As different data processing devices, such as mobile stations, become more complex, the significance of device management becomes more pronounced. Devices require several different settings, such as settings related to Internet access points, and it is arduous and difficult for a user to set them manually. To solve this problem, device management solutions have been developed so that the administrator of a company's information system or a teleoperator can set an appropriate configuration in the device. Device management generally refers to actions by which a person not using the device can change the configuration of the device; for instance change the settings or even a protocol used by the device. In addition to device-specific settings, it is also possible to transmit user-specific data, such as user profiles, logos, ringing tones, and menus with which the user can personally modify the settings of the device, or the modification takes place automatically in connection with device management.
One of the device management standards is OMA (Open Mobile Alliance) DM (Device management), which is partly based on the SyncML (Synchronization Markup Language) protocol. For instance, a personal computer (PC) may act as a device management server in a device management protocol, and a mobile station as a device management client. The items managed in the device management client are arranged as management objects. The management objects are entities that can be managed by server management commands in the device management client. The management object can for instance be a number or a large entity, such as a background image or a screensaver. In OMA device management, the management objects are arranged in a management tree.
Some typical manageable items comprise operator specific connection settings, for instance GPRS (General Packet Radio Service) connection settings. By OMA DM procedures, these operator specific sets of settings, which may also be referred to as configurations, in a user terminal device can be maintained by an operator controlled management server. For instance, WAP (Wireless Application Protocol) settings for using WAP services of a service provider may be provisioned as a configuration context for the terminal device.
Some managed items may comprise user specific and controlled information, such as screen savers and ringing tones. Further, the device may be used for accessing a corporate information system, for instance a file system, intranet pages and an e-mail system therein. For this purpose the device needs to comprise one or more configurations for arranging access to these corporate information system services. For security purposes it is desirable for corporate IT personnel to be able to control these settings. Therefore, a device may comprise multiple configurations from different managing parties and it should be possible to enable access to a specific configuration only for an authorized management party. In accordance with the OMA DM protocol, specified in OMA specification “SyncML Device Management Protocol”, version 1.1.2, 12 Dec. 2003, 41 pages, in the set-up phase of a management session, a management server is authenticated on the basis of credentials received from the management server. Further, as illustrated in OMA specification “SyncML Management Tree and Description”, version 1.1.2, 2 Dec. 2003, 44 pages, a node of a management tree may be specified by an access control list (ACL) comprising a list of identifiers and access rights associated with each identifier. As described in Chapter 7.7.1, the access rights granted by ACL define management server identifiers authorized to get, add, replace, and/or remove a node. Thus, different access rights may be given to various device management servers, and device management commands from non-entitled management servers are not performed on the management tree. However, besides a capability to control access of management servers to nodes of a management tree, a general need further exists to limit the use of the configurations in the device. For instance, companies wish to control terminals used for accessing company IT services in a better way in order to protect corporate data and services.