WO2005036304A2 - Mobility device server - Google Patents

Mobility device server Download PDF

Info

Publication number
WO2005036304A2
WO2005036304A2 PCT/US2004/013504 US2004013504W WO2005036304A2 WO 2005036304 A2 WO2005036304 A2 WO 2005036304A2 US 2004013504 W US2004013504 W US 2004013504W WO 2005036304 A2 WO2005036304 A2 WO 2005036304A2
Authority
WO
WIPO (PCT)
Prior art keywords
web services
cooperating
computing environment
recited
server computing
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/US2004/013504
Other languages
English (en)
French (fr)
Other versions
WO2005036304A3 (en
Inventor
Peter Bookman
Rick Charles White
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
REALM SYSTEMS Inc
Original Assignee
REALM SYSTEMS Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by REALM SYSTEMS Inc filed Critical REALM SYSTEMS Inc
Priority to JP2006527962A priority Critical patent/JP2007519066A/ja
Publication of WO2005036304A2 publication Critical patent/WO2005036304A2/en
Publication of WO2005036304A3 publication Critical patent/WO2005036304A3/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F15/00Digital computers in general; Data processing equipment in general
    • G06F15/16Combinations of two or more digital computers each having at least an arithmetic unit, a program unit and a register, e.g. for a simultaneous processing of several programs
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/30Definitions, standards or architectural aspects of layered protocol stacks
    • H04L69/32Architecture of open systems interconnection [OSI] 7-layer type protocol stacks, e.g. the interfaces between the data link level and the physical level
    • H04L69/322Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions
    • H04L69/329Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions in the application layer [OSI layer 7]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • H04W12/033Protecting confidentiality, e.g. by encryption of the user plane, e.g. user's traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication

Definitions

  • the herein described systems and methods relate to a mobile computing technologies, and more importantly, to a mobility device management server that allows for secure, remote mobile computing.
  • a computer user may wish to have their financial planning and management data from his/her financial planning and management computing application (e.g. Quicken, Microsoft Money) with them at all times to address any payments that might spring up (e.g. a lapsed bill).
  • his/her financial planning and management computing application e.g. Quicken, Microsoft Money
  • the computing user is relegated to install the financial planning and management computing application and data on each of his/her computmg environments (including his/her corporate computer - which may be in violation of corporate computing policies and procedures) so that he/she can have access to this desired data.
  • enterprises may wish to effectively and immediately terminate all access to sensitive corporate data from employees who are to be terminated.
  • an exemplary mobility device platform comprises a mobility device operable to communicate with at least one computing environment through a communications interface and wherein the mobility device is operable to process and store secure web services, a communications network operable to communicate data and computing applications using web services, and a mobility device management server operable to generate, process, store, communicate and encrypt web services to the mobility device.
  • the mobility device management server is operable to perform one or more mobility device management functions to provide encryption keys to cooperating mobility devices and to authenticate and verify cooperating mobility devices requesting web services from the mobility device management server.
  • the mobility device management server and mobility device may further operate to perform authentication and verification using user identification and password information.
  • the mobility device management server further may operate to perform metering functions and operations on web services being processed and executed on the mobility device platform. Furthermore, the mobility device management server may operate to support intermittent connections between itself and cooperating mobility devices.
  • the exemplary mobility device is configured for use on a cooperating computing environment. Further the mobility device establishes communications with cooperating one or more mobility device management servers and attempts to be authenticated and verified by the cooperating one or more mobility device management servers using selected authentication and verification information. Upon authentication and verification, the cooperating one or more mobility device management servers process requests for data and computing applications from the cooperating exemplary mobility device using web services. The web services are encrypted by the cooperating one more mobility device management servers using the exemplary selected authentication and verification information (e.g. keys) to allow secure communications of requested data and computmg applications from the cooperating one more mobility device management servers and the exemplary mobility device. [0010] Other features of the herein described systems and methods are further described below.
  • Figure 1 is a block diagram of an exemplary computing environment in accordance with an implementation of the herein described systems and methods
  • Figure 2 is a block diagram of an exemplary computing network environment in accordance with the herein described system and methods;
  • Figure 3 is a block diagram showing the interaction between exemplary computing components in accordance with the herein described systems and methods;
  • FIG. 4 is a block diagram of an illustrative implementation of a mobility device platform in accordance with the herein described systems and methods;
  • FIG. 5 is a block diagram of an exemplary architecture of an illustrative mobility device management server in accordance with the herein described systems and methods ;
  • FIG. 6 is a flow diagram of the processing performed by an illustrative mobility device management server to handle user and device management in accordance with the herein described systems and methods;
  • FIG. 7 is a flow diagram of the processing performed by an illustrative mobility device management server when processing web services requests in accordance with the herein described systems and methods;
  • Figure 8 is a flow diagram of the processing performed by an illustrative mobility device management server when translating web services during web services processing in accordance with the herein described systems and methods;
  • Figure 9 is a flow diagram of the processing performed by an illustrative mobility device management server when performing metering and intermittent connection processing in accordance with the herein described systems and methods.
  • the herein described systems and methods offer a "user-centric" approach to computing and mobile computing.
  • Current computmg solutions, enterprise or individual are generally designed using a "device-centric” model.
  • the device-centric model aims at managing and tracking users based on device assignments and designations.
  • the enterprise computing environment may comprise a number of server computing environments and numerous client computing environments.
  • each user in the enterprise is provisioned client computing environment (e.g. personal computer or laptop computer) that is generally networked to the server computing environment through the ente ⁇ rise communications interface or, if the user is remote to the ente ⁇ rise communications network, through a virtual private network (VPN).
  • VPN virtual private network
  • the users are provided user identification information and password information through a directory services structure that associates user rights and privileges to certain ente ⁇ rise data and computing applications.
  • the mobility device may cooperate with one or more computing environments invoking one or more work spaces to process web services.
  • the web services may be executed from data and computing applications local to the MD, or the MD may cooperate with one or more MDMS to obtain the desired web service.
  • the MDMS may operate to authenticate requesting MDs to ensure that they have the rights and privileges to the requested web services. Additionally, the MDMS may cooperate with third party web service providers to obtain requested web services. In such context, the MDMS may act to translate the web service from a non-MD native web service format to a native MD web service.
  • the MDMS and MD engage in 1028 bit and/or 2056 bit encryption (e.g.
  • the web services provided by the MDMS to the MD may include but are not limited to computing applications and desired data. Additionally, the MD may operate to store the participating user's customized settings and preferences local to the MD so they are available to the user at all times.
  • XML XML Language
  • Client applications use web services at another site, often referred to as the client side, by first inte ⁇ reting one or more WSDL documents. Once inte ⁇ reted, the clients can understand the characteristics of the associated service(s). For example, service characteristics may include service API specifications such as (a) input data type, (b) service input data format,
  • Client applications prepare their data in manners in which various particular web services understand.
  • Client applications invoke a particular service according to the manner specified for the service, such as in an associated WSDL document.
  • the herein described system and methods aim to ameliorate such disparity by offering a mobility device platform having a mobile device management server which includes, among other things, a web services translation module operative to accept data from web services web services providers and present them in a web service model native to cooperating mobility devices.
  • a mobile device management server which includes, among other things, a web services translation module operative to accept data from web services web services providers and present them in a web service model native to cooperating mobility devices.
  • SOAP Simple Object Access Protocol
  • SOAP Simple Object Access Protocol
  • RPC Remote Procedure Call style
  • a SOAP message consists of a SOAP envelope that encloses two data structures, the SOAP header and the SOAP body, and information about the name spaces used to define them.
  • the header is optional; when present, it conveys information about the request defined in the SOAP body. For example, it might contain transactional, security, contextual, or user profile information.
  • the body contains a Web Service request or reply to a request in XML format.
  • the high-level structure of a SOAP message is shown in the following figure.
  • WSDL can define the SOAP message used to access the Web Services, the protocols over which such SOAP messages can be exchanged, and the Internet locations where these Web Services can be accessed.
  • the WSDL descriptors can reside in UDDI or other directory services, and they can also be provided via configuration or other means such as in the body of SOAP request replies.
  • the SOAP client sends the document to a SOAP server, and the SOAP servlet running on the server handles the document using, for example, HTTP or HTTPS.
  • the Web service receives the SOAP message, and dispatches the message as a service invocation to the application providing the requested service. [0047] A response from the service is returned to the SOAP server, again using the SOAP protocol, and this message is returned to the originating SOAP client.
  • SOAP is described herein as a communication protocol for the herein described systems and methods that such description is merely illustrative as the herein described systems and methods may employ various communication protocols and messaging standards.
  • FIG. 1 depicts an exemplary computing system 100 in accordance with herein described system and methods.
  • Computing system 100 is capable of executing a variety of operating systems 180 and computing applications 180' (e.g. web browser and mobile desktop environment) operable on operating system 180.
  • Exemplary computing system 100 is controlled primarily by computer readable instructions, which may be in the form of software, where and how such software is stored or accessed. Such software may be executed within central processing unit (CPU) 110 to cause data processing system 100 to do work.
  • CPU central processing unit
  • central processing unit 110 is implemented by micro-electronic chips CPUs called microprocessors.
  • Coprocessor 115 is an optional processor, distinct from main CPU 110, that performs additional functions or assists CPU 110.
  • CPU 110 may be connected to co-processor 1 15 through interconnect 112.
  • coprocessor One common type of coprocessor is the floating-point coprocessor, also called a numeric or math coprocessor, which is designed to perform numeric calculations faster and better than general- pu ⁇ ose CPU 110.
  • computing environment 100 may comprise a number of CPUs 110. Additionally computing environment 100 may exploit the resources of remote CPUs (not shown) through communications network 160 or some other data communications means (not shown).
  • CPU 110 fetches, decodes, and executes instructions, and transfers information to and from other resources via the computer's main data-transfer path, system bus 105.
  • system bus 105 Such a system bus connects the components in computing system 100 and defines the medium for data exchange.
  • System bus 105 typically includes data lines for sending data, address lines for sending addresses, and control lines for sending interrupts and for operating the system bus.
  • An example of such a system bus is the PCI (Peripheral Component Interconnect) bus.
  • PCI Peripheral Component Interconnect
  • Some of today's advanced busses provide a function called bus arbitration that regulates access to the bus by extension cards, controllers, and CPU 110. Devices that attach to these busses and arbitrate to take over the bus are called bus masters.
  • Bus master support also allows multiprocessor configurations of the busses to be created by the addition of bus master adapters containing a processor and its support chips.
  • Memory devices coupled to system bus 105 include random access memory (RAM) 125 and read only memory (ROM) 130. Such memories include circuitry that allows information to be stored and retrieved. ROMs 130 generally contain stored data that cannot be modified. Data stored in RAM 125 can be read or changed by CPU 110 or other hardware devices. Access to RAM 125 and/or ROM 130 may be controlled by memory controller 120. Memory controller 120 may provide an address translation function that translates virtual addresses into physical addresses as instructions are executed. Memory controller 120 may also provide a memory protection function that isolates processes within the system and isolates system processes from user processes.
  • computing system 100 may contain peripherals controller 135 responsible for communicating instructions from CPU 110 to peripherals, such as, printer 140, keyboard 145, mouse 150, and data storage drive 155.
  • peripherals controller 135 responsible for communicating instructions from CPU 110 to peripherals, such as, printer 140, keyboard 145, mouse 150, and data storage drive 155.
  • Display 165 which is controlled by display controller 163, is used to display visual output generated by computing system 100. Such visual output may include text, graphics, animated graphics, and video. Display 165 may be implemented with a CRT-based video display, an LCD-based flat-panel display, gas plasma-based flat-panel display, a touch-panel, or other display forms. Display controller 163 includes electronic components required to generate a video signal that is sent to display 165.
  • computing system 100 may contain network adaptor 170 which may be used to connect computing system 100 to an external communication network 160.
  • Communications network 160 may provide computer users with means of communicating and transferring software and information electronically. Additionally, communications network 160 may provide distributed processing, which involves several computers and the sharing of workloads or cooperative efforts in performing a task. It will be appreciated that the network connections shown are exemplary and other means of establishing a communications link between the . computers may be used.
  • exemplary computer system 100 is merely illustrative of a computing environment in which the herein described systems and methods may operate and does not limit the implementation of the herein described systems and methods in computing environments having differing components and configurations as the inventive concepts described herein may be implemented in various computing environments having various components and configurations.
  • Computing system 100 can be deployed as part of a computer network.
  • the above description for computing environments applies to both server computers and client computers deployed in a network environment.
  • Figure 2 illustrates an exemplary illustrative networked computmg environment 200, with a server in communication with client computers via a communications network, in which the herein described systems and methods may be employed.
  • server 205 may be interconnected via a communications network 160 (which may be either of, or a combination of a fixed-wire or wireless LAN, WAN, intranet, extranet, peer-to-peer network, the Internet, or other communications network) with a number of client computing environments such as tablet personal computer 210, mobile telephone 215, telephone 220, personal computer 100, and personal digital assistance 225. Additionally, the herein described systems and methods may cooperate with automotive computing environments (not shown), consumer electronic computing environments (not shown), and building automated control computing environments (not shown) via communications network 160.
  • a communications network 160 which may be either of, or a combination of a fixed-wire or wireless LAN, WAN, intranet, extranet, peer-to-peer network, the Internet, or other communications network
  • client computing environments such as tablet personal computer 210, mobile telephone 215, telephone 220, personal computer 100, and personal digital assistance 225.
  • client computing environments such as tablet personal computer 210, mobile telephone 215, telephone 220, personal computer 100, and personal digital assistance 225.
  • server 205 can be dedicated computing environment servers operable to process and communicate web services to and from client computing environments 100, 210, 215, 220, and 225 via any of a number of known protocols, such as, hypertext transfer protocol (HTTP), file transfer protocol (FTP), simple object access protocol (SOAP), or wireless application protocol (WAP).
  • HTTP hypertext transfer protocol
  • FTP file transfer protocol
  • SOAP simple object access protocol
  • WAP wireless application protocol
  • Each client computing environmet 100, 210, 215, 220, and 225 can be equipped with browser operating system 180 operable to support one or more computmg applications such as a web browser (not shown), or a mobile desktop environment (not shown) to gain access to server computing environment 205.
  • a user may interact with a computing application running on a client computing environments to obtain desired data and/or computing applications.
  • the data and/or computing applications may be stored on server computing environment 205 and communicated to cooperating users through client computing environments 100, 210, 215, 220, and 225, over exemplary communications network 160.
  • a participating user may request access to specific data and applications housed in whole or in part on server computing environment 205 using web services transactions. These web services transactions may be communicated between client computing environments 100, 210, 215, 220, and 220 and server computing environments for processing and storage.
  • the systems and methods described herein can be utilized in a computer network environment having client computmg environments for accessing and interacting with the network and a server computing environment for interacting with client computing environments.
  • the systems and methods providing the mobility device platform can be implemented with a variety of network-based architectures, and thus should not be limited to the example shown.
  • the herein described systems and methods will now be described in more detail with reference to a presently illustrative implementation.
  • FIG. 3 shows an exemplary interaction between the components of an exemplary mobility device platform.
  • exemplary mobility device platform 300 in simple terms, may comprise mobility device 310 cooperating with client computing environment 100 using communications interface 305 operating on a selected communications protocol (not shown). Additionally, exemplary mobility device platform 300 may further comprise communications network 160 (of Figure 1) and server computing environment 205.
  • mobility device may cooperate with client computing environment 100 through communications interface 305 to execute one or more computing applications 180' originating from mobility device 310 and displayable for user interaction on client computing environment 100.
  • Computing applications 180' may include but are not limited to, a browser application offering the look and feel of conventional operating systems, word processing applications, spreadsheets, database applications, web services applications, and user management/preference applications.
  • mobility device 310 may cooperate with server computmg environment 205 via communications network 160 using client computing environment 100 to obtain data and/or computing applications in the form of web services.
  • Figure 4 shows the interaction of components for exemplary mobility device platform 400.
  • exemplary mobility device platform 400 comprises mobility device (MD) 405, computing environment 410, communications network 435, mobility device management server (MDMS) 420 and third party web service providers 440.
  • MD 405 further comprises processing unit (PU), • operating system (OS), storage memory (RAM/ROM), and an MD communications interface.
  • MDMS 420 further comprises translation engine 425, web services 430, and encryption engine 445.
  • MD 405 communicates with computing environment 415 using one or more of MD components PU, OS, RAM/ROM and MD communications interface through MD/computing environment communications interface 410.
  • MD 405 may launch one or more computing applications (not shown) that may include but are not limited to, a mobile desktop environment, user customization and authentication manager, and web services applications as part of configuration.
  • computing applications may include but are not limited to, a mobile desktop environment, user customization and authentication manager, and web services applications as part of configuration.
  • MD 405 may further cooperate with computmg environment 415 to process one or more web services (e.g. web service data and/or computing applications).
  • MD 405 may also request web services data and/or computing applications from cooperating MDMS 420 using communications network 435 to process such web services.
  • MDMS 420 may operate to authenticate MD 405 to ensure that the participating user (not shown) and mobility device 405 have the correct privileges to the requested data and/or computing applications.
  • MDMS 420 may further operate to locate the requested data and/or computing applications locally at MDMS 420 and provide such requested data and/or computing applications (e.g. web services) to the authenticate MD 405 over communications network 435, or operate to cooperate with third party services providers 440 to obtain the requested web services for communication to the authenticated MD 405.
  • MDMS 420 may operate to translate the web services 430 originating from third party web services providers 440 to an MD native format using translation engine 425. Additionally, MDMS 420 may operate to encrypt requested web services using encryption engine 445 when satisfying requests for web services from authenticated MD 405.
  • MDMS 420 may further operate to cooperate with a file system (not shown) using a selected encryption protocol (e.g. PKI encryption) to obtain the requested data for communication to MD 405.
  • the cooperating file system may include but is not limited to file allocation table (FAT) file systems and new technology files system (NTFS).
  • FAT file allocation table
  • NTFS new technology files system
  • FIG 5 is block diagram showing exemplary components of an illustrative mobility device management server (MDMS) deployed in an illustrative networked computing environment. As is shown, illustrative networked computing environment comprises Site A, Site B, and Site C, respectively, having exemplary MDMSs and components.
  • Site A comprises MDMS 502 which itself comprises operating system 504.
  • Operating system (OS) 504 is shown to support Java virtual machine (JVM) 506 which, in turn, supports MDMS.java code 508.
  • MDMS.java code 508 therein comprises SOAP chaining 538 and services 548.
  • Operating system 504 is operative to support and cooperate with user database 510, key database 512, and file storage 514.
  • Operating system 504 is operative to support and cooperate with resident applications 550, JVM 552, and JVM 554.
  • OS 504 is operative to support and cooperate with encryption drivers, communication interface drivers and network drivers.
  • Mirroring OS 504, MDMS 502 maintains hardware such as hardware accelerator, communications interface port, and network interface cards (NICs) that cooperate with the encryption drivers, communications interface drivers, and network drivers during MDMS 502 operation.
  • NICs network interface cards
  • MDMS comprises storage area network (SAN)/network attached storage (NAS) interface 516 that is operable to connect MDMS 502 to cooperating file/data stores 518 and cooperating MDMSs 520 and 522.
  • SAN/NAS interface 516 may be coupled to cooperating file/data storage and MDMSs 520 and 522 through communications network 519.
  • MDMS 502 may cooperate with other MDMS environments 536 and 528 that may reside local to or geographically disparate from MDMS 502.
  • MDMS environment 536 may comprise MDMS 534 and file/data store 522.
  • MDMS environment 528 may comprise MDMS 526 and MDMS 530 operatively coupled to file/data store 524.
  • SOAP chaining module 538 there may reside a number of sub-modules that include but are not limited to, a packet sniffer operative to monitor data communications, security enforcement operative to maintain data privileges and access, usage/monitor operative to meter services usage, and a web services proxy operative to cache web services for cooperation with requesting components (e.g. authenticated MD, not shown).
  • These sub-modules may be controllable by one or more sub-module applications that may include but are not limited to administration debugger operating on the packet sniffer sub-module, security manager operative on the seucurity/enforcement sub-module, metering manager operative on the usage/monitor sub- module, and proxy manager operative on the web services proxy.
  • a number of service may include but are not limited to a mobility device manager, an encryption manager (PKCS manager), a file transfer service, a web services manager, web services access control service, a web services metering service, a universal, description, discovery, and integration directory (UDDI directory) service, a UDDI repository service, a files system (e.g. Omni file system), a SOAP proxy service, a web services translator service, and a quality of service operation that is operative to perform functions including but not limited to load balancing, MDMS hot swapping, and failover.
  • Resident apps 550 may include but are not limited to security, router, SAN/NAS control, and encryption control.
  • JVM 552 may comprise code to operate on and process encryption information (e.g. key information), user authentication, service allocation, and MDMS Java operations.
  • JVM 554 may comprise Java code that allow it to emulate a mobility device hardware configuration.
  • MDMS 501 provides secure management of user data, registry of applications and services, and coordination of storage.
  • MDMS 501 supports both user access and administrative functions. For example, mobile desktop users may connect to their applications and data through MDMS 501.
  • MDMS 501 checks for user authentication and preferences. Access controls may be automatically imposed and "skins" may be applied to applications and services such that they fit in to a participating user's environment. Requests for applications and data may be processed with the speed of local devices and may be monitored for system improvement.
  • MDMS 502 is operative to enable users to access file stores (e.g.
  • MDMS 502 may employ various MDMS components to provide management of files, applications/services (548 and 550), and mass storage. Moreover, MDMS 502 allows for more robust administration as it provides administrators the ability to connect to MDMS 502 from remote locations using a cooperating mobility device (not shown). [0074] As is illustrated by Figure 5, MDMS 502 may comprise a number of functional components and modules. These components and modules may operate to provide functions including, but not limited to, security, mobility device management, encryption key tracking and management, metering of transactions, file system management, application/service management, application subscriptions management, web services monitoring, legacy infrastructure extension, data storage management, and cluster deployment and management.
  • Figure 6 shows the processing performed by exemplary MDMS 502 when cooperating with cooperating MDMS and MDs to process web services. As is shown, processing begins at block 600 and proceeds to block 605 where a check is performed to determine if a cooperating MD authorization needs to be created or updated. If the check at block 605 indicates that the MD authorization does not need to be established or updated, processing reverts to block 600 and continues from there.
  • processing proceeds to block 610 where a check is performed to determine if the cooperating MD is new to the MDMS and requires initial authentication by the MDMS. If the check at block 610 indicates that authentication for a new MD is required, processing proceeds to block 615 where the MDMS generates authentication information for the new MDs. From there processing proceeds to block 620 where encryption keys are generated and communicated to the MD(s) being authenticated. The authentication and encryption information is then communicated to the cooperating MD(s) being authenticated at block 625. The MDMS then associates group memberships for the MD(s) on cooperating file system(s) using the authentication and encryption information.
  • a check is then performed at block 635 to determine if the authentication was successful. If the check was not deemed successful at check 635, processing proceeds to block 640 where an error is generated. The authentication mistakes may then be rectified at block 645. From there processing reverts back to the input of block 635 and proceeds from there.
  • processing proceeds to block 650 where a check is performed to determine if permission changes are required for cooperating MDs. If the check at block 650 indicates that permission changes are required, processing proceeds to block 655 where the authentication and/or encryption information is updated. Form there processing reverts back to the input of block 635 and continues from there.
  • Figure 7 shows the processing performed by exemplary mobility device management server 502 in an illustrative implementation of processing web services.
  • processing begins at block 700 and proceeds to block 705 where a check is performed to determine if the MDMS has engaged in communications with a cooperating communications network. If the check at block 700 indicates that communications have not been engaged, processing reverts back to block 700 and continues from there. However, if at block 705 it is determined that communications have been engaged by MDMS with a cooperating communications network, processing proceeds to block 710 where a check is performed to determine if one or more cooperating MDs have requested one or more web service from the MDMS. If the check at block 710 indicates that there are no MD requests for web services, processing reverts to the input of block 710 and continues from there.
  • Figure 8 shows the processing performed by exemplary mobility device management server 502 in another implementation of web services processing. As is shown in Figure 8, processing begins at block 800 and proceeds to block 805 where a check is performed to determine if one or more authenticated MDs have requested one or more web services. If at block 805 it is determined that there are no requests for web services from authenticated MDs, processing reverts to block 800 and proceeds from there.
  • MD operations are metered to obtain usage, behavior, affinity, and similar metrics by MDMS at block 835.
  • the meter data is then stored at block 840 for subsequent use.
  • a check is then performed at block 845 to determine whether the stored meter data is to be reported. If the check at block 845 indicates that the meter data is to be reported, processing proceeds to block 850 where, the meter data is analyzed to generate meter reports. Processing then terminates at block 855.
  • the check at block 815 indicates that translation is required, processing proceeds to block 820 where the requested web services is translated into an MD native web service. From there, processing proceeds to block 825 and continue from there.
  • Figure 9 shows the processing performed by exemplary MDMS 502 in another implementation of web services processing.
  • processing begins at block 900 and proceeds to block 905 where a check is performed to determine if one or more authenticated MDs have requested one or more web services. If at block 905 it is determined that there are no requests for web services from authenticated MDs, processing reverts to block 900 and proceeds from there. However, if at block 905 it is determined that there are requests for web services from one or more authenticated MDs, processing proceeds to block 910 where the MDMS retrieves data and/or computing applications from any of a cooperating file store, cooperating web services providers and other cooperating MDMS. From there a check is performed at block 915 to determine if the retrieved web service requires translation into an MD native web service format.
  • processing proceeds to block 940 where the requested web services are cached . From there processing proceeds to the input of block 935 and continues there from. Also, if the check at block 915 indicates that translation is required, processing proceeds to block 920 where the requested web services is translated into an MD native web service. From there, processing proceeds to block 925 and continue from there.
  • the herein described systems and methods provide a mobility device management server for use as part of a mobility device platform. It is understood, however, that the invention is susceptible to various modifications and alternative constructions. There is no intention to limit the invention to the specific constructions described herein. On the contrary, the invention is intended to cover all modifications, alternative constructions, and equivalents falling within the scope and spirit of the invention.
  • the present invention may be implemented in a variety of computer environments (including both non-wireless and wireless computer environments), partial computing environments, and real world environments.
  • the various techniques described herein may be implemented in hardware or software, or a combination of both.
  • the techniques are implemented in computing environments maintaining programmable computers that include a processor, a storage medium readable by the processor (including volatile and nonvolatile memory and/or storage elements), at least one input device, and at least one output device.
  • Computing hardware logic cooperating with various instructions sets are applied to data to perform the functions described above and to generate output information.
  • the output information is applied to one or more output devices.
  • Programs used by the exemplary computing hardware may be preferably implemented in various programming languages, including high level procedural or object oriented programming language to communicate with a computer system.
  • the herein described apparatus and methods may be implemented in assembly or machine language, if desired. In any case, the language may be a compiled or inte ⁇ reted language.
  • Each such computer program is preferably stored on a storage medium or device (e.g., ROM or magnetic disk) that is readable by a general or special pu ⁇ ose programmable computer for configuring and operating the computer when the storage medium or device is read by the computer to perform the procedures described above.
  • the apparatus may also be considered to be implemented as a computer-readable storage medium, configured with a computer program, where the storage medium so configured causes a computer to operate in a specific and predefined manner.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Information Transfer Between Computers (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Telephonic Communication Services (AREA)
PCT/US2004/013504 2003-09-29 2004-04-30 Mobility device server Ceased WO2005036304A2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
JP2006527962A JP2007519066A (ja) 2003-09-29 2004-04-30 可動性装置サーバ

Applications Claiming Priority (16)

Application Number Priority Date Filing Date Title
US50691903P 2003-09-29 2003-09-29
US50692503P 2003-09-29 2003-09-29
US50691803P 2003-09-29 2003-09-29
US50719703P 2003-09-29 2003-09-29
US60/506,919 2003-09-29
US60/507,197 2003-09-29
US60/506,918 2003-09-29
US60/506,925 2003-09-29
US53891504P 2004-01-22 2004-01-22
US53876704P 2004-01-22 2004-01-22
US54373504P 2004-01-22 2004-01-22
US53876304P 2004-01-22 2004-01-22
US60/538,915 2004-01-22
US60/538,763 2004-01-22
US60/538,767 2004-01-22
US60/543,735 2004-01-22

Publications (2)

Publication Number Publication Date
WO2005036304A2 true WO2005036304A2 (en) 2005-04-21
WO2005036304A3 WO2005036304A3 (en) 2005-06-30

Family

ID=34437818

Family Applications (3)

Application Number Title Priority Date Filing Date
PCT/US2004/013504 Ceased WO2005036304A2 (en) 2003-09-29 2004-04-30 Mobility device server
PCT/US2004/013503 Ceased WO2005036411A1 (en) 2003-09-29 2004-04-30 Mobility device platform
PCT/US2004/013505 Ceased WO2005036305A2 (en) 2003-09-29 2004-04-30 Mobility device

Family Applications After (2)

Application Number Title Priority Date Filing Date
PCT/US2004/013503 Ceased WO2005036411A1 (en) 2003-09-29 2004-04-30 Mobility device platform
PCT/US2004/013505 Ceased WO2005036305A2 (en) 2003-09-29 2004-04-30 Mobility device

Country Status (3)

Country Link
US (2) US20090044259A1 (enExample)
JP (3) JP2007519066A (enExample)
WO (3) WO2005036304A2 (enExample)

Families Citing this family (30)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060253894A1 (en) * 2004-04-30 2006-11-09 Peter Bookman Mobility device platform
US8579853B2 (en) * 2006-10-31 2013-11-12 Abbott Diabetes Care Inc. Infusion devices and methods
WO2009006609A1 (en) 2007-07-03 2009-01-08 Eingot Llc Records access and management
US10231077B2 (en) 2007-07-03 2019-03-12 Eingot Llc Records access and management
US8176256B2 (en) * 2008-06-12 2012-05-08 Microsoft Corporation Cache regions
US8943271B2 (en) * 2008-06-12 2015-01-27 Microsoft Corporation Distributed cache arrangement
TWI594128B (zh) 2010-07-10 2017-08-01 鄭尚澈 可更換智慧核心元件之智慧平台
US10001806B2 (en) 2011-04-20 2018-06-19 Shang-Che Cheng Computing device with two or more display panels
US9876669B2 (en) 2011-06-24 2018-01-23 Ice Computer, Inc. Mobile computing resource
CN102609265A (zh) * 2012-02-14 2012-07-25 中国民航信息网络股份有限公司 一种基于移动手机平台的eTerm应用系统及其方法
US20130219011A1 (en) * 2012-02-21 2013-08-22 Ehrsolutions, Llc System and method for providing patient relationship management
US9571343B2 (en) 2012-05-01 2017-02-14 Intel Corporation Application service location and management system
US10129087B2 (en) 2012-05-01 2018-11-13 Intel Corporation Application service location and management system
KR102015108B1 (ko) * 2013-03-12 2019-10-22 한국전자통신연구원 이종 서비스 간 서비스 제공 방법과 사용자 단말 및 웹 서버
US9723487B2 (en) * 2013-08-19 2017-08-01 American Megatrends, Inc. Mobile device security system
US10194321B2 (en) 2013-10-24 2019-01-29 The Mitre Corporation Periodic mobile forensics
CN106575427B (zh) 2014-08-12 2020-12-08 艾高特有限责任公司 基于零知识环境的社交网络引擎
US9448776B1 (en) * 2015-01-08 2016-09-20 AppNotch LLC Method and apparatus for converting a website into a native mobile application
US10135904B2 (en) * 2015-01-27 2018-11-20 Stealth Security, Inc. Network attack detection on a mobile API of a web service
US10560440B2 (en) * 2015-03-12 2020-02-11 Fornetix Llc Server-client PKI for applied key management system and process
US10630686B2 (en) 2015-03-12 2020-04-21 Fornetix Llc Systems and methods for organizing devices in a policy hierarchy
US10965459B2 (en) * 2015-03-13 2021-03-30 Fornetix Llc Server-client key escrow for applied key management system and process
US20160380904A1 (en) * 2015-06-25 2016-12-29 Trifectix, Inc. Instruction selection based on a generic directive
US11063980B2 (en) 2016-02-26 2021-07-13 Fornetix Llc System and method for associating encryption key management policy with device activity
US10880281B2 (en) 2016-02-26 2020-12-29 Fornetix Llc Structure of policies for evaluating key attributes of encryption keys
US10860086B2 (en) 2016-02-26 2020-12-08 Fornetix Llc Policy-enabled encryption keys having complex logical operations
US10917239B2 (en) 2016-02-26 2021-02-09 Fornetix Llc Policy-enabled encryption keys having ephemeral policies
US10931653B2 (en) 2016-02-26 2021-02-23 Fornetix Llc System and method for hierarchy manipulation in an encryption key management system
US10601960B2 (en) 2018-02-14 2020-03-24 Eingot Llc Zero-knowledge environment based networking engine
US20220166762A1 (en) * 2020-11-25 2022-05-26 Microsoft Technology Licensing, Llc Integrated circuit for obtaining enhanced privileges for a network-based resource and performing actions in accordance therewith

Family Cites Families (61)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6732358B1 (en) * 1994-03-24 2004-05-04 Ncr Corporation Automatic updating of computer software
US5732074A (en) * 1996-01-16 1998-03-24 Cellport Labs, Inc. Mobile portable wireless communication system
IL126149A (en) * 1997-09-09 2003-07-31 Sanctum Ltd Method and system for protecting operations of trusted internal networks
US6138158A (en) * 1998-04-30 2000-10-24 Phone.Com, Inc. Method and system for pushing and pulling data using wideband and narrowband transport systems
US6263399B1 (en) * 1998-06-01 2001-07-17 Sun Microsystems, Inc. Microprocessor to NAND flash interface
GB2341462B (en) * 1998-09-12 2003-06-11 Ibm Method for deployment of incremental versions of applications
US6546425B1 (en) * 1998-10-09 2003-04-08 Netmotion Wireless, Inc. Method and apparatus for providing mobile and other intermittent connectivity in a computing environment
JP2000235583A (ja) * 1999-02-16 2000-08-29 Fujitsu Ltd 分散型検索システムのデータアクセス装置及びその方法
US6356905B1 (en) * 1999-03-05 2002-03-12 Accenture Llp System, method and article of manufacture for mobile communication utilizing an interface support framework
US6418310B1 (en) * 1999-08-05 2002-07-09 Ericsson Inc. Wireless subscriber terminal using java control code
US7386599B1 (en) * 1999-09-30 2008-06-10 Ricoh Co., Ltd. Methods and apparatuses for searching both external public documents and internal private documents in response to single search request
US7020697B1 (en) * 1999-10-01 2006-03-28 Accenture Llp Architectures for netcentric computing systems
US8271336B2 (en) * 1999-11-22 2012-09-18 Accenture Global Services Gmbh Increased visibility during order management in a network-based supply chain environment
US7917628B2 (en) * 1999-12-02 2011-03-29 Western Digital Technologies, Inc. Managed peer-to-peer applications, systems and methods for distributed data access and storage
US6912567B1 (en) * 1999-12-27 2005-06-28 International Business Machines Corp. Broadband multi-service proxy server system and method of operation for internet services of user's choice
EP1381967B1 (en) * 2000-01-14 2009-07-01 Thinkstream, Inc. Distributed globally accessible information network
AU2001261089B2 (en) * 2000-04-27 2005-02-24 Webfeat, Inc. Method and system for retrieving search results from multiple disparate databases
US6604101B1 (en) * 2000-06-28 2003-08-05 Qnaturally Systems, Inc. Method and system for translingual translation of query and search and retrieval of multilingual information on a computer network
US20020103818A1 (en) * 2000-05-04 2002-08-01 Kirkfire, Inc. Information repository system and method for an internet portal system
US6970869B1 (en) * 2000-05-09 2005-11-29 Sun Microsystems, Inc. Method and apparatus to discover services and negotiate capabilities
US6732101B1 (en) * 2000-06-15 2004-05-04 Zix Corporation Secure message forwarding system detecting user's preferences including security preferences
US7260638B2 (en) * 2000-07-24 2007-08-21 Bluesocket, Inc. Method and system for enabling seamless roaming in a wireless network
AU2001278159A1 (en) * 2000-08-11 2002-02-25 Incanta, Inc. Resource distribution in network environment
US20020136214A1 (en) * 2000-08-14 2002-09-26 Consumer Direct Link Pervasive computing network architecture
US6718463B1 (en) * 2000-08-17 2004-04-06 International Business Machines Corporation System, method and apparatus for loading drivers, registry settings and application data onto a computer system during a boot sequence
US20020026474A1 (en) * 2000-08-28 2002-02-28 Wang Lawrence C. Thin client for wireless device using java interface
US6901429B2 (en) * 2000-10-27 2005-05-31 Eric Morgan Dowling Negotiated wireless peripheral security systems
US6986030B2 (en) * 2000-10-27 2006-01-10 M-Systems Flash Disk Pioneers Ltd. Portable memory device includes software program for interacting with host computing device to provide a customized configuration for the program
JP2002149396A (ja) * 2000-11-07 2002-05-24 Hitachi Ltd データプロセッサ、半導体集積回路及びcpu
US7184764B2 (en) * 2001-02-08 2007-02-27 Starhome Gmbh Method and apparatus for supporting cellular data communication to roaming mobile telephony devices
US6732278B2 (en) * 2001-02-12 2004-05-04 Baird, Iii Leemon C. Apparatus and method for authenticating access to a network resource
US20020161860A1 (en) * 2001-02-28 2002-10-31 Benjamin Godlin Method and system for differential distributed data file storage, management and access
US8127015B2 (en) * 2001-04-24 2012-02-28 Broadcom Corporation Alerting system, architecture and circuitry
US6714778B2 (en) * 2001-05-15 2004-03-30 Nokia Corporation Context sensitive web services
CN1554176B (zh) * 2001-07-10 2012-12-05 捷讯研究有限公司 在无线移动通信设备上处理加密消息的方法和处理对加密内容的多次访问的装置
US20030065715A1 (en) * 2001-08-20 2003-04-03 Burdick William R. System and method of a wireless thin-client, server-centric framework
US7752326B2 (en) * 2001-08-20 2010-07-06 Masterobjects, Inc. System and method for utilizing asynchronous client server communication objects
US7111292B2 (en) * 2001-09-10 2006-09-19 Texas Instruments Incorporated Apparatus and method for secure program upgrade
US20030084165A1 (en) * 2001-10-12 2003-05-01 Openwave Systems Inc. User-centric session management for client-server interaction using multiple applications and devices
KR100421624B1 (ko) * 2001-11-02 2004-03-11 (주) 한정문 플랫폼 독립적인 소프트웨어 자동 검색/배포/설치 장치 및그 방법
US6976580B2 (en) * 2001-11-06 2005-12-20 Mizuno Corporation Golf bag with a stable base
US7610390B2 (en) * 2001-12-04 2009-10-27 Sun Microsystems, Inc. Distributed network identity
FI113709B (fi) * 2001-12-10 2004-05-31 Nokia Corp Menetelmä sulautetussa ympäristössä etälaitteen toiminnallisuuden järjestämiseksi
US6947772B2 (en) * 2002-01-31 2005-09-20 Qualcomm Incorporated System and method for providing messages on a wireless device connecting to an application server
WO2003077053A2 (en) * 2002-03-13 2003-09-18 M-Systems Flash Disk Pioneers Ltd. Personal portable storage medium
KR100470303B1 (ko) * 2002-04-23 2005-02-05 에스케이 텔레콤주식회사 공중 무선 근거리 통신망에서 이동성을 갖는 인증 시스템및 방법
US7363363B2 (en) * 2002-05-17 2008-04-22 Xds, Inc. System and method for provisioning universal stateless digital and computing services
US7444413B2 (en) * 2002-06-26 2008-10-28 Microsoft Corporation Authorization access controlled content exchange
US7349871B2 (en) * 2002-08-08 2008-03-25 Fujitsu Limited Methods for purchasing of goods and services
AU2002951013A0 (en) * 2002-08-27 2002-09-12 Sunbay Software Ag System for improved network data access
US7254696B2 (en) * 2002-12-12 2007-08-07 Alacritech, Inc. Functional-level instruction-set computer architecture for processing application-layer content-service requests such as file-access requests
US20050010559A1 (en) * 2003-07-10 2005-01-13 Joseph Du Methods for information search and citation search
US20050071439A1 (en) * 2003-09-29 2005-03-31 Peter Bookman Mobility device platform
US20050091309A1 (en) * 2003-09-29 2005-04-28 Peter Bookman Mobility device management server
US20050091308A1 (en) * 2003-09-29 2005-04-28 Peter Bookman Mobility device
KR20050097674A (ko) * 2004-04-02 2005-10-10 삼성전자주식회사 모바일 노드의 인터넷 접속 서비스 방법 및 시스템
US7451178B2 (en) * 2004-04-15 2008-11-11 Nokia Corporation Data transfer
US20060253894A1 (en) * 2004-04-30 2006-11-09 Peter Bookman Mobility device platform
WO2006127480A2 (en) * 2005-05-20 2006-11-30 Perfect Market Technologies, Inc. A search apparatus having a search result matrix display
WO2007044500A2 (en) * 2005-10-06 2007-04-19 C-Sam, Inc. Transactional services
US7653779B1 (en) * 2009-02-04 2010-01-26 Gene Fein Memory storage using a look-up table

Also Published As

Publication number Publication date
WO2005036305A2 (en) 2005-04-21
WO2005036411A1 (en) 2005-04-21
US20090044259A1 (en) 2009-02-12
US20130124695A1 (en) 2013-05-16
WO2005036305A3 (en) 2006-04-27
JP2007519066A (ja) 2007-07-12
JP2007507768A (ja) 2007-03-29
WO2005036304A3 (en) 2005-06-30
JP2007509382A (ja) 2007-04-12

Similar Documents

Publication Publication Date Title
US20080244265A1 (en) Mobility device management server
WO2005036304A2 (en) Mobility device server
US20080301443A1 (en) Mobility device platform
US20080301819A1 (en) Mobility device
EP1379045B1 (en) Arrangement and method for protecting end user data
US6134591A (en) Network security and integration method and system
US7290278B2 (en) Identity based service system
US7788711B1 (en) Method and system for transferring identity assertion information between trusted partner sites in a network using artifacts
US7552468B2 (en) Techniques for dynamically establishing and managing authentication and trust relationships
US7721322B2 (en) Enterprise service-to-service trust framework
EP0762289B1 (en) Method and system for securely controlling access to system resources in a distributed system
US6438600B1 (en) Securely sharing log-in credentials among trusted browser-based applications
EP1934768B1 (en) Providing consistent application aware firewall traversal
US7281139B2 (en) Authenticating legacy service via web technology
US20030005333A1 (en) System and method for access control
US20100274910A1 (en) Hosted application sandbox model
CA2489127C (en) Techniques for dynamically establishing and managing authentication and trust relationships
TWI259730B (en) Mobility device server
CN1890656A (zh) 移动设备平台
Yamai et al. NFS‐based secure file sharing over multiple administrative domains with minimal administration
Geihs et al. Single sign-on in service-oriented computing
CA2398584A1 (en) System, method and computer program product for enrolling and authenticating communication protocol-enabled clients for access to information
CN117240608A (zh) 登录授权方法、装置、计算机设备和存储介质
Ceesay et al. An authentication model for delegation, attribution and least privilege
Rao CSEGrid portal: A secure Web-based solution for providing ubiquitous access to grid services (design, development and implementation of a prototype)

Legal Events

Date Code Title Description
WWE Wipo information: entry into national phase

Ref document number: 200480028276.5

Country of ref document: CN

AK Designated states

Kind code of ref document: A2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LU MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
WWE Wipo information: entry into national phase

Ref document number: 2006527962

Country of ref document: JP

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 69(1) EPC (EPOFORM 1205A DATED 03.08.06)

122 Ep: pct application non-entry in european phase