EP1810472A1 - Procede et dispositif de station terminale adapte pour la securisation du transfert de session - Google Patents

Procede et dispositif de station terminale adapte pour la securisation du transfert de session

Info

Publication number
EP1810472A1
EP1810472A1 EP04790729A EP04790729A EP1810472A1 EP 1810472 A1 EP1810472 A1 EP 1810472A1 EP 04790729 A EP04790729 A EP 04790729A EP 04790729 A EP04790729 A EP 04790729A EP 1810472 A1 EP1810472 A1 EP 1810472A1
Authority
EP
European Patent Office
Prior art keywords
terminal device
security
session
policies
target
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP04790729A
Other languages
German (de)
English (en)
Inventor
Thomas Walter
Christian Schaefer
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
NTT Docomo Inc
Original Assignee
NTT Docomo Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by NTT Docomo Inc filed Critical NTT Docomo Inc
Publication of EP1810472A1 publication Critical patent/EP1810472A1/fr
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W80/00Wireless network protocols or protocol adaptations to wireless operation
    • H04W80/08Upper layer protocols
    • H04W80/10Upper layer protocols adapted for application session management, e.g. SIP [Session Initiation Protocol]

Definitions

  • the present invention relates to a method for transferring a session from a source terminal device to a target terminal device in a ubiquitous computing environment and terminal devices adapted to carry out said method.
  • the present invention relates to ubiquitous computing environments which are designed to provide users utilizing terminal devices with "anytime, anywhere, any platform” access to computing services as they move through the physical world.
  • One specific goal to be achieved is to allow applications to seamlessly follow the user around a number of terminal devices, especially mobile devices.
  • Several solutions have been discussed to provide migration on application level, i.e. the ability to move an application and its state from one terminal device to another.
  • the invention relates to terminal devices, for example personal computers, laptop computers, notebook computers, personal digital assistants (PDA) , mobile phones etc., which can be connected to a network or server via a communication channel which may be a wireless communication channel, for example WLAN or Bluetooth.
  • a user may utilize a terminal device to perform tasks, for example in a business environment.
  • the user accesses corporation resources by running a business application on the terminal device.
  • the business application is installed on the terminal device together with additional software, for example an operating system, communication middleware and specific software libraries, especially security related libraries.
  • additional software is required for setting up a connection to the corporate network and servers and for running the business application.
  • an application executes on a terminal device as a process on top of the additional software, especially the communication middleware.
  • the user By starting an application on a terminal device, the user initiates a session, which can be understood as the meaningful context of an executed application or application process since the application executes on the basis of specific data and variables related to the task performed by the user of the terminal device. At any time the state of an application process can be determined on the basis of data structures and variables as well as assigned values.
  • security is achieved in a process of transferring a session from a source terminal device to a target terminal device.
  • the security context is observed not only during the execution of an application on a terminal device but also during the transfer of a session from one terminal device to the other.
  • Fig. 1 shows a schematic diagram illustrating elements of a computing environment according to a first embodiment of the invention
  • Fig. 2 shows a diagram illustrating steps of a session transfer according to a first embodiment of the invention
  • Fig. 3 shows a schematic diagram illustrating elements of a computing environment according to a second embodiment of the invention
  • Fig. 4 shows a block diagram illustrating security policies according to the invention
  • Fig. 5 shows a diagram illustrating steps of a session transfer according to a second embodiment of the invention
  • Fig. ⁇ shows a block diagram illustrating software components according to a second embodiment of the invention.
  • Fig. 7 shows a schematic diagram illustrating elements of a computing environment according to a third embodiment of the invention
  • Fig. 8 shows a diagram illustrating steps of a session transfer according to a third embodiment of the invention
  • Fig. 9 shows a diagram illustrating steps of a negotiating step of a session transfer according to a third embodiment of the invention.
  • Fig. 10 shows a diagram illustrating further steps of a negotiating step of a session transfer according to a third embodiment of the invention.
  • Fig. 11 shows a diagram illustrating still further steps of a negotiating step of a session transfer according to a third embodiment of the invention.
  • a user utilizes a first terminal device Ia to run an application 2 in a networked environment .
  • the first terminal device Ia is linked to the network 3 via a communication channel 4a.
  • Session security is achieved by means of security policies 5 which are specified for the respective application 2 so that the application 2 can only be used when the security policies 5 are observed, creating a specific security context for the application.
  • the user desires to continue with the current task on a second terminal device Ib, which is linked to the network 3 via a communication channel 4b, the user initiates a session transfer that will transfer the session currently present on the first terminal device Ia, i.e. the source terminal device, to the second terminal device Ib, i.e. the target terminal device.
  • the user can continue with the current task on the second terminal device Ib since the respective application 2 in its state at the time of transfer initiation, i.e. the current session, and in its required security context will have been established on the second terminal device Ib.
  • the security requirements are taken into consideration during session transfer as will be described in the following with reference to Figure 2.
  • a STEP 1 of the session transfer process the security policies relating to the application of the session to be transferred are evaluated on the source terminal device to determine whether a session transfer is allowed or not. If it is confirmed that the security policies of the application allow that a session transfer can take place, the session transfer process continues to accomplish STEP 2. Otherwise the session transfer process discontinues.
  • the security policies are evaluated on said source terminal device to determine security constraints of the session to be transferred.
  • STEP 3 of the session transfer process the source terminal device negotiates the security constraints with the target device, preferably after having established a secure communication channel to said target terminal device. The negotiating step serves the purpose to ensure that a security context of at least the same strictness can be provided on the target terminal device.
  • the session transfer process continues to accomplish STEP 4. Otherwise the session transfer process discontinues.
  • the respective security context is established on said target terminal device, preferably on the basis of the security related information exchanged with the source terminal device during the step of negotiating security constraints.
  • the session is transferred from said source device to said target device. Basically, the steps that need to be performed for actually transferring the session comprise the capturing of the current state of the session on the. source terminal device and transferring the state to the target terminal device where the information is used to establish the session on the target device.
  • policies provide a high degree of flexibility because they can be tailored to the specific requirements of a particular application. Given a formal syntax, policies are precisely specified and can be enforced by a supporting software framework. According to the invention, enforcement in the context of session transfer implies that security constraints (defined by security policies) are negotiated between terminal devices and that a consistent set of security services and mechanisms is established on the target device, consistent with respect to security services and mechanisms applicable on the source device.
  • a source terminal device Ia is equipped with software to enable a user to perform a desired task in a network environment.
  • the software comprises an operating system, communications middleware, specific libraries, e.g. security libraries, and at least one application.
  • the operating system comprises software components which are required for the terminal device to perform basic operations and to provide basic functions for a user.
  • the communications middleware comprises software components that manage applications and other co-located terminal devices. Co-located terminal devices are considered to comprise terminal devices which are also connected to the network and are therefore available as target terminal devices.
  • the applications comprise software to perform a desired task, • like for example business applications, which enable a user of the terminal device to perform business tasks in a corporate environment. Business applications may be separated into business logic, i.e.
  • Security logic i.e. means to protect corporate assets.
  • Security logic is defined in terms of security policies.
  • security policies may be defined during or after application development and integration and may be bundled with an application when the application is installed within the corporate network or on a terminal device.
  • security policies comprise four types of security policies, namely authorization policies, configuration policies, delegation policies and federation policies.
  • authorization policies namely authorization policies, configuration policies, delegation policies and federation policies.
  • configuration policies namely authorization policies, configuration policies, delegation policies and federation policies.
  • federation policies namely authorization policies, configuration policies, delegation policies and federation policies.
  • the respective domains - corporate network and terminal device - and the logical relationship between policies are shown in Figure 4.
  • Authorization policies typically exist within a corporate network and control the access to resources within the network.
  • Configuration policies reflect the authorization policies of the corporate network within the domain of the terminal device user and describe the security services and capabilities required before authorization to the corporate network.
  • a policy set comprised of configuration, delegation and federation policies is installed with an application. The security context is set up if the application is being executed.
  • Delegation policies define the rules on the basis of which the functionality of an application assigned to one user (e.g. sales manager) may be delegated to another user (e.g. another sales-department manager) .
  • Authorization certificates as described further below, are preferably used in this context.
  • federation policies provide assertions regarding the validity of devices to be included in such assignment.
  • Trust certificates are the preferred containers that store and certify attribute information on devices, which are asserted according to federation policies.
  • configuration policies, delegation policies and federation policies are referred to as a policy set.
  • certificates are signed data items.
  • public-key certificates the present example according to the invention uses authorization certificates and trust certificates.
  • authorization certificates are used for delegation policy enforcement and trust certificates are used for federation policy enforcement.
  • Authorization certificates are linked to users and reflect the role and the rights of the user in the corporate environment, i.e. authorization certificates are role-based. For instance, an employee in the role of a salesperson may have access to the customer address database and his or her personal schedule. A user in the role of a sales department manager has the right to access an order database, to perform approval of orders and to revise budget figures. The sales manager may also be entitled to delegate certain task, e.g. the task of approving orders.
  • trust certificates are assigned to terminal devices. If the trust certificate proves that the terminal device is trustworthy then application and data may be delegated and transferred to said terminal device.
  • the source terminal device Ia is connected to a network 3 via a communication channel 4a.
  • access to the network 3 is granted through a firewall 6.
  • a user of the source terminal device Ia utilizes an application 2 executed on the source terminal device Ia in the framework of the security policies so that the user has controlled access to, for example, the databases A and B being part of the corporate network 3. If the user wishes to continue performing the current task on a target terminal device Ib, which is linked to the network 3 via a communication channel 4b, a process of transferring the current session from the source terminal device to the target terminal device Ib is initiated.
  • a STEP 1.1 the security requirements as expressed in a policy set relating to the application of the current task are evaluated.
  • delegation policies and federation policies define whether and in which context the application and therefore the current session can be transferred.
  • the policies are evaluated to determine whether a session transfer is generally allowed, both with respect to the user as well as with respect to the terminal device. The process terminates if a session transfer is not allowed.
  • the security policies are evaluated to determine security constraints defined by the security policies of the application.
  • a communication channel is established to connect the source terminal device and the target terminal device. The communication channel created may be set up directly between the terminal devices or may be established via the network.
  • a STEP 1.4 the security constraints are negotiated between the source terminal device and the target terminal device to determine whether a security context of similar or higher strictness can be established on the target terminal device. Only if this is possible, a respective security context is established on the target terminal device in a STEP 1.5, preferably on the basis of the application to be executed on the target terminal device. Alternatively or in addition, the information exchanged during the step of negotiating the security constraints can be included. Still further, it is possible to take into consideration also the security policy send from the source terminal device to the target terminal device in the step of negotiating security constraints. In a STEP 1.6 the session is transferred from the source terminal device to the target terminal device. Details have been described above and reference is made accordingly.
  • the evaluation of the policy set is performed by a refined communication middleware.
  • the communication middleware supports the (business) application and preferably comprises an application management component, a federation management component, a security library and network control component.
  • the application management component is the interface of the (business) application to the communication middleware.
  • This component maintains state information describing at least partly the current state of applications and provides access to the network environment via network control.
  • the network environment includes co-located terminal devices as well as corporate servers to which the terminal device is or can be connected.
  • Application management is also concerned with security policy management and enforcement.
  • the federation management component performs tasks under the control of the application management component. If an application requests access to a server or to a co-located terminal device, federation management is involved to process the request. In doing so, it queries the network environment for other terminal devices and servers, checks their capabilities, and negotiates security services available on terminal devices and servers.
  • the security library component of the present example provides • interfaces to security services.
  • Security services are implementations of cryptographic operations, such as en- and decryption algorithms, message authentication codes, etc., but as well cryptographic data structures such as keys, certificates, etc.
  • the network control component provides handles to an underlying transport and network layer. These handles implement input and output channels, which may be similar to sockets or remote procedure calls or any other communications support leveraged on the respective platform of the terminal devices or the network environment.
  • security policies linked to the specific application generate a security context -when they are applied by the application management component, advantageously making use of the security libraries.
  • the security context is enforced preferably via the network control component. It is essential to understand that every execution of an application on a terminal device implies that the security policies of the specific application are taken into account and observed.
  • the security policies given in a formal syntax, are parsed by a policy manager sub ⁇ component of the application manager component mentioned above.
  • the sub-component also ensures in the present example that the integrity of policies is checked, for example by checking signatures associated with policies, and that the security context is implemented.
  • the security context comprises an ordered list of security services invocations .
  • Security services are maintained in the security library deployed on the terminal device.
  • the policy manager sub-component identifies the required security services from the policy specification, checks for a possible binding to a security service and, if a binding can be established, includes the security service invocation in the security context.
  • security policy enforcement can be performed by the application management component and federation management component. Policy enforcement implementation ensures that the behaviour of a terminal device running an application complies with the requirements defined in the security policies. Basically, policy enforcement takes place when data is sent or received via the network control component. Additionally, policy enforcement takes place when federation management sets up communication to co-located terminal devices.
  • the present example relates to an environment in which mobile terminal devices Ia and Ib are used to perform tasks on the basis of applications 2, which may comprise business applications, providing access to a network 3, which may be a corporate network.
  • applications 2 which may comprise business applications, providing access to a network 3, which may be a corporate network.
  • a user wishes to perform a specific task in the computing environment shown in Figure 7, he or she utilizes an application 2, which is executed on a first mobile terminal device Ia. For the present example, it is assumed, that subsequently the user decides to continue with the current task on a second mobile terminal device Ib. The process of transferring the respective session from the source mobile terminal device Ia to the target mobile terminal device Ib will be described further below.
  • the terminal devices are equipped with all software required for enabling the user to perform the desired task in the networked computing environment.
  • the software of the mobile terminal devices comprises an operating system, communications middleware, specific libraries, especially security libraries, and at least one application.
  • security policies 5 are defined which relate to specific applications 2, respectively, for establishing a security context whenever a user utilizes the mobile terminal device to perform a specific task.
  • the communication channels Aa and 4b between the mobile terminal devices Ia and Ib and the network 3 are wireless communication channels, like for example WLAN or Bluetooth.
  • the mobile terminal devices Ia and Ib communicate directly via a further wireless communication channel 4c.
  • the conditions for a session transfer are determined by evaluating security policies related to the application of the current session to be transferred. Specifically, the security context is evaluated whether a transfer of the session is generally allowed. If the security policies comprise delegation policies and federation policies, as described further above, it is preferred that in STEP 10.1 the delegation policies as well as the federation policies are evaluated to determine whether for the related application a session transfer is allowed. If session transfer is not allowed, the process terminates as shown in Figure 8.
  • the source mobile terminal device Ia identifies co-located mobile terminal devices, preferably by using the wireless communication channel 4c. Thereby, a direct communication can be established between the source mobile terminal device Ia and any other mobile terminal device avoiding the network 3.
  • communication channels 4a and 4b may be used for communication via the network 3.
  • the further above mentioned federation management components which form part of the communications middleware of the terminal devices, are arranged to discover and subsequently provide communication with other terminal devices. If no terminal device is found the process terminates as shown in Figure 8.
  • a secure communication channel is established. Thereafter, the two terminal devices are connected to communicate in a protected environment, for example using a standard encryption protocol like SSL. A secure connection is required to negotiate which security context can and has to be established on the target mobile terminal device.
  • the trustworthiness of the target mobile terminal , device is approved, for example on the basis of certificates as mentioned further above. If the trustworthiness cannot be confirmed, the process terminates as shown in Figure 8. '
  • the process continues to accomplish STEP 10.5 according to which the two mobile devices negotiate the security context. Details of the negotiating step will be described with reference to Figure 9 further below. In general, four negotiation acceptance modes are defined in this example of the invention.
  • the security context can be fully reconfigured on the target terminal device.
  • the security context requires that the user makes some changes in order to reach acceptance.
  • the security context is automatically, i.e. without user interference, adjusted to reach acceptance level.
  • the user may or may not be informed about the adjustment.
  • the security context is determined unacceptable.
  • the process step of negotiating the security context is performed in the present example as follows.
  • the source device sends a message SESSION_OBLIGATION to the target device.
  • the message SESSION_OBLIGATION comprises information regarding the actual security context of the source device, for example the policy set in use on the source device.
  • the target device checks the security requirements and sends a message SESSION_CONFIRM if it can fulfil the security requirements. In this case, the source device returns a message SESSION_CONFIRM to the target device.
  • the negotiating step terminates, after having established that a session transfer is possible, and the process continues as shown in Figure 8.
  • the target device if it cannot fulfil the security requirements it sends a message SESSION_SECURITY_NEGOTIATION to the source device.
  • the source device then sends a message SESSION_SECURITY_POSSIBILITIES.
  • the message SESSION_SECURITY_POSSIBILITIES includes a list of non- negotiable security items, plus a list of negotiable security items where some alternatives are given to the preferred context.
  • the target device checks the received options and if there are no matches, the target device sends a message SESSION_DISABLE and the negotiating step continues as shown in Figure 10, i.e. the negotiating step terminates unsuccessfully.
  • the target device checks the received options and if there are matches, the target device sends a message SESSION_SECURITY_POSSIBILITIES with the non-negotiable security items and a suitable combination of the negotiable security item to the source device.
  • the source device checks the suggestion and sends a message SESSION_CONFIRM if the check is positive. Thereafter, the negotiating step terminates after having established that a session transfer is possible.
  • the check result on the source device is negative the source device sends a message SESSION_DISABLE to the target device and the negotiating step continues as shown in Figure 11, i.e. the negotiating step terminates unsuccessfully.
  • the current state of the session on the source device is captured, i.e. all information required to establish the session on the target device are determined.
  • the information concerning the current session state is transferred to the target device, as shown in STEP 10.7, and the session is established on the .target device, as indicated in STEP 10.8.
  • terminal devices in order to be used for carrying out the invention as either a source terminal device or a target terminal device, need to be arranged to comprise means for determining whether a session transfer is allowed, means for determining the security constraints of the session to be transferred, means for negotiating said security constraints, means for establishing a respective security context, and means of transferring the session.
  • the above means are implemented as software executed on said terminal devices.
  • terminal devices are mobile terminal devices, a wireless communication channel is advantageous.
  • the terminal devices are preferably capable to establish a secure communication channel.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Computer And Data Communications (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Small-Scale Networks (AREA)

Abstract

L'invention concerne un procédé et un dispositif de transfert d'une session d'un dispositif de station terminale source à un dispositif de station terminale cible, avec prise en considération des exigences de sécurité définies pour une application spécifique au moyen de règles de sécurité. Le transfert de session n'est exécuté que si un contexte sécuritaire identique ou plus élevé peut être établi au niveau du dispositif de station terminale cible.
EP04790729A 2004-10-21 2004-10-21 Procede et dispositif de station terminale adapte pour la securisation du transfert de session Withdrawn EP1810472A1 (fr)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/EP2004/011929 WO2006045323A1 (fr) 2004-10-21 2004-10-21 Procédé et dispositif de station terminale adapté pour la sécurisation du transfert de session

Publications (1)

Publication Number Publication Date
EP1810472A1 true EP1810472A1 (fr) 2007-07-25

Family

ID=34959200

Family Applications (1)

Application Number Title Priority Date Filing Date
EP04790729A Withdrawn EP1810472A1 (fr) 2004-10-21 2004-10-21 Procede et dispositif de station terminale adapte pour la securisation du transfert de session

Country Status (3)

Country Link
EP (1) EP1810472A1 (fr)
JP (1) JP4733706B2 (fr)
WO (1) WO2006045323A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8799486B2 (en) 2008-05-02 2014-08-05 Samsung Electronics Co., Ltd System and method for transferring a session between multiple clients

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2201743A4 (fr) * 2007-10-17 2016-01-27 Ericsson Telefon Ab L M Procédé et agencement pour déterminer un réglage de sécurité
US8769257B2 (en) * 2008-12-23 2014-07-01 Intel Corporation Method and apparatus for extending transport layer security protocol for power-efficient wireless security processing
KR101596955B1 (ko) 2009-02-20 2016-02-23 삼성전자주식회사 통합 인터넷 프로토콜 메시징 시스템에서 세션 트랜스퍼 방법
EP2330789B1 (fr) * 2009-12-04 2015-10-14 Alcatel Lucent Système et procédé pour accéder à un contenu numérique privé
WO2015103338A1 (fr) * 2013-12-31 2015-07-09 Lookout, Inc. Sécurité de réseau basée sur des nuages
US10015162B2 (en) * 2015-05-11 2018-07-03 Huawei Technologies Co., Ltd. Firewall authentication of controller-generated internet control message protocol (ICMP) echo requests
US10749970B1 (en) 2016-12-28 2020-08-18 Wells Fargo Bank, N.A. Continuous task-based communication sessions

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5812865A (en) * 1993-12-03 1998-09-22 Xerox Corporation Specifying and establishing communication data paths between particular media devices in multiple media device computing systems based on context of a user or users

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See references of WO2006045323A1 *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8799486B2 (en) 2008-05-02 2014-08-05 Samsung Electronics Co., Ltd System and method for transferring a session between multiple clients

Also Published As

Publication number Publication date
WO2006045323A1 (fr) 2006-05-04
JP4733706B2 (ja) 2011-07-27
JP2008517388A (ja) 2008-05-22

Similar Documents

Publication Publication Date Title
US10397202B2 (en) Secure communication channels
RU2390828C2 (ru) Способ и система для осуществления защищенного обеспечения клиентского устройства
EP1942629B1 (fr) Procédé et système pour une sécurité orientée objet multiniveaux dans une architecture orientée service
US20060015562A1 (en) Mobile collaborative peer-to-peer business applications
US20070143408A1 (en) Enterprise to enterprise instant messaging
US20050223412A1 (en) Context-sensitive confidentiality within federated environments
US20050132229A1 (en) Virtual private network based on root-trust module computing platforms
KR20160043044A (ko) 대량의 vpn 접속들을 종료시키는 게이트웨이 디바이스
JP2004180280A (ja) 適応性のある委任のための方法とシステム
KR20010041365A (ko) 보안 조건의 방법당 지정
WO2014193274A9 (fr) Procédé de distribution de licences basé sur l'emplacement géographique
KR101137032B1 (ko) 발신 외부 컴퓨팅 시스템의 식별 정보를 확인하기 위한 방법 및 컴퓨터 판독가능 기록 매체
CN100353713C (zh) 可信的远程服务热部署方法
EP2741465B1 (fr) Procédé et dispositif pour gérer des communications sécurisées dans des environnements de réseau dynamique
JP4733706B2 (ja) セキュアセッション転送の方法および対応するターミナルデバイス
WO2007090866A1 (fr) Contrôle d'accès collectif dans un réseau d'ordinateurs
Liu et al. Agent-based automated trust negotiation for pervasive computing
JP2005217679A (ja) 通信相手の認証を行う認証サーバ
Bellavista et al. Security for mobile agents: Issues and challenges
GB2521196A (en) Secure communication channels
Kandil et al. Mobile agents' authentication using a proposed light Kerberos system
Arunkumar et al. Policy extension for data access control
Brooks et al. Securing wireless grids: architecture designs for secure wiglet-to-wiglet interfaces
Mukkamala et al. Policy-Based Security Management for Enterprise Systems
Bordel et al. A framework for enhancing mobile workflow execution through injection of flexible security controls

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20070503

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): DE GB

DAX Request for extension of the european patent (deleted)
RBV Designated contracting states (corrected)

Designated state(s): DE GB

17Q First examination report despatched

Effective date: 20101206

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

18D Application deemed to be withdrawn

Effective date: 20110617