Enforcement of proximity based policies

Information

  • Patent Grant
  • 10194266
  • Patent Number
    10,194,266
  • Date Filed
    Tuesday, February 7, 2017
    7 years ago
  • Date Issued
    Tuesday, January 29, 2019
    5 years ago
Abstract
Embodiments of the disclosure are related to enforcing a policy on a computing device, or a companion device, based upon its proximity to another computing device, or an anchor device. In one example, the anchor device and companion device can report their location with respect to one another to a policy server. The policy server can determine whether the anchor device and proximity device are in proximity to one another as well as determine whether a policy should be applied to the companion device based upon whether it is in proximity to the anchor device.
Description
BACKGROUND

Computing devices, such as smartphones, laptop computers, etc., can be equipped with various functionalities and capabilities. For example, applications can be installed upon a computing device, such as a game application, enterprise application, or other type of software application. Computing devices may also be equipped with one or more network interfaces that facilitate communication with other computing devices via a network.





BRIEF DESCRIPTION OF THE DRAWINGS

Many aspects of the present disclosure can be better understood with reference to the following drawings. The components in the drawings are not necessarily to scale, with emphasis instead being placed upon clearly illustrating the principles of the disclosure. Moreover, in the drawings, like reference numerals designate corresponding parts throughout the several views.



FIG. 1 is a drawing of a networked environment according to various embodiments of the present disclosure.



FIG. 2 is a diagram illustrating an example scenario according to various embodiments of the present disclosure.



FIGS. 3A-3D are diagrams illustrating example scenarios according to various embodiments of the present disclosure.



FIGS. 4-6 are flowcharts illustrating examples of functionality implemented as portions of the policy server and agent application according to various embodiments of the present disclosure.





DETAILED DESCRIPTION

The present disclosure is directed to enforcing proximity based policies on computing devices such as smartphones, laptop computers, desktop computers, wearable computing devices, or any other computing device. A proximity based policy, in the context of the present disclosure, comprises a policy whereby proximity to a certain geographic location or proximity to a particular computing device is required in order for certain functionality to be enabled in a computing device. In other words, a companion device or a slave device can be required to be in proximity to an anchor device or master device in order for certain functionality to be enabled on the companion device. In some embodiments, proximity, or lack thereof, to a companion device can also trigger the selection of a device management policy that can be imposed on or selected on behalf of the companion device.


An example of a scenario in which such a policy can be employed is the case of a parent wishing to facilitate the monitoring or metering of usage of a device by a child. For example, a parent may wish to impose a policy in which a device associated with the child is able to use a browser application only when the device associated with the child is in proximity to another device that is associated with the parent. In such a scenario, the parent's device can be designated as an anchor device and the child's device can be designated as a companion device. In order for a particular functionality to be enabled within the companion device, embodiments of the disclosure can require proximity of the companion device to the anchor device. Proximity can be determined by a policy server that receives location indications from the anchor device and the companion device.


Such location indications can comprise geolocation data obtained from a positioning system associated with the respective devices. Such location indications can also include an indication of whether a particular device has received an acknowledgement or ping directly from the other device using a localized communication interface or a network connection. For example, a localized communication interface can comprise a Bluetooth capability, a near-field communication (NFC) interface, a radio-frequency identification (RFID) read or write capability, or any other localized communication interface as can be appreciated. If the devices are out of communication range via the localized communication interface, one or both of the anchor device or companion device can communicate a location indication the policy server that the devices are no longer in proximity to one another.


With reference to FIG. 1, shown is a networked environment 100 according to various embodiments. The networked environment 100 includes a computing environment 103, an anchor device 106, and a companion device 107 which are in data communication with each other through a network 113. The network 113 includes, for example, the Internet, one or more intranets, extranets, wide area networks (WANs), local area networks (LANs), wired networks, wireless networks, other suitable networks, or any combination of two or more such networks. For example, such networks may comprise satellite networks, cable networks, Ethernet networks, telephony networks, and other types of networks.


The computing environment 103 may comprise, for example, a server computer or any other system providing computing capability. Alternatively, the computing environment 103 may employ multiple computing devices that may be arranged, for example, in one or more server banks, computer banks, or other arrangements. Such computing devices may be located in a single installation or may be distributed among many different geographical locations. For example, the computing environment 103 may include multiple computing devices that together form a hosted computing resource, a grid computing resource, and/or any other distributed computing arrangement. In some cases, the computing environment 103 may correspond to an elastic computing resource where the allotted capacity of processing, network, storage, or other computing-related resources may vary over time. The computing environment 103 may also include or correspond to one or more virtualized server instances that are created in order to execute the functionality that is described herein.


Various systems and/or other functionality may be executed in the computing environment 103 according to various embodiments. Also, various data is stored in a data store 116 that is accessible to the computing environment 103. The data store 116 may be representative of a plurality of data stores 116. The data stored in the data store 116, for example, is associated with the operation of the various systems and/or functional entities described below.


A device management system 119 and/or other systems may be executed in the computing environment 103. The device management system 119 may be executed to manage and/or oversee the operation of multiple anchor devices 106 and/or companion devices 107. For example, an employer may operate the device management system 119 to ensure that the anchor devices 106 and/or companion devices 107 of its employees are operating in compliance with various compliance rules. By ensuring that the devices of its employees are operated in compliance with the compliance rules, the employer may control and protect access to various data. As another example, a device manufacturer or software provider may operate the device management system 119 and provide device management capabilities for consumers. For example, a parent may wish to monitor or restrict usage of a device of a child or another user in a household. The device management system 119 may also facilitate access to email, calendar data, contact information, documents, or other data to which an enterprise or other organization may wish to provide access by users via devices such as smartphones, computing devices, a device executing a browser application, mobile application, etc.


In one embodiment, the device management system 119 may provide a management console 123 and/or other components. The management console 123 may facilitate operation and control of the device management system 119. For example, the management console 123 may generate one or more user interfaces that are rendered on a display device (not shown) or accessible using a browser executed by another computing device. Such user interfaces may facilitate entering commands or other information to facilitate configuration of the device management system 119. For example, a user may configure a proximity policy using a user interface generated by the management console 123.


The computing environment 103 may also execute a policy server 126 that facilitates the management of proximity based policies on behalf of users or organizations. The policy server 126 can obtain an indication of a location of various devices that are managed by the device management system 119 as well as determine whether policies are in place with respect to proximity of a particular device relative to another device. The policy server 126 can also transmit commands, or a security command 171, that specify a capability that can be enabled and/or disabled in a companion device 106 in response to detection of the proximity of a companion device 107 to an anchor device 106. In some embodiments, the policy server 126 can be implemented as functionality or logic that is embedded within the device management system 119. In some embodiments, the policy server 126 can also be implemented as a library for which an application programming interface (API) is provided and with which the functionality of the policy server 126 can be invoked by the device management system 119 or any other application or service. Some embodiments may also include the functionality of the policy server 126 being implemented within the anchor device 106 or the companion device 107 by an application executed therein.


The computing environment 103 may also execute other applications to facilitate interactions with an anchor device 106 or companion device 107, such as an application distribution service that distributes applications and/or updates for applications to the devices, a mail server that provides email services and/or functionality, a document storage application that provides remote document storage capability for users, or other applications or services that can be deployed to provide services for its users. Description of such applications or services is not necessary for a complete understanding of embodiments of the disclosure.


The data stored in the data store 116 may include user account data 129, and/or other information. The user account data 129 can include data associated with a user account, such as user profile information as well as information device identifiers 133, proximity policies 134 and other user account data. User profile information can include information about a user's address or location, permissions, and/or privileges with respect to usage of an enterprise device. User profile information can also include access settings such as authentication credentials, delegation settings (e.g., information about other users who may be provided access to the user account data 129 of a particular user), etc.


User account data 129 can also include information about a user account within the computing environment 103. For example, the user account may be associated with an email address or other identifier that is assigned by the computing environment 103. User account data 129 can also include other account settings, such as biographical or demographic information about a user, password reset information, multi-factor authentication settings, and other data related to a user account as can be appreciated. User account data 129 can also include other forms of data associated with users of an enterprise's computing resources that are not shown, such as a user's mailbox data, calendar data, contact data, and other user data. For example, mailbox data includes data associated with one or more mailboxes corresponding to a user account of a user.


The user account data 129 may also include information regarding one or more devices that are associated with a user's account, or device data 133. Such information can be stored as device identifiers, which can comprise any information from which a particular computing device can be identified by the proxy server 126 and/or device management system 119. For example, a device identifier may be a unique hardware identifier such as a GUID (Globally Unique Identifier), UUID (Universally Unique Identifier), UDID (Unique Device Identifier), serial number, IMEI (Internationally Mobile Equipment Identity), Wi-Fi MAC (Media Access Control) address, Bluetooth MAC address, a CPU ID, and/or the like, or any combination of two or more such hardware identifiers. Accordingly, a particular user account may be associated with multiple anchor devices 106 and/or companion devices 107 for which proximity policies 134 can be defined. Device data 133 can also include, for example, the identification of the particular applications that are installed in the anchor devices 106 and/or companion devices 107, historical data regarding the operation of the anchor devices 106 and/or companion devices 107, and/or other information.


User account data 129 can also include proximity policies 134. A proximity policy 134 can identify at least two devices associated with a particular user account. The proximity policy 134 can identify one of the devices as an anchor device 106 and another of the devices as a companion device 107. The proximity policy 134 can further specify a policy that can be placed upon the anchor device 106 and/or the companion device 107 when the devices are within proximity to one another. The proximity policy 134 can also specify a different policy that can be placed upon the anchor device 106 and/or the companion device 107 when the devices are not within proximity to one another.


The proximity policy 134 can also define a level of proximity necessary in order for an anchor device 106 and companion device 107 identified by a proximity policy 134 to be considered in proximity to one another. For example, in one embodiment, proximity of an anchor device 106 to a companion device 107 may be detected through a respective Bluetooth interface of the anchor device 106 and companion device 107. Accordingly, the proximity policy 134 can specify that a periodic ping or acknowledgement must be exchanged by the devices and such a ping or acknowledgement must be associated with a minimum signal strength. As another example, the proximity policy 134 can specify that in order to be considered in proximity to one another, that a ping or acknowledgement must be exchanged by the companion device 107 and anchor device 106 within a certain threshold time period.


The proximity policy 134 can also specify that the anchor device 106 and companion device 107 be within a certain geographic distance of one another based upon geolocation data that is reported by respective positioning systems (e.g., global positioning system capability). The proximity policy 134 can also specify that the anchor device 106 and companion device 107, in order to be considered in proximity with one another, should be associated with a common internet protocol (IP) address or an IP address within a certain range of one another. The proximity policy 134 can also specify that the anchor device 106 and companion device 107 be connected to the same router, switch or Internet gateway device in order to be considered in proximity with one another.


A proximity policy 134 can also specify actions that should be taken in response to a determination that the anchor device 106 and companion device 107 identified by the proximity policy 134 are not in proximity with one another to a degree specified by the proximity policy 134. For example, a proximity policy 134 can specify that if the devices are in proximity with one another, then a particular application can be used or executed on the companion device 107 but that the particular application cannot be used or executed if the devices are not in proximity. For example, the proximity policy 134 can specify that a browser application, a particular game application, or any other application can only be launched by the companion device 107 when it is determined to be in proximity with the anchor device 106. Otherwise, the particular application can be disabled.


As another example, a proximity policy 134 can specify that if an anchor device 106 and companion device 107 are not in proximity with one another, that a hardware or software capability of the companion device 107 should be disabled. For example, the proximity rule 134 can specify that a network capability or an ability to access a local or wide area network should be disabled. In other words, the proximity rule 134 can specify that Internet access of the companion device 107 should be disabled. A proximity policy 134 can specify that if the anchor device 106 and companion device 107 are not in proximity, that a security requirement can be imposed upon the user, such as locking the display of the companion device 107 and requiring a password or personal identification number (PIN) to be entered in order for the companion device 107 to be accessed by the user. As another example of security requirement, one or more of various capabilities of the device can be disabled, such as a camera, Bluetooth interface, or other capabilities of the companion device 107.


The anchor device 106 and companion device 107 are representative of multiple client devices that may be coupled to the network 113. The anchor device 106 may comprise, for example, a processor-based system such as a computer system. Such a computer system may be embodied in the form of a desktop computer, a laptop computer, a personal digital assistant, a mobile phone (e.g., a “smartphone”), wearable computing device, a set-top box, a music player, a web pad, a tablet computer system, a game console, an electronic book reader, or any other device with like capability. The anchor device 106 and companion device 107 may include a display that comprises, for example, one or more devices such as liquid crystal display (LCD) displays, gas plasma-based flat panel displays, organic light emitting diode (OLED) displays, LCD projectors or other types of display devices.


The anchor device 106 and companion device 107 may be configured to execute one or more applications 141, an agent application 143, and/or other components. An application 141 may comprise, for example, one or more programs that perform various operations when executed in the anchor device 106 or companion device 107. Such an operation may comprise, for example, storing data, reading data, controlling a component for an anchor device 106 and/or companion device 107, and/or other functionality. An application 141 may perform some operations by initiating functions that are performed by an operating system in the anchor device 106 and/or companion device 107. An application 141 may initiate operating system functions by, for example, performing API calls. An application 141 can include any software that can be installed upon the anchor device 106 and companion device 107, such as a mail application, a browser application, a game, and other types of applications.


The agent application 143 may be executed on the anchor device 106 and companion device 107 to oversee, monitor, and/or manage at least a portion of the resources for the anchor device 106 and companion device 107. The agent application 143 may be executed by the anchor device 106 and companion device 107 automatically upon startup of the respective device. Additionally, the agent application 143 may run as a background process in the anchor device 106 and companion device 107. In other words, the agent application 143 may execute and/or run without user intervention. Additionally, the agent application 143 may communicate with the device management system 119 and policy server 126 in order to facilitate the management of the respective devices by the policy server 126 and/or device management system 119. For example, the agent application 143 can enforce proximity policies 134 that are specified for a particular anchor device 106 and/or companion device 107 on behalf of the policy server 126. In one scenario, the proximity policies 134 can be stored on an anchor device 106 or a companion device 107, which can enforce the proximity policy 134 by issuing a security command 171 through the agent application 143 in response to detecting that the companion device 107 is no longer in proximity to the anchor device 106. In this scenario, a proximity policy 134 can be enforced upon an anchor device 106 or a companion device 107 without requiring a location indication 169 to be provided to a policy server 126 that is executed by the computing environment 103.


Next, an additional description of the operation of the various components of the networked environment 100 is provided. To begin, a proximity policy 134 can be defined that specifies a policy that can be applied to an anchor device 106 and/or companion device 107 when the anchor device 106 and companion device 107 are in proximity to one another. In order to determine whether the anchor device 106 and companion device 107 are in proximity to one another, the policy server 126 can rely upon location indications 169 that are received from the agent application 143 or any other application executed by the anchor device 106 and companion device 107. The agent application 143 can be configured to periodically generate a location indication 169 that corresponds to a location of the anchor device 106 and/or companion device 107, respectively. The location indication 169 can also comprise an indication of whether the anchor device 106 and companion device 107 are in proximity to one another irrespective of the geographic location of the anchor device 106 and companion device 107.


A location indication 169 can comprise geolocation data obtained by the agent application 143 from a positioning system associated with the anchor device 106 and companion device 107, respectively. Accordingly, the policy server 126 can determine whether the anchor device 106 and/or companion device 107 are in proximity to one another based upon whether the geolocation data reflects that the anchor device 106 and/or companion device 107 are within a threshold distance from one another. In some embodiments, the proximity policy 134 associated with the anchor device 106 and/or companion device 107 can also specify such a threshold distance.


A location indication 169 can also comprise a network location of the anchor device 106 and companion device 107, respectively, such as an IP address or IP address subnet, a service set identification (SSID) of a wireless network to which the anchor device 106 and companion device 107 are respectively connected. A network location can also include any other aspects of a network interface or network connection of the anchor device 106 and companion device 107, respectively, to the network 113. Accordingly, the policy server 126 can determine whether the anchor device 106 and/or companion device 107 are in proximity to one another based upon the parameters of the network location of the anchor device 106 and/or companion device 107.


A location indication 169 can also include information about whether a ping or acknowledgement sent through a localized communication interface, such as Bluetooth, has been sent or received to or from the anchor device 106 and companion device 107, respectively. The agent application 143 can be configured to generate a ping that is transmitted from the anchor device 106 to the companion device 107 and vice-versa. Such a ping can be answered by the anchor device 106 and companion device 107 by an acknowledgement. Such a ping and/or acknowledgement can be transmitted by the agent application 143 using a localized communication interface such that they can only be successfully received by the anchor device 106 and/or companion device 107 when the devices are in proximity to one another.


Accordingly, a corresponding location indication 169 generated by the agent application 143 can include an indication of whether a previous ping generated by the agent application 143 executed by one of the anchor device 106 and/or companion device 107 was acknowledged by the other device. The policy server 126 can determine whether the anchor device 106 and/or companion device 107 are in proximity to one another based upon whether a ping was not acknowledged by one or both of the anchor device 106 and/or the companion device 107. The policy server 126 can also make this determination based upon whether a ping or acknowledgement of the anchor device 106 and/or companion device 107 has not been received for a threshold amount of time. The policy server 126 can also make a determination regarding proximity of the anchor device 106 and companion device 107 based upon a signal strength of a received acknowledgement. For example, if a signal strength does not meet a signal strength threshold, the policy server 126 can determine that the anchor device 106 and companion device 107 are not in proximity to one another.


In some embodiments, the agent application 143 executed by the anchor device 106 and/or companion device 107 can generate periodic transmissions that are sent to the other device using a localized communication interface. Accordingly, in the event that a transmission has not been received for a threshold amount of time, the agent application 143 can generate a location indication 169 that alerts the policy server 126 that the device from which the transmission was expected has not been received.


In response to determining that an anchor device 106 and companion device 107 are in proximity or not in proximity to one another, the policy server 126 can issue a security command 171 that instructs the agent application 143 to apply a policy that is specified by the proximity policy 134 associated with the anchor device 106 and companion device 107. For example, if the policy server 126 determines that the anchor device 106 and companion device 107 are within proximity to one another based upon location indicators 169 received from the anchor device 106 and companion device 107, the policy server 126 can issue a security command 171 to the companion device 107 with respect a functionality that is to be either enabled or disabled within the companion device 107 by the agent application 143. For example, the security command 171 can instruct the agent application 143 of the companion device 107 to enable access to a particular application if the anchor device 106 and companion device 107 are in proximity to one another.


Conversely, if the policy server 126 determines, based upon the location indicators 169, that the anchor device 106 and companion device 107 are no longer in proximity to one another, the policy server 126 can issue a security command 171 to the agent application 143 as specified by a respective proximity policy 143. Such a security command 171 can include a restriction that the agent application 143 can enforce upon the companion device 107 or a security requirement enforced upon the companion device 107 or the user of the companion device 107. In other words, the security command 171 can restrict a capability of the companion device 107 as a result of a lack or proximity to the anchor device 106. For example, the security command 171 can instruct the agent application 143 to disable a particular application installed on the companion device 107. The security command 171 can also instruct the agent application 143 to lock a display of the companion device 107 or impose any other type of security measure. The security command 171 can also restrict access by a user of the companion device 107 to content that is stored on the companion device 107, such as mail, documents, media or other content. Additionally, the security command 171 can restrict the ability of companion device 107 to communicate with other devices through the network 113.


Should proximity to the anchor device 106 be reestablished, the policy server 126 can issue another security command 171 that removes a restriction or enables a particular disabled functionality of the companion device 107. Additionally, in some embodiments, the agent application 143 executed by the anchor device 106 can be configured to issue a security command 171 directly to the companion device 107 or instruct the policy server 126 to issue a security command 171 that enables or disables certain restrictions or functionality irrespective of proximity of the anchor device 106 to the companion device 107. In other words, the anchor device 106, in some embodiments, can override the policy server 126 with respect to proximity policies 134.


Referring next to FIG. 2, shown is an example of an anchor device 106 and companion device 107 that are in proximity to one another. Such proximity is indicated visually in FIG. 2 by the overlapping circles 201 and 203. In the scenario illustrated in FIG. 2, the policy server 126 can determine that the anchor device 106 and companion device 107 are in proximity to one another based upon location indicators 169a and 169b received from the anchor device 106 and companion device 107. In the example shown in FIG. 2, the policy server 126 can determine that the anchor device 106 and companion device 107 are in proximity with one another and also determine whether a proximity policy 134 is associated with the anchor device 106 and companion device 107. If a proximity policy 134 is associated with the anchor device 106 and companion device 107, the policy server 126 can identify an action associated with the proximity policy 134 and issue a security command 171 to the companion device 107 that enables or disables a particular restriction or capability of the companion device 107.


Continuing the example of FIG. 2, reference is now made to FIG. 3A, which illustrates a scenario in which the anchor device 106 and companion device 107 are no longer within the prescribed proximity as defined by the proximity policy 134. As noted above, the policy server 126 can determine whether the anchor device 106 and companion device 107 are in proximity based upon location indicators 169c and 169d that are received from the anchor device 106 and companion device 107.


Therefore, referring to FIG. 3B, because the anchor device 106 and companion device 107 are no longer within proximity to one another as determined by the policy server 126, the policy server 126 can issue a security command 171 to the companion device 107 that comprises an action specified by a corresponding proximity policy 134. The proximity policy 134 can specify a capability of the companion device 107 that should be restricted or disabled now that the companion device 107 is no longer in proximity to the anchor device. The proximity policy 134 can also identify content stored on the companion device 107 and/or any other device that should be unavailable to the companion device 107 as a result of the lack of proximity to the anchor device 106. Accordingly, in the example of FIG. 3B, the policy server 126 can issue a security command 171 to the agent application 143 executed by the companion device 107, which can restrict or remove a capability of the companion device 107 on behalf of the policy server 126.



FIG. 3C illustrates an alternative scenario in which the anchor device 106 can be associated with multiple companion devices 107a and 107b. In the depicted scenario, because the anchor device 106 and companion device 107b are no longer within proximity to one another as determined by the policy server 126, the policy server 126 can issue a security command 171 to the companion device 107b that comprises an action specified by a corresponding proximity policy 134. However, because the anchor device 106 and companion device 107a are in proximity with one another, the policy server 126 can avoid issuing a security command 171 to the companion device 107b. As in the previous example, the proximity policy 134 can specify a capability of the companion device 107a, 107b that should be restricted or disabled should either companion device 107a or 107b move to a location that is no longer in proximity to the anchor device 106. Accordingly, in the example of FIG. 3C, the policy server 126 can issue a security command 171 to the agent application 143 executed by the companion device 107b, which can restrict or remove a capability of the companion device 107b on behalf of the policy server 126.



FIG. 3D presents an alternative scenario in which the anchor device 106 and companion device 107 are in proximity with one another. In the example of FIG. 3D, although the policy server 126 has not determined that the anchor device 106 and companion device 107 are not out of proximity with respect to one another, a user, using the anchor device 106, can cause a security command 171 to be generated and transmitted to the agent application 143 executed by the companion device 107. In this sense, the anchor device 106 can override a proximity policy 134 that is defined for a particular anchor device 106 and companion device 107.


Referring next to FIG. 4, shown is a flowchart that provides one example of the operation of a portion of the policy server 126 according to various embodiments. It is understood that the flowchart of FIG. 4 provides merely an example of the many different types of functional arrangements that may be employed to implement the operation of the portion of the policy server 126 as described herein. As an alternative, the flowchart of FIG. 4 may be viewed as depicting an example of elements of a method implemented in the computing environment 103 (FIG. 1) according to one or more embodiments.


Beginning with box 401, the policy server 126 can obtain a location indication 169 from an anchor device 106. A location indication 169 can include geolocation data with respect to the anchor device 106, a network location of the anchor device 106 and/or an indication of proximity to the companion device 107 based upon data transmissions obtained from the companion device 107 using a localized communication interface. At box 403, the policy server 126 can obtain a location indication 169 from the companion device 107. Next, at box 405, the policy server 126 can determine whether a proximity policy 134 exists that identifies the anchor device 106 and companion device 107.


If a proximity policy 134 that is associated with the anchor device 106 and companion device 107 is identified, then at box 407 the policy server 126 determines whether the policy is violated. Otherwise, the process can proceed to completion at box 414. A proximity policy 134 can be violated should the companion device 107 no longer be in proximity to the anchor device 106 as defined by the proximity policy 134 and as determined by the proximity server 126. If the proximity policy 134 is violated, then at box 409, the policy server 126 can issue a security command 171 to the companion device 107. The security command 171 can comprise a command that instructs the companion device 107 and/or the agent application 143 to modify and/or restrict a functionality of the companion device 107. Otherwise, if the proximity policy 134 is not violated, then the process can proceed to completion at box 414. At box 411, the policy server 126 can determine whether an additional proximity policy 134 is associated with the anchor device 106 and the companion device 107. If so, then the process can proceed to box 407. Otherwise, the process can proceed to completion at box 414.


Referring next to FIG. 5, shown is a flowchart that provides one example of the operation of a portion of the agent application 143 executed by the anchor device 106 according to various embodiments. It is understood that the flowchart of FIG. 5 provides merely an example of the many different types of functional arrangements that may be employed to implement the operation of the portion of the anchor device 106 as described herein. As an alternative, the flowchart of FIG. 5 may be viewed as depicting an example of elements of a method implemented in the anchor device 106 (FIG. 1) according to one or more embodiments.


First, at box 501, the agent application 143 can generate a location indication 169 indicating a location of the anchor device 106 and/or the proximity of the anchor device 106 to a companion device 107. At box 503, the agent application 143 can transmit the location indication 169 to the policy server 126.


Referring next to FIG. 6, shown is a flowchart that provides one example of the operation of a portion of the agent application 143 executed by the companion device 107 according to various embodiments. It is understood that the flowchart of FIG. 6 provides merely an example of the many different types of functional arrangements that may be employed to implement the operation of the portion of the companion device 107 as described herein. As an alternative, the flowchart of FIG. 6 may be viewed as depicting an example of elements of a method implemented in the companion device 107 (FIG. 1) according to one or more embodiments.


First, at box 601, the agent application 143 can generate a location indication 169 indicating a location of the companion device 106 and/or the proximity of the companion device 107 to an anchor device 106. At box 603, the agent application 143 can transmit the location indication 169 to the policy server 126. At box 605, the agent application 143 can determine whether a security command 171 is received from the policy server 126. If so, then at box 607, the agent application 143 can identify a particular restriction identified by the security command 171. At box 609, the agent application 143 can apply the restriction identified by the security command to the companion device 107. The restriction specified by the security command 171 can alter or disable a particular capability of the companion device 107.


The anchor device 106, companion device 107 or devices comprising a computing environment can include at least one processor circuit, for example, having a processor and at least one memory device, both of which are coupled to a local interface, respectively. Such a device may comprise, for example, at least one computer, a mobile device, smartphone, computing device or like device. The local interface may comprise, for example, a data bus with an accompanying address/control bus or other bus structure as can be appreciated.


Stored in the memory device are both data and several components that are executable by the processor. In particular, stored in the one or more memory device and executable by the processor of such a device can be the policy server 126, agent application 143 and potentially other applications. Also stored in the memory may be a data store 113 and other data.


A number of software components are stored in the memory and are executable by a processor. In this respect, the term “executable” means a program file that is in a form that can ultimately be run by the processor. Examples of executable programs may be, for example, a compiled program that can be translated into machine code in a format that can be loaded into a random access portion of one or more of the memory devices and run by the processor, code that may be expressed in a format such as object code that is capable of being loaded into a random access portion of the one or more memory devices and executed by the processor, or code that may be interpreted by another executable program to generate instructions in a random access portion of the memory devices to be executed by the processor, etc. An executable program may be stored in any portion or component of the memory devices including, for example, random access memory (RAM), read-only memory (ROM), hard drive, solid-state drive, USB flash drive, memory card, optical disc such as compact disc (CD) or digital versatile disc (DVD), floppy disk, magnetic tape, or other memory components.


Memory can include both volatile and nonvolatile memory and data storage components. Also, a processor may represent multiple processors and/or multiple processor cores, and the one or more memory devices may represent multiple memories that operate in parallel processing circuits, respectively. Memory devices can also represent a combination of various types of storage devices, such as RAM, mass storage devices, flash memory, hard disk storage, etc. In such a case, a local interface may be an appropriate network that facilitates communication between any two of the multiple processors, between any processor and any of the memory devices, etc. A local interface may comprise additional systems designed to coordinate this communication, including, for example, performing load balancing. The processor may be of electrical or of some other available construction.


The authenticator device 106 and/or computing device 107 may include a display upon which a user interface generated by the file storage application 216 or another application can be rendered. The computing device 106 and/or computing device 107 may also include one or more input/output devices that may include, for example, a capacitive touchscreen or other type of touch input device, fingerprint reader, keyboard, etc.


Although the file storage application 216 and other various systems described herein may be embodied in software or code executed by general purpose hardware as discussed above, as an alternative the same may also be embodied in dedicated hardware or a combination of software/general purpose hardware and dedicated hardware. If embodied in dedicated hardware, each can be implemented as a circuit or state machine that employs any one of or a combination of a number of technologies. These technologies may include, but are not limited to, discrete logic circuits having logic gates for implementing various logic functions upon an application of one or more data signals, application specific integrated circuits (ASICs) having appropriate logic gates, field-programmable gate arrays (FPGAs), or other components, etc. Such technologies are generally well known by those skilled in the art and, consequently, are not described in detail herein.


The flowcharts show an example of the functionality and operation of an implementation of portions of components described herein. If embodied in software, each block may represent a module, segment, or portion of code that comprises program instructions to implement the specified logical function(s). The program instructions may be embodied in the form of source code that comprises human-readable statements written in a programming language or machine code that comprises numerical instructions recognizable by a suitable execution system such as a processor in a computer system or other system. The machine code may be converted from the source code, etc. If embodied in hardware, each block may represent a circuit or a number of interconnected circuits to implement the specified logical function(s).


Although the flowcharts show a specific order of execution, it is understood that the order of execution may differ from that which is depicted. For example, the order of execution of two or more blocks may be scrambled relative to the order shown. Also, two or more blocks shown in succession may be executed concurrently or with partial concurrence. Further, in some embodiments, one or more of the blocks shown in the drawings may be skipped or omitted. In addition, any number of counters, state variables, warning semaphores, or messages might be added to the logical flow described herein, for purposes of enhanced utility, accounting, performance measurement, or providing troubleshooting aids, etc. It is understood that all such variations are within the scope of the present disclosure.


Also, any logic or application described herein that comprises software or code can be embodied in any non-transitory computer-readable medium for use by or in connection with an instruction execution system such as, for example, a processor in a computer system or other system. In this sense, the logic may comprise, for example, statements including instructions and declarations that can be fetched from the computer-readable medium and executed by the instruction execution system. In the context of the present disclosure, a “computer-readable medium” can be any medium that can contain, store, or maintain the logic or application described herein for use by or in connection with the instruction execution system.


The computer-readable medium can comprise any one of many physical media such as, for example, magnetic, optical, or semiconductor media. More specific examples of a suitable computer-readable medium would include, but are not limited to, solid-state drives, flash memory, etc. Further, any logic or application described herein may be implemented and structured in a variety of ways. For example, one or more applications described may be implemented as modules or components of a single application. Further, one or more applications described herein may be executed in shared or separate computing devices or a combination thereof. For example, a plurality of the applications described herein may execute in the same computing device, or in multiple computing devices. Additionally, it is understood that terms such as “application,” “service,” “system,” “engine,” “module,” and so on may be interchangeable and are not intended to be limiting.


It is emphasized that the above-described embodiments of the present disclosure are merely possible examples of implementations set forth for a clear understanding of the principles of the disclosure. Many variations and modifications may be made to the above-described embodiments without departing substantially from the spirit and principles of the disclosure. All such modifications and variations are intended to be included herein within the scope of this disclosure and protected by the following claims.

Claims
  • 1. A non-transitory, computer-readable medium including instructions that, when executed by a processor of an anchor device, cause the processor to perform stages for providing a user with access to an anchor device using a companion device, the stages comprising: receiving a request from the companion device to an application installed on the anchor device;identifying a policy stored in a data store that associates the anchor device and the companion device, wherein the policy is configured at a user interface generated by a management console;determining, by the application of the anchor device, whether to grant access to the anchor device based at least in part upon the request from the companion device; andin response to a determination that the policy is not violated, issuing a command from the application, the command providing a user of the companion device with access to the anchor device.
  • 2. The non-transitory, computer-readable medium of claim 1, wherein the policy specifies access to a capability with respect to launching a particular application on the anchor device by the companion device.
  • 3. The non-transitory, computer-readable medium of claim 2, wherein the particular application comprises a browser application.
  • 4. The non-transitory, computer-readable medium of claim 1, wherein the request from the companion device comprises a first location indication.
  • 5. The non-transitory, computer-readable medium of claim 4, wherein the determination that the policy is not violated is based on a difference between the first location indication and a location of the anchor device.
  • 6. The non-transitory, computer-readable medium of claim 4, wherein the first location indication comprises at least one of a geographic location and a network location.
  • 7. The non-transitory, computer-readable medium of claim 4, wherein the first location indication is communicated by at least one of a Bluetooth interface, a near-field communication (NFC) interface, and a radio-frequency identification (RFID) interface.
  • 8. The non-transitory, computer-readable medium of claim 1, wherein the policy further specifies access to content stored on the anchor device.
  • 9. A method for providing a user with access to an anchor device using a companion device, comprising: receiving a request from the companion device to an application installed on an anchor device;identifying a policy stored in a data store that associates the anchor device and the companion device, wherein the policy is configured at a user interface generated by a management console;determining, by the application of the anchor device, whether to grant access to the anchor device based at least in part upon the request from the companion device; andin response to a determination that the policy is not violated, issuing a command from the application, the command providing a user of the companion device with access to the anchor device.
  • 10. The method of claim 9, wherein the policy specifies access to a capability with respect to launching a particular application on the anchor device by the companion device.
  • 11. The method of claim 10, wherein the particular application comprises a browser application.
  • 12. The method of claim 9, wherein the request from the companion device comprises a first location indication.
  • 13. The method of claim 12, wherein the determination that the policy is not violated is based on a difference between the first location indication and a location of the anchor device.
  • 14. The method of claim 12, wherein the first location indication comprises at least one a geographic location and a network location.
  • 15. The method of claim 12, wherein the first location indication is communicated by at least one of a Bluetooth interface, a near-field communication (NFC) interface, and a radio-frequency identification (RFID) interface.
  • 16. The method of claim 9, wherein the policy further specifies access to content stored on the anchor device.
  • 17. The method of claim 9, wherein the policy is stored in a policy server that operates as part of a device management system to vary and control the types of authorization required between a plurality of anchor devices and companion devices.
  • 18. An anchor device that allows access to a user based on the user operating a companion device, comprising: a memory store;an application installed on the anchor device;a processor, wherein the processor performs stages including: receiving a request for access to the anchor device from the companion device;identifying a policy stored in a data store that associates the anchor device and the companion device, wherein the policy is configured at a user interface generated by a management console;determining whether to grant access to the anchor device based at least in part upon the request from the companion device; andin response to a determination that the policy is not violated, issuing a command from the application that provides access to the anchor device.
  • 19. The method of claim 18, wherein the command from the application causes the anchor device to launch a particular application on the anchor device.
Parent Case Info

This patent application is a continuation of U.S. patent application Ser. No. 14/579,314 (“Enforcement of Proximity Based Policies”), filed Dec. 22, 2014, which is expressly incorporated by reference herein. This patent application claims the benefit of priority to U.S. patent application Ser. No. 14/579,314.

US Referenced Citations (273)
Number Name Date Kind
5574786 Dayan Nov 1996 A
5987609 Hasebe Nov 1999 A
6021492 May Feb 2000 A
6023708 Mendez Feb 2000 A
6078260 Desch Jun 2000 A
6085192 Mendez Jul 2000 A
6131096 Ng Oct 2000 A
6131116 Riggins Oct 2000 A
6151606 Mendez Nov 2000 A
6233341 Riggins May 2001 B1
6560772 Slinger May 2003 B1
6708221 Mendez Mar 2004 B1
6714859 Jones Mar 2004 B2
6726106 Han Apr 2004 B1
6727856 Hill Apr 2004 B1
6741232 Siedlikowski May 2004 B1
6741927 Jones May 2004 B2
6766454 Riggins Jul 2004 B1
6779118 Ikudome Aug 2004 B1
6904359 Jones Jun 2005 B2
6965876 Dabbiere Nov 2005 B2
6995749 Friend Feb 2006 B2
7032181 Farcasiu Apr 2006 B1
7039394 Bhaskaran May 2006 B2
7039679 Mendez May 2006 B2
7064688 Collins Jun 2006 B2
7092943 Roese Aug 2006 B2
7184801 Farcasiu Feb 2007 B2
7191058 Laird Mar 2007 B2
7203959 Nachenberg Apr 2007 B2
7225231 Mendez May 2007 B2
7228383 Friedman Jun 2007 B2
7275073 Ganji Sep 2007 B2
7284045 Marl Oct 2007 B1
7287271 Riggins Oct 2007 B1
7308703 Wright Dec 2007 B2
7310535 MacKenzie Dec 2007 B1
7353533 Wright Apr 2008 B2
7363349 Friedman Apr 2008 B2
7363361 Tewari Apr 2008 B2
7373517 Riggins May 2008 B1
7430757 Chari Sep 2008 B1
7437752 Heard Oct 2008 B2
7444375 McConnell Oct 2008 B2
7447506 Mackenzie Nov 2008 B1
7447799 Kushner Nov 2008 B2
7448023 Chory Nov 2008 B2
7475152 Chan Jan 2009 B2
7496957 Howard Feb 2009 B2
7539665 Mendez May 2009 B2
7543146 Karandikar Jun 2009 B1
7565314 Borgeson Jul 2009 B2
7590403 House Sep 2009 B1
7594224 Patrick Sep 2009 B2
7603547 Patrick Oct 2009 B2
7603548 Patrick Oct 2009 B2
7603703 Craft Oct 2009 B2
7617222 Coulthard Nov 2009 B2
7620001 Ganji Nov 2009 B2
7620392 Maurya Nov 2009 B1
7650491 Craft Jan 2010 B2
7660902 Graham Feb 2010 B2
7665118 Mann Feb 2010 B2
7665125 Heard Feb 2010 B2
7685645 Doyle Mar 2010 B2
7702322 Maurya Apr 2010 B1
7702785 Bruton Apr 2010 B2
7735122 Johnson Jun 2010 B1
7739334 Ng Jun 2010 B1
7752166 Quinlan Jul 2010 B2
7769394 Zhu Aug 2010 B1
7788382 Jones Aug 2010 B1
7792297 Piccionelli Sep 2010 B1
7840631 Farcasiu Nov 2010 B2
7890091 Puskoor Feb 2011 B2
7912896 Wolovitz Mar 2011 B2
7917641 Crampton Mar 2011 B2
7921155 Harrow Apr 2011 B2
7970386 Bhat Jun 2011 B2
7991697 Fransdonk Aug 2011 B2
8001082 Muratov Aug 2011 B1
8012219 Mendez Sep 2011 B2
8041776 Friedman Oct 2011 B2
8046823 Begen Oct 2011 B1
8060074 Danford Nov 2011 B2
8069144 Quinlan Nov 2011 B2
8078157 Maurya Dec 2011 B2
8094591 Hunter Jan 2012 B1
8108687 Ellis Jan 2012 B2
8117344 Mendez Feb 2012 B2
8150431 Wolovitz Apr 2012 B2
8155587 Sasai Apr 2012 B2
8214862 Lee Jul 2012 B1
8225381 Lemke Jul 2012 B2
8276209 Knibbeler Sep 2012 B2
8411834 Gopinath Apr 2013 B2
8423511 Bhatia Apr 2013 B1
8456293 Trundle Jun 2013 B1
8472874 Tang Jun 2013 B2
8687536 Michaelis Apr 2014 B2
8843413 Robert Sep 2014 B2
20020013721 Dabbiere Jan 2002 A1
20020049580 Kutarag Apr 2002 A1
20020157019 Kadyk Oct 2002 A1
20030020623 Cao Jan 2003 A1
20030065950 Yarborough Apr 2003 A1
20030110084 Eberhard Jun 2003 A1
20030164853 Zhu Sep 2003 A1
20030204716 Rockwood Oct 2003 A1
20040003133 Pradhan Jan 2004 A1
20040008113 Pradhan Jan 2004 A1
20040123153 Wright Jun 2004 A1
20040181687 Nachenberg Sep 2004 A1
20040224703 Takaki Nov 2004 A1
20050005113 Dillon Jan 2005 A1
20050097032 Benco May 2005 A1
20050097327 Ondet May 2005 A1
20050181808 Vaudreuil Aug 2005 A1
20050198029 Pohja Sep 2005 A1
20050246192 Jauffred Nov 2005 A1
20060013566 Nakamura Jan 2006 A1
20060067250 Boyer Mar 2006 A1
20060149846 Schuba Jul 2006 A1
20060190984 Heard Aug 2006 A1
20070033397 Phillips Feb 2007 A1
20070130473 Mazotas Jun 2007 A1
20070136492 Blum Jun 2007 A1
20070156897 Lim Jul 2007 A1
20070162417 Cozianu Jul 2007 A1
20070174433 Mendez Jul 2007 A1
20070261099 Broussard Nov 2007 A1
20070288637 Layton Dec 2007 A1
20070300070 Shen-Orr Dec 2007 A1
20080010689 Ooi Jan 2008 A1
20080014947 Carnall Jan 2008 A1
20080065727 Majors Mar 2008 A1
20080070593 Altman Mar 2008 A1
20080133712 Friedman Jun 2008 A1
20080134305 Hinton Jun 2008 A1
20080134347 Goyal Jun 2008 A1
20080160984 Benes Jul 2008 A1
20080201453 Assenmacher Aug 2008 A1
20080268895 Foxenland Oct 2008 A1
20080291897 Sourani Nov 2008 A1
20080301057 Oren Dec 2008 A1
20080307219 Karandikar Dec 2008 A1
20080318548 Bravo Dec 2008 A1
20090036111 Danford Feb 2009 A1
20090080650 Selgas Mar 2009 A1
20090086964 Agrawal Apr 2009 A1
20090089565 Buchanan Apr 2009 A1
20090144632 Mendez Jun 2009 A1
20090186633 Yonker Jul 2009 A1
20090198997 Yeap Aug 2009 A1
20090203375 Gisby Aug 2009 A1
20090260064 McDowell Oct 2009 A1
20090287921 Zhu Nov 2009 A1
20090298514 Ullah Dec 2009 A1
20090300739 Nice Dec 2009 A1
20090307362 Mendez Dec 2009 A1
20100005125 Mendez Jan 2010 A1
20100005157 Mendez Jan 2010 A1
20100005195 Mendez Jan 2010 A1
20100023630 Mendez Jan 2010 A1
20100064354 Irvine Mar 2010 A1
20100083359 Readshaw Apr 2010 A1
20100087144 Korenshtein Apr 2010 A1
20100091711 Sawai Apr 2010 A1
20100094981 Cordray Apr 2010 A1
20100100641 Quinlan Apr 2010 A1
20100100972 Lemieux Apr 2010 A1
20100120450 Herz May 2010 A1
20100131527 Wohlert May 2010 A1
20100131844 Wohlert May 2010 A1
20100138667 Adams Jun 2010 A1
20100144323 Collins Jun 2010 A1
20100146269 Baskaran Jun 2010 A1
20100222645 Nadler Sep 2010 A1
20100254410 Collins Oct 2010 A1
20100257421 Kohno Oct 2010 A1
20100262828 Brown Oct 2010 A1
20100268844 Quinlan Oct 2010 A1
20100273456 Wolovitz Oct 2010 A1
20100299152 Batchu Nov 2010 A1
20100299362 Osmond Nov 2010 A1
20100299376 Batchu Nov 2010 A1
20100299719 Burks Nov 2010 A1
20100317371 Westerinen Dec 2010 A1
20100318701 Srinivasan Dec 2010 A1
20110004941 Mendez Jan 2011 A1
20110039506 Lindahl Feb 2011 A1
20110082900 Nagpal Apr 2011 A1
20110113062 Quinlan May 2011 A1
20110113094 Chunilal May 2011 A1
20110135083 Lingafelt Jun 2011 A1
20110136510 Peterson Jun 2011 A1
20110141276 Borghei Jun 2011 A1
20110145932 Nerger Jun 2011 A1
20110153799 Ito Jun 2011 A1
20110167474 Sinha Jul 2011 A1
20110202589 Piernot Aug 2011 A1
20110225252 Bhat Sep 2011 A1
20110270799 Muratov Nov 2011 A1
20110276805 Nagpal Nov 2011 A1
20110296186 Wong Dec 2011 A1
20110320552 Friedman Dec 2011 A1
20110320819 Weber Dec 2011 A1
20120005578 Hawkins Jan 2012 A1
20120011007 Blewett Jan 2012 A1
20120015644 Danford Jan 2012 A1
20120054385 Lim Mar 2012 A1
20120094639 Carlson Apr 2012 A1
20120102392 Reesman Apr 2012 A1
20120110345 Pigeon May 2012 A1
20120190386 Anderson Jul 2012 A1
20120198547 Fredette Aug 2012 A1
20120252494 Parker Oct 2012 A1
20120262829 Brown Oct 2012 A1
20120272287 Kuhlke Oct 2012 A1
20120284322 Laborczfalvi Nov 2012 A1
20120288091 Honke Nov 2012 A1
20120289153 Dobyns Nov 2012 A1
20120291104 Hasek Nov 2012 A1
20120311329 Medina Dec 2012 A1
20120311686 Medina Dec 2012 A1
20130007245 Malik Jan 2013 A1
20130036459 Liberman Feb 2013 A1
20130040604 Sprigg Feb 2013 A1
20130040629 Sprigg Feb 2013 A1
20130046971 Lu Feb 2013 A1
20130055363 Dattagupta Feb 2013 A1
20130061307 Livne Mar 2013 A1
20130132854 Raleigh May 2013 A1
20130152169 Stuntebeck Jun 2013 A1
20130165232 Nelson Jun 2013 A1
20130174223 Dykeman Jul 2013 A1
20130226696 Cook Aug 2013 A1
20130229930 Akay Sep 2013 A1
20130244614 Santamaria Sep 2013 A1
20130275038 Hania et al. Oct 2013 A1
20130283370 Vipat Oct 2013 A1
20130285855 Dupray Oct 2013 A1
20130304898 Aggarwal Nov 2013 A1
20140013420 Picionielli Jan 2014 A1
20140025256 Armitage Jan 2014 A1
20140066098 Stern Mar 2014 A1
20140068717 Mayes Mar 2014 A1
20140073244 Ko Mar 2014 A1
20140082501 Bae Mar 2014 A1
20140084067 Vanderhulst Mar 2014 A1
20140096180 Negi Apr 2014 A1
20140096212 Smith Apr 2014 A1
20140113556 Kotecha Apr 2014 A1
20140123224 Nosrati May 2014 A1
20140143852 Cottrell May 2014 A1
20140162688 Edge Jun 2014 A1
20140177495 Mallikarjunan Jun 2014 A1
20140198024 Adzhigirey Jul 2014 A1
20140213179 Rosenberg Jul 2014 A1
20140214668 Lotter Jul 2014 A1
20140215212 Dempster Jul 2014 A1
20140222504 Mackenzie Aug 2014 A1
20140223177 Dempster Aug 2014 A1
20140230038 Leong Aug 2014 A1
20140237235 Kuno Aug 2014 A1
20140237614 Irvine Aug 2014 A1
20140258481 Lundell Sep 2014 A1
20140282877 Mahaffey Sep 2014 A1
20140287688 Dempster Sep 2014 A1
20140310771 Marshall Oct 2014 A1
20150163336 Ramos Jun 2015 A1
20150207795 Wentz Jul 2015 A1
20170269955 Hardy Sep 2017 A1
Foreign Referenced Citations (11)
Number Date Country
2149337 Jun 1994 CA
2675137 Dec 2013 EP
2346716 Aug 2000 GB
2361558 Oct 2001 GB
2007304009 Nov 2007 JP
2011234084 Nov 2011 JP
WO9600485 Jan 1996 WO
WO0003316 Jan 2000 WO
WO0241661 May 2002 WO
WO2010052669 May 2010 WO
WO2013109040 Jul 2013 WO
Non-Patent Literature Citations (26)
Entry
Notice of Allowance dated Nov. 23, 2016 for U.S. Appl. No. 14/579,314.
Patent Examination Report dated Sep. 9, 2016 for Application No. 2014235160.
Office Action dated Dec. 15, 2016 for U.S. Appl. No. 13/841,853.
Office Action dated Dec. 21, 2016 for U.S. Appl. No. 15/220,331.
Office Action dated Aug. 12, 2016 for U.S. Appl. No. 13/863,154.
International Search report dated Apr. 11, 2016 for Application No. PCY/US2015/066891.
Office Action dated Dec. 24, 2015 for U.S. Appl. No. 13/828,922.
Office Action dated Nov. 30, 2015 for U.S. Appl. No. 13/841,853.
Office Action dated Aug. 6, 2015 for U.S. Appl. No. 13/828,922.
Office Action dated Jul. 16, 2015 for U.S. Appl. No. 13/875,426.
Office Action dated Jul. 9, 2015 for U.S. Appl. No. 13/841,853.
Office Action dated Mar. 13, 2015 for U.S. Appl. No. 13/828,922.
International Search Report for PCT/US2014/025256 dated Jul. 3, 2014.
Office Action dated Jan. 18, 2013 for U.S. Appl. No. 13/316,073.
Asynchrony Software, Inc. “PDA Defense User Guide”, 726, 2002.
Belani, Eshwar et al., “The CRISIS Wide Area Security Architecture”, 726, 1998.
Benaloh, Josh et al., “Patient Controlled Encryption: Ensuring Privacy of Electronic Medical Records”, 726, Nov. 13, 2009.
Fox, Armando et al., “Security on the Move: Indirect Authentication Using Kerberos”, 726, 1996.
Menaria, Pankaj et al., “Security in Mobile Database Systems”, 707, 726,Mar. 17, 2011.
Pfitzmann, Andreas etal., “Mobile User Devices and Security Modules: Design for Trustworthiness”, 726, Feb. 5, 1996.
Steiner, Jennifer , “Kerberos: An Authentication Service for Open Network Systems”, 726, Jan. 12, 1988.
Strunk, John et al., “Self-Securing Storage: Protecting Data in Compromised Systems”, Symposium on Operating Systems Design and Implementation, 726, 2000.
Non-final Office Action cited in U.S. Appl. No. 13/841,853 dated Jan. 28, 2015.
Final Office Action cited in U.S. Appl. No. 13/863,154 dated Feb. 13, 2015.
Office Action dated Apr. 23, 2018 for U.S. Appl. No. 15/176,686.
Office Action mailed for U.S. Appl. No. 15/176,686.
Related Publications (1)
Number Date Country
20170155684 A1 Jun 2017 US
Continuations (1)
Number Date Country
Parent 14579314 Dec 2014 US
Child 15426322 US