Cryptography is used to generate a token that both authorizes request processing and establishes constraints on that authorization. A mobile communications device user or client subscribes to an information service of a content provider. A description of the subscribed service is generated. The client applies a digital signature to the description and optionally encrypts the signed description. A token is generated based on the signed description. The content provider presents the token to the request processing entity of a mobile service provider in order to establish trust between the content provider and the request processing entity. The request processing entity decrypts the token and verifies the signature of the client. The request of the content provider is validated through a comparison of the request with the constraints indicated in the decrypted token. Valid requests are processed. For example, a request for location information about the client is fulfilled in order for the content provider to push a local weather report to the mobile device of the client.