FIG. 1 depicts user 101-1 who is carrying wireless terminal 102-1 (e.g., a notebook computer, a mobile telephone, a personal digital assistant [PDA], etc.) in accordance with the prior art. Wireless terminal 102-1 wirelessly transmits signals to and receives signals from one or more wireless infrastructure nodes (e.g., a Code Division Multiple Access [CDMA] base station, an Institute of Electrical and Electronics Engineers [IEEE] 802.11 wireless access point, etc.). User 101-1 can move about and can enter commands into wireless terminal 102-1 via one or more input mechanisms (e.g., keypad input, pen-based input, voice input, etc.). Wireless terminal 102-1 also typically has one or more output devices (e.g., liquid-crystal display, speaker, etc.) to present content (e.g., a web page, an audio clip, output of an executed query, etc.) to user 101-1.
For the purposes of the specification and claims, a “local command” issued by a user is defined as a command that executes entirely on his or her wireless terminal and that does not involve communication with or execution on a remote device (e.g., a server, a wireless terminal other than terminal 102-1, etc.). Examples of local commands include adjusting the volume of the speaker of wireless terminal 102-1, editing information in a spreadsheet stored in disk memory in wireless terminal 102-1, playing a Chess game residing in random-access memory in wireless terminal 102-1, playing an audio clip stored on disk in wireless terminal 102-1, capturing an image with a digital camera embedded in wireless terminal 102-1, and capturing an acoustic signal with a microphone embedded in wireless terminal 102-1.
For the purposes of the specification and claims, a “request to access local content” is defined as a local command that involve accessing content stored on the user's wireless terminal (e.g., in random-access memory, in disk storage, etc.)
For the purposes of the specification and claims, a “remote command” issued by a user is a command issued through the user's wireless terminal that:
(i) executes on a remote device (e.g., a server, a wireless terminal other than terminal 102-1, etc.), or
(ii) accesses data stored at a remote device, or
(iii) transmits data to a remote device, or
(iv) performs any combination of (i), (ii), and (iii).
                Examples of remote commands include downloading a web page, issuing a query that searches a database that is stored on another device, sending an email message, and placing a telephone call. Remote commands that satisfy condition (ii) (i.e., that access data stored at a remote device) are also known as requests to access remote content.        
Some computing devices such as wireless terminals, desktop personal computers (PCs), and servers require a user to log in to the device before allowing the user to use the device. For example, when a personal computer (PC) that runs on the Windows XP or Linux operating system is powered on, the user is confronted with a log-in screen that asks for the user's username (also referred to as a screen name for Internet service providers such as AOL) and password. The user is can not proceed past the start-up screen until he or she provides a valid username and password combination.
Some computing devices provide, in addition to a log-in screen, one or more authorization mechanisms to restrict access to data, commands, or both. For example, PCs that run on the Windows XP or Linux operating system enable a data file to be associated with a particular user or group of users, thereby allowing only the associated user(s) to access the data file. In some authorization mechanisms, separate read- and write permissions can be associated with a data file, thereby partitioning users into four categories: (i) those who can read and write to the data file, (ii) those who can read the data file but cannot write to it, (iii) those who can write to the data file but cannot read it, and (iv) those who can neither read nor write to the data file. Furthermore, some authorization mechanisms enable a command (such as an executable file) to be associated with a particular user or group of users, thereby allowing only the associated user(s) to execute the command.
The mechanism for restricting who can read, write, and execute a file is a great advantage in many practical situations, but it does not provide the flexibility and appropriateness necessary for many other situations. Therefore, the need exists for innovative restriction mechanisms.