USO08045958B2
`
`(12) United States Patent
`Kahandaliyanage
`
`(10) Patent No.:
`(45) Date of Patent:
`
`US 8,045,958 B2
`Oct. 25, 2011
`
`(54) SYSTEMAND METHOD FOR APPLICATION
`PROGRAM OPERATION ON A WIRELESS
`DEVICE
`
`(75) Inventor: Shawn Kahandaliyanage, Kitchener
`(CA)
`(73) Assignee: Research In Motion Limited, Waterloo,
`Ontario (CA)
`Subject to any disclaimer, the term of this
`patent is extended or adjusted under 35
`U.S.C. 154(b) by 324 days.
`(21) Appl. No.: 11/282,564
`
`(*) Notice:
`
`(22) Filed:
`
`Nov. 21, 2005
`
`(65)
`
`Prior Publication Data
`US 2007/O118558 A1
`May 24, 2007
`
`(51) Int. Cl.
`(2006.01)
`H04M I/66
`(52) U.S. Cl. ........ 455/410; 455/411; 455/418; 455/419;
`455/42O
`(58) Field of Classification Search .................. 455/418,
`455/419, 420, 186.1, 557, 558,410, 41.1;
`709/203, 206, 224
`See application file for complete search history.
`
`(56)
`
`References Cited
`
`U.S. PATENT DOCUMENTS
`5,261,102 A 11/1993 Hoffman
`5,560,008 A
`9, 1996 Johnson et al.
`5,778,348 A
`7/1998 Manduley et al.
`5,944,821 A
`8/1999 Angelo
`5,977,821 A 11, 1999 Shibata
`6,061,794. A
`5/2000 Angelo et al.
`6,065,054 A
`5, 2000 Dutcher et al.
`6,101,607 A
`8, 2000 Bachand et al.
`6,167.445 A 12/2000 Gaiet al.
`6,167,521 A 12/2000 Smith et al.
`
`2/2001 Gong
`6,192.476 B1
`3/2001 Donohue
`6,202,207 B1
`4/2001 Reardon
`6.212,635 B1
`4/2001 Barkan et al.
`6,216,116 Bl
`1 1/2002 Andrews et al.
`6,487,665 B1
`1/2003 Serkowski
`6,513,121 B1
`7/2005 Spyker et al.
`6,922,782 B1
`8, 2005 Sato et al.
`6,931,379 B1
`9/2005 Donaghey et al.
`6,941,355 B1
`6/2009 Adams et al.
`7,546,956 B2
`7,815, 100 B2 10/2010 Adams et al.
`2001/0002485 A1
`5, 2001 Bisbee et al.
`2001/0007133 A1
`7/2001 Moriconi et al.
`10/2001 Miyabe et al.
`2001/0032188 A1
`2002/018305.6 A1
`12/2002 Lundblade et al.
`2003/0O23774 A1*
`1/2003 Gladstone et al. ............ TO9,328
`(Continued)
`
`CA
`
`FOREIGN PATENT DOCUMENTS
`2579541
`8, 2007
`(Continued)
`OTHER PUBLICATIONS
`Nobels, Jonathan, Research in Motion Limited, “Give Me A Sign'.
`BlackBerry Developer Journal, Writing Efficient 32ME Software, 3
`pages, May 2004 http://www.blackberry.com/developers journal/
`may 2004/give me a sign.shtml.
`(Continued)
`Primary Examiner — Ajit Patel
`Assistant Examiner — Khai MNguyen
`(74) Attorney, Agent, or Firm — Bereskin & Parr
`LLP/S.E.N.C.R.L., s.r.l.
`
`ABSTRACT
`(57)
`Embodiments described herein address mobile devices with
`non-secure operating systems that do not provide a sufficient
`security framework. More particularly, the embodiments
`described herein provide a set of applications to the device for
`providing security features to the non-secure operating sys
`tem.
`
`15 Claims, 6 Drawing Sheets
`
`
`
`Security
`Management
`Module
`
`APPLE 1020
`
`1
`
`

`

`US 8,045,958 B2
`Page 2
`
`U.S. PATENT DOCUMENTS
`2003/0081621 A1
`5/2003 Godfrey et al.
`2003/O135555 A1
`7/2003 Birrel et al.
`2003,019 1719 A1 10, 2003 Ginter et al.
`2003/0233577 A1 12, 2003 Bellino
`2004/00399.11 A1
`2/2004 Oka et al.
`2004/OO78565 A1
`4/2004 Hofmeister et al.
`2004/017727O A1
`9, 2004 Little et al.
`2004/0260760 Al 12/2004 Curnyn
`2005/0050319 A1
`3/2005 Suraski
`2005/0129042 A1
`6, 2005 Muhonen et al.
`2005. O190083 A1
`9/2005 Tyneski et al.
`2005/O1981 79 A1
`9/2005 Savilampi
`2005/0252963 A1 11/2005 Adams et al.
`2005/0257209 A1 11, 2005 Adams et al.
`2005/0278419 A1 12, 2005 Morris
`2006, O16804.6 A1
`7/2006 Qureshi
`2006/0272028 A1 11, 2006 Maes
`2006/0282896 A1 12/2006 Qi
`2007/0204324 A1
`8, 2007 Roberts et al.
`2007/0204326 A1
`8/2007 Bocking et al.
`2007/0294744 A1 12/2007 Alessio et al.
`2009, 0224036 A1
`9, 2009 Adams et al.
`
`CA
`EP
`EP
`EP
`EP
`EP
`EP
`EP
`GB
`GB
`GB
`JP
`JP
`JP
`JP
`WO
`WO
`WO
`WO
`WO
`WO
`WO
`WO
`WO
`WO
`WO
`
`FOREIGN PATENT DOCUMENTS
`2619 196
`8, 2008
`O813132
`12/1997
`O828209
`3, 1998
`1168141
`1, 2002
`1185923 B1
`3, 2004
`1427166
`6, 2004
`1465.041
`6, 2004
`1826944
`5, 2009
`2312767
`5, 1997
`233.3865
`4f1999
`2378780
`22003
`2002056360
`2, 2002
`2002091598
`3, 2002
`200217OO63
`6, 2002
`2002182963
`6, 2002
`98.44404
`10, 1998
`WO99/45454
`9, 1999
`WOOO,56O27
`9, 2000
`20006O434
`10, 2000
`200171590
`9, 2001
`O177811
`10, 2001
`200178395
`10, 2001
`2002O97620
`12/2002
`O30584.11
`T 2003
`O3063524
`T 2003
`2005106678 A1 11, 2005
`OTHER PUBLICATIONS
`Research in Motion Limited, BlackBerry Wireless application
`deployment in the enterprise, originally posted: Feb. 2003, last
`revised: Jul. 2003, 4 pages, www.blackberry.com.
`Research in Motion Limited, BlackBerry Application Security for
`Java-based BlackBerry Handhelds, originally posted: Feb. 2003, 5
`pages, www.blackberry.com.
`Research in Motion Limited, BlackBerry Security White Paper
`Release 4.0, 2004. www.blackberry.com.
`Research in Motion Limited, BlackBerry Java Development Envi
`ronment Version 3.6 Developer Guide vol. 2–Advanced Topics,
`Mar. 24, 2003, chapter 1. Using Controlled APIs.
`Research in Motion Limited, Controlled APIs, 3 pages from black
`berry.comprinted Dec. 2, 2004 http://www.blackberry.com/develop
`ers/najava/tools/controlled APIs.shtml.
`Research in Motion Limited, BlackBerry IT Policy Manager, 19
`pages, 2002.
`Research in Motion Limited. Implementing the IT Policy Manager
`for BlackBerry, 12 pages, originally posted Mar. 2002.
`Research in Motion Limited, Wireless IT Policy and IT Administra
`tion BlackBerry Enterprise Server version 3.5 for Microsoft
`Exchange, 17 pages, 2002.
`Search/Exam Report for EP patent application No. 06110449 dated
`May 29, 2006.
`
`Exam Report for EP patent application No. 06110449.3, dated Mar.
`30, 2007.
`Exam Report for EP patent application No. 05111046 dated Jun. 28.
`2007.
`Summons to Attend Oral Proceedings for corresponding EP patent
`application No. EP 05111046.8 dated Apr. 10, 2008.
`European Decision dated Dec. 16, 2008, European Application No.
`O5111046.8
`Co-pending U.S. Appl. No. 1 1/362,481, "Method Customizing a
`Standardized IT Policy”, filed Feb. 27, 2006. (Retrievable from
`PAIR).
`Office Action dated Jul. 20, 2009, U.S. Appl. No. 1 1/362.481.
`Co-pending U.S. Appl. No. 1 1/679,470, "Method of Customizing a
`Standardized IT Policy”, filed Feb. 27, 2007. (Retrievable from
`PAIR).
`Canadian Office Action dated Aug. 31, 2009, Canadian Patent Appli
`cation No. 2,567,715.
`Office Action Response dated Oct. 20, 2009, U.S. Appl. No.
`1 1/362,481.
`Final Office Action dated Mar. 9, 2010, U.S. Appl. No. 1 1/362.481.
`Office Action dated Nov. 9, 2009, U.S. Appl. No. 1 1/679,470.
`Office Action Response dated Jan. 28, 2010, U.S. Appl. No.
`1 1/679,470.
`Co-pending U.S. Appl. No. 11/118,844, "System and Method of
`Owner Application Control of Electronic Devices', filed Apr. 29.
`2005. (Retrievable from PAIR).
`Office Action dated May 29, 2008, U.S. Appl. No. 1 1/118,844.
`Office Action Response dated Dec. 1, 2008, U.S. Appl. No.
`1 1/118,844.
`Office Action dated Mar. 10, 2009, U.S. Appl. No. 1 1/118,844.
`Office Action Response dated May 8, 2009, U.S. Appl. No.
`1 1/118,844.
`Office Action dated Aug. 20, 2009, U.S. Appl. No. 1 1/118,844.
`Office Action Response dated Nov. 19, 2009, U.S. Appl. No.
`1 1/118,844.
`Notice of Allowance dated Feb. 23, 2010, U.S. Appl. No. 1 1/118,844.
`BOS, “Re: CCS: Extended tiling. Proposal”, online May 5, 2004,
`pp. 1-2, XP002462798, www-style(a).w3.org. http://lists.w3.org/Ar
`chives/Public/www-style/2004 May/0020.html.
`W3C, "CSS3 Border Module” online Nov. 7, 2002, pp. 1-14,
`XP002462799, www.w3.org/TR/2002/WD-css3-border-20021107/.
`W3C, "CSS3 Backgrounds and Borders Module” online Feb. 16,
`2005, pp. 1-29, XP002462800, www.w3.org/TR/2005/WD-css3
`backrounds-20050216.
`Co-pending U.S. Appl. No. 12.468,441. “System and Mehtod of
`Operation Control on an Electronic Device', filed May 19, 2009.
`(Retrievable from PAIR).
`Rooker. T: “The Reference Monitor: An Idea Whose Time Has
`Come” Proceedings. ACM SIGSAC New Security Paradigms Work
`shop, Proceedings of New Security Paradigms Workshop, Aug. 3,
`1993, pp. 192-197, XP001147934.
`Microsoft: “Computer Dictionary” Microsoft Press, Dec. 31, 2002, p.
`33, XP001147934.
`Extended European Search and Examination Report for correspond
`ing EP patent application No. EP 05 11 1046 dated Jun. 9, 2006.
`United States Office Action dated May 24, 2010, U.S. Appl. No.
`1 1/679,470.
`United States Office Action Response dated Aug. 5, 2010, U.S. Appl.
`No. 1 1/679,470.
`United States Office Action dated Mar. 22, 2010, U.S. Appl. No.
`12/468,441.
`United States Office Action Response dated Jun. 22, 2010, U.S. Appl.
`No. 12/468.441.
`United States Notice of Allowance dated Aug. 11, 2010, U.S. Appl.
`No. 12/468.441.
`Takaragi; Angou Houshiki to Ouyou Encryption System and Appli
`cation; Journal of Information Processing; vol. 32, No. 6; Japan
`Information Processing Society of Japan; Jun. 1991; pp. 714-723.
`United States Office Action Response dated Jun. 4, 2010, U.S. Appl.
`No. 1 1/362.481.
`Amendment dated May 24, 2010, U.S. Appl. No. 1 1/118,844.
`United States Notice of Allowance dated Jun. 10, 2010, U.S. Appl.
`No. 1 1/118,844.
`
`2
`
`

`

`US 8,045,958 B2
`Page 3
`
`Co-pending U.S. Appl. No. 12/885,281, filed Sep. 17, 2010.
`Office Action. U.S. Appl. No. 1 1/362,481. Dated: Feb. 17, 2011.
`Office Action. U.S. Appl. No. 1 1/679,470. Dated: Feb. 18, 2011.
`Amendment/Response. U.S. Appl. No. 1 1/679,470. Dated: Apr. 19.
`2011.
`
`United States Office Action dated Jul. 6, 2011, U.S. Appl. No.
`1 1/362,481.
`Office Action Response dated May 9, 2011, U.S. Appl. No.
`1 1/362,481.
`
`* cited by examiner
`
`3
`
`

`

`U.S. Patent
`
`Oct. 25, 2011
`
`Sheet 1 of 6
`
`US 8,045,958 B2
`
`100
`
`126
`
`SM/RUM
`
`128
`SM/RUIM
`interface
`
`132
`
`130
`
`Battery
`
`Battery
`
`
`
`Operating
`
`134
`
`110
`Display
`
`Programs
`Message
`Application
`138
`
`Flash Memory
`106
`
`136
`
`Device State 140
`Module
`
`104
`Communication
`2 Subsystem
`
`Main
`Processor
`
`102
`
`El
`Auxiliary I/O
`
`Data Port
`114
`
`Keyboard
`
`116
`Speaker
`Speaker
`118
`
`
`
`Connect
`OneC
`
`144
`
`146
`
`148
`
`Integration
`Module
`
`Security
`Motent
`
`OCUle
`
`200
`
`Other Device
`Subsystems
`
`Short-Range
`Communications
`
`F.G. 1
`
`
`
`
`
`
`
`
`
`4
`
`

`

`U.S. Patent
`U.S. Patent
`
`Oct. 25, 2011
`Oct. 25, 2011
`
`Sheet 2 of 6
`Sheet 2 of 6
`
`US 8,045,958 B2
`US 8,045,958 B2
`
`
`
`|
`
`154
`
`i
`
`|
`
`160
`
`|
`:
`
`
`
`102
`
`102 [ne
`
`
`
`5
`
`

`

`U.S. Patent
`
`Oct. 25, 2011
`
`Sheet 3 of 6
`
`US 8,045,958 B2
`
`
`
`HYOMLAN
`
`(NLSd)
`
`22
`
`ose
`
`LSOH
`
`WALSAS
`
`6
`
`

`

`U.S. Patent
`
`Oct. 25, 2011
`
`Sheet 4 of 6
`
`US 8,045,958 B2
`
`
`
`092
`
`
`
`
`
`
`
`
`
`
`
`
`36essaw
`
`?uauuefieuew
`
`Januas
`
`7
`
`

`

`U.S. Patent
`
`Oct. 25, 2011
`
`Sheet 5 of 6
`
`US 8,045,958 B2
`
`
`
`
`
`
`
`
`
`302
`
`
`
`
`
`
`
`app 306 calling a fin
`exposed by app 302
`app 304 calling
`afn exposed
`by app 302
`
`
`
`Malicious
`application
`
`306
`
`app 304 calling
`afn exposed by
`the OS 134
`
`ad
`
`app 306 calling
`afn exposed by
`the OS 134
`
`Operating system
`
`3OO
`
`FIGURE 5
`
`312
`
`app 304 calling
`afn of app 302
`
`application
`
`application
`
`app 304 calling
`a fin of the OS 134
`
`
`
`Sensitive
`
`/
`
`302
`
`Application
`
`
`
`
`
`
`
`
`
`
`
`FIGURE 6
`
`3O6
`
`
`
`
`
`
`
`
`
`144
`
`Connect
`module
`
`
`
`148
`Security
`Management
`module
`
`8
`
`

`

`U.S. Patent
`
`Oct. 25, 2011
`
`Sheet 6 of 6
`
`US 8,045,958 B2
`
`32O
`
`
`
`
`
`
`
`
`
`
`
`Controlled
`AP Called ?
`
`324
`
`is general usage
`iZar?
`Authorized
`
`Failure - AP
`function returns
`
`328
`
`330
`
`FIGURE 7
`
`
`
`
`
`
`
`Controlled
`AP called ?
`
`340
`
`344
`
`
`
`
`
`ls usage by
`calling application
`authorized?
`
`Failure - AP
`function returns
`
`348
`
`
`
`AP function
`
`350
`
`FIGURE 8
`
`9
`
`

`

`US 8,045,958 B2
`
`1.
`SYSTEMAND METHOD FORAPPLICATION
`PROGRAM OPERATION ON A WIRELESS
`DEVICE
`
`FIELD
`
`The embodiments described herein relate generally to
`wireless devices, and more particularly to providing a secure
`environment for applications running on wireless devices
`with non-secure operating systems.
`
`BACKGROUND
`
`Wireless devices, hereafter referred to as mobile devices,
`include mobile phones, and mobile e-mail devices that typi
`cally have applications which allow users of these devices to
`perform a wide variety of functions including accessing or
`sending information, playing games, etc. These applications
`may be installed during the manufacture of these devices.
`Alternatively, these applications may be made by a third party
`and installed after the manufacture of these devices.
`The operating system of a mobile device provides an appli
`cation programming interface (API) that provides access to
`data which may be sensitive and a task manager for control
`ling application execution. However, typical operating sys
`tems lack a robust framework for addressing security and
`manageability of API access control as well as application
`control. Accordingly, sensitive APIs (i.e. APIs that provide
`access to sensitive information) may be accessed by rogue
`applications without passing through any security frame
`work. For example, a sensitive API can be an API that allows
`access to a database of a corporate e-mail application. That
`being said, there are legitimate uses of APIs that must also be
`taken into consideration. In addition, non-secure operating
`systems on a mobile device often have no framework for
`allowing IT administrators to control which applications can
`be executed. Both API access control and application control
`for mobile systems are of particular concern to IT adminis
`trators who have a responsibility to protect confidential cor
`porate information that reside on or are accessible by mobile
`devices.
`
`BRIEF DESCRIPTION OF THE DRAWINGS
`
`10
`
`15
`
`25
`
`30
`
`35
`
`40
`
`45
`
`For a better understanding of the embodiments described
`herein and to show more clearly how they may be carried into
`effect, reference will now be made, by way of example only,
`to the accompanying drawings which show at least one exem
`plary embodiment and in which:
`50
`FIG. 1 is a block diagram of an exemplary embodiment of
`a mobile device;
`FIG. 2 is a block diagram of an exemplary embodiment of
`a communication Subsystem component of the mobile device
`of FIG. 1;
`FIG. 3 is an exemplary block diagram of a node of a
`wireless network;
`FIG. 4 is a block diagram illustrating components of a host
`system in one exemplary configuration for use with the wire
`less network of FIG. 3 and the mobile device of FIG. 1;
`FIG. 5 is a block diagram of an exemplary embodiment of
`a non-secure operating system with several applications that
`may be executed on the mobile device of FIG. 1;
`FIG. 6 is an exemplary block diagram of a non-secure
`operating system that operates under the security and man
`65
`agement policies enforced by a security management mod
`ule:
`
`55
`
`60
`
`2
`FIG. 7 is a flowchart of an exemplary embodiment of a
`controlled API access process; and,
`FIG. 8 is a flowchart of another exemplary embodiment of
`a controlled API access process.
`
`DETAILED DESCRIPTION
`
`It will be appreciated that for simplicity and clarity of
`illustration, elements shown in the figures have not necessar
`ily been drawn to scale. Further, where considered appropri
`ate, reference numerals may be repeated among the figures to
`indicate corresponding or analogous elements. In addition,
`numerous specific details are set forth in order to provide a
`thorough understanding of the embodiments described
`herein. However, it will be understood by those of ordinary
`skill in the art that the embodiments described herein may be
`practiced without these specific details. In other instances,
`well-known methods, procedures and components have not
`been described in detailso as not to obscure the embodiments
`described herein. Also, the description is not to be considered
`as limiting the scope of the embodiments described herein.
`The embodiments described herein generally relate to a
`mobile wireless communication device, hereafter referred to
`as a mobile device, that has a non-secure operating system.
`Examples of applicable communication devices include pag
`ers, cellular phones, cellular Smart-phones, wireless organiz
`ers, personal digital assistants, computers, laptops, handheld
`wireless communication devices, wirelessly enabled note
`book computers and the like.
`The mobile device is a two-way communication device
`with advanced data communication capabilities including the
`capability to communicate with other mobile devices or com
`puter systems through a network of transceiver stations. The
`mobile device may also have the capability to allow voice
`communication. Depending on the functionality provided by
`the mobile device, it may be referred to as a data messaging
`device, a two-way pager, a cellular telephone with data mes
`saging capabilities, a wireless Internet appliance, or a data
`communication device (with or without telephony capabili
`ties). To aid the reader in understanding the structure of the
`mobile device and how it communicates with other devices
`and host systems, reference will now be made to FIGS. 1
`through 4.
`Referring first to FIG. 1, shown therein is a block diagram
`of an exemplary embodiment of a mobile device 100. The
`mobile device 100 includes a number of components such as
`a main processor 102 that controls the overall operation of the
`mobile device 100. Communication functions, including data
`and Voice communications, are performed through a commu
`nication subsystem 104. The communication subsystem 104
`receives messages from and sends messages to a wireless
`network 200. In this exemplary implementation of the mobile
`device 100, the communication subsystem 104 is configured
`in accordance with the Global System for Mobile Communi
`cation (GSM) and General Packet Radio Services (GPRS)
`standards. The GSM/GPRS wireless network is used world
`wide and it is expected that these standards will be superseded
`eventually by Enhanced Data GSM Environment (EDGE)
`and Universal Mobile Telecommunications Service (UMTS).
`New standards are still being defined, but it is believed that
`they will have similarities to the network behavior described
`herein, and it will also be understood by persons skilled in the
`art that the embodiments described herein are intended to use
`any other suitable standards that are developed in the future.
`The wireless link connecting the communication Subsystem
`104 with the wireless network 200 represents one or more
`different Radio Frequency (RF) channels, operating accord
`
`10
`
`

`

`US 8,045,958 B2
`
`10
`
`3
`ing to defined protocols specified for GSM/GPRS communi
`cations. With newer network protocols, these channels are
`capable of Supporting both circuit Switched Voice communi
`cations and packet Switched data communications.
`Although the wireless network 200 associated with mobile 5
`device 100 is a GSM/GPRS wireless network in one exem
`plary implementation, other wireless networks may also be
`associated with the mobile device 100 in variant implemen
`tations. The different types of wireless networks that may be
`employed include, for example, data-centric wireless net
`works, Voice-centric wireless networks, and dual-mode net
`works that can Support both Voice and data communications
`over the same physical base stations. Combined dual-mode
`networks include, but are not limited to, Code Division Mul
`tipleAccess (CDMA) or CDMA2000 networks, GSM/GPRS
`networks (as mentioned above), and future third-generation
`(3G) networks like EDGE and UMTS. Some other examples
`of data-centric networks include WiFi 802.11, MobitexTM and
`DataTACTM network communication systems. Examples of 20
`other voice-centric data networks include Personal Commu
`nication Systems (PCS) networks like GSM and Time Divi
`sion Multiple Access (TDMA) systems.
`The main processor 102 also interacts with additional sub
`systems such as a Random Access Memory (RAM) 106, a 25
`flash memory 108, a display 110, an auxiliary input/output
`(I/O) subsystem 112, a data port 114, a keyboard 116, a
`speaker 118, a microphone 120, short-range communications
`122 and other device subsystems 124.
`Some of the subsystems of the mobile device 100 perform 30
`communication-related functions, whereas other Subsystems
`may provide “resident” or on-device functions. By way of
`example, the display 110 and the keyboard 116 may be used
`for both communication-related functions, such as entering a
`text message for transmission over the network 200, and 35
`device-resident functions such as a calculator or task list.
`The mobile device 100 may send and receive communica
`tion signals over the wireless network 200 after required
`network registration or activation procedures have been com
`pleted. Network access is associated with a subscriber or user 40
`of the mobile device 100. To identify a subscriber, the mobile
`device 100 requires a SIM/RUIM card 126 (i.e. Subscriber
`Identity Module or a Removable User Identity Module) to be
`inserted into a SIM/RUIM interface 128 in order to commu
`nicate with a network. The SIM card or RUIM 126 is one type 45
`of a conventional “smart card” that can be used to identify a
`subscriber of the mobile device 100 and to personalize the
`mobile device 100, among other things. Without the SIM card
`126, the mobile device 100 is not fully operational for com
`munication with the wireless network 200. By inserting the 50
`SIM card/RUIM 126 into the SIM/RUIM interface 128, a
`subscriber can access all subscribed services. Services may
`include: web browsing and messaging Such as e-mail, Voice
`mail, Short Message Service (SMS), and Multimedia Mes
`saging Services (MMS). More advanced services may 55
`include: point of sale, field service and sales force automa
`tion. The SIM card/RUIM 126 includes a processor and
`memory for storing information. Once the SIM card/RUIM
`126 is inserted into the SIM/RUIM interface 128, it is coupled
`to the main processor 102. In order to identify the subscriber, 60
`the SIM card/RUIM 126 can include some user parameters
`such as an International Mobile Subscriber Identity (IMSI).
`An advantage of using the SIM card/RUIM 126 is that a
`Subscriber is not necessarily bound by any single physical
`mobile device. The SIM card/RUIM 126 may store additional 65
`subscriber information for a mobile device as well, including
`datebook (or calendar) information and recent call informa
`
`15
`
`4
`tion. Alternatively, user identification information can also be
`programmed into the flash memory 108.
`The mobile device 100 is a battery-powered device and
`includes a battery interface 132 for receiving one or more
`rechargeable batteries 130. In some embodiments, the battery
`130 can be a smart battery with an embedded microprocessor.
`The battery interface 132 is coupled to a regulator (not
`shown), which assists the battery 130 in providing powerV+
`to the mobile device 100. Although current technology makes
`use of a battery, future technologies such as micro fuel cells
`may provide the power to the mobile device 100.
`The mobile device 100 also includes an operating system
`134 and software components 136 to 148 which are described
`in more detail below. The operating system 134 and the soft
`ware components 136 to 148 that are executed by the main
`processor 102 are typically stored in a persistent store Such as
`the flash memory 108, which may alternatively be a read-only
`memory (ROM) or similar storage element (not shown).
`Those skilled in the art will appreciate that portions of the
`operating system 134 and the software components 136 to
`148. Such as specific device applications, or parts thereof,
`may be temporarily loaded into a Volatile store Such as the
`RAM 106.
`The operating system 134, in the absence of additional
`Software components or controls, is a non-secure operating
`system which lacks a comprehensive security and manage
`ment framework. This results in a number of shortcomings in
`areas such as: user authentication (ensuring that only the
`intended user can access the device 100), memory security
`(ensuring that an application's data in memory is private to
`that application only), flash security (ensuring that an appli
`cation’s data in flash memory is private to that application
`only), and API Security (ensuring that only authorized appli
`cations can access sensitive APIs), as well as other security
`issues.
`The subset of software applications 136 that control basic
`device operations, including data and Voice communication
`applications, will normally be installed on the mobile device
`100 during its manufacture. Other software applications 136
`include a message application 138 that can be any Suitable
`software program that allows a user of the mobile device 100
`to send and receive electronic messages. Various alternatives
`exist for the message application 138 as is well known to
`those skilled in the art. Messages that have been sent or
`received by the user are typically stored in the flash memory
`108 of the mobile device 100 or some other suitable storage
`element in the mobile device 100. In some embodiments,
`Some of the sent and received messages may be stored
`remotely from the device 100 such as in a data store of an
`associated host system that the mobile device 100 communi
`cates with.
`The message application 138 can include an address book
`that provides information for a list of contacts for the user. For
`a given contact in the address book, the information can
`include the name, phone number, work address and e-mail
`address of the contact, among other information. In some
`embodiments, the address book may be a separate Software
`application.
`The software applications can further include a device state
`module 140, a Personal Information Manager (PIM) 142, and
`other suitable modules (not shown). The device state module
`140 provides persistence, i.e. the device state module 140
`ensures that important device data is stored in persistent
`memory, such as the flash memory 108, so that the data is not
`lost when the mobile device 100 is turned off or loses power.
`The PIM 142 includes functionality for organizing and
`managing data items of interest to the user, Such as, but not
`
`11
`
`

`

`5
`limited to, e-mail, calendar events, Voice mails, appoint
`ments, and task items. A PIM application has the ability to
`send and receive data items via the wireless network 200. PIM
`data items may be seamlessly integrated, synchronized, and
`updated via the wireless network 200 with the mobile device
`Subscriber's corresponding data items stored and/or associ
`ated with a host computer system. This functionality creates a
`mirrored host computer on the mobile device 100 with respect
`to such items. This can be particularly advantageous when the
`host computer system is the mobile device subscribers office
`computer system.
`Other types of software applications can also be installed
`on the mobile device 100. These software applications can be
`third party applications which are added after the manufac
`ture of the mobile device 100. Examples of third party appli
`cations may be games, calculators, or other utilities. Unfor
`tunately, if these applications have a malicious intent, the
`non-secure operating system 134 cannot properly limit or
`prevent the operation of these malicious applications without
`additional Support.
`Advantageously, the mobile device 100 can operate with a
`set of applications that provide security features including a
`connect module 144, an integration module 146 and a secu
`rity management module 148. These modules can be installed
`after the manufacture of the mobile device 100 to provide
`extra functionality for the mobile device 100. These modules
`can also provide security features for the mobile device 100 to
`mitigate the security and management shortcomings ofthe
`non-secure operating system 134.
`The connect module 144 implements the communication
`30
`protocols that are required for the mobile device 100 to com
`municate with the wireless infrastructure and any host sys
`tem, such as an enterprise system, that the mobile device 100
`is authorized to interface with. Examples of a wireless infra
`structure and an enterprise system are given in FIGS. 3 and 4.
`35
`which are described in more detail below. The connect mod
`ule 144 includes a set of APIs that can be integrated with the
`mobile device 100 to allow the mobile device 100 to use any
`number of services associated with the enterprise system. The
`connect module 144 allows the mobile device 100 to establish
`an end-to-end secure, authenticated communication pipe
`with the host system. A subset of applications for which
`access is provided by the connect module 144 can be used to
`pass IT policy commands from the host system to the mobile
`device 100. These instructions can then be passed to the
`security management module 148 to modify the security and
`management features of the device 100. Alternatively, in
`Some cases, the IT policy update can also be done over a wired
`connection.
`The integration module 146 is an interface between the
`APIs that can be provided by the connect module 144 and the
`host environment of the mobile device 100 which includes the
`operating system 134, any applications 136, network Ser
`vices, etc. Accordingly, the integration module 146 includes
`several sub-modules (not shown) that integrate the APIs pro
`vided by the connect module 144 with host environment APIs
`including APIs of the operating system 134, APIs of the
`applications 136 that are executed by the mobile device 100
`(i.e. the message application 138), APIs associated with the
`communication subsystem 104 and the like. When the con
`nect and integration modules 144 and 146 are installed on the
`mobile device 100, the integration module 146 begins carry
`ing out tasks to provide services to the mobile device 100 via
`the APIs of the connect module 144.
`The integration module 146 does not make any changes to
`the device environment per se, but augments the behavior of
`the device environment and the applications 136 by interfac
`
`50
`
`40
`
`45
`
`55
`
`60
`
`65
`
`US 8,045,958 B2
`
`10
`
`15
`
`25
`
`6
`ing with the corresponding APIs. In this fashion, the integra
`tion module 146 in combination with the security manage
`ment module 148 can affect the security capabilities of the
`non-secure operating system 134. The security management
`module 148 can provide several security features including at
`least one of application execution control, API access control,
`user authentication, device data removal, application feature
`specific control, and the like. The security management mod
`ule 148 is described in more detail below.
`The additional applications can be loaded onto the mobile
`device 100 through at least one of the wireless network 200,
`the auxiliary I/O subsystem 112, the data port 114, the short
`range communications Subsystem 122, or any other Suitable
`device subsystem 124. This flexibility in application installa
`tion increases the functionality of the mobile device 100 and
`may provide enhanced on-device functions, communication
`related functions, or both. For example, secure communica
`tion applications may enable electronic commerce functions
`and other such financial transactions to be performed using
`the mobile device 100.
`The data port 114 enables a subscriber to set preferences
`through an external device or Software application and
`extends the capabilities of the mobile device 100 by providing
`for information or software downloads to the mobile device
`100 other than through a wireless communication network.
`The alternate download path may, for example, be used to
`load an encryption key onto the mobile device 100 through a
`direct and thus reliable and trusted connection to provide
`secure device communication.
`The data port 114 can be any suitable port that enables data
`communication between the mobile device 100 and another
`computing device. The data port 114 can be a serial or a
`parallel port. In some instances, the data port 114 can be a
`USB port that includes data lines for data transfer and a
`Supply line that can provide a charging current to charge the
`battery 130 of the mobile device 100.
`The short-range communications Subsystem 122 provides
`for communication between the mobile device 100 and dif
`ferent systems or devices, without the use of the wireless
`network 200. For example, the subsystem 122 may include an
`infrared device and associated circuits and components for
`short-range communication. Examples of short-range com
`munication standards include standards developed by the
`Infrared Data Association (IrDA), Bluetooth, and the 802.11
`family of standards developed by IEEE.
`In use, a received signal Such as a text message, an e-mail
`message, or