Patent Grant
8468587
As the Internet continues to grow and become more pervasive in homes, more and more consumer products are expected to be connected to the Internet and interconnected with one another over local area networks (LANs). For example, an Internet-equipped refrigerator can maintain an inventory of groceries and re-order when necessary. An Internet-equipped alarm clock can communicate with a source of current weather and road conditions and determine the correct time to wake up someone. Likewise, a digital picture frame is a processor-based device that may be used like a conventional picture frame to display pictures, such as pictures of family and friends and the like. However, with a digital picture frame, the pictures may be changed and displayed digitally. Some digital picture frames have network connectivity capabilities so that they can periodically download pictures over a modem or broadband connection from the Internet into a local memory for display. Networked devices such as refrigerators, clocks, digital picture frames and the like are examples of networked appliances, which may be defined as dedicated function consumer devices containing a networked processor. That is, a networked appliance is a less fully featured processor-based device that has a network connection.
One problem with a networked appliance as well as many other types of networked devices is that they often have limited user input capabilities. This presents a problem if the networked device needs to receive or otherwise become associated with data over the Internet. For example, a screen-based appliance such as a digital picture frame may only have a user interface that comprises a few buttons on its screen, perhaps with a screen based keyboard to enter more complex data. Such keyboards are cumbersome at best, because the user generally must use arrow buttons to navigate to the desired character and hit “enter” to get the data into the picture frame. Overall, the limited user input capabilities of digital picture frames make it difficult to handle, store and transfer digital media files, particularly when attempting to download such files from a server hosting a web based service. For instance, in order to download digital media files, digital media frames often need to be configured to access the appropriate service, which typically requires typing in a URL for the service. Likewise, a networked refrigerator may need to download a shopping list over the Internet. In both these cases it is relatively cumbersome to type the information needed to associate the device with the desired information given the limited input capabilities of such networked devices and appliances.
A user of a networked device such as a networked appliance having limited input capabilities can use the technology disclosed herein to download information such as digital media files or other service-oriented data from an online service without having to input a significant amount of information using the device or appliance. In some illustrative examples this is accomplished by having the networked device call into the service via a public interface such as a URL. The service provides the device with a claim token. The claim token is presented to the user on a display of the networked device. The user visits a web site associated with the service, registers or signs in as appropriate and types the claim token in the web site, thereby binding the claim token to the end user. The user then goes back to the networked device and selects a “continue” or “next” button, which causes the claim token to be passed back to the service. The service then returns a permanent device identifier to the networked device, which the device can use for subsequent calls into the service.
This Summary is provided to introduce a selection of concepts in a simplified form that are further described below in the Detailed Description. This Summary is not intended to identify key or essential features of the claimed subject matter, nor is it intended to be used as an aid in determining the scope of the claimed subject matter. The term “tools,” for instance, may refer to system(s), method(s), computer-readable instructions, and/or technique(s) as permitted by the context above and throughout the document.
In some implementations the networked devices depicted in
In use, a user may employ a web-based image service to access digital media files that he or she wishes to download to the digital picture frame. The media files that the user wishes to download may be images that other users have uploaded to share with the user, images that the user him- or herself has uploaded, imaged obtained from photo-sharing or social networking sites such as Facebook, Flicker, Windows Live and the like as well as from other online sources. In any case, the user will typically need to establish an account with the image service by accessing, for instance, a server (e.g., server 30 shown in
To overcome this problem, the digital picture frame performs a two factor binding to the service through a common identifier. In particular, an authorized user can bind the device to the service using a separate networked device that has a more capable user interface than is available on the networked device onto which the media files or other information are to be downloaded. One example of the process used to perform this task will now be presented in connection with the flowchart shown in
First, in step 310, the digital picture frame connects to the service when it boots up or is otherwise initialized, or when the user presses a physical, screen-based or virtual button associated with its user interface. This can be achieved by contacting the image service with a location identifier, for example, a public URL that points to the image service. In some cases the digital picture frame optionally may send in step 320 the image service selected information characterizing the digital picture frame such as its manufacturer, model number, serial number and the like. This information may be encoded in a format referred to herein as a manufacturer ID. The image service may use the manufacturer ID to customize the image files sent to the digital picture frame based on a variety of characteristics of the frame such as its size, resolution, orientation, supported formats and so on.
Once the image service has been contacted by the digital picture frame, the service in step 330 returns a claim token that is presented on the display or user interface portion of the frame. Optionally, a cryptographic string also may received from the service. The claim token may be an arbitrary alphanumeric string generated by the service. The user is instructed to visit the service in step 340 and enter the token, after which the user is to select “next” on the user interface of the frame. For this purpose a URL or other location identifier to the service may be provided. The user may employ a computer such as a personal computer, a notebook computer or a handheld device in order to communicate with the image service by typing in the URL. The user logs in to the service, enters the claim token, returns to the frame, and selects “next” on its user interface. This process binds the claim token to the user.
The length of the claim token's character string will generally depend on the length of time over which the token remains valid. In particular, a shorter code will be valid for a shorter length of time, whereas a longer string will be valid for a longer length of time. For instance, a shorter claim token will typically need to be claimed within a few hours from the time it is generated. Of course, a shorter character string will be more convenient for the user. However, it should be sufficiently long so that it is difficult for a hacker to guess. Of course, even if a hacker were to correctly guess the character string, it would not be a particularly serious problem because the user simply would be requested to start the process over. Once a claim token has expired it may be reused by the service.
In step 350, the digital picture frame makes a second call to the service after the user enters “next” through its user interface. During this call the frame passes back the claim token (and the cryptographic string, if employed) to the server. It may also send the manufacturer ID that was sent to the service during the first call, thereby allowing the service to verify that this is the same frame that made the initial request. In response to this second call the image service returns a device ID to the frame in step 360. The device ID will be used by the frame when it needs to make subsequent calls to the service in order to request (using e.g., an http query) and download digital media files. That is, the device ID binds the digital picture frame to the user's account with the service.
In some implementations the request for digital media files may cause service to return media files and/or additional URLs or other location identifiers in an RSS feed. The RSS feed may describe a list of images available from the image service for download and rendering on the digital picture frame. These individual images may comprise a wide variety of images available from photo share sites, dynamic content transformed by the image service, and images directly generated by the image service. Images generated by the image service may be high fidelity images constructed using raw information content, e.g., weather or news, rendered by the image service specifically for the digital picture frame rather than an image representation of a web page.
One important advantage of the technique for retrieving digital media files described above is that the user never needs to enter any data using the digital picture frame. Rather, the user logs in and enters the claim token using a computer or other device that has a more full-featured user interface such as a keyboard.
In the event that the claim token passed back to the service by the frame is invalid or has timed-out, the user will be presented with an error code and asked to restart the process on the frame. If the frame is given to another user, that user can reactivate the service by contacting the service to receive a new claim token.
In the event that a hacker enters a claim token into the image service's web site before the legitimate user does so, the legitimate user will receive an error when he or she attempts to enter the claim token and will be asked to start the process over. If the user were to ignore the error message and select “enter” on the frame, the user would simply receive digital media files intended for the hacker, which is not a high breach of security since the legitimate user is viewing the hackers' media files; the hacker is not able to view the legitimate user's media files. Accordingly, the legitimate user's privacy is protected.
To enhance security to reduce the likelihood of access by a hacker or other unauthorized user, in some implementations a cryptographic string may be sent to the digital picture frame along with the claim token. The cryptographic string would not be visible to the user. When the user selects “next” on the frame to return the claim token (after logging in to the service and entering the token via a computer) the cryptographic string is passed back to the service, thus further verifying that the frame returning the token is indeed the same frame that made the initial request.
The technology described herein may be implemented as logical operations and/or modules in one or more systems. The logical operations may be implemented as a sequence of processor-implemented steps executing in one or more computer systems and as interconnected machine or circuit modules within one or more computer systems. Likewise, the descriptions of various component modules may be provided in terms of operations executed or effected by the modules. The resulting implementation is a matter of choice, dependent on the performance requirements of the underlying system implementing the described technology. Accordingly, the logical operations making up the embodiments of the technology described herein are referred to variously as operations, steps, objects, or modules. Furthermore, it should be understood that logical operations may be performed in any order, unless explicitly claimed otherwise or a specific order is inherently necessitated by the claim language.
In some implementations, articles of manufacture are provided as computer program products. In one implementation, a computer program product is provided as a computer-readable medium storing an encoded computer program executable by a computer system. Another implementation of a computer program product may be provided in a computer data signal embodied in a carrier wave by a computing system and encoding the computer program. Other implementations are also described and recited herein.
The above specification, examples, and data provide a complete description of the structure and use of exemplary embodiments of the invention. Although various embodiments of the invention have been described above with a certain degree of particularity, or with reference to one or more individual embodiments, those skilled in the art could make numerous alterations to the disclosed embodiments without departing from the spirit or scope of this invention. In particular, it should be understand that the described technology may be employed independent of a personal computer. Other embodiments are therefore contemplated. It is intended that all matter contained in the above description and shown in the accompanying drawings shall be interpreted as illustrative only of particular embodiments and not limiting. Changes in detail or structure may be made without departing from the basic elements of the invention as defined in the following claims.
| Number | Name | Date | Kind |
|---|---|---|---|
| 6226642 | Beranek et al. | May 2001 | B1 |
| 6243104 | Murray | Jun 2001 | B1 |
| 6307641 | Hamano et al. | Oct 2001 | B1 |
| 6377991 | Smith et al. | Apr 2002 | B1 |
| 6397246 | Wolfe | May 2002 | B1 |
| 6807577 | Gillespie et al. | Oct 2004 | B1 |
| 6886013 | Beranek | Apr 2005 | B1 |
| 6886095 | Hind et al. | Apr 2005 | B1 |
| 6891953 | DeMello et al. | May 2005 | B1 |
| 6978373 | Hild et al. | Dec 2005 | B1 |
| 7003495 | Burger et al. | Feb 2006 | B1 |
| 7047416 | Wheeler et al. | May 2006 | B2 |
| 7055040 | Klemba et al. | May 2006 | B2 |
| 7076495 | Dutta et al. | Jul 2006 | B2 |
| 7096418 | Singhal et al. | Aug 2006 | B1 |
| 7103778 | Kon et al. | Sep 2006 | B2 |
| 7111254 | Rosen et al. | Sep 2006 | B1 |
| 7120897 | Ebbo et al. | Oct 2006 | B2 |
| 7143347 | Su | Nov 2006 | B2 |
| 7185193 | Watanabe et al. | Feb 2007 | B2 |
| 7242406 | Robotham et al. | Jul 2007 | B2 |
| 7243238 | Watanabe et al. | Jul 2007 | B2 |
| 7251780 | Cheng | Jul 2007 | B2 |
| 7263205 | Lev | Aug 2007 | B2 |
| 7287158 | Futamura et al. | Oct 2007 | B2 |
| 7297062 | Gatto et al. | Nov 2007 | B2 |
| 7412478 | Caruso et al. | Aug 2008 | B1 |
| 7801942 | Caruso et al. | Sep 2010 | B2 |
| 7809609 | Hikida | Oct 2010 | B2 |
| 7853593 | Serdy, Jr. et al. | Dec 2010 | B2 |
| 20010014878 | Mitra et al. | Aug 2001 | A1 |
| 20020026574 | Watanabe et al. | Feb 2002 | A1 |
| 20020026577 | Futamura et al. | Feb 2002 | A1 |
| 20020026581 | Matsuyama et al. | Feb 2002 | A1 |
| 20020046336 | Kon et al. | Apr 2002 | A1 |
| 20020062396 | Kakei et al. | May 2002 | A1 |
| 20020161794 | Dutta et al. | Oct 2002 | A1 |
| 20030009542 | Kasal et al. | Jan 2003 | A1 |
| 20030025728 | Ebbo et al. | Feb 2003 | A1 |
| 20040098313 | Agrawal et al. | May 2004 | A1 |
| 20040181667 | Venters et al. | Sep 2004 | A1 |
| 20040205650 | Cheng | Oct 2004 | A1 |
| 20040249768 | Kontio et al. | Dec 2004 | A1 |
| 20050038874 | Ramaswamy et al. | Feb 2005 | A1 |
| 20050137889 | Wheeler | Jun 2005 | A1 |
| 20050138410 | Masuouka et al. | Jun 2005 | A1 |
| 20050165617 | Patterson et al. | Jul 2005 | A1 |
| 20050198353 | Zmrzli | Sep 2005 | A1 |
| 20050203882 | Godley | Sep 2005 | A1 |
| 20050223084 | Cheng | Oct 2005 | A1 |
| 20050256923 | Adachi | Nov 2005 | A1 |
| 20060048212 | Tsuruoka et al. | Mar 2006 | A1 |
| 20060085731 | Cui et al. | Apr 2006 | A1 |
| 20060248192 | Morris, III et al. | Nov 2006 | A1 |
| 20060265652 | Seitz et al. | Nov 2006 | A1 |
| 20070016941 | Gonzalez et al. | Jan 2007 | A1 |
| 20070024909 | Hanechak | Feb 2007 | A1 |
| 20070044146 | Murase et al. | Feb 2007 | A1 |
| 20070162961 | Tarrance et al. | Jul 2007 | A1 |
| 20070240076 | Astala et al. | Oct 2007 | A1 |
| 20070250510 | Nachman | Oct 2007 | A1 |
| 20070277114 | Mudge et al. | Nov 2007 | A1 |
| 20070291153 | Araki et al. | Dec 2007 | A1 |
| 20080015987 | Ramavarjula et al. | Jan 2008 | A1 |
| 20080020738 | Ho et al. | Jan 2008 | A1 |
| 20080028085 | Venkatavaradan et al. | Jan 2008 | A1 |
| 20080041936 | Vawter | Feb 2008 | A1 |
| 20080052772 | Conrado et al. | Feb 2008 | A1 |
| 20080072303 | Syed | Mar 2008 | A1 |
| 20080123843 | Machani | May 2008 | A1 |
| 20080143890 | Rosencwaig et al. | Jun 2008 | A1 |
| 20080152146 | Conrado et al. | Jun 2008 | A1 |
| 20080155675 | Tu et al. | Jun 2008 | A1 |
| 20080168139 | Junuzovic et al. | Jul 2008 | A1 |
| 20080189648 | Anglin et al. | Aug 2008 | A1 |
| 20080189766 | Bell et al. | Aug 2008 | A1 |
| 20080222273 | Lakshmanan et al. | Sep 2008 | A1 |
| 20080235594 | Bhumkar et al. | Sep 2008 | A1 |
| 20080275886 | Caruso et al. | Nov 2008 | A1 |
| 20090006271 | Crowder | Jan 2009 | A1 |
| 20090119602 | Nishiyama | May 2009 | A1 |
| 20090132551 | Allen et al. | May 2009 | A1 |
| 20090177761 | Meyer et al. | Jul 2009 | A1 |
| 20090249194 | Day | Oct 2009 | A1 |
| 20100192212 | Raleigh | Jul 2010 | A1 |
| 20120208496 | Raleigh | Aug 2012 | A1 |
| 20120209750 | Raleigh | Aug 2012 | A1 |
| 20120210391 | Raleigh | Aug 2012 | A1 |
| 20120214441 | Raleigh | Aug 2012 | A1 |
| Entry |
|---|
| “VeriSign Unified Authentication”, Retrieved at <<http://www.verisign.com/static/016549.pdf>>, Nov. 16, 2005, VeriSign, pp. 1-18. |
| Bustamante, Michele Leroux , “Secure your ASP.NET Apps and WCF Services with Windows CardSpace”, Retrieved at <<http://msdn.microsoft.com/en-us/magazine/cc163434.aspx>> Aug. 5, 2008, pp. 11. |
| Hockings, Christopher, “Two-Factor Authentication using Tivoli Access Manager WebSEAL”, Retrieved at <<http://www.ibm.com/developerworks/tivoli/library/t-webseal/>>, May 1, 2003, pp. 8. |
| “Great Reasons to Web Enable a Device”, <<http://www.blunkmicro.com/webreasons.htm>> (2 pages). |
| “Wireless Portals and Wireless Service Providers”, <<http://www.insight-corp.com/reports/portals.asp>> (5 pages). |
| Number | Date | Country | |
|---|---|---|---|
| 20100083363 A1 | Apr 2010 | US |
