WO2001033889A1 - Cellular data system security method and apparatus - Google Patents

Cellular data system security method and apparatus Download PDF

Info

Publication number
WO2001033889A1
WO2001033889A1 PCT/IB2000/001586 IB0001586W WO0133889A1 WO 2001033889 A1 WO2001033889 A1 WO 2001033889A1 IB 0001586 W IB0001586 W IB 0001586W WO 0133889 A1 WO0133889 A1 WO 0133889A1
Authority
WO
WIPO (PCT)
Prior art keywords
data
cellular
filter rules
cellular data
mobile equipment
Prior art date
Application number
PCT/IB2000/001586
Other languages
French (fr)
Inventor
Dganit Amitai-Oreny
Original Assignee
White. Cell, Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by White. Cell, Inc. filed Critical White. Cell, Inc.
Priority to EP00971633A priority Critical patent/EP1234469B1/en
Priority to AU10462/01A priority patent/AU1046201A/en
Priority to DE60037748T priority patent/DE60037748D1/en
Publication of WO2001033889A1 publication Critical patent/WO2001033889A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0263Rule management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • H04W12/121Wireless intrusion detection systems [WIDS]; Wireless intrusion prevention systems [WIPS]
    • H04W12/122Counter-measures against attacks; Protection against rogue devices
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • H04W12/128Anti-malware arrangements, e.g. protection against SMS fraud or mobile malware
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic

Definitions

  • the invention relates generally to security in cellular data systems, and more specifically to providing a security method and apparatus to protect digital data and equipment in cellular data networks such as those providing cellular Internet access.
  • Cellular telephones and wireless computerized cellular devices are rapidly evolving to incorporate capabilities traditionally found only on large networked computers, and are frequently used to access the Internet or other networks.
  • Current generations of such devices have limited but expanding capabilities, and often incorporate versions of web browsers, e-mail clients, and other common Internet data retrieval tools.
  • These cellular network systems typically both receive data from the Internet or another information source and convert it to data encoded with the appropriate protocol for sending to the mobile cellular equipment, and receive data from the mobile cellular equipment and convert it for sending over the Internet or other destination. Therefore, mobile cellular equipment can communicate via a supported protocol through the cellular network system to the Internet or other information source, using services provided by the cellular network system.
  • firewalls and virus scanning software have evolved to challenge many such types of malicious data.
  • simple virus scanners or firewalls are not easily or effectively adaptable to a cellular network or to mobile cellular equipment, and so the threat of malicious or undesired data is largely yet unsolved.
  • some threats such as flooding are not addressable using other methods such as encryption, and other solutions similarly often fail to address a wide variety of likely potential threats.
  • What is needed is a system providing security in a cellular data system that can monitor and restrict undesired or malicious data.
  • the present invention provides a system providing security in a cellular data system that can monitor and restrict undesired or malicious data.
  • the system uses one or more defined filter rules to identify data that is undesired or duplicate data, monitors cellular data traffic for data corresponding to one or more of the filter rules, and restricts transmission or use of cellular data found to correspond to one or more of the filter rules.
  • Figure 1 shows a cellular data network connected to an external network with mobile cellular equipment, as may be used to practice an embodiment of the present invention.
  • Figure 2 is a diagram illustrating elements of one example embodiment of the present invention.
  • Figure 3 is a diagram illustrating elements of an embodiment of the present invention incorporating message delivery tracking capability.
  • Figure 4 is a diagram illustrating an embodiment of the present invention incorporating operation supporting filtering data in a non-protocol specific format.
  • the system provides in various embodiments use of one or more defined filter rules to identify data that is undesired or duplicate data.
  • the system then monitors cellular data traffic for data corresponding to one or more of the filter rules, and restricts in various embodiments of the invention transmission or use of cellular data found to correspond to one or more of the filter rules.
  • FIG. 1 is a block diagram that illustrates one possible structure into which a system to practice the present invention may be incorporated.
  • An external network 101 such as the Internet or an external telephone network is connected via a connection 103 to a local cellular data network 102 that is operated by a cellular service provider.
  • Each cell within the service provider's service region employs one or more antennas 104 to facilitate wireless communication with subscriber's mobile cellular equipment 105.
  • a system incorporating the present invention may be implemented within the external network 101 before connection via 103 to the local cellular data network 102, within the cellular data network 102, or within the mobile cellular equipment 105.
  • the invention may therefore be incorporated anywhere within the data chain between the mobile cellular equipment and other originators of cellular data, including within the cellular data networks, mobile cellular equipment, or other equipment of other network service providers or cellular service providers.
  • filter rules are defined to serve as a reference with which to determine what cellular data traffic will be deemed undesired or duplicate data.
  • the filter rules may in various embodiments of the invention be defined by mobile cellular equipment users, by cellular service providers, by an automated cellular data monitoring system, by a filter rule subscription or distribution service, or by any other method of creating filter rules usable to identify undesired or duplicate data.
  • the filter rules may be implemented in any way that facilitates examination of cellular data traffic for corresponding data, including in various embodiments of the invention implementation via state machines, defined key fields corresponding to fields in the cellular data stream, location-specific restrictions on content or quantity of information, or any other suitable method.
  • the filter rules will in various embodiments be defined to enable identification of duplicate or undesired data, and may include rules that use the location of mobile cellular equipment as a parameter.
  • the filter rules defined at 201 may in some embodiments of the invention be automatically propagated through a network, including within or between cellular data networks, mobile cellular equipment, and external network equipment. In other embodiments, the filter rules may be optionally received from a distribution source, or received automatically but requiring user approval before utilization.
  • the filter rules will in various embodiments of the invention be configured to define duplicate key fields in cellular data, such that these key fields can be used to monitor cellular data traffic at 202 to determine whether cellular data is duplicate data.
  • this is accomplished by building a table comprising a table entry for each address detected in monitoring cellular data. Each table entry then records both the time of the last detected cellular data corresponding to the address, and a counter that counts the duplicate cellular data corresponding to the address over a period of time.
  • Such a system can monitor both source and destination addresses, thereby preventing both floods to a single destination from multiple sources and floods or spam from a single source to multiple other destinations.
  • Duplicate data includes not only data that is determined to have the same address as other data, but in other embodiments includes having the same data in one or more other fields. For example, data from a single network domain that contains the same data as other cellular data traffic may be deemed duplicate despite being from a different address. Many other key fields or combinations of key fields may be used in different embodiments of the invention to determine duplication of data, and are within the scope of the invention.
  • Data determined to be duplicate data is then restricted from transmission at 203, and a user is optionally alerted in some embodiments of the invention at 206.
  • the user may be a mobile equipment user, a cellular data network equipment user or cellular service provider, or be an external network user.
  • the user will in some further embodiments be able to inspect and discard or forward the data, log the data, create new filter rules in response to the data, or take other appropriate action in response to the alert.
  • Restricting transmission of the data at 203 in further embodiments comprises delaying transmission of duplicate data that exceeds a predetermined allowable amount of duplicate cellular data per period of time.
  • Restricting transmission in various other embodiments may comprise storing the duplicate data for later evaluation, reporting of the duplicate data to a cellular service provider for transmission approval, possible approval and logging of duplicate data to enable billing for authorized mass advertising, or other means of restriction.
  • the filter rules defined at 201 may also address other types of data that are unwanted, such that the filter rules are used at 202 in monitoring cellular data traffic for the udesired data corresponding to the one or more filter rules.
  • This undesired data can be restricted from further transmission at 204 such as when detected in a cellular data network of a cellular service provider, or can be restricted from processing at 205 such as when detected in mobile cellular equipment.
  • One or more filter rules corresponding to the undesired data type have been defined at 201, and again may address a variety of undesired data types using any variety of rule parameters.
  • the filter rules may be address-specific, user-configurable, or simply mass distributed rules directed toward known threats.
  • the undesired data types include in various embodiments but are not limited to known viruses, trojan horses, spam, data originating from addresses or network regions known or suspected to be associated with hacking activity, undesired advertising or personal addresses, data of a size larger than is desired for automatic downloading, or other undesirable data.
  • the system implementing the monitoring function at 202 is further operable to track messages delivered to cellular mobile equipment.
  • FIG. 3 is a flowchart that illustrates integration of tracking functions into a system that monitors cellular data traffic as shown at 202 and at 301.
  • Messages delivered to mobile cellular equipment are tracked at 302, and the tracking data is used to create call log reports from tracked messages at 303.
  • the tracking data is also used in a further embodiment to create billing reports or to create billing data at 304.
  • the billing can be based on tracking data comprising the number of messages or other data elements delivered, the bandwidth consumed in receiving data, the speed or other level of service with which data is retrieved, or other such factors.
  • the mobile cellular equipment address or other identifying characteristics may be filtered via the filter rules to prevent propagation of selected mobile cellular equipment identifiers or cell identifiers from propagating through a cellular or external network, preventing transmission of data that could be used to locate the cellular mobile equipment.
  • This restriction of cellular mobile equipment registration data propagation is implemented in selected embodiments of the invention to protect user privacy, so that the registration or address data cannot be intercepted and used to determine in which cell a particular mobile cellular equipment user is located.
  • the inventive system described herein may be implemented within a system utilizing multiple data streams that are encoded with multiple cellular data protocols, and desirably will have monitoring capability to monitor cellular data traffic in any protocol supported within the network.
  • protocols include WAP, GPRS, SMS, CIMD, NIP, OIS and TCP/IP protocols such as SMPP and UCP.
  • Other protocols exist and are likely to be developed, and the protocols here are listed as examples only.
  • filter rules are defined in a non-format specific format.
  • Cellular data is intercepted within the system at 402, and the intercepted data is parsed into a non-protocol specific format at 403.
  • parsed data is stored in a data structure in non-protocol specific format at 404, and the data is then compared against the filter rules at 405.
  • Elements 402 through 405 largely correspond to monitoring cellular data at 202 of Figure 2, and comprise yet another possible embodiment of the invention as described in conjunction with Figure 4.
  • the present invention may also be implemented in some embodiments within mobile cellular equipment 105.
  • Various embodiments will employ an event monitor operating in hardware or software within mobile cellular equipment that is operable to limit the function of software that executes on the mobile cellular equipment.
  • the restrictions to software function include in some embodiments limiting the ability of executing software to erase or modify data stored on the mobile cellular equipment.
  • Embodiments of the invention implemented within mobile cellular equipment will likely be particularly well- suited for implementation of user-configurable filter rules, so that a user can control the degree of security and functionality of his own mobile cellular equipment. But, filter rules may still in various embodiments be received from a distribution server or via other methods, such as to receive automatic virus or trojan horse filter rule updates.
  • SIM Subscriber Identity Module
  • filter rules may specifically be employed to prevent unauthorized modification of data contained in the SIM.
  • the monitoring and restricting functions of the present invention may be employed in various embodiments within the SIM, in an interface between the SIM and the mobile cellular equipment, or within the mobile cellular equipment.
  • various actions may be taken once duplicate or undesired data is identified.
  • some embodiments of the invention will incorporate prompting a user to determine appropriate action. For example, a cellular mobile equipment user may be given the option to halt execution of suspect code, or may select to execute the code despite the warning.
  • a cellular data network or other network operator may receive notification of undesired or duplicate data, and therefore may use the data to alert people of the threat or take actions to eliminate the undesired or duplicate data.
  • a help desk may also be alerted in some embodiments of the invention, and may contact appropriate cellular equipment users to assist them in dealing with the undesired or duplicate data.
  • Implementation of the invention in some embodiments will require communication of cellular data traffic over an external network via a protocol such as TCP/IP that may not include certain address or identification information normally communicated within a cellular data network such as 102.
  • dynamic IP translation will desirably be implemented to map a certain address, phone number, or other location identifier to a TCP/IP address or other external network address, to facilitate tracking of this data and filtering based on this data. For example, a mobile cellular equipment user may configure his equipment to reject cellular data traffic from a specific telephone number.
  • this undesired data originates remotely from the local cellular data network and must travel to the local network via an external network using TCP/IP or another protocol that does not directly preserve and transmit the originator's phone number, dynamic IP or address translation will be needed to preserve and identify the originator's phone number.
  • the phone number By associating the originator's phone number with the address used in the external TCP/IP network, the phone number can be reassociated with the cellular data with the specific IP address on reaching the local cellular data network, and so may be used there for filtering.
  • the present invention may be implemented in hardware, in software, or in any other manner consistent with the appended claims. It is anticipated that the examples given herein are descriptive of currently desirable applications of the invention, but it is also anticipated that many other example embodiments of the present invention will become apparent only as mobile cellular equipment and its use for data access evolve.

Abstract

The present invention provides a system providing security in a cellular data system than can monitor and restrict undesired or malicious data. In one embodiment, the system uses one or more defined filter rules to identify data that is undesired or duplicate data, monitors cellular data traffic for data corresponding to one or more of the filter rules, and restricts transmission or use of cellular data found to correspond to one or more of the filter rules.

Description

Cellular Data System Security Method and Apparatus
Field of the Invention
The invention relates generally to security in cellular data systems, and more specifically to providing a security method and apparatus to protect digital data and equipment in cellular data networks such as those providing cellular Internet access. Claim of Priority
This application is related to and claims priority from pending provisional application 60/162,987, "Controlled & Safe Data Services for Real Time Devices", filed 11/01/99, and application 60/184,793, "Data System Security Method and Apparatus", filed 2/24/2000. Background of the Invention
Cellular telephones and wireless computerized cellular devices are rapidly evolving to incorporate capabilities traditionally found only on large networked computers, and are frequently used to access the Internet or other networks. Current generations of such devices have limited but expanding capabilities, and often incorporate versions of web browsers, e-mail clients, and other common Internet data retrieval tools.
It is anticipated that as the capabilities of these cellular data devices grow, they will become favored for some types of Internet use that are well- suited to mobile or time-sensitive applications, such as receiving e-mail or other urgent messages, trading stocks, looking up data such as maps or movie times and listings while away from home, and other such uses. Still other uses are expected to evolve as this technology develops, possibly including new e- commerce, multimedia, or additional data retrieval and messaging applications. A number of competing protocols such as WAP (Wireless Application Protocol) and others have been developed to facilitate exchange of data between cellular networks and mobile cellular equipment, most of which are used to facilitate Internet access via the mobile equipment and the cellular network system. These cellular network systems typically both receive data from the Internet or another information source and convert it to data encoded with the appropriate protocol for sending to the mobile cellular equipment, and receive data from the mobile cellular equipment and convert it for sending over the Internet or other destination. Therefore, mobile cellular equipment can communicate via a supported protocol through the cellular network system to the Internet or other information source, using services provided by the cellular network system.
But, it is also anticipated that as cellular mobile equipment with such capability becomes more common, so too will the plague of viruses, spam, trojan horse application, flood attacks, and other malicious data currently propagated over networks such as the Internet. In the Internet context, firewalls and virus scanning software have evolved to challenge many such types of malicious data. Unfortunately, simple virus scanners or firewalls are not easily or effectively adaptable to a cellular network or to mobile cellular equipment, and so the threat of malicious or undesired data is largely yet unsolved. Further, some threats such as flooding are not addressable using other methods such as encryption, and other solutions similarly often fail to address a wide variety of likely potential threats.
Current cellular data security systems typically provide only encryption or authentication, and the security provided by these systems has recently been questioned. Even if secure, hostile or undesired data from the Internet or another source may be unknowingly retrieved despite implementation of these systems without any way of detecting its nature until the data has done harm. Security problems therefore still exist in a variety of environments and applications, and mobile cellular equipment largely remains susceptible to attack from hackers, viruses, and other hostile or undesired data.
What is needed is a system providing security in a cellular data system that can monitor and restrict undesired or malicious data.
Summary of the Invention The present invention provides a system providing security in a cellular data system that can monitor and restrict undesired or malicious data. In one embodiment, the system uses one or more defined filter rules to identify data that is undesired or duplicate data, monitors cellular data traffic for data corresponding to one or more of the filter rules, and restricts transmission or use of cellular data found to correspond to one or more of the filter rules.
Brief Description of the Figures Figure 1 shows a cellular data network connected to an external network with mobile cellular equipment, as may be used to practice an embodiment of the present invention.
Figure 2 is a diagram illustrating elements of one example embodiment of the present invention.
Figure 3 is a diagram illustrating elements of an embodiment of the present invention incorporating message delivery tracking capability.
Figure 4 is a diagram illustrating an embodiment of the present invention incorporating operation supporting filtering data in a non-protocol specific format.
Detailed Description In the following detailed description of sample embodiments of the invention, reference is made to the accompanying drawings which form a part hereof, and in which is shown by way of illustration specific sample embodiments in which the invention may be practiced. These embodiments are described in sufficient detail to enable those skilled in the art to practice the invention, and it is to be understood that other embodiments may be utilized and that logical, mechanical, electrical, and other changes may be made without departing from the spirit or scope of the present invention. The following detailed description is, therefore, not to be taken in a limiting sense, and the scope of the invention is defined only by the appended claims. The present invention provides a system providing security in a cellular data system that can monitor and restrict undesired or malicious data. The system provides in various embodiments use of one or more defined filter rules to identify data that is undesired or duplicate data. The system then monitors cellular data traffic for data corresponding to one or more of the filter rules, and restricts in various embodiments of the invention transmission or use of cellular data found to correspond to one or more of the filter rules.
Figure 1 is a block diagram that illustrates one possible structure into which a system to practice the present invention may be incorporated. An external network 101 such as the Internet or an external telephone network is connected via a connection 103 to a local cellular data network 102 that is operated by a cellular service provider. Each cell within the service provider's service region employs one or more antennas 104 to facilitate wireless communication with subscriber's mobile cellular equipment 105.
In operation, a system incorporating the present invention may be implemented within the external network 101 before connection via 103 to the local cellular data network 102, within the cellular data network 102, or within the mobile cellular equipment 105. In practice, the invention may therefore be incorporated anywhere within the data chain between the mobile cellular equipment and other originators of cellular data, including within the cellular data networks, mobile cellular equipment, or other equipment of other network service providers or cellular service providers.
One exemplary embodiment of the invention presented in Figure 2 first requires definition of filter rules at 201. The filter rules are defined to serve as a reference with which to determine what cellular data traffic will be deemed undesired or duplicate data. The filter rules may in various embodiments of the invention be defined by mobile cellular equipment users, by cellular service providers, by an automated cellular data monitoring system, by a filter rule subscription or distribution service, or by any other method of creating filter rules usable to identify undesired or duplicate data.
The filter rules may be implemented in any way that facilitates examination of cellular data traffic for corresponding data, including in various embodiments of the invention implementation via state machines, defined key fields corresponding to fields in the cellular data stream, location-specific restrictions on content or quantity of information, or any other suitable method. The filter rules will in various embodiments be defined to enable identification of duplicate or undesired data, and may include rules that use the location of mobile cellular equipment as a parameter. The filter rules defined at 201 may in some embodiments of the invention be automatically propagated through a network, including within or between cellular data networks, mobile cellular equipment, and external network equipment. In other embodiments, the filter rules may be optionally received from a distribution source, or received automatically but requiring user approval before utilization.
The filter rules will in various embodiments of the invention be configured to define duplicate key fields in cellular data, such that these key fields can be used to monitor cellular data traffic at 202 to determine whether cellular data is duplicate data. In one specific embodiment of the invention, this is accomplished by building a table comprising a table entry for each address detected in monitoring cellular data. Each table entry then records both the time of the last detected cellular data corresponding to the address, and a counter that counts the duplicate cellular data corresponding to the address over a period of time. Such a system can monitor both source and destination addresses, thereby preventing both floods to a single destination from multiple sources and floods or spam from a single source to multiple other destinations.
Duplicate data includes not only data that is determined to have the same address as other data, but in other embodiments includes having the same data in one or more other fields. For example, data from a single network domain that contains the same data as other cellular data traffic may be deemed duplicate despite being from a different address. Many other key fields or combinations of key fields may be used in different embodiments of the invention to determine duplication of data, and are within the scope of the invention.
Data determined to be duplicate data is then restricted from transmission at 203, and a user is optionally alerted in some embodiments of the invention at 206. The user may be a mobile equipment user, a cellular data network equipment user or cellular service provider, or be an external network user. The user will in some further embodiments be able to inspect and discard or forward the data, log the data, create new filter rules in response to the data, or take other appropriate action in response to the alert.
Restricting transmission of the data at 203 in further embodiments comprises delaying transmission of duplicate data that exceeds a predetermined allowable amount of duplicate cellular data per period of time. Restricting transmission in various other embodiments may comprise storing the duplicate data for later evaluation, reporting of the duplicate data to a cellular service provider for transmission approval, possible approval and logging of duplicate data to enable billing for authorized mass advertising, or other means of restriction.
The filter rules defined at 201 may also address other types of data that are unwanted, such that the filter rules are used at 202 in monitoring cellular data traffic for the udesired data corresponding to the one or more filter rules. This undesired data can be restricted from further transmission at 204 such as when detected in a cellular data network of a cellular service provider, or can be restricted from processing at 205 such as when detected in mobile cellular equipment.
One or more filter rules corresponding to the undesired data type have been defined at 201, and again may address a variety of undesired data types using any variety of rule parameters. For example, the filter rules may be address-specific, user-configurable, or simply mass distributed rules directed toward known threats. The undesired data types include in various embodiments but are not limited to known viruses, trojan horses, spam, data originating from addresses or network regions known or suspected to be associated with hacking activity, undesired advertising or personal addresses, data of a size larger than is desired for automatic downloading, or other undesirable data. In some embodiments of the invention, the system implementing the monitoring function at 202 is further operable to track messages delivered to cellular mobile equipment. Figure 3 is a flowchart that illustrates integration of tracking functions into a system that monitors cellular data traffic as shown at 202 and at 301. Messages delivered to mobile cellular equipment are tracked at 302, and the tracking data is used to create call log reports from tracked messages at 303. The tracking data is also used in a further embodiment to create billing reports or to create billing data at 304. The billing can be based on tracking data comprising the number of messages or other data elements delivered, the bandwidth consumed in receiving data, the speed or other level of service with which data is retrieved, or other such factors.
The mobile cellular equipment address or other identifying characteristics may be filtered via the filter rules to prevent propagation of selected mobile cellular equipment identifiers or cell identifiers from propagating through a cellular or external network, preventing transmission of data that could be used to locate the cellular mobile equipment. This restriction of cellular mobile equipment registration data propagation is implemented in selected embodiments of the invention to protect user privacy, so that the registration or address data cannot be intercepted and used to determine in which cell a particular mobile cellular equipment user is located.
The inventive system described herein may be implemented within a system utilizing multiple data streams that are encoded with multiple cellular data protocols, and desirably will have monitoring capability to monitor cellular data traffic in any protocol supported within the network. Examples of such protocols include WAP, GPRS, SMS, CIMD, NIP, OIS and TCP/IP protocols such as SMPP and UCP. Other protocols exist and are likely to be developed, and the protocols here are listed as examples only. In such systems, it is desirable to monitor cellular data traffic as shown at 202 in a manner such as is illustrated in Figure 4. At 401, filter rules are defined in a non-format specific format. Cellular data is intercepted within the system at 402, and the intercepted data is parsed into a non-protocol specific format at 403. The parsed data is stored in a data structure in non-protocol specific format at 404, and the data is then compared against the filter rules at 405. Elements 402 through 405 largely correspond to monitoring cellular data at 202 of Figure 2, and comprise yet another possible embodiment of the invention as described in conjunction with Figure 4.
The present invention may also be implemented in some embodiments within mobile cellular equipment 105. Various embodiments will employ an event monitor operating in hardware or software within mobile cellular equipment that is operable to limit the function of software that executes on the mobile cellular equipment. The restrictions to software function include in some embodiments limiting the ability of executing software to erase or modify data stored on the mobile cellular equipment. Embodiments of the invention implemented within mobile cellular equipment will likely be particularly well- suited for implementation of user-configurable filter rules, so that a user can control the degree of security and functionality of his own mobile cellular equipment. But, filter rules may still in various embodiments be received from a distribution server or via other methods, such as to receive automatic virus or trojan horse filter rule updates.
A Subscriber Identity Module (SIM) is employed in some moblie cellular equipment such as is shown at 105, and filter rules may specifically be employed to prevent unauthorized modification of data contained in the SIM. The monitoring and restricting functions of the present invention may be employed in various embodiments within the SIM, in an interface between the SIM and the mobile cellular equipment, or within the mobile cellular equipment.
In cellular mobile equipment as well as in other embodiments of the invention, various actions may be taken once duplicate or undesired data is identified. In addition to restricting transmission or processing of the data, some embodiments of the invention will incorporate prompting a user to determine appropriate action. For example, a cellular mobile equipment user may be given the option to halt execution of suspect code, or may select to execute the code despite the warning. In other embodiments, a cellular data network or other network operator may receive notification of undesired or duplicate data, and therefore may use the data to alert people of the threat or take actions to eliminate the undesired or duplicate data. A help desk may also be alerted in some embodiments of the invention, and may contact appropriate cellular equipment users to assist them in dealing with the undesired or duplicate data. Implementation of the invention in some embodiments will require communication of cellular data traffic over an external network via a protocol such as TCP/IP that may not include certain address or identification information normally communicated within a cellular data network such as 102. In such embodiments, dynamic IP translation will desirably be implemented to map a certain address, phone number, or other location identifier to a TCP/IP address or other external network address, to facilitate tracking of this data and filtering based on this data. For example, a mobile cellular equipment user may configure his equipment to reject cellular data traffic from a specific telephone number. If this undesired data originates remotely from the local cellular data network and must travel to the local network via an external network using TCP/IP or another protocol that does not directly preserve and transmit the originator's phone number, dynamic IP or address translation will be needed to preserve and identify the originator's phone number. By associating the originator's phone number with the address used in the external TCP/IP network, the phone number can be reassociated with the cellular data with the specific IP address on reaching the local cellular data network, and so may be used there for filtering.
The present invention may be implemented in hardware, in software, or in any other manner consistent with the appended claims. It is anticipated that the examples given herein are descriptive of currently desirable applications of the invention, but it is also anticipated that many other example embodiments of the present invention will become apparent only as mobile cellular equipment and its use for data access evolve.
Although specific embodiments have been illustrated and described herein, it will be appreciated by those of ordinary skill in the art that any arrangement which is calculated to achieve the same purpose may be substituted for the specific embodiments shown. This application is intended to cover any adaptations or variations of the invention. It is intended that this invention be limited only by the claims, and the full scope of equivalents thereof.

Claims

Claims
1. A method of providing security in a cellular data system, comprising defining one or more filter rules, at least one of the filter rules to be used to identify cellular data that is duplicate data; monitoring cellular data traffic for data corresponding to one or more of the filter rules; and restricting transmission of the cellular data traffic corresponding to the one or more filter rules.
2. The method of claim 1, wherein the at least one filter rule is used to identify duplicate key fields in the cellular data, the key fields comprising a source address of an originator of the cellular data.
3. The method of claim 1, further comprising building a table comprising a table entry for each address detected in the cellular data, each table entry comprising: a timestamp of the last cellular data sent to or from the address corresponding to the table entry; and a counter that counts duplicate cellular data corresponding to the table entry per period of time.
4. The method of claim 3, wherein each table entry comprises key fields to be used to identify the cellular data as duplicate.
5. The method of claim 1, wherein restricting transmission of the cellular data traffic corresponding to the one or more filter rules comprises blocking duplicate cellular data that exceeds a predetermined allowable amount of duplicate cellular data per period of time from transmission.
6. The method of claim 1, wherein restricting transmission of the cellular data traffic corresponding to the one or more filter rules comprises delaying transmission of duplicate cellular data that exceeds a predetermined allowable amount of duplicate cellular data per period of time.
7. A method of providing security in a cellular data system, comprising defining one or more filter rules, each filter rule corresponding to an undesired data type; monitoring cellular data traffic for data corresponding to one or more of the filter rules in a networked computerized system comprising part of a cellular data network; and restricting transmission of the cellular data traffic corresponding to the one or more filter rules in the networked computer.
8. The method of claim 7, wherein the networked computerized system further tracks messages delivered through a cellular data network to cellular mobile equipment.
9. The method of claim 8, further comprising creating billing reports from the tracked messages.
10. The method of claim 8, further comprising creating call log reports from the tracked messages.
11. The method of claim 7, wherein the networked computerized system resides between a computer data network and a cellular data network.
12. The method of claim 7, wherein the networked computerized system resides within a cellular data network.
13. The method of claim 7, wherein the networked computerized system marks data that has been monitored via the filter rules in the networked computer to indicate monitoring.
14. The method of claim 7, wherein the cellular data traffic comprises multiple data streams encoded via multiple cellular data protocols.
15. The method of claim 7, wherein monitoring cellular data traffic comprises: intercepting cellular data; parsing the intercepted data to a data structure that is non-protocol specific; and comparing the intercepted data in the data structure against filter rules.
16. The method of claim 7, wherein the cellular data comprises mobile equipment cell registration data that is restricted via filter rules to prevent network transmission of the location of cellular mobile equipment.
17. A method of providing security in a cellular data system, comprising defining one or more filter rules, each filter rule corresponding to an undesired data type; monitoring cellular data traffic for data corresponding to one or more of the filter rules in cellular mobile equipment; and restricting processing of the cellular data traffic corresponding to the one or more filter rules in the cellular mobile equipment.
18. The method of claim 17, wherein the monitoring and restricting occurs in an event monitor, the event monitor operable to limit the function of software executing on the cellular mobile equipment by use of the filter rules.
19. The method of claim 18, wherein limiting the function of software executing on the mobile equipment comprises limiting the ability of executing software to erase or modify data stored on the cellular mobile equipment.
20. The method of claim 17, wherein the filter rules comprise rules that can be configured by a user via operation of the cellular mobile equipment.
21. The method of claim 17, wherein the filter rules comprise rules that are distributed via a server.
22. The method of claim 17, wherein monitoring cellular data traffic comprises: intercepting cellular data; parsing the intercepted data to a data structure that is non-protocol specific; and comparing the intercepted data in the data structure against filter rules.
23. The method of claim 17, wherein restricting processing of data that corresponds to one or more filter rules comprises temporarily halting processing of the data and prompting a cellular system user to determine what action to take.
24. The method of claim 17, wherein restricting processing of data that corresponds to one or more filter rules comprises temporarily halting processing of the data and alerting a user.
25. The method of claim 16, wherein the monitoring and restricting processing of data that corresponds to one or more filter rules occurs in an interface that resides between a subscriber identity module (SIM) and cellular mobile equipment.
26. The method of claim 25, wherein the one or more filter rules restrict modification of data contained in the subscriber identity module (SIM).
27. A computerized information management system, the system operable to: store one or more filter rules, at least one of the filter rules to be used to identify cellular data that is duplicate data; monitor cellular data traffic for data corresponding to one or more of the filter rules; and restrict transmission of the cellular data traffic corresponding to the one or more filter rules.
28. The computerized information management system of claim 27, wherein the at least one filter rule is usable to identify duplicate key fields in the cellular data, the key fields comprising a source address of an originator of the cellular data.
29. The computerized information management system of claim 27, further comprising a table that comprises a table entry for each address detected in the cellular data, each table entry comprising: a timestamp of the last cellular data sent to or from the address corresponding to the table entry; and a counter that counts duplicate cellular data corresponding to the table entry per period of time.
30. The computerized information management system of claim 29, wherein each table entry further comprises key fields to be used to identify the cellular data as duplicate.
31. The computerized information management system of claim 27, wherein restricting transmission of the cellular data traffic corresponding to the one or more filter rules comprises blocking duplicate cellular data that exceeds a predetermined allowable amount of duplicate cellular data per period of time from transmission.
32. The computerized information management system of claim 27, wherein restricting transmission of the cellular data traffic corresponding to the one or more filter rules comprises delaying transmission of duplicate cellular data that exceeds a predetermined allowable amount of duplicate cellular data per period of time.
33. A networked computerized information management system comprising part of a cellular data network, the system operable to: define one or more filter rules, each filter rule corresponding to an undesired data type; monitor cellular data traffic for data corresponding to one or more of the filter rules; and restrict transmission of the cellular data traffic corresponding to the one or more filter rules.
34. The computerized information management system of claim 33, wherein the system is further operable to track messages delivered through a cellular data network to cellular mobile equipment.
35. The computerized information management system of claim 34, wherein the system is further operable to create billing reports from the tracked message data.
36. The computerized information management system of claim 34, wherein the system is further operable to create call log reports from the tracked message data.
37. The computerized information management system of claim 33, wherein the system resides between a computer data network and a cellular data network.
38. The computerized information management system of claim 33, wherein the system resides within a cellular data network.
39. The computerized information management system of claim 33, wherein the system is further operable to mark data that has been monitored via the filter rules in the system to indicate monitoring.
40. The computerized information management system of claim 33, wherein the cellular data traffic comprises multiple data streams encoded via multiple cellular data protocols.
41. The computerized information management system of claim 33, wherein monitoring cellular data traffic comprises: intercepting cellular data; parsing the intercepted data to a data structure that is non-protocol specific; and comparing the intercepted data in the data structure against filter rules.
42. The computerized information management system of claim 33, wherein the cellular data comprises mobile equipment cell registration data that is restricted via filter rules to prevent network transmission of the location of cellular mobile equipment.
43. Cellular mobile equipment, the cellular mobile equipment operable to: store one or more filter rules, each filter rule corresponding to an undesired data type; monitor cellular data traffic for data cooesponding to one or more of the filter rules; and restrict processing of the cellular data traffic corresponding to the one or more filter rules.
44. The cellular mobile equipment of claim 43, wherein the monitoring and restricting occurs in an event monitor module within the cellular mobile equipment, the event monitor operable to limit the function of software executing on the cellular mobile equipment by use of the filter rules.
45. The cellular mobile equipment of claim 44, wherein limiting the function of software executing on the mobile equipment comprises limiting the ability of executing software to erase or modify data stored on the cellular mobile equipment.
46. The cellular mobile equipment of claim 43, wherein the filter rules comprise rules that can be configured by a user via operation of the cellular mobile equipment.
47. The cellular mobile equipment of claim 43, wherein the filter rules comprise rules that are distributed via a server.
48. The method of claim 43, wherein monitoring cellular data traffic comprises: intercepting cellular data; parsing the intercepted data to a data structure that is non-protocol specific; and comparing the intercepted data in the data structure against filter rules.
49. The cellular mobile equipment of claim 43, wherein restricting processing of data that corresponds to one or more filter rules comprises temporarily halting processing of the data and prompting a cellular system user to determine what action to take.
50. The cellular mobile equipment of claim 43, wherein restricting processing of data that corresponds to one or more filter rules comprises temporarily halting processing of the data and alerting a user.
51. The cellular mobile equipment of claim 43, wherein the monitoring cellular data traffic and restricting processing of data that corresponds to one or more filter rules occurs in an interface comprising a part of the cellular mobile equipment that resides between a subscriber identity module (SIM) and cellular mobile equipment.
52. The cellular mobile equipment of claim 51 , wherein the one or more filter rules restrict modification of data contained in the subscriber identity module (SIM).
53. A cellular mobile equipment hardware interface, the interface insertable between a subscriber identity module (SIM) and cellular mobile equipment and operable when so inserted to: monitor cellular data traffic for data corresponding to one or more filter rules; and restrict processing of the cellular data traffic cooesponding to the one or more filter rules.
54. A machine-readable medium with instructions stored thereon, the instructions when executed operable to cause a computerized system to: store one or more filter rules, at least one of the filter rules to be used to identify cellular data that is duplicate data; monitor cellular data traffic for data cooesponding to one or more of the filter rules; and restrict transmission of the cellular data traffic cooesponding to the one or more filter rules.
55. The method of claim 54, wherein the at least one filter rule is used to identify duplicate key fields in the cellular data, the key fields comprising a source address of an originator of the cellular data.
56. The machine-readable medium of claim 54, the instructions further operable when executed to cause the computerized system to build a table comprising a table entry for each address detected in the cellular data, each table entry comprising: a timestamp of the last cellular data sent to or from the destination address cooesponding to the table entry; and a counter that counts duplicate cellular data cooesponding to the table entry per period of time.
57. The machine-readable medium of claim 56, wherein each table entry comprises key fields to be used to identify the cellular data as duplicate.
58. The machine-readable medium of claim 54, wherein restricting transmission of the cellular data traffic cooesponding to the one or more filter rules comprises blocking duplicate cellular data that exceeds a predetermined allowable amount of duplicate cellular data per period of time from transmission.
59. The machine-readable medium of claim 54, wherein restricting transmission of the cellular data traffic cooesponding to the one or more filter rules comprises delaying transmission of duplicate cellular data that exceeds a predetermined allowable amount of duplicate cellular data per period of time.
60. A machine-readable medium with instructions stored thereon, the instructions when executed operable to cause a networked computerized system comprising part of a cellular data network to: store one or more filter rules, each filter rule cooesponding to an undesired data type; monitor cellular data traffic for data cooesponding to one or more of the filter rules in a networked computer comprising part of a cellular data network; and restrict transmission of the cellular data traffic cooesponding to the one or more filter rules in the networked computer.
61. The machine-readable medium of claim 60, the instructions when executed further operable to track messages delivered through a cellular data network to cellular mobile equipment.
62. The method of claim 61, the instructions when executed further operable to create billing reports from the tracked messages.
63. The method of claim 61, the instructions when executed further operable to create call log reports from the tracked messages.
64. The machine-readable medium of claim 60, wherein the networked computerized system resides between a computer data network and a cellular data network.
65. The machine-readable medium of claim 60, wherein the networked computer marks data that has been monitored via the filter rules in the networked computer to indicate monitoring.
66. The machine-readable medium of claim 60, wherein the cellular data traffic comprises multiple data streams encoded via multiple cellular data protocols.
67. The machine-readable medium of claim 60, wherein monitoring cellular data traffic comprises: intercepting cellular data; parsing the intercepted data to a data structure that is non-protocol specific; and comparing the intercepted data in the data structure against filter rules.
68. The method of claim 60, wherein the cellular data comprises mobile equipment cell registration data that is restricted via filter rules to prevent network transmission of the location of cellular mobile equipment.
69. A machine-readable medium with instructions stored thereon, the instructions when executed operable to cause computerized cellular mobile equipment to: store one or more filter rules, each filter rule cooesponding to an undesired data type; monitor cellular data traffic for data cooesponding to one or more of the filter rules; and restrict processing of the cellular data traffic cooesponding to the one or more filter rules.
70. The machine-readable medium of claim 69, wherein the monitoring and restricting occurs in an event monitor, the event monitor operable to limit the function of software executing on the cellular mobile equipment by use of the filter rules.
71. The machine-readable medium of claim 70, wherein limiting the function of software executing on the mobile equipment comprises limiting the ability of executing software to erase or modify data stored on the cellular mobile equipment.
72. The machine-readable medium of claim 69, wherein the filter rules comprise rules that can be configured by a user via operation of the cellular mobile equipment.
73. The machine-readable medium of claim 69, wherein the filter rules comprise rules that are distributed via a server.
74. The machine-readable medium of claim 69, wherein monitoring cellular data traffic comprises: intercepting cellular data; parsing the intercepted data to a data structure that is non-protocol specific; and comparing the intercepted data in the data structure against filter rules.
75. The machine-readable medium of claim 69, wherein restricting processing of data that cooesponds to one or more filter rules comprises temporarily halting processing of the data and prompting a cellular system user to determine what action to take.
76. The machine-readable medium of claim 69, wherein restricting processing of data that cooesponds to one or more filter rules comprises temporarily halting processing of the data and alerting a user.
77. The machine-readable medium of claim 69, wherein the monitoring and restricting processing of data that cooesponds to one or more filter rules occurs in an interface that resides between a subscriber identity module (SIM) and cellular mobile equipment.
78. The machine-readable medium of claim 77, wherein the one or more filter rules restrict modification of data contained in the subscriber identity module (SIM).
PCT/IB2000/001586 1999-11-01 2000-11-01 Cellular data system security method and apparatus WO2001033889A1 (en)

Priority Applications (3)

Application Number Priority Date Filing Date Title
EP00971633A EP1234469B1 (en) 1999-11-01 2000-11-01 Cellular data system security method
AU10462/01A AU1046201A (en) 1999-11-01 2000-11-01 Cellular data system security method and apparatus
DE60037748T DE60037748D1 (en) 1999-11-01 2000-11-01 PROCEDURE FOR SAFETY IN A CELLULAR DATA SYSTEM

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
US16298799P 1999-11-01 1999-11-01
US60/162,987 1999-11-01
US18479300P 2000-02-24 2000-02-24
US60/184,793 2000-02-24

Publications (1)

Publication Number Publication Date
WO2001033889A1 true WO2001033889A1 (en) 2001-05-10

Family

ID=26859224

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2000/001586 WO2001033889A1 (en) 1999-11-01 2000-11-01 Cellular data system security method and apparatus

Country Status (5)

Country Link
EP (1) EP1234469B1 (en)
AT (1) ATE383722T1 (en)
AU (1) AU1046201A (en)
DE (1) DE60037748D1 (en)
WO (1) WO2001033889A1 (en)

Cited By (22)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2002023831A1 (en) * 2000-09-15 2002-03-21 Telefonaktiebolaget L M Ericsson (Publ) Arrangement and method for filtering data communication
WO2003039170A1 (en) * 2001-10-30 2003-05-08 Telefonaktiebolaget Lm Ericsson (Publ) General packet radio service (gprs) tunneling protocol (gtp) signalling message filtering
WO2003010983A3 (en) * 2001-07-26 2003-07-10 Ericsson Inc Methods and systems of blocking and/or disregarding data and related wireless terminals and wireless service providers
EP1330097A2 (en) * 2002-01-17 2003-07-23 NTT DoCoMo, Inc. System and method for detecting computer viruses in a mobile communication system
EP1330096A2 (en) * 2002-01-17 2003-07-23 NTT DoCoMo, Inc. System and method for transmitting, storing and using data patterns in a mobile communications terminal
EP1343288A1 (en) * 2002-02-28 2003-09-10 NTT DoCoMo, Inc. Server apparatus and information processing method
EP1347612A2 (en) * 2002-02-28 2003-09-24 NTT DoCoMo, Inc. Mobile communication terminal, information processing apparatus, relay server apparatus, information processing system, and information processing method
WO2003107599A1 (en) * 2002-06-14 2003-12-24 T-Mobile Deutschland Gmbh Content and security proxy in a mobile communications system
EP1503563A1 (en) * 2003-07-29 2005-02-02 France Telecom Security method for requesting access to services, terminal and software module to implement the method
FR2862474A1 (en) * 2003-11-17 2005-05-20 Nortel Networks Ltd Firewall system for monitoring data flow includes use of identifier attached to contexts of communication sessions
EP1569410A1 (en) 2004-02-26 2005-08-31 Research In Motion Limited Method and system for automatically configuring access control
EP1613103A1 (en) * 2004-07-02 2006-01-04 Société Française du Radiotéléphone Method for detection of redundant messages in a message stream
US7142848B2 (en) 2004-02-26 2006-11-28 Research In Motion Limited Method and system for automatically configuring access control
EP1763968A1 (en) * 2004-07-07 2007-03-21 Nokia Corporation Controlling content communication in a communication system
WO2006130807A3 (en) * 2005-06-01 2007-05-24 Qualcomm Inc Selecting data interfaces in a multi-homing, multi-mode communication device
WO2009012822A1 (en) * 2007-07-25 2009-01-29 Sony Ericsson Mobile Communications Ab Methods of remotely updating lists in mobile terminals and related systems and computer program products
US7536650B1 (en) 2003-02-25 2009-05-19 Robertson George G System and method that facilitates computer desktop use via scaling of displayed objects with shifts to the periphery
WO2010021886A1 (en) * 2008-08-20 2010-02-25 Sprint Communications Company L.P. Detection and suppression of short message service denial of service attacks
US8225224B1 (en) 2003-02-25 2012-07-17 Microsoft Corporation Computer desktop use via scaling of displayed objects with shifts to the periphery
GB2494292A (en) * 2011-08-31 2013-03-06 Bae Systems Plc Detection of potentially fraudulent activity by users of mobile communications networks
WO2014111153A1 (en) * 2013-01-18 2014-07-24 Telefonaktiebolaget L M Ericsson (Publ) Ue selective control of downlink data
WO2020002700A1 (en) * 2018-06-29 2020-01-02 Nordic Semiconductor Asa Method of communication between a device and a network

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1997049252A2 (en) * 1996-06-21 1997-12-24 Integrated Computing Engines, Inc. Network based programmable media manipulator
WO1998047270A2 (en) * 1997-04-16 1998-10-22 Nokia Networks Oy Data service in a mobile communications network
US5835726A (en) * 1993-12-15 1998-11-10 Check Point Software Technologies Ltd. System for securing the flow of and selectively modifying packets in a computer network
EP0909073A2 (en) * 1997-09-12 1999-04-14 Lucent Technologies Inc. Methods and apparatus for a computer network firewall with proxy reflection
WO1999048261A2 (en) * 1998-03-18 1999-09-23 Secure Computing Corporation System and method for controlling interactions between networks

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5835726A (en) * 1993-12-15 1998-11-10 Check Point Software Technologies Ltd. System for securing the flow of and selectively modifying packets in a computer network
WO1997049252A2 (en) * 1996-06-21 1997-12-24 Integrated Computing Engines, Inc. Network based programmable media manipulator
WO1998047270A2 (en) * 1997-04-16 1998-10-22 Nokia Networks Oy Data service in a mobile communications network
EP0909073A2 (en) * 1997-09-12 1999-04-14 Lucent Technologies Inc. Methods and apparatus for a computer network firewall with proxy reflection
WO1999048261A2 (en) * 1998-03-18 1999-09-23 Secure Computing Corporation System and method for controlling interactions between networks

Cited By (51)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2002023831A1 (en) * 2000-09-15 2002-03-21 Telefonaktiebolaget L M Ericsson (Publ) Arrangement and method for filtering data communication
WO2003010983A3 (en) * 2001-07-26 2003-07-10 Ericsson Inc Methods and systems of blocking and/or disregarding data and related wireless terminals and wireless service providers
US6975602B2 (en) 2001-07-26 2005-12-13 Ericsson, Inc. Methods and systems of blocking and/or disregarding data and related wireless terminals and wireless service providers
WO2003039170A1 (en) * 2001-10-30 2003-05-08 Telefonaktiebolaget Lm Ericsson (Publ) General packet radio service (gprs) tunneling protocol (gtp) signalling message filtering
US7778660B2 (en) 2002-01-17 2010-08-17 Ntt Docomo, Inc. Mobile communications terminal, information transmitting system and information receiving method
EP1330096A3 (en) * 2002-01-17 2003-09-10 NTT DoCoMo, Inc. System and method for transmitting, storing and using data patterns in a mobile communications terminal
EP1330097A3 (en) * 2002-01-17 2003-09-10 NTT DoCoMo, Inc. System and method for detecting computer viruses in a mobile communication system
EP1330096A2 (en) * 2002-01-17 2003-07-23 NTT DoCoMo, Inc. System and method for transmitting, storing and using data patterns in a mobile communications terminal
CN100493262C (en) * 2002-01-17 2009-05-27 株式会社Ntt都科摩 Mobile communication terminal, information sending system and information receiving method
US7299035B2 (en) 2002-01-17 2007-11-20 Ntt Docomo, Inc. Server device, mobile communications terminal, information transmitting system and information transmitting method
EP1330097A2 (en) * 2002-01-17 2003-07-23 NTT DoCoMo, Inc. System and method for detecting computer viruses in a mobile communication system
EP1343288A1 (en) * 2002-02-28 2003-09-10 NTT DoCoMo, Inc. Server apparatus and information processing method
EP1347612A2 (en) * 2002-02-28 2003-09-24 NTT DoCoMo, Inc. Mobile communication terminal, information processing apparatus, relay server apparatus, information processing system, and information processing method
CN100336029C (en) * 2002-02-28 2007-09-05 株式会社Ntt都科摩 Information processing system and information processing method
EP1347612A3 (en) * 2002-02-28 2004-01-21 NTT DoCoMo, Inc. Mobile communication terminal, information processing apparatus, relay server apparatus, information processing system, and information processing method
US7308256B2 (en) 2002-02-28 2007-12-11 Ntt Docomo, Inc. Mobile communication terminal, information processing apparatus, relay server apparatus, information processing system, and information processing method
US7890619B2 (en) 2002-02-28 2011-02-15 Ntt Docomo, Inc. Server apparatus, and information processing method for notifying of detection of computer virus
US7779246B2 (en) 2002-06-14 2010-08-17 Deutsche Telekom Ag Content and security proxy in a mobile communications system
CN100388722C (en) * 2002-06-14 2008-05-14 T-移动德国有限公司 Content and security proxy in a mobile communications system
WO2003107599A1 (en) * 2002-06-14 2003-12-24 T-Mobile Deutschland Gmbh Content and security proxy in a mobile communications system
US8225224B1 (en) 2003-02-25 2012-07-17 Microsoft Corporation Computer desktop use via scaling of displayed objects with shifts to the periphery
US7536650B1 (en) 2003-02-25 2009-05-19 Robertson George G System and method that facilitates computer desktop use via scaling of displayed objects with shifts to the periphery
US9671922B1 (en) 2003-02-25 2017-06-06 Microsoft Technology Licensing, Llc Scaling of displayed objects with shifts to the periphery
FR2858498A1 (en) * 2003-07-29 2005-02-04 France Telecom METHOD FOR SECURING SERVICE ACCESS REQUESTS, TERMINAL AND SOFTWARE MODULE FOR CARRYING OUT THE METHOD
EP1503563A1 (en) * 2003-07-29 2005-02-02 France Telecom Security method for requesting access to services, terminal and software module to implement the method
WO2005048555A1 (en) * 2003-11-17 2005-05-26 Nortel Networks Limited Method for safety control of data exchange flows between a communications module and a communications network and said communications module
FR2862474A1 (en) * 2003-11-17 2005-05-20 Nortel Networks Ltd Firewall system for monitoring data flow includes use of identifier attached to contexts of communication sessions
US7751809B2 (en) 2004-02-26 2010-07-06 Research In Motion Limited Method and system for automatically configuring access control
EP1569410A1 (en) 2004-02-26 2005-08-31 Research In Motion Limited Method and system for automatically configuring access control
US7532882B2 (en) 2004-02-26 2009-05-12 Research In Motion Limited Method and system for automatically configuring access control
US7142848B2 (en) 2004-02-26 2006-11-28 Research In Motion Limited Method and system for automatically configuring access control
CN1661982B (en) * 2004-02-26 2010-05-05 捷讯研究有限公司 Method and system for automatically configuring access control
EP1613103A1 (en) * 2004-07-02 2006-01-04 Société Française du Radiotéléphone Method for detection of redundant messages in a message stream
FR2872601A1 (en) * 2004-07-02 2006-01-06 Radiotelephone Sfr METHOD FOR DETECTING REDUNDANT MESSAGES IN A MESSAGE FLOW
EP1763968A4 (en) * 2004-07-07 2010-12-29 Nokia Corp Controlling content communication in a communication system
EP1763968A1 (en) * 2004-07-07 2007-03-21 Nokia Corporation Controlling content communication in a communication system
US8526463B2 (en) 2005-06-01 2013-09-03 Qualcomm Incorporated System and method to support data applications in a multi-homing, multi-mode communication device
US9258721B2 (en) 2005-06-01 2016-02-09 Qualcomm Incorporated System and method to support data applications in a multi-homing, multi-mode communication device
WO2006130807A3 (en) * 2005-06-01 2007-05-24 Qualcomm Inc Selecting data interfaces in a multi-homing, multi-mode communication device
KR101032843B1 (en) 2005-06-01 2011-05-06 콸콤 인코포레이티드 Selecting data interfaces in a multi-homing, multi-mode communication device
US9185583B2 (en) 2005-06-01 2015-11-10 Qualcomm Incorporated System and method to support data applications in a multi-homing, multi-mode communication device
US9185582B2 (en) 2005-06-01 2015-11-10 Qualcomm Incorporated System and method to support data applications in a multi-homing, multi-mode communication device
US7877087B2 (en) 2007-07-25 2011-01-25 Sony Ericsson Mobile Communications Ab Methods of remotely updating lists in mobile terminals and related systems and computer program products
WO2009012822A1 (en) * 2007-07-25 2009-01-29 Sony Ericsson Mobile Communications Ab Methods of remotely updating lists in mobile terminals and related systems and computer program products
US8255994B2 (en) 2008-08-20 2012-08-28 Sprint Communications Company L.P. Detection and suppression of short message service denial of service attacks
WO2010021886A1 (en) * 2008-08-20 2010-02-25 Sprint Communications Company L.P. Detection and suppression of short message service denial of service attacks
GB2494292A (en) * 2011-08-31 2013-03-06 Bae Systems Plc Detection of potentially fraudulent activity by users of mobile communications networks
WO2014111153A1 (en) * 2013-01-18 2014-07-24 Telefonaktiebolaget L M Ericsson (Publ) Ue selective control of downlink data
US9473985B2 (en) 2013-01-18 2016-10-18 Telefonaktiebolaget L M Ericsson (Publ) UE selective control of downlink data
WO2020002700A1 (en) * 2018-06-29 2020-01-02 Nordic Semiconductor Asa Method of communication between a device and a network
US11659603B2 (en) 2018-06-29 2023-05-23 Nordic Semiconductor Asa Method of communication between a device and a network

Also Published As

Publication number Publication date
EP1234469B1 (en) 2008-01-09
AU1046201A (en) 2001-05-14
DE60037748D1 (en) 2008-02-21
ATE383722T1 (en) 2008-01-15
EP1234469A1 (en) 2002-08-28

Similar Documents

Publication Publication Date Title
EP1234469B1 (en) Cellular data system security method
US9686236B2 (en) Mobile telephone firewall and compliance enforcement system and methods
US11201883B2 (en) System, method, and apparatus for data loss prevention
KR101359324B1 (en) System for enforcing security policies on mobile communications devices
US7926108B2 (en) SMTP network security processing in a transparent relay in a computer network
US6721890B1 (en) Application specific distributed firewall
US8230505B1 (en) Method for cooperative intrusion prevention through collaborative inference
FI113121B (en) Systems, data communication networks and a method for transmitting information
EP1564963B1 (en) System and method for protecting a computing device from computer exploits delivered over a networked environment in a secured communication
US9325738B2 (en) Methods and apparatus for blocking unwanted software downloads
US20020199120A1 (en) Monitored network security bridge system and method
EP1300984A2 (en) Managing a network security application
US20080196104A1 (en) Off-line mms malware scanning system and method
US20070140275A1 (en) Method of preventing denial of service attacks in a cellular network
WO2004008701A1 (en) Method and system for controlling messages in a communication network
JP2006060811A (en) Method for filtering spam mail for mobile communication apparatus
US7844999B1 (en) Message parsing in a network security system
US20120150967A1 (en) Spam reporting and management in a communication network
US9104874B2 (en) Method for detecting the hijacking of computer resources
JP5153779B2 (en) Method and apparatus for overriding unwanted traffic accusations in one or more packet networks
CN104202325A (en) System for implementing security policies on mobile communication equipment
EP1903830A1 (en) Cellular data system security method
EP2391151A1 (en) Mobile device security alert method and system
He Requirements for security in home environments
Arslanagic Personal firewall in mobile phone

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
WWE Wipo information: entry into national phase

Ref document number: 2000971633

Country of ref document: EP

WWP Wipo information: published in national office

Ref document number: 2000971633

Country of ref document: EP

REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

WWG Wipo information: grant in national office

Ref document number: 2000971633

Country of ref document: EP