Trusted Mobile Device Based Security
Abstract
A method for performing user security operations using a mobile communications device includes, storing at least one security credential for a user in the mobile communications device, receiving a request from a client computer to perform an action requiring the stored at least one security credential, wherein the request includes information regarding a service application for which the action is requested, determining a response to the request based upon at least one user configured personal security preference at the mobile communications device, and transmitting the determined response to the client computer. Corresponding system and computer program products are also described.
Claims
exact text as granted — not AI-modified1 - 20 . (canceled)
21 . A method for performing user security operations using a mobile communications device, comprising:
receiving at the mobile communications device, a first request sent from a first client computer and a second request sent from a second client computer, wherein the first and second requests are responsive to simultaneous access by from the first and second client computers to at least one service application executing in at least one remote server through communication between each of the first and second client computers and the remote server and the communication not being via the mobile communications device; accessing a first rule and a second rule stored in the mobile communications device in response respectively to the first and second requests, wherein the first rule includes a personal security configuration associated with the first client computer and the second rule includes a personal security configuration associated with the second client computer; performing a first action in accordance with the first rule using at least one security credential stored in the mobile communications device to generate a response to the first client computer, wherein the at least one security credential is associated with a user; performing a second action in accordance with the second rule using the at least one security credential to generate a response to the second client computer; and transmitting the generated first and second responses to respectively the first client computer and the second client computer.
22 . The method of claim 21 , further comprising:
for one or more of the first action and the second action, prompting the user for an authorization to perform the action; and receiving the authorization from the user.
23 . The method of claim 22 , wherein the prompting comprises:
displaying, on a screen of the mobile communications device, information regarding the at least one service application.
24 . The method of claim 21 , wherein the accessing a first rule and a second rule comprises:
finding at least one entry corresponding to the at least one service application in a preconfigured personal security preference list stored in the mobile communications device.
25 . The method of claim 21 , further comprising:
configuring a personal security preference list in the mobile communications device.
26 . The method of claim 25 , wherein configuring the personal preference list comprises at least one of:
configuring entries for one or more respective service applications for which authorization is disallowed; and configuring entries for one or more respective service applications for which authorization is allowed.
27 . The method of claim 25 , wherein configuring the personal preference list comprises:
configuring one or more entries in the personal security preference list, wherein each of the entries includes a security credential for the user and one or more service applications for which the security credential is authorized.
28 . The method of claim 21 , wherein at least one of the first rule and the second rule includes a level of trust of a corresponding client computer, and wherein the corresponding at least one of the first or second action is performed in accordance with the level of trust.
29 . The method of claim 21 , wherein the requests from the first client computer and the second client computer includes a request for an authentication information, and wherein the corresponding generated response includes a user security credential from the at least one security credential.
30 . The method of claim 21 , further comprising:
processing the received requests at the mobile communications device to identify one or more tasks required to be performed for each request at the mobile communications device; selecting to perform respective ones of the one or more tasks; and performing selected said respective ones of the one or more tasks using the at least one security credential and one or more rules stored in the mobile communications device.
31 . The method of claim 21 , further comprising:
storing a private key for the user, wherein the private key and a corresponding public key is registered with a certification authority, and wherein the stored private key is included in the at least one security credential.
32 . The method of claim 31 , further comprising:
storing a certificate from the certification authority, wherein the certificate binds the public key to the user, and wherein the stored certificate is included in the at least one security credential.
33 . The method of claim 21 , wherein the first and second responses are used respectively by the first and second client computers to authenticate the user to the at least one service application.
34 . A system for user security operations using a mobile communications device, comprising:
a mobile communications device including:
a processor;
at least one memory coupled to the processor;
at least one communications interface coupled to the processor and configured to establish communication links from the mobile communications device to a first client computer and a second client computer;
a credential configuration module configured to, when executed by the processor, store at least one security credential for the user in the at least one memory;
a client request receiver configured to, when executed by the processor:
receiving at the mobile communications device, a first request sent from a first client computer and a second request sent from a second client computer, wherein the first and second requests are responsive to simultaneous access by from the first and second client computers to at least one service application executing in at least one remote server through communication between each of the first and second client computers and the remote server and the communication not being via the mobile communications device;
access at least a first rule and a second rule stored in the mobile communications device in response respectively to the first and second requests, wherein the first rule includes a personal security configuration associated with the first client computer and the second rule includes a personal security configuration associated with the second client computer;
a request validation module configured to, when executed by the processor:
perform a first action in accordance with the first rule using the at least one security credential to generate a response to the first client computer, wherein the at least one security credential is associated with a user; and
perform a second action in accordance with the second rule using the at least one security credential to generate a response to the second client computer; and
a client response transmitter configured to, when executed by the processor, transmit the generated first and second responses to respectively the first client computer and the second client computer.
35 . The system of claim 34 , wherein each of the first client computer and the second client computer comprises:
a client processor; a server communicator configured to, when executed by the client processor, request to login the user to the at least one service applications, and to receive one or more requests from the service application for security credentials of the user; and a mobile device interface module configured to, when executed by the client processor, request from the mobile communications device for authentication information for the user in response to the received one or more requests from the at least one service application, and to receive the user security credential from the mobile communications device.
36 . The system of claim 34 , wherein the mobile communications device is further configured to:
receive a request for authentication information for the user; and send the stored security credential in response to the received request.
37 . The system of claim 34 , wherein the first and second responses are used respectively by the first and second client computers to authenticate the user to the at least one service application.
38 . The system of claim 34 , wherein at least one of the first rule and the second rule includes a level of trust of a corresponding client computer, and wherein the corresponding at least one of the first and second actions are performed in accordance with the level of trust.
39 . A computer program product comprising a computer readable storage medium having computer program logic stored thereon that, when executed by a processor, cause the processor to perform operations comprising:
receiving at the mobile communications device, a first request sent from a first client computer and a second request sent from a second client computer, wherein the first and second requests are responsive to simultaneous access by from the first and second client computers to at least one service application executing in at least one remote server through communication between each of the first and second client computers and the remote server and the communication not being via the mobile communications device; accessing a first rule and a second rule stored in the mobile communications device in response respectively to the first and second requests, wherein the first rule includes a personal security configuration associated with the first client computer and the second rule includes a personal security configuration associated with the second client computer; performing a first action in accordance with the first rule using at least one security credential stored in the mobile communications device to generate a response to the first client computer, wherein the at least one security credential is associated with a user; performing a second action in accordance with the second rule using the at least one security credential to generate a response to the second client computer; and transmitting the generated first and second responses to respectively the first client computer and the second client computer.
40 . The computer program product of claim 39 , wherein at least one of the first rule and the second rule is configured to specify a level of trust of a corresponding client computer, and wherein the corresponding at least one of the first and second actions are performed in accordance with the level of trust.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.