The present invention relates to a mechanism to provide administrative privileges to an entity that is designated by the owner of a mobile communications device.
With numerous mobile communications devices being interconnected over a telecommunications network, a certificate approach for administrative verification may become advantageous rather than the conventional user name and password verification for network administration responsibilities. With mobile communications devices having become programmable with the adoption of third generation 3G digital cellular products, a differentiation may be established in the communications devices as between subsidized and owner controlled telephones which may be defined in accordance with the use of exchangeable Subscriber Identity Module (SIM) cards to establish the user privileges associated with the device based on owner and user status. Third party certificates may then be used to designate privileges for administrative responsibilities in the programming of the device. Accordingly, a new process is desired for determining the administrative privileges in mobile communications devices such as wireless cellular telephones, pagers, portable computers, and the like which are connectable to a telecommunications network.
Applications in the Trusted Third Party (TTP) domain are signed with a key that can be verified back to a trusted root certificate on a Mobile station application Execution Environment (MExE) device. The trusted root certificates may be managed (e.g., addition/deletion/mark trusted/mark untrusted/change fine grained access privileges) by an administrative entity that is designated by the owner of the device using a MExE administrator provisioning mechanism. It would be desirable to provide a mechanism to enable the owner of the device to dynamically assign administrator(s). Moreover, in the case of a remote administrator being the owner, a secure client-server mechanism would be desirable to manage the TTP domain. The owner of the mobile communications device could be the user, the operator, the service provider, and/or a third party. The mechanism should at least provide for the three (3) fundamental cases, i.e., the user is the owner; the owner is at a remote location, in which case the owner could be the operator, a service provider, or a third party; and the owner of the Universal Subscriber Identity Module (USIM) wants to be a temporary administrator.
The administrator of mobile communications devices may thus be determined by a logical provisioned mechanism which looks for an administrator root certificate stored on a mobile equipment (ME) entity. Accordingly, if the certificate is absent, then the user automatically becomes the administrator of the device. If an administrator root certificate is present, this certificate may be used for all remote administration authentication such that the owner of the administrator certificate becomes the administrator. The mechanism may be initiated after a power-up event is processed or when a USIM insert event is received. The power-up event is an abstract event that is caused when mobile communications device is cold started. The SIM-insert event is an event that is caused when the SIM is inserted into the device. The LeSIM modules used in the Global System for Mobile Communication (GSM) mobile cellular system are legacy GSM SIM cards. SIMs as discussed herein may correspond to a Universal Subscriber Identity Module (USIM) or any subscriber identity module that is not a legacy SIM, the current generation GSM subscriber identity module.
The administrator of the device is the entity who has the control of the third party trusted domain, and all resources associated with the domain. Domains comprise a group of entities who share a common root key for digital certificates and other security mechanisms. The administrator of the device could be the user, the operator, the service provider, or the third party as designated by the owner of the device. If the administrator is the user of the mobile communications device, then a method for designating administrative responsibilities may then check to see if there is a USIM. If a USIM is present, then the certificate can be checked. The format may be defined to allow the MExE device to determine whether the owner of the certificate wants to be a TTP certificate present (CP-TTP), certificate present but wants to be a temporary administrator (CP-Admin), or else certificate not present (CNP). If the certificate indicates a temporary administrator, the user may be queried to allow the certificate on the USIM to take temporary control of the trusted third party domain. If the certificate indicates a TTP, the user may be queried to allow or disallow the certificate as a trusted third party. However, if a certificate is not present on the USIM and the administrator is the user, or if the certificate is disallowed, then the user remains as the administrator.
Accordingly, a mechanism is desired for designating administrative responsibilities of a telecommunications network to provide administrative privileges to entities that may be designated and controlled by the owner of the mobile communications devices, which may be provided through the use of certificates identifying trusted parties in the designation of such administrative responsibilities.