US2012297187A1PendingUtilityA1

Trusted Mobile Device Based Security

44
Assignee: PAYA ISMAIL CEMPriority: May 17, 2011Filed: Aug 4, 2011Published: Nov 22, 2012
Est. expiryMay 17, 2031(~4.9 yrs left)· nominal 20-yr term from priority
H04L 63/0853H04L 63/101H04L 63/0492
44
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

A method for performing user security operations using a mobile communications device includes, storing at least one security credential for a user in the mobile communications device, receiving a request from a client computer to perform an action requiring the stored at least one security credential, wherein the request includes information regarding a service application for which the action is requested, determining a response to the request based upon at least one user configured personal security preference at the mobile communications device, and transmitting the determined response to the client computer. Corresponding system and computer program products are also described.

Claims

exact text as granted — not AI-modified
1 - 20 . (canceled) 
     
     
         21 . A method for performing user security operations using a mobile communications device, comprising:
 receiving at the mobile communications device, a first request sent from a first client computer and a second request sent from a second client computer, wherein the first and second requests are responsive to simultaneous access by from the first and second client computers to at least one service application executing in at least one remote server through communication between each of the first and second client computers and the remote server and the communication not being via the mobile communications device;   accessing a first rule and a second rule stored in the mobile communications device in response respectively to the first and second requests, wherein the first rule includes a personal security configuration associated with the first client computer and the second rule includes a personal security configuration associated with the second client computer;   performing a first action in accordance with the first rule using at least one security credential stored in the mobile communications device to generate a response to the first client computer, wherein the at least one security credential is associated with a user;   performing a second action in accordance with the second rule using the at least one security credential to generate a response to the second client computer; and   transmitting the generated first and second responses to respectively the first client computer and the second client computer.   
     
     
         22 . The method of  claim 21 , further comprising:
 for one or more of the first action and the second action, prompting the user for an authorization to perform the action; and   receiving the authorization from the user.   
     
     
         23 . The method of  claim 22 , wherein the prompting comprises:
 displaying, on a screen of the mobile communications device, information regarding the at least one service application.   
     
     
         24 . The method of  claim 21 , wherein the accessing a first rule and a second rule comprises:
 finding at least one entry corresponding to the at least one service application in a preconfigured personal security preference list stored in the mobile communications device.   
     
     
         25 . The method of  claim 21 , further comprising:
 configuring a personal security preference list in the mobile communications device.   
     
     
         26 . The method of  claim 25 , wherein configuring the personal preference list comprises at least one of:
 configuring entries for one or more respective service applications for which authorization is disallowed; and   configuring entries for one or more respective service applications for which authorization is allowed.   
     
     
         27 . The method of  claim 25 , wherein configuring the personal preference list comprises:
 configuring one or more entries in the personal security preference list, wherein each of the entries includes a security credential for the user and one or more service applications for which the security credential is authorized.   
     
     
         28 . The method of  claim 21 , wherein at least one of the first rule and the second rule includes a level of trust of a corresponding client computer, and wherein the corresponding at least one of the first or second action is performed in accordance with the level of trust. 
     
     
         29 . The method of  claim 21 , wherein the requests from the first client computer and the second client computer includes a request for an authentication information, and wherein the corresponding generated response includes a user security credential from the at least one security credential. 
     
     
         30 . The method of  claim 21 , further comprising:
 processing the received requests at the mobile communications device to identify one or more tasks required to be performed for each request at the mobile communications device;   selecting to perform respective ones of the one or more tasks; and   performing selected said respective ones of the one or more tasks using the at least one security credential and one or more rules stored in the mobile communications device.   
     
     
         31 . The method of  claim 21 , further comprising:
 storing a private key for the user, wherein the private key and a corresponding public key is registered with a certification authority, and wherein the stored private key is included in the at least one security credential.   
     
     
         32 . The method of  claim 31 , further comprising:
 storing a certificate from the certification authority, wherein the certificate binds the public key to the user, and wherein the stored certificate is included in the at least one security credential.   
     
     
         33 . The method of  claim 21 , wherein the first and second responses are used respectively by the first and second client computers to authenticate the user to the at least one service application. 
     
     
         34 . A system for user security operations using a mobile communications device, comprising:
 a mobile communications device including:
 a processor; 
 at least one memory coupled to the processor; 
 at least one communications interface coupled to the processor and configured to establish communication links from the mobile communications device to a first client computer and a second client computer; 
 a credential configuration module configured to, when executed by the processor, store at least one security credential for the user in the at least one memory; 
 a client request receiver configured to, when executed by the processor:
 receiving at the mobile communications device, a first request sent from a first client computer and a second request sent from a second client computer, wherein the first and second requests are responsive to simultaneous access by from the first and second client computers to at least one service application executing in at least one remote server through communication between each of the first and second client computers and the remote server and the communication not being via the mobile communications device; 
 access at least a first rule and a second rule stored in the mobile communications device in response respectively to the first and second requests, wherein the first rule includes a personal security configuration associated with the first client computer and the second rule includes a personal security configuration associated with the second client computer; 
 
 a request validation module configured to, when executed by the processor:
 perform a first action in accordance with the first rule using the at least one security credential to generate a response to the first client computer, wherein the at least one security credential is associated with a user; and 
 perform a second action in accordance with the second rule using the at least one security credential to generate a response to the second client computer; and 
 
 a client response transmitter configured to, when executed by the processor, transmit the generated first and second responses to respectively the first client computer and the second client computer. 
   
     
     
         35 . The system of  claim 34 , wherein each of the first client computer and the second client computer comprises:
 a client processor;   a server communicator configured to, when executed by the client processor, request to login the user to the at least one service applications, and to receive one or more requests from the service application for security credentials of the user; and   a mobile device interface module configured to, when executed by the client processor, request from the mobile communications device for authentication information for the user in response to the received one or more requests from the at least one service application, and to receive the user security credential from the mobile communications device.   
     
     
         36 . The system of  claim 34 , wherein the mobile communications device is further configured to:
 receive a request for authentication information for the user; and   send the stored security credential in response to the received request.   
     
     
         37 . The system of  claim 34 , wherein the first and second responses are used respectively by the first and second client computers to authenticate the user to the at least one service application. 
     
     
         38 . The system of  claim 34 , wherein at least one of the first rule and the second rule includes a level of trust of a corresponding client computer, and wherein the corresponding at least one of the first and second actions are performed in accordance with the level of trust. 
     
     
         39 . A computer program product comprising a computer readable storage medium having computer program logic stored thereon that, when executed by a processor, cause the processor to perform operations comprising:
 receiving at the mobile communications device, a first request sent from a first client computer and a second request sent from a second client computer, wherein the first and second requests are responsive to simultaneous access by from the first and second client computers to at least one service application executing in at least one remote server through communication between each of the first and second client computers and the remote server and the communication not being via the mobile communications device;   accessing a first rule and a second rule stored in the mobile communications device in response respectively to the first and second requests, wherein the first rule includes a personal security configuration associated with the first client computer and the second rule includes a personal security configuration associated with the second client computer;   performing a first action in accordance with the first rule using at least one security credential stored in the mobile communications device to generate a response to the first client computer, wherein the at least one security credential is associated with a user;   performing a second action in accordance with the second rule using the at least one security credential to generate a response to the second client computer; and   transmitting the generated first and second responses to respectively the first client computer and the second client computer.   
     
     
         40 . The computer program product of  claim 39 , wherein at least one of the first rule and the second rule is configured to specify a level of trust of a corresponding client computer, and wherein the corresponding at least one of the first and second actions are performed in accordance with the level of trust.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.