Abstract: A system for broadcasting multiple public identities corresponding to the same apparatus. For example, each public identity may correspond to different operational environments, while none of the public identities disclose a private identity that uniquely and permanently identifies the apparatus. This allows apparatuses to keep their unique identity a secret while still being able to communicate with other apparatuses in various environments.

Abstract: Apparatus, methods, computer readable media and processors may provide a secure architecture within which a client application on a wireless device may, in some aspects, exchange information securely with resident device resources, and in other aspects, with a remote server over a wireless network.

Abstract: A method which improves the security of the authentication between two entities in a telecommunication network, and particularly between a mobile terminal and the fixed network, notably visitor location and nominal recorders and an authentication center, in a cellular radiotelephony network. Prior to a first authentication of the terminal, and more precisely of the SIM card therein, by the fixed network, a second authentication is based on an algorithm in which there are entered a random number produced and transmitted by the fixed network and a key different from the key for the first authentication. A transmitted signature and a signature result are produced by the fixed network and the terminal, and compared in the terminal in order to enable the first authentication in the event of equality.

Abstract: Arranging data ciphering in a telecommunication system comprising at least one wireless terminal, a wireless local area network and a public land mobile network. At least one first ciphering key according to the mobile network is calculated in the mobile network and in the terminal for a terminal identifier using a specific secret key for the identifier. Data transmission between the mobile network and the terminal is carried out through the wireless local area network. A second ciphering key is calculated in the terminal and in the mobile network using said at least one first ciphering key. The second ciphering key is sent from the mobile network to the wireless local area network. The data between the terminal and the network is ciphered using said second ciphering key.

Abstract: An electronic circuit includes a more-secure processor having hardware based security for storing data. A less-secure processor eventually utilizes the data. By a data transfer request-response arrangement between the more-secure processor and the less-secure processor, the more-secure processor confers greater security of the data on the less-secure processor. A manufacturing process makes a handheld device having a storage space, a less-secure processor for executing modem software and a more-secure processor having a protected application and a secure storage. A manufacturing process involves generating a per-device private key and public key pair, storing the private key in a secure storage where it can be accessed by the protected application, combining the public key with the modem software to produce a combined software, signing the combined software; and storing the signed combined software into the storage space.

Abstract: A mobile phone includes a fingerprint input unit, a storage unit, a switch unit, and a control unit. The fingerprint input unit is used to read and record fingerprint information of a user, and output the fingerprint information. The storage unit stores a fingerprint mode. The switch unit is connected to a power on/off terminal of the mobile phone. The control unit is used to receive the fingerprint information and compare the received fingerprint information with the stored fingerprint mode. If the received fingerprint information is not consistent with the stored fingerprint mode and the mobile phone is at a power-off state, the control unit outputs a first control signal to control switch unit to keep the mobile phone being at the power-off state.

Abstract: A method of enabling a mobile station to perform initialization to a base station in a wireless communication system is provided. The method includes synchronizing with the base station, obtaining an uplink parameter based on the synchronization, performing initial ranging by using the uplink parameter and establishing security association between the mobile station and the base station while performing the initial ranging. During the initial ranging, a mobile station's unique identifier or control signaling can securely be transmitted.

Abstract: A system and method for controlling access to a computer provides for loose security within a local network while retaining strong security against external access to the network. In one embodiment, a user has access to trusted nodes in a secured group within an unmanaged network, without being required to choose, enter and remember a login password. To establish such a secure blank password or one-click logon account for the user on a computer, a strong random password is generated and stored, and the account is designated as a blank password account. If the device is part of a secured network group, the strong random password is replicated to the other trusted nodes. When a user with a blank password account wishes to log in to a computer, the stored strong random password is retrieved and the user is authenticated.

Abstract: A mobile telecommunications network and method of operation that includes establishing a first user plane connection between a telecommunications device registered with the network and a network gateway device of the network via a first access point; providing the telecommunications device with a token using the first user plane connection; establishing a second user plane connection between the telecommunications device and the network gateway device via a second access point bv using the token information to validate the telecommunications device; and, subsequent to establishment of and corresponding to the second user plane connection, establishing a control plane connection between the telecommunications device and the network gateway device via the second access point.

Abstract: A method of validating a digital certificate comprises retrieving from a first data store a digital certificate, retrieving from a second data store a plurality of certificate revocation lists (CRLs), and selecting one of the plurality of CRLs to validate the digital certificate as of a date which is before the current date.

Abstract: A system and method for the secure storage of data in a network. Data stored on a primary server connected to the network is initially encrypted. The IP address of the primary server is sent to a second server, via the network, and a communication is received from the second server indicating pending instructions. If the instructions indicate that theft of the primary server has occurred, then the data stored on the primary server is re-encrypted and the IP address of the primary server is sent to the second server. If attempted unauthorized access of the primary server is determined, and a predetermined number of consecutive unauthorized attempts to access the primary server are made, then the data stored on the primary server is erased.

Abstract: Methods and devices for allowing a wireless communication device (1301) initially unauthorized for communication with a network to obtain persistent soft network subscription credential information (1303) from a wireless communication device (1401) initially authorized for communication with the network are disclosed. In performing the persistent transfer of the soft network subscription credential information (1303), one of a token management module (1312), a session initiation protocol communication module (1408), or a electronic rights manager (1406) may be used to ensure that only one communication device is capable of communicating with a network at any one time.

Abstract: A system and method for providing roaming access on a network are disclosed. The network includes a plurality of wireless and/or wired access points. A user may access the network by using client software on a client computer (e.g., a portable computing device) to initiate an access procedure. In response, a network management device operated by a network provider may return an activation response message to the client. The client may send the user's username and password to the network provider. The network provider may rely on a roaming partner, another network provider with whom the user subscribes for internet access, for authentication of the user. Industry-standard methods such as RADIUS, CHAP, or EAP may be used for authentication. The providers may exchange pricing and service information and account information for the authentication session. A customer may select a pricing and service option from a list of available options.

Abstract: Disclosed are a cellular phone terminal having built-in wireless LAN, a cellular phone system and a privacy protection method therefore that enable to prevent leakage of private information (or privacy) of the user of the cellular phone terminal from the communication data when conducting a search for wireless LAN base stations. The cellular phone terminal 10 comprises, in addition to the cellular phone function section 11, a cellular phone network transmitter/receiver section 14, a wireless LAN transmitter/receiver section 13 and a wireless LAN connection control section 12, an SSID•MAC address management section 15 connected to the wireless LAN connection control section 12 and the cellular phone network transmitter receiver section 14.

Abstract: A method is provided for connecting a wireless local network (WLAN) to a UMTS terminal station (ME) having USIM/USAT functionality, including the following method steps: monitoring the activity of the local network via the terminal station; transmitting the type and/or identity number of the local network to the terminal station once the activity of the local network has been successfully detected; initiating a logical link between the local network and the terminal station, and; querying the specific subscriber data of the local network. In an embodiment of the present invention, the temporary status of the local network and/or specific subscriber data of the local network are/is queried at periodic intervals.

Abstract: A module dual mode device architecture and method of use is disclosed. The system architecture provides a distributed design of an IEEE 802.11i compliant supplicant module that provides security to data/voice packets sent over the wireless local area network (“WLAN”) radio interface from a dual mode device to an access point. The dual mode device establishes a connection with the access point and if the access point is security enabled, one or more session keys are generated. The session keys are used to provide security for communications over the radio interface between the dual mode device and the access point.

Abstract: Methods and apparatus for secure over-the-air (OTA) programming, and particularly, activation, of a wireless unit in a particular communications system. The unit stores a stored key having been generated by using a key algorithm (K-algorithm) with an identifier associated with the unit as an input to the K-algorithm. The unit may receive information such as parameters and a verification number from a communications system for the purpose of programming the unit. The verification number is generated by using an authorization algorithm (A-algorithm) having the parameters and a key as A-algorithm inputs. They key is generated by the K-algorithm having the identifier associated with the K-algorithm input. In response to the receipt of the parameters and the verification number, the wireless unit generates a trial verification number by using the A-algorithm with the parameters and the stored key as trial inputs. The unit compares the verification number to the trial verification number for a match.

Abstract: A process may be utilized for securing unlock password generation and distribution. A first set of exclusive responsibilities, assigned to a trusted authority, includes random generation and encryption of an unlock password to compose a randomly generated encrypted unlock password. Further, a second set of exclusive responsibilities, assigned to a security agent, includes sending information associated with the unlock password and a digital signature of information associated with the unlock password to a communication device configured for a network in order to mate the unlock password to the communication device, and sending the randomly generated and encrypted unlock password along with mating data to a password processing center. In addition, a third set of exclusive responsibilities, assigned to a password processing center, includes decrypting the randomly generated and encrypted unlock password.

Abstract: An authentication device that the user wears reads biometrics information and executes individual authentication by verification. Only when the individual authentication has been successfully performed, authentication with an external unit (such as a server) can be started. Then, only when both the individual authentication based on the biometrics information and the mutual authentication between the external unit (such as a server) and the authentication device have been successfully performed, subsequent data processing, such as payment processing, can be executed. Therefore, even if a fraudulent third party uses a stolen authentication device, because the party cannot satisfy the start condition of authentication with the external server or a PC, fraudulent transactions and other illegitimate behaviors are effectively prevented.

Abstract: The invention concerns secure data transfer from a first radio communication device of a first party to a second radio communication device. A random first symmetric key is generated at the first terminal device. User data of the first terminal device is encrypted with the first symmetric key. The first symmetric key is encrypted with a public key of a third party. The encrypted first symmetric key is sent from the first terminal device to the second terminal device via a transfer device. The encrypted first symmetric key is decrypted at the second terminal device by utilizing a secret key associated with the public key and comprised in a security device of the third party. The encrypted user data is sent from the first terminal device to the second terminal device via the transfer device. The encrypted user data is decrypted at the second terminal device with the first symmetric key.

Abstract: A relay gateway apparatus (HandOver-Gateway (HO-GW) is provided between heterogeneous access networks (a WiMAX access network and a UMB access network). The HO-GW performs conversion of a movement control signal (an Inter-Access Gateway (AGW) handover control signal) and relay of communication data. When the relay is performed, user data from a correspondent node (CN) reaches a wireless terminal (mobile node (MN)) through a host agent (HA) of a core network, an access router ASN-GW, the HO-GW, and a base station eBS.

Abstract: A dual cryptographic keying system. In particular implementations, a method includes responsive to an initial session key negotiation, storing security association information for a tunnel in a security association memory; responsive to a session key renegotiation, storing security association information for the tunnel in a cache; decrypting received packets associated with the tunnel conditionally using the security association information in the cache or the security association information in the security association memory; and upon an expiration condition, overwriting the security association information, for the tunnel, in the security association memory with the security association information, for the tunnel, copied from the cache.

Abstract: A system and method for activating a subscriber identification module (SIM) based mobile device in a PCS/ANSI type wireless network. The method comprises pre-programming the SIM card of the mobile device with temporary activation identifiers, such as an international mobile station identity (IMSI) and/or a mobile identification number (MIN), and a temporary electronic serial number. The temporary electronic serial number, rather than the mobile device actual electronic serial number, is used to identify the mobile device during registration and activation. The network identifies the temporary electronic serial number associated with the SIM vendor and invokes an over-the-air activation procedure especially for the SIM card mobile devices. A SIM-over-the-air-activation processor is notified to perform the activation for that mobile device on the PCS wireless network.

Abstract: A system and method for establishing a connection on a mobile computing device includes generating a secret on a trusted platform of the mobile computing device. The secret is transported to a subscriber identity module (SIM)/Smartcard on the mobile computing device. A secure local communication channel is established between the trusted platform and the SIM/Smartcard using the secret.

Abstract: When transmitting position/time information calculated by means of a GPS function to a server apparatus, authentication is carried out with the server apparatus. The position/time information may be certified as legitimate measured by a portable apparatus with a GPS reception function employed by a user. When transmitting information related to the position and the time acquired from a portable phone terminal having the GPS function and a network function by means of the GPS function to the server apparatus, authentication is carried out between the portable phone terminal and the server apparatus. The position/time information is transmitted to the server apparatus, only if the server apparatus is authenticated as a legitimate counterpart for connection. A secret key holding section is provided for holding different secret keys for different apparatuses.

Abstract: A transaction processing service operates as an intermediary between acquirers of financial transaction requests and issuing institutions that process the financial transaction requests. The intermediary service utilizes a customer's mobile device as an out-of-band communication channel to notify a customer of a received financial transaction request. To send the notification, the intermediary service retrieves stored customer information, including an address of the customer's mobile device and a list of payment instruments that can be used to pay for the transaction. Before continuing to process the received financial transaction request, the service may first require the customer to confirm the transaction via the mobile device. The intermediary service retrieves financial account information associated with the customer from issuing institutions, and, if the transaction is confirmed, provides the account information to acquirers in order to allow transactions to be processed.

Abstract: Method and system of auditing databases for security compliance. The method and system relating to querying databases for security parameters and auditing the queried parameters against authorized security parameters to determine security compliance of the databases.

Abstract: A data processing device including a microcontroller and configured to communicate with at least one remote system distributed on a network. The data processing device and the remote system are adapted to store a plurality of parameters identifying a user account belonging to a subscriber. The data processing device comprises a one-time parameter comprising the active account attached to the device designed for a one-time use, and a permanent parameter identifying an account attached to the data processing device, the permanent parameter being deactivated. The one-time and permanent parameter are stored in the at least one remote system, and the microcontroller is programmed to: use the one-time parameter to logon to the network when the data processing device is switched on; and exchanges the one-time parameter with the permanent parameter, upon successful logon to the network, the permanent parameter becoming the permanent active account.

Abstract: An apparatus, system, computer-readable medium, and method to facilitate quick transition of communications of a mobile station between network stations of a radio communication system, such as a WLAN operable to a variant of an IEEE 802 operating specification, is provided. Implementations of embodiments described herein reduce the transition duration by a pre-keying mechanism that performs authentication procedures prior to commencement of reassociation procedures. In other embodiments, a mobile station is allowed to select whether to perform pre-keying processes over an air interface with a target transition access point or whether to perform the pre-keying processes over a distribution system.

Abstract: A method for provisioning client devices securely and automatically by means of a network provisioning system is disclosed. Provisioning occurs before the client is granted access to the network. The provisioning is determined dynamically at the time a client connects to the network and may depend on a multitude of factors specified by data dictionaries of the provisioning system.

Abstract: Systems and methods for activating a mobile device for use with a service provider are described. In one exemplary method, a mobile device having a currently inserted SIM card may be prepared for activation using a signing process in which an activation server generates a signed activation ticket encoded with SIM policy data that corresponds to the combination of the device and one of a number of SIM cards belonging to a set of SIM cards defined by the SIM policy data. The activation ticket is securely stored on the mobile device. In another exemplary method the mobile device may be activated in an activation process in which the device verifies an activation ticket against information specific to the device and SIM card in accordance with the SIM policy in the activation ticket, and initiates activation when the verification of the activation ticket is successful.

Abstract: A system and method for establishing a connection on a mobile computing device. A secret is generated on a trusted platform of the mobile computing device. The secret is transported to a secure channel application. The secure channel application establishes a trusted local communication channel between the trusted platform and a SIM (subscriber identity module)/Smartcard. The secret is received by the SIM/Smartcard. The secret, after being received by the SIM/Smartcard, is provided to a secure channel applet on the SIM/Smartcard. The secure channel applet establishes the trusted local communication channel between the SIM/Smartcard and the trusted platform, wherein the secret is shared by the trusted platform and the SIM/Smartcard.

Abstract: A system and method for providing roaming access on a network are disclosed. The network includes a plurality of wireless and/or wired access points. A user may access the network by using client software on a client computer (e.g., a portable computing device) to initiate an access procedure. In response, a network management device operated by a network provider may return an activation response message to the client. The client may send the user's username and password to the network provider. The network provider may rely on a roaming partner, another network provider with whom the user subscribes for internet access, for authentication of the user. Industry-standard methods such as RADIUS, CHAP, or EAP may be used for authentication. The providers may exchange pricing and service information and account information for the authentication session. A customer may select a pricing and service option from a list of available options.

Abstract: A system that incorporates teachings of the present disclosure may include, for example, a server having a controller to implement an Elliptic Curve Diffie-Hellman (ECDH) cryptosystem and manage a key exchange, authentication, and certificate exchange with a communication device also implementing the ECDH cryptosystem, wherein the server communicates over a network that provides an encrypted communication link for the communication device. Other embodiments are disclosed.

Abstract: An electronic circuit includes a more-secure processor having hardware based security for storing data. A less-secure processor eventually utilizes the data. By a data transfer request-response arrangement between the more-secure processor and the less-secure processor, the more-secure processor confers greater security of the data on the less-secure processor. A manufacturing process makes a handheld device having a storage space, a less-secure processor for executing modem software and a more-secure processor having a protected application and a secure storage. A manufacturing process involves generating a per-device private key and public key pair, storing the private key in a secure storage where it can be accessed by the protected application, combining the public key with the modem software to produce a combined software, signing the combined software; and storing the signed combined software into the storage space.

Abstract: A method in a communication network wherein users are authenticated based on network originated user identities is disclosed. The authentication method comprising the steps of receiving a network originated identity from a user and associating the network originated identity with at least one non-network originated identity stored in a data storage. When a non-network originated identity is received from the user, the non-network originated identity from the user is compared with the at least one non-network originated identity from the data storage. The user is authenticated if the comparison is valid.

Abstract: A method of securely initializing subscriber and security data in a mobile routing system when the subscribers are also subscribers of a radio communication network. The method comprises, within the mobile routing system, authenticating subscribers to the mobile routing system using an authentication procedure defined for the radio communication network, collecting subscriber information from relevant nodes of the radio network, and agreeing upon keys by which further communications between the subscribers and the mobile routing system can take place, and using the subscriber information and keys in the provision of mobility services to subscriber mobile nodes and correspondent nodes.

Abstract: The invention disclose a method for verifying the validity of a user, making full use of a TID as the bridge for establishing confidence between a NAF and a user equipment, and the BSF assigning a term of validity for the TID, thereby extending the function of the TID, enabling the NAF to verify the term of validity for using the TID, and accordingly, achieving a further verification of the validity to the user. By using the method of the invention, it is possible to avoid the situation in which one TID is permanently valid for one or more NAFs, enhance the system security, decrease the risks caused by the theft of users' TID and corresponding secret keys, and at the same time, implement TID management by the NAF. In addition, a combination of the method with billing system makes it easy to implement the function of charging a user.

Abstract: Systems and methods for activating a mobile device for use with a service provider are described. In one exemplary method, a mobile device having a currently inserted SIM card may be prepared for activation using a signing process in which an activation server generates a signed activation ticket that uniquely corresponds to the combination of the device and SIM card, and that is securely stored on the mobile device. In another exemplary method the mobile device may be activated in an activation process in which the device verifies an activation ticket against information specific to the device and SIM card, and initiates activation when the verification of the activation ticket is successful.

Abstract: A system and method for providing security for an Internet server. The system comprises: a logical security system for processing login and password data received from a client device during a server session in order to authenticate a user; and a physical security system for processing Internet protocol (IP) address information of the client device in order to authenticate the client device for the duration of the server session.

Abstract: A solution for a remote service provider outside a customer's controlled network to reference an object of service (OOS) that is part of the customer's controlled network using a globally unique identifier (GUID) which is derived independently of network information associated with the OOS. A GUID generator module within the customer's controlled network generates a GUID for each device in the customer's controlled network and stores each GUID with a reference to its network information (e.g., IP addresshost name) in a lookup datastore accessible by an object of service management system (OOS) within the customer's controlled network. For service instances (e.g., data harvesting, software upgrades), the OOS management module sends the GUID in lieu of network information for the OOS. Thus the remote service provider can uniquely identify a device and reference it in a customer's network without the security implications of transferring customer network information outside the customer's network.

Abstract: In a communication system (100), a method and apparatus provides for message integrity regardless of the operating version of an authentication center (198) or an interface (197) between the authentication center (198) and a mobile switching center (199). The method and apparatus include generating a cellular message encryption algorithm (CMEA) key, and generating a CMEA-key-derived integrity key (CIK) based on the CMEA key for message integrity between a mobile station and a base station. The mobile station transmits a registration message to the base station, and determines an operating version of the authentication center (198) in communication with the base station based on whether the mobile station receives a registration accepted order or some elements of an authentication vector from the base station. The CIK is generated based on the CMEA key, if the mobile station receives a valid registration accepted order from the base station.

Abstract: A method and apparatus for preventing unauthorized use of a mobile terminal are provided, in which an execution code processor decrypts an Mobile Phone Certificate (MPC) using an MPC decryption code stored in it, when the mobile terminal is booted, an MPC processor compares a pre-stored MPC decryption execution code with the MPC decryption execution code, compares a pre-stored MPC encryption key with an MPC encryption key stored in the execution code processor. When the MPC decryption execution codes are identical, sets data required for an initial operation of the mobile terminal using an MPC management execution code included in a pre-stored MPC. When the MPC encryption keys are identical, decrypts Secured Code (SCode) blocks for execution of an application program, after executing the MPC management execution code. The execution code processor performs an operation program of the mobile terminal using the MPC management execution code and the decrypted SCode blocks.

Abstract: A system is provided for establishing a secure link among multiple users on a single machine with a remote machine. The system includes a subsystem to filter traffic so that traffic from each user is separate. The subsystem generates and associates a Security Association (SA) with at least one filter corresponding to the user and the traffic, and employs the SA to establish the secure link. An Internet Key Exchange module and a policy module may be included to generate and associate the security association, wherein the policy module is configured via Internet Protocol Security (IPSEC).

Abstract: A service processing server for providing a communication processing service with an information providing server, to a cell phone belonging to a network capable of identifying subordinate cell phones, and including an application receiving part for receiving first communication terminal-specific information to specify a specific cell phone, and service-specific information in association with each other; a specific information generating part for generating second communication terminal-specific information; an approval requesting part for transmitting approval request information containing the service-specific information and the second communication terminal-specific information, to the information providing server; a result receiving part for receiving approval result information returned; and a registering part for performing a registration process for providing the communication processing service to the specific cell phone in accordance with reception of the approval result information.

Abstract: A decryption apparatus (109) comprises a key stream generator (111) generating a local decryption key stream. It furthermore comprises a synchronization value receiver (201) receiving key stream synchronization values. A synchronization processor (203) implements a state machine which may operate in a synchronized state (303) wherein the communication is decrypted using the local key stream, a non-synchronized state (301) wherein the local key stream is not synchronized, or in an uncertain synchronization state (305) wherein the communication is decrypted using the local key stream and wherein the local key stream is synchronized to each new received synchronization value. The synchronization processor (203) furthermore comprises a transition controller (213) operable to transition from the synchronized state to the non-synchronized state in response to a first criterion and to the uncertain synchronization state in response to a second criterion.

Abstract: A method and apparatus for scheduling the data packets transmitted to a plurality of mobile terminals supporting multiple quality of service (QoS) grades in a multichannel wireless communication system includes a storage device for storing queues and data packets of the mobile stations, the queue and data packets of each of the mobile stations being arranged in an order of the quality of service grades; and a scheduler for allocating resources of multiple channels to the mobile stations based on different scheduling metrics separately applied to the multiple channels according to the quality of service grades, each of the scheduling metrics applied to a particular one of channels being used to select one of the mobile stations whose data packets are transmitted through the particular channel; wherein entire data packets of the mobile stations are transmitted through the multiple channels when the allocation of the channel resources has been completed sequentially for each of the multiple channels.

Abstract: The details of an apparatus and method of handling simultaneous universal terrestrial radio access network radio resource control procedures which change the security configuration in a universal mobile telecommunications system user equipment are disclosed herein. According to one aspect of the present application, there is provided a user equipment apparatus having a message handler, a sequential processor, a command store, and a security configuration change detector, wherein said message handler is coupled to said command store, is coupled to said sequential processor, and is coupled to said security configuration change detector to save, process, and detect configuration changes in commands respectively, and to determine if there is an existing command at the user equipment, such that the user equipment appears to the UTRAN as though it were processing commands simultaneously.

Abstract: A method of operation in a mobile communication system includes a mobile station, a first network capable of serving the mobile station as a home network and a second network capable of serving the mobile station as a visited network, including carrying out in the home network the steps of: generating a random seed (RS), modifying the random seed by combination with an authentication key (K) held by the home network and the mobile station to form session keys (KS and KS?), sending the session keys (K?S and K?S?) to the visited network to permit authentication of the mobile station, and characterized in that the following steps are carried out in the home network: providing a further modification key (SMK), and carrying out a further key modification (of KS and KS?) in the production of the session key (K?S and K?S?) using the further modification key (SMK).

Abstract: Resources to a device are granted access to an application based on privileges associated with the application. A permission list may be created by a server. The permission list may be created using information from authorities, entities, or parties and information about the device resources. The permission list indicates what device resources the application may access. During application execution when the application requests a resource, a control program executing on the device may be used to check the permission list associated with the application to determine if the application may access the resource. The control program can then grant or deny access based on the privileges defined in the permission list. Digital signatures may be used to detect modifications to the application and/or permission list. In addition, multiple permission lists may be associated with the same application.