TW200522631A - Mobility device platform - Google Patents

Abstract

A mobility device platform allowing for secure mobile computing is provided. In an illustrative implementation, an exemplary mobility device platform comprises a mobility device operable to communicate with at least one computing environment through a communications interface and wherein the mobility device is operable to process and store secure web services, a communications network operable to communicate data and computing applications using web services, and a mobility device management server operable to generate, process, store, communicate and encrypt web services to the mobility device. Further, the mobility device management server is operable to perform one or more mobility device management functions to provide encryption keys to cooperating mobility devices and to authenticate and verify cooperating mobility devices requesting web services from the mobility device management server. The mobility device management server and mobility device may further operate to perform authentication and verification using user identification and password information.

Description

200522631 IX. Description of the Invention: Claiming priority and cross-referencing This patent application claims the following US provisional patent application rights: September 29, 2003 Filed 60 / 507,197 named "GO-KEY SYSTEM"; 2003 No. 60 / 506,918 named "GO-KEY ONLINE MUSIC SUBSCRIPTION AND DISTRIBUTION APPLICATION AND SERVICE" on September 29, 2009; No. 60 / 506,919 named "GO-KEY E-MAIL APPLICATION AND" on September 29, 2003 SERVICE "; on September 29, 2003, the number 60 / 506,925 was named" GO-KEY MOBILE DESKTOP ENVIRONMENT "; on January 22, 2004, the number 60 / 543,735 was named" 乂 01 ^ "; January 2004 22 said "OMNI FILE SYSTEM (OFS)" under 60 / 538,763; "UDDI DIRECTORY" under 60 / 538,915 on January 22, 2004; and 60 / 538,767 on January 22, 2004 Named "UDDI REPOSITORY", their patent applications are incorporated herein by reference. In addition, this patent application is related to the following patent applications and cross-referenced, and their patent applications are incorporated herein by reference: No. 10 / 836,934 filed on April 30, 2004, entitled " MOBILITY DEVICE SERVER "(agent file number 45597/196321); and on April 30, 2004, filed 10 / 836,933 under the name" MOBILITY DEVICE "(agent file number: 45597/196314). [Technical field to which the invention belongs] The systems and methods described herein are related to mobile computer operating technology, and most importantly, are related to a type of remote server that allows the use of mobile devices, communication networks and mobile 96374.doc 200522631 device servers. Mobile devices for mobile computer operations [Prior technology], [°] Businesses and individuals-More and more, mobile capabilities are required as part of the net production of their computers. For businesses, the ability to act allows people in each geographical location to enable them to better serve their customers. For example, a large pharmaceutical company would deploy "on-site" close to a future customer (eg, a doctor) = Thai staff in this month's view "'on-site' personnel would want to access confidential sales and markets through a secure connection Information and computer applications. Use current schemes' At the end of the working day, these people usually continue to perform “combined, step-by-step” complicated work through a secure computer network connection (for example, a virtual private network) ° 'Persons seek the mobility of their computer environment in order to be able to easily access their data and computers. Most importantly, they must continue to be "connected" during Internet communications. In response to the needs of mobile computer operations, computer environment manufacturers have developed mobile private operating technologies (eg, standalone, networked, and / or embedded) that allow people to use their computer environment at any time. These mobile devices are designed to allow users to "carry" their slots and applications at any time. Although these devices have improved mobility, they tend to have limited efficiency due to their appearance, processing power, and portability. Due to their limitations, users usually bring "Santco computers" to ensure that they have all the necessary files and computers ". The implementation of such solutions is calculated by the computer operating system (computing) itself5 The premise is to use "device-centric" computer operations. 96374.doc 200522631 ^ 'Calling 彳 卜 示 7 私 顺 1 史 用 f' Although the file can be accessed remotely and securely through the 通 端 通 # application (for example, a virtual private network), it will still carry Large and heavy computer operating equipment to retrieve its data and computer applications. Most importantly, with device-centric computer operations, users will generally be equipped with a device (such as a company personal computer or laptop) based on the needs of the enterprise's computer operations. Used-or multiple computer nuclear environments. In the process of maintaining multiple computer environments, computer users are responsible for synchronizing the preference settings and settings of many different computer environments. This is an extremely rigorous task and is often frustrated by computer users' inability to access the required data and / or computer applications between different computer environments. For example, 'computer users will want to obtain their own financial planners' information from their own financial planning management computer applications (for example, Microsoft Money) at any time in order to process possible payments (such as 'expired' Bill). With current solutions, computers use financial planning and management computer applications and data on the "brain environment (including company computers, which may violate corporate electricity policies and private order), so that the required information can be accessed. In contrast, businesses Would like to be efficient and upright: P terminates all dismissed employees ’access to confidential company data. Current implementations based on device-centric computer operations will require employees to return their computer environment (such as' knee Computer, personal computer, line.s or personal digital assistant). In addition, the use of company data will be restricted to 96374.doc 200522631 by terminating the company user directory information of the firing worker. 'Collecting such devices and discontinuing access requires a period of time. This period of time will cause the employee to copy the broadcast from the corporate computer environment for future use. In this case, according to the current implementation, it may be leaked Confidential enterprise information. As can be seen from the foregoing, it is necessary to overcome the shortcomings of the current implementation. [Summary of the Invention] The present invention A mobile device platform that protects the security of mobile computer operations. In one example implementation, an exemplary electronic device includes a mobile device operable to communicate with at least one computer environment through a communication interface, and wherein the Mobile devices can operate to process and store secure Web services; a communication network can operate to use Web services to communicate data and computer applications; and a mobile device management server that can operate to generate, process, and store And encrypting web services on the mobile device. ^ External: The mobile device management server is operable to perform one or more actions, provide cryptographic records to cooperating mobile devices, and authenticate Asia Confirm a cooperative action to request service from the mobile device management server. The side mobile device management server and the mobile device may further operate to perform authentication and confirmation using user identification and password information. During operation, The exemplary mobile device is configured to be used on a cooperative electronic device. Additionally, the operation Establish communication with one or more mobile device management servers of the cooperation, and attempt to be authenticated by the cooperation or mobile device management server using the selected authentication and confirmation information. After identification and confirmation, one or more of these collaborations act. The device management server uses web services to process data and computer application requirements from the cooperative example 96374.doc 200522631. One or more: A mobile device management server uses the exemplary selected authentication and confirmation data λ (e.g., Yu Yu) to encrypt the web service to allow management from one or more mobile devices of such cooperation The device and the exemplary mobile device securely communicate the required data and computer applications. Wang / Mountain will introduce further features of the system and method described in the text. 0 [Embodiment] Overview: The described system and Methods: Take the "user-centric" approach for computer and mobile computer operations. Current computer operations (business or personal) are generally designed to use a “device-centric” model. With the device "", the Chinese style is used to manage and track users based on device assignments and designations. For example, in the context of enterprise computer operations, the enterprise computer environment may include a two-server server environment and many client computer environments. -In general, every user in the industry has a client computer environment (for example, a personal computer or laptop) '-typically the client computer environment is connected to the server via a network through a corporate communication interface Computer environment, or if the user is away from the corporate communication network, the client computer environment is connected to the corporate communication network through a virtual private network (IP). It is also known that in the enterprise computer environment, user identification information and password information will be provided through a directory service structure used to establish user rights and permissions "the association between a certain industry and computer applications". With this type of corporate computer environment, users are usually only allowed to use their own 96374.doc -10- 200522631 preferences; t and various settings are customized to the computer environment provided, so that if users roam across the network and log in to non- Your own computer environment, you ca n’t access your own custom preferences and settings ^. This problem usually occurs for business users who want to maintain a balance between their business computer environment and their personal computers Synchronization of preferences and settings between environments (e.g., a computer at home); t (e.g., browser bookmarks, desktop appearance and operation, color schemes, application layout, and directory structure of files), which are usually synchronized Need to perform manual synchronization. In addition, using the existing enterprise computer environment to manage many client computer environments has become a heavy workload. The company's information technology department employs dozens of people (rather than hundreds) to support many users and their computer environments. In addition to merely conducting interim management, it also proposes corporate data integrity and women's comprehensive use of devices. It is a centralized computer operation model. In this context, corporate computer users usually need to decide to copy and contain confidential corporate data. Since preventing users from unauthorized copying of corporate files and data is a heavy task, most of them Companies ignore this work. The limitations of existing implementations for companies and individuals can be extremely costly. The systems and methods described in this article are designed to provide a mobile device platform (MDP) designed using a "user-centric" model ) To improve the shortcomings of existing implementations. In one exemplary implementation, the mobile device platform includes at least one mobile device (MD), and the mobile device is operable to communicate via a communication interface (eg, Universal Serial Port (USB), IEEE 1394 communication interface (Firewire), 802 · XX communication interface, bluetooth communication interface, personal computer interface, small computer serial interface and wireless application protocol (WAP) communication interface 96374.doc -11-200522631 interface) to cooperate with one or more computer environments ( Such as personal computers, personal digital assistants, mobile phones, networked computers, and other computer environments). In addition, the mobile device platform includes one or more mobile device management servers (MDMS). The mobile device management server is operated to authenticate, confirm, and provide user management for the cooperative mobile device and its users. In operation, the mobile device can cooperate with one or more computer environments for invoking—or multiple work environments—to handle web services. These Web services can be executed from data and computer applications located locally in the MD, or the MD can collaborate with one or more MDMSs to obtain the required Web services. The MDMS is operable to authenticate the requesting MD, thereby ensuring that the requesting MD has the rights and authority regarding the requested Web service. In addition, the MDMS can collaborate with third-party web service providers to obtain the required web services. In this context, the MDMS can take actions to translate a format from a non-MD native Web service into a native MD Web service. When the Web service is transmitted from the MDMS to multiple cooperating MDs, both the MDMS and the MD use user and device authentication and confirmation information for 1028-bit and / or 2056-bit encryption (for example, PKI encryption). The web services provided by the MDMS to the MD may include, but are not limited to, computer applications and required data. In addition, the MD can operate to store the user's custom settings and preferences in the local machine of the MD, so that the user can obtain the custom settings and preferences at any time. Using the mobile device platform in this way, users can work in any number of collaborative computer environments, as long as the user is confident that they can access their custom settings and preferences in a collaborative computer environment, the most important 96374. doc • 12- 200522631 Yes, secure access to your computer applications and files (for example, provided as a web service).

Web services: Services (commonly known as web services or application services) provided over communication networks such as the Internet are growing. Similarly, the technologies that facilitate such services are growing. Web services can be defined as any source of information that is used to execute a business logic program that is conveniently packaged based on the application used by the user. Web services growth means that Web services can be leveraged on the network to provide functionality. Web services often include a combination of programming and data that enables users and other network-connected applications to obtain Web services from an application server. The scope of web services covers services such as storage management and customer relationship management, and extends downwards to more limited services such as providing instant stock quotes and checking bid prices for auction items. Actions focused on defining and standardizing the use of Web services include the development of Web Services Description Language (WSDL). WSDL is an Extensible Markup Language (XML) format used to describe a Web service as a set of end points for processing messages containing document-oriented or process-oriented information. Operations and messages are described in an abstract way, and then bound to concrete network protocols and message formats that define end points. Related concrete end points are combined into abstract end points (services). At present, the widely advocated web service usage model is as follows: (1) The service is implemented and deployed on a site (usually called the server side).

(2) Services are described using WSDL and issued through means such as UDDI 96374.doc -13- 200522631 (Universal Description, Discovery, and Integration; Universal Description, Exploration and Integration), etc. UDDI is a kind of global enterprise XML-based registry, which is included on the Internet according to the Web services provided. (3) The client application uses Web services at other sites (commonly referred to as the client side) by first interpreting one or more WSDL files. After interpretation, the client can understand the characteristics of related services. For example, 'service characteristics may include service API specifications, such as ... (a) input data type changes; (b) service input data format; (c) service access mechanisms or styles (eg,' RPC vs. messaging service); and (D) Related coding formats. (4) The client application prepares the data in a way that various web services understand. (5) The client application invokes the service in the manner specified by the specific service (for example, the manner specified in the relevant WSDL file). The input data format and invocation method of various Web services are different. For example, suppose an application service provider provides a service (getCityWeather) that requires a single input parameter such as a custom city name (for example, 'Salt Lake City's custom city name is SLC). A client application that is expected to call such services must be written so that the data in the application or the output data can be analyzed to extract city information. During execution, the prepared symbols are transferred to the getCity Weather service site using the appropriate API. However, suppose other application service providers provide similar services but require two input parameters, such as city name and postal code. Because 96374.doc • 14 · 200522631 Therefore, if a client application is expected to call their two services, the required service input parameters must be considered to properly analyze and retrieve their data. Therefore, if a single application is expected to call both of these services, the application must be hard-coded with service-specific API information and procedures. In addition, if a single application is expected to call many services, the application must be hard-coded with API information and procedures related to each and all services that the application is expected to call. As mentioned above, various Web services can provide similar functions, but in different ways. The system and method described herein aims to improve such differences by providing a mobile device platform with a mobile device management server. The mobile device management server includes, among other items, a Web service translation module, the Web The service translation module operates to accept data from a Web service provider, and provides the Web service to a collaborative mobile device as a Web service model prototype. Overview of Simple Object Access Protocol (SOAP): Simple Object Access Protocol (SOAP) is a lightweight XML-based communication protocol used to exchange information in a decentralized, decentralized environment . SOAP supports different styles of information exchange, including: Remote Procedure Call (RPC) style, which allows request-response processing, and one of the end points receives a procedure oriented message, And reply a correlated response message (correlated response message). Message-oriented information 96374.doc -15- 200522631 exchange, which supports organizations and applications that need to exchange business or other types of documents, which sends a message, but the sender does not expect or wait for a Respond immediately. Generally speaking, a SOAP message consists of a SOAP envelope (which encapsulates two data structures: a SOAP header and a SOAP body) and information about a namespace (used to define a SOAP message). The header is optional; if a header is present, the header carries information about the requirements defined in the SOAP body. For example, the header may contain transaction, security, content, or user profile information. The subject contains a Web service request or response to the request in XML format. The following diagram shows the high-level structure of a SOAP message. When SOAP messages are used to carry Web service requests and responses, SOAP messages can follow the web services definition language (WSDL) that defines the available web services. WSDL can define the SOAP messages used to access web services, Protocols that can be used to exchange SOAP messages and Internet locations that can access web services. WSDL descriptors can reside in UDDI or other directory services, and can also be configured or otherwise (for example, SO AP requirements In the body of the response) to provide the WSDL description item. There is a SOAP specification (for example, w3 SOAP specification, for more information, please visit www.w3.org) to provide the standard encoding method of the request and response. The specification uses XML structure description (XML Schema) to describe the structure and data type of the message payload. The SOAP usage methods applicable to the messages and responses of Web services are: 96374.doc -16- 200522631 The use of SOAP clients follows the SOAP specification and contains services The required XML file. The SOAP client sends the file to a SOAP server and the SOAP servlet running on the server Used (e.g., HTTP or HTTPS) to process the file.

The Web service receives the SOAP message and dispatches the message as a service invocation to an application program for providing the requested service. Using the SOAP protocol again, a response from the service is returned to the SOAP server, and the message is returned to the original SOAP client. Obviously, although SOAP is described in this article as a communication protocol applicable to the systems and methods described in this article, this description is only an example. The systems and methods described in this article can use various communication protocols and messaging standards. Exemplary Computer Environment FIG. 1 illustrates an exemplary computer system 100 in accordance with the systems and methods described herein. The computer system 100 can execute various operating systems 180 and computer applications 180 '(e.g., web browsers and mobile desktop environments) that can operate on the operating system 180. The exemplary computer system 100 is primarily controlled by computer-readable instructions, which may be in the form of software, where and how to store and access such software. Such software may be executed within a central processing unit (CPU) 110, thereby causing the data processing system 100 to operate. In many known computer servers, a microelectronic chip CPU called a microprocessor is used to implement 96374.doc -17- 200522631 workstations and personal computers. + Nn s .. Early Wu 110. The sub-processor 115 is an optional processor different from the main CPU 110 for performing additional functions or assisting the CPU 11G. The CPU UG can be connected to the sub processor 115 through the interconnect 112. A common type of sub-processor is the floating-point arithmetic sub-processor, also known as Π 0 to perform numerical calculations faster

It is a numerical or mathematical sub-processing 11, which is designed to be obvious with a general-purpose CPU. Although the exemplary computer environment shown in the figure includes a single CPU 11G ', this description is only an example. The computer environment i⑼ can include multiple CPUs. 110. In addition, the computer environment 100 can also utilize the resources of the remote station (not shown) through the communication network 160 or other data communication components (not shown). First, during operation, the CPU 110 fetches, decodes, and executes the instructions, and transmits and transmits the source information of Beiyuan through the computer's main data transmission path (system bus 105). This system bus connects the components in the computer environment and defines the data exchange medium. The system bus 105 generally includes a data line for transmitting data, an address line for transmitting addresses, and a control line for transmitting interrupts and for operating the system bus. An example of such a system bus is a PCI (Peripheral Component Interconnect) bus. Some of today's advanced buses provide a feature called bus arbitration for managing expansion card, controller, and CPU 110 access to the bus. The devices attached to their buses and the arbitration taking over the buses are called bus masters. Supporting the bus master also allows the multi-processor configuration of their buses to be created by attaching a bus master card containing a processor and supporting chips. The memory devices coupled to the system bus 105 include a random access memory 96374.doc -18- 200522631 body (RAM) 125 and a read-only memory (ROM) 130. This type of memory contains circuitry that allows storage and retrieval of information. ROM 130 usually contains stored data that cannot be modified. The CPU 110 or other hardware device can read or change the data stored in the RAM 125. Access to the RAM 125 and / or ROM 130 may be controlled by the memory controller 120. The memory controller 120 may provide an address translation function for translating a virtual address into a physical address executed by a command. The memory controller 120 may further provide a memory protection function for isolating the processing sequence in the system and isolating the system process (SyStern process) and the user process (user process). Therefore, in the execution mode, the execution program can usually only access the memory mapped from the virtual address space of the process; it cannot access the memory in the virtual address space of other processes unless the Memory sharing. In addition, the computer system 100 may include a peripheral device controller 35, and the peripheral device controller 135 is responsible for transmitting instructions from the CPU 110 to the peripheral device, such as the printer 1 140, the keyboard 145, the mouse 150, and the data storage device. 155. The purpose of the display 165 (controlled by the display controller 163) is to display the visible output generated by the computer system and the first 100. Such visible output can include text, graphics, animation, and video. CRT-type video displays, LCD-type flat-panels: displays, gas-plasma-type flat-panel displays, touch panels, or other displays can be used as the display 165. The display controller 163 includes electronic components necessary to generate a video signal to be transmitted to the display 165. In addition, the computer system 100 can also include a network card 17o, which connects the electrical system 100 to an external communication network 6o. The communication network 160 provides a way for computer users to communicate and transmit software and information electronically. 96374.doc • 19- 200522631. In addition, the communication network 160 can also provide decentralized processing, which involves several computers, and will share the workload or collaboration during the execution of the work. It should be understood that the network connection shown is an exemplary network connection, and other devices may be used to establish a communication connection between the computers. It should be understood that the exemplary computer system 100 is merely an exemplary computer environment suitable for the operation of the systems and methods described herein, rather than limiting the implementation of the systems and methods described herein in a computer environment with different components and configurations. The inventive concepts described herein can be implemented in a variety of computer environments of components and configurations. As mentioned above, the computer system 100 can be deployed as part of the computer network. Generally speaking, the content of the computer environment described above applies to server computers and client computers deployed in road environments. FIG. 2 illustrates an exemplary network-connected computer ring 200 ′ that can use the systems and methods described herein. It has a server that communicates with a client computer via a communication network. As shown in FIG. 2, the server 2 Communication network (may be a fixed line; wireless LAN, WAN, intranet administration, 々kA · bucket P, · Kushiro external network, peer-to-peer network, Internet or other universal banking | 罔It is connected to several client computer environments, such as tablet personal computer 21 () Ding Dianhao 215, telephone 220, 4 computer 100 and personal digital assistant 225. Ancient soil π 彡-山 = Another article in this article "The system stone method described above can be communicated through the communication network 16 盥 不 不 不 牡 + + ^ ^ soap electricity fine iridium environment (not shown in the figure), ^ fee f Health electronic clothing computer sales ^ Yi Xiong (not shown in the picture) and the building computer environment (Figure _ Weige + person control of the day 9 control), for example, in the communication network 16 is Internet 96374. doc -20- 200522631 In the network environment of the network, the server 205 may be a dedicated computer environment server that operates to process Web services and communicates via any number of known communication protocols (such as 'hypertext transfer communication' Protocol (Hypertext Transfer Protocol; HTTP), File Transfer Protocol (File Transfer pr0t〇c01; FTP), Simple Object Access Protocol (SiAP) or Wireless AppHcati 〇n protocol, WAP)) 'Incoming and outgoing Web services to and from client computer environments 100, 210, 215, 220, and 225. Each client computer environment, 210, 215, 220, and 225 can also be equipped with a browser operation System 18〇 (which can operate to support e.g. the Web Browser (not shown) or one or more computer applications) 'or equipped with a mobile desktop environment (to obtain access to the server computer environment 205). During operation, users (not shown in the figure) ) Computer applications that can interact with the client computer environment to obtain the required data and / or computer applications. The data and / or computer applications can be stored on the feeder computer environment 205 and are exemplified The communication network 160 is communicated to users cooperating through the client computer environments 100, 210, 215, 220, and 225. Participant users will use Web services transactions to request access to the fully or partially loaded locator computer environment 205 Specific data and applications. These web service transactions can be communicated between the client computer environment 100, 210, 215, 220, and 225 and the temple server computer environment for processing and storage. The server computer environment 205 can be loaded with computer applications Programs, processes, and applets, which are used to generate, identify, and communicate web services, and can interact with other server computer environments (not shown in the figure) Third-party 96374.doc • 21-200522631 service provider (not shown), network attached storage device (netw〇 辻 attached storage; NAS) and storage area network (st〇rage red㈡ network; SAN) collaboration to enable their web services transactions. Therefore, in a computer network environment having a client computer environment for accessing or interacting with the network and a server computer environment for interacting with users' expectations, the systems and methods described herein can be utilized . However, systems and methods for providing mobile device platforms can be implemented using a variety of network architectures and should not be limited to the examples shown. This exemplary implementation will now be referenced to explain the systems and methods described herein in detail. Collaboration of Mobile Device Platform Components: Figure 3 illustrates an exemplary interaction between components of an exemplary mobile device platform. Generally speaking, as shown in FIG. 3, the exemplary mobile device platform 300 (in short) may include an exemplary mobile device 3 10, which uses an operation based on a selected communication protocol (not shown in the figure). The communication interface 305 comes to cooperate with the client computer environment 100. In addition, the exemplary mobile device platform 300 may further include a communication network 160 (shown in FIG. 1) and a server computer environment 2005. During operation, the mobile device can cooperate with the client computer environment 100 through a communication interface in order to execute a plurality of computer applications 180 derived from the mobile device 3 1 0, and can be displayed on the client computer Environment 100 for user interaction. Telematics application 180 'may include, but is not limited to, a browser application, a word processing application, a spreadsheet, a database application, a web service application, and a user for providing the appearance and operation of a conventional operating system Management / Preferences application. In addition, the mobile device 310 may use the client computer environment 100 to cooperate with the 96374.doc -22- 200522631 server computer environment 205 via the communication network 160 in order to obtain data in the form of Web services and / or computer applications. FIG. 4 illustrates interactions between components of an exemplary mobile device platform 400. As shown in FIG. 4, an exemplary mobile device platform 400 includes a mobile device (MD) 405, a computer environment 410, a communication network 435, a mobile device management server (MDMS) 420, and a third-party web service provider 440. In addition, as further shown in the MD resolution diagram, the MD 405 further includes a processing unit (PU), operating system (OS), storage memory (RAM / ROM), and an MD communication / interface. Moreover, the MDMS 420 further includes a translation engine 425, a web service 430, and an encryption engine 445. In operation, the MD 405 uses one or more MD components PU, OS, RAM / ROM and MD communication interfaces to communicate with the computer environment 415 through the MD / computer environment communication interface 410. When communicating with the computer environment 415, the MD 405 can launch one or more computer applications (not shown in the figure), which may include (but is not limited to) a mobile desktop environment as a configuration part, user customization and authentication Recognized administrator and web services applications. After the configuration has been set, the MD 405 can further cooperate with the computer environment 415 to process one or more web services (eg, web service data and / or computer applications). In this context, the MD 405 may use the communication network 435 to request the cooperating MDMS 420 for web service data and / or computer applications in order to process their web services. In this case, the MDMS 420 can operate to authenticate the MD 405, thereby ensuring that participant users (not shown) and the mobile device 405 have the correct permissions for the requested data and / or computer applications. This type of authentication procedure can also be used as one or more security peripherals as part of user authentication. 96374.doc -23- 200522631 including (but not limited to) biometric security peripherals (not shown in the figure) Retina scanning security peripherals (not shown) and security speech recognition peripherals (not shown). If properly authenticated, the MDMS 420 may further operate to find the requested data and / or computer applications locally on the MDMS 420 and to communicate their requested data and / or computer applications via the communication network 435 ( For example, a web service) is provided to the authenticated MD 405, or the MDMS 420 may operate to cooperate with a third party service provider 440 to obtain a web service to be communicated to the authenticated MD 405. When working with a third-party web service provider 440, the MDMS 420 is operable to use a translation engine 425 to translate web services 430 originating from the third-party web service provider 440 into an MD native format. In addition, the MDMS 420 is operable to use the encryption engine 445 to encrypt the requested Web service while satisfying the Web service requirements from the authenticated MD 405. In addition, the MDMS 420 can further operate to cooperate with a file system (not shown) using a selected encryption protocol (e.g., PKI encryption) to obtain a Web service to be communicated to the MD 405. The cooperative file system may include (but is not limited to) a file allocation table (FAT) file system and a new technology files system (NTFS). Figure 5 shows another example of an exemplary mobile device platform. An example implementation. As shown in the figure, an exemplary mobile device platform 500 includes MD 505 'MD 505 through MD / Computer Environment Communication Interface 5 10 and a plurality of computer environments (Computer Environment', eight "515, computer environment%" 525, until the computer environment " ^ 520) Association 96374.doc -24- 200522631. In addition, the mobile device platform 500 further includes a communication network 530, a third-party web service provider 585, a Java virtual machine (JVM) simulator and provider, a plurality of MDMS ( MDMS "A" 535 processes Web service 540, MDMS "B," processes Web service 550 until MDMS ,, N, '555 processes Web service 560). In addition, as shown by a dashed line, in another exemplary implementation, the mobile device platform 500 may further include: an MDMS nCn communication network 570 and a firewall 565 that process the Web service 580. In one example operation, a mobile device 505 that cooperates with one or more computer environments 5 1 5, 5 2 5 to 520 can handle browsing and controlling Web services on computer environments 515, 525 through 520. In this context, the MD 505 may request the web services 540, 550, or 560 to the cooperative MDMS 535, MDMS 545, and MDMS 555 via the communication network 530. In this case, any of the MDMS 535, MDMS 545 through MDMS 555 operates to authenticate the requester MD 505, thereby ensuring that the MD 505 has the rights, usage rights and permissions regarding the requested web service. After successful authentication and confirmation, MDMS 535, MDMS 545 through MDMS 555 are operational to process MD 505 requests and provide the requested web services. MDMS 535, MDMS 545 through MDMS 555 may further operate to translate the required web services (if necessary, for example, the web services are derived from a third-party web service provider 585) into the MD 505 native web service format. In addition, MDMS 535, MDMS 545 through MDMS 555 are operable to use authentication and confirmation information to encrypt the requested Web service to ensure that the requested Web service is communicated through the communication network 530 in a secure manner. In addition, the mobile device platform 500 is operable to obtain previous versions of data and / or computer applications by using a Java virtual machine 96374.doc -25- 200522631. In this context, the MD 505 can cooperate with the dynamic JVM simulator and provider (though not shown in the figure, but can form part of one or more of the MDMS 53 5, 545 through 555) to forward the system 590 Request data and / or computer applications. The dynamic JVM simulator and provider 595 is operable to cooperate with the previous version system 590 to obtain the previous version data and / or computer applications required by the requester MD 505. In this context, the dynamic JVM simulator and provider can generate one or more java virtual machines to run on the previous version of the system to provide the required data and / or computer applications to the MD 505 as a web service . Furthermore, similar to the operation mode of MDMS, the dynamic JVM simulator and provider can authenticate MD 505 before obtaining the required information. The mobile device platform 500 allows the mobile device 505 to use multiple work environments. In other words, a single mobile device 505 may operate to support several "personalities" of multiple participant users. For example, a participant user (not shown in the figure) may choose to use the same mobile device for common use and multi-person use. In this context, mobile devices can operate to provide multiple "working environments" within the mobile device, prompting the use of user / device authentication and confirmation information for the group to manage each working environment. According to this, when a participant user (not shown in the figure) wants to retrieve information from his company network (for example, assuming that MDMS "A" 535 is a company server), he can use the participation Company user authentication and identification information of the other user to log in to the MD 505 and start the first working environment (not shown in the figure). The company's MDMS (for example, for the purpose of this illustration, the company's MDMS is MDMS 535) performs authentication based on the user's company user authentication and confirmation information to those who use 96374.doc -26- 200522631, and if authenticated Authentication, the MD 505's Web service request can be processed via a communication network 53 (for example, 'for the purpose of this illustration, the communication network 530 is a corporate LAN). As the company MDMS, ΑΠ 535 has used the company user authentication and confirmation information of the party user to authenticate the party user, thus ensuring that the data and / or computer applications provided to the MD 505 in this case The program will be communicated in a secure manner to the users of the parties who have been properly identified. Similarly, if a participant user (not shown in the figure) wants to access the game Web service provider (eg, MDMS, C, 5 80) from his company's electronic environment, then the participant user You can switch to "Personal" by starting the second working environment (not shown) on the md 505. Users can call the game work environment by logging out of their company work environment and using their game user id and password (for example, user identification and confirmation information) to log in to the game work environment. In this context, participant users can access MDMS ”C ,, 575 through daisy-chain. The method is to access MDMS " A” 535 through communication network 530, then through company firewall 565 and externally. Communication network (for example, the Internet) to access the gaming industry service MDMS "C" 580. In this way, the participant user can use a single _MD with multiple working environments. Users identify and confirm information in a secure manner to fulfill their company and personal computer operating needs. As can be seen from the foregoing, the mobile device platform 500 operates in a manner that enables a single mobile device to interact with multiple heterogeneous computer environments. Cooperating computers Examples of the environment include (but are not limited to) a stand-alone computer environment, a network continuous computer 96374.doc -27- 200522631% and an embedded computer environment. In the context of an embedded computer environment, this article can be used System and method to allow interaction with embedded car computer environment for self-driving. Ding car driving and comfort settings (for example, mobile devices can be The user's driving and comfort settings enable the mobile device to cooperate with the embedded car computer environment according to a selected communication interface and protocol when the participating users are traveling, so as to set the car's settings based on the stored settings Driving and comfort settings). Similarly, in the context of an embedded steamed bun computer environment, mobile devices can operate to facilitate the capture of multimedia from a variety of locations. In this illustration, the digital Rights and licenses, and through a selected communication interface protocol (such as 'Wireless Internet Protocol') to obtain agreement with one or more consumer electronics devices with embedded computer environment. Stored multimedia. In other words, multiple MP3 songs have been stored in a functional receiver, and Mp3 songs can be retrieved through an external communication network (eg, the Internet). Limited to digital rights management and / or use only To access these songs. Accordingly, the exemplary mobile device platform 500 can operate to provide participants with Users access these songs in a way that communicates rights and authorizes to cooperative MP3 capable receivers through a web service application. Eight is obvious, although the mobile device platform 500 shown in the figure It has a specific group and can operate on various components, but this description is merely an illustration, and the systems and methods described herein including the exemplary mobile device platform 500 can be implemented through various alternative configurations and components. Figure 6 illustrates When configuring the group of exemplary mobile device platform 400 shown in FIG. 96374.doc -28- 200522631

From step 610 to step 620, a computer environment is used. Procedure An exemplary communication network (not shown) of an exemplary communication network (not shown) to establish communication between an MD and a cooperating MDMS. After establishing communication between md and the cooperating MDMS, establish and store] ^ 11) and 1 ^ 1) 1 ^ 3 user / device authentication and confirmation values for subsequent use in step 630. At step 640, the MDMS uses their authentication and confirmation values. Then, it is possible to establish the association between the file system slot and the group settings. The storage case is associated with the group and the authentication and validation values are available for subsequent use at step 65. Next, a check is performed at step 660 to determine if the MD on the MDMS requires slot or group affinity. If the check result at step 660 indicates that the MD slot and / or group association has changed, the program returns to step 640 and continues the program. However, if it is determined in step 660 that the MD file and / or group association setting is not required, the procedure proceeds to step 670, and the generated and stored MD and user authentication and confirmation values are used to execute between MD and Data and / or computer application communication between MDMSs. The program then terminates at step 680 96374.doc -29- 200522631. FIG. 7 illustrates a procedure executed when the exemplary mobile attack platform 400 shown in FIG. 4 processes external service requests from the exemplary mobile device 405 shown in FIG. 4 according to an exemplary implementation. As shown in FIG. 7, the program starts at step 700 and proceeds to step 705 where a check is performed to ensure that the exemplary mobile device 405 is communicating with at least one cooperating computer environment (415 shown in FIG. 4). . If the result of the check at step 705 indicates that the exemplary mobile device is not communicating with at least one cooperating computer environment, the program returns to step 7 0 0 and continues the program. : ,,,: And if it is determined in step 7 05 that the exemplary mobile device 4 05 is communicating with the computer environment to which Zhiyi is cooperating, proceed to step 7 to perform a check to determine whether the user has been based on the user (E.g., whether the participating user has provided appropriate user identification and password information) to authenticate the mobile device. If the mobile device is not successfully authenticated based on the user, the process proceeds to step 7115 to generate an error (and the error may be displayed to the participant user). A check is then performed at step 717 to determine if the mobile device user authentication is attempted again (i.e., the party user can re-enter his user identification and password). If the authentication is performed again in step 717, the private sequence returns to step 71 and the process continues. However, if it is determined in step 7 to 7 that the user authentication is not attempted again, the program terminates in step 720. However, 'if it is determined in step 710 that the mobile device has been authenticated according to the user', the process proceeds to step 725 to start a mobile device mobile desktop environment on the at least one cooperating computer environment. The program then proceeds to step 73 to perform a check to determine whether the MD has requested data and / or computer applications from at least one MD374 that has identified the MD for cooperation with 96374.doc -30-200522631. If the result of the check at step 730 indicates that the identified MD did not make a request, the program returns to step 730. However, if it is determined in step 730 that the MD has requested data and / or computer applications, then the process proceeds to step 735 to locally search for whether the MD has the requested data and / or computer applications. Next, a check is performed at step 740 to determine whether the local search MD satisfies the requirement. If the result of the check at step 740 indicates that the local search MD has met the requirement, the program returns to step 730 and continues the program. However, if the result of the check at step 740 indicates that the requirement is not met, the process proceeds to step 745 to search for a cooperative MDMS using the user authentication information provided at step 710. Then, the MDMS capable of identifying the cooperation of the searcher MD uses the user authentication information to authenticate the MD. Next, a check is performed at step 755 to determine whether the local search MD has authenticated the MD using the user authentication information based on the MD. If the check result at step 755 indicates that the MDMS has authenticated the MD, the process proceeds to step 760, where the MDMS provides the requested information and / or computer application to the requesting party and the MD that is now authenticated. The program then returns to step 730 and continues the program. However, if it is determined in step 755 that the cooperating MDMS has not authenticated the requester MD ^, the procedure proceeds to step 765, and an authentication error is provided to the requester MD. The program then proceeds to step 770, where a check is performed to determine whether the cooperative MDMS attempts to authenticate the MD again. If the check result in step 770 indicates that authentication is attempted again, the program returns to 96374.doc -31-200522631 step 7 5 5 and continues the program. However, if it is determined at step 770 that the authentication is not attempted again, the program proceeds to step 775 and terminates. FIG. 8 illustrates a procedure executed when the exemplary mobile device platform 400 illustrated in FIG. 4 processes a web service request from the exemplary mobile device 400 illustrated in FIG. 4 according to another exemplary implementation. As shown in FIG. 8, the program starts at step 800 and proceeds to step 805. At step 805, a check is performed to ensure that the exemplary mobile device 405 is communicating with at least one cooperating computer environment (415 in FIG. 4). . If the result of the check at step 805 indicates that the exemplary mobile device is not communicating with at least one cooperating computer environment, the process returns to step 800 and continues the process. However, 'if it is determined at step 805 that the exemplary mobile device 405 is communicating with at least one cooperating computer environment, proceed to step 810 to perform a check' to determine whether the user (for example, a party using Whether they have provided appropriate user identification and password information) to authenticate the mobile device. If the mobile device is not successfully authenticated based on the user, the process proceeds to steps 8 to 15 to generate an error (and the error may be displayed to the participant user). A check is then performed at steps 8-17 to determine if the mobile device user authentication is attempted again (i.e., the party user can re-enter his user identification and password). If the authentication is performed again in step 817, the program returns to steps 810 and continues the program. However, if it is determined in step 817 that user authentication has not been attempted again, the program terminates in step 820. However, if it is determined in step 8 to 10 that the mobile device has been authenticated according to the user, the procedure proceeds to step 825 to start the mobile device mobile desktop environment on the at least one cooperating computer environment 96374.doc -32- 200522631. . Then, the user authentication information and MD-specific authentication and confirmation information (for example, public key / private key) are used to initiate communication with at least one cooperating MDMS. Next, a check is performed at step 835 to determine whether the at least one cooperating MDMS has properly authenticated the MD. If it is determined in step 835 that at least one of the cooperating MDMSs does not recognize the MD, the procedure proceeds to step 840 to generate an error (and the error may be displayed to the participant user through the mobile desktop environment). The program then terminates at step 845. However, if it is determined in step 835 that at least one cooperating MDMS has identified the MD, the process proceeds to step 850 to perform a check to determine whether the MD has requested information and / or a computer from at least one cooperating MDMS that has identified the MD. application. If the result of the check at step 850 indicates that the authenticated MD did not make a request, the program returns to step 850. However, if it is determined in step 850 that the MD has requested data and / or computer applications from at least one cooperating MDMS that has identified the MD, then the procedure proceeds to step 855 to locally search for whether the MD has requested information and / or Computer applications. Next, a check is performed in step 860 to determine whether the local search MD meets the requirement. If the check result at step 860 indicates that the local search MD has met the requirement, the program returns to step 850 and continues the program. However, if the result of the check at step 860 indicates that the requirement is not met, the process proceeds to step 865 to inquire whether the cooperating MDMS has the required information and / or computer application. Next, at step 870, the requested data and / or computer application is provided to the MD authenticated by the requesting party. The program then returns to step 850 and continues the program. 96374.doc -33- 200522631 Figure 9! Will show when the exemplary mobile attack platform shown in Figure 4 cooperates with a third-party web service provider to process the Web service request from the exemplary mobile device 405 shown in Figure 4 The procedure performed at the time. As shown in FIG. 9, the program starts from step 900 and proceeds to step 905 where it is checked to ensure that the exemplary mobile device 405 is working with at least one brain environment (FIG. 4). 415) shown. If the result of the check at step 905 does not indicate that the exemplary mobile device is not communicating with at least the cooperating computer environment, the procedure returns to step 900 and continues the procedure. However, if it is determined in step 905 that the exemplary mobile device 405 is communicating with at least one cooperating computer environment, then proceed to step 910 to perform a check to determine whether the user (for example, a party user) Is the appropriate user identification and password information provided) to authenticate the mobile device? If the mobile device is not successfully authenticated according to the user, the process proceeds to step 915 to generate an error (and the error may be displayed to the participant user) ). A check is then performed at step 917 to determine if the action is to be attempted again (ie, 'allow the participant user to re-enter his user identification and password). If the authentication is performed again in step 917, the program returns to step 910 and continues the program. However, if it is determined in step 9117 that the user authentication has not been attempted again, the program terminates in step 920. However, if it is determined in step 910 that the mobile device has been authenticated according to the user ', the process proceeds to step 925 to start a mobile device mobile desktop environment on the at least one cooperating computer ring. Then, the user authentication information and MD-specific authentication and confirmation information (eg, public key / private key) are used to initiate communication with at least one cooperating MDMS. Next, a check is performed at 96374.doc -34- 200522631 step 935 to determine whether at least one cooperating MDMS has properly authenticated the MD. If it is determined in step 935 that at least one of the cooperating MDMSs does not recognize the MD, the process proceeds to step 940 to generate an error (and the error may be displayed to the participant user through the mobile desktop environment). The program then terminates at step 945. However, if it is determined in step 935 that at least one cooperating MDMS has identified the MD, the procedure proceeds to step 950 to perform a check to determine whether the MD has requested data and / or a computer from at least one cooperating MDMS that has identified the MD application. If the result of the check at step 950 indicates that the authenticated MD did not make a request, the procedure returns to step 950. However, if it is determined in step 950 that the MD has requested data and / or computer applications from at least one cooperating MDMS that has identified the MD, then the procedure proceeds to step 955 to locally search for whether the MD has requested information and / or Computer applications. Next, a check is performed at step 960 to determine whether the local search MD meets the requirement. If the check result at step 960 indicates that the local search MD has met the requirement, the program returns to step 950 and continues the program. However, if the inspection result in step 960 does not indicate that the requirement has not been met, the process proceeds to step 965 to inquire whether the cooperating MDMS has the required information and / or computer application program. The process then proceeds to step 970, where the cooperating MDMS collaborates with a third-party web service provider to obtain the requested information and / or computer application. Next, in step 975, the requested data and / or computer application is provided to the MD authenticated by the requesting party. The program then returns to step 950 and continues the program. In summary, the system and method described in this article provides a mobile device alternative construction. The present invention is intended to be 'alternative constructions' and various modifications and developments of the present invention are not limited to the specific constructions described herein. Conversely, it is the same as all the modifications and materials of the present invention. ^ The two-two brain environment (including non-wireless and wireless computer environments and real environments can implement the present invention. The various technologies described in this article T can be used to implement hardware, software, or software-hardware combinations. , Can be used in the computer environment to maintain a programmable computer = technology 'where the computer includes a processor, processor-readable storage "-^ including volatile and non-volatile memory and / or storage components), Up to ^ input devices and at least one output set in ψ. Cooperate with various instruction sets ^ Ά hardware logic is applied to the data to perform the functions described above and generate output information. Output information is provided for To one or more output devices. Preferably, various programming languages (including high-level procedures or object-oriented programming languages) can be used to implement the known formulae used by exemplary computer hardware to communicate with computer systems. As an example, if desired, the language may be a compiled or interpreted language under any circumstances. Preferably, the parent computer program is stored on a general purpose or special purpose programmable computer The read storage medium or device (for example, ROM or magnetic disk) is used for: The computer configures and operates the computer when the storage medium or device is read in order to perform the procedures described above. The device can also be constructed as a computer A readable storage medium uses a computer program to set its configuration. The storage medium in # is configured to cause the computer to operate in a specific or pre-defined manner. A combination or computer language is used to implement the devices and methods described herein. 96374.doc • 36- 200522631 Although the exemplary implementation of the present invention has been described in detail in the four texts, those skilled in the art will readily understand that the exemplary embodiment has many additional modifications that can be implemented without substantially departing from the present invention. The novel teaching content and advantages of the invention. According to this, these and all such amendments are intended to be included in the scope of the present invention. The τ% expressive claims luxury patent scope more appropriately defines the present invention. [Schematic description of the diagram] The mobile device platform and method of use will now be described in detail with reference to the drawings, in which: / 'Figure I shows the implementation of the system and method described herein Exemplary brain environment block diagram; 'FIG. 2 illustrates an exemplary computer network environment block diagram according to the system and method described herein; FIG. 3 illustrates an exemplary computer block interaction diagram according to the system and method described herein. Η FIG. 4 shows an exemplary implementation block diagram of a mobile device platform according to the systems and methods described herein; FIG. 51 illustrates another exemplary implementation block diagram of a mobile device platform not based on the systems and methods described herein; The flow chart of the procedures executed by the example implementation of the system and method described in this article is not set; Figures 7, 7 Program flow chart; Figure 8 shows a flow chart of a program executed by a mobile device according to the system and method described herein; and 96374.doc -37- 200522631 Figure 9 shows the system and method described herein and Another example implementation of the method's mobile device platform is a process flow diagram. [Description of Symbols of Main Components] 100 Computer System (Data Processing System, Computer Operating Environment) 105 System Bus 110 Central Processing Unit (CPU) 112 Interconnection 115 Microprocessor 120 Memory Controller 125 Random Access Memory (RAM) 130 Read-only memory (ROM) 135 Peripheral device controller 140 Printer 145 Keyboard 150 Mouse 155 Data storage 160 Communication network 163 Display controller 165 Display 170 Network card 180 Operating system 180? Computer application 200 network Connected computer environment 210 Tablet PC 96374.doc -38- 200522631 215 Mobile phone 220 Telephone 225 Personal digital assistant 300, 400 Mobile device platform 305 Communication interface 310, 405 Mobile device (MD) 410 MD / Computer environment communication interface 415 Computer environment 420 Mobile device management server (MDMS) 425 Translation engine 430 Web service 435 Communication network 440 Third-party web service provider 445 Encryption engine 500 Mobile device platform 505 Mobile device (MD), fA ,, 515, Γ 丨B, 'Computer environment 525 ... ,, fN f? 520 510 lines Mobile Device (MD) / Computer Environment Communication Interface 530, 570 Communication Network 585 Third-party Web Service Provider " A ,, 535, r ，,, 545,, 丨 C, '575, "' Nn 555 Mobile Device Management Server (MDMS) 540, 550, 560, 580 Web Services 96374.doc -39- 200522631 565 Firewall 590 Previous system 595 Dynamic JVM simulator and provider 96374.doc -40-

Claims (1)

200522631 X. Scope of patent application i.-A type of mobile device platform, including: it can be operated by-a mobile device with independent computer operation capabilities connected to a computer environment; and 2. 3. 4. 5. 6. 8. 9. A mobile device serves the mobile device. Server, which collaborates with the mobile device to provide data on the platform, which further includes-network communication, which operates to communicate data between the two devices and the mobile device server. :; Set: 1 platform, further steps include-encryption protocol two for the line two, /, ~ D device communication between servers. The platform of item 3, wherein the encryption protocol is applicable to the data storage architecture used by the mobile device server and the mobile device server. ^ The platform of item 4 where the data storage architecture includes any of the following (ντ18) Γ ^ ^^ ^ ^ ^ # ^ ^ If requested: ϋΐ 吉, 室, further including an authentication and confirmation module, which allows The remote mobile device and the mobile device server are mutually identified and confirmed to allow the transmission of information. The platform of Attorney 6, in which the authentication and confirmation module processing includes any of the following negative information: ig date + &,;,,, user identification information, user password information ^ A gold wheel information and private key information. For example, the request 1 4 τ * and Zhipingtang further includes a communication interface that operates to connect the mobile device to the computer environment. Shiming seeks the platform of item 8, in which the communication interface is embedded in the mobile device 96374.doc 200522631. 1 0. The platform of item 4 of item 8, wherein the communication interface includes any of the following items: Universal Serial Port (USB), IEEE 1394 Communication Interface (Firewire), 802 · XX Communication Interface, Blutoto (Bluetooth) Communication Interface , Personal computer interface, small computer serial interface and wireless application protocol (WAp) communication interface. Π. A platform for item 10, where the computer environment includes any of the following items: an independent computer environment, a network continuous computer environment, and an embedded computer environment. 12. The platform of the eleventh item, wherein the computer environment is an automotive embedded computer environment. 13. A platform such as the one required, wherein the computer environment is an embedded computer environment of a consumer electronic device. 14. The platform according to item 11, wherein the computer environment is a built-in computer environment for automatic control of a building. 15. The platform as described in item 1, wherein the data includes any data used in conjunction with one or more computer applications and control information. 16. The platform of claim 1, wherein the communication network includes any of the following: a fixed-line area network (LAN), a wireless local area network (LAN), a fixed-line wide area network (WAN), a wireless Wide-area network (WAN), a fixed-line peer-to-peer communication network, a wireless peer-to-peer communication network, CDMA multi-directional proximity (CDMA) it, a time-division multi-directional proximity (tdma) communication network A single light refers to the Global Positioning System (GSM) communication network, wireless Internet, and the Internet. 96374.doc 200522631 maintains a number of operations in the mobile device to allow the mobile device to be different from the platform of 17. such as the item of request, its working environment, ancient Xuan ^ τ > / Biansi work environment mobile device servo Cooperation. 18. If the request of item 17 is agreed, the mobile device operates to use an encrypted / different mobile device server to cooperate. 19. If the platform of item 18 is requested, the mobile device adopts an independent encrypted communication pass for each work% of the plurality of workers. The platform of item 19 in which the mobile device targets the Wait for each of the multiple work environments to support the only identification and confirmation. , D item 1 of level 1 'where the mobile device cooperates with the computer environment to display a user interface, the user interface operates to receive commands from the participating users to the computer environment in order to control, manipulate and manage Data and applications. The priest is called the room of claim 21, in which the mobile device management temple server cooperates with a plurality of other mobile device management servers to provide a service to the mobile device. 23. The platform of claim 22, wherein the mobile device management server cooperates with a plurality of third-party web service providers to provide web services to the mobile device. 24. The platform according to item 1, wherein the mobile device includes any of the following items: a processing unit, a mobile device communication interface unit, a ROM storage device, a RAM storage device, and an operating system. 25 · —A method for allowing the secure transmission of data in a computer environment, including ... 96374.doc 200522631 Provide-a mobile device with independent computer operation capabilities, the mobile device can operate to interface with a computer environment; and provide-a mobile device Feeder, the mobile device server cooperates with the mobile device to provide data to the mobile device. 26. The method of claim 25, further comprising establishing a communication link between the mobile device and the computer environment. E. The method of claim 26, further comprising establishing a communication link between the mobile device and the mobile device management server. 28. The method of claim 27, further comprising authenticating the mobile device at the mobile device management server to determine the rights and permissions of the mobile device. 29. The method of claim 28, further comprising receiving a Web service request from the mobile device to the mobile device management server. 30. The method of claim 29, further comprising using a server object access protocol (SOAP) to receive a Web service request from the mobile device to the mobile device management server. 3 1 · The method of claim 29, further comprising using the mobile device authentication information 'to retrieve the requested service at the mobile device management server. 32. The method of claim 31, further comprising translating the retrieved web service into a mobile device native web service format. 33. The method of claim 3, further comprising using the mobile device authentication information to encrypt the retrieved Web service. 34. The method of claim 33, further comprising communicating the retrieved encrypted Web service from the mobile device management server to the mobile device. 96374.doc 200522631 35. 36. 37. 38. 39. 40. 41. 42. The method of claim 34, further comprising processing the transmitted encrypted Web service on the mobile device so as to be on the cooperative computer environment Display and control. A computer-readable medium having computer-readable instructions that instruct a computer to execute a method as claimed in item 35. A system for securely transmitting Web services across a computer environment includes: a first component for interfacing with a cooperative computer environment, the first component having independent computer operation capabilities; and a second component for providing securely Web services to this first component. The system according to item 37 further includes a third component for operatively linking the first component with the second component. If the system of claim 38 is further included, it further includes a fourth component for identifying and confirming the rights and permissions of the first component to access the Web service from the second component, wherein the fourth component includes any of the following items · A biometric safety mechanism, a retinal scan safety mechanism, and a safety speech recognition mechanism. The monthly item 39 system further includes a fifth component for cooperating with the fourth component to encrypt the Web service for authentication purposes. Shiming seeks a system of item 40, in which the web service includes any of the following items: user-administrated web services, computer applications, and data. A method for obtaining secure Web services from a network includes: and complaining about mobile devices operating in cooperation with a cooperative computer environment, so that 96374.doc 200522631 4 mobile devices can be operated to execute Web services on the cooperative computer environment One or more computer applications; establishing communication with at least one cooperating mobile device management server; identifying the mobile device at the side mobile device management server to determine whether the mobile device accesses the mobile device $ Set the rights, access rights and permissions of the services on the management server; receive the web service request from the mobile device at the mobile device management server; use the mobile device authentication information to process the web service request; Retrieve a Web service to meet the Web service request made by the mobile device; encrypt the Web service according to a selected encryption protocol; and communicate the requested mobile service to the mobile device for execution on the cooperating computer environment. 43. The method of claim 42, further comprising using the user identification and user password information to authenticate the mobile device on the cooperative computer environment. 44. The method of claim 42, further comprising, when the mobile device is configured to operate with the cooperative computer environment, at least one application or routine found on the mobile device is automatically executed. 45. The method of claim 42, further comprising collaborating with a third-party spoofing service provider to retrieve the requested Web service. 46. The method of claim 42 further comprising collaborating with a java virtual machine to obtain a previous version of the application and the data. 47. A computer-readable medium having computer-readable instructions that instruct a computer to perform the method of item 42. 96374.doc