/EIA CDMA standards documents referenced above (e.g., power-up of a mobile unit, timer expiration, or zone change of a mobile unit).
  • the dedicated channel may be defined in part by one or more spreading and/or covering codes known to both the transmitter of the command (e.g. network 150) and the receiver of the command (e.g. node 100).
  • the dedicated channel By virtue of the establishment of the dedicated channel, a correspondence between the command and a receiving node may already exist, thereby avoiding a need to reestablish such a correspondence and/or to include information identifying the node in the command.
  • access to local information e.g. information stored at node 100 in second storage area 132, or in area 135 of memory 134) is prevented in accordance with the command.
  • FIGURE 15 illustrates a flowchart for a method 400 according to another embodiment of the invention.
  • task P340 of this method access to local information is prevented as described above.
  • receipt of a command (as in task P315 described above) or detection of a correspondence (as described in task P330 above) occurs to cause execution of task P340 via logical OR task P480.
  • this method also includes an alternate mechanism by which execution of task P340 may be caused (via logical OR task P480).
  • execution of task P340 may be caused upon the expiration of a timer.
  • a timer may be implemented as a location in a memory that is updated (e.g. decremented) periodically until a contents of the memory location reaches a predetermined value (e.g. zero).
  • a predetermined value e.g. zero
  • an amount of time remaining is tested to determine whether the predetermined period has expired.
  • the amount of time remaining is reset to a start or default value.
  • a timer tracks the occurrence of some other event or events (e.g. a number of times that a device is powered up) rather than a passage of time.
  • a method as shown in FIGURE 15 may be used to provide a limited period of accessibility to local information.
  • a user Before leaving for a business trip, for example, a user may store information at a node 100 such as a PDA or cellular telephone via synchronization to a fixed computer (e.g. an office desktop or laptop computer). While the information is now portable, it may also become subject to abuse if the node on which it resides is lost or stolen.
  • a method as shown in FIGURE 15 may be used to prevent access to the information after a specified period even if the loss or theft of the node is not discovered.
  • FIGURE 16 illustrates a flowchart for a method according to another embodiment of the invention.
  • resetting of the amount of time remaining is performed only after an authentication procedure.
  • a string of symbols is entered (e.g. from a keypad or keyboard of node 100) in task P410.
  • a correspondence between the input string and a stored authentication string is tested (e.g. by a comparator). If a correspondence is detected, the amount of time remaining is reset to a start or default value in task P450. Otherwise, the authentication failure is logged in task P430 (e.g. by updating a fail count value).
  • the number of failures is compared to a predetermined threshold T.
  • authentication test P420 may include comparing parameters characterizing a user's voice, iris pattern, fingerprint, or one or more other identifying features to stored parameter values. Timing and authentication operations as described herein (e.g. tasks P420, P430, P440, P450, and P470) may be performed by one or more arrays of logic elements such as processor 120a, possibly in combination with other tasks.
  • the invention may be implemented in part or in whole as a hard-wired circuit, as a circuit configuration fabricated into an application-specific integrated circuit, or as a firmware program loaded into non- volatile memory or a software program loaded from or into a data storage medium as machine-readable code, such code being instructions executable by an array of logic elements such as a microprocessor or other digital signal processing unit.
  • a firmware program loaded into non- volatile memory
  • a software program loaded from or into a data storage medium as machine-readable code, such code being instructions executable by an array of logic elements such as a microprocessor or other digital signal processing unit.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Storage Device Security (AREA)

Abstract

Dans un mode de réalisation de l'invention, un réseau cellulaire de radiocommunication (par exemple, un réseau téléphonique cellulaire) reçoit une émission comprenant un jeton d'identification d'une unité mobile (par exemple, un téléphone). Le réseau reçoit également, par l'intermédiaire d'un fournisseur de services, une instruction visant à empêcher l'accès à des informations mémorisées dans l'unité mobile. A la détection d'une correspondance entre le jeton d'identification et l'instruction d'empêchement d'accès aux informations mémorisées dans l'unité mobile, le réseau commande à cette unité mobile d'empêcher l'accès aux informations locales qui peuvent éventuellement contenir un répertoire de numéros de téléphone et d'autres éléments personnels et/ou confidentiels.
EP01996981A 2000-11-06 2001-11-05 Procede et dispositif servant a empecher l'acces a des informations memorisees dans un noeud Withdrawn EP1338168A2 (fr)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US70756500A 2000-11-06 2000-11-06
US707565 2000-11-06
PCT/US2001/047160 WO2002041661A2 (fr) 2000-11-06 2001-11-05 Procede et dispositif servant a empecher l'acces a des informations memorisees dans un noeud

Publications (1)

Publication Number Publication Date
EP1338168A2 true EP1338168A2 (fr) 2003-08-27

Family

ID=24842212

Family Applications (1)

Application Number Title Priority Date Filing Date
EP01996981A Withdrawn EP1338168A2 (fr) 2000-11-06 2001-11-05 Procede et dispositif servant a empecher l'acces a des informations memorisees dans un noeud

Country Status (7)

Country Link
EP (1) EP1338168A2 (fr)
JP (1) JP2004530178A (fr)
KR (1) KR20030048125A (fr)
AU (1) AU2002248912A1 (fr)
BR (1) BR0115146A (fr)
TW (1) TWI223938B (fr)
WO (1) WO2002041661A2 (fr)

Families Citing this family (41)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100661271B1 (ko) * 2005-03-10 2006-12-26 주식회사 코원시스템 휴대용 미디어 재생장치
JP2009003622A (ja) * 2007-06-20 2009-01-08 Toshiba Corp 情報処理装置
US9390369B1 (en) * 2011-09-21 2016-07-12 Brain Corporation Multithreaded apparatus and methods for implementing parallel networks
US8713646B2 (en) 2011-12-09 2014-04-29 Erich Stuntebeck Controlling access to resources on a network
US9680763B2 (en) 2012-02-14 2017-06-13 Airwatch, Llc Controlling distribution of resources in a network
US10404615B2 (en) 2012-02-14 2019-09-03 Airwatch, Llc Controlling distribution of resources on a network
US9208432B2 (en) 2012-06-01 2015-12-08 Brain Corporation Neural network learning and collaboration apparatus and methods
US9247432B2 (en) 2012-10-19 2016-01-26 Airwatch Llc Systems and methods for controlling network access
US8978110B2 (en) 2012-12-06 2015-03-10 Airwatch Llc Systems and methods for controlling email access
US8826432B2 (en) 2012-12-06 2014-09-02 Airwatch, Llc Systems and methods for controlling email access
US9021037B2 (en) 2012-12-06 2015-04-28 Airwatch Llc Systems and methods for controlling email access
US8832785B2 (en) 2012-12-06 2014-09-09 Airwatch, Llc Systems and methods for controlling email access
US8862868B2 (en) 2012-12-06 2014-10-14 Airwatch, Llc Systems and methods for controlling email access
US9203820B2 (en) 2013-03-15 2015-12-01 Airwatch Llc Application program as key for authorizing access to resources
US10652242B2 (en) 2013-03-15 2020-05-12 Airwatch, Llc Incremental compliance remediation
US9819682B2 (en) 2013-03-15 2017-11-14 Airwatch Llc Certificate based profile confirmation
US9148416B2 (en) 2013-03-15 2015-09-29 Airwatch Llc Controlling physical access to secure areas via client devices in a networked environment
US9275245B2 (en) 2013-03-15 2016-03-01 Airwatch Llc Data access sharing
US8997187B2 (en) 2013-03-15 2015-03-31 Airwatch Llc Delegating authorization to applications on a client device in a networked environment
US9401915B2 (en) 2013-03-15 2016-07-26 Airwatch Llc Secondary device as key for authorizing access to resources
US9787686B2 (en) 2013-04-12 2017-10-10 Airwatch Llc On-demand security policy activation
US10754966B2 (en) 2013-04-13 2020-08-25 Airwatch Llc Time-based functionality restrictions
US9219741B2 (en) 2013-05-02 2015-12-22 Airwatch, Llc Time-based configuration policy toggling
US9246918B2 (en) 2013-05-10 2016-01-26 Airwatch Llc Secure application leveraging of web filter proxy services
US9058495B2 (en) 2013-05-16 2015-06-16 Airwatch Llc Rights management services integration with mobile device management
US9900261B2 (en) 2013-06-02 2018-02-20 Airwatch Llc Shared resource watermarking and management
US9584437B2 (en) 2013-06-02 2017-02-28 Airwatch Llc Resource watermarking and management
US8756426B2 (en) 2013-07-03 2014-06-17 Sky Socket, Llc Functionality watermarking and management
US8806217B2 (en) 2013-07-03 2014-08-12 Sky Socket, Llc Functionality watermarking and management
US8775815B2 (en) 2013-07-03 2014-07-08 Sky Socket, Llc Enterprise-specific functionality watermarking and management
US9226155B2 (en) 2013-07-25 2015-12-29 Airwatch Llc Data communications management
US9112749B2 (en) 2013-07-25 2015-08-18 Airwatch Llc Functionality management via application modification
US9665723B2 (en) 2013-08-15 2017-05-30 Airwatch, Llc Watermarking detection and management
US9516005B2 (en) 2013-08-20 2016-12-06 Airwatch Llc Individual-specific content management
US9544306B2 (en) 2013-10-29 2017-01-10 Airwatch Llc Attempted security breach remediation
US9258301B2 (en) 2013-10-29 2016-02-09 Airwatch Llc Advanced authentication techniques
EP2963886A1 (fr) * 2014-07-02 2016-01-06 Gemalto SA Procédé d'exécution de commande à distance dans un terminal sans fil
US9584964B2 (en) 2014-12-22 2017-02-28 Airwatch Llc Enforcement of proximity based policies
US9413754B2 (en) 2014-12-23 2016-08-09 Airwatch Llc Authenticator device facilitating file security
US9916446B2 (en) 2016-04-14 2018-03-13 Airwatch Llc Anonymized application scanning for mobile devices
US9917862B2 (en) 2016-04-14 2018-03-13 Airwatch Llc Integrated application scanning and mobile enterprise computing management system

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
ATE172835T1 (de) * 1993-06-15 1998-11-15 Celltrace Communications Ltd Telekommunikationssystem
US5673317A (en) * 1995-03-22 1997-09-30 Ora Electronics, Inc. System and method for preventing unauthorized programming of wireless network access devices
GB2328843B (en) * 1997-08-29 2002-08-14 Nokia Mobile Phones Ltd A system for remotely accessing data stored in a radiotelephone

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See references of WO0241661A2 *

Also Published As

Publication number Publication date
KR20030048125A (ko) 2003-06-18
BR0115146A (pt) 2004-08-03
JP2004530178A (ja) 2004-09-30
WO2002041661A2 (fr) 2002-05-23
WO2002041661A3 (fr) 2003-01-23
AU2002248912A1 (en) 2002-05-27
TWI223938B (en) 2004-11-11

Similar Documents

Publication Publication Date Title
EP1338168A2 (fr) Procede et dispositif servant a empecher l'acces a des informations memorisees dans un noeud
JP3964677B2 (ja) ユニバーサル携帯電話サービスにおけるセキュリティ手順
KR101019917B1 (ko) 무선통신 시스템에서 규정 데이터의 전송을 수행하기 위한 방법 및 장치
EP1879325B1 (fr) Procede et systeme de mise a jour d'une cle secrete
US5708710A (en) Method and apparatus for authentication in a communication system
US20070293192A9 (en) Identification of a terminal to a server
US20080301776A1 (en) System method for providing secure access to a communications network
EP3070903A1 (fr) Système et procédé pour détecter des attaques malveillantes dans un réseau de télécommunication
EP1964328B1 (fr) Validation d'identité d'utilisateur par coopération entre un réseau central et un contrôleur d'accès
KR101675663B1 (ko) 원격 스마트 카드 개인화를 위한 방법 및 장치
JP2013123271A (ja) 制限されたエリアへの移動体機器のローミングを処理するための方法
US20070004455A1 (en) Method and mobile telecommunication network for detection of device information
WO2003050988A1 (fr) Procede de selection d'une arithmetique de cryptage pour realiser une communication confidentielle
WO2019210461A1 (fr) Contrôle d'accès à un service de réseau sans fil avec protection d'identité d'abonné
US6618584B1 (en) Terminal authentication procedure timing for data calls
CN104244247A (zh) 非接入层、接入层安全算法处理方法及设备
WO2004062243A3 (fr) Systeme et procede d'autorisation repartie pour acceder a un dispositif de communication
US7450721B2 (en) Methods and apparatus for reducing airlink congestion and processing time associated with ciphering information in wireless network
JP2011254484A (ja) 登録活動を制御するための方法及び装置
WO2007071275A1 (fr) Authentification d'abonnes dans des reseaux de communications mobiles utilisant des reseaux d'acces non autorises
EP1113641B1 (fr) Système et procédé pour filtrage d'accès mobile au Internet au BTS/BSC
EP4096264A1 (fr) Conversion sur dispositif d'une sim physique à une esm
KR101385846B1 (ko) 통신 방법 및 통신 시스템
CA2520095C (fr) Methodes et appareil permettant de reduire l'encombrement des liaisons aeriennes et le temps de traitement necessaire au cryptage de l'information dans un reseau sans fil
Suraev Implementing an Affordable and Effective GSM IMSI Catcher with 3G Authentication

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20030522

AK Designated contracting states

Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LI LU MC NL PT SE TR

AX Request for extension of the european patent

Extension state: AL LT LV MK RO SI

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

18D Application deemed to be withdrawn

Effective date: 20080531