WO2010119428A1 - Method and system for installing and managing multiple software applications on a mobile computing device - Google Patents

Method and system for installing and managing multiple software applications on a mobile computing device Download PDF

Info

Publication number
WO2010119428A1
WO2010119428A1 PCT/IB2010/051664 IB2010051664W WO2010119428A1 WO 2010119428 A1 WO2010119428 A1 WO 2010119428A1 IB 2010051664 W IB2010051664 W IB 2010051664W WO 2010119428 A1 WO2010119428 A1 WO 2010119428A1
Authority
WO
WIPO (PCT)
Prior art keywords
software application
computing device
mobile computing
user
requested
Prior art date
Application number
PCT/IB2010/051664
Other languages
French (fr)
Inventor
Francois Malan Joubert
Original Assignee
Fireid (Proprietary) Limited
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Fireid (Proprietary) Limited filed Critical Fireid (Proprietary) Limited
Publication of WO2010119428A1 publication Critical patent/WO2010119428A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/60Software deployment
    • G06F8/61Installation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2129Authenticate client device independently of the user

Definitions

  • THIS invention relates to a system and a method of operating a system for installing and managing multiple software applications on a mobile computing device, and to another method of operating a system for installing a software application on a mobile computing device.
  • OTPs one time passwords
  • PC personal computer
  • a method of operating a system for installing and managing multiple software applications on a mobile computing device including:
  • the at least one requested software application may be a One Time Password (OTP) security application.
  • OTP One Time Password
  • the at least one requested software application may comprise an OTP algorithm for the generation of one time passwords for different authentication entities.
  • the prior software application may. also comprise an OTP algorithm, for generation of one time passwords for an authentication entity which the user previously connected to.
  • the method may include using data associated with the user and/or the mobile computing device of the user already stored at the deployment server to configure the required software application for the mobile computing device of the user.
  • Determining if the user has a prior software application installed on their mobile computing device may comprise the deployment server examining records associated therewith. Examining the records may comprise comparing MSISDNs associated with the mobile computing device of the user and MSISDNs of mobile computing devices to which prior software applications were deployed.
  • the method may comprise prompting the user for information indicative of whether the user has a prior software application installed on their mobile computing device by way of the system.
  • the method may comprise prompting the user to use at least the prior software application to obtain the requested software application.
  • the mobile computing device of the user is preferably a mobile telephone, a PDA or another mobile computing device with wireless connectivity.
  • an initial request from the user to install the requested software application may be via the prior software application installed on the mobile computing device of the user.
  • the method may include transmitting a message to the mobile terminal of the user, the message including a link to the installation page.
  • the message may be transmitted by way of the deployment server.
  • the message may be a WAP or SMS format message.
  • the method may further include encrypting the data associated with the at least one requested software application prior to transmission thereof to the mobile computing device of the user.
  • the encryption may be symmetric or asymmetric encryption.
  • the requested software application may be operated by way of a security key. It follows that the security key may be transmitted to the user.
  • accessing the data associated with the at least one requested software application in order to install the requested software application may include receiving the security key from the user.
  • the method may include the deployment server determining that the mobile computing device of the user requires a non-customised software application.
  • the method may include:
  • the method may provide for multiple software applications to be installed on the mobile computing device of the user.
  • a system for installing and managing multiple software applications on a mobile computing device comprising:
  • a receiver module arranged to receive a request from a user via an installation web page to install at least one requested software application on the mobile computing device
  • a processor arranged to determine at least whether or not the user previously installed a prior software application on the mobile computing device by way of the present system
  • a transmitter module arranged to transmit data to the mobile computing device if the user has already installed a prior software application on the mobile computing device by way of the present system, the data being associated with the at least one requested software application;
  • a software installation module arranged to use the data associated with the at least one requested software application to install the at least one requested software application on the mobile computing device of the user.
  • Figure 1 is a simplified schematic diagram of a system for installing and managing multiple security software applications on a mobile computing device of a user according to the present invention
  • Figure 2 is a schematic block diagram of a system in accordance with an example embodiment for installing and managing multiple software applications on a mobile computing device
  • Figure 3 is a flow chart illustrating major steps in the operation of a system for installing multiple one-time password security applications on a mobile computing device
  • Figure 4 is a flow chart illustrating major steps in the installation process of a non-customised or virgin software application on a mobile computing device.
  • Figure 5 is a flow chart illustrating major steps in the deployment of virgin software applications on a mobile computing device.
  • FIG. 1 shows, in a highly simplified schematic format, a system for installing and managing multiple software applications on a mobile computing device of a user.
  • the term "mobile computing device” includes, but is not limited to, mobile telephones (including cellular telephones), Personal Digital Assistants (PDAs), Smartphones, laptop or notebook computers, and other such devices.
  • devices of this kind have a user interface including a display and a keypad or keyboard, an onboard processor and software, and a communication interface which is preferably wireless.
  • the present invention is concerned with the installation of multiple and non- customised or virgin software application/s on such a mobile computing device.
  • a software application is a one-time password (OTP) security application, and the following description is based on this example.
  • OTP one-time password
  • a user 10 has a mobile computing device 12, shown as a PDA.
  • the device 12 is able to communicate via various communication channels, for example, a push SMS (Short Message Service) message, with a wireless telephone network 14 which includes an SMS gateway 16 which is operatively connected to a deployment server 25 which has a static IP address and open availability to the Internet.
  • SMS Short Message Service
  • the user 10 may wish to gain access to two separate networks 18 and 20, which networks each respectively act as authentication entities.
  • the first network 18 to which the user wishes to gain access comprises a turnkey server 22, a firewall 24 and an administrator workstation 26 (other components of the network are omitted for clarity) which workstation is operated by an administrator 28.
  • the second network 20 to which the user may wish to gain access comprises a turnkey server 30, a firewall 32 and an administrator workstation 34 (other components of the network are omitted for clarity) which workstation is operated by an administrator 36.
  • the present invention relates to embodiments where one or more prior software applications have already been deployed to the mobile computing device 12, for example by using a method and system as described in International Patent Application No. PCT/IB2008/051580, published as WO 2008/132670. This document is herein incorporated by reference. Prior deployment is essential to the present invention as it relates, in part, to the ease with which a user can add additional software applications or OTP algorithms (described below) if a software application has already been deployed to the device 12 for example, by way of the system described in PCT/IB2008/051580.
  • the deployed OTP security application allows the user 10 to access the network 18 through the mobile computing device 12 acting as an authentication token.
  • the authentication token is merely the software application deployed on the mobile computing device 12.
  • network or authentication entity 18 has installed the OTP security application on the mobile computing device 12. During this installation process, user data had been captured by the administrator 28. Also, a trust relationship was established between the network or authentication entity 18 and the mobile computing device 12 by, for example, downloading security keys to the mobile computing device 12.
  • security during the installation process may have been achieved by using e-mail messages as the mechanism for distributing invitations to the user 10 to deploy the security software application and to set the user 10 up for secure access to the network, with a separate synchronised deployment process using another computing device of the user.
  • the security key need not have been delivered to the user by e- mail, and in some embodiments of the system and method of PCTVI B2008/051580 the security key may have been communicated verbally, in writing, or in some other way.
  • the important thing is that a trust relationship already exists between the authentication entity 18 and the mobile computing device 12 (also called the authentication token).
  • any transmissions to the mobile computing device 12 during the management of the OTP security application also have to be secure. It follows that during the installation and management of multiple and/or virgin application software, transmissions made in pursuance of the same also have to be secure.
  • the mobile computing device 12 acting as the authentication token uses different OTP algorithms for the generation of one time passwords for each of the different authentication entities it supports.
  • the authentication token will use two distinct OTP algorithms to access the network 18 and the network 20 (once the network 20 has been added as an authentication entity to the authentication token).
  • OTP algorithms may be or may form part of the requested software application in accordance with the present invention. It follows that the prior software application may be or may form part of the first deployed OTP security application.
  • An OTP algorithm and authentication entity forms a unique pair on the mobile computing device 12 and this pair is identified by a unique identification (ID) number, e.g., an authentication entity ID.
  • ID unique identification
  • Each such pair has a record of data associated with it by means of this authentication entity ID.
  • the record which is stored on the mobile computing device 12, contains the data used by an OTP algorithm to generate an OTP for the specific authentication entity.
  • FIG. 2 illustrates an example system 50 which typically resides in the deployment server 25.
  • the system 50 is typically provided for installing and managing multiple software applications on the mobile computing device 12.
  • the system 50 may comprise a plurality of components or modules which correspond to the functional tasks to be performed by the system 10.
  • module in the context of the specification will be understood to include an identifiable portion of code, computational or executable instructions, data, or computational objects to achieve a particular function, operation, processing, or procedure. It follows that a module need not be implemented in software; a module may be implemented in software, hardware, or a combination of software and hardware. Further, the modules need not necessarily be consolidated into the server 25 but may be spread across a plurality of devices.
  • the system 25 comprises a receiver module 52 arranged to receive a request from a user 10 via an installation web page to install at least one requested software application on the mobile computing device 12.
  • the at least one requested software application may be another OTP algorithm for example, to access the network 20.
  • the installation web page is a web page hosted for example by the deployment server 25 as more clearly explained in PCT/IB2008/051580.
  • the system 50 also includes a processor 54 arranged to determine at least whether or not the user 10 previously installed a prior software application on the mobile computing device 12, for example by way of the method described in PCT/IB2008/051580.
  • the prior software application may for example be an OTP algorithm already deployed to the device 12 to access the network 18.
  • the prior software application is typically deployed to the mobile computing device 12 of the user 10 prior to the request for the requested software application.
  • the user 10 already has access to the network 18 and desires to also have access to the network 20 by way of the mobile computing device 12 thereby providing the device 12 with additional functionality without having the hassle of a new deployment of a software application in a similar fashion as described in PCT/IB2008/051580.
  • the processor 54 may be arranged to determine if the user 10 has a prior software application installed on their mobile computing unit 12 by examining records stored in a database 56.
  • the records in the database 56 may comprise deployment data indicative of MSISDNs associated with a plurality of respective the mobile computing units and information indicative of software applications deployed thereto. It follows that the processor 54 is arranged to compare an MSISDN of the device 12 with MSISDNs stored in the records to determine if the user 10 has a prior software application installed.
  • the database 56 is arranged to store information indicative of software applications deployed to a plurality of users.
  • information indicative of the software applications are associated with MSISDNs of devices 12 to which the software applications were deployed to respectively. It follows that the deployment data is advantageously stored in records in the database 56.
  • the system 50 further includes a transmitter module 58 arranged to transmit data to the mobile computing device if the user has already installed a prior software application on the mobile computing device by way of the present system, the data being associated with the at least one requested software application.
  • the transmitter module 58 is arranged to encrypt the data prior to transmission for security purposes.
  • the data associated with the requested software application allows a software installation module 60 to use the same data to install the at least one requested software application on the mobile computing device 12 of the user 10. It follows that the data associated with the at least one requested software application advantageously permits the requested software application to be more easily installed onto the mobile computing device 12. Advantageously, only the data is necessary to add the requested software application to the mobile computing device 12.
  • the user 10 since the data is in an encrypted form, the user 10 has to enter a secret key on his/her mobile computing device 12 to decrypt the data and thereby to install or activate the requested software application on the mobile computing device 12.
  • the system 50 prompts the user 10 for information indicative of whether the user has a prior software application installed on their mobile computing device by way of the system.
  • the user 10 If the user 10 indicates that a prior software application is installed on their device 12, the user 10 is prompted to use at least the prior software application to obtain the requested software application. This may include providing the user 10 with a clickable multiple or multi-token installation option.
  • an initial request from the user to install the requested software application may be via the prior software application installed on the mobile computing device 12 of the user 10.
  • the prior software application may have a menu option (under a Settings menu) which causes the application to request new tokens from the deployment server 25. It will be understood that if the user 10 indicated that they do not have a prior software application on their mobile computing device 12, the requested software application is deployed in accordance with the method described in PCT/IB2008/051580.
  • the system either informs the user 10 of this factor over-writes the application.
  • the user 10 is advantageously prompted as to which network (e.g., 18 or 20) he/she desires to authenticate to. It follows that the necessary authentication is proceeded with based on the selection by the user 10.
  • network e.g., 18 or 20
  • each software application is given a unique URL from where it may request new applications.
  • This URL is specified to the application when the application is downloaded.
  • the URL is specified in the JAD file.
  • the software application When the software application is deployed to the user (under the present invention or the invention described in PCT/IB2008/051580), it is configured with user-specific data, typically in the form of a token and a unique URL/identifier where additional tokens may be downloaded, as hereinbefore described.
  • user-specific data typically in the form of a token and a unique URL/identifier where additional tokens may be downloaded, as hereinbefore described.
  • certain platforms for example BlackberryTM or iPhoneTM, do not support this functionality.
  • the software application must, upon activation or start-up, identify itself and be issued with an identity.
  • system 50 is further arranged to transmit a message including a link to an installation web page to the user 10 via the mobile computing device 12.
  • the message is typically an SMS message which includes a clickable link which the user 10 would follow.
  • the system 50 in particular the processor 54, is arranged to detect that the mobile computing device 12 requires a non-customised or virgin software application.
  • the system 50 transmits an activation code to the user 10.
  • the turnkey servers 30 or 22 or the administrators 28 or 36 transmit the activation code to the user 10.
  • the user 10 is then directed by the system 50 to install the software application on their mobile computing device 12.
  • the software application On activation, start-up, or operation of the software application, the software application requests an MSISDN associated with the mobile computing device 12 of the user 10 and the transmitted activation code. It will be appreciated that this may be done via the software application.
  • the software application is then arranged to request an identifier for the software application from the system 50 by presenting the system 50 with the MSISDN associated with the mobile computing device 12 of the user 10 and the transmitted activation code.
  • the software application requests a token from the system 50.
  • the present invention provides for a system and method whereby multiple software applications can be added to a mobile computing device of a user without the inconvenience of deploying a prior software application.
  • the present invention makes it easier for a user to obtain authentication to a plurality of networks after going through a relatively lengthy deployment process for the first software application downloaded to his/her mobile computing device 12. Once a software application is on the mobile computing device, it follows that multiple software applications can be added with minimal effort.
  • the invention as hereinbefore described provides a way to allow platforms, which do not support the deployment functionality in accordance with the invention, to be able to receive and operate non-customised or virgin software applications.

Abstract

A method and system for installing and managing multiple software applications on a mobile computing device are disclosed. The method includes receiving, at a deployment server supporting an installation web page, a request from a user via the web page to install a requested software application on the mobile computing device. It is determined, at the deployment server, whether or not the user previously installed a prior software application on the mobile computing device by way of the system. If the user has already installed a prior software application on the mobile computing device by way of the present system, data associated with the requested software application is transmitted to the mobile computing device, which enables installation of the requested software application on the device. Typically, the software application is a One Time Password (OTP) security application.

Description

METHOD AND SYSTEM FOR INSTALLING AND MANAGING
SOFTWARE APPLICATIONS AND MULTIPLE SOFTWARE
APPLICATIONS ON A MOBILE COMPUTING DEVICE
BACKGROUND OF THE INVENTION
THIS invention relates to a system and a method of operating a system for installing and managing multiple software applications on a mobile computing device, and to another method of operating a system for installing a software application on a mobile computing device.
The use of one time passwords (OTPs) to enhance security in accessing a company network, for example, is well established. The most common way of implementing a system using OTPs is to provide a hardware token to each user, which the user must plug into a terminal such as a personal computer (PC) which is used to access the network. The token contains hardware and software and generates a unique password each time the user accesses the network. The cost and logistics involved in providing each user of such a network with a hardware token are substantial.
In order to obviate some of the disadvantages of the abovementioned tokens, systems and methods have been developed to deploy a one-time password security application on a mobile computing device. This OTP application enables the mobile computing device to be used as an authentication token, equivalent to a dedicated authentication token as currently used in other systems to gain access to secure networks. It is an object of the invention to provide an alternative method and system which can be used, amongst other things, for implementing and managing multiple one time password applications on a mobile computing device.
SUMMARY OF THE INVENTION
According to a first aspect of the invention there is provided a method of operating a system for installing and managing multiple software applications on a mobile computing device, the method including:
receiving, at a deployment server supporting an installation web page, a request from a user via the installation web page to install at least one requested software application on the mobile computing device;
determining, at the deployment server, whether or not the user previously installed a prior software application on the mobile computing device by way of the present system;
if the user has already installed a prior software application on the mobile computing device by way of the present system, transmitting data to the mobile computing device, the data being associated with the at least one requested software application; and
using the transmitted data associated with the at least one requested software application to install the at least one requested software application on the mobile computing device of the user.
The at least one requested software application may be a One Time Password (OTP) security application.
In one example embodiment, the at least one requested software application may comprise an OTP algorithm for the generation of one time passwords for different authentication entities. The prior software application may. also comprise an OTP algorithm, for generation of one time passwords for an authentication entity which the user previously connected to.
In one example embodiment, the method may include using data associated with the user and/or the mobile computing device of the user already stored at the deployment server to configure the required software application for the mobile computing device of the user.
Determining if the user has a prior software application installed on their mobile computing device may comprise the deployment server examining records associated therewith. Examining the records may comprise comparing MSISDNs associated with the mobile computing device of the user and MSISDNs of mobile computing devices to which prior software applications were deployed.
In one example embodiment, the method may comprise prompting the user for information indicative of whether the user has a prior software application installed on their mobile computing device by way of the system.
If the user indicates that they have a prior software application installed on their mobile computing device, the method may comprise prompting the user to use at least the prior software application to obtain the requested software application.
The mobile computing device of the user is preferably a mobile telephone, a PDA or another mobile computing device with wireless connectivity.
In an example embodiment, an initial request from the user to install the requested software application may be via the prior software application installed on the mobile computing device of the user. -A-
The method may include transmitting a message to the mobile terminal of the user, the message including a link to the installation page. The message may be transmitted by way of the deployment server. The message may be a WAP or SMS format message.
Preferably, the method may further include encrypting the data associated with the at least one requested software application prior to transmission thereof to the mobile computing device of the user.
The encryption may be symmetric or asymmetric encryption.
Once installed, the requested software application may be operated by way of a security key. It follows that the security key may be transmitted to the user.
In an example embodiment, accessing the data associated with the at least one requested software application in order to install the requested software application may include receiving the security key from the user.
The method may include the deployment server determining that the mobile computing device of the user requires a non-customised software application.
In this regard, the method may include:
transmitting an activation code to the mobile computing device of the user, if the mobile computing device requires a non-customised software application;
directing the user to install the software application on their mobile computing device;
upon operation of the installed software application, requesting from the user, via the installed software application, an MSISDN associated with the mobile computing device of the user and the transmitted activation code;
using the MSISDN associated with the mobile computing device of the user and the transmitted activation code to obtain an identifier from the deployment server to identify the software application; and
using the identifier to request further software applications from the deployment server.
The method may provide for multiple software applications to be installed on the mobile computing device of the user.
According to a second aspect of the invention there is provided a system for installing and managing multiple software applications on a mobile computing device, the system comprising:
a receiver module arranged to receive a request from a user via an installation web page to install at least one requested software application on the mobile computing device;
a processor arranged to determine at least whether or not the user previously installed a prior software application on the mobile computing device by way of the present system;
a transmitter module arranged to transmit data to the mobile computing device if the user has already installed a prior software application on the mobile computing device by way of the present system, the data being associated with the at least one requested software application; and
a software installation module arranged to use the data associated with the at least one requested software application to install the at least one requested software application on the mobile computing device of the user.
According to a third aspect of the invention there is provided another method of operating a system for installing a software application on a mobile computing device, the method comprising:
transmitting a message including a link to an installation web page to a user of the mobile computing device;
detecting, at a deployment server supporting the installation web page, that the mobile computing device requires a non-customised software application;
if the mobile computing device requires a non-customised software application, transmitting an activation code to the mobile computing device of the user;
directing the user to install the software application on their mobile computing device;
upon operation of the installed software application, requesting from the user, via the installed software application, an MSISDN associated with the mobile computing device of the user and the transmitted activation code;
using the MSISDN associated with the mobile computing device of the user and the transmitted activation code, at the deployment server, to obtain an identifier to identify the software application; and
once identified, using the software application to request further software applications from the deployment server. BRIEF DESCRIPTION OF THE DRAWINGS
Figure 1 is a simplified schematic diagram of a system for installing and managing multiple security software applications on a mobile computing device of a user according to the present invention;
Figure 2 is a schematic block diagram of a system in accordance with an example embodiment for installing and managing multiple software applications on a mobile computing device;
Figure 3 is a flow chart illustrating major steps in the operation of a system for installing multiple one-time password security applications on a mobile computing device;
Figure 4 is a flow chart illustrating major steps in the installation process of a non-customised or virgin software application on a mobile computing device; and
Figure 5 , is a flow chart illustrating major steps in the deployment of virgin software applications on a mobile computing device.
DESCRIPTION OF EMBODIMENTS
In the following description, for purposes of explanation, numerous specific details are set forth in order to provide a thorough understanding of an embodiment of the present disclosure. It will be evident, however, to one skilled in the art that the present disclosure may be practiced without these specific details.
Figure 1 shows, in a highly simplified schematic format, a system for installing and managing multiple software applications on a mobile computing device of a user. For purposes of this application, the term "mobile computing device" includes, but is not limited to, mobile telephones (including cellular telephones), Personal Digital Assistants (PDAs), Smartphones, laptop or notebook computers, and other such devices. In general, devices of this kind have a user interface including a display and a keypad or keyboard, an onboard processor and software, and a communication interface which is preferably wireless.
The present invention is concerned with the installation of multiple and non- customised or virgin software application/s on such a mobile computing device. One example of such a software application is a one-time password (OTP) security application, and the following description is based on this example.
In Figure 1 , a user 10 has a mobile computing device 12, shown as a PDA. The device 12 is able to communicate via various communication channels, for example, a push SMS (Short Message Service) message, with a wireless telephone network 14 which includes an SMS gateway 16 which is operatively connected to a deployment server 25 which has a static IP address and open availability to the Internet.
In this example embodiment, it is shown that the user 10 may wish to gain access to two separate networks 18 and 20, which networks each respectively act as authentication entities. The first network 18 to which the user wishes to gain access comprises a turnkey server 22, a firewall 24 and an administrator workstation 26 (other components of the network are omitted for clarity) which workstation is operated by an administrator 28. Similarly, the second network 20 to which the user may wish to gain access comprises a turnkey server 30, a firewall 32 and an administrator workstation 34 (other components of the network are omitted for clarity) which workstation is operated by an administrator 36.
In the described embodiment of the invention, it is desired to install and manage multiple software applications and non-customised or virgin software applications on the mobile computing device 12 of the user 10. It will be understood that the present invention relates to embodiments where one or more prior software applications have already been deployed to the mobile computing device 12, for example by using a method and system as described in International Patent Application No. PCT/IB2008/051580, published as WO 2008/132670. This document is herein incorporated by reference. Prior deployment is essential to the present invention as it relates, in part, to the ease with which a user can add additional software applications or OTP algorithms (described below) if a software application has already been deployed to the device 12 for example, by way of the system described in PCT/IB2008/051580.
The deployed OTP security application allows the user 10 to access the network 18 through the mobile computing device 12 acting as an authentication token.
It will be noted that the software applications on the mobile computing device 12 may be advantageously managed by the method and system as described in International Patent Application No. PCT/IB2008/55189. This document is also herein incorporated by reference.
The authentication token is merely the software application deployed on the mobile computing device 12.
In the example embodiment shown in Figure 1, network or authentication entity 18 has installed the OTP security application on the mobile computing device 12. During this installation process, user data had been captured by the administrator 28. Also, a trust relationship was established between the network or authentication entity 18 and the mobile computing device 12 by, for example, downloading security keys to the mobile computing device 12.
In accordance with the method and system of PCT/IB2008/051580, security during the installation process may have been achieved by using e-mail messages as the mechanism for distributing invitations to the user 10 to deploy the security software application and to set the user 10 up for secure access to the network, with a separate synchronised deployment process using another computing device of the user. During the installation process, the security key need not have been delivered to the user by e- mail, and in some embodiments of the system and method of PCTVI B2008/051580 the security key may have been communicated verbally, in writing, or in some other way. The important thing is that a trust relationship already exists between the authentication entity 18 and the mobile computing device 12 (also called the authentication token).
It will be appreciated that, in the example embodiment, and particular as care would have been taken during the installation process of the security software, any transmissions to the mobile computing device 12 during the management of the OTP security application also have to be secure. It follows that during the installation and management of multiple and/or virgin application software, transmissions made in pursuance of the same also have to be secure.
In one example embodiment, the mobile computing device 12 acting as the authentication token uses different OTP algorithms for the generation of one time passwords for each of the different authentication entities it supports. For example, the authentication token will use two distinct OTP algorithms to access the network 18 and the network 20 (once the network 20 has been added as an authentication entity to the authentication token).
It will be appreciated that the OTP algorithms may be or may form part of the requested software application in accordance with the present invention. It follows that the prior software application may be or may form part of the first deployed OTP security application.
An OTP algorithm and authentication entity forms a unique pair on the mobile computing device 12 and this pair is identified by a unique identification (ID) number, e.g., an authentication entity ID. Each such pair has a record of data associated with it by means of this authentication entity ID. The record, which is stored on the mobile computing device 12, contains the data used by an OTP algorithm to generate an OTP for the specific authentication entity.
In any event, we now turn to Figure 2 which illustrates an example system 50 which typically resides in the deployment server 25.
The system 50 is typically provided for installing and managing multiple software applications on the mobile computing device 12. The system 50 may comprise a plurality of components or modules which correspond to the functional tasks to be performed by the system 10. In this regard, "module" in the context of the specification will be understood to include an identifiable portion of code, computational or executable instructions, data, or computational objects to achieve a particular function, operation, processing, or procedure. It follows that a module need not be implemented in software; a module may be implemented in software, hardware, or a combination of software and hardware. Further, the modules need not necessarily be consolidated into the server 25 but may be spread across a plurality of devices.
In particular, the system 25 comprises a receiver module 52 arranged to receive a request from a user 10 via an installation web page to install at least one requested software application on the mobile computing device 12. As previously mentioned, the at least one requested software application may be another OTP algorithm for example, to access the network 20.
The installation web page is a web page hosted for example by the deployment server 25 as more clearly explained in PCT/IB2008/051580.
The system 50 also includes a processor 54 arranged to determine at least whether or not the user 10 previously installed a prior software application on the mobile computing device 12, for example by way of the method described in PCT/IB2008/051580. The prior software application may for example be an OTP algorithm already deployed to the device 12 to access the network 18. The prior software application is typically deployed to the mobile computing device 12 of the user 10 prior to the request for the requested software application.
In this particular example embodiment, the user 10 already has access to the network 18 and desires to also have access to the network 20 by way of the mobile computing device 12 thereby providing the device 12 with additional functionality without having the hassle of a new deployment of a software application in a similar fashion as described in PCT/IB2008/051580.
The processor 54 may be arranged to determine if the user 10 has a prior software application installed on their mobile computing unit 12 by examining records stored in a database 56. The records in the database 56 may comprise deployment data indicative of MSISDNs associated with a plurality of respective the mobile computing units and information indicative of software applications deployed thereto. It follows that the processor 54 is arranged to compare an MSISDN of the device 12 with MSISDNs stored in the records to determine if the user 10 has a prior software application installed.
It will be appreciated that the database 56 is arranged to store information indicative of software applications deployed to a plurality of users. In the database 56, information indicative of the software applications are associated with MSISDNs of devices 12 to which the software applications were deployed to respectively. It follows that the deployment data is advantageously stored in records in the database 56.
The system 50 further includes a transmitter module 58 arranged to transmit data to the mobile computing device if the user has already installed a prior software application on the mobile computing device by way of the present system, the data being associated with the at least one requested software application. The transmitter module 58 is arranged to encrypt the data prior to transmission for security purposes.
The data associated with the requested software application allows a software installation module 60 to use the same data to install the at least one requested software application on the mobile computing device 12 of the user 10. It follows that the data associated with the at least one requested software application advantageously permits the requested software application to be more easily installed onto the mobile computing device 12. Advantageously, only the data is necessary to add the requested software application to the mobile computing device 12.
It will be understood that since the data is in an encrypted form, the user 10 has to enter a secret key on his/her mobile computing device 12 to decrypt the data and thereby to install or activate the requested software application on the mobile computing device 12.
In other example embodiments, the system 50 prompts the user 10 for information indicative of whether the user has a prior software application installed on their mobile computing device by way of the system.
If the user 10 indicates that a prior software application is installed on their device 12, the user 10 is prompted to use at least the prior software application to obtain the requested software application. This may include providing the user 10 with a clickable multiple or multi-token installation option.
In an example embodiment, an initial request from the user to install the requested software application may be via the prior software application installed on the mobile computing device 12 of the user 10. In this regard, the prior software application may have a menu option (under a Settings menu) which causes the application to request new tokens from the deployment server 25. It will be understood that if the user 10 indicated that they do not have a prior software application on their mobile computing device 12, the requested software application is deployed in accordance with the method described in PCT/IB2008/051580.
If the requested software token is already on the mobile computing device 12, the system either informs the user 10 of this factor over-writes the application.
Once there are multiple applications on the mobile computing device 12, the user 10 is advantageously prompted as to which network (e.g., 18 or 20) he/she desires to authenticate to. It follows that the necessary authentication is proceeded with based on the selection by the user 10.
It will be noted that each software application is given a unique URL from where it may request new applications. This URL is specified to the application when the application is downloaded. For example, in the case of J2ME tokens, the URL is specified in the JAD file.
When the software application is deployed to the user (under the present invention or the invention described in PCT/IB2008/051580), it is configured with user-specific data, typically in the form of a token and a unique URL/identifier where additional tokens may be downloaded, as hereinbefore described. However, certain platforms, for example Blackberry™ or iPhone™, do not support this functionality. Thus the software application must, upon activation or start-up, identify itself and be issued with an identity.
It follows that the system 50 is further arranged to transmit a message including a link to an installation web page to the user 10 via the mobile computing device 12. The message is typically an SMS message which includes a clickable link which the user 10 would follow. The system 50, in particular the processor 54, is arranged to detect that the mobile computing device 12 requires a non-customised or virgin software application.
If the mobile computing device requires a non-customised software application the system 50 transmits an activation code to the user 10. In other example embodiments the turnkey servers 30 or 22 or the administrators 28 or 36 transmit the activation code to the user 10.
The user 10 is then directed by the system 50 to install the software application on their mobile computing device 12.
On activation, start-up, or operation of the software application, the software application requests an MSISDN associated with the mobile computing device 12 of the user 10 and the transmitted activation code. It will be appreciated that this may be done via the software application.
It follows that the software application is then arranged to request an identifier for the software application from the system 50 by presenting the system 50 with the MSISDN associated with the mobile computing device 12 of the user 10 and the transmitted activation code.
Once identified i.e. the software application has an identifier, the software application requests a token from the system 50.
The overall flows of the above described methods in accordance with the above described systems are shown in the flowchart-type diagrams of Figures 3 to 5.
The present invention provides for a system and method whereby multiple software applications can be added to a mobile computing device of a user without the inconvenience of deploying a prior software application. The present invention makes it easier for a user to obtain authentication to a plurality of networks after going through a relatively lengthy deployment process for the first software application downloaded to his/her mobile computing device 12. Once a software application is on the mobile computing device, it follows that multiple software applications can be added with minimal effort. Also, the invention as hereinbefore described provides a way to allow platforms, which do not support the deployment functionality in accordance with the invention, to be able to receive and operate non-customised or virgin software applications.

Claims

1. A method of operating a system for installing and managing multiple software applications on a mobile computing device, the method including:
a. receiving, at a deployment server supporting an installation web page, a request from a user via the installation web page to install at least one requested software application on the mobile computing device;
b. determining, at the deployment server, whether or not the user previously installed a prior software application on the mobile computing device by way of the present system;
c. if the user has already installed a prior software application on the mobile computing device by way of the present system, transmitting data to the mobile computing device, the data being associated with the at least one requested software application; and
d. using the transmitted data associated with the at least one requested software application to install the at least one requested software application on the mobile computing device of the user.
2. A method according to claim 1 wherein said at least one software application is a One Time Password (OTP) security application.
3. A method according to claim 2 wherein said at least one requested software application comprises an OTP algorithm for the generation of one time passwords for different authentication entities.
4. A method according to any one of claims 1 to 3 wherein the prior software application comprises an OTP algorithm for generation of one time passwords for an authentication entity which the user previously connected to.
5. A method according to any one of claims 1 to 4 including using data associated with the user and/or the mobile computing device of the user already stored at the deployment server to configure the required software application for the mobile computing device of the user.
6. A method according to any one of claims 1 to 5 wherein the step of determining whether the user has a prior software application installed on their mobile computing device comprises the deployment server examining records associated therewith.
7. A method according to claim 6 wherein examining the records comprises comparing MSISDNs associated with the mobile computing device of the user and MSISDNs of mobile computing devices to which prior software applications were deployed.
8. A method according to any one of claims 1 to 7 wherein the method includes prompting the user for information indicative of whether the user has a prior software application installed on their mobile computing device by way of the system.
9. A method according to claim 8 wherein, if the user indicates that they have a prior software application installed on their mobile computing device, the method includes prompting the user to use at least the prior software application to obtain the requested software application.
10. A method according to any one of claims 1 to 7 wherein an initial request from the user to install the requested software application is made via a prior software application installed on the mobile computing device of the user.
11. A method according to any one of claims 1 to 10 wherein the mobile computing device of the user is a mobile telephone, a PDA or another mobile computing device with wireless connectivity.
12. A method according to any one of claims 1 to 11 including transmitting a message to the mobile terminal of the user, the message including a link to the installation page.
13. A method according to claim 12 wherein said message is transmitted by way of the deployment server.
14. A method according to claim 12 or claim 13 wherein the message is a WAP or SMS format message.
15. A method according to any one of claims 1 to 11 including encrypting the data associated with the at least one requested software application prior to transmission thereof to the mobile computing device of the user.
16. A method according to any one of claims 1 to 15 wherein, once installed, the requested software application is operated by way of a security key transmitted to the user.
17. A method according to any one of claims 1 to 16 wherein using the data associated with the at least one requested software application in order to install the requested software application includes receiving the security key from the user to access the data .
18. A method according to any one of claims 1 to 17 wherein the deployment server determines that the mobile computing device of the user requires a non-customised software application.
19. A method according to claim 18 wherein the method includes:
a. transmitting an activation code to the mobile computing device of the user, if the mobile computing device requires a non-customised software application;
b. directing the user to install the software application on their mobile computing device;
c. upon operation of the installed software application, requesting from the user, via the installed software application, an MSISDN associated with the mobile computing device of the user and the transmitted activation code;
d. using the MSISDN associated with the mobile computing device of the user and the transmitted activation code to obtain an identifier from the deployment server to identify the software application; and
e. using the identifier to request further software applications from the deployment server.
20. A system for installing and managing multiple software applications on a mobile computing device, the system comprising:
a. a receiver module arranged to receive a request from a user via an installation web page to install at least one requested software application on the mobile computing device; b. a processor arranged to determine at least whether or not the user previously installed a prior software application on the mobile computing device by way of the present system;
c. a transmitter module arranged to transmit data to the mobile computing device if the user has already installed a prior software application on the mobile computing device by way of the present system, the data being associated with the at least one requested software application; and
d. a software installation module arranged to use the data associated with the at least one requested software application to install the at least one requested software application on the mobile computing device of the user.
21. A method of operating a system for installing a software application on a mobile computing device, the method comprising:
a. transmitting a message including a link to an installation web page to a user of the mobile computing device;
b. detecting, at a deployment server supporting the installation web page, that the mobile computing device requires a non- customised software application;
c. if the mobile computing device requires a non-customised software application, transmitting an activation code to the mobile computing device of the user;
d. directing the user to install the software application on the mobile computing device of the user;
e. upon operation of the installed software application, requesting from the user, via the installed software application, an MSISDN associated with the mobile computing device of the user and the transmitted activation code;
f. using the MSISDN associated with the mobile computing device of the user and the transmitted activation code, at the deployment server, to obtain an identifier to identify the software application; and
g. once identified, using the software application to request further software applications from the deployment server.
PCT/IB2010/051664 2009-04-16 2010-04-16 Method and system for installing and managing multiple software applications on a mobile computing device WO2010119428A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US16991009P 2009-04-16 2009-04-16
US61/169,910 2009-04-16

Publications (1)

Publication Number Publication Date
WO2010119428A1 true WO2010119428A1 (en) 2010-10-21

Family

ID=42261980

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2010/051664 WO2010119428A1 (en) 2009-04-16 2010-04-16 Method and system for installing and managing multiple software applications on a mobile computing device

Country Status (1)

Country Link
WO (1) WO2010119428A1 (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2011114308A1 (en) * 2010-03-18 2011-09-22 Arbalest (Pty) Limited Method of and system for installing client protection software on a mobile device
WO2013009683A1 (en) 2011-07-09 2013-01-17 Openpeak Inc. Portable computing device and method of operation of same
JP2013057988A (en) * 2011-09-07 2013-03-28 Sony Corp Information processor, information processing method, and program
US10177992B2 (en) 2011-10-27 2019-01-08 Hewlett-Packard Development Company, L.P. Application store interface for remote management of client devices

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5896566A (en) * 1995-07-28 1999-04-20 Motorola, Inc. Method for indicating availability of updated software to portable wireless communication units
US5974454A (en) * 1997-11-14 1999-10-26 Microsoft Corporation Method and system for installing and updating program module components

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5896566A (en) * 1995-07-28 1999-04-20 Motorola, Inc. Method for indicating availability of updated software to portable wireless communication units
US5974454A (en) * 1997-11-14 1999-10-26 Microsoft Corporation Method and system for installing and updating program module components

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2011114308A1 (en) * 2010-03-18 2011-09-22 Arbalest (Pty) Limited Method of and system for installing client protection software on a mobile device
WO2013009683A1 (en) 2011-07-09 2013-01-17 Openpeak Inc. Portable computing device and method of operation of same
EP2730054A1 (en) * 2011-07-09 2014-05-14 Openpeak Inc. Portable computing device and method of operation of same
EP2730054A4 (en) * 2011-07-09 2014-12-24 Openpeak Inc Portable computing device and method of operation of same
JP2013057988A (en) * 2011-09-07 2013-03-28 Sony Corp Information processor, information processing method, and program
US10177992B2 (en) 2011-10-27 2019-01-08 Hewlett-Packard Development Company, L.P. Application store interface for remote management of client devices

Similar Documents

Publication Publication Date Title
US9917698B2 (en) Management of certificates for mobile devices
JP5813790B2 (en) Method and system for providing distributed wireless network services
US9542540B2 (en) System and method for managing application program access to a protected resource residing on a mobile device
EP2657871B1 (en) Secure configuration of mobile application
US9275218B1 (en) Methods and apparatus for verification of a user at a first device based on input received from a second device
EP1585285B1 (en) Multiple Authentication Channels, Each Using Multiple Authentication Modes
EP3017582B1 (en) Method to enroll a certificate to a device using scep and respective management application
EP3283964B1 (en) Method of operating a computing device, computing device and computer program
US20090097459A1 (en) Method for wan access to home network using one time-password
EP2879421B1 (en) Terminal identity verification and service authentication method, system, and terminal
EP3299990A1 (en) Electronic device server and method for communicating with server
US11812263B2 (en) Methods and apparatus for securely storing, using and/or updating credentials using a network device at a customer premises
US9331995B2 (en) Secure configuration of mobile application
EP2951950B1 (en) Methods for activation of an application on a user device
US20230112606A1 (en) Device enrollment in a unified endpoint management system over a closed network
WO2010119427A2 (en) Method and system for deployment of software applications to mobile computing devices
WO2010119428A1 (en) Method and system for installing and managing multiple software applications on a mobile computing device
KR102171377B1 (en) Method of login control
EP3085007B1 (en) Push-based trust model for public cloud applications
EP2063358A2 (en) Telecommunications device security
TW201203115A (en) Method and system for deployment of software applications to mobile computing devices
EP4109945A1 (en) Token, particularly otp, based authentication system and method
Trammel et al. Device token protocol for persistent authentication shared across applications
TW201203112A (en) Method and system for installing and managing software applications and multiple software applications on a mobile computing device

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 10717799

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 10717799

Country of ref document: EP

Kind code of ref document: A1