1259730 九、發明說明: 主張優先權及交互參考 本專利申請案要求下列美國臨時專利申請案之權利: 2003年9月29日提出第60/507,197號名為 「GO-KEY SYSTEM」;2003年9月29日提出第60/506,918號名為 「GO-KEY ONLINE MUSIC SUBSCRIPTION AND DISTRIBUTION APPLICATION AND SERVICE」;2003年 9 月 29 日提出第 60/506,919 號名為「GO-KEY E-MAIL APPLICATION AND SERVICE」;2003 年 9 月 29 日提出第 60/506,925 號名為「GO-KEY MOBILE DESKTOP ENVIRONMENT」; 2004年1月22日提出第60/543,735號名為 「MDMS」; 2004年1月22曰提出第60/538,763號名為「OMNI FILE SYSTEM (OFS)」;2004年 1 月 22 日提出第 60/538,91 5 號名為「UDDI DIRECTORY」;以及2004年1月22日提出第 60/538,767號名為「UDDI REPOSITORY」,彼等專利申請案 皆以引用方式併入本文中。另外,本專利申請案係相關於 以下專利申請案且交互參考,並且彼等專利申請案皆以引 用方式併入本文中:2004年4月30日提出第10/837,426號名 為「MOBILITY DEVICE PLATFORM」(代理人檔案號碼 45 597/196314);以及 2004年 4 月 30 日提出第 10/836,933號名 為「MOBILITY DEVICE」(代理人檔案號碼 455 97/196314)。 【發明所屬之技術領域】 本文描述之系統及方法係相關於行動電腦作業技術,最 為重要的是,係關於一種允許安全的遠端行動電腦作業之 96373.doc 1259730 行動裝置管理伺服器。 【先前技術】 企業及個人-致地愈來愈需要行動能力作為其電腦環境 的特徵部分。對於企業,行動能力允許在各地理位置部署 人員,使企業為客戶提供更好的服務。例如,大型製藥企 業會想要在接近未來客戶(例如,醫生)的「現場」部署業務 人員。在此背景下,「現場」人員會想要透過安全連線料 取機密的銷售和市場資訊以及電腦應用程式。運用現行的 方案,這些人員通常會在工作日結束時,繼續透過某安全 的電腦網路料(例如,虛擬私人網路)來進行使其資料與公 司網路「同步化」繁雜工作。相比之下,個人尋求其電腦 環境,行動能力,以便㈣㈣得其料及電腦應用程 式,最為重要的是,在網際網路通信期間繼續維持「連 狀態」。 " 為了應響行動電腦作業的需要,電腦環境製造商已開發 出行動私腦作業技術(例如,獨立、連線網路及/或内嵌式), 讓人們可奴時使用其電腦環境。此類行動裝置旨在允許使 用者Ik時攜Y」其檔案及應用程式。雖然這些裝置提供 了行動能力,但是會由於外型、處理能力及可攜性不同而 傾向於效率有限。由於彼等限制,使用者通常會攜帶大型 可攜,電腦,以確保其具有所有必要的檔案及電腦應用程 月見此邊方案係以電腦作業系統(c〇mpUting system)本 身的設計為前提,即,採用「以裝置為中心」電腦作業。 運用以裝置為中心」電腦作業,電腦使用者雖然可經 96373.doc 1259730 由逆%通仏應用程式(例如,虛擬私人網路)以遠端且安全方 式來存取墙案,但是仍然會攜帶大型笨重的電腦作業設備 來掏取其資料及電腦應用程式。最為重要的是,運用1裝 置為中心型電腦作業,使用者—般會基於企業電腦作業需 求而配備一個裝置(例如,公司個人電腦或膝上型電腦),並 且一般會在家中具有供個人使用的—或多個電腦環境。在 =多個電腦環境過程中,電腦使用者負責使許多不同電 細%境之間的自訂偏好設定及各項設定同步化之工作。此 類工作是件萬分艱紐的事,並且通常會因電腦使用者無法 在不同電腦環境之間存取所要的資料及/或電腦應 而受挫。 八 电斶便用者會希 似 1 a ’「土丨叫㈡口叼蚵務規劃管理電 腦應用程式(例如,Quicken、Microsoft Money)取得自己的 財務規劃管理資料,以便處理可能出現的支付款項(例如, 3的帳單)。利現行方案,電腦使用者需要在每個電腦 承兄(包括公司電腦,這可能會達反企業電腦作業政策及程 序)上安裝財務規劃管理電腦應用程式及資料,以便可能存 取所要的貝料。相比之下,企業會想要高效率且立即欲止 已解雇之員玉對機密公司資料㈣有存取權。在以裝置為 中心型電腦作業為基礎的現行實施中,會要求員工歸還其 電腦環境(例如’膝上型電腦、個人電腦、行動電話或個: 數位助理)。另夕卜還會藉由終止即將解雇之貝工的企業使 用者目錄資訊,而使得使用公司資料時受到限制。但是, 收集此類裝置及終止存取權原因就需要—段作業時間。此 96373.doc 1259730 ^作業時間會導致該員工從企業電腦環境複製㈣以供未 來使用。在此情況下,依據現行的實施,τ能會戌露機密 的企業資料。 ^ 從前文所述可得知,需要克服現行實施缺點。 【發明内容】 本發明揭示-#用作行動纟置平臺一部分之用於允許保 =動電腦作業安全性之行動裝置管㈣服器。在一項例 證實施中,—種示例性電子裝置包括:一行動裝置,其可 運作以透過-通信介面與至少—電腦環境通信,並且其中 =行動裝置可運作成處理及儲存安全的Web服務;一通信 罔各其可運作成使用Web服務來傳達資料及電腦應用程 式;以及一行動裝置管理伺服器,其可運作以產生、處理、 儲存及加密㈣該行動裝置的Web服務。另外,該行動裝 置管理飼服器可運作以執行-或多項行動裝置管理功能, 、才疋仏加在至鑰給合作之行動裝置,以及鑑認並確認向 =動裝置管理飼服器要求Web服務的合作之行動裝置。 邊仃動裝置管理伺服器及該行動裝置可進一步運作以使用 使用者識別和密碼資訊來執行鐘認和確認。該行動裝置管 里祠服為可進-步運作以執行有關在該行動裝置平臺上所 處理及執行之Web服務的計量功能及作業。另夕卜,該行動 裝置e理飼服杂可運作以支援介於該行動裝置管理祠服器 與合作之行動裝置管理伺服器之間的間歇連線。 在運作過k中’該示行性行動裝置被组態以在—合作之 電腦環境上運用。另外,該行動裝置建置與合作之一或多 96373.doc 1259730 個行動裝置管理伺服器之間的通信,並且嘗試由該等合作 或多個行動裝置管理伺服器使用所選之鑑認和確認資 汛丁以鑑認。在鑑認和確認後,該等合作之一或多個行動 裝置管理伺服器使用Web服務來處理來自於該合作之示例 性行動裝置的資料和電腦應用程式要求。該等合作之一或 =個行動裝置管理祠服器使用該示例性所選之繼認和確認 資訊(例如,金鑰)來將Web服務加密,以允許從該等合作之 「或多個行動裝置管理伺服器與該示例性行動裝置安全傳 達所要求之資料和電腦應用程式。 下文中會進一步說明本文描述之系統及方法的其他 徵。 【實施方式】 概覽: 本文描述之系統及方法針對電腦作業和行動電腦作業提 供「以使用者為中心」做法。現行電腦作業方案(企業或個 人)一般被設計成使用「以裝置為中心」模型。以裝置為中 ^式模型曰在依據裝置指派及指定來管理及追蹤使用者。 例如,在企業電腦作業背景下,企業電腦環境可包括數個 伺服器電腦環境及許多用戶端電腦環境。一般而言,企業 中的每個使用者都有配備用戶端電腦環境(例如,個人電腦 或膝上型電腦),-般會透過企業通信介面將用戶端電腦環 境以網路連線至伺服器電腦環境,或是,如果使用者身在 返離止業通仏網路之處,則是透過虛擬私人網路(VpN)將用 戶電腦環境連線至連線至企業通信網路。另外,在習知 96373.doc -10- 1259730 ^業電腦環境中’會透過—用於建立使用者權利和權限盘 :企業資料和電腦應用程式之„性的目錄服務結構,來 才疋么、使用者的使用者識別資訊及密碼資訊。 運用此類企業電腦環境,通常僅允許使用者使用自己的 偏好設足及各項設定來自訂所配備的電腦環境,以至於如 果使用者跨網路漫遊且登人转屬的電腦環境時,就盖法 存取自己的自訂偏好設定及各項設^這項問題通常會發 生在企業使用者身上,企業使用者會想要維護介於其企 電腦環境與其個人電腦環境(例如,家中的電腦)之間的偏好 設疋及各項設定(例如,濁覽器書籤、桌面的外觀及操作、 色彩配置、應用程式佈局及檔案的目錄結構)同步化,這通 常需要執行手動同步化。 另外,運用現有企業電腦環境來管理許多用戶端電腦環 境’文成-項繁重的工作。目冑,企業的資訊技術部門雇用 =十人(而不是數百人)來支援許多使用者及使用者的電腦 %境。除了僅僅實際管理以外,還提出企業資料完整性及 安全性運用以裝置為中心式電腦作業模型。在此背景下, =業電腦使用者通常需要自行蚊複製及包含機密的企業 貝料。由於防止使用者未經授權複製企業標案及資料是一 項乐重的工作’戶斤〃大部分企業都忽視此工作。對於企業 及個人,這項現有實施的限制可能成本極高。 本文描述之系統及方法旨在藉由提供運用「以使用者為 中心」模型所設計的行動裝置平臺(MDP)來改良現有實施 的缺點。在一項例證實施中’該行動裝置平臺包含至少一 96373.doc 1259730 行動裝置(MD),行動裝置可運作以透過通信介面(例如,通 用序列埠(USB)、IEEE 1394 通信介面(Firewire)、802·ΧΧ 通信介面、blutetooth(藍芽)通信介面、個人電腦介面、小 型電腦序列介面及無線應用通訊協定(WAP)通信介面)來與 一或多個合作的電腦環境(例如,個人電腦、個人數位助 理、行動電話、網路連線型電腦及其他電腦環境)通信。另 外,該行動裝置平臺包括一或多個行動裝置管理伺服器 (MDMS),行動裝置管理伺服器係運作以為合作的行動裝置 及其使用者鑑認、確認及提供使用者管理。 在運作過程中,該行動裝置可與用於調用(invoke)—或多 個工作環境的一或多個電腦環境協作,以便處理Web服 務。可以從位於MD本機中的資料和電腦應用程式來執行該 等Web服務,或是該MD可與一或多個MDMS協作來獲得所 要求的Web服務。該MDMS可運作以鑑認要求方MD,藉此 確保要求方MD具有關於所要求之Web服務的權利及權限。 另外,該MDMS還可與第三方Web服務提供者協作,藉此獲 得所要求的Web服務。在此背景下,該MDMS可採取動作以 將來自非MD原生Web服務格式轉譯成一原生MD Web服 務。當將Web服務從該MDMS傳達至多個合作的MD時,該 MDMS與MD都會使用使用者和裝置鑑認和確認資訊,來進 行1028位元及/或2056位元加密(例如,PKI加密)。該MDMS 提供給該MD的Web服務可包括(但不限於)電腦應用程式及 所要資料。另外,該MD可運作以儲存參與方使用者的自訂 設定及偏好設定至該MD的本機中,讓使用者隨時可取得自 96373.doc 12 1259730 訂設定及偏好設定。 以此方式使用行動裝置平臺,使用者就可以在任何數目 • 的協作電腦環境下進行作業,只要使用者確信其可以在合 作的電腦環境中存取其自訂設定及偏好設定,最為重要的 是,安全存取自己的電腦應用程式及檔案(例如,提供為Web 服務)。1259730 IX. INSTRUCTIONS: Claims for priority and cross-references The patent application claims the following US provisional patent applications: September 29, 2003, No. 60/507,197 entitled "GO-KEY SYSTEM"; 2003 9 On the 29th of the month, No. 60/506,918 was named "GO-KEY ONLINE MUSIC SUBSCRIPTION AND DISTRIBUTION APPLICATION AND SERVICE"; on September 29, 2003, No. 60/506,919 was named "GO-KEY E-MAIL APPLICATION AND SERVICE" On September 29, 2003, No. 60/506, 925 was named "GO-KEY MOBILE DESKTOP ENVIRONMENT"; on January 22, 2004, No. 60/543,735 was named "MDMS"; January 22, 2004 60/538,763 is called "OMNI FILE SYSTEM (OFS)"; on January 22, 2004, No. 60/538,91 5 is called "UDDI DIRECTORY"; and January 22, 2004, No. 60/538,767 is proposed. The name is "UDDI REPOSITORY" and their patent applications are incorporated herein by reference. In addition, the present patent application is related to the following patent applications and is hereby incorporated by reference herein in its entirety in its entirety in its entirety in the the the the the the the the the the (Attorney Profile No. 45 597/196314); and April 30, 2004, No. 10/836,933 entitled "MOBILITY DEVICE" (Agency File Number 455 97/196314). FIELD OF THE INVENTION The systems and methods described herein are related to mobile computer operating techniques and, most importantly, to a 96373.doc 1259730 mobile device management server that allows secure remote mobile computer operations. [Prior Art] Enterprises and individuals - the growing need for mobility as a characteristic part of their computer environment. For businesses, mobility capabilities allow people to be deployed in all geographic locations to enable them to better serve their customers. For example, large pharmaceutical companies will want to deploy business people “on the spot” close to future customers (for example, doctors). In this context, “on-site” personnel will want to secure confidential sales and marketing information and computer applications through secure connections. With the current solution, these people will continue to use their secure computer network materials (for example, virtual private networks) to "synchronize" their data with the company's network at the end of the working day. In contrast, individuals seek their computer environment and mobility capabilities to (4) (4) get the most out of their applications and computer applications, and most importantly, maintain a "connected state" during Internet communications. " In order to respond to the needs of mobile computer operations, computer environment manufacturers have developed mobile brain technology (eg, stand-alone, connected networks and/or embedded) to allow people to use their computer environment. Such mobile devices are designed to allow users to carry their files and applications with Ik. Although these devices provide mobility, they tend to be inefficient due to differences in form, processing power and portability. Due to their limitations, users usually carry large portable computers and computers to ensure that they have all the necessary files and computer applications. This is based on the design of the computer operating system (c〇mpUting system) itself. That is, a "device-centric" computer operation is employed. Using device-centric computer operations, computer users can access the wall case remotely and securely via the reverse %% application (eg, virtual private network) via 96373.doc 1259730, but still carry it Large and bulky computer equipment to capture its data and computer applications. Most importantly, with a device-centric computer, users will typically have a device (for example, a corporate PC or laptop) based on the needs of the corporate computer, and will generally be available for personal use at home. - or multiple computer environments. In the process of multiple computer environments, the computer user is responsible for synchronizing the custom preferences and settings between many different environments. Such work is extremely difficult and often frustrated by the inability of computer users to access the information and/or computers required between different computer environments. Eight electric users will look like 1 a '"Double ( (2) 叼蚵 规划 管理 电脑 电脑 电脑 电脑 ( ( ( Qu Qu Qu Qu Qu Qu Qu Qu Qu Qu Qu Qu Qu Qu Qu Qu Qu Qu Qu Qu Qu Qu Qu Qu Qu Qu Qu Qu Qu Qu Qu Qu Qu Qu For example, the bill of 3). In the current scheme, computer users need to install financial planning management computer applications and materials on each computer (including company computers, which may reach anti-enterprise computer operating policies and procedures). In order to make it possible to access the desired bedding. In contrast, companies will want to be efficient and immediately want to have the dismissed member jade access to confidential company information (4). Based on device-centric computer operations. In the current implementation, employees will be required to return their computer environment (such as 'laptop, personal computer, mobile phone or a digital assistant'). In addition, the company will also terminate the list of corporate users who are about to be fired. This limits the use of company data. However, the collection of such devices and the termination of access rights require a period of time. This 96373.doc 1259730 ^The operating time will cause the employee to copy from the corporate computer environment (4) for future use. In this case, according to the current implementation, τ can reveal confidential corporate information. ^ As can be seen from the foregoing, it needs to be overcome. Disclosed [Embodiment] The present invention discloses a mobile device tube (four) server for use as a part of a mobile device platform for allowing security of computer operations. In an exemplary implementation, an exemplary The electronic device includes: a mobile device operable to communicate with at least a computer environment through a communication interface, and wherein the mobile device is operable to process and store secure web services; and each communication device is operable to use the web service To communicate data and computer applications; and a mobile device management server operable to generate, process, store and encrypt (4) the web service of the mobile device. Additionally, the mobile device management feeder can operate to perform - or A number of mobile device management functions, which are added to the key to the cooperative mobile device, and to identify and confirm the management of the mobile device The server requires a cooperative mobile device for the web service. The side device management server and the mobile device can be further operated to perform the identification and confirmation using the user identification and password information. The mobile device is compliant. Step operation to perform metering functions and operations on web services processed and executed on the mobile device platform. In addition, the mobile device can operate to support the mobile device management device Intermittent connection with the cooperative mobile device management server. In operation k, the mobile device is configured to be used in a cooperative computer environment. In addition, the mobile device is built and cooperated. One or more 96373.doc 1259730 mobile devices manage communication between the servers and attempt to authenticate by the cooperative or multiple mobile device management servers using the selected authentication and validation credentials. After authentication and validation, one or more of the cooperative device management servers use the web service to process the data and computer application requirements from the collaborative mobile device of the collaboration. One of the cooperations or = mobile device management server uses the exemplary selected succession and confirmation information (eg, a key) to encrypt the web service to allow "or multiple actions from such cooperation" The device management server and the exemplary mobile device securely communicate the required data and computer applications. Additional features of the systems and methods described herein are further described below. [Embodiment] Overview: The system and method described herein is directed to a computer Homework and mobile computer operations provide a "user-centric" approach. Current computer work programs (enterprise or individual) are generally designed to use a "device-centric" model. The device is a medium-sized model that manages and tracks users based on device assignment and assignment. For example, in the context of corporate computer operations, a corporate computer environment can include several server computer environments and many client computer environments. In general, every user in the enterprise is equipped with a client computer environment (for example, a personal computer or a laptop), and the client computer environment is connected to the server through the enterprise communication interface. In a computer environment, or if the user is on the Internet, the user's computer environment is connected to the corporate communication network via a virtual private network (VpN). In addition, in the familiar 96373.doc -10- 1259730 ^ industry computer environment - will be used to establish user rights and permissions disk: enterprise data and computer applications „sexual directory service structure, what, User's user identification information and password information. Using such a corporate computer environment, usually only allows users to use their own preferences and settings to customize the computer environment, so that if users roam across the network And when you go to a computer environment, you can access your own custom preferences and settings. This problem usually occurs on corporate users. Enterprise users want to maintain their business. Synchronization of preferences and settings between the environment and its personal computer environment (eg, computers in the home) (eg, browser bookmarks, desktop appearance and operation, color configuration, application layout, and file directory structure) This usually requires manual synchronization. In addition, the existing enterprise computer environment is used to manage many user-side computer environments. The company's information technology department employs ten people (rather than hundreds of people) to support the computer environment of many users and users. In addition to the actual management, it also proposes that the enterprise data integrity and security use is device-centric. Computer operating model. In this context, computer users usually need to copy their own mosquitoes and contain confidential corporate materials. It is a great job to prevent users from copying corporate documents and materials without authorization. Most companies ignore this work. For businesses and individuals, the limitations of this existing implementation can be extremely costly. The system and method described in this paper aims to provide action by using a "user-centric" model. Device Platform (MDP) to improve the shortcomings of existing implementations. In an exemplary implementation, the mobile device platform includes at least one 96373.doc 1259730 mobile device (MD), and the mobile device is operable to communicate through a communication interface (eg, Universal Serial Port (USB), IEEE 1394 communication interface (Firewire), 802·ΧΧ communication interface, blutetooth (bluetooth) communication interface, PC interface, small computer serial interface and wireless application protocol (WAP) communication interface to work with one or more computer environments (eg, personal computer, personal) Digital assistants, mobile phones, Internet-connected computers and other computer environments) communicate. In addition, the mobile device platform includes one or more mobile device management servers (MDMS) that operate in a server system to authenticate, validate, and provide user management for the cooperating mobile device and its users. In operation, the mobile device can cooperate with one or more computer environments for invoking—or multiple work environments to handle web services. The web services can be executed from data and computer applications located in the MD native, or the MD can cooperate with one or more MDMSs to obtain the requested web services. The MDMS can operate to authenticate the requesting party MD, thereby ensuring that the requesting party MD has rights and authority regarding the required web service. In addition, the MDMS can also collaborate with third-party web service providers to obtain the required web services. In this context, the MDMS can take action to translate the non-MD native web service format into a native MD web service. When a Web service is communicated from the MDMS to multiple cooperating MDs, both the MDMS and the MD use user and device authentication and confirmation information for 1028 bit and/or 2056 bit encryption (eg, PKI encryption). The web services provided by the MDMS to the MD may include, but are not limited to, computer applications and required materials. In addition, the MD can operate to store the custom settings and preferences of the participating users to the MD's local device, allowing the user to obtain settings and preferences from 96373.doc 12 1259730 at any time. By using the mobile device platform in this way, users can work in any number of collaborative computer environments, as long as the user is confident that they can access their custom settings and preferences in a collaborative computer environment, most importantly Secure access to your own computer applications and files (for example, as a web service).
Web服務: 透過如網際網路等通信網路提供的服務(泛稱為Web服務 或應用程式服務)正在成長中。同樣地,促進此類服務的技 術也正在成長中。Web服務可被定義為任何資訊源,用於 執行基於供使用者的應用程式使用而便利套裝的商業邏輯 程序。Web服務日益成長意謂著,可在網路上利用Web服務 來提供功能。Web服務通常包括某種程式設計與資料之組 合,促使使用者及其他網路連線的應用程式可從應用程式 伺服器來取得Web服務。Web服務的範圍涵蓋如儲存管理和 客戶關係管理等服務,且向下延伸至如提供股票即時行情 及查核拍賣項目投標價等更有限的服務。 著重於定義及標準化Web服務用途的行動包括開發Web 月艮務描述語言(Web Services Description Language ; WSDL)。WSDL是一種可延伸標記語言(Extensible Markup Language ; XML)格式,用於將Web服務描述為用於處理含 文件導向式或程序導向式資訊之訊息的一組結束點。作業 及訊息係以抽象方式予以描述,並且接著繫結(bound)成具 體(concrete)網路協定及定義結束點的訊息格式。相關的具 96373.doc -13- 1259730 體結束點被組合成抽象結束點(服務)。 目前,廣泛主張的Web服務使用方式模型如下: (1) 服務係實施及部署在某站點(通常稱為伺服器方)上。Web services: Services (generally known as Web services or application services) that are provided through communication networks such as the Internet are growing. Similarly, technologies to promote such services are also growing. A web service can be defined as any source of information for executing a business logic program based on a convenient package for use by a user. The growing popularity of Web services means that Web services can be used to provide functionality on the Web. Web services typically include a combination of programming and data that enables users and other network-connected applications to obtain Web services from an application server. Web services cover services such as storage management and customer relationship management, and extend down to more limited services such as providing stock quotes and checking auction item bid prices. Actions focused on defining and standardizing the use of Web services include the development of the Web Services Description Language (WSDL). WSDL is an Extensible Markup Language (XML) format that describes a Web service as a set of end points for processing messages containing file-oriented or program-oriented information. The assignments and messages are described in an abstract manner and then bound into a concrete network protocol and a message format that defines the end point. The associated end points are merged into abstract end points (services). At present, the widely used model of Web service usage is as follows: (1) The service system is implemented and deployed on a site (commonly referred to as the server side).
(2) 服務係使用WSDL予以描述並且經由如UDDI (Universal Description, Discovery,and Integration ;通用描 述、探索與整合)等手段多以發行,UDDI是一種適用於全 球企業的XML型登錄(XML-based registry),藉此按所提供 的Web服務而列入網際網路上。 (3) 用戶端應用程式藉由先解譯一或多個WSDL文件,藉 此在其他站點處(通常稱為用戶端方)使用Web服務。經過解 譯後,用戶端就可以瞭解相關服務的特性。例如,服務特 性可包括服務API規格,例如:(a)輸入資料類型·,(b)服 務輸入資料格式;(c)服務存取機制或樣式(例如,Rpc相 對於訊息發送服務);以及(d)相關編碼格式。 (4) 用戶端應用程式以各種Web服務瞭解的方式來準備 資料。 ^ (5) 用戶端應用程式按照一特定服務所指定的方式(例 如,在相關的WSDL文件中指定的方式)來調用該服務。 各種Web服務的輸入資料格式及調用方式皆不相同。例 如,假設某應用程式服務提供者提供一項服務 (getCity Weather),該服務要求如慣例城市名稱(例如,(2) The service is described by WSDL and distributed by means such as UDDI (Universal Description, Discovery, and Integration). UDDI is an XML-based login for global enterprises (XML-based). Registry), which is included on the Internet by the provided web service. (3) The client application uses the Web service at other sites (often referred to as the client side) by first interpreting one or more WSDL files. After the interpretation, the client can understand the characteristics of the related services. For example, the service characteristics may include service API specifications such as: (a) input material type, (b) service input data format, (c) service access mechanism or style (eg, Rpc versus message delivery service); d) Relevant coding format. (4) The client application prepares the data in a way that is known by various web services. ^ (5) The client application invokes the service in the manner specified by a particular service (for example, in the manner specified in the associated WSDL file). The input data format and calling method of various web services are different. For example, suppose an application service provider provides a service (getCity Weather) that requires a custom city name (for example,
Lake City的慣例城市名稱為SLC)的單一輸入參數。一預、 調用此類服務的用戶端應用程式必須撰寫成,促使該鹿用 程式内的資料或所輸出的資料能夠被分析以提取城:資 96373.doc -14- 1259730 訊。在執行時期,會使用適當的API,將所準備的符號傳遞 至getCityWeather服務站點。 然而,假設其他應用程式服務提供者提供類似的服務但 是要求兩個輸入參數,例如,城市名稱及郵遞區號。因此, 如果用戶端應用程式預計調用彼等二項服務,則必須考 慮到所要求的服務輸入參數來適當地分析及擷取其資料。 因此,如果一單一應用程式預計調用彼等兩項服務,則必 須使用服務特定的API資訊及程序來硬式編碼該應用程 式。另外,如果一單一應用程式預計調用許多服務,則必 須使用該應用程式預計調用之每項及所有服務相關的A p工 資訊及程序來硬式編碼該應用程式。 如上文所述,各種Web服務都可以提供類似的功能,但 是提供方式不同。本文描述之系統及方法旨在藉由提供一 種具有行動裝置管理伺服器的行動裝置平臺來改良此類不 同點,除了其他項目以外,該行動裝置管理伺服器包括一 Web服務轉譯模組,該Web服務轉譯模組運作以接受來自 Web服務提供者的資料,並且將Web服務以Web服務模型原 型提供給合作的行動裝置。 簡單物件存取通訊協定(SOAP)概覽: 間單物件存取通訊協定(Simple Object Access Protocol ; SOAP)是一種在分權(decentralized)、分散式環境中用來交 換資訊的輕量型XML架構通訊協定。SOAP支援不同樣式的 資訊交換,包括: 遠端程序呼叫(Remote Procedure Call ; RPC)樣式,其允 96373.doc -15- 1259730 許要求回應(request-response)處理,其中一結束點接收一程 序導向式訊息(procedure oriented message),並且回覆一關 聯性白勺回應訊息(correlated response message)。 訊息導向式資訊交換(Message-oriented information exchange),其支援需要交換商業或其他類型文件的組織及 應用,其中會傳送一訊息,但是寄件者不會預期或等待一 立即回應。 一般而言,SOAP訊息係由一 SOAP包絡(SOAP envelope, 其封入兩個資料結構SOAP標頭及SOAP主體)與關於命名 空間(用於定義SOAP訊息)的資訊所組成。標頭屬於選用項 目;如果有標頭,則標頭會運送關於SOAP主體中定義之要 求的資訊。例如,標頭可包含交易、安全性、内容或使用 者設定標(user profile)資訊。主題包含XML格式的一 Web服 務要求或對要求的回覆。下列圖式顯示SOAP訊息的高階結 構。 當使用SOAP訊息來載送Web服務要求及回應時,SOAP 訊息可遵循用於定義可用Web服務的Web服務定義語言 (web services definition language ; WSDL。WSDL可定義用 於存取Web服務的SOAP訊息、可用來交換SOAP訊息的協定 以及可存取Web服務的網際網路位置。WSDL描述項 (de scrip tor)可駐存在UDDI或其他目錄服務中’並且▲可以 經由組態或其他途徑(例如,S0AP要求回覆的主體中)來提 供WSDL描述項。 有一項SOAP規格(例如,w3 SOAP規格,如需相關資訊, 96373.doc -16 - 1259730 請造訪www.w3.org)提供要求及回應的標準編碼方式。規格 中使用XML結構描述(XML Schema)來描述訊息内容 (message payload)的結構及資料類型。可適用於Web服務之 訊息及回應的SOAP使用方式為: SOAP用戶端使用遵循SOAP規格且含有服務要求的XML 文件。 SOAP用戶端傳送該文件至一 SOAP伺服器,並且該伺服 器上執行的SOAP servlet會使用(例如,HTTP或HTTPS)來處 理該文件。Lake City's custom city name is SLC)'s single input parameter. A client application that invokes such a service must be written so that the data in the deer application or the outputted data can be analyzed to extract the city: 96373.doc -14-1259730. During the execution period, the prepared symbols are passed to the getCityWeather service site using the appropriate API. However, assume that other application service providers offer similar services but require two input parameters, such as city name and postal code. Therefore, if the client application expects to call their two services, they must consider the required service input parameters to properly analyze and retrieve their data. Therefore, if a single application is expected to invoke two services, the application-specific API information and procedures must be used to hard code the application. In addition, if a single application is expected to invoke many services, the application must be hard coded using the information and procedures associated with each and all services that the application is expected to call. As mentioned above, various web services can provide similar functionality, but in different ways. The systems and methods described herein are directed to improving such differences by providing a mobile device platform with a mobile device management server that includes, among other things, a web service translation module, the web The service translation module operates to accept information from the web service provider and to provide the web service as a prototype of the web service model to the cooperative mobile device. Simple Object Access Protocol (SOAP) Overview: Simple Object Access Protocol (SOAP) is a lightweight XML-architecture communication used to exchange information in a decentralized, decentralized environment. agreement. SOAP supports different styles of information exchange, including: Remote Procedure Call (RPC) style, which allows 96373.doc -15- 1259730 request-response processing, where an end point receives a program-oriented Procedural oriented message, and reply to a related response message. Message-oriented information exchange, which supports organizations and applications that need to exchange business or other types of documents, which send a message, but the sender does not expect or wait for an immediate response. In general, SOAP messages consist of a SOAP envelope (which encapsulates two data structure SOAP headers and SOAP bodies) and information about namespaces (used to define SOAP messages). The header is an option; if there is a header, the header carries information about the requirements defined in the SOAP body. For example, the header can contain transaction, security, content, or user profile information. The topic contains a web service request in XML format or a response to the request. The following diagram shows the high-level structure of a SOAP message. When using SOAP messages to carry web service requests and responses, SOAP messages can follow a web service definition language (WSDL) that defines the available web services, WSDL can define SOAP messages for accessing web services, A protocol that can be used to exchange SOAP messages and an Internet location where Web services can be accessed. A WSDL description item (de scrip tor) can reside in a UDDI or other directory service' and can be configured via configuration or other means (eg, S0AP) The body of the request is required to provide the WSDL description item. There is a SOAP specification (for example, the w3 SOAP specification, for information, 96373.doc -16 - 1259730, please visit www.w3.org) to provide the standard code for the request and response. The specification uses XML Schema to describe the structure and data type of the message payload. The SOAP method that can be applied to the Web service message and response is: SOAP client usage follows the SOAP specification and contains The XML file required by the service. The SOAP client sends the file to a SOAP server, and the SOAP servlet executed on the server makes (E.g., HTTP or HTTPS) to handle the file.
Web服務接收該SOAP訊息,並且將當做一訊息引動過程 (service invocation)的該訊息分派(dispatch)至用於提供所 要求之服務的應用程式。 再次使用該SOAP協定,將一來自該服務的回應傳回至該 SOAP伺月艮器,並且夺該訊息傳回至該原始SOAP用戶端。 顯而易見,雖然本文描述SOAP作為適用於本文描述之系 統及方法的通信協定,但是此說明内容僅僅是例證,本文 描述之系統及方法可採用各種通信協定及訊息發送標準。 例證性電腦環境 圖1繪示根據本文描述之系統及方法的示例性電腦系統 100。電腦系統100能夠執行各種作業系統180及可在作業系 統180上運作的電腦應用程式180’(例如,Web瀏覽器及行動 桌面環境)。示例性電腦系統100主要受控於可能是軟體形 式的電腦可讀型指令、何處及如何儲存及存取此類軟體的 方式。此類軟體可在中央處理單元(CPU) 110内執行,藉此 96373.doc -17- 1259730 促使資料處理系統100運作。在許多已知的電腦伺服器中, 會運用稱為微處理器的微電子晶片CPU來實作工作站及個 人電腦中央處理單元110。副處理器115是一種不同於主 CPU 110的選用之處理器’用於執行額外功能或輔助cpu no。可透過互連112將CPU 110連接至副處理器115。一種 通用類型副處理器是浮點運算副處理器,也稱為數值或數 學副處理器,其被設計成以比一般用途CPU丨10更快速地執 行數值計算。 顯而易見,雖然圖中所示之例證性電腦環境包含單一 CPU 11 〇,但是此說明内容僅僅是例證,電腦環境1 可包 έ數個CPU 11〇。另外,電腦環境還可以透過通信網路 160或其他資料通信構件(圖中未繪示)來利用遠端叭圖 中未顯示)的資源。 在運作過程中,CPU 110擷取、解碼及執行指令,並且經 由電腦的主要資料傳輸路徑(系統匯流排i05)來傳出及傳入 資源的資訊。此一系統匯流排連接電腦環境1〇〇中的各組 件’並且定義資料交換媒體。系統匯流排1 〇5通常包括用於 傳送貝料的資料線、用於傳送位址的位址線以及用於傳送 中斷和用於操作該系統匯流排的控制線。此一系統匯流排 的實例是PCI (周邊組件互連)匯流排。某些現今的進階匯流 排提供一種稱為匯流排仲裁的功能,用於管理擴充卡、控 制器及CPU 110對匯流排之存取。附接至彼等匯流排且仲裁 接管匯流排的裝置稱為匯流排主控(bus master)。支援匯流 排主控還允許藉由附加含有處理器及支援晶片的匯流排主 96373.doc -18- 1259730 控卡來建立彼等匯流排的多處理器組態。 耦合至系統匯流排105的記憶體裝置包括隨機存取記憶 體(RAM) 125及唯讀記憶體(R0M) 130。此類記憶體包含允 許儲存及擷取資訊的電路。R〇M 13〇通常包含無法被修改 的儲存之資料。cpu 11〇或其他硬體裝置可讀取或變更ram 125中所儲存的資料。可由記憶體控制器12〇來控制ram 125及/或R〇M 130之存取。記憶體控制器12〇可提供位址轉 譯功能,用於轉譯虛擬位址成為指令所執行的實體位址。 记fa控制裔120還可提供記憶體保護功能,用於隔離系統 内的處理序及隔離系統處理序(system pr〇cess)與使用者處 里序(user process)。因此,在執行模式中執行程式通常僅 能存取自已處理序虛擬位址空間所映射的記憶體;而無法 存取其他處理序虛擬位址空間内的記憶體,除非已設定處 理序之間的記憶體共用。 此外’電腦系統100可包括周邊裝置控制器135,周邊裝 置控制器135負責將指令從CPU 110傳達至周邊裝置,例 如印表機14 0、鍵盤14 5、滑鼠15 0及資料儲存機15 5。 顯示器165 (受控於顯示器控制器163)的用途是顯示電腦 系統100所產生的可見輸出。此類可見輸出可包括文字、圖 形、動畫及視訊。可使用CRT型視訊顯示器、LCD型平面顯 不為、氣體電漿型平面顯示器、觸控式面板或其他顯示器 形式來實作顯示器165。顯示器控制器163包括用以產生要 傳送至顯示器165之視訊訊號所需的電子組件。 另外,電腦系統100還可包含網路卡170,網路卡17〇的用 96373.doc -19- 1259730 途是將電腦系統100連接至外部通信網路160。通信網路160 可提供電腦使用者以電子方式傳達及傳送軟體和資訊的途 徑。另外,通信網路160還可提供分散式處理,分散式處理 涉及數台電腦,並且會在執行工作過程中分擔工作負載或 協作。應明白,如圖所示的網路連接是示範性的網路連接, 並且可使用其他的裝置來建立電腦之間的通訊連結。 應明白,示例性電腦系統1〇〇僅僅是適合本文描述之系統 及方法運作的例證性電腦環境,而不是限制本文描述之系 統及方法在具有不同組件及組態之電腦環境中的實施,在 具有各種組件及組態的各種電腦環境中皆可實施本文描述 之本發明觀念。 例證性電腦網路環境: 如上又所述(電腦系統100可部署為電腦網路之部分。一 般而言,前文關於電腦環境的說明内容適用於部署於網路 環境中的飼服器電腦及用戶端電腦。圖2繪示一種可採用本 又描述之系統及方法的示例性網路連線電腦環境2⑻,其具 有經由通信網路與用戶端電腦通訊的伺服器。如圖2所于八, 伺服器205可經由通訊網路16〇 (可能是固線或益物、 侧、内部網路、外部網路、對等式網路、網際網路或其 他通信網路)而互連於數個用戶端電腦環境,例如,平 =電助〇、行動電話215、電話22〇、個人電卿…固 ^助理出。另外,本文描述之㈣及方法可經由通传 路160與汽車電腦環境(圖中切示W肖費性電子裝置: 腦環境(圖中未緣示)及建築物自動化控制電腦環境: 96373.doc -20· 1259730 繪示)協合。例如,在通訊網路160是網際網路的網路環境 中,伺服器205可能是專用電腦環境伺服器,其可運作以處 理Web服務,並且經由任何數目的已知通訊協定(例如,超 文字傳輸通訊協定(hypertext transfer protocol ; HTTP)、檔 案傳輸通訊協定(Hie transfer protocol ; FTP)、簡單物件 存取通訊協定(simple object access protocol ; SOAP)或無線 應用通信協定(wireless application protocol; WAP)),將 Web 服務傳入及傳出用戶端電腦環境100、210、215、220和225。 每個用戶端電腦環境100、210、215、220和225還可配備瀏 覽器作業系統180(其可運作以支援如Web瀏覽器(圖中未繪 示)等一或多個電腦應用程式),或配備行動桌面環境(用以 獲得存取伺服器電腦環境205)。 在運作過程中,使用者(圖中未繪示)可互動於用戶端電 腦環境上執行的電腦應用程式,藉此獲得所要的資料及/或 電腦應用程式。資料及/或電腦應用程式可儲存在伺服器電 腦環境205上,並且透過示例性通信網路160傳達至透過用 戶端電腦環境100、210、215、220和225合作的使用者。參 與方使用者會使用Web服務交易來要求存取伺服器電腦環 境205上完整或部分裝載的特定資料及應用程式。可在用戶 端電腦環境100、210、215、220和225與伺服器電腦環境之 間傳達這些Web服務交易,以進行處理及儲存。伺服器電 腦環境205可裝載電腦應用程式、處理序(process)及程式項 (applet),用以產生、鑑認及傳達Web服務,並且可與其他 伺服器電腦環境(圖中未繪示)、第三方服務提供者(圖中未 96373.doc -21 - 1259730 、、會示)、網路附接式儲存裝置(network attached storage ; NASJ 和儲存區域網路(storage area network; SAN)協作,以便實 現彼等Web服務交易。 因此,在具有用來存取網路或互動於網路的用戶端電腦 環境及用來互動於用戶端電腦環境的伺服器電腦環境的電 腦網路環境中,可利用本文描述之系統及方法。但是,可 運用各種網路架構來實施用於提供行動裝置平臺的系統及 方法,因此,不應限定於所示之實例。現在將引用本例證 性貫施來詳細說明本文描述之系統及方法。 行動裝置平臺組件之協作: 圖3繪示介於示例性行動裝置平臺之組件間的示例性互 動。一般而言,如圖3所示,示例性行動裝置平臺3〇〇 (簡言 之)可包括示例性行動裝置310,其使用依據一所選用之通 信協定(圖中未繪示)運作的通信介面3〇5來與用戶端電腦環 境100協作。另外,示例性行動裝置平臺3〇〇可進一步包括 通信網路160 (如圖1所示)及伺服器電腦環境2〇5。 在運作過程中,該行動裝置可透過通信介面3〇5來與用戶 以便執行源自於行動裝置310的一或The web service receives the SOAP message and dispatches the message as a service invocation to the application for providing the requested service. Again using the SOAP protocol, a response from the service is passed back to the SOAP server and the message is passed back to the original SOAP client. It will be apparent that although SOAP is described herein as a communication protocol suitable for use with the systems and methods described herein, this description is by way of example only, and the systems and methods described herein may employ various communication protocols and messaging standards. Illustrative Computer Environment FIG. 1 illustrates an exemplary computer system 100 in accordance with the systems and methods described herein. Computer system 100 is capable of executing various operating systems 180 and computer applications 180' (e.g., web browsers and mobile desktop environments) that can operate on operating system 180. The exemplary computer system 100 is primarily controlled by computer readable instructions that may be in the form of software, where and how to store and access such software. Such software can be executed within central processing unit (CPU) 110 whereby 96373.doc -17-1259730 causes data processing system 100 to operate. In many known computer servers, a microelectronics chip CPU called a microprocessor is used to implement the workstation and personal computer central processing unit 110. The secondary processor 115 is an optional processor different from the primary CPU 110 for performing additional functions or assisting cpu no. CPU 110 can be coupled to secondary processor 115 via interconnect 112. One type of general purpose sub-processor is a floating-point arithmetic sub-processor, also known as a numerical or mathematical sub-processor, which is designed to perform numerical calculations faster than the general-purpose CPU 丨10. Obviously, although the illustrative computer environment shown in the figure contains a single CPU 11 〇, this description is merely illustrative, and the computer environment 1 can include several CPUs 11 〇. In addition, the computer environment can also utilize resources not shown in the remote bitmap through the communication network 160 or other data communication components (not shown). During operation, the CPU 110 retrieves, decodes, and executes the instructions, and transmits and transmits information about the resources via the computer's primary data transmission path (system bus i05). This system bus is connected to each component in the computer environment and defines data exchange media. The system bus 1 〇 5 typically includes a data line for transporting the bedding, an address line for transmitting the address, and a control line for transmitting the interrupt and for operating the system bus. An example of such a system bus is a PCI (Peripheral Component Interconnect) bus. Some of today's advanced bus banks provide a function called bus arbitration for managing expansion card, controller and CPU 110 access to the bus. Devices that are attached to their busbars and arbitrate to take over the busbars are called bus masters. The support bus master also allows the multiprocessor configuration of their busbars to be established by attaching the bus master 96373.doc -18-1259730 controller with the processor and the support chip. Memory devices coupled to system bus 105 include random access memory (RAM) 125 and read only memory (ROM) 130. Such memory contains circuitry that allows for the storage and retrieval of information. R〇M 13〇 usually contains stored information that cannot be modified. Cpu 11〇 or other hardware devices can read or change the data stored in the ram 125. Access to the ram 125 and/or R〇M 130 can be controlled by the memory controller 12A. The memory controller 12 can provide an address translation function for translating the virtual address into the physical address of the instruction. The fa control descent 120 also provides a memory protection function for isolating the processing sequence within the system and the system pr〇cess and the user process. Therefore, in the execution mode, the execution program usually only has access to the memory mapped by the processed virtual address space; it cannot access the memory in other processing virtual address spaces unless the processing order is set. Memory is shared. In addition, the computer system 100 can include a peripheral device controller 135 that is responsible for communicating instructions from the CPU 110 to peripheral devices, such as printer 14 0, keyboard 14 5, mouse 150, and data storage 15 5 . The purpose of display 165 (controlled by display controller 163) is to display the visible output produced by computer system 100. Such visible output can include text, graphics, animation, and video. The display 165 can be implemented using a CRT type video display, an LCD type flat display, a gas plasma type flat display, a touch panel, or other display form. Display controller 163 includes the electronic components needed to generate the video signals to be transmitted to display 165. In addition, computer system 100 can also include a network card 170 for connecting computer system 100 to external communication network 160 using 96373.doc -19-1259730. Communication network 160 provides a means for computer users to electronically communicate and communicate software and information. In addition, communication network 160 can also provide decentralized processing, which involves several computers and can share workload or collaboration during execution. It should be understood that the network connection as shown is an exemplary network connection and other means may be used to establish a communication link between the computers. It should be understood that the exemplary computer system 1 is merely an illustrative computer environment suitable for the operation of the systems and methods described herein, and is not intended to limit the implementation of the systems and methods described herein in a computer environment having different components and configurations. The inventive concepts described herein can be implemented in a variety of computer environments having various components and configurations. Illustrative computer network environment: As mentioned above (the computer system 100 can be deployed as part of the computer network. Generally speaking, the description of the computer environment in the foregoing is applicable to the server and user deployed in the network environment. Figure 2 illustrates an exemplary network connection computer environment 2 (8) that can employ the system and method described herein, having a server that communicates with a client computer via a communication network, as shown in Figure 2, eight. The server 205 can be interconnected to several users via a communication network 16 (possibly a fixed line or a benefit, side, internal network, external network, peer-to-peer network, internet or other communication network) The computer environment, for example, Ping = Power Assist, Mobile Phone 215, Phone 22 〇, Personal 卿 ... ... 固 ^ Assistant. In addition, the (4) and methods described in this article can be communicated via the Road 160 to the automotive computer environment (in the figure) Illustrated W Vision electronic device: brain environment (not shown) and building automation control computer environment: 96373.doc -20· 1259730 Illustrated). For example, the communication network 160 is the Internet. In a network environment, Server 205 may be a dedicated computer environment server that is operable to process web services and via any number of known communication protocols (eg, hypertext transfer protocol (HTTP), file transfer protocol (Hie). Transfer protocol; FTP), simple object access protocol (SOAP) or wireless application protocol (WAP), to pass web services to and from the client computer environment 100, 210, 215, 220, and 225. Each of the client computer environments 100, 210, 215, 220, and 225 can also be equipped with a browser operating system 180 (which can operate to support one or more, such as a web browser (not shown) Computer application), or equipped with a mobile desktop environment (to obtain access to the server computer environment 205). During operation, the user (not shown) can interact with the computer application executed on the client computer environment. The program to obtain the required information and/or computer application. The data and / or computer application can be stored in the server computer environment 20 5, and communicated through the exemplary communication network 160 to users cooperating through the client computer environments 100, 210, 215, 220, and 225. The participant user will request access to the server computer environment 205 using the web service transaction. Specific data and applications loaded in whole or in part. These web service transactions can be communicated between the client computer environments 100, 210, 215, 220, and 225 and the server computer environment for processing and storage. The server computer environment 205 can load computer applications, processes, and applets to generate, authenticate, and communicate Web services, and can be used with other server computer environments (not shown), Third-party service providers (not shown in the figure, 96373.doc -21 - 1259730, presentation), network attached storage (NASJ and storage area network (SAN) collaboration, so Achieve their Web services transactions. Therefore, in a computer network environment with a client computer environment for accessing the network or interacting with the network and a server computer environment for interacting with the client computer environment, The systems and methods described herein. However, various network architectures can be utilized to implement the systems and methods for providing a mobile device platform, and thus should not be limited to the examples shown. Reference will now be made to the detailed description. Systems and methods described herein. Collaboration of mobile device platform components: Figure 3 illustrates an exemplary interaction between components of an exemplary mobile device platform. As an example, as shown in FIG. 3, an exemplary mobile device platform 3 (in short) may include an exemplary mobile device 310 that uses a communication interface 3 that operates in accordance with a selected communication protocol (not shown). 〇5 to cooperate with the client computer environment 100. Additionally, the exemplary mobile device platform 3 can further include a communication network 160 (shown in Figure 1) and a server computer environment 2〇5. The mobile device can communicate with the user through the communication interface 3〇5 to perform one or
96373.doc 端電腦環境10 0協作,以 多個電腦應用程式180,, 100上以供使用者互動。s -22- 1259730 器電腦環境205協作,以便獲得Web服務形式的資料及/或電 腦應用程式。 圖4繪示介於示例性行動裝置平臺400之組件間的互動。 如圖4所示,示例性行動裝置平臺400包括行動裝置(MD) 405、電腦環境410、通信網路435、行動裝置管理伺服器 (MDMS) 420及第三方Web服務提供者440。另外,如MD分 解圖進一步所示,MD 405進一步包括處理單元(PU)、作業 系統(OS)、儲存記憶體(RAM/ROM)及一 MD通信介面。而 且,MDMS 420進一步包括轉譯引擎425、Web服務430及加 密引擎445。 在運作過程中,MD 405使用一或多個MD組件PU、OS、 RAM/ROM和MD通信介面,透過MD/電腦環境通信介面410 來與電腦環境415通信。當與電腦環境415通信時,MD 405 可啟動一或多個電腦應用程式(圖中未繪示),其可包括(但 不限於)作為組態部分的行動桌面環境、使用者自訂及鑑認 管理員及Web服務應用程式。已設定組態後,MD 405可進 一步與電腦環境415協作,以便處理一或多個Web服務(例 如,Web服務資料及/或電腦應用程式)。在此背景下,MD 405 可使用通信網路435來向合作的MDMS 420要求Web服務資 料及/或電腦應用程式,以便處理彼等Web服務。在此案例 中,MDMS 420可運作以鑑認MD 405,藉此確保參與方使 用者(圖中未繪示)及行動裝置405具有所要求之資料及/或 電腦應用程式的正確權限。此類鑑認程序還可採用可駐存 在該MD 405上的一或多個安全性周邊裝置,包括(但不限於) 96373.doc -23- 1259730 生物測定安全性周邊裝置、視網膜掃描安全性周邊裝置及 安全性語音辨識周邊裝置。 如果已經過適當鑑認,MDMS 420可進一步運作以在 MDMS 420本機尋找所要求之資料及/或電腦應用程式,並 且透過通信網路435將彼等所要求之資料及/或電腦應用程 式(例如,Web服務)提供給該經鑑認之MD 405,或者,MDMS 420可運作以與第三方服務提供者440協作,以便獲得要傳 達給該經鑑認之MD 405的Web服務。當與第三方服務Web 提供者440協作時,MDMS 420可運作以使用轉譯引擎425, 將源自於第三方Web服務提供者440的Web服務430轉譯成 MD原生(native)格式。另外,MDMS 420可運作以在滿足來 自於經鑑認之MD 405的Web服務要求時,使用加密引擎445 來加密所要求的Web服務。 另外,MDMS 420可進一步運作以使用一所選的加密協定 (例如,PKI加密)來與檔案系統(圖中未繪示)協作,以便獲 得要傳達給MD 405的Web服務。合作的檔案系統可包括(但 不限於)標案配置表(file allocation table ; FAT)檔案系統及 新技術構案系統(new technology files system ; NTFS)。 圖5繪示部署在例證性網路連線電腦環境中之例證性行 動裝置管理伺服器(MDMS)之示例性組件的方塊圖。如圖所 示,例證性網路連線電腦環境包括站點A、站點B及站點C, 各站點分別具有示例性MDMS及組件。站點A包括MDMS 502, MDMS 502本身具有作業系統504。圖中所示之作業系 統(OS) 504支援java虛擬機器(JVM) 506,接著java虛擬機 96373.doc -24- 1259730 器(JVM) 506支援MDMS. java程式碼508。本文中的MDMS. java程式碼508包括SOAP鏈結(chaining) 538及服務548。另 外,作業系統504還可運作以支援且協作於使用者資料庫 5 10、金鑰資料庫512及檔案儲存區514。再者,作業系統504 還可運作以支援且協作於常駐應用程式550、JVM 552及 JVM 554。另外,作業系統504還可運作以支援且協作於加 密驅動程式、通信介面驅動程式及網路驅動程式。鏡像處 理OS 504,MDMS 502維護硬體,例如,在MDMS 502運作 期間協作於加密驅動程式、通信介面驅動程式及網路驅動 程式的硬體加速器、通信介面埠及通信介面卡(NIC)。 另外,如圖所示,MDMS包括儲存區域網路(SAN)/網路 附接式儲存裝置(NAS)介面516,介面516可運作以將MDMS 5 02連接至合作之檔案/資料存放區5 18及合作之MDMS 520 和522。可透過通信網路5 19將SAN/NAS介面5 16耦合至合作 之檔案/資料存放區518及合作之MDMS 520和522。再者, 如圖所示,MDMS 502可與駐存在MDMS 502本機或與 MDMS 502地理分隔的其他MDMS環境536和528協作。 MDMS環境536可包括MDMS 534及檔案/資料存放區532。 同樣地,MDMS環境528可包括以運作方式耦合檔案/資料存 放區 524白勺 MDMS 526及MDMS 5 30 ° SOAP鏈結模組538内可駐存數個子組模,包括(但不限 於):一封包偵查器(packet sniffer),其可運作以監視資料 通信;安全性強制執行(security enforcement),其可運作以 維護資料權限及存取;使用方式/監視器(usage/monitor), 96373.doc -25- 1259730 其可運作以計量服務使用方式;以及一 Web服務代理伺服 器(web services proxy),其可運作以快取要與要求方組件 (例如,經鑑認的MD,圖中未繪示)協作的Web服務。彼等 子組模可受控於一或多個子組模應用程式,包括(但不限 於):管理偵錯器(administration debugger),用於在該封包 偵查器(packet sniffer)子組模上執行;安全性管理員 (security manager),用於在該安全性/強制執行子組模上執 行;計量管理員(metering manager),用於在該使用方式/ 監視器子組模上執行;以及代理伺服器管理員(proxy manager),用於在該Web服務代理伺服器上執行。 SOAP鏈結模組548内可駐存數個子組模,包括(但不限 於):一行動裝置管理員;一加密管理員(PKCS管理員);一 檔案傳輸服務;一 Web服務管理員;Web服務存取控制服 務;一 Web服務計量服務;一通用描述、描述、探索與整 合目錄(Universal, Description, Discovery, and Integration; UDDI)服務;一 IJDDI存放庫(UDDI repository) 服務;一檔案系統(例如,Omni檔案系統);一 SOAP代理伺 服器管理員(SOAP proxy)服務;一 Web服務轉譯器服務;以 及一服務品質作業,其運作以執行包括(但不限於)負載平 衡、MDMS帶電交換(hot swapping)及錯誤後移轉等功能。 常駐應用程式55 0可包括(但不限於)安全性、路由器、 8八>^以八3控制及力口密控制。]^]^ 5 52可包括在加密資訊(例 如,金鑰資訊)、使用者鑑認、服務配罝及MDMS java作業 上運作且予以處理的程式碼。相比之下,JVM 554可包括允 96373.doc -26- 1259730 許模擬行動裝置硬體組態的j ava程式碼。 在運作過程中,MDMS充分利用一或多個上文所述之組 件來處理Web服務要求,並且使用加密處理序來安全地提 供Web服務給使用鑑認和確認資訊的要求方合作之組件。 MDMS 5 02可與其他MDMS環境(例如,MDMS環境 536和 528) 協作以滿足Web服務要求。 在一項例證實施中,MDMS 501提供安裝管理使用者資 料、應用程式和服務登錄及協調儲存裝置。在運作過程中, MDMS 50 1支援使用者存取及管理功能。例如,行動桌面使 用者可透過MDMS 501來連線至其應用程式及資料。在此背 景下,已連線後,MDMS 501就會檢查使用者鑑認及偏好設 定。可自動強制實行存取控制,並且可將「面板」(skins) 套用至應用程式及服務,促使應用程式及服務配合參與方 使用者的環境。應用程式及資料之要求可配合本機裝置之 速度予以處理,並且可基於改良系統來予以監視。 另外,MDMS 502還可運作以讓使用者能夠存取其具有權 限的檔案存放區(例如,518、532和524),並且發行檔案至 個人、群組或全球。在此背景下,MDMS 502可採用各種 MDMS組件,藉以提供檔案、應用程式/服務(548和550)及 大容量儲存裝置之管理。另外,由於MDMS 5 02讓系統管理 員能夠使用合作之行動裝置(圖中未繪示)來從遠端位置連 線至MDMS 5 02,因此允許更強固的系統管理。 如圖5所示,MDMS 502可包括數個功能組件及模組。彼 等組件及模組可運作以提供各項功能,包括(但不限於)安全 96373.doc -27- 1259730 性、行動裝置管理、加密金鑰追蹤和管理、交易計量、樓 案系統管理、應用程式/服務管理、應用程式訂閱管理、Web 服務監視、舊型基礎設施擴充、資料存放區管理及叢集部 署和管理。 圖6繪示示例性MDMS 5〇2與合作之MDMS和MD協助時 所執行的程序。如圖所示,程序從步驟6〇〇開始,並且進行 到步騾605,在步驟6〇5實行檢查以判定是否需要建立或更 新合作之MD鑑認。如果在步驟6〇5的檢查結果指示出不需 要建互或更新MD鑑認,則程序返回步驟6〇〇並繼續程序。 然而,如果在步騾605的檢查結果指示出需要建立或更新 MD鑑認,則程序進行到步驟61〇,在步驟61〇實行檢查以判 足合作之MD是否是MDMS的新合作對象且需要MDMS進行 起始鑑認。如果在步驟61〇的檢查結果指示出需要鑑認新的 MD,則程序進行到步驟615,由MDMs產生關於新的鑑 認資訊。接著,程序進行到步驟62〇,產生加密金鑰並且傳 達至被鑑認的MD。接著,在步驟625,將鑑認和加密資訊 傳達至被鑑認的合作之MD。接著,]^〇]^;5使用該鑑認和加 么” W在&作之描案系統上建立適用於Md之群組成員的 關聯性。接著在步驟635進行檢查,以判定是否已成功鑑 認。如果在步驟635的檢查結果指示出視為未成功鑑認,則 私序進行到步驟64〇以產生錯誤。接著在步騾645,可矯正 鑑認錯誤。接著,程序返回步驟635並繼續程序。 然而,如果在步驟635判定已通過鑑認測試,則程序進行 到步馭650 ’在步驟65〇實行檢查以判定是否需要變更合作 96373.doc •28- 1259730 之MD的權限。如果在步驟650的檢查結果指示出需要變更 權限,則程序進行到步驟655,以更新鑑認及/或加密資訊。 接著,程序返回步驟635並繼續程序。 然而,如果在步驟650的檢查結果指示出不需要變更權 限,則程序進行到步驟660,以MD鑑認組態設定結束。再 者,如果在步驟6 10的檢查結果指示出不是需要鑑認的新 MD,則程序進行到步騾650並繼續程序。 圖7繪示在示例性Web服務處理實施中,行動裝置管理伺 服器502所執行的程序。如圖7所示,程序從步騾700開始, 並且進行到步驟705,在步騾705實行檢查以判定MDMS是 否已進行與合作之電腦網路通信。如果在步驟700的檢查結 果指示出未進行通信,則程序返回步騾700並繼續程序。然 而,如果在步驟705判定MDMS已進行與合作之電腦網路通 信,則程序進行到步驟710,在步驟710實行檢查以判定一 或多個合作之MD是否已向該MDMS要求一或多個Web服 務。如果在步驟710的檢查結果指示出沒有MD要求Web服 務,則程序返回步驟710並繼續程序。 然而,如果在步驟710的檢查結果指示出一或多個合作之 MD已要求一或多個Web服務,則程序進行到步驟7 1 5,由 MDMS使用MD安全性和鑑認服務來鑑認該MD。接著在步 驟720進行檢查,以判定是否已鑑認MD。如果已鑑認MD, 則程序進行到步騾735,以處理Web服務要求。然後,在步 驟740及步驟745,MDMS和MD執行Web服務。 然而,如果在步驟720的檢查結果指示出未成功鑑認 96373.doc -29- 1259730 MD,則程序進行到步驟725以產生錯誤。接著,程序進行 到步驟727,在步驟727實行檢查以判定是否再次嘗試鑑 認。如果在步驟727的檢查結果指示出再次嘗試MD鑑認, 則程序返回步騾720並繼續程序。然而,如果在步驟727判 定未再次嘗試MD鑑認,則程序於步驟730終止。 圖8繪示在另一項Web服務處理實施中,行動裝置管理伺 服器502所執行的程序。如圖8所示,程序從步驟800開始, 並且進行到步騾805,在步騾805實行檢查以判定一或多個 經鑑認之MD是否已要求一或多個Web服務。如果在步驟805 的檢查結果指示出沒有經鑑認之MD要求Web服務,則程序 返回步驟800並繼續程序。然而,如果在步騾805的檢查結 果指示出有一或多個經鑑認之MD是否已要求一或多個Web 服務,則程序進行到步驟810,由MDMS從合作之資料存放 區、合作之Web服務提供者及其他合作之MDMS中任何項目 來擷取資料及/或電腦應用程式。接著,在步驟815實行檢 查以判定所擷取的Web服務是否需要轉譯成MD原生Web服 務格式。如果在步騾815的檢查結果指示出需要轉譯,則程 序進行到步驟825,依據所選之加密協定(例如,使用公開/ 私密金鑰)來加密所要求之資料及/或電腦應用程式。接著, 程序進行到步騾830,將已加密之資料及/或電腦應用程式 傳達至要求方經鑑認之MD。接著,在步驟835,由MDMS 來計量MD作業,以便獲得使用方式、行為、相似性及類似 的度量資訊。然後,在步騾840儲存該計量資料以供未來使 用。接著,在步驟845實行檢查以判定是否要報告該儲存之 96373.doc -30- 1259730 口里貝料。如果在步驟845的檢查結果指示出要報告該計量 貝料’則程序進行到步驟850,分析該計量資料以產生計量 報告。接著程序在步驟855終止。 然而’如果在步·驟815的檢查結果指示出需要轉譯,則程 序進彳丁到步驟82〇以將所要求之Web服務轉譯成MD原生 Web服務。接著,程序進行到步騾825並繼續程序。 圖9績不在另一項Web服務處理實施中,MDMS 502所執 行的程序。如圖9所示,程序從步騾900開始,並且進行到 步驟905 ’在步驟9〇5實行檢查以判定一或多個經鑑認之 疋否已要求一或多個Web服務。如果在步驟9〇5的檢查結果 指示出沒有經鑑認之MD要求Web服務,則程序返回步驟9〇〇 並繼續程序。然而,如果在步騾9〇5的檢查結果指示出有一 或多個經鑑認之MD是否已要求一或多個Web服務,則程序 進行到步驟910,由MDMS從合作之檔案存放區、合作之Web 服務提供者及其他合作之MDMS中任何項目來擷取資料及/ 或電腦應用程式。接著,在步驟915實行檢查以判定所擷取 的Web服務是否需要轉譯成MD原生Web服務格式。如果在 步驟915的檢查結果指示出需要轉譯,則程序進行到步驟 925,依據所選之加密協定(例如,使用公開/私密金鑰)來加 密所要求之資料及/或電腦應用程式。接著,程存進行到步 驟930,將已加密之資料及/或電腦應用程式傳達至要求方 經鑑認之MD。接著,在步驟935實行檢查以判定介sMdms 與合作之MD之間的通信鏈結是否為使用中狀離、。 如果在步騾935的檢查結果指示出通信鏈結為使用中狀 96373.doc 31 1259730 態,則程序進行到步驟945以使任何快取之交易同步化。接 著,在步驟950,由迎⑽來計量MD作業,以便獲得使用 方式、行為、相似性及類似的度量資訊。然後,在步驟955 儲存該計量資料以供未來使用。接著,在步驟_實行檢查 以判定是否要報告該儲存之計量資料。如果在步驟96〇的檢 查結果指示出要報告該計量資料,則程序進行到步驟965, 分析該計量資料以產生計量報告。接著程序在步驟97〇終 然而,如果在步驟935的檢查結果指示出通信鍵結不是在 使用中狀態’則程序進行到步驟9伽快取所要求之職服 務。接著,程序進行到步驟935並繼續程序。再者,如果在 步㈣5的檢查結果指示出需要轉譯,則程序進行到步驟 _以將所要求之Web服務轉譯成MD原纟糾服務。接著, 程序進行到步驟925並繼續程序。 +又疮迷 < 系統及方法提供 ^ 1下4亍f力裝置 平臺-部分之行動裝置管理飼服器。然而,應明白,本發 明容許各種修改及替代建構。本發日林限定於如本文所述 ㈣疋建構。反之,本發明預定涵蓋屬於本發明精神盘範 嚀内的所有修改案、替代建構及同等案。 〃 請注意’在各種電腦環境(包括非無線及無線電腦環 兄)、局邵電腦環境及真實環境中皆可實施本發明。本文中 :說明的各種技術可運用硬體、軟體或軟硬體組合來實 :。較佳方式為,可在維護可程式化電腦的電腦環境中來 貫施各項技術,其中電腦包括處理器、處理器可讀取的儲 96373.doc -32- 1259730 存媒體(包_發性及非揮發性記憶體及/或儲存元件)、至 乂個幸則入裝置及至少一個輸出裝置。配合各種指令集協 =之電腦硬體邏輯被套用至資料,以執行如上文所述之功 此並且產生輸出資訊。輸出資訊被供至—或多個輸出裝 置較佳方式為,可使用各種程式設計語言(包括高階程序 或物件導向式程式設計語言)來實施示例性電腦硬體所使 用的私式,以與電腦系統通信。作為例證,若希望,可使 用組合語言或電腦語言來實施本文描述之裝置及方法。在 任何情況下,語言可能是編譯或解譯語言。較佳方式為, 每個電腦程式係儲存在一般或特殊用途之可程式化電腦可 讀取的儲存媒體或裝置(例如,R0M或磁碟),用於當電腦 謂取儲存媒體或裝置時來組態及操作電腦,以便執行如上 又所述之程序。裝置也可建構為電腦可讀取的儲存媒體並 使用電腦程式設定其組態,其中儲存媒體被組態成促使電 腦以特定或預先定義的方式運作。 雖然如文中已詳細說明本發明之示例性實施,但是熟乘 此類技術者很容易明白示例性具體實施例有許多可實行的 額外修改案,而不會實質上脫離本發明的新穎講授内容與 優點。據此,這些及所有此類修改案預定涵蓋在本發明的 範疇内。下列示例性申請專利範圍更適當地定義本發明。 【圖式簡單說明】 現在將參考附圖來詳細說明行動裝置平臺及使用方法, 圖中: 圖1繪示根據本文描述之系統及方法之實施的示例性電 96373.doc -33- 1259730 腦環境方塊圖; 圖2繪示根據本文描述 環境方塊圖; 之系統及方法的示例性 電腦網路 圖3、、、曰示根據本文描述之系統及方 組件間互動之方塊圖; 圖憎示根據本文描述之系統及方法的行動裝 、 例證實施方塊圖; 至又 圖5緣根據本文描述之系統及方法的例證性行動 管理伺服詻之示例性架構方塊圖; 圖6输示根據本文描述之系統及方法,例證性行動裝置管 理伺服器所執行之處理使用者和裝置管理程序的流程圖; 圖7繪示根據本文描述之系統及方法,例證性行動裝置管 理伺服器處理Web服務要求時所執行之程序的流程圖; 圖8繪π根據本文描述之系統及方法,例證性行動裝置管 理伺服器在Web服務程序期間轉譯Web服務時所執行之程 序的流程圖; 圖9繪示根據本文描述之系統及方法,例證性行動裝置管 理伺服器執行計量及間歇連線處理時所執行之程序的流程 圖。 【主要元件符號說明】 100 電腦系統(資料處理系統,電腦作業環境) 105 系統匯流排 110 中央處理單元(CPU) 112 互連 96373.doc -34- 1259730 115 微處理器 120 記憶體控制器 125 隨機存取記憶體(RAM) 130 唯讀記憶體(ROM) 135 周邊裝置控制器 140 印表機 145 鍵盤 150 滑鼠 155 資料儲存機 160 通信網路 163 顯示器控制器 165 顯示器 170 網路卡 180 作業系統 1801 電腦應用程式 200 網路連線電腦環境 210 平板式個人電腦 215 行動電話 220 電話 225 個人數位助理 300, 400 行動裝置平臺 305 通信介面 310, 405 行動裝置(MD) 410 MD/電腦環境通信介面 96373.doc -35- 1259730 415 電腦環境 420 行動裝置管理伺服器(MDMS) 425 轉譯引擎 430 Web服務 435 通信網路 440 第三方Web服務提供者 445 加密引擎 A, B,C 站點 502, 520, 522, 534 行動裝置管理伺服器(MDMS) 504 作業系統(OS) 506, 552, 554 Java虛擬機器(JVM) 508 MDMS.Java程式碼 510 使用者資料庫 512 金鑰資料庫 514 檔案儲存區 516 儲存區域網路(SAN)/網路附接式儲存裝置 (NAS)介面 518, 524, 532 檔案/資料存放區 519 通信網路 528, 536 MDMS環境 96373.doc -36- 1259730 538 548 550 SOAP鏈結(chaining)模組 服務模組 常駐應用程式 96373.doc -37-96373.doc The computer environment 10 0 collaborates on multiple computer applications 180, 100 for user interaction. The s-22- 1259730 computer environment 205 cooperates to obtain data and/or computer applications in the form of web services. 4 illustrates the interaction between components of an exemplary mobile device platform 400. As shown in FIG. 4, the exemplary mobile device platform 400 includes a mobile device (MD) 405, a computer environment 410, a communication network 435, a mobile device management server (MDMS) 420, and a third party web service provider 440. Further, as further shown in the MD decomposition diagram, the MD 405 further includes a processing unit (PU), an operating system (OS), a storage memory (RAM/ROM), and an MD communication interface. Moreover, MDMS 420 further includes a translation engine 425, a web service 430, and an encryption engine 445. In operation, the MD 405 communicates with the computer environment 415 via the MD/computer environment communication interface 410 using one or more MD components PU, OS, RAM/ROM, and MD communication interfaces. When communicating with the computer environment 415, the MD 405 can launch one or more computer applications (not shown), which can include, but are not limited to, a mobile desktop environment, user customization, and authentication as part of the configuration. Identify administrators and web service applications. Once the configuration has been configured, the MD 405 can further cooperate with the computer environment 415 to process one or more web services (e. g., web service profiles and/or computer applications). In this context, the MD 405 can use the communication network 435 to request web services and/or computer applications from the cooperating MDMS 420 to handle their web services. In this case, MDMS 420 is operable to authenticate MD 405, thereby ensuring that the participant user (not shown) and mobile device 405 have the correct permissions for the required data and/or computer application. Such an authentication procedure may also employ one or more security peripherals that may reside on the MD 405, including but not limited to, 96373.doc -23- 1259730 biometric security peripherals, retinal scan security perimeters Device and security speech recognition peripheral device. If properly identified, the MDMS 420 can be further operated to find the required data and/or computer applications on the MDMS 420 and to access the required data and/or computer applications via the communication network 435 ( For example, a web service is provided to the authenticated MD 405, or the MDMS 420 is operable to cooperate with a third party service provider 440 to obtain a web service to be communicated to the authenticated MD 405. When collaborating with the third party service web provider 440, the MDMS 420 can operate to translate the web service 430 originating from the third party web service provider 440 into an MD native format using the translation engine 425. In addition, MDMS 420 can operate to encrypt the required web service using encryption engine 445 when meeting the web service requirements from authenticated MD 405. In addition, MDMS 420 can be further operative to cooperate with a file system (not shown) using a selected encryption protocol (e.g., PKI encryption) to obtain a Web service to be communicated to MD 405. The cooperative file system may include (but is not limited to) a file allocation table (FAT) file system and a new technology files system (NTFS). 5 is a block diagram showing exemplary components of an illustrative Walker Management Server (MDMS) deployed in an illustrative network-connected computer environment. As shown, the illustrative network-connected computer environment includes Site A, Site B, and Site C, each having exemplary MDMS and components, respectively. Site A includes an MDMS 502, which itself has an operating system 504. The operating system (OS) 504 shown in the figure supports a Java Virtual Machine (JVM) 506, and then the Java Virtual Machine 96373.doc -24-1259730 (JVM) 506 supports the MDMS.java code 508. The MDMS.java code 508 herein includes a SOAP chaining 538 and a service 548. In addition, operating system 504 is also operative to support and cooperate with user database 5 10, key database 512, and archive storage area 514. Moreover, operating system 504 is also operative to support and cooperate with resident application 550, JVM 552, and JVM 554. In addition, operating system 504 is also operative to support and collaborate with encryption drivers, communication interface drivers, and network drivers. The image processing OS 504, MDMS 502 maintains hardware, for example, a hardware accelerator, a communication interface, and a communication interface card (NIC) that cooperate with the encryption driver, the communication interface driver, and the network driver during the operation of the MDMS 502. Additionally, as shown, the MDMS includes a storage area network (SAN)/network attached storage (NAS) interface 516 that is operative to connect the MDMS 052 to a collaborative file/data storage area 5 18 And cooperate with MDMS 520 and 522. The SAN/NAS interface 5 16 can be coupled to the collaborative archive/data storage area 518 and the cooperating MDMSs 520 and 522 via the communication network 5 19 . Again, as shown, the MDMS 502 can cooperate with other MDMS environments 536 and 528 that reside in the MDMS 502 native or geographically separated from the MDMS 502. The MDMS environment 536 can include an MDMS 534 and a file/data storage area 532. Similarly, the MDMS environment 528 can include the MDMS 526 and the MDMS 5 30 ° SOAP link module 538 that can be coupled to the file/data storage area 524 in an operational manner, including but not limited to: Packet sniffer, which operates to monitor data traffic; security enforcement, which operates to maintain data permissions and access; usage/monitor, 96373.doc -25- 1259730 It can operate to measure the way the service is used; and a web service proxy that can operate to cache the requestor component (for example, the identified MD, not shown in the figure) Show) collaborative web services. The sub-modules can be controlled by one or more sub-module applications, including but not limited to: an administration debugger for execution on the packet sniffer sub-module a security manager for performing on the security/enforced subgroup model; a metering manager for executing on the usage mode/monitor subgroup module; and an agent A server manager (proxy manager) for execution on the web service proxy server. The SOAP link module 548 can reside in a plurality of subgroup modules, including but not limited to: a mobile device administrator; an encryption administrator (PKCS administrator); a file transfer service; a web service administrator; Service access control service; a Web service metering service; a general description, description, exploration and integration directory (Universal, Description, Discovery, and Integration; UDDI) service; an IJDDI repository (UDDI repository) service; a file system ( For example, the Omni file system); a SOAP proxy server (SOAP proxy) service; a web service translator service; and a quality of service operation that performs, but is not limited to, load balancing, MDMS live swap ( Hot swapping) and post-error transfer. The resident application 55 0 may include, but is not limited to, security, router, 8 8 > ]^]^ 5 52 may include code that operates and processes on encrypted information (eg, key information), user authentication, service configuration, and MDMS java jobs. In contrast, the JVM 554 may include a Java code that allows the 96373.doc -26-1259730 hardware configuration of the simulated mobile device. In operation, MDMS leverages one or more of the components described above to handle Web service requirements and uses an encryption process to securely provide Web services to the requesting component of the authentication and validation information. MDMS 5 02 can work with other MDMS environments (eg, MDMS environments 536 and 528) to meet web service requirements. In an exemplary implementation, MDMS 501 provides installation management user data, application and service login and coordination storage devices. In operation, MDMS 50 1 supports user access and management functions. For example, mobile desktop users can connect to their applications and materials via MDMS 501. In this context, the MDMS 501 will check the user authentication and preferences after it has been connected. Access control can be enforced automatically, and "skins" can be applied to applications and services to enable applications and services to match the environment of the participating users. Application and data requirements can be handled at the speed of the unit and can be monitored based on an improved system. In addition, MDMS 502 is also operative to allow users to access their archived storage areas (e.g., 518, 532, and 524) and to distribute files to individuals, groups, or the world. In this context, MDMS 502 can employ a variety of MDMS components to provide management of files, applications/services (548 and 550) and mass storage devices. In addition, because MDMS 5 02 allows system administrators to connect to the MDMS 052 from a remote location using a cooperative mobile device (not shown), a stronger system management is allowed. As shown in FIG. 5, the MDMS 502 can include a number of functional components and modules. Their components and modules operate to provide functions including, but not limited to, security 96373.doc -27-1259730, mobile device management, encryption key tracking and management, transaction metering, building system management, applications Program/service management, application subscription management, web services monitoring, legacy infrastructure augmentation, datastore management, and cluster deployment and management. Figure 6 illustrates the procedure performed by the exemplary MDMS 5.2 with the cooperative MDMS and MD assistance. As shown, the program begins at step 6 and proceeds to step 605 where a check is performed to determine if an MD authentication for the cooperation needs to be established or updated. If the result of the check in step 6〇5 indicates that it is not necessary to build or update the MD authentication, the program returns to step 6 and continues the program. However, if the result of the check in step 605 indicates that MD authentication needs to be established or updated, the program proceeds to step 61, where a check is performed to determine whether the cooperative MD is a new partner of the MDMS and requires MDMS. Perform initial identification. If the result of the check in step 61 indicates that a new MD needs to be authenticated, the program proceeds to step 615 where new authentication information is generated by the MDMs. Next, the program proceeds to step 62, generating an encryption key and transmitting it to the authenticated MD. Next, at step 625, the authentication and encryption information is communicated to the authenticated cooperative MD. Then, [^^]^;5 uses the authentication and addition" W to establish the association of the group members applicable to Md on the <RTI ID=0.0> If the result of the check in step 635 indicates that the authentication is deemed unsuccessful, then the private sequence proceeds to step 64 to generate an error. Then, at step 645, the error can be corrected. Then, the program returns to step 635. And continue the procedure. However, if it is determined in step 635 that the authentication test has passed, the program proceeds to step 650' to perform a check at step 65 to determine whether it is necessary to change the authority of the MD of cooperation 96373.doc • 28-1259730. If the result of the check in step 650 indicates that the change permission is required, the program proceeds to step 655 to update the authentication and/or encrypt the information. Next, the program returns to step 635 and continues the program. However, if the check result at step 650 indicates If the change permission is not required, the program proceeds to step 660 to end the MD authentication configuration. Further, if the check result in step 610 indicates that the new MD is not required to be authenticated, then the procedure The sequence proceeds to step 650 and continues the process.Figure 7 illustrates the execution of the mobile device management server 502 in an exemplary web service processing implementation. As shown in Figure 7, the program begins at step 700 and proceeds to Step 705, a check is performed at step 705 to determine if the MDMS has communicated with the cooperating computer network. If the result of the check at step 700 indicates that no communication has been made, then the program returns to step 700 and continues the program. Step 705 determines that the MDMS has communicated with the cooperating computer network, then the process proceeds to step 710 where a check is performed to determine if one or more cooperating MDs have requested one or more web services to the MDMS. If the result of the check in step 710 indicates that no MD requires the web service, the program returns to step 710 and continues the program. However, if the result of the check in step 710 indicates that one or more cooperating MDs have requested one or more web services, then The program proceeds to step 715, and the MDMS uses the MD security and authentication service to authenticate the MD. Next, a check is made at step 720 to determine if the MD has been authenticated. To identify the MD, the program proceeds to step 735 to process the web service request. Then, in steps 740 and 745, the MDMS and the MD execute the web service. However, if the result of the check in step 720 indicates that the authentication was not successful 96373 .doc -29- 1259730 MD, the program proceeds to step 725 to generate an error. Next, the program proceeds to step 727 where a check is performed to determine whether to attempt the authentication again. If the result of the check at step 727 indicates a second attempt MD authentication, the program returns to step 720 and continues the program. However, if it is determined in step 727 that MD authentication has not been attempted again, then the routine terminates at step 730. Figure 8 illustrates the program executed by the mobile device management server 502 in another web service processing implementation. As shown in Figure 8, the process begins at step 800 and proceeds to step 805 where a check is performed to determine if one or more authenticated MDs have requested one or more web services. If the result of the check in step 805 indicates that there is no authenticated MD requesting web service, then the program returns to step 800 and continues the program. However, if the result of the check at step 805 indicates whether one or more authenticated MDs have requested one or more web services, then the program proceeds to step 810 where the MDMS collaborates with the data storage area, the collaborative web. Any item in the service provider and other cooperating MDMS to retrieve data and/or computer applications. Next, a check is performed at step 815 to determine if the retrieved web service needs to be translated into the MD native web service format. If the result of the check at step 815 indicates that translation is required, then the program proceeds to step 825 to encrypt the requested data and/or computer application in accordance with the selected encryption protocol (e.g., using a public/private key). Next, the program proceeds to step 830 to communicate the encrypted data and/or computer application to the MD that the requesting party has authenticated. Next, at step 835, the MD job is metered by the MDMS to obtain usage metrics, behavior, similarity, and similar metric information. The metering data is then stored at step 840 for future use. Next, a check is performed at step 845 to determine if the stored 96373.doc -30-1259730 bark is to be reported. If the result of the check at step 845 indicates that the metering material is to be reported, then the program proceeds to step 850 where the metering data is analyzed to produce a metering report. The program then terminates at step 855. However, if the result of the check in step 815 indicates that translation is required, the program proceeds to step 82 to translate the requested web service into an MD native web service. Next, the program proceeds to step 825 and continues the program. Figure 9 shows the program executed by MDMS 502 in another Web service processing implementation. As shown in Figure 9, the process begins at step 900 and proceeds to step 905' where a check is performed to determine if one or more authenticated ones have requested one or more web services. If the result of the check in step 9〇5 indicates that there is no authenticated MD request web service, the program returns to step 9〇〇 and continues the program. However, if the result of the check in step 〇5 indicates whether one or more authenticated MDs have requested one or more web services, the program proceeds to step 910 where the MDMS collaborates with the file storage area. Any of the Web Services Providers and other collaborative MDMS projects to capture data and/or computer applications. Next, a check is performed at step 915 to determine if the retrieved web service needs to be translated into an MD native web service format. If the result of the check in step 915 indicates that translation is required, then the program proceeds to step 925 to encrypt the requested data and/or computer application in accordance with the selected encryption protocol (e.g., using a public/private key). Next, the process proceeds to step 930 to communicate the encrypted data and/or computer application to the MD that is required to be authenticated. Next, a check is performed at step 935 to determine if the communication link between the sMdms and the cooperating MD is in use. If the result of the check at step 935 indicates that the communication link is in the state of use 96373.doc 31 1259730, the program proceeds to step 945 to synchronize any cache transactions. Next, at step 950, the MD job is metered by Ying (10) to obtain usage metrics, behavior, similarity, and similar metric information. The metering data is then stored at step 955 for future use. Next, a check is performed at step _ to determine whether the stored measurement data is to be reported. If the result of the check at step 96 indicates that the metering data is to be reported, the program proceeds to step 965 where the metering data is analyzed to generate a metering report. The program then ends at step 97. However, if the result of the check at step 935 indicates that the communication key is not in use, then the program proceeds to step 9 to perform the required service. Next, the program proceeds to step 935 and continues the program. Furthermore, if the result of the check in step (4) 5 indicates that translation is required, the program proceeds to step _ to translate the requested web service into the MD original corrective service. Next, the program proceeds to step 925 and continues the program. + and sore fans < system and method provides ^ 1 4 亍 f force device platform - part of the mobile device management feeding device. However, it should be understood that the invention is susceptible to various modifications and alternative constructions. This issue is limited to the construction of (4) 疋 as described in this article. Instead, the present invention is intended to cover all modifications, alternative constructions and equivalents that are within the spirit of the invention. 〃 Please note that the invention can be implemented in a variety of computer environments, including non-wireless and wireless computer rings, in the local computer environment and in the real environment. In this article: The various techniques described can be implemented using a combination of hardware, software, or hardware and software: Preferably, the technology can be implemented in a computer environment for maintaining a programmable computer, wherein the computer includes a processor and a processor readable storage medium (Package _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ And non-volatile memory and/or storage components), to a lucky device and at least one output device. The computer hardware logic is applied to the data in conjunction with various instruction sets = to perform the functions described above and to generate output information. The output information is supplied to - or a plurality of output devices. Preferably, various programming languages (including high-level programs or object-oriented programming languages) can be used to implement the private use of the exemplary computer hardware to interact with the computer. System communication. By way of example, the combination of language or computer language can be used to implement the apparatus and methods described herein. In any case, the language may be a compiled or interpreted language. Preferably, each computer program is stored in a general-purpose or special-purpose programmable computer-readable storage medium or device (for example, a ROM or a disk) for when the computer refers to a storage medium or device. Configure and operate the computer to perform the procedures described above. The device can also be constructed as a computer readable storage medium and configured using a computer program configured to cause the computer to operate in a specific or predefined manner. Although the exemplary embodiments of the present invention have been described in detail herein, it will be readily understood by those skilled in the art advantage. Accordingly, these and all such modifications are intended to be included within the scope of the present invention. The following exemplary patent application scope defines the invention more appropriately. BRIEF DESCRIPTION OF THE DRAWINGS A mobile device platform and method of use will now be described in detail with reference to the accompanying drawings in which: FIG. 1 illustrates an exemplary electrical environment in accordance with the implementation of the systems and methods described herein. 96373.doc -33-1259730 Brain Environment FIG. 2 is a block diagram of an exemplary computer network according to the system and method described herein; FIG. 2 is a block diagram showing the interaction between the system and the components according to the description herein; Illustrated block diagram of an exemplary operational management servo system in accordance with the systems and methods described herein; FIG. 6 is a block diagram of an exemplary operational management servo system according to the systems and methods described herein; Method, illustrative flow diagram of a processing user and device management program executed by a server; FIG. 7 illustrates an exemplary mobile device management server executing a web service request in accordance with the systems and methods described herein Flowchart of the program; Figure 8 depicts π according to the system and method described herein, an illustrative mobile device management server in a web service program A flowchart of the program executed during translation between Web service; FIG. 9 illustrates a system according to the method described in this document and performed measurement exemplary mobile device management server and the intermittent connection procedure executed by the processing flow of FIG. [Main component symbol description] 100 Computer system (data processing system, computer working environment) 105 System bus 110 Central processing unit (CPU) 112 Interconnect 96373.doc -34- 1259730 115 Microprocessor 120 Memory controller 125 Random Access Memory (RAM) 130 Read Only Memory (ROM) 135 Peripheral Device Controller 140 Printer 145 Keyboard 150 Mouse 155 Data Storage 160 Communication Network 163 Display Controller 165 Display 170 Network Card 180 Operating System 1801 Computer Application 200 Network Connection Computer Environment 210 Tablet PC 215 Mobile Phone 220 Telephone 225 Personal Digital Assistant 300, 400 Mobile Device Platform 305 Communication Interface 310, 405 Mobile Device (MD) 410 MD/Computer Environment Communication Interface 96373 .doc -35- 1259730 415 Computer Environment 420 Mobile Device Management Server (MDMS) 425 Translation Engine 430 Web Service 435 Communication Network 440 Third Party Web Service Provider 445 Encryption Engine A, B, C Sites 502, 520, 522 , 534 Mobile Device Management Server (MDMS) 504 Operating System (OS) 506, 552, 5 54 Java Virtual Machine (JVM) 508 MDMS.Java Code 510 User Database 512 Key Database 514 File Storage Area 516 Storage Area Network (SAN) / Network Attached Storage (NAS) Interface 518, 524 , 532 file / data storage area 519 communication network 528, 536 MDMS environment 96373.doc -36- 1259730 538 548 550 SOAP chaining module service module resident application program 96373.doc -37-