TW200523752A - Mobility device - Google Patents

Abstract

A mobility device for use in a mobility device platform allowing for secure mobile computing is provided. In an illustrative implementation, an exemplary mobility device platform comprises a mobility device operable to communicate with at least one computing environment through a communications interface and wherein the mobility device is operable to process and store secure web services, a communications network operable to communicate data and computing applications using web services, and a mobility device management server operable to generate, process, store, communicate and encrypt web services to the mobility device. The mobility device may comprise a processing unit, a mobility device communications interface for interfacing with cooperating computing environments, a memory storage unit, and an operating system operable to execute web services and/or computing applications.

Description

200523752 IX. Description of the Invention: Claiming priority and cross-referencing This patent application claims the following U.S. provisional patent applications: September 29, 2003 Filed 60 / 507,197 entitled "GO-KEY SYSTEM"; September 2003 On the 29th of September, the number 60 / 506,918 was named "GO-KEY ONLINE MUSIC SUBSCRIPTION AND DISTRIBUTION APPLICATION AND SERVICE"; On September 29, 2003, the number 60 / 506,919 was named "GO-KEY E-MAIL APPLICATION AND SERVICE" ; No. 60 / 506,925 named "GO-KEY MOBILE DESKTOP ENVIRONMET" on September 29, 2003; No. 60 / 543,735 named "MDMS" on January 22, 2004; No. 60 on January 22, 2004 No. 60 / 538,763 is named "OMNI FILE SYSTEM (OFS)"; January 22, 2004; no. 60 / 538,915 is named "UDDI DIRECTORY"; and January 22, 2004, no. 60 / 538,767 is named " UDDI REPOSITORY ", their patent applications are incorporated herein by reference. In addition, this patent application is related to the following patent applications and is cross-referenced, and their patent applications are incorporated herein by reference. · April 30, 2004 No. 10 / 837,426 entitled "MOBILITY DEVICE" "Platform" (agent file number 45597/196314); and on April 30, 2004, filed "MOBILITY DEVICE SERVER" No. 10/83 6,934 (agent file number 45597/196321). [Technical field to which the invention belongs] The devices and methods described herein are related to mobile computer operation technology. 'Most importantly, it relates to a method that allows communication networks and mobile devices to serve 96372.doc 200523752 servers for secure remote operations. Computer-operated mobile devices. [Previous Technology] Businesses and individuals are increasingly demanding mobility as a characteristic part of their computer environment. For businesses, mobility allows people to be deployed across geographic locations, enabling them to better serve their customers. For example, large pharmaceutical companies want to deploy human shellfish “onsite” close to future customers (eg, doctors). In this context, the “on-site” personnel would want to securely obtain confidential sales and market information, as well as electricity, to save, and to save applications and applications. Using the current scheme, these people usually continue to synchronize their data fish company network with a secure computer network connection (such as a virtual private series) at the end of the work day. In contrast, individuals seek the mobility of their computers in order to be able to easily access their data and computer applications = most importantly, 'continue to maintain the connection during Internet communications "in response to the needs of mobile computer operations , Computer environment manufacturers have developed mobile computers as f technology (e.g., standalone, networked and / or embedded) that allow people to use their computer environment at any time. Such mobile devices are designed to allow messengers to carry "Its audits and applications. Although these devices provide a pulsating month < 3 force ', U 2 is limited in efficiency due to differences in appearance, processing power, and portability. Due to their restrictions, users usually carry large electronic devices to ensure that they have all necessary audits and computer applications. The implementation of such solutions is based on the design of the computer operating system itself. Device-centric "computer operations. Using "Mengfan · 5¾, 罝 as the center" computer operation, although computer users can remotely and securely access files through remote communication applications (such as virtual private networks) via 96372.doc 200523752, But | Miao Zai Zai still ^ will carry large and cumbersome computer operating equipment to fetch its data and the thunder moon stealing the field wrong application. Most importantly, with device-centric computer operations, users will typically be equipped with a device (such as a 'corporate personal computer or laptop') based on the needs of the enterprise's computer operations, and will generally have personal devices at home for personal use. Used—or multiple computer environments. In the maintenance of multiple computer environments, computer users are responsible for making custom preferences and time-saving work for many different computer environments. Such tasks are extremely expensive and often frustrated by computer users' inability to access the required data and / or computer applications between different computer environments. For example, computer users may wish to obtain their financial planning management data from their financial planning management computer applications (eg, Quicken, Micr0sft M_y) at any time in order to process possible payments (eg, due bill). With the current solution, computer users need to manage women's financial planning and management computer applications and data on each computer (including company computers, which may violate corporate computer operating policies and procedures), so that they can access the required information. In contrast, companies will want to efficiently and immediately terminate all access to machine and company data for fired shellfishers. In current implementations based on device-centric computer operations, employees are required to return their computer environment (for example, laptops, personal computers, mobile phones, or personal digital assistants). In addition, the use of company data may be restricted by discontinuing the corporate user directory information for employees who are about to be fired. However, it takes time to collect such devices and the reason for terminating access. This 96372.doc 200523752 working period will cause the employee to copy files from the corporate computer environment for future use. In this case, under the current implementation, confidential corporate information may be leaked. As can be seen from the foregoing, it is necessary to overcome the shortcomings of the current implementation. SUMMARY OF THE INVENTION The present invention discloses a mobile device for protecting the security of mobile computer operations in a mobile device platform. In an exemplary implementation, an exemplary mobile device platform includes: a mobile device operable to communicate with at least one computer environment through a communication interface, and wherein the mobile device is operable to process and store secure Web services; A communication network that is operable to communicate data and computer applications using Web services; and a mobile device management server that is operable to generate, process, store, communicate, and encrypt Web services for the mobile device. The mobile device may include: a processing unit, a mobile device communication interface for interfacing with a cooperative computer environment; a memory storage unit; and an operating system that is operable to execute Web services and / or computer applications . In operation, the mobile device cooperates with one or more cooperating computer environments through the mobile device communication interface. The mobile device can use user authentication information for user authentication ... After the peak identification, the mobile device can cooperate with at least one cooperative computer environment through the mobile device communication interface so as to execute on the cooperative computer environment A web service and / or computer application. In addition, the mobile device can cooperate with a plurality of cooperative mobile split management temple servers to obtain a web service and / or a computer application program for execution on the at least one cooperative computer environment. In the following, it will be further explained that 96372.doc 200523752 illustrates other features of the device and method described herein. [Implementation] * Overview: Computer operation and mobile computer operation present the current computer operation solution (enterprise or a device and method described in this article is for a "user-centric" approach. Heart "model. Device-centric management and Tracking users. Industrial computer environments can include several individuals) are generally designed to use a "device-centric model that is designed to be assigned and assigned based on the device. For example, in the context of corporate computer operations, an enterprise environment connects to a server over a network Computer environment, or if the user is away from the corporate communication network, the user's computer is connected to the corporate communication network through a virtual private network (vpN). In addition, in Learn about the server computer environment and many client computer environments. In general, every user in an enterprise has a client computer environment (for example, a personal computer or laptop), and usually communicates through the enterprise. The interface connects the client computer to the enterprise computer environment. It is used to establish a relationship between user rights and permissions and a company's data and computer applications. A directory service structure to provide users with user identification information and password information. With this type of corporate computer environment, users are usually only allowed to use their own preferences and settings to customize the computer environment they are equipped with, so that If users roam across the network and log in to a non-owning computer environment, they will not be able to access their custom preferences and settings. This problem usually occurs with corporate users who will want to maintain Preferences and settings between their corporate computer environment and their personal computer environment (eg, a computer at home) (eg, Liu Lanji's collection, desktop appearance and operation, 96372.doc • 10-200523752 color Configuration, application layout, and directory structure of files) Synchronization often requires manual synchronization. In addition, using the existing enterprise computer environment to manage the client computer environment has become a heavy task. Currently, enterprises Of IT departments employ dozens (not hundreds) to support many users and their computers In addition to just the actual management, it also proposes a device-centric computer operation model for the integrity and security of enterprise data. In this context, computer users usually need to decide to copy and include confidential corporate data. Unauthorized copying of corporate files and data by users is a heavy task, so most companies ignore this work. For businesses and individuals, this existing implementation of the restrictions can be extremely costly. The devices and methods described in this article are designed to Improve the shortcomings of existing implementations by providing a mobile device platform designed using a "user-centric" model. In an exemplary implementation, the mobile device is intended to be used as part of a mobile device platform that includes at least one mobile device (MD), and the mobile device is operable to communicate via a communication interface (eg, Universal Serial Port (USB), IEEE 1394 communication Firewire, 802 χχ communication interface, blurt00th (Bluetooth) communication interface, personal computer interface, small computer serial interface and wireless application protocol (WAP) communication interface) to cooperate with one or more Computer environments (e.g., personal computers, personal digital assistants, mobile phones, networked computers, and other computer environments). In addition, the mobile device platform includes one or more mobile device management servers (MDMS). The mobile device management server is operable to authenticate, confirm, and provide user management for the cooperating mobile devices and their users. 96372.doc 11 200523752 In operation, the mobile device can collaborate with one or more computer environments for invoking—or multiple work environments—in order to process web services. These Web services can be executed from data and computer applications located locally in the MD, or the MD can collaborate with one or more MDMSs to obtain the required Web services. The MDMS can operate to authenticate the requesting MD, thereby ensuring that the requesting MD has the rights and authority regarding the requested Web service. In addition, the MDMS can collaborate with third-party web service providers to obtain the required web services. In this context, the MDMS can take action to translate a format from a non-MD native web service into a native MD web service. When the Web service is transmitted from the MDMS to multiple cooperating MDs, both the MDMS and the MD use user and device authentication and confirmation information to perform 1028-bit and / or 2056-bit encryption (for example, PKI encryption). The web services provided by the MDMS to the MD may include, but are not limited to, computer applications and required information. In addition, the MD can operate to store the user's custom settings and preferences in the local machine of the MD, so that users can obtain the custom settings and preferences at any time. Using a mobile device in this way, users can work in any number of collaborative computer environments, as long as the user is confident that they can access their custom settings and preferences in a collaborative computer environment, and most importantly, security Access your own computer applications and files (for example, provided as a web service).

Web services: Services (commonly known as web services or application services) provided over communication networks such as the Internet are growing. Similarly, the technologies to promote such services are growing. Web services can be defined as any source of information that executes business logic programs that are conveniently packaged based on the applications used by the user. The growing Web services means that Web services can be used to provide functions on the network. Web services usually include a combination of programming and data that enables users and other network-connected applications to obtain Web services from an application server. The scope of web services covers services such as storage management and customer relationship management ’and extends down to more limited services such as providing real-time stock quotes and checking bid prices for auction items. Actions focused on defining and standardizing the use of Web services include the development of Web Services Description Language (WSDL). WSDL is an Extensible Markup Language (XML) format used to describe Web services as a set of end points for processing messages containing document-oriented or process-oriented information. Assignments and messages are described in an abstract way, and then bound to concrete network protocols and message formats that define end points. The related specific end points are combined into abstract end points (services). At present, the widely advocated web service usage model is as follows: (1) The service is implemented and deployed on a site (usually called the server side). (2) Services are described using WSDL and published through methods such as UDDI (Universal Description, Discovery, and Integration). UDDI is an XML-based login (XML-based registry) to list on the Internet based on the web services provided. (3) The client application borrows 96372.doc -13- 200523752 by first interpreting one or more WSDL files. This uses Web services at other sites (usually called the client side). After interpretation, the client can understand the characteristics of related services. For example, service characteristics may include service API specifications, such as: (a) input data types; (b) service input data formats; (c) service access mechanisms or styles (eg, RpC vs. messaging services); and (d ) Related encoding formats. (4) The user prepares the data in a way that the various web services understand. (5) The client application invokes the service in a manner specified by a particular service (for example, 'as specified in the relevant WSDL file). The input data format and invocation method of various Web services are different. For example, Fan 5 also provides a service (getCityWeather) for an application private service provider, which requires a custom city name (for example,

Lake City (SLC) is a single input parameter. A client application that is expected to call such services must be written so that the data in the application or the output data can be analyzed to extract city data. During execution, the appropriate symbols are used to pass the prepared symbols to the getCityWeather service site. However, suppose other application service providers provide similar services but do not require two input parameters, such as city name and postal code. Therefore, if a client application is expected to call their two services, it must consider the required service input parameters to properly analyze and retrieve their data. So 'if a single application is expected to call both services, you must use service-specific API information and procedures to hard-code the application. Additionally,' if a single application is expected to call many services, then 96372.doc 200523752 must Use the API information and procedures related to each and all services that the application is expected to call to hard-code the application. As mentioned above, various Web services can provide similar functions, but in different ways. The system and method described herein aims to improve such differences by providing a mobile device platform with a mobile device management server. The mobile device management server includes, among other items, a Web service translation module, the Web The service translation module operates to accept data from a Web service provider, and provides the Web service to a collaborative mobile device as a Web service model prototype. Overview of the Simple Object Access Protocol (SOAP): The Simple Object Access Protocol (SOAP) is a lightweight, XML-structured protocol for exchanging information in a decentraHzed, decentralized environment . SOAP supports different types of information exchange, including: Remote Procedure Call (RPC) style, which allows request-response processing, and one of the end points receives a procedure oriented message 'And reply to a correlated resPonse message ° Message-oriented information exchange, which supports organizations and applications that need to exchange business or other types of documents, which will send a message, but send The person will not expect or wait for an immediate response. Generally speaking, a SOAP message is composed of a SOAP envelope (which encloses two data structures, the SOAP header and the SOAP body) and information about the named 96372.doc -15- 200523752 space (used to define the SOAP message). . The header is optional; if a header is present, the header carries information about the requirements defined in the SOAP body. For example, the header may contain transaction, security, content, or user profile information. The subject contains a web service request or a response to the request in XML format. The following diagram shows the high-level structure of a SOAP message. When SOAP messages are used to carry Web service requests and responses, SOAP messages can follow the web services definition language (WSDL) that defines the available web services. WSDL can define the SOAP messages used to access web services, Protocols that can be used to exchange SOAP messages and Internet locations that can access Web services. WSDL descriptors can reside in UDDI or other directory services, and can also be configured or otherwise (for example, a SOAP request response) To provide WSDL description items. There is a SOAP specification (for example, w3 SOAP specification, for more information, please visit www · w3.org) to provide standard encoding methods for requests and responses. The specification uses XML structure description ( XML Schema) to describe the structure and data type of the message payload. The SOAP usage methods applicable to the messages and responses of Web services are: SOAP clients use XML files that follow the SOAP specification and contain monthly service requirements. SOAP The client sends the file to a SOAP server, and the SOAP servlet running on the server will use (for example, HTTP Or HTTPS) to process the file.

The Web service receives the SOAP message 'and dispatches the message as a service invocation to an application program that provides the service requested by 96372.doc -16- 200523752. Using the SOAP protocol again, a response from the service is returned to the SOAP server, and the message is returned to the original SOAp client. Obviously, although SOAP is described herein as a communication protocol applicable to the devices and methods described herein, this description is merely illustrative, and the devices and methods described herein may use various communication protocols and messaging standards. Exemplary Computer Environment FIG. 1 illustrates an exemplary computer system 100 in accordance with the systems and methods described herein. The computer system 100 is capable of executing various operating systems 180 and computer applications 280 that can operate on the operating system 180 (for example, a web browser and a mobile desktop environment). The exemplary computer system 100 is primarily controlled by computer-readable instructions, which may be in the form of software, where and how to store and access such software. Such software may be executed in a central processing unit (CPU) u0, thereby causing the data processing system 100 to operate. In many known computer servers, a microelectronic chip CPU called a microprocessor is used to implement a workstation and a personal computer central processing unit 110. The sub processor 115 is an optional processor different from the main CPU 110, and is used to perform additional functions or assist the CPU 110. The CPU 110 may be connected to the sub processor 115 through the interconnect 112. One general-type sub-processor is a floating-point arithmetic sub-processor, also called a numerical or mathematical sub-processor, which is designed to perform numerical calculations faster than a general-purpose CPU 110. Obviously, although the exemplary computer environment shown in the figure includes a single CPU 110, this description is merely an example, and the computer environment i may include several CPUs 110. In addition, the computer environment 100 can also utilize remote resources (not shown) through the communication network 96372.doc -17- 200523752 160 or other data communication components (not shown). During operation, the CPU 110 fetches, decodes, and executes instructions, and sends and receives information about resources through the computer's main data transmission path (system bus 105). This system bus connects the components in the computer environment 100 and defines the data exchange medium. The system bus 105 usually includes a data line for transmitting data, an address line for transmitting addresses, and a control line for transmitting interrupts and for operating the system bus. An example of such a system bus is a PCI (Peripheral Component Interconnect) bus. Some of today's advanced buses provide a feature called bus arbitration for managing expansion card, controller, and CPU 110 access to the bus. Devices attached to and arbitrated to their buses are called bus masters. Supporting bus masters also allows multi-processor configurations of their buses to be created by adding a bus master card containing a processor and supporting chips. The memory devices coupled to the system bus 105 include a random access memory (RAM) 125 and a read-only memory (ROM) 13. This type of memory contains circuitry that allows storage and retrieval of information. ROM 13〇 usually contains stored data that cannot be modified. The CPU 110 or other hardware device can read or change the data stored in the ram 125. Access to the RAM 125 and / or ROM 130 may be controlled by the memory controller 120. The memory controller 12 can provide an address translation function for translating a virtual address into a physical address executed by a command. The memory controller 120 may also provide a memory protection function for isolating the processing sequence in the system, and isolating the system process and the user process. Therefore, in the execution mode, the program is usually only 96372.doc -18- 200523752 can access the memory of J τ from the virtual address space of the process; it cannot access the virtual address space of other processes. " Door VII memory, unless memory sharing between processes has been set. In addition, the computer system 100 may include a peripheral device controller 135. The peripheral device controller 135 is responsible for transferring instructions from the CPU to the peripheral devices, such as the printer 14o, the keyboard 145, the mouse 15o, and the data storage machine 155. The purpose of the / display 165 (controlled by the display controller 163) is to display the visible output produced by the computer system 100. Such visible output can include text, graphics, animation, and video. The display 165 may be implemented using a CRT type video display, an LCD type flat display, a gas plasma type flat display H, a touch panel, or other display forms. The display controller 163 includes electronic components required to generate a video signal to be transmitted to the display 165. In addition, the computer system 100 may further include a network card 170, which is used to connect the computer system 100 to an external communication network 160. The communication network 16 provides a way for computer users to communicate and transfer software and information electronically. In addition, the communication network 160 can also provide decentralized processing, which involves several computers, and will share the workload or collaboration during the execution of the work. It should be understood that the network connection shown in the figure is an exemplary network connection, and other devices may be used to establish a communication link between the computers. It should be understood that the exemplary computer system 100 is merely an exemplary computer environment suitable for the operation of the devices and methods described herein, and is not intended to limit the implementation of the devices and methods described herein in a computer environment with different components and configurations. The inventive concepts described herein can be implemented in a variety of computer environments of components and configurations. 96372.doc -19- 200523752 Illustrative computer network environment · The computer system described above can be deployed as the computer network department. Generally speaking, the content of the computer environment described above. Knife. One item of this mountain is used for server computers and client computers deployed in the Internet exhibition. Fig. 2 and Fig. 3 are not exemplary network connection computer environments that can adopt the devices and methods described herein, such as a server that communicates with a client computer via a communication network. ° As shown in FIG. 2, the server 205 may be connected via a communication network 16 (may be a fixed line or wireless, WAN, internal network, external network, peer-to-peer network, Internet or other communication network). Connected to several client computer environments, such as tablet personal computer 210, mobile phone 215, phone 22, personal computer and personal digital assistant 225. In addition, the devices and methods described herein may be connected to a car computer environment (not shown), a consumer electronics device computer environment (not shown), and a building automation control computer environment (not shown in the figure) via the communication network 160. Drawing) Concord. For example, in a network environment where the communication network 160 is the Internet, the server 205 may be a dedicated computer environment server that operates to process Web services and communicates via any number of known communication protocols (eg, Hypertext Transfer). Hypertext Transfer Protocol (HTTP), file transfer protocol (FTP), Simple Object Access Protocol (SOAP), or wireless application protocol (fg protocol) WAP)) to transfer Web services to and from client computer environments 100, 210, 215, 220, and 225. Each client computer environment loo, 21, 215, 220, and 225 can also be equipped with a browser operating system 180 (which can operate to support one or more computer applications such as a web browser (not shown)) , Or equipped with a mobile desktop 96372.doc -20- 200523752 environment (to get access to the server computer environment 205). During operation, the user (not shown in the figure) can interact with the computer application running on the client computer environment to obtain the required data and / or computer application. The data and / or computer applications may be stored on the server computer environment 205 and communicated through the exemplary communication network 160 to users cooperating through the client computer environments 100, 210, 215, 220, and 225. Participant users use Web services transactions to request access to specific data and applications that are fully or partially loaded on the server computer environment 205. These Web service transactions can be communicated between the client computer environment 100, 210, 215, 220, and 225 and the server computer environment for processing and storage. The server's electronic moon ring * brother 205 can be loaded with computer applications, processes and applets to generate, identify, and communicate Web services, and can be used with other server computer environments (Figure Not shown in the figure), third-party service providers (not shown), network attached storage (NAS) and storage area network (stOΓageaΓeanetwork; SAN) in collaboration to achieve Wait for web service transactions. Therefore, in a computer network environment having a client computer environment for accessing or interacting with the network and a server computer environment for interacting with the client computer environment, the devices and methods described herein can be utilized. However, various network architectures can be used to implement devices and methods for providing a mobile device platform, and therefore should not be limited to the examples shown. Reference will now be made to this illustrative implementation to explain the apparatus and methods described herein in detail. Mobile device platform components: Figure 3 depicts an exemplary interaction between the exemplary mobile device and the exemplary mobile device platform 96372.doc 21 200523752. Generally, as shown in FIG. 3, the exemplary mobile device platform 300 (in short) may include an exemplary mobile device 31, which uses a communication interface that operates in accordance with a selected communication protocol (not shown) 305 < Collaborate with client computer environment 100. In addition, the exemplary mobile device platform 300 may further include a communication network 160 (as shown in FIG. 1) and a server computer environment 205. < In the operation process, the mobile device can cooperate with the client computer environment 100 through a communication interface in order to execute a computer application 180 derived from the mobile device 3 1 0, and can be displayed in the The client computer environment 1〇 ^ for user interaction. Computer applications 18, which may include (but are not limited to) browser applications, word processing applications, spreadsheets, database applications, web services applications, and user management to provide the appearance and operation of a familiar operating system / Preferences application. In addition, the mobile device 310 may use the client computer environment 100 to cooperate with the server computer environment 205 via the communication network 160 to obtain data and / or computer applications in the form of Web services. FIG. 4 illustrates interaction between an exemplary mobile device 405 and an exemplary mobile device platform 400. As shown in FIG. 4, an exemplary mobile device platform 400 includes a mobile device (MD) 405, a computer environment 415, a communication network 435, a mobile device management server (MDMS) 420, and a third-party web service provider 44. In addition, as further shown in the MD exploded view, the MD 405 further includes a processing unit (PU), an operating system (OS), a storage memory (RAM / ROM), and an MD ^ communication interface. Furthermore, the MDMS 420 further includes a translation engine 425, a Web " service 430, and an encryption engine 445. 96372.doc -22- 200523752 During operation, MD 405 uses one or more MD components PU, OS, RAM / ROM and MD communication interface to communicate with computer environment 415 through MD / computer environment communication interface 410. When communicating with the computer environment 415, the MD 405 can launch one or more computer applications (not shown in the figure), which may include (but is not limited to) a mobile desktop environment as a configuration part, user customization and authentication Recognized administrator and web services applications. Once the configuration has been set, the MD 405 can further collaborate with the computer environment 415 to process one or more web services (e.g., web service data and / or computer applications). In this context, the communication network 435 may be used by the MD 405 to request the cooperating MDMS 420 for web service information and / or computer applications in order to process their web services. In this case, the MDMS 420 can operate to authenticate the MD, thereby ensuring that the participant user (not shown) and the mobile device 405 have the correct permissions for the requested data and / or computer applications. If properly authenticated, the MDMS 420 may further operate to find the requested data and / or computer applications locally on the MDMS 420 and to communicate their requested data and / or computer applications via the communication network 435 ( For example, a web service) is provided to the authenticated MD 405, or the MDMS 420 may operate to cooperate with a third-party service provider 440 to obtain a web service to be communicated to the authenticated MD 405. When cooperating with a third-party web service provider 440, the MDMS 420 is operable to use a translation engine 425 'to translate the web service 430 originating from the third-party web service provider 440 into an MD native format. In addition, MDMS 420 is operable to use the encryption engine 445 to encrypt the required 96372.doc -23- 200523752 when meeting the web service requirements from the authenticated MD 405

Web services. In addition, MDMS 420 may further operate to use a selected encryption protocol (e.g., PKI encryption) to cooperate with a file system (not shown) to obtain a Web service to be communicated to MD 405. The cooperative file system may include (but is not limited to) a file allocation table (FAT) file system and a new technology files system (NTFS). FIG. 5 illustrates a block diagram of exemplary software components and their interactions in an exemplary mobile device (MD) 500. FIG. As shown in FIG. 5, an exemplary mobile device 500 includes a module 505 and a mobile device operating system module 510 that display the mobile device on a computer environment. The MD display module and the MD operating system module are coupled in an operational manner via an HTTP communication interface. The MD display module 505 further includes an application program sub-module 515, an application program module 520, a desktop environment 525, and an application program 530. In addition, the application 555, skin 560, and theme 565 cooperate with the MD display module in order to provide one or more displays to be used on a collaborative computer environment (not shown) ( (E.g., mobile desktop environment). The MD operating system module 510 further includes a Java byte code loader 535, a Hypertext Transfer Protocol (HTTP) server 540, a Simple Object Access Protocol (SOAP) server 545, and a standard library 550. In addition, the SOAP server 5 70, java server pages (JSP) applications and images 575, and the library 580 also provide data and functions to the MD operating system 510, thereby allowing mobile devices to process and Execute web service (not shown in the figure). In the operation process, the mobile device 500 uses the MD display module 505 and mobile 96372.doc -24- 200523752 device operating system module 51 〇, so as to be incorporated into the computer environment to cooperate with the port (not shown in the figure, Create a display and execution environment (for example, a mobile desktop environment). The library uses == 515 and the application module 520 can operate to provide instructions for applications that operate on a computer environment created through a mobile device. .Desktop 525 provides poems that allow execution of web services and

= Programmed mobile desktop environment. The program 530 operates according to the application private wood structure and the application module 'so as to provide one or more applications to be operated on a cooperative computer environment (not shown in the figure) through a mobile device ^ additional data application 555 Is an additional data application that runs on a cooperating computer environment (not shown) via a mobile device. Panel ⑽ ... 560 and theme ⑹ provide appearance and display configuration parameters and settings' to allow participant users to customize the appearance and operation of applications executed by mobile devices and mobile desktop environments. The MD operating system module 51 operates to provide a software architecture, enabling mobile devices to execute computer applications and Web services based on the software architecture. Carry π

Bitset code loader 535 operates to handle protocol processing in "language modules." HTTP server 540 operates to provide Ηττρ communication services for mobile devices. SOAP server 545 operates to provide soap operations for mobile devices. Standard library 550 Provides a programming language (ie, java) library used in the compilation and execution of various java code. The SOAP service 57 〇 provides the parameter and configuration value k to the MD operating system module 5 1 〇 in order to process soap transactions ( For example, web services). JSP applications and images provide additional data to the MD operating system module in order to process java server web pages. Library 550 provides additional programming language libraries by the MD operating system module 5 10 96372.doc -25- 200523752 Used to support the execution of computer applications and processing Web services. Obviously, the figure shows the appearance of the MD display module 505 and MD operating system module 5 10 with a tenon arrangement, which is used to illustrate Explain that mobile devices can accept multiple collaborative data, functions, and operations to help process and execute Web services. In addition, the appearance of these modules is Dotted boxes surround the diagram to illustrate that data, functions, and operations can be exchanged and moved between modules. In addition, it is obvious that although the mobile device 500 shown in the figure has an exemplary configuration and exemplary components, this description The content is only an example, and the devices and methods described herein can be implemented through various components with various configurations. Figure 6 illustrates a block diagram of an exemplary hardware architecture of an exemplary mobile device. As shown, the mobile device 600 includes Computer environment communication connector 605, communication interface physical transceiver 610, and mobile device core 615. Advances in mobile device core 615 include communication interface core 620, processing unit processor 625, RAM / ROM 630, peripheral device interface 635, and And flash memory 64 and encryption module 645. During operation, the mobile device 600 communicates with a cooperating computer environment (not shown in the figure) through a computer environment communication connector. After it is actually connected, it acts The device 600 can communicate with the cooperative computer environment (not shown) to control a computer environment (not shown) on the cooperative computer environment. Multiple operations. In this context, data can be exchanged between the mobile 600 and the cooperating computer environment communication (not shown) through the communication interface physical transceiver 61. In addition, the mobile device can also use The communication interface core 620 of the mobile device core 615 handles data, commands, services and operations. Once in the communication interface core, the processing unit processor 625 can be connected with RAM / ROM 63〇, peripheral equipment 96372.doc -26-200523752 The interface 635, the anti-flash memory 640, and the encryption module 645 cooperate to process communication from a computer environment (not shown in the figure) that originates from cooperation or communication from a computer environment that is transferred to a cooperative operation mode ( The data, services, commands, and operations of the cooperating components (for example, the cooperating mobile device management server) (not shown in the figure) (not shown in the figure). In an exemplary implementation, the peripheral device interface 635 is operable to allow a physical connection for connecting one or more peripheral devices to the mobile device 600, including (but not limited to) flash memory, automated control, communication modules And input peripherals (eg, mouse, keyboard, security peripherals (which may include (but are not limited to) biometric security peripherals, retinal scanning security peripherals, and female holistic speech recognition peripherals). Encryption mode Group 645 is operable to encrypt and decrypt carpets, services, commands, and applications for use by the processing unit processor 625 of the mobile device 600. Obviously, although the mobile device 600 shown in the figure has an example Configuration and illustration components, but this description is only an example, and the devices and methods described in this article can be implemented through various components with various configurations. Figure 7 illustrates an exemplary mobile device and includes devices that allow multiple work environments to operate. Block diagram of the authentication stack. As shown, the mobile device 700 may include working environments 705, 710, 715, 720, 725, and 730. Based on For the purpose of this illustration, the work environment can be considered as a separate user environment within the mobile device, which is used to handle independent user authentication, mobile device authentication, and confirmation information. For example, a mobile device can support multiple work environments, — A working environment for enterprise applications and data, a working environment for personal game applications and data for participant users, and a purchase of 96372.doc -27- 200523752 applications for participant users And data work environments. For each work environment, mobile devices can include independent authentication information, enabling collaboration components that provide services and applications for individual work environments (eg, mobile device management servers) to be authenticated from Endure the work environment.

In this context, the working environment 705 of the mobile device 700 shown in FIG. 7 itself includes user authentication and confirmation of the mobile device and an encryption key (the public key used for work frame 1 and used for work Similarly, the "private key of environment i" similarly, the work environment 710 has user authentication and confirmation information of the mobile device, and a public key and a private key used in the work environment 2. As shown in FIG. 7, m 7 i 5. Work environment IV 72. Up to work environment n 725 and ^ 730 have the same user recognition and public / private gold loss architecture. In the process, the mobile device 700 can allow participants users ( (Unknown in the picture) Choose a working environment where you can log in and process data and professional services. According to the user's registered environment, you will use—or multiple users to identify public / private key working environment information. .

FIG. 8 illustrates a block diagram of a working environment implementation of an exemplary mobile device. For example, the 8G5 mobile device can support the operating system 81 (), and the operating system can be operated to execute-or multiple working environments 810 and 815. Work environment can be good = In the cooperative computer environment, please call the state, and promote the cooperative computer environment brother to display the working environment 1 820 on Xianbuyi 835. Similarly, the cooperative computer environment can display the working environment m817 on the display screen; the cooperative electric touch environment can display the working environment 显示器 5 on the display 825. As shown in the figure, the mobile device 5 is represented by a cube graphic provided by the financial institution (as shown by Lin). You can call a special 96372.doc • 28- 200523752 work environment by rotating the cube. In operation, you can select the working environment by rotating the cube to the desired brother, and provide appropriate authentication information (such as user name and password) for operation. It is obvious 'Although the described mobile device has a working environment that can be presented with a specific ancestor (eg, cube), this description is only an example' The various configurations can be used to present the mobile device to the participant user. Multiple work environments. FIG. 9 illustrates a program executed when an exemplary mobile device_ is configured to process and execute a Web service. As shown in the figure, the program starts from step and proceeds to step 905. At step 905, a check is performed to determine whether communication has occurred between the mobile device and the cooperating computer environment. If the result of the check in step 905 indicates that communication is not in progress, the program returns to step _ and continues the program. Immediately, however, if it is determined in step 905 that communication has occurred between the mobile device and the cooperating computer environment, then proceed to step 910 to perform a check to authenticate the user. If the check result at step 910 indicates that the user has not been successfully authenticated, the program proceeds to step 915 to generate an error. A check is then made in step 917 to see if authentication is attempted again. If authentication is attempted again at step 917, the program returns to step 917 and continues the program. However, if it is determined in step 917 that authentication is not attempted again, the process proceeds to step 92 and ends. However, if the result of the check at step 910 indicates that the user has been authenticated, the process proceeds to step 9 2 5 to initiate a mobile desktop environment to be executed on the cooperating computer environment. Next, at step 93, the user authentication information 96372.doc -29- 200523752 is used to extract user-defined preference settings integrated into the mobile desktop environment of the mobile device. The process then proceeds to step 935 where a check is performed to determine whether there are any changes to the mobile desktop environment customization settings of the mobile device. If the check result in step 935 indicates that the desktop environment settings of the mobile device have changed, the process proceeds to step 940 to save the changes. The program then proceeds to step 945 where a check is performed to determine if the mobile device is requesting a web service. If the check result at step 945 indicates that the Web service is to be executed, the program proceeds to step 96 to process the service request, and the Web service is executed at step 965. The program then returns to step 945 and continues the program. However, if it is determined in step 945 that the Web service request is not performed, the program proceeds to step 950 where a check is performed to determine whether the mobile device has stopped communicating with the cooperating computer environment. If the check at step 945 does not indicate that the mobile device has stopped communicating with the cooperating computer environment, the program terminates at step 955. However, if the check result at step 95 indicates that the automatic device has not stopped communication, the program returns to step 945 and continues the program. Moreover, if the check result in step 935 indicates that the mobile device desktop environment setting has not changed, the process proceeds to step 945 and the process continues. In summary, the devices and methods described herein provide a mobile device. However, it should be understood that the present invention allows various modifications and alternative constructions. The invention is not limited to a particular construction as described herein. On the contrary, the invention is intended to cover all modifications, alternative constructions, and equivalents falling within the spirit and scope of the invention. Moonnote thinks that the present invention can be implemented in various computer environments (including non-wireless and wireless computer environments), local computer environments, and real environments. The various techniques described in this article 96372.doc -30- 200523752 can be implemented using hardware, software, or a combination of hardware and software. Preferably, the various technologies can be implemented in a computer environment that maintains a programmable computer, where the computer includes a processor, a processor-readable storage medium (including volatile and non-volatile memory and / or storage) Components), at least one input device and at least one output device. Computer hardware logic coordinated with various instruction sets is applied to the data to perform the functions described above and generate output information. The output information is supplied to one or more output devices. Preferably, various programming languages (including high-level procedures or object-oriented programming languages) can be used to implement the private styles used by the exemplary computer hardware to communicate with the computer system. As an example, if desired, the combined language $ computer language can be used to implement the devices and methods described herein. In any case, the language s may be a compiled or interpreted language. Preferably, each computer program is stored in a general-purpose or special-purpose programmable computer-readable storage medium or device (such as a 'ROM or magnetic disk) for use when the computer reads the storage medium or device Configure and operate your computer from time to time to perform the Spear King sequence as described above. The device can also be constructed as a computer-readable storage medium and configured using a computer program ', where the storage medium is configured to cause the computer to operate in a specific or predefined manner. Although the exemplary embodiment of the present invention has been described in detail in the foregoing, those skilled in the art will readily understand that there are many possible implementations of the exemplary embodiments = additional modifications' without substantially departing from the new teachings of the present invention. Content and advantages. Accordingly, these and all such modifications are intended to be included within the scope of the present invention. The following exemplary towels request the scope of the patent to more appropriately define the invention. [Schematic illustration] 96372.doc -31-200523752 Platform and use method will now be described in detail with reference to the accompanying drawings: The actual example of the electrical diagram 1 is not based on the device and method described in this article Environment block diagram; an example electric cat network diagram based on the methods and methods described herein; an additional block diagram showing exemplary computer component interactions according to the devices and methods described herein;

FIG. 4 illustrates an exemplary implementation block diagram of a mobile device platform according to the devices and methods described herein; FIG. 5 illustrates an exemplary software architecture block diagram of an exemplary operation not based on the devices and methods described herein; Illustrative hardware architecture block diagram of an exemplary operation of the devices and methods described herein; FIG. 7 illustrates an exemplary user and device authentication stack block diagram of an exemplary mobile device in accordance with the devices and methods described herein; "

FIG. 8 illustrates an exemplary implementation block diagram of multiple working environments applicable to an exemplary mobile device according to the devices and methods described herein; and FIG. 9 illustrates an exemplary mobile device configured to be compromised in accordance with the devices and methods described herein. Illustrative process flow chart executed in. [Description of main component symbols] 100 105 Computer system (data processing system, computer operating environment) System bus central processing unit (CPU) 96372.doc * 32-110 200523752 112 115 120 125 130 135 140 145 150 155 160 163 165 170 180 180, 200 210 215 220 225 300, 305 310, interconnected sub processor memory controller random access memory (RAM) read-only memory (ROM) peripheral device controller printer keyboard mouse data storage Communication network display controller display network card operating system computer application network connection computer environment tablet PC mobile phone personal digital assistant 400 mobile device platform communication interface 405, 500, mobile device (MD) 96372.doc- 33- 200523752 600, 700, 805 410 MD / Computer Environment Communication Interface 415 Computer Environment 420 Mobile Device Management Server (MDMS) 425 Translation Engine 430 Web Services 435 Communication Network 440 Third-Party Web Service Provider 445 Encryption Engine 505 Mobile Device Display module 510 Mobile device operating system module 515 Application framework submodule 520 Application Program Module 525 Desktop Environment 530 Application 535 Java Byte Code Loader 540 Hypertext Transfer Protocol (HTTP) Server 545 Simple Object Access Protocol (SOAP) Server 550 Standard Library 555 Application 560 Skin 565 Theme 605 Computer environment communication connector 610 Communication interface physical transceiver 96372.doc -34- 200523752 615 Mobile device core 620 Communication interface core 625 Processing unit processor 630 RAM / ROM 635 Peripheral device interface 640 anti-flash memory 645 encryption modules 705, 710, 715, working environment 720, 725, 730, 815, 817, 820 820, 830, 840 computer environment 825, 835, 845 monitor 96372.doc 35-

Claims (1)

200523752 10. Scope of patent application: 1. An action set for processing Web services, including: a processing unit that operates to perform at least-Web service computer operations;-a communication interface that connects the mobile device in an operational manner To at least one cooperative computer environment; a memory storage unit that cooperates with the processing unit to store Web service data and transaction information; and an operating system that can operate on the processing unit to execute at least one encrypted Web services. 2. The mobile device of claim 1, further comprising a peripheral device interface module which is operable to accept and collaborate with multiple peripheral devices. Their peripheral devices include & Flash memory, communication interface, and automatic control peripheral devices. And input peripherals, etc. 3. ^ The mobile device of claim 1, further comprising-anti-memory memory, which is operationally coupled to the processing unit and is operated as a Web service processing part. The mobile device of 浐 月 求 贝 1 further includes a mobile desktop computer application, which is operable to communicate between the mobile device and the at least one cooperating computer brother, and present on the at least-cooperating computer environment-desktop Computer environment. 5.2 The mobile device of claim 4 further includes a user management module, ..., and the user preference settings and various settings of the participant of the mobile device. The moving device of the month 1 item further includes an automatic execution module, 96372.doc 200523752, which cooperates with the operating system, thereby allowing the mobile device to start an automated group and cooperate with the at least one computer environment. As set forth in the action of claim 6, wherein the at least one computer environment includes an operating system native to the at least one computer environment. 8. 9. The mobile device of Seeker 7, wherein the operating system of the mobile device controls the operating system belonging to at least the computer environment. The mobile device of item 8 further includes-a user authentication management module 'which is operable to use the user authentication information to recognize a participant user using the mobile device. 10. The mobile device of claim 9, wherein the user identification information includes any of the user identification information and the user password information. The mobile device of the month seeker 1 further includes a mobile device platform authentication _. And it is operable to recognize the mobile device using a cooperative mobile device management server. / Find the mobile device of item 11, wherein the mobile device cooperates with the mobile device's official server to obtain Web services. : The mobile device of member 12 wherein the mobile device management server is on: After the mobile device ', Web services are provided for the mobile device. The moving device of the month seeker 1 further includes a mathematical sub-processor which cooperates with the processing unit to process Web services. 15. The mobile device according to claim 14, further comprising an encryption module for encrypting and decrypting the Web service transaction. The ordering device of μYue Dong item 1, wherein the operating system includes: Fava virtual machine (JVM) ′ which can operate to execute various computer applications. 96372.doc 200523752 17. If the mobile device of claim 16 'wherein their computer applications include an email computer application, a word processing computer application, a browser computer application, — mobile desktop environment, _ trial calculation Any item in a personal computer application and other computer application that can be rendered as a web service. If an initial trip is requested, further steps include a work environment module that is operable to allow operating multiple operating environments on the mobile device. 19. The mobile device of claim 18, wherein the work environment module is operable to use mobile device authentication information to control access to each work environment. 20. The mobile device of claim 19, wherein the configuration information for each of the operating environments is stored in the memory storage unit. 21 · —A method for securely transmitting web services across a network-connected computer environment, including: providing a mobile device operable to process web services; and establishing a connection between the mobile device and a mobile device through a communication link Communication between the device management server; and t executing an encrypted Web service provided by the mobile device management feeder at the mobile device. 22. The method of claim 21, further comprising authenticating the mobile device by the mobile device management server, thereby ensuring that the mobile device has appropriate access rights, permissions, and permissions to receive the mobile device manager. A required Web service provided. The Web service from the method of claim 2 2 further includes communicating the requested mobile device management server to the mobile device. 96372.doc 200523752 24. The method of claim 21 further includes establishing a communication link between the mobile device and a computer environment made by σ. 25. A system for safely executing Web services on a cooperative computer environment, including: a first processing unit component for processing Web services and associated Web service transaction data, and a first component for storing Web services and associated Web service transaction information; and a third component for connecting the first component and the second component to a cooperating computer environment. For use 26. The system of claim 25, further comprising a fourth component, the cooperating computer environment, to authenticate the system. 27. The system of claim 27, further comprising a fifth component for the web service mobile device to manage the feeder communication. It is used to run the system through 28 · Ruming Item 25, and further includes a sixth component to perform the electric job program on the computer environment of cooperation. 29. 5 kinds of automatic devices to operate in a cooperative computer environment include: Initiating automatic execution of operations on the mobile device to set up automatic configuration and establish its own identity; 口 1 F < The association of the electronic shame% realm obtains the user authentication information; confirms the user authentication information; and after successful user authentication, the mobile device collaborates with the partner computer ring 96372.doc -4- 200523752 elder brother 'to Perform V ^ eb service. 30. The method of claim 29, further comprising executing—a computer application includes executing any item in an email, word processing program, spreadsheet, browser, or management application on the cooperative computer environment. . Yi, Yi Xiong {using 31. The method of 1 and item 30, further comprising storing the dove service and the associated web service transaction on the mobile device. 32.-A computer-readable instruction to instruct-a computer-operated computer to read the reading medium, the method includes: initiating an automatic execution operation on the mobile device, setting an automatic configuration and establishing itself with the cooperation Of: "Dingdong $ Sex; ECG ^ J Yijing's association to obtain user authentication information; confirm user authentication information; and after successful user authentication, the action pretends to cooperate with Yujing to run the Web Services.… The mobile device of the computer ring made by Hais' further includes a queen-like component, including biometric security, scanning 4 security mechanism and security speech recognition mechanism. Manufacturing, retina 96372.doc