[go: up one dir, main page]

CN100565458C - Security access manager in the middleware - Google Patents

Security access manager in the middleware Download PDF

Info

Publication number
CN100565458C
CN100565458C CNB038252015A CN03825201A CN100565458C CN 100565458 C CN100565458 C CN 100565458C CN B038252015 A CNB038252015 A CN B038252015A CN 03825201 A CN03825201 A CN 03825201A CN 100565458 C CN100565458 C CN 100565458C
Authority
CN
China
Prior art keywords
software
request
platform
application domain
application
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Lifetime
Application number
CNB038252015A
Other languages
Chinese (zh)
Other versions
CN1802633A (en
Inventor
J·汉松
B·比耶尔
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Telefonaktiebolaget LM Ericsson AB
Original Assignee
Telefonaktiebolaget LM Ericsson AB
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Family has litigation
First worldwide family litigation filed litigation Critical https://patents.darts-ip.com/?family=36811839&utm_source=google_patent&utm_medium=platform_link&utm_campaign=public_patent_search&patent=CN100565458(C) "Global patent litigation dataset” by Darts-ip is licensed under a Creative Commons Attribution 4.0 International License.
Application filed by Telefonaktiebolaget LM Ericsson AB filed Critical Telefonaktiebolaget LM Ericsson AB
Publication of CN1802633A publication Critical patent/CN1802633A/en
Application granted granted Critical
Publication of CN100565458C publication Critical patent/CN100565458C/en
Anticipated expiration legal-status Critical
Expired - Lifetime legal-status Critical Current

Links

Images

Landscapes

  • Mobile Radio Communication Systems (AREA)
  • Telephonic Communication Services (AREA)

Abstract

Be used to control method and system to the visit of the platform of the platform of the portable terminal of radio telecommunications system or another product.This system comprises the platform with software services component and interface component, and this interface component has at least one interface, is used to provide the visit to software services component, so that can install, load and move application domain software in platform.Access controller control application domain software is via the visit of at least one interface to software services component.Access controller comprises blocking module, is used for receiving from application domain software the request of access software services component; And comprise security access manager, be used to determine whether permit license request.If security access manager is permitted this license request, then permit application domain software via at least one interface accessing software services component.

Description

中间件中的安全访问管理器 Security Access Manager in Middleware

技术领域 technical field

本发明一般地涉及无线电信领域,更具体地说,本发明涉及用于控制对无线电信系统的移动终端的平台的访问的系统和方法。The present invention relates generally to the field of wireless telecommunications, and more particularly, the present invention relates to a system and method for controlling access to a platform of a mobile terminal of a wireless telecommunications system.

背景技术 Background technique

自从80年代首先引入蜂窝电信系统以来,该系统中使用的移动终端(移动台)正日益复杂。最初,移动终端主要设计来提供话音电话服务(即接收和发送话音通信)。近年来,已开发出还具有传送与话音电话呼叫无关的用户数据的能力的移动终端。这种用户数据包括要通过经由个人计算机(PC)发起的拨号网络连接传送的数据。Since the cellular telecommunication system was first introduced in the 80's, the mobile terminals (mobile stations) used in the system have become increasingly complex. Originally, mobile terminals were primarily designed to provide voice telephony services (ie, receive and send voice communications). In recent years, mobile terminals have been developed that also have the ability to communicate user data unrelated to voice telephone calls. Such user data includes data to be transferred over a dial-up network connection initiated via a personal computer (PC).

当前,正在开发用于未来移动电信系统的所谓“第三代”(3G)系统。3G系统将高速互联网接入与传统话音通信结合,并使用户可以使用除话音通信外的下列功能:互联网浏览、流式音频/视频、定位、视频会议及许多其它功能。Currently, so-called "third generation" (3G) systems are being developed for future mobile telecommunication systems. 3G systems combine high-speed Internet access with traditional voice communications and enable users to use the following functions in addition to voice communications: Internet browsing, streaming audio/video, positioning, video conferencing, and many others.

已建立了第三代伙伴项目(3GPP),以确保全球正在开发的几种3G系统之间互相兼容。3GPP正在开发通用移动电话系统(UMTS),用以提供能够在全球任何地方传递话音、数据和多媒体的陆地和卫星系统。The Third Generation Partnership Project (3GPP) has been established to ensure compatibility among the several 3G systems being developed around the world. 3GPP is developing the Universal Mobile Telephone System (UMTS) to provide terrestrial and satellite systems capable of delivering voice, data and multimedia anywhere in the world.

通过3GPP标准化工作,蜂窝电信系统中包括的功能迅速增多,这对要在系统中使用的移动终端的开发者提出了大量要求。这种要求因移动终端是尺寸、存储器和功率受限的“资源需缺型”环境这一事实而加剧。Through the 3GPP standardization work, the functions included in cellular telecommunication systems are rapidly increasing, which places a lot of demands on developers of mobile terminals to be used in the system. This requirement is exacerbated by the fact that mobile terminals are size, memory and power constrained "resource hungry" environments.

传统上,移动终端厂商设计、制造并销售基本上完整的移动终端系统,该系统包括基本终端操作所需的所有硬件和软件,以及提供厂商或特定用户基于其对市场需求的理解所期望的特征和功能所需要的硬件和软件。这种方法并不提供灵活性,以快速适应市场需求迅速变化或满足多用户的各种需求。Traditionally, mobile terminal vendors design, manufacture, and sell essentially complete mobile terminal systems that include all the hardware and software required for basic terminal operation, as well as features that are desired by the manufacturer or specific users based on their understanding of market needs and the hardware and software required to function. This approach does not provide the flexibility to quickly adapt to rapidly changing market demands or to meet the diverse needs of multiple users.

认识到设计并制造移动终端的传统过程的不足,已经开发了移动终端平台装置,其包括可作为一个单元销售给多个用户的多个功能互补的软件和硬件单元。每个用户随后可以将其自身的应用软件安装、加载到该平台装置中并运行,以便为满足用户自身特定需要的移动终端提供定制的平台系统。在共同转让的美国专利申请No.10/359911和10/359835中详细描述了移动终端平台装置和平台系统,这些申请的公开内容通过引用结合于本文中。Recognizing the inadequacies of the traditional process of designing and manufacturing mobile terminals, mobile terminal platform devices have been developed that include multiple functionally complementary software and hardware units that can be sold as a unit to multiple users. Each user can then install, load and run his own application software on the platform device, so as to provide a customized platform system for the mobile terminal that meets the user's own specific needs. Mobile terminal platform devices and platform systems are described in detail in commonly assigned US Patent Application Nos. 10/359911 and 10/359835, the disclosures of which are incorporated herein by reference.

如上所述的平台系统(其中移动终端平台装置软件和应用软件分别单独开发,而后通过在移动终端平台装置中安装、加载并运行应用软件进行组合)可能要求要在虚拟机上运行的非本机应用,如Javamidlet(Java移动信息设备小程序)。虚拟机确保不会发生非法存储器访问。然而,这种非本机应用依赖于移动终端平台装置的本机代码所提供的功能。对例如平台域或应用域中这种本机功能的无限制访问可能危及移动终端的完整性,例如因发起引起费用的事件而又不通知终端用户。The above-mentioned platform system (wherein the mobile terminal platform device software and the application software are developed separately, and then combined by installing, loading and running the application software in the mobile terminal platform device) may require non-native software to be run on the virtual machine. Applications, such as Javamidlet (Java mobile information device applet). The virtual machine ensures that illegal memory accesses do not occur. However, such non-native applications rely on the functionality provided by the native code of the mobile terminal platform device. Unrestricted access to such native functionality, eg in the platform domain or application domain, may compromise the integrity of the mobile terminal, eg by initiating a cost-inducing event without notifying the end user.

将产地证(certificate of origin)用于应用,以确定其中的信任程度,从而准许非本机执行环境访问移动终端平台装置提供的可用服务子集。然而,上述情况因准许的许可可能在运行时被移动终端用户改变这一事实而进一步复杂化。Using a certificate of origin for the application to determine the level of trust therein grants the non-native execution environment access to a subset of services available on the mobile terminal platform device. However, the above situation is further complicated by the fact that granted permissions may be changed at runtime by the mobile terminal user.

因此,需要在任何时候(例如运行时)能够动态注册许可以及访问移动终端平台装置的本机代码。Therefore, there is a need to be able to dynamically register permissions and access the native code of the mobile terminal platform device at any time (eg, runtime).

发明内容 Contents of the invention

一种用于控制对平台的访问的系统包括具有软件服务构件和接口构件的平台,所述接口构件具有至少一个接口,用于提供对软件服务构件的访问,以便能够在平台中安装、加载并运行应用域程序。上述系统还包括访问控制器,用于控制请求应用域软件经由至少一个接口对软件服务构件的访问。访问控制器包括:拦截模块,用于接收上述请求应用域软件访问软件服务构件的请求;判决实体,用于确定是否准许请求。如果准许上述请求,则准许请求应用域软件经由至少一个接口访问所述软件服务构件。A system for controlling access to a platform includes a platform having a software service component and an interface component having at least one interface for providing access to the software service component to enable installation, loading and Run the application domain program. The above system further includes an access controller, configured to control the access of the requesting application domain software to the software service component via at least one interface. The access controller includes: an intercepting module, configured to receive the request for the application domain software to access the software service component; and a decision entity, configured to determine whether to grant the request. If the request is granted, the requesting application domain software is granted access to the software service component via at least one interface.

一种方法,用于控制对具有软件服务构件和接口构件的平台的访问,其包括接收请求应用域软件访问应用软件构件的请求。接口构件具有至少一个接口,用于提供对软件服务构件的访问,以便能够在平台上安装、加载并运行应用域程序。上述方法还包括确定是否应该准许上述请求,如果准许该请求,则准许经由至少一个接口访问被请求的软件服务构件。A method for controlling access to a platform having a software service component and an interface component includes receiving a request requesting application domain software to access the application software component. The interface component has at least one interface, which is used to provide access to the software service component, so that the application domain program can be installed, loaded and run on the platform. The above method also includes determining whether the above request should be granted, and if the request is granted, granting access to the requested software service component via at least one interface.

一种系统,用于控制对无线电信系统的移动终端的平台的访问,其包括具有软件服务构件和接口构件的平台。接口构件具有至少一个接口,用于提供对软件服务构件的访问,以便能够在平台上安装、加载并运行非本机应用软件。上述系统还包括访问控制器,用于控制非本机应用软件经由至少一个接口对软件服务构件的访问。访问控制器包括:拦截模块,用于接收上述非本机应用软件访问软件服务构件的请求;判决实体,用于确定是否准许请求。如果准许上述请求,则准许非本机应用软件经由至少一个接口访问软件服务构件。A system for controlling access to a platform of a mobile terminal of a wireless telecommunications system includes a platform having software service components and interface components. The interface component has at least one interface for providing access to the software service component so that non-native application software can be installed, loaded and run on the platform. The above system also includes an access controller for controlling access of the non-native application software to the software service component via at least one interface. The access controller includes: an interception module, used for receiving the above-mentioned non-native application software's request for accessing the software service component; and a decision entity, used for determining whether to grant the request. If the request is granted, the non-native application software is permitted to access the software service component via at least one interface.

按照本发明的上述方案,软件服务构件包括多个用于提供服务的、结构完善的功能软件单元,所述服务经由接口构件提供给用户。According to the above solution of the present invention, the software service component includes a plurality of well-structured functional software units for providing services, and the services are provided to users via the interface component.

附图说明 Description of drawings

图1是显示用于无线电信系统的移动终端的平台系统的示意框图,用于帮助解释本发明的原理;1 is a schematic block diagram showing a platform system for a mobile terminal of a wireless telecommunication system, to help explain the principles of the present invention;

图2是显示图1的平台系统的移动终端平台装置的配置视图的示意框图,以进一步帮助解释本发明的原理;2 is a schematic block diagram showing a configuration view of a mobile terminal platform device of the platform system of FIG. 1, to further help explain the principles of the present invention;

图3是显示图1和2的移动终端平台装置的软件体系结构的示意框图,以进一步帮助解释本发明的原理;Fig. 3 is a schematic block diagram showing the software architecture of the mobile terminal platform device of Fig. 1 and 2, to further help explain the principle of the present invention;

图4A是显示根据本发明一个示范实施例的图1-3的中间件服务层的细节的逻辑框图;Figure 4A is a logical block diagram showing details of the middleware service layer of Figures 1-3 according to an exemplary embodiment of the present invention;

图4B是示出系统的不同部分,即应用域500、中间件域501和平台域502之间关系的实现视图;Figure 4B is an implementation view showing the relationship between the different parts of the system, namely the application domain 500, the middleware domain 501 and the platform domain 502;

图5是显示根据本发明另一个示范实施例,图4的中间件服务层的开放应用框架API域的细节的示意框图;5 is a schematic block diagram showing details of the open application framework API domain of the middleware service layer of FIG. 4 according to another exemplary embodiment of the present invention;

图6A是显示根据本发明原理,与许可请求和判决相关的消息的细节的示意框图;Figure 6A is a schematic block diagram showing details of messages related to permission requests and decisions in accordance with the principles of the present invention;

图6B是显示根据本发明另一个示范实施例,与许可请求和判决相关的消息的细节的示意框图;6B is a schematic block diagram showing details of messages related to permission requests and decisions according to another exemplary embodiment of the present invention;

图7是说明根据本发明原理,用于向SAM 518请求访问并从其接收许可判决的方法的步骤的流程图;7 is a flowchart illustrating the steps of a method for requesting access to and receiving a permission decision from a SAM 518 in accordance with the principles of the present invention;

图8A和8B是说明根据本发明另一个示范实施例,以更有效方式请求访问及接收许可判决的方法的步骤的流程图;8A and 8B are flowcharts illustrating the steps of a method of requesting access and receiving permission decisions in a more efficient manner according to another exemplary embodiment of the present invention;

图9是示出根据本发明原理,安全访问管理器的细节的示意框图;Figure 9 is a schematic block diagram showing details of a secure access manager in accordance with the principles of the present invention;

图10是示出根据本发明另一个示范实施例,拦截模块的细节的示意框图。Fig. 10 is a schematic block diagram illustrating details of an interception module according to another exemplary embodiment of the present invention.

具体实施方式 Detailed ways

图1是显示用于无线电信系统的移动终端的平台系统的示意框图,用于帮助解释本发明的原理。平台系统一般地以标号10表示,其包括移动终端平台装置12和一个或多个已经被安装、加载到移动终端平台装置12中并在其中运行的应用(即应用软件)14。平台系统10适于结合在一般地以虚线16表示的移动终端中。Fig. 1 is a schematic block diagram showing a platform system for a mobile terminal of a wireless telecommunication system to help explain the principles of the present invention. The platform system is generally indicated by reference numeral 10, which includes a mobile terminal platform device 12 and one or more applications (ie, application software) 14 that have been installed, loaded into the mobile terminal platform device 12 and run therein. Platform system 10 is suitable for incorporation in a mobile terminal, indicated generally by dashed line 16 .

移动终端平台装置12包括软件服务构件22、硬件构件24和接口构件26。软件服务构件22包括多个用于提供服务的、结构完善的功能软件单元,上述服务经由接口构件26提供给用户。在图1所示的示范系统10中,所述多个软件单元包括多个垂直方向的功能软件栈30-38。硬件构件24包括一组硬件单元,该组硬件单元与它们各自的功能软件栈相关联并由它们各自的功能软件栈控制。在图1所示的示范系统10中,硬件单元是与软件栈30-38相关联的不同硬件块40-48。The mobile terminal platform device 12 includes a software service component 22 , a hardware component 24 and an interface component 26 . The software service component 22 includes a plurality of well-structured functional software units for providing services, which are provided to users via the interface component 26 . In the exemplary system 10 shown in FIG. 1, the plurality of software units includes a plurality of vertically oriented functional software stacks 30-38. The hardware components 24 comprise a set of hardware units associated with and controlled by their respective functional software stacks. In the exemplary system 10 shown in FIG. 1, the hardware elements are distinct hardware blocks 40-48 associated with software stacks 30-38.

接口构件26包括中间件服务层,该中间件服务层包括至少一个应用编程接口(API),用于在移动终端平台装置12中安装、加载并运行一个或多个应用14,该中间件服务层通过所述接口将移动终端平台装置12与使用该平台装置12的应用14隔离,并且为应用14提供各种其它服务。随后将描述中间件服务层的具体细节。Interface component 26 comprises middleware service layer, and this middleware service layer comprises at least one application programming interface (API), is used for installing, loading and running one or more applications 14 in mobile terminal platform device 12, and this middleware service layer The mobile terminal platform device 12 is isolated from the application 14 using the platform device 12 through the interface, and various other services are provided for the application 14 . Specific details of the middleware service layer will be described later.

平台系统10的移动终端平台装置12适于作为与应用软件14(本文所用术语“应用软件”可以是任何提供用户(例如制造商或终端用户)可能希望利用的除平台软件功能以外的功能的软件)分离的完整的、密封的单元来设计、实现、装配和测试。相应地,用户可以开发或者获得他们自身的应用软件14,并在以后将该软件14加到移动终端平台装置12中,以根据其需要调整平台系统10。相应地,可以将移动终端平台装置12销售或者转让给多个不同用户,其中每个用户可以通过在该平台装置上安装、加载并运行他们自己的应用软件来定制平台系统10,以满足他们自身对平台系统的特殊需求。The mobile terminal platform device 12 of the platform system 10 is adapted to function as an interface with application software 14 (the term "application software" as used herein may be any software that provides functionality other than platform software functionality that a user (such as a manufacturer or an end user) may wish to utilize. ) separate complete, sealed units to design, implement, assemble, and test. Accordingly, users can develop or obtain their own application software 14 and later add this software 14 to the mobile terminal platform device 12 to adjust the platform system 10 according to their needs. Accordingly, the mobile terminal platform device 12 can be sold or transferred to a plurality of different users, wherein each user can customize the platform system 10 by installing, loading and running their own application software on the platform device to meet their own needs. Special requirements for platform systems.

图2是显示图1的移动终端平台系统12的配置视图的一个示例的示意框图,以进一步帮助理解本发明。如图2所示,移动终端平台装置12经由在主CPU 50中执行的软件控制。主CPU 50可包括一个或多个处理器,如微处理器、微型可编程处理器或DSP(数字信号处理器)。软件构件22的软件栈30-38各自包括操作与各栈相关联的硬件单元的硬件驱动软件60-68。在上述共同转让的美国专利申请No.10/359835中给出了移动终端平台装置12和平台系统10的更多细节。结合在移动终端平台装置12中的软件最好以使软件组织易于理解的方式配置,以使该软件更容易设计、更容易升级或修改。FIG. 2 is a schematic block diagram showing an example of a configuration view of the mobile terminal platform system 12 of FIG. 1 to further help understanding of the present invention. As shown in FIG. 2 , the mobile terminal platform device 12 is controlled via software executed in the main CPU 50. The main CPU 50 may include one or more processors, such as microprocessors, micro programmable processors or DSPs (Digital Signal Processors). The software stacks 30-38 of the software components 22 each include hardware driver software 60-68 that operates the hardware units associated with each stack. Further details of the mobile terminal platform device 12 and platform system 10 are given in the aforementioned commonly assigned US Patent Application No. 10/359835. The software incorporated in the mobile terminal platform device 12 is preferably configured in such a way that the software organization is easy to understand, so that the software is easier to design, easier to upgrade or modify.

图3是显示移动终端平台装置12的软件体系结构的示意框图,以进一步帮助解释本发明的原理。如图3所示,服务构件22除了如上所述组织到多个垂直的功能软件栈30-38中,还安排为定义多个水平层,以使中间件服务层的软件和软件服务构件22的软件共同定义一个分层结构(一般地以标号70表示),在此分层体系结构中,各层是以递降顺序从高级服务层到低级服务层排列的。FIG. 3 is a schematic block diagram showing the software architecture of the mobile terminal platform device 12 to further help explain the principles of the present invention. As shown in FIG. 3, the service components 22, in addition to being organized into multiple vertical functional software stacks 30-38 as described above, are also arranged to define multiple horizontal layers so that the software of the middleware service layer and the software of the software service components 22 The software collectively defines a layered structure (generally indicated at 70) in which layers are arranged in descending order from high-level service layers to low-level service layers.

该软件体系结构与标准ISO/OSI(ISO开放系统互连)模型的不同之处在于,该软件体系结构包括补充多个垂直划分的软件层的多个水平划分的功能软件单元。水平划分非常有助于创建独立的模块化构件。The software architecture differs from the standard ISO/OSI (ISO Open Systems Interconnection) model in that it comprises a number of horizontally divided functional software units complementing a number of vertically divided software layers. Horizontal division is very helpful for creating independent modular components.

分层结构的最高层是中间件服务层。软件服务构件22的层次包括:提供应用服务的应用服务器层80;为应用提供特定平台服务的平台服务层82;提供会话协议和特定应用协议的协议层84;提供音频访问/控制、数据通信传输协议、消息收发协议等的传输层86;提供外部数据IF访问、结构化存储服务和其它低级平台支持服务的数据访问层88;逻辑驱动器层90和封装硬件相关性的物理驱动器层92。此外,软件服务构件22包括提供平台装置所需一般服务的基本系统服务层94。The highest layer of the layered structure is the middleware service layer. The layers of the software service component 22 include: an application server layer 80 that provides application services; a platform service layer 82 that provides specific platform services for applications; a protocol layer 84 that provides session protocols and specific application protocols; provides audio access/control, data communication transmission Transport layer 86 for protocols, messaging protocols, etc.; data access layer 88 for providing external data IF access, structured storage services, and other low-level platform support services; logical driver layer 90 and physical driver layer 92 for encapsulating hardware dependencies. Additionally, the software services component 22 includes a base system services layer 94 that provides the general services required by the platform device.

底下的两层90和92构成硬件抽象层(HAL),其隔离软件和硬件之间的相关性。只有物理驱动器层涉及硬件细节(即,将寻址ASIC硬件中的哪一个寄存器)。逻辑驱动器层90提供到硬件的逻辑映射,即,该层在移动终端平台装置12的硬件和软件部分之间提供桥接。The bottom two layers 90 and 92 constitute the Hardware Abstraction Layer (HAL), which isolates dependencies between software and hardware. Only the physical driver layer deals with hardware details (ie which register in the ASIC hardware will be addressed). The logical driver layer 90 provides a logical mapping to hardware, ie, this layer provides a bridge between the hardware and software parts of the mobile terminal platform device 12 .

软件本身组织成多个软件模块,如图3中具体示出的模块102、104、106。在软件服务构件22中,单个模块可驻留在仅一个垂直功能栈中以及该栈中的仅一个水平层中。每层可包含一到多个模块,特定栈内特定层中的所有模块具有相同的抽象层次。各模块之间的通信通过受软件模块与模块访问的基本规则集控制的软件底板(Software back plane-SwBP)112来完成。这些规则可概括如下:The software itself is organized into a number of software modules, such as modules 102 , 104 , 106 as specifically shown in FIG. 3 . In software service component 22, a single module may reside in only one vertical functional stack and only one horizontal layer in that stack. Each layer can contain one or more modules, and all modules in a particular layer within a particular stack have the same level of abstraction. Communication between modules is accomplished through a software back plane (SwBP) 112 controlled by the basic rules set for software modules and module access. These rules can be summarized as follows:

-软件模块可调用在其所属层以下的所有层接口中的功能。- A software module can call functions in all layer interfaces below the layer to which it belongs.

-不存在对串行数据流方向的限制。串行数据流可以流往任何方向。- There is no restriction on the direction of serial data flow. Serial data streams can flow in any direction.

-软件模块绝不可调用在其所属层以上的层接口(在SwBP 112中)中的功能,与这些层属于哪一个模块无关。- A software module must not call functions in layer interfaces (in SwBP 112) above the layer it belongs to, regardless of which module these layers belong to.

-软件模块可调用相同垂直栈中其所属层中的层接口中的功能。- A software module may call a function in a layer interface in the layer to which it belongs in the same vertical stack.

-软件模块可调用另一个垂直栈中相同层中软件模块中的功能(允许这种能力以限制垂直栈中层的数量)。- A software module may call a function in a software module in the same layer in another vertical stack (this capability is allowed to limit the number of layers in the vertical stack).

在SwBP 112中的不同模块和接口之间不存在硬耦合(hardcoupling)。因此,可以随意改变模块和/或接口的实现,而不会影响接口的客户。客户是例如应用、实用程序、插件程序或平台服务的任何其它消费者。缺少硬耦合是一种重要能力,因为它允许增加、删除或改变单个模块而不影响平台装置中的其它模块。There is no hard coupling between different modules and interfaces in SwBP 112. Thus, the implementation of the module and/or the interface can be changed at will without affecting the clients of the interface. A client is, for example, an application, utility, plug-in, or any other consumer of a platform service. The lack of hard coupling is an important capability because it allows individual modules to be added, removed or changed without affecting other modules in the platform device.

在上述共同转让的美国专利申请No.10/359911中描述了分层体系结构的更多细节,包括实现移动终端平台装置内模块之间内部通信的SwBP软件结构。中间件服务层用于在移动终端平台装置12中的软件与要在该平台装置中安装、加载并运行的应用软件14之间提供明确定义的接口,并且对移动终端平台装置12进行封装,并通过自身将该平台装置12与应用隔离,而且为应用提供各种其它服务。Further details of the layered architecture, including the SwBP software structure enabling internal communication between modules within a mobile terminal platform device, are described in the aforementioned commonly assigned US Patent Application No. 10/359911. The middleware service layer is used to provide a well-defined interface between the software in the mobile terminal platform device 12 and the application software 14 to be installed, loaded and run in this platform device, and the mobile terminal platform device 12 is packaged, and The platform device 12 is isolated from applications by itself, and provides various other services to applications.

图4A是显示根据本发明原理的接口构件26的中间件服务层的细节的示意框图。如图4A所示,中间件服务层包括多个API域,包括非本机环境(例如Java执行(Java ExE)环境)API域202、开放应用框架(OAF)API域204、开放平台API(OPA)域206和UI工具包API域208。Figure 4A is a schematic block diagram showing details of the middleware service layer of the interface component 26 in accordance with the principles of the present invention. As shown in Figure 4A, the middleware service layer includes multiple API domains, including non-native environment (such as Java Execution (Java ExE) environment) API domain 202, Open Application Framework (OAF) API domain 204, Open Platform API (OPA ) domain 206 and UI toolkit API domain 208.

通过中间件服务层中的API 202-208,移动终端平台装置12支持多种应用环境。在图4的示范实施例中,中间件服务层支持本机应用(即,经编译以通过特定处理器及其指令集运行的应用)环境和非本机应用(如JAVA J2ME CLDC/MIDP(Java 2微型版连接有限设备配置/移动信息设备简档))环境。每个应用环境在如下方面具有自己的特性:Through the API 202-208 in the middleware service layer, the mobile terminal platform device 12 supports multiple application environments. In the exemplary embodiment of FIG. 4, the middleware service layer supports a native application (i.e., an application compiled to run on a specific processor and its instruction set) environment and a non-native application (such as JAVA J2ME CLDC/MIDP (Java 2 micro version connects limited device configuration/mobile information device profile)) environment. Each application environment has its own characteristics in terms of:

-开发应用的方法(编程语言支持、编译和连接)。- The method of developing the application (programming language support, compiling and linking).

-执行应用的方法(例如解释或本机代码执行)- method of executing the application (e.g. interpreted or native code execution)

-提供的功能服务。- Functional services provided.

-使用中的潜在限制。- Potential limitations in use.

通过提供多种可选应用环境,有助于提供一系列在例如成本、易用性、上市时间、功能集、尺寸、便携性等方面要求不同的范围广泛的产品。By providing a variety of optional application environments, it helps to provide a wide range of products with different requirements such as cost, ease of use, time to market, feature set, size, portability, etc.

图4B通过实现视图示出系统的不同部分之间的关系。主要域是应用域500、中间件域501和平台域502。更高级别上的模块视为具有对图4B中低级模块的依赖性。应用域500可容纳在非本机环境504(例如JAVA虚拟机)内封装的非本机应用506(1)-(N)以及本机应用516。然而,应用域500不一定需要容纳任何非本机应用。在将来自应用506和5 16的服务请求传递给低级服务之前,这些请求通过拦截模块508接受访问控制。这种底层服务可包括包含高级图形支持的插入程序(例如UI工具包510)以及由中间件域501中开放平台API(OPA)512代表的更为基本的服务。通过OPA 512,应用可以与应用管理器(AM)514通信以请求访问许可的更新。在一个示范实施例中,AM 514将任何这种请求通知给安全访问管理器(SAM)518。在共同转让的美国专利申请No.10/359772中描述了中间件服务层26的更多细节。Figure 4B shows the relationship between different parts of the system by means of an implementation view. The main domains are application domain 500 , middleware domain 501 and platform domain 502 . Modules at higher levels are considered to have dependencies on lower level modules in Figure 4B. Application domain 500 may house non-native applications 506(1)-(N) and native applications 516 encapsulated within a non-native environment 504 (eg, a JAVA virtual machine). However, application domain 500 does not necessarily need to accommodate any non-native applications. Service requests from applications 506 and 516 are subject to access control through interception module 508 before being passed on to low-level services. Such low-level services may include plug-ins containing advanced graphics support (eg, UI toolkit 510 ) as well as more basic services represented by Open Platform API (OPA) 512 in middleware domain 501 . Through OPA 512, applications can communicate with Application Manager (AM) 514 to request updates of access permissions. In an exemplary embodiment, AM 514 notifies Security Access Manager (SAM) 518 of any such requests. Further details of the middleware service layer 26 are described in commonly assigned US Patent Application No. 10/359772.

图5是显示根据本发明的示范实施例的开放应用框架(OAF)API域204中的主要软件模块的框图。如图所示,这些模块包括SAM 518和访问拦截模块(IM)223。SAM 518负责准许非本机应用如Java应用对开放平台API域206的访问,以便根据这些应用的证书来监视这些应用。换言之,SAM 518负责确定是否应该允许来自非本机环境的调用。SAM 518容纳并维护与平台服务访问相关的安全策略。就此而言,Java Exe环境504对本机平台服务的访问可比本机应用环境516的访问更受限制。IM 223负责监视来自在非本机(例如Java)环境504中运行的应用的服务请求,在一些情况下,还可以考虑对本机执行环境进行应用服务请求监视。FIG. 5 is a block diagram showing main software modules in the Open Application Framework (OAF) API domain 204 according to an exemplary embodiment of the present invention. As shown, these modules include SAM 518 and access interception module (IM) 223. The SAM 518 is responsible for granting non-native applications, such as Java applications, access to the Open Platform API domain 206 in order to monitor these applications based on their credentials. In other words, the SAM 518 is responsible for determining whether calls from non-native environments should be allowed. SAM 518 houses and maintains security policies related to platform service access. In this regard, the Java Exe environment 504's access to native platform services may be more restricted than the native application environment's 516 access. The IM 223 is responsible for monitoring service requests from applications running in a non-native (eg Java) environment 504, and in some cases, application service request monitoring for native execution environments may also be considered.

一般而言,AM 514处理所有应用的注册、安装、启动、停止、卸载和删除。IM 223拦截从EXE环境到本机平台服务的非本机应用服务请求(就Java应用而言,拦截发生在Java支撑层的边界处)并访问SAM 518以对该服务访问进行准许。如果准许访问,则将非本机应用服务请求转发到开放平台API(OPA)206,并且如同本机应用一样处理该非本机应用服务请求。许可请求是IM 223和SAM 518之间的业务量。服务请求是应用250(参见例如图6A-B)或应用域500中任何软件与平台域502之间的业务量。服务请求表示客户要访问平台域502的服务。In general, AM 514 handles registration, installation, start, stop, uninstall and deletion of all applications. The IM 223 intercepts non-native application service requests from the EXE environment to native platform services (in the case of Java applications, the interception occurs at the boundary of the Java support layer) and accesses the SAM 518 to grant access to the service. If access is granted, the non-native application service request is forwarded to the Open Platform API (OPA) 206 and processed like a native application. Admission requests are traffic between the IM 223 and the SAM 518. A service request is traffic between an application 250 (see, eg, FIGS. 6A-B ) or any software in the application domain 500 and the platform domain 502 . A service request indicates that a customer wants to access a service of the platform domain 502 .

SAM 518可以用各种方式准许访问本机平台服务,图6A和图7中示出了其中一个示例。具体地说,图6A是涉及准许或拒绝服务请求的构件和消息的框图,图7是说明根据本发明示范实施例,与准许或拒绝服务请求相关联的流程图。SAM 518 may grant access to native platform services in various ways, an example of which is shown in FIGS. 6A and 7 . Specifically, FIG. 6A is a block diagram of components and messages involved in granting or denying a service request, and FIG. 7 is a flowchart illustrating a flow chart associated with granting or denying a service request, according to an exemplary embodiment of the present invention.

参考图6A和图7,在步骤280,非本机应用250请求需要访问本机平台服务的服务。在步骤282,IM 223拦截上述服务请求,该服务请求包括请求非本机应用250的ID标记。在步骤284,将许可请求以及该服务请求中包括的ID标记从IM 223发送到SAM 518。IM223还可以向SAM 518发送其它访问信息以及非本机应用250期望访问的本机平台服务的标识。SAM 518检查本机平台服务的安全策略以确定是否可以准许非本机应用250进行访问。在步骤286,SAM518形成许可判决并将该判决转发到IM 223。如果准许许可请求,则在步骤288将该服务请求转发到非本机应用250请求的一个或多个本机平台服务。然后在步骤290执行所请求的服务,如果拒绝许可请求,则在步骤296将拒绝响应发送到非本机应用250。Referring to Figures 6A and 7, at step 280, the non-native application 250 requests services that require access to native platform services. In step 282, the IM 223 intercepts the above-mentioned service request, which includes the ID tag of the requesting non-native application 250. In step 284, a permission request is sent from the IM 223 to the SAM 518 along with the ID token included in the service request. The IM 223 may also send other access information to the SAM 518 along with the identification of the native platform services that the non-native application 250 desires to access. The SAM 518 checks the security policy of the native platform service to determine if non-native application 250 can be granted access. In step 286, SAM 518 forms a permission decision and forwards the decision to IM 223. If the permission request is granted, then at step 288 the service request is forwarded to the one or more native platform services requested by the non-native application 250 . The requested service is then performed at step 290 and, if the permission request is denied, a denial response is sent to the non-native application 250 at step 296 .

如果ID标记320与定位的访问记录318中包括的ID标记320之一不匹配,则在步骤292拒绝上述请求,并且在步骤296中止该请求并将其返回给请求非本机应用250,如图7和8A所示。If the ID token 320 does not match one of the ID tokens 320 included in the located access record 318, the request is denied at step 292, and the request is aborted at step 296 and returned to the requesting non-native application 250, as shown in FIG. 7 and 8A are shown.

在另一种可选方案中,许可判决可能需要批准程序(approvalprocedure)。例如,如步骤294所示,可能要求用户批准对本机平台服务的访问。如果在步骤294用户批准该访问,则在步骤288中将请求转发给本机平台服务。然而,如果在步骤294拒绝访问,则在步骤292拒绝上述请求,并且在步骤296中止该请求并将其返回给发出请求的客户。In another alternative, a license decision may require an approval procedure. For example, as shown in step 294, the user may be asked to approve access to native platform services. If at step 294 the user approves the access, then at step 288 the request is forwarded to the native platform service. However, if access is denied at step 294, then the request is denied at step 292, and the request is aborted at step 296 and returned to the requesting client.

图6B、8A和8B示出另一个示例,其中拦截模块在本地作出准许或拒绝请求的判决,以及SAM 518更新IM中存储的证书。根据图6B,非本机应用250请求服务。IM 223拦截该服务请求。IM 223在本地准许或拒绝该请求。同时,SAM 518根据每个需要或每隔一段时间向IM 223发出更新IM 223所保持并据以进行准许的记录的请求。Figures 6B, 8A and 8B illustrate another example where the interception module makes a decision locally to grant or deny the request, and the SAM 518 updates the credentials stored in the IM. According to FIG. 6B, a non-native application 250 requests a service. IM 223 intercepts the service request. The IM 223 grants or denies the request locally. At the same time, the SAM 518 sends a request to the IM 223 to update the records kept by the IM 223 and based on each need or at regular intervals.

图8A是进一步说明根据图6B所示示例准许或拒绝服务请求的过程的流程图。如图所示,在步骤280和282,非本机应用250调用服务请求,而该服务请求和ID标记被IM 223拦截。IM 223在本地作出判决,而不将带ID标记的许可请求从IM 223发送到SAM 518。在本实施例中,IM 223维护本机平台服务的访问记录。每个访问记录包括已被许可访问所请求的本机平台服务的特定应用的ID标记。在步骤301,IM 223搜索被请求的本机平台服务的访问记录,以在步骤303确定请求非本机应用250的ID标记是否与上述访问记录相关联,并因此确定是否应该准许上述请求。如果在访问记录中发现请求非本机应用250的ID标记,则在步骤303准许非本机应用250访问被请求的本机平台服务。类似于图7的步骤288,将上述服务请求转发到被请求的本机平台服务,并在步骤290执行该服务。如果在所请求的本机平台服务的访问记录中没有发现请求非本机应用250的ID标记,则在步骤292拒绝上述请求,并且在步骤296中止该请求并将其返回给发出该请求的客户。8A is a flow diagram further illustrating the process of granting or denying a service request according to the example shown in FIG. 6B. As shown, at steps 280 and 282, the non-native application 250 invokes a service request, and the service request and ID token are intercepted by the IM 223. The IM 223 makes the decision locally without sending an ID-tagged permission request from the IM 223 to the SAM 518. In this embodiment, the IM 223 maintains access records of the native platform services. Each access record includes an ID token for a particular application that has been granted access to the requested native platform service. In step 301, the IM 223 searches the access records of the requested native platform service to determine in step 303 whether the ID token of the requesting non-native application 250 is associated with the access records, and thus determines whether the request should be granted. If the ID tag of the requesting non-native application 250 is found in the access record, then in step 303 the non-native application 250 is permitted to access the requested native platform service. Similar to step 288 of FIG. 7 , the above service request is forwarded to the requested native platform service and executed at step 290 . If the ID token of the requesting non-native application 250 is not found in the access record of the requested native platform service, then the request is rejected at step 292, and the request is aborted at step 296 and returned to the client who made the request .

在另一种可选方案中,许可判决可能需要批准程序。例如,可能要求用户批准对本机平台服务的访问,如步骤294所示。如果在步骤294用户批准访问,则如步骤288所示将请求转发给本机平台服务。然而,如果在步骤294拒绝所述访问,则在步骤292拒绝上述请求,并且在步骤296中止该请求并将其返回给发出该请求的客户。In another alternative, a Licensing Judgment may require an Approval Process. For example, the user may be required to approve access to native platform services, as shown in step 294 . If the user approves access at step 294, the request is forwarded to the native platform service as shown at step 288. However, if the access is denied at step 294, the request is denied at step 292, and the request is aborted at step 296 and returned to the client who made the request.

在需要时或每隔预定时间间隔,SAM 518可将许可更新请求分发给至少一个IM 223。如图8B所示,对于何时可以进行这种更新,存在不同的情况。在运行时期间,用户可经由AM 514改变给特定非本机应用250的许可(如步骤412所示),从而需要更新SAM 518所维护的访问记录(如步骤414所示)。然后可由SAM将更新的许可转发到IM(如步骤416所示)。必须更新SAM和IM的记录的其它情况包括在向系统中添加新应用时(如步骤404和406所示)以及在从系统中删除现有应用时(如步骤408和410所示)。为了进一步加快许可判决,可以根据如下所述IM 223的一个实施例使用判决高速缓存。SAM 518 may distribute license update requests to at least one IM 223 when needed or at predetermined intervals. As shown in Figure 8B, there are different circumstances as to when such an update can be made. During runtime, a user may change permissions to a particular non-native application 250 via AM 514 (as shown in step 412), requiring an update of the access records maintained by SAM 518 (as shown in step 414). The updated license may then be forwarded by the SAM to the IM (as shown in step 416). Other situations where the records of SAM and IM must be updated include when new applications are added to the system (shown in steps 404 and 406) and when existing applications are deleted from the system (shown in steps 408 and 410). To further speed up licensing decisions, a decision cache may be used according to one embodiment of the IM 223 as described below.

现在参考图9,其示出根据本发明一个实施例的SAM 518的细节。如图所示,SAM 518包括判决高速缓存,用于记录最频繁和/或最近的服务请求,以便找出与特定服务请求相关联的许可判决。给定的非本机应用250可多次提交相同的服务请求。因此,判决高速缓存310记录频繁的服务请求,并可在较早的请求中搜索以发现与特定服务请求相关联的许可判决。例如,Java应用可多次请求特定本机平台服务。接收的许可请求包括请求非本机应用250的ID标记。Referring now to FIG. 9, details of a SAM 518 according to one embodiment of the present invention are shown. As shown, the SAM 518 includes a decision cache for recording the most frequent and/or recent service requests in order to find admission decisions associated with a particular service request. A given non-native application 250 may submit the same service request multiple times. Accordingly, the decision cache 310 records frequent service requests and can search through earlier requests to find permission decisions associated with a particular service request. For example, a Java application may request a particular native platform service multiple times. The received permission request includes requesting an ID token for the non-native application 250 .

当非本机应用250首次发出服务请求时,SAM 518访问访问控制列表(ACL)312,以确定是否应该将许可授权给被请求的本机平台服务。ACL 312存储若干访问记录,这些访问记录来自应用的原产地证。这些记录314与每个注册并安装的非本机应用如特定Java应用相关联。SAM 518搜索请求应用314的可能记录,以发现与特定请求应用的匹配。如果在记录集中找到特定请求应用,则搜索许可316以确定是否应该准许访问被请求的本机平台服务。基于相关联和存储的许可316生成许可判决。该许可判决发送到IM 223,并且还可以和许可请求一起存储在判决高速缓存310中。当下次IM 223拦截到来自相同非本机应用250的服务请求并将其转发到SAM 518时,就该许可请求搜索判决高速缓存310。当查找到许可请求时,将与该许可请求相关联的许可判决转发到IM 223。通过利用判决高速缓存310,SAM 518在作出许可判决时变得更加有效。When a non-native application 250 first makes a service request, the SAM 518 accesses the access control list (ACL) 312 to determine whether permission should be granted to the requested native platform service. ACL 312 stores a number of access records from the application's certificate of origin. These records 314 are associated with each registered and installed non-native application, such as a specific Java application. The SAM 518 searches the possible records of the requesting application 314 to find a match with the particular requesting application. If the particular requesting application is found in the record set, permissions are searched 316 to determine whether access to the requested native platform service should be granted. A license decision is generated based on the associated and stored license 316 . The permission decision is sent to the IM 223 and may also be stored in the decision cache 310 along with the permission request. The next time the IM 223 intercepts a service request from the same non-native application 250 and forwards it to the SAM 518, the decision cache 310 is searched for that permission request. When a permission request is found, the permission decision associated with that permission request is forwarded to the IM 223. By utilizing the decision cache 310, the SAM 518 becomes more efficient in making admission decisions.

图10示出根据本发明另一个实施例的IM 223的细节。需要注意的是,虽然在本示例中ACL和判决高速缓存位于IM 223中,但如果ACL和判决高速缓存位于SAM 518中,相同的原理也是适用的。在图10中,ACL 312存储与图9所示访问记录不同格式的访问记录。具体地说,在图10中,ACL 312存储移动终端本机平台服务的访问记录318。存在对应于移动终端每个本机平台服务(或服务组)的访问记录318。每个访问记录318包括被允许访问与访问记录318相关联的特定本机平台服务(或服务组)的非本机应用250的ID标记320。在需要更新访问列表和记录时,SAM 518向IM 223发送请求。更新请求包括与更新相关联的非本机应用250的ID标记320以及必须改变许可时被请求的本机平台服务的标识。IM 223搜索ACL 312中被请求的本机平台服务的访问记录318。一旦查找到,IM 223就确定请求非本机应用250的ID标记320是否包括在查找到的访问记录318中。如果请求非本机应用250的ID标记320与包括在查找到的访问记录318中的ID标记320之一匹配,则将许可授权给请求非本机应用250,并将服务请求转发到本机平台服务处理器。还可以用类似于参照图9所述的方式将许可判决存储在判决高速缓存310中。FIG. 10 shows details of an IM 223 according to another embodiment of the invention. Note that although in this example the ACL and decision cache are located in the IM 223, the same principles would apply if the ACL and decision cache were located in the SAM 518. In FIG. 10, ACL 312 stores an access record in a different format from the access record shown in FIG. 9. Specifically, in FIG. 10, the ACL 312 stores the access record 318 of the mobile terminal native platform service. There is an access record 318 for each native platform service (or group of services) of the mobile terminal. Each access record 318 includes ID tokens 320 of non-native applications 250 that are permitted to access the particular native platform service (or set of services) associated with the access record 318 . When access lists and records need to be updated, SAM 518 sends a request to IM 223. The update request includes the ID token 320 of the non-native application 250 associated with the update and the identification of the native platform service requested if permissions must be changed. The IM 223 searches the ACL 312 for the requested native platform service's access record 318. Once found, the IM 223 determines whether the ID token 320 of the requesting non-native application 250 is included in the found access record 318. If the ID token 320 of the requesting non-native application 250 matches one of the ID tokens 320 included in the lookup access record 318, permission is granted to the requesting non-native application 250 and the service request is forwarded to the native platform service processor. Licensing decisions may also be stored in decision cache 310 in a manner similar to that described with reference to FIG. 9 .

如果ID标记320与包括在查找到的访问记录318中的ID标记320之一不匹配,则在步骤292拒绝请求,并且在步骤296中止请求并将其返回给请求非本机应用250,如图7和8A所示。If the ID token 320 does not match one of the ID tokens 320 included in the found access record 318, the request is rejected at step 292, and the request is aborted at step 296 and returned to the requesting non-native application 250, as shown in FIG. 7 and 8A are shown.

即使在运行时,也可以从SAM 518将按需更新请求及周期性许可更新请求分发给注册的IM 223。用户可更新授权给特定非本机应用250的许可,从而使过期和错误的信息存在于SAM 518中。因此,每当需要时或者按周期性时间间隔,SAM 518向IM 223发送许可更新请求以更新ACL 312的访问记录318,从而维护正确的许可和/或ID标记。可能需要根据用户对特定非本机应用250的许可的变更将该特定非本机应用250的ID标记320添加到某些访问记录318或从其中删除。Even at runtime, on-demand update requests and periodic license update requests may be distributed from the SAM 518 to registered IMs 223. A user may update the permissions granted to a particular non-native application 250 so that outdated and erroneous information is present in the SAM 518. Accordingly, whenever needed or at periodic intervals, SAM 518 sends a permission update request to IM 223 to update access record 318 of ACL 312, thereby maintaining correct permissions and/or ID tokens. The ID token 320 of a particular non-native application 250 may need to be added to or removed from certain access records 318 in accordance with changes to the user's permissions for that particular non-native application 250 .

为了进一步简化许可判决程序,可以将诸如ID标记320、许可326等类型分类,以提高搜索IM 223(或者在SAM 518模块持有ACL时搜索SAM 518)的ACL 312的效率。例如,可以将每个本机平台服务指定给特定安全类别,每个安全类别与特定许可相关联。然后,基于安全类别而非个别本机平台服务作出许可判决。在通常情况下,安全类别的数量将明显少于本机平台服务的数量,因而减少了与确定许可判决相关的搜索时间。In order to further simplify the permission judgment procedure, types such as ID token 320 and permission 326 can be classified to improve the efficiency of searching the ACL 312 of the IM 223 (or searching the SAM 518 when the SAM 518 module holds the ACL). For example, each native platform service can be assigned to a specific security category, and each security category is associated with a specific permission. Licensing decisions are then made based on security categories rather than individual native platform services. Typically, the number of security categories will be significantly smaller than the number of native platform services, thereby reducing the search time associated with determining permission decisions.

虽然所描述的内容构成本发明的示范实施例,但应理解,可以用许多种方式修改本发明,而不脱离本发明的保护范围。例如,虽然本发明主要结合无线电信系统无线终端平台来描述,但也可以结合其它产品平台来使用。由于可以用多种方式修改本发明,应该认识到,本发明范围仅由所附权利要求书来限定。Although what has been described constitutes exemplary embodiments of the invention, it should be understood that the invention can be modified in many ways without departing from the scope of the invention. For example, although the present invention is primarily described in connection with wireless terminal platforms for wireless telecommunications systems, it can also be used in connection with other product platforms. Since the invention can be modified in many ways, it should be realized that the scope of the invention is limited only by the appended claims.

Claims (40)

1. a control is to the system of platform access, and described system comprises:
Platform, it has software services component and interface component, and described interface component has at least one interface, is used to provide the visit to described software services component, so that can install, load and move the application domain program in described platform; And
Access controller is used for control request application domain software via the visit of described at least one interface to described software services component, and described access controller comprises:
Blocking module is used to receive the request of the described software services component of described request application domain softward interview; And
Judgement entity is used to determine whether permit described request; And
Wherein,, then permit described request application domain software via the described software services component of described at least one interface accessing if permit described request,
Described software services component comprises a plurality of functional software unit that are used to provide service, and described service offers the user via described interface component.
2. the system as claimed in claim 1, it is characterized in that: described judgement entity is a security access manager, described security access manager comprises visit and admission policy.
3. described system as claimed in claim 2 is characterized in that:
Described request comprises the sign of described request application domain software; And
Described security access manager comprises the record set of approved request application domain software, is used for determining whether permit based on described sign the described request of described request application domain software.
4. system as claimed in claim 3 is characterized in that:
Described record set comprises the access control collection;
Described security access manager comprises the permission collection that is associated; And
The described permission collection that is associated is used to determine whether permit the described request that included request application domain software is concentrated in described access control.
5. system as claimed in claim 2 is characterized in that: described security access manager comprises decision cache, is used for the request record of maintenance application territory software, so that determine before whether permission decision to have been licensed to described request application domain software.
6. system as claimed in claim 2 is characterized in that:
Described security access manager has the record of request application domain software; And
Described security access manager determines whether permit described request based on the sign that is stored in the described record.
7. system as claimed in claim 2 is characterized in that: if rejecting said request then sends to described request application domain software by described blocking module with refuse information.
8. system as claimed in claim 2 is characterized in that: described application domain software comprises non-machine application domain software.
9. system as claimed in claim 8 is characterized in that: described non-machine application domain software comprises the Java application software.
10. the system as claimed in claim 1, it is characterized in that: described application domain software comprises this machine application software.
11. the system as claimed in claim 1 is characterized in that: described interface component comprises middleware services layer.
12. system as claimed in claim 2 is characterized in that: described platform comprises the platform of the portable terminal that is used for radio telecommunications system.
13. the system as claimed in claim 1 is characterized in that: described judgement entity belongs to described blocking module.
14. system as claimed in claim 13 is characterized in that:
Described request comprises the sign of described request application domain software; And
Described blocking module comprises the record set of approved request application domain software, is used for determining whether permit based on described sign the described request of described request application domain software.
15. system as claimed in claim 14, it is characterized in that: described blocking module comprises decision cache, be used to safeguard application software identifier record, so that determine before whether permission decision to have been licensed to described request application domain software by this machine platform service packet.
16. system as claimed in claim 13 is characterized in that:
Described blocking module has the record of each platform service of described platform; And
Described blocking module determines whether permit described request based on the sign that is stored in the described record.
17. system as claimed in claim 13 is characterized in that: described application domain software comprises non-machine application software.
18. system as claimed in claim 13 is characterized in that: described application domain software comprises this machine application software.
19. the system as claimed in claim 1 is characterized in that also comprising:
System's access modules; And
Wherein said system access modules is suitable for using that to be used to determine to permit by described blocking module still be that the information of rejecting said request is upgraded described blocking module.
20. system as claimed in claim 19 is characterized in that: periodically upgrade by described system access modules.
21. system as claimed in claim 19 is characterized in that: described system access modules is upgraded according to update request.
22. a control is to the method for the visit of platform with software services component and interface component, described interface component has at least one interface, be used to provide visit to described software services component, so that can install on described platform, load and move application domain software, described method comprises:
Receive the request of the described software services component of request application domain softward interview;
Determine whether permit described request; And
If the allowance described request is then permitted via the described requested software services component of described at least one interface accessing,
Described software services component comprises a plurality of functional software unit that are used to provide service, and described service offers the user via described interface component.
23. method as claimed in claim 22 is characterized in that:
Described request comprises the sign of described request application domain software; And
Possible request application domain software assembly is used to determine whether permit the described step of described request.
24. method as claimed in claim 23 is characterized in that: described set comprises:
The access control collection; And
Wherein said determining step comprises the described access control collection of visit.
25. method as claimed in claim 22 is characterized in that: described determining step comprises determines before whether once judgement to have been licensed to described request application domain software.
26. method as claimed in claim 22 is characterized in that:
Store the record of described each platform service of platform; And
Described determining step comprises based on the sign that is stored in the described record and determines whether described request is licensed to described request application domain software.
27. method as claimed in claim 22 comprises:
If rejecting said request then sends to refuse information described request application domain software.
28. method as claimed in claim 22 is characterized in that: described application domain software comprises non-machine application software.
29. method as claimed in claim 28 is characterized in that: described non-machine application domain software comprises the Java application software.
30. method as claimed in claim 22 is characterized in that: described application domain software comprises this machine application software.
31. method as claimed in claim 22 is characterized in that: described platform comprises the platform of the portable terminal that is used for radio telecommunications system.
32. method as claimed in claim 22 is characterized in that also comprising: being used to determine permit still is the lastest imformation of rejecting said request.
33., it is characterized in that: periodically repeat described step of updating as method as described in the claim 32.
34. method as claimed in claim 32 is characterized in that: carry out described step of updating according to update request.
35. a system that is used to control to the visit of the platform of the portable terminal of radio telecommunications system, described system comprises:
Platform, it has software services component and interface component, and described interface component has at least one interface, is used to provide the visit to described software services component, so that can install, load and move non-machine application software on described platform; And
Access controller is used to control described non-machine application software via the visit of described at least one interface to described software services component, and described access controller comprises:
Blocking module is used to receive the request of described non-the described software services component of machine accessible with application software; And
Judgement entity is used to determine whether permit described request; And
Wherein,, then permit described non-machine application software via the described software services component of described at least one interface accessing if permit described request,
Described software services component comprises a plurality of functional software unit that are used to provide service, and described service offers the user via described interface component.
36. system as claimed in claim 35 is characterized in that: described judgement entity belongs to described blocking module.
37. system as claimed in claim 35 is characterized in that: described judgement entity belongs to security access manager.
38. system as claimed in claim 35 is characterized in that: described at least one interface comprises middleware services layer.
39. system as claimed in claim 35 is characterized in that: described non-machine application software comprises the Java application software.
40. system as claimed in claim 35 is characterized in that: can on described platform, load, install and this machine of operation application software.
CNB038252015A 2002-09-23 2003-09-22 Security access manager in the middleware Expired - Lifetime CN100565458C (en)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
US41284402P 2002-09-23 2002-09-23
US60/412,756 2002-09-23
US60/412,844 2002-09-23
US10/666,673 2003-09-19

Publications (2)

Publication Number Publication Date
CN1802633A CN1802633A (en) 2006-07-12
CN100565458C true CN100565458C (en) 2009-12-02

Family

ID=36811839

Family Applications (1)

Application Number Title Priority Date Filing Date
CNB038252015A Expired - Lifetime CN100565458C (en) 2002-09-23 2003-09-22 Security access manager in the middleware

Country Status (1)

Country Link
CN (1) CN100565458C (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2403246A4 (en) * 2009-02-27 2012-11-07 Lg Electronics Inc Architecture of a network device for processing applications, and control method for the network device
CN101924775B (en) * 2010-09-08 2012-10-10 北京大学 Android application component transparent loading method and system

Also Published As

Publication number Publication date
CN1802633A (en) 2006-07-12

Similar Documents

Publication Publication Date Title
US7149510B2 (en) Security access manager in middleware
US7421577B2 (en) Communication device, control method of communication device, program and communication method
CN100354828C (en) Middleware services layer for platform system for mobile terminals
KR100607423B1 (en) Allocation of Device Resources to Applications Using Licenses
US7207041B2 (en) Open platform architecture for shared resource access management
JP5192118B2 (en) Platform system for mobile terminals
US7702322B1 (en) Method and system for distributing and updating software in wireless devices
KR100538659B1 (en) Application level access privilege to a storage area on a computer device
Corradi et al. Context-based access control for ubiquitous service provisioning
CN100489767C (en) Communicating device
US7818815B2 (en) Communication device
RU2339076C2 (en) Execution of non-verified programs in radio communication device
EP1462909B1 (en) A computer for managing data sharing among application programs
CN100565458C (en) Security access manager in the middleware
US20030149897A1 (en) Risk detection
US8938473B2 (en) Secure windowing for labeled containers
US11838985B2 (en) Policy-based management of embedded subscriber identity module (eSIM) profiles
JP4638505B2 (en) Safe program interpretation method in electronic devices
CN111506899A (en) Authority management method and authority management architecture of security system

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CX01 Expiry of patent term
CX01 Expiry of patent term

Granted publication date: 20091202