TW200522744A - Mobility device server - Google Patents

Abstract

A mobility device management server (MDMS) for use as part of a mobility device platform allowing for secure mobile computing is provided. In an illustrative implementation, an exemplary mobility device platform (MDP) comprises a mobility device (MD) operable to communicate with at least one computing environment through a communications interface and wherein the MD is operable to process and store secure web services, a communications network operable to communicate data and computing applications using web services, and a MDMS operable to generate, process, store, communicate and encrypt web services to the MD. Further, the MDMS is operable to perform one or more mobility device management functions to provide encryption keys to cooperating MDs and to authenticate and verify cooperating MDs requesting web services from the MDMS. The MDMS further may operate to perform metering functions and may operate to support intermittent connections between itself and cooperating MDs.

Description

200522744 IX. Description of the Invention: Claiming priority and cross-referencing This patent application claims the following U.S. provisional patent applications: September 29, 2003 No. 60 / 507,197 entitled "GO-KEY SYSTEM"; September 2003 Filed "GO-KEY ONLINE MUSIC SUBSCRIPTION AND DISTRIBUTION APPLICATION AND SERVICE" No. 60 / 506,918 on May 29; Filed "GO-KEY E-MAIL APPLICATION AND SERVICE" No. 60 / 506,919 on September 29, 2003 ; No. 60 / 506,925 named "GO-KEY MOBILE DESKTOP ENVIRONMENT" on September 29, 2003; No. 60 / 543,735 named "MDMS" on January 22, 2004; January 22, 2004 No. 60 / 538,763 filed "OMNI FILE SYSTEM (OFS)"; No. 60 / 538,915 filed "UDDI DIRECTORY" on January 22, 2004; and No. 60 / 538,767 filed on January 22, 2004 As "UDDI REPOSITORY", their patent applications are incorporated herein by reference. In addition, this patent application is related to the following patent applications and cross-referenced, and their patent applications are incorporated herein by reference: No. 10 / 837,426 filed on April 30, 2004 entitled "MOBILITY DEVICE PLATFORM" "(Agent File No. 45 597/196314); and April 30, 2004 filed No. 10 / 836,933 entitled" MOBILITY DEVICE "(Agent File No. 45597/196314). [Technical field to which the invention belongs] The system and method described herein are related to mobile computer operation technology ', and most importantly, it is a 96373.doc 200522744 mobile device management server that allows secure remote mobile computer operations. [Previous Technology] Businesses and individuals increasingly need mobility as a characteristic part of their computer environment. For businesses, mobility allows people to be deployed across geographic locations, enabling them to better serve Kelu. For example, a large pharmaceutical company would want to deploy business personnel "on-site" close to future customers (eg, doctors). In this context, "on-site" personnel would want to secure confidential sales and marketing information and computer applications over a secure connection. With the current solution, these people usually continue to work through a secure computer network connection (such as a virtual private network) at the end of the working day to complicate their data and company. In contrast, individuals seek their computer environment and mobility so that they can easily access their data and brain applications, and most importantly, continue to maintain a "connected state" during Internet communications. In response to the needs of mobile computing, computer environment manufacturers have developed mobile computing technologies (eg, standalone, networked, and / or embedded) that allow people to use their computing environment at any time. These mobile devices are designed to allow users to “carry” their bids and applications at any time. Although the material device provides: mobility, it will tend to have limited efficiency due to different appearance, processing capabilities and portability. Due to their limitations, users often expose large Γ-song computers ’to ensure that they have all the necessary solutions and computer applications2. The implementation of such schemes is based on the premise of the computer operating system (_pUting system). # ’Uses a“ device-centric ”computer operation. With "device-centric," computer operations, computer users can still access the project remotely and securely via a remote communication application (eg, a virtual private network) via 96373.doc 200522744, but still will Carry large, heavy computer equipment to retrieve its data and computer applications. Most importantly, with device-centric computer operations, users typically equip a device (such as a company personal computer or laptop) based on the needs of the enterprise's computer operations, and typically have personal devices at home for personal use. One or more computer environments. In maintaining multiple computer environments, computer users are responsible for synchronizing custom preferences and settings across many different computer environments. This task is extremely difficult and often frustrated by computer users' inability to access the required data and / or computer applications between different computer environments. For example, computer users may wish to obtain their financial planning management data from their financial planning management computer applications (eg, Quicken, Micr0ftft) at any time in order to process possible payments (eg, to Bills). With the current solution, computer users need to install financial planning and management computer applications and obtain the required information on each computer environment (including company computers, which may be against corporate computer operating policies and procedures). In contrast, companies will want to be highly effective when it comes to seizing confidential company information. In current implementations based on device-centric computer operations, employees are required to return their computer environment (for example, laptops, personal computers, mobile phones or personal digital assistants) Of corporate user directory information, which makes it a duty to use company data. However, collecting such devices and terminating access to them is a period of time. This 96373.doc 200522744 period of time will result in the employee from the enterprise computer The environment copies the archives for future use. In this case, according to the current implementation, confidential corporate information may be revealed. As can be seen from the foregoing, it is necessary to overcome the shortcomings of the current implementation. SUMMARY OF THE INVENTION The present invention discloses an application for A mobile device management server that is part of a mobile device platform to allow the security of mobile computer operations. In an exemplary implementation, an exemplary electronic device includes: a mobile device operable to communicate with at least through a communication interface and at least A computer environment, and the mobile device is operable to process and store Secure Web services; a communications network that operates to communicate data and computer applications using Web services; and a mobile device management server that operates to generate, process, store, and encrypt Web information about the mobile device In addition, the mobile device & feeding device is operable to perform one or more mobile device management functions, to provide an encryption key to a partner mobile device, and to identify and confirm requests to the mobile device management server Web services for cooperating mobile devices. The mobile device management server and the mobile device may further operate to use user identification and password information to perform authentication and confirmation. The mobile device management server may further operate to perform information related to the Metering functions and operations of web services processed and executed on the mobile device platform. In addition, the mobile device management server can operate to support the gap between the mobile device management server and the cooperating mobile device management server. In a private operation, the indicative mobile device is configured to cooperate in a Brain environment. In addition, the mobile device was built and communicated with one or more of the partners 96372.doc 200522744 mobile device management servers and attempted to be used by one or more of the mobile device management servers of such cooperation The selected authentication and confirmation information is authenticated. After the authentication and confirmation, one or more of the mobile device management servers of the cooperation use Web services to process data and computers from the exemplary mobile device of the cooperation Application requirements. One or more of the mobile device management servers use the exemplary selected authentication and confirmation information (eg, key) to encrypt the web service to allow one or more of the cooperations Multiple mobile device management servers and the exemplary mobile device securely communicate the required data and computer applications. Further features of the systems and methods described herein are described further below. [Implementation] Overview: The systems and methods described in the text provide a "user-centric" approach to computer operations and mobile computer operations. Existing computer operations solutions (businesses or individuals) are generally designed to use a “device-centric” model. The device-centric model is designed to manage and track users based on device assignments and assignments. For example, in the background of enterprise computer operation τ, the enterprise computer environment may include several feeding computer environments and many client computer environments. _ In general, every user in the enterprise has a client computer environment (for example, a personal computer or laptop),-generally the client computer environment is connected to the server via a network through the corporate communication interface Lei ^, ^ Hungry, or, if the user is away from the corporate communications network, will Pu / J 疋 connect the client computer environment to the connection through a virtual private network (VPN)?止 业 通 j 吕 网络. In addition, in the conventional 96373.doc -10- 200522744 enterprise computer environment, a directory service structure for establishing the association of user rights and permissions with a certain enterprise data and computer applications will be provided to users. User identification information and password information. -Using this type of enterprise computer environment, users are usually only allowed to use their own preferences and settings to customize the provided computer environment, so that if users roam across the network and log in to a non-owned computer environment, they cannot ° Access your preferences and settings. This problem usually occurs with corporate users who want to maintain preferences and settings (e.g., browsing) between their corporate computer environment and their personal computer environment (e.g., a computer at home). Browser bookmarks, desktop appearance and operation, color scheme, application layout, and file directory structure) synchronization, which requires manual synchronization. In addition, using existing corporate computer environments to manage many client computer environments has become a tedious task. Currently, corporate information technology departments employ dozens (rather than hundreds) to support many users and their computer environments. In addition to just actual management, a device-centric computer operation model for enterprise data integrity and security applications is also proposed. In this context, computer users in the industry often need to decide for themselves to copy and include confidential corporate data. Since preventing users from unauthorized copying of corporate broadcasts and data is a heavy task, most companies ignore this work. For businesses and individuals, this existing restriction can be extremely costly. The system and method described in this article aims to improve the shortcomings of existing implementations by providing a mobile device platform (MDp) designed using a "user-centered ~" transformation. In the example implementation, the mobile device platform includes at least one 96373.doc -11- 200522744 mobile device (MD), and the mobile device is operable to communicate through a communication interface (eg, Universal Serial Port (USB), IEEE 1394 communication interface ( Firewire), 802.XX communication interface, blurtooth communication interface, personal computer interface, small computer serial interface, and wireless application protocol (WAP) communication interface) to cooperate with one or more computer environments (for example, personal Computers, personal digital assistants, mobile phones, networked computers, and other computer environments). In addition, the mobile device platform includes one or more mobile device management servers (MDMS). The mobile device management server is operable to authenticate, confirm, and provide user management for cooperative mobile devices and their users. In operation, the mobile device can cooperate with one or more computer environments for invoking—or multiple work environments—in order to process web services. These Web services can be executed from data and computer applications located locally in the MD, or the MD can collaborate with one or more MDMSs to obtain the required Web services. The MDMS can operate to authenticate the requesting MD, thereby ensuring that the requesting MD has the rights and authority regarding the requested Web service. In addition, the MDMS can collaborate with third-party web service providers to obtain the required web services. In this context, the MDMS can take action to translate a format from a non-MD native web service into a native MD web service. When the Web service is transmitted from the MDMS to multiple cooperating MDs, both the MDMS and the MD use user and device authentication and confirmation information to perform 1028-bit and / or 2056-bit encryption (for example, PKI encryption). The web services provided by the MDMS to the MD may include, but are not limited to, computer applications and required information. In addition, the MD can operate to store the user's custom settings and preferences in the local machine of the MD, allowing users to obtain custom settings and preferences from 96373.doc -12- 200522744 at any time. Using the mobile device platform in this way, users can work in any number of collaborative computer environments, as long as users are confident that they can access their custom settings and preferences in a collaborative computer environment. Yes, securely access your own computer applications and files (for example, as a web service).

Web services: Services (commonly known as web services or application services) provided over communication networks such as the Internet are growing. Similarly, technologies to promote such services are growing. Web services can be defined as any source of information that executes business logic programs that are conveniently packaged based on the applications used by the user. The growing Web services means that Web services can be used to provide functions on the network. Web services usually include a combination of programming and data that enables users and other network-connected applications to obtain Web services from an application server. The scope of web services covers services such as storage management and customer relationship management, and extends downwards to more limited services such as providing real-time stock quotes and checking auction project bid prices. Actions focused on defining and standardizing the use of Web services include the development of a Web Services Description Language (WSDL). WSDL is an Extensible Markup Language (XML) format used to describe Web services as a set of end points for processing messages containing document-oriented or process-oriented information. The assignments and messages are described in an abstract way, and then bound to a concrete network protocol and a message format that defines the end point. The related end points of 96373.doc -13- 200522744 are combined into abstract end points (services). At present, the widely advocated web service usage model is as follows: (1) The service is implemented and deployed on a site (usually called the server side). (2) Services are described using WSDL and issued through means such as UDDI (Universal Description, Discovery, and Integration). UDDI is an XML-based login (XML-based registry) to list on the Internet based on the web services provided. (3) The client application uses Web services at other sites (commonly referred to as the client side) by first interpreting one or more WSDL files. After interpretation, the client can understand the characteristics of related services. For example, service characteristics may include service API specifications, such as: (a) input data types; (b) service input data formats; (c) service access mechanisms or styles (eg, RPC versus messaging services); and (d ) Related encoding formats. (4) The client application prepares the data in a manner known by various Web services. (5) The client application invokes the service in the manner specified by the specific service (for example, the manner specified in the relevant WSDL file). The input data format and invocation method of various Web services are different. For example, suppose an application service provider provides a service (getCityWeather) that requires a single input parameter such as a custom city name (for example, Salt Lake City's custom city name is SLC). A client application that is expected to call such a service must be written so that the data in the application or the output data can be analyzed to extract city information 96373.doc -14- 200522744. During execution, the prepared symbols are passed to the getCityWeather service site using the appropriate API. However, suppose other application service providers provide similar services but require two input parameters' such as city name and postal code. Therefore, if a client application is expected to invoke their two services, it must consider the required service input parameters to properly analyze and expand its data. Therefore, if a single application is expected to call both of these services, the application must be hard-coded using service-specific API information and procedures. In addition, if a single application is expected to invoke many services, the application must be hard-coded with API information and procedures related to each and all services that the application is expected to invoke. As mentioned above, various Web services can provide similar functions, but in different ways. The system and method described herein aims to improve such differences by providing a mobile device platform with a mobile device management server. Among other items, the mobile device management server includes a Web service translation module, the web The service translation module operates to accept data from a Web service provider, and provides the web service as a Web service model prototype to a cooperating mobile device. Overview of Simple Object Access Protocol (SOAP): Simple Object Access Protocol (SOAP) is a lightweight XML-based communication protocol used to exchange information in a decentralized, decentralized environment . SOAP supports different styles of information exchange, including: Remote Procedure Call (RPC) style, which allows 96373.doc -15- 200522744 request-response processing, where an end point receives a program-oriented Procedure-oriented message, and reply with a correlated response message. Message-oriented information exchange supports organizations and applications that need to exchange business or other types of documents. A message is sent, but the sender does not expect or wait for an immediate response. Generally speaking, a SOAP message consists of a SOAP envelope (which encapsulates two data structures: a SOAP header and a SOAP body) and information about a namespace (used to define a SOAP message). The header is optional; if a header is present, the header carries information about the requirements defined in the SOAP body. For example, the header may contain transaction, security, content, or user profile information. The subject contains a web service request or a response to the request in XML format. The following diagram shows the high-level structure of a SOAP message. When SOAP messages are used to carry Web service requests and responses, SOAP messages can follow the web services definition language (WSDL) that defines the available web services. WSDL can define the SOAP messages used to access web services, Protocols that can be used to exchange SOAP messages and Internet locations that can access Web services. WSDL descriptors can reside in UDDI or other directory services, and can also be configured or otherwise (for example, a SOAP request response) To provide WSDL description items. There is a SOAP specification (for example, the w3 SOAP specification, if you need relevant information, 96373.doc -16- 200522744 please visit www.w3.org) to provide the standard encoding method of the request and response. The specification uses XML Schema to describe the structure and data type of the message payload. The SOAP usage methods applicable to the messages and responses of Web services are: The use of SOAP clients conforms to the SOAP specification and contains service requirements XML file. The SOAP client sends the file to a SOAP server, and the SOAP servlet executed on the server Used (e.g., HTTP or HTTPS) to handle the file.

The Web service receives the SOAP message and dispatches the message as a service invocation to an application program for providing the requested service. Using the SOAP protocol again, a response from the service is returned to the SOAP server, and the message is returned to the original SOAP client. Obviously, although SOAP is described in this article as a communication protocol applicable to the systems and methods described in this article, the content of this description is only an example. The systems and methods described in this article can use various communication protocols and messaging standards. Exemplary Computer Environment FIG. 1 illustrates an exemplary computer system 100 in accordance with the systems and methods described herein. The computer system 100 can execute various operating systems 180 and computer applications 180 '(e.g., web browsers and mobile desktop environments) that can operate on the operating system 180. The exemplary computer system 100 is primarily controlled by computer-readable instructions, which may be in the form of software, where and how to store and access such software. This type of software can be executed in the central processing unit (CPU) 110, which enables 96373.doc -17- 200522744 to make the shell material processing system 1000 operate. In many known computer servers, a microelectronic chip CPU called a microprocessor is used to implement a workstation and a personal computer central processing unit 110. The sub processor 115 is a different type from the main

The optional processor of the CPU 110 is used to perform additional functions or assist the CPU 110. The CPU 11 can be connected to the sub-processor 115 through the interconnect 112. One general-type sub-processor is a floating-point arithmetic sub-processor, also known as a numerical or mathematical field operation, which is designed to perform numerical calculations faster than a general-purpose CPU 110. Obviously, although the exemplary computer environment shown in the figure includes a single CPU 110, this description is merely an example. The computer environment 100 may include several CPUs 110. In addition, the computer environment 100 can also utilize the resources of the remote CPU (not shown) through the communication network 160 or other communication components (not shown in the figure). During operation, the CPU 110 extracts, decodes, and executes instructions, and transmits and transmits information about resources through the computer's main data transmission path (system bus 105). This system bus connects the various components in the computer environment 100 and serves as a data exchange medium. The system bus 105 generally includes a data line for transmitting data, an address line for transmitting an address, and a control line for transmitting Wf and for operating the system bus. An example of such a system bus is a PCI (Peripheral Component Interconnect) bus. Some of today's advanced buses provide a feature called bus arbitration for managing expansion card, controller, and CPU 110 access to the bus. The devices attached to their buses and arbitrated to the Canghui / 1 bus are called bus masters. Supporting bus masters also allows multi-processor configurations of their buses to be created by attaching a bus master 96373.doc 200522744 controller card containing processors and supporting chips. The memory devices coupled to the system bus 105 include random access memory (RAM) 125 and read-only memory (ROM) 130. This type of memory contains circuitry that allows storage and retrieval of information. ROM 130 usually contains stored data that cannot be modified. The CPU 110 or other hardware device can read or change the data stored in the ram 125. Access to the ram 125 and / or ROM 130 may be controlled by the memory controller 120. The memory controller 120 may provide an address translation function 'for translating a virtual address into a physical address executed by a command.呑 益 memory control benefits 120 can also provide memory protection function, used to isolate the processing sequence within the system and isolate the system process and the user process. Therefore, in the execution mode, the execution program usually only accesses the memory mapped from the virtual address space of the process; it cannot access the memory in the virtual address space of other processes unless the Memory sharing. In addition, the computer system 100 may include a peripheral device controller 135, and the peripheral device is controlled to 135 to transmit instructions from the CP 110 to the peripheral devices, such as a 'printer 140, a keyboard 145, a mouse 150, and a data storage device 155. The purpose of the display 16 5 (controlled by the display controller 16 3) is to display the visible output produced by the computer system 100. Such visible output can include text, graphics, animation, and video. The display 165 may be implemented using a CRT type video display, an lcd type flat display, a gas plasma type flat display, a touch panel, or other display forms. The display controller 163 includes electronic components required to generate a video signal to be transmitted to the display 165. In addition, the computer system 100 may further include a network card 170, and the use of the network card iota 70 96.doc -19-200522744 is to connect the computer system 100 to an external communication network 160. The communication network 16 provides a way for computer users to communicate and transfer software and information electronically. In addition, the communication network 160 can also provide decentralized processing, which involves several computers, and will share the workload or collaboration during the execution of the work. It should be understood that the network connection shown in the figure is an exemplary network connection, and other devices may be used to establish a communication link between the computers. It should be understood that the exemplary computer system 100 is merely an exemplary computer environment suitable for the operation of the systems and methods described herein, and is not intended to limit the systems described herein.

The implementation of the system and method in a computer environment with different components and configurations can be implemented in various computer environments with various components and configurations. Illustrative computer network environment:

The computer system 100 as described above may be deployed as part of a computer network. _ Generally speaking, the content of the previous description of the computer environment is applicable to server computers and client computers deployed in the Internet.) FIG. 2 illustrates a kind of computer environment that can be adopted and described in the following description, and a method for connecting a computer environment and a server that communicates with a client computer via a communication network. As shown in Figure 2 / Feeder 205 can be via a communication network (may be fixed or wireless [referred to as WAN, internal network, external network, peer-to-peer network, Internet or other communication network) And it is interconnected with several client computer environments, such as tablet ^ personal computer 2 10, mobile phone 2 丨 5, Lei Ye. Phone 220, personal computer 10 (), and Bo's assistant 225. In addition, Tai Shi jealousy, +, and Ming Bu also described the mental system and method through the right network 160 and the car computer environment (brain environment (not shown in the figure) and buildings in the picture) ^ # 性 电子 以 1 建The mining automation controls the computer environment (not shown in the figure 96373.doc • 20-200522744). For example, in a network environment where the communication network 160 is the Internet, the server 205 may be a dedicated computer environment server. It operates to handle Web services and is accessible via any number of known protocols (for example, hypertext transfer protocol (HTTP), file transfer protocol (FTP), simple object access Communication protocol (simple object access protocol; SOAP) or wireless application protocol (wireless application protocol; WAP)) to transfer Web services to and from the client computer environment 100, 210, 215, 220, and 225. Each client The computer environment 100, 21, 215, 220, and 225 can also be equipped with a browser operating system 180 (which can operate to support one or more such as a web browser (not shown in the figure)) Brain applications), or equipped with a mobile desktop environment (to obtain access to the server computer environment 205). In the process of operation 'users (not shown) can interact with the computer running on the client computer environment Application to obtain the required data and / or computer application. The data and / or computer application can be stored on the server computer environment 205 'and communicated through the exemplary communication network 160 to the client computer environment 1 〇〇, 210, 215, 220, and 225. Users will use Web service transactions to request access to specific data and applications loaded on the server computer environment 205. These web service transactions are communicated between the computer environment 100, 210, 215, 220, and 225 and the server computer environment for processing and storage. The server computer environment 205 can be loaded with computer applications, processes &; Program items (applets), used to generate, identify and communicate Web services, and can be used with other server computer environments (not shown), third-party service providers (Figure 96763.doc -21-200522744, Shishi) ,,, Kushiro attached storage device (network attached storage; NAS) and storage area network (SAN) collaboration in order to achieve the other Wait for web service transactions. Therefore, in a computer network environment having a client computer environment for accessing the network or interacting with the network and a server computer environment for interacting with the client computer environment, the systems and methods described herein can be utilized . However, systems and methods for providing mobile device platforms can be implemented using a variety of network architectures and should not be limited to the examples shown. This exemplary implementation will now be referenced to explain the systems and methods described herein in detail. Collaboration of Mobile Device Platform Components: Figure 3 illustrates an exemplary interaction between components of an exemplary mobile device platform. Generally speaking, as shown in FIG. 3, the exemplary mobile device platform 300 (in short) may include an exemplary mobile device 310 whose use is based on a selected general purpose (not shown in the figure) The communication interface 305 operates to cooperate with the client computer environment 100. In addition, the exemplary mobile device platform 300 may further include a communication network 160 (as shown in FIG. 1) and a server computer environment 205. In operation, the mobile device can cooperate with the client computer environment 100 through the communication interface 305, so as to execute one or more detailed application programs 180 'derived from the mobile device 31 and can be displayed on The client computer environment 100 is provided for user interaction. Computer applications 180, which may include (but are not limited to) browser applications, word processing applications, spreadsheets, database applications, web services applications, and user management / Preferences application. In addition, the mobile device 31 can use the client computer environment 100 and cooperate with the server 96373.doc -22- 200522744 computer environment 205 via the communication network 丨 in order to obtain data and / or computers in the form of Web services application. FIG. 4 illustrates interactions between components of an exemplary mobile device platform 400. As shown in FIG. 4, an exemplary mobile device platform 400 includes a mobile device (MD) 405, a computer environment 410, a communication network 435, a mobile device management server (MDMS) 420, and a third-party web service provider 440. In addition, as further shown in the MD resolution diagram, the MD 405 further includes a processing unit (PU), operating system (OS), storage memory (RAM / ROM), and an MD communication interface. Moreover, the MDMS 420 further includes a translation engine 425, a web service 430, and an encryption engine 445. In operation, the MD 405 uses one or more MD components PU, OS, RAM / ROM, and MD communication interfaces to communicate with the computer environment 415 through the MD / computer environment communication interface 410. When communicating with the computer environment 415, the MD 405 can launch one or more computer applications (not shown in the figure), which may include (but is not limited to) a mobile desktop environment as a configuration part, user customization and authentication Recognized administrator and web services applications. Once the configuration has been set, the MD 405 can further collaborate with the computer environment 415 to process one or more web services (e.g., web service data and / or computer applications). In this context, the communication network 435 may be used by the MD 405 to request the cooperating MDMS 420 for web service information and / or computer applications in order to process their web services. In this case, the MDMS 420 can operate to authenticate the MD 405, thereby ensuring that the participant user (not shown) and the mobile device 405 have the correct permissions for the required data and / or computer applications. Such authentication procedures may also use one or more security peripherals that may reside on the MD 405, including (but not limited to) 96373.doc -23- 200522744 biometric security peripherals, retinal scan security peripherals Device and security voice recognition peripherals. If properly authenticated, the MDMS 420 may further operate to find the requested data and / or computer applications locally on the MDMS 420 and to communicate their requested data and / or computer applications via the communication network 435 ( For example, a web service) is provided to the recognized MD 405, or the MDMS 420 may operate to cooperate with a third party service provider 440 'in order to obtain a web service to be communicated to the recognized MD 405. When working with a third-party service web provider 440, the MDMS 420 is operable to use a translation engine 425 'to translate the web service 430 originating from the third-party web service provider 440 into an MD native format. In addition, the MDMS 420 is operable to use the encryption engine 445 to encrypt the required Web service while satisfying the Web service requirements from the authenticated MD 405. In addition, the MDMS 420 can further operate to use a selected encryption protocol (e.g., PKI encryption) to cooperate with a file system (not shown) to obtain a Web service to be communicated to the MD 405. The cooperative file system may include, but is not limited to, a file allocation table (FAT) building case system and a new technology files system (NTFS). Figure 5 illustrates a block diagram of exemplary components of an exemplary mobile device management server (MDMS) deployed in an exemplary network-connected computer environment. As shown, the exemplary networked computer environment includes Site A, Site B, and Site C, each site having an exemplary MDMS and components, respectively. Site A includes MDMS 502 'MDMS 502 itself has an operating system 504. The operating system (OS) 504 shown in the figure supports the java virtual machine (jvm) 506, followed by the java virtual machine 96373.doc -24- 200522744 The machine (JVM) 506 supports MDMS. Java code 508. The MDMS.java code 508 in this article includes SOAP chaining 538 and services 548. In addition, the operating system 504 can also operate to support and collaborate with the user database 510, the key database 512, and the file storage area 514. Furthermore, the operating system 504 can also operate to support and collaborate with resident applications 550, JVM 552, and JVM 554. In addition, the operating system 504 can also operate to support and cooperate with encryption drivers, communication interface drivers, and network drivers. Mirroring OS 504, MDMS 502 maintains hardware, for example, hardware accelerators, communication interface ports, and communication interface cards (NICs) that work with encryption drivers, communication interface drivers, and network drivers during the operation of MDMS 502. In addition, as shown in the figure, the MDMS includes a storage area network (SAN) / network-attached storage device (NAS) interface 516 that is operable to connect the MDMS 502 to a cooperative file / data storage area 518 and cooperation MDMS 520 and 522. The SAN / NAS interface 5 16 can be coupled to the cooperative file / data storage area 518 and the cooperative MDMS 520 and 522 through the communication network 5 19. Furthermore, as shown, the MDMS 502 may cooperate with other MDMS environments 536 and 528 that reside locally to the MDMS 502 or are geographically separated from the MDMS 502. The MDMS environment 536 may include an MDMS 534 and a file / data storage area 532. Similarly, the MDMS environment 528 may include MDMS 526 and MDMS 530 which are operatively coupled to the file / data storage area 524. Several submodules may reside in the SOAP link module 538, including (but not limited to): a packet investigation Packet sniffer, which can operate to monitor data communications; security enforcement, which can operate to maintain data permissions and access; usage / monitor *, 96373.doc- 25- 200522744 which can operate to meter service usage; and a web services proxy, which can operate to cache requester components (eg, certified MD, not shown) ) Collaborative Web Services. Their sub-modules can be controlled by one or more sub-module applications, including (but not limited to): an administration debugger for execution on the packet sniffer sub-module A security manager for execution on the security / enforcement sub-module; a metering manager for execution on the usage mode / monitor sub-module; and an agent A server manager (proxy manager) is used to run on the web service proxy server. Several submodules can reside in the SOAP link module 548, including (but not limited to): a mobile device administrator; an encryption administrator (PKCS administrator); a file transfer service; a Web service administrator; Web Service access control service; a web service measurement service; a universal description, description, discovery, and integration (UDDI) service; a UDDI repository service; a file system ( For example, the Omni File System); a SOAP proxy server service; a Web service translator service; and a quality of service operation that operates to perform (including but not limited to) load balancing, MDMS live switching ( hot swapping) and transfer after error. The resident applications 550 may include, but are not limited to, security, router, SAN / NAS control, and encryption control. The JVM 552 may include code that operates on and processes encrypted information (e.g., key information), user authentication, service provisioning, and MDMS java operations. In contrast, JVM 554 may include Java code that allows 96373.doc -26- 200522744 to simulate the hardware configuration of mobile devices. In operation, MDMS makes full use of one or more of the components described above to process Web service requests, and uses cryptographic processes to securely provide • Web services to cooperate with requesting parties that use authentication and confirmation information Of components. MDMS 502 can collaborate with other MDMS environments (eg, MDMS environments 536 and 528) to meet Web services requirements. In one example implementation, the MDMS 501 provides installation management user information, applications, and service registration and coordination of storage devices. In operation, MDMS 501 supports user access and management functions. For example, mobile desktop users can use MDMS 501 to connect to their applications and data. In this context, after being connected, the MDMS 501 will check user authentication and preference settings. Access control can be enforced automatically, and "skins" can be applied to applications and services, enabling applications and services to match the environment of the participating users. Application and data requests can be processed in accordance with the speed of the local device and can be monitored based on improved systems. In addition, the MDMS 502 can also be operated to allow users to access their authorized file storage areas (for example, 518, 532, and 524) and distribute cases to individuals, groups, or globally. In this context, MDMS 502 can use various MDMS components to provide management of files, applications / services (548 and 550) and mass storage devices. In addition, because the MDMS 502 enables system administrators to connect to the MDMS 502 from a remote location using a cooperating mobile device (not shown), it allows for more robust system management. As shown in FIG. 5, the MDMS 502 may include several functional components and modules. The other components and modules can operate to provide various functions, including (but not limited to) security 96373.doc -27- 200522744 sex, mobile device management, gold and gold tracking and management, transaction measurement, building case system Management, application / service management, application subscription management, web service monitoring, legacy infrastructure expansion, data store management, and cluster deployment and management. Figure 6 illustrates the procedures performed by the exemplary MDMS 502 with Hopewell MD. As shown in the figure, the program starts from step 600, and proceeds to step 605, where a check is performed to determine whether the MD authentication of the cooperation needs to be established or updated. If the check result at step 605 indicates that it is not necessary to build jl or update the MD bank identification, the program returns to step 600 and continues the program. However, if the result of the check at step 605 indicates that MD authentication needs to be established or updated, the procedure proceeds to step 61, where a check is performed to determine whether the cooperating MD is a new partner of the MDMS and needs to be performed by the MDMS. Initial authentication. If the check result at step 61 indicates that a new MD needs to be authenticated, the procedure proceeds to step 615, and * MDMS generates authentication information about the new ... ^. The program then proceeds to step 62, where an encryption key is generated and passed to the authenticated MD. Next, at step 625, the authentication and encryption information is transmitted to the authenticated cooperative MD. Then, the identification and desire information are used to establish the relevance of the group members applicable to the MD on the cooperative file system. A check is then performed at step 5 to determine if it has been successfully identified. If the result of the check at step 635 indicates that the authentication was deemed unsuccessful, the program proceeds to step 64 to generate an error. Then in step 645, the error can be corrected. The program then returns to step 63 5 and continues the program. However, 'if it is determined in step 635 that the authentication test has been passed, the program proceeds to step 650' and a check is performed in step 650 to determine whether it is necessary to change the authority of the cooperation 96373.doc 200522744. If the result of the check at step 650 indicates that permission needs to be changed, the process proceeds to step 655 to update the authentication and / or encryption information. The program then returns to step 635 and continues the program. However, if the result of the check at step 650 indicates that the permission does not need to be changed, the program proceeds to step 660 and ends with the MD authentication configuration setting. Furthermore, if the result of the check at step 610 does not indicate a new MD that does not require authentication, the process proceeds to step 650 and continues the process. FIG. 7 illustrates a program executed by the mobile device management server 502 in an exemplary Web service processing implementation. As shown in FIG. 7, the program starts from step 700 and proceeds to step 705 where a check is performed to determine whether the MDMS has performed communication with the cooperating computer network. If the result of the check at step 700 indicates that no communication is taking place, the program returns to step 700 and continues. However, if it is determined in step 705 that the MDMS has performed communication with the cooperating computer network, the program proceeds to step 710 where a check is performed to determine whether one or more cooperating MDs have requested one or more Webs from the MDMS. service. If the check result in step 710 indicates that no MD requires Web service, the program returns to step 710 and continues the program. However, if the result of the check at step 710 indicates that one or more cooperating MDs have requested one or more web services, the process proceeds to step 7 15 and the MDMS uses the MD security and authentication services to authenticate the MD . A check is then made in step 720 to determine if the MD has been authenticated. If the MD has been authenticated, the program proceeds to step 735 to process the Web service request. Then, in steps 740 and 745, the MDMS and the MD execute a Web service. However, if the check result at step 7 2 0 indicates that the authentication was not successful 96373.doc -29- 200522744 MD, the program proceeds to step 725 to generate an error. The program then proceeds to step 727 where a check is performed to determine whether authentication is attempted again. If the check result at step 727 indicates that md authentication is attempted again, the procedure returns to step 720 and continues the procedure. However, if it is determined in step 727 that MD recognition is not attempted again, the program terminates in step 73. FIG. 8 illustrates a procedure executed by the mobile device management server 502 in another web service processing implementation. As shown in Figure 8, the program starts at step 800 and proceeds to step 805 where a check is performed to determine whether one or more authenticated MDs have requested one or more web services. If the result of the check at step 805 indicates that no authenticated tMD requires a web service, the program returns to step 800 and continues the program. However, if the result of the check at step 805 does not indicate whether one or more authenticated MDs have requested one or more web services, the process proceeds to step 81 and the MDMS will retrieve the data from the cooperative data storage area, Retrieve data and / or computer applications from any item in a cooperative Web service provider and other cooperative MDMS. Then, in step 815, a check is performed to determine whether the captured Web service needs to be translated into the MD native Web service format. If the result of the check at step 815 indicates that translation is required, the program proceeds to step 825 to encrypt the requested data and / or computer application according to the selected encryption protocol (for example, using a public / private key). Then, the procedure proceeds to step 830, and the encrypted data and / or computer application program is transmitted to the MD authenticated by the requesting party. Next, in step 835, the MD job is measured by the MDMS to obtain usage information, behavior, similarity, and similar measurement information. The metering data is then stored for future use in step 840. Next, a check is performed in step 845 to determine whether to report the stored 96373.doc -30- 200522744 measurement data. If the inspection result at step 845 indicates that the measurement data is to be reported, the procedure proceeds to step 850 to analyze the measurement data to generate a measurement report. The program then terminates at step 855. However, if the result of the check at step 815 indicates that translation is required, the program proceeds to step 820 to translate the requested Web service into an MD native Web service. The program then proceeds to step 825 and continues the program. FIG. 9 illustrates a program executed by the MDMS 502 in another Web service processing implementation. As shown in FIG. 9, the program starts at step 900, and proceeds to step 905, at which a check is performed to determine whether one or more authenticated] ^!) Has requested one or more Web services. If the result of the check in step 905 is shown (there is an authenticated MD requesting a Web service, the program returns to step 900 and continues the program. However, if the check result in step 905 indicates one or more If an authenticated MD has requested one or more web services, the process proceeds to step 910 'Retrieved by MDMS from any item in the cooperation project deposit area, the cooperation Web service provider, and other cooperation MDMS Data and / or computer applications. Next, a check is performed at step 915 to determine whether the extracted web service needs to be translated into the MD native web service format. If the check result at step 91.5 indicates that translation is required, the program proceeds to Step 925 'Encrypt the requested data and / or computer application according to the selected encryption protocol (eg, using public / private gold loss). Then, proceed to step 930 to encrypt the data and / or computer application The program is transmitted to the certified MD of the requesting party. Then, a check is performed at step 935 to determine whether the communication link between the MDMS and the partner MD is in use. If The check result at step 935 indicates that the communication link is in use 96373.doc -31-200522744. The program proceeds to step 945 to synchronize any cached transactions. Then, at step 950, the MDMS sends Measure MD operations to obtain usage metrics, behaviors, similarities, and similar metric information. Then, at step 955, store data for future use. Then, at step 96, a check is performed to determine whether to report the Stored measurement data. If the inspection at step 96 indicates that the measurement data is to be reported, the program proceeds to step 965, where the measurement is performed; the shell material is generated to generate a measurement report. Then the program terminates at step. However, if the check result in step 935 indicates that the communication link is not in use, the program proceeds to step 94 to cache the requested web service. Then, the program proceeds to step 935 and continues the program. Further, If the check result in step 915 indicates that translation is required, the program proceeds to step 920 to translate the requested Web service into the md native service. Then, the program proceeds to Step 925 and continue the process. In summary, the systems and methods described herein provide a mobile device management feeder that is used as a part of a mobile device. However, it should be understood that the present invention includes various modifications and alternative constructions. This The invention is not limited to the specific construction as described herein. On the contrary, the present day depends on all modifications, alternative constructions, and equivalents that fall within the spirit and scope of the present invention. Please note that in various computer environments (including non-wireless and Wireless computer environment), local computer environment and real environment can implement the present invention. The various technologies described in this article can be implemented using hardware, software or a combination of software and hardware. The preferred method is' programmable in maintenance To implement various technologies in the computer environment of the computer, where the computer includes a processor, a processor-readable storage medium 96373.doc -32- 200522744 storage media (including volatile and nonvolatile memory and / or storage elements), At least one input device and at least one output device. Computer hardware logic that cooperates with various instruction sets is applied to the data to perform Z-capability as described above and generate output information. The output information is supplied to one or more output devices. Option 4, various programming languages (including high-level procedures or object-oriented programming languages) can be used to implement programs used by exemplary computer hardware to communicate with computer systems. By way of illustration, if desired, the combination T or computer term T can be used to implement the devices and methods described herein. In any case Wulu may be a compiled or interpreted language. Preferably, each computer program is stored in a general or special purpose programmable computer-readable storage medium or device (for example, ROM or magnetic disk), and is used when the computer reads the storage medium or device. Configure and operate the computer to perform the procedures described above. The device may also be constructed as a computer-readable storage medium and configured using a computer program, where the storage medium is configured to cause the computer to operate in a specific or predefined manner. Although the exemplary implementation of the present invention has been described in detail herein, those skilled in the art will readily understand that the exemplary embodiment has many additional modifications that can be implemented without substantially departing from the novel teaching content and advantages of the present invention . Accordingly, these and all such modifications are intended to be included within the scope of this invention. The following exemplary patent applications define the invention more appropriately. [Brief Description of the Drawings] The mobile device platform and method of use will now be described in detail with reference to the drawings. In the figure: FIG. 1 shows an exemplary electrical implementation of the system and method described in this document 96373.doc -33- 200522744 Block diagram; Figure 2 illustrates a block diagram of an exemplary computer network environment according to the systems and methods described herein; Figure 3 illustrates a block diagram of exemplary computer operating component interactions not based on the systems and methods described herein; Figure 4 illustrates Block diagram of an example implementation of a mobile device platform not based on the systems and methods described herein;

Figure 5 illustrates an exemplary architecture block diagram of an exemplary mobile device management server that is not based on the systems and methods described herein. Figure 6 illustrates a process performed by an exemplary mobile device management server that is not based on the systems and methods described herein. Flow chart of user and device management procedures; Figure 7 shows a flow chart of an example of a process performed by an exemplary mobile device management server in processing a web service request according to the system and method described herein. System and method, a flowchart illustrating an example of a process performed by a mobile device managing a feeder when translating a Pei service during a Web service process;

θ, "Ie not based on the methods and methods described in this article, an example of the flow chart of the process performed by the temple server when performing metering and intermittent connection processing. 0 [Description of main component symbols] Computer operating environment) Computer system ( Data Processing System System Bus 110 Central Processing Unit (CPU) 112 Interconnection 96373.doc -34- 200522744 115 Microprocessor 120 Memory Controller 125 Random Access Memory (RAM) 130 Read Only Memory (ROM) 135 Peripheral device controller 140 Printer 145 Keyboard 150 Mouse 155 Data storage 160 Communication network 163 Display controller 165 Display TF! § 170 Network card 180 Operating system 180? Computer application 200 Network connection computer environment 210 Tablet PC 215 Mobile Phone 220 Telephone 225 Personal Digital Assistant 300, 400 Mobile Device Platform 305 Communication Interface 310, 405 Mobile Device (MD) 410 MD / Computer Environment Communication Interface

96373.doc -35- 200522744 415 Computer environment 420 Mobile Device Management Server (MDMS) 425 Translation engine 430 Web service 435 Communication network 440 Third-party web service provider 445 Encryption engine A, B, C Sites 502, 520, 522, 534 Mobile Device Management Server (MDMS) 504 Operating System (OS) 506, 552, 554 Java Virtual Machine (JVM) 508 MDMS.Java Code 510 User Database 512 Key Database 514 File Storage Area 516 Storage Local area network (SAN) / network attached storage device (NAS) interface 518, 524, 532 Architectural / data storage area 519 Communication network 528, 536 MDMS environment 96373.doc -36- 200522744 538 548 550 SOAP chain Chaining module service module resident application

96373.doc -37-

Claims (1)

200522744 10. Scope of patent application: 1. A server computer environment that provides Web services, including: a hardware platform that operates to execute an operating system; a communication interface that operates to cooperate and cooperate in the server computer environment Web services and associated web service transaction data are communicated between the components; a translation module capable of translating Web services into a native format that these cooperating components can process; and a cryptographic module that operates to use these The authentication and validation information of the cooperating components to encrypt the data and computer applications to be included in one or more web services. 2. If the server computer environment of claim 1, further includes multiple resident Web services, including any of the following items: mobile device administrator, encryption administrator, file transfer administrator, web service administrator, Web service management , Side directory, Qing】 repository, broadcast case system H proxy server (SOAP proxy), translator and quality of service. 3. If the server computer environment of claim 2, further includes a plurality of resident applications, including any of the following items: a security application for identifying these cooperative components, a communication router, a storage area network (NAS) / Network Attached Storage (NAS) device application and an encryption control. 4. The server computer environment of claim 3, further including a _virtual machine 'that is operable to provide at least one instruction set for instructing the server computer environment to perform multiple operations, including any of the following: mobile device hardware simulation Device, encryption control, user authentication, service control, and temple service 96373.doc 200522744 computer environment control. 5. = The server computer environment of claim 4, further including-user data, which has information indicating the user who operates the cooperative components. 6. If so, please: The server computer environment of item 5 further includes a surplus data database, which has data used to indicate the encryption key used by the server computer environment in one or more encryption processes. 7. Taxi: The server computer environment of item 6, further includes-file storage data storage area, which operates to store files. 8. If the server computer environment of item 7 is requested, wherein the slot data storage area can operate to store and process encrypted files. 9. If the server computer environment of item 8 is requested, the storage area of the broadcast data includes any of the following items: the fate file system (fat) and the new technology file system (NTFS) file system. 1 0. If the server computer environment of item 9 is requested, further includes-editing the ship's letter interface 'which operates to connect the server environment to the cooperative data storage area. H. If the server computer environment of claim 1 (), further includes an encryption driver, which operates to process encryption instructions when processing Web services. 12. The server computer environment of the request item, further including a communication interface driver, which is operable to interface cooperative communication hardware components in order to communicate the Web service. 13. If the server computer environment of item 12 is requested, wherein the server computer environment calls-or a multi-server f brain environment submodule to process the service request 96373.doc 200522744 200522744 14. 15. 16. 17. 18. 19. Request, where these sub-modules include any of the following items: resident service 1 resident service dependable, SOAP link, coffee shop, and virtual machine. As requested! The device computer environment cooperates with at least one mobile device that provides Web service requirements. As requested! The ship computer environment further includes a management module capable of identifying the mobile device, wherein the management module includes any of the following items: a biometric security mechanism, a retinal scanning security mechanism, and security Speech recognition mechanism. A method for securely transmitting data and computer applications between cooperating computer environments, including: providing a server computer environment capable of processing Web services; and establishing a plurality of servers between the server computer environment and requesting Web services Communication between cooperating components; authenticating the cooperating components to ensure that the cooperating components have rights and permissions regarding the required web services; and communicating the web services to the certified cooperating components. The method of claim 16 further includes encrypting data and computer applications as part of the service. The method of claim 16 further includes translating the requested Web service into a native format belonging to the cooperating components of the requested Web service. If = method of claim 16, further comprising performing a measurement operation on the web service communicated to the certified cooperation component. 96373.doc 200522744 20. —A method for processing Web services, including: receiving a Web service request from a cooperative component; identifying the cooperative component to identify whether the cooperative component has a required Web service Service rights and permissions; After the cooperative component has been identified, the Web service to be transmitted to the requested component is encrypted; and the requested Web service is transmitted to the authenticated cooperation component. 2 1 The method of claim 20, further comprising translating the requested web service into a native format of a component belonging to the request. 22. The method of claim 21, further comprising performing a metering operation on the web service communicated to the authenticated cooperative component. 23. A computer-readable medium having computer-readable instructions to instruct a computer to execute a method, the method comprising: receiving a Web service request from a partner component; identifying the partner component, To identify whether the cooperating component has the rights and permissions regarding the requested web service; after the cooperating component has been identified, encrypt the web service to be communicated to the requested component; and to transmit the requested web service to Certified cooperation component. 24. A system for securely transmitting Web services, including a first component for processing Web services; a second component for storing Web services and associated Web service transaction data; a third component for Use the authentication and confirmation information provided by the cooperative components to make the Web services encrypted. 96373.doc 200522744; a fourth component for translating the Web services into a native format that the cooperative components can process; And a fifth component for communicating the Web services to these cooperative components. 0 25. 26. It is used to measure the system used to identify such as item 24, and further includes a fifth component. How these web services are used by the component. If called the system of claim 25, it further includes a sixth component and these cooperative components. 96373.doc