This disclosure relates generally to a mobile electronic device and provisioning thereof in a network environment and, more particularly, to a method and an apparatus of administrating mobile device provisioning and security management in a communication network.
Provisioning involves the process of preparing and equipping a communication network to facilitate new services to mobile devices connected to the communication network. Applications of mobile device management (MDM) or mobile device provisioning are broad and continue to increase. Examples of mobile device management applications include managing the mobile device in a work place by an administrative device or a server to obviate a security breach. Examples of managing the mobile device include controlling activities of the mobile device, securing sensitive data on the mobile device, configuring network connections etc.
Services pertaining to the work place can require custom software or applications. It becomes cumbersome for an employer or a network administrator of the work place to install specific applications and configure the mobile device for seamless communication in the communication network. Further, each end-user may require a different set of facilities on the mobile device used by the end-user. Some native applications on the mobile device may also need to be disabled.
Conventionally, each mobile device is provisioned independently with software and configurations necessary for a seamless work environment. An initial set-up of the mobile device must be performed by the network administrator. The initial set-up with the mobile device includes, for example, configuring a wireless fidelity (Wi-Fi) access point name (APN), storing enterprise contacts, configuring virtual private network (VPN) details, adding custom wallpapers and ringtones, installing enterprise related applications and disabling irrelevant applications, etc.
Conventional methods include authenticating the end-user and the mobile device and transmitting provisioning information to the mobile device from the server. For example, the end-user operates the mobile device and attempts to connect to the communication network by requesting access. Requesting access can include attempting to connect to the communication network through a wireless fidelity (Wi-Fi™) protocol or any other wireless communication protocol. Through the communication link, the end-user may be required to provide authentication details. Based on a successful authentication, the provisioning information is transmitted from the server to the mobile device. The provisioning information is used to configure networking facilities on the mobile device and install applications required by the end-user. This requires a cumbersome mechanism to provision the mobile device since each mobile device expends network resources in requesting access to the communication network and to authenticate the request. There is a need to optimize network resources and mobile device resources to automatically provision the mobile device in the communication network.
These and other aspects of the embodiments herein will be better appreciated and understood when considered in conjunction with the following description and the accompanying drawings. It should be understood, however, that the following descriptions, while indicating preferred embodiments and numerous specific details thereof, are given by way of illustration and not of limitation. Many changes and modifications may be made within the scope of the embodiments herein without departing from the spirit thereof, and the embodiments herein include all such modifications.
Accordingly, the embodiments herein provide a method for automatically provisioning one or more mobile device. The method includes extracting by the one or more mobile devices a wireless link identifier from a wireless link tag. Further, the method includes configuring a wireless link between the one or more mobile devices and an information provider based on the wireless link identifier. Furthermore, the method includes receiving at the one or more mobile devices a provision configuration from the information provider over the wireless link and provisioning the mobile device by configuring the provision configuration.
In an embodiment, the provision configuration comprises information about at least one of an application to be provisioned at the mobile device, an operation of an application to be provisioned at the mobile device, a data item to be provisioned at the mobile device, and an operation of a data item to be provisioned at the mobile device.
In an embodiment, the provision configuration from the information provider is generated upon customization of information about at least one of an application to be provisioned at the one or more mobile devices, an operation of the application to be provisioned at the one or more mobile devices, a data item to be provisioned at the one or more mobile devices, and an operation of the data item to be provisioned at the one or more mobile devices, over a uniform resource link (URL).
In an embodiment, configuring the provision configuration at the one or more mobile devices includes at least one of provisioning an application at the one or more mobile devices, provisioning an operation of an application at the one or more mobile devices, provisioning a data item at the mobile device and provisioning an operation of a data item at the one or more mobile devices.
In an embodiment, the provision configuration is received in an encoded format such as extensible markup language (XML) or Java Script Object Notification (JSON) formats. In another embodiment, the wireless link tag is one of a near field communication (NFC) tag, a Bluetooth-Low Energy (BLE) beacon, a quick response (QR) code tag, a bar code tag, and a radio frequency identification (RFID) tag. Further, the wireless link identifier is extracted by scanning the wireless link tag using the one or more mobile devices.
In an embodiment, the method further includes generating by the one or more mobile devices a provision configuration tag comprising the provision configuration received from the information provider, receiving by the one or more mobile devices a provision configuration identifier by scanning the provision configuration tag using another mobile device, configuring a wireless link between the one or more mobile devices and the another mobile device based on the provision configuration identifier and transmitting by the one or more mobile devices the provision configuration to the another mobile device over the wireless link.
Accordingly, the embodiments herein provide a mobile device that includes a processor, a memory and provision controller, operably coupled to the memory and the processor. The provision controller is configured to extract a wireless link identifier from a wireless link tag, configure a wireless link between the mobile device and an information provider based on the wireless link identifier, receive a provision configuration from the information provider over the wireless link and provision the mobile device by configuring the provision configuration.
These and other aspects of the embodiments herein will be better appreciated and understood when considered in conjunction with the following description and the accompanying drawings. It should be understood, however, that the following descriptions, while indicating preferred embodiments and numerous specific details thereof, are given by way of illustration and not of limitation. Many changes and modifications may be made within the scope of the embodiments herein without departing from the spirit thereof, and the embodiments herein include all such modifications.
This invention is illustrated in the accompanying drawings, throughout which like reference letters indicate corresponding parts in the various figures. The embodiments herein will be better understood from the following description with reference to the drawings, in which:
Various embodiments of the present disclosure will now be described in detail with reference to the accompanying drawings. In the following description, specific details such as detailed configuration and components are merely provided to assist the overall understanding of these embodiments of the present disclosure. Therefore, it should be apparent to those skilled in the art that various changes and modifications of the embodiments described herein can be made without departing from the scope and spirit of the present disclosure. In addition, descriptions of well-known functions and constructions are omitted for clarity and conciseness.
Also, the various embodiments described herein are not necessarily mutually exclusive, as some embodiments can be combined with one or more other embodiments to form new embodiments. Herein, the term “or” as used herein, refers to a non-exclusive or, unless otherwise indicated. The examples used herein are intended merely to facilitate an understanding of ways in which the embodiments herein can be practiced and to further enable those skilled in the art to practice the embodiments herein. Accordingly, the examples should not be construed as limiting the scope of the embodiments herein.
As is traditional in the field, embodiments may be described and illustrated in terms of blocks which carry out a described function or functions. These blocks, which may be referred to herein as managers, engines, controllers, units or modules or the like, are physically implemented by analog and/or digital circuits such as logic gates, integrated circuits, microprocessors, microcontrollers, memory circuits, passive electronic components, active electronic components, optical components, hardwired circuits, and the like, and may optionally be driven by firmware and software. The circuits may, for example, be embodied in one or more semiconductor chips, or on substrate supports such as printed circuit boards and the like. The circuits constituting a block may be implemented by dedicated hardware, or by a processor (e.g., one or more programmed microprocessors and associated circuitry), or by a combination of dedicated hardware to perform some functions of the block and a processor to perform other functions of the block. Each block of the embodiments may be physically separated into two or more interacting and discrete blocks without departing from the scope of the disclosure. Likewise, the blocks of the embodiments may be physically combined into more complex blocks without departing from the scope of the disclosure.
The embodiments herein disclose a method for automatically provisioning a mobile device. The method includes extracting by the mobile device a wireless link identifier from a wireless link tag and configuring a wireless link between the mobile device and an information provider based on the wireless link identifier. Furthermore, the method includes receiving at the mobile device a provision configuration from the information provider over the wireless link and provisioning the mobile device by configuring the provision configuration.
Conventional methods include transmission of configuration settings to a mobile device operating by an end-user in the workplace attempting to connect the mobile device to the communication network. The configuration settings are sent after successfully authenticating the end-user and the mobile device. For example, an end-user operates a mobile device and attempts to connect to the communication by requesting access. Requesting access can include attempting to connect to the communication network through a wireless fidelity (Wi-Fi™) protocol or any other wireless communication protocol. Through the communication link, the end-user can be required to provide authentication details. Based on a successful authentication, provisioning information is transmitted from the server to the mobile device. The provisioning information includes configuration settings pertaining to access point name (APN), storing enterprise contacts, configuring virtual private network (VPN) details, adding custom wallpapers and ringtones, installing enterprise related applications and disabling irrelevant applications. This requires a cumbersome mechanism to provision the mobile device since each mobile device expends network resources in requesting access to the communication network and to authenticate the request. There is a need to optimize network resources and mobile device resources to automatically provision the mobile device in the communication network.
Unlike conventional methods, the proposed method is for automatically provisioning a mobile device. The method includes extracting by the mobile device a wireless link identifier from a wireless link tag and configuring a wireless link between the mobile device and an information provider based on the wireless link identifier. Furthermore, the method includes receiving at the mobile device a provision configuration from the information provider over the wireless link and provisioning the mobile device by configuring the provision configuration. The method further includes generating by the mobile device a provision configuration tag comprising the provision configuration received from the information provider, receiving by the mobile device a provision configuration identifier by scanning the provision configuration tag using another mobile device, configuring a wireless link between the mobile device and the another mobile device based on the provision configuration identifier and transmitting by the mobile device the provision configuration to the another mobile device over the wireless link.
Referring now to the drawings, and more particularly to
The communication network 106 can include a data network such as, but not restricted to, the Internet, local area network (LAN), wide area network (WAN), metropolitan area network (MAN) etc. In certain embodiments, the communication network 106 can include a wireless network, such as, but not restricted to, a cellular network and may employ various technologies including enhanced data rates for global evolution (EDGE), general packet radio service (GPRS), global system for mobile communications (GSM), Internet protocol multimedia subsystem (IMS), universal mobile telecommunications system (UMTS) etc. In some embodiments, the communication network 106 may include or otherwise cover networks or sub-networks, each of which may include, for example, a wired or wireless data pathway. The communication network 106 may include a circuit-switched voice network, a packet-switched data network, or any other network capable for carrying electronic communications. For example, the communication network 106 may include networks based on the Internet protocol (IP) or asynchronous transfer mode (ATM), and may support voice usage, for example, VoIP, Voice-over-ATM, or other comparable protocols used for voice data communications. In one implementation, the communication network 106 includes a cellular telephone network configured to enable exchange of text or SMS messages.
The communication network 106 may further include, but are not limited to, a personal area network (PAN), a storage area network (SAN), a home area network (HAN), a campus area network (CAN), a virtual private network (VPN), an enterprise private network (EPN), Internet, a global area network (GAN), and so forth. Embodiments are intended to include or otherwise cover any type of network, including known, related art, and/or later developed technologies to connect the information provider 102 and the mobile device 104 with each other.
The mobile device 104 can include any electronic device, such as a desktop computer, a portable computer, a smart phone, a tablet computer, a wearable device, and the like. The mobile device 104 can also include a display unit (not shown) for displaying any data. The display unit can include, but not limited to, a Cathode Ray Tube (CRT) display, a Liquid Crystal Display (LCD), a Light Emitting Diode (LED) display, and the like. Embodiments are intended to include or otherwise cover any type of display, including known, related art, and/or later developed technologies.
The information provider 102 includes a non-transitory computer medium that can be configured to receive and transmit communication requests and/or communication responses to and from the mobile device 104. The information provider 102 can be any or a combination of a server, a local computer connected to the communication network 106 or another mobile device connected to the communication network 106.
In some embodiments, the information provider 102 can facilitate a web interface accessible (not shown) via the Internet or the communication network 106 allowing a network administrator or an end-user to provide or customize provisioning information. The end-user or the network administrator may access the web interface at the mobile device 104. In some embodiments, the provision configuration is generated by the information provider upon customization of the provisioning information over a uniform resource link (URL). An administrator may provide the provisioning information through a website at the information provider 102 or from a computing device on the network 106. In some embodiments, the end-user may provide the provisioning information on a website at the mobile device 104. The provisioning information is encoded into a wireless link tag.
Provisioning information further includes configuration information about applications to be provisioned at the mobile device 104, operations of the applications to be provisioned at the mobile device 104, a data item to be provisioned at the mobile device 104, and an operation of the data item to be provisioned at the one or more mobile devices.
For example, the provisioning information can include configuration information pertaining to wireless network access points of the communication network 106 and VPN profiles for secure communication within the communication network 106. In some other embodiments, the provisioning information includes contact information such as, but not limited to, names, phone numbers and e-mails of all users and network administrators of the network 100 for quick and easy access to communication information. Some applications that are pre-integrated on the mobile device 104 can be disabled when the mobile device 104 is configured to be connected to the communication network 106. Further, the provisioning information includes sets of instructions to be executed by a processor of the mobile device 104 that disable ringtones and lowers volume for calls, alarms and notifications.
In an embodiment, the provisioning information includes a web link from which a special application is automatically downloaded, installed and activated as the device administrator application, which sets administrative policies on the mobile device 104. The restrictive polices include aspects relating to length of a password of the mobile device 104 can be or whether the end-user has access to all facilities of the mobile device 104. The provisioning information can be customized over a web link at the mobile device 104 or the information provider 102.
In some embodiments, the information provider 102 establishes a communication pathway with the mobile device 104 to provision the mobile device 104.
In an embodiment, the information provider 102 generates a quick response (QR) code that contains the provisioning information specified at the web interface. The mobile device 104 scans the QR code such that the provisioning information is extracted from the QR code.
In some embodiments, the provisioning information is encoded into near field communication (NFC) data and the end-user taps the mobile device 104 with the information provider 102 to connect the mobile device 104 over the communication network 106.
The configuration generator 202 is a hardware component that encodes information into a wireless link tag or a provision configuration identifier. The wireless link tag or the provision configuration identifier may be, but not limited to a QR code, a near field communication (NFC) tag, a radio frequency identification (RFID) tag and the like. The wireless link extractor 204 decodes encrypted information received by the mobile device 104 and extracts any information such as a uniform resource locator from the encrypted information.
The sensor 230 includes a set of chips that can scan a QR code. In some embodiments, the sensor 230 includes a NFC chip that enables the mobile device 104 to transmit or receive information using the NFC. In other embodiments, the sensor 230 can include a bar code reader. The identification tag reader 250 includes a radio frequency identification (RFID) tag which uses electromagnetic fields to read signals from the RFID tags. The communication controller 240 includes a signal transmitter and a signal receiver for receiving and transmitting data signals. In some embodiments, the communication controller 240 includes any or a combination of chipsets that support communication through wireless fidelity (Wi-Fi), Bluetooth, Bluetooth-Low Energy, 3G/4G communication protocols etc.
The processor 240 may be, but not restricted to, a Central Processing Unit (CPU), a microprocessor, or a microcontroller. The processor 240 is coupled to the provision controller 210, the display controller 220, the sensor 230, the communication controller 240, the identification tag reader 250, the memory 260 and the processor 270. The processor 270 executes sets of instructions stored on the memory 260.
The memory 260 may be, but not restricted to, an electronic, optical, magnetic, or other storage or transmission device capable of providing the processor 270 with computer-readable instructions. The memory 260 can include, but is not limited to, a floppy disk, a compact disk, a digital versatile disk, a magnetic disk, a memory chip, a read only memory (ROM), a random-access memory (RAM), all optical media, all magnetic tape or other magnetic media, or any other medium from which the processor 270 can read instructions. The instructions may comprise code from any suitable computer-programming language, including, but not restricted to, C, C++, C#, Visual Basic, Java, Python, Perl, and JavaScript.
The above data is encoded in the wireless link tag. The wireless link tag is used by the end-user to provision the mobile device 104A. To do the provisioning the end-user re-boots the mobile device 104A (or factory reset the mobile device). The mobile device 104A is provisioned by scanning the wireless link tag, embedded with the provisioning information, shown on the web interface, using the sensor 230 or the identification tag reader 250 on the mobile device 104. At step 302, the wireless link identifier is extracted from the wireless link tag.
The wireless link tag is encrypted using any prevalent encryption methods such that only the wireless link extractor 204 can decrypt the contents embedded in the wireless link tag.
At step 304, the communication controller 240 configures the wireless link between the mobile device 104 and the information provider 102 based on the wireless link identifier extracted from the wireless link tag. In some embodiments, the information provider 102 receives a link with the uniform resource locator pointing to the provisioning information stored on the database through the established wireless link. The mobile device 104 further transmits a request for a provision configuration to the information provider 102. When the information provider 102 receives the request, the request is mapped to the provisioning information corresponding to the encoded information in the wireless link tag. At step 306, the information provider 102 sends the provisioning information to the communication controller 240 on the mobile device 104 as an XML file. The XML file is shown below:
At step 308, the provision controller 210 parses the XML file and uses the information in the XML file to provision the mobile device 104. The mobile device application then parses the XML file and uses the information in the XML file to provision the mobile device 104. The above XML data can also be encrypted with a shared key which is kept private between the information provider 102 and the mobile device 104A or by using any of the other prevalent encryption methodologies used to transmit encrypted data.
In some embodiments, the mobile device 104 can be used to provision another mobile device. For example, the mobile device 104A is provisioned through steps 302 to 306, as shown in the flow diagram 300. The mobile device 104A is further used to provision any of the mobile devices 104B to 104N. In some embodiments, any mobile device of the mobile devices 104A to 104N that is provisioned, can be used to provision any mobile device of the mobile devices 104A to 104N that has not yet been provisioned.
Using the example of the mobile device 104A being provisioned, the steps 308 to 316 of the flow diagram 300 are explained. The mobile device 104A is provisioned using the steps of 302 to 306. The provisioned mobile device 104A stores the XML data in the memory 260. The XML data includes all the provisioning information used to provision the mobile device 104A. The provisioning information includes applications, wallpapers, ringtones and other files. The provisioning information is encoded to a provision configuration identifier generated by the provisioning controller 210. The provision configuration identifier can be, but not limited to a quick response code (QR code) a near field communication (NFC) tag, a Bluetooth-low energy (BLE) beacon, a bar code tag, and a radio frequency identification (RFID) tag. The provision information is received in an encoded format that can be any one of extensible markup language (XML) or Java Script Object Notification (JSON) formats.
In some embodiments, upon scanning the provision configuration identifier, the mobile device 104B is connected to the communication network 106 through a Wireless Fidelity (Wi-Fi) Direct™ protocol. At step 314, the communication controller 240 on the mobile device 104A establishes and configures a wireless link with the mobile device 104B based on the information encoded in the provision configuration identifier.
At step 316, through the established wireless link, all the provisioning information is transmitted to the mobile device 104B. The provisioning controller 210 of the mobile device 104B uses the transmitted provisioning information to configure and provision the mobile device 104B.
In an embodiment, provisioning the mobile device 104 includes provisioning multiple applications, provisioning an operation of an application, provisioning a data item and provisioning an operation of a data item at the mobile device 104. For example, the mobile device 104 can be provisioned to have configuration settings for various access points for connecting to the communication network 106, storing enterprise contacts, configuring virtual private network (VPN) details, adding custom wallpapers and ringtones, installing enterprise related applications and disabling irrelevant applications etc.
At step 504, upon scanning the provision configuration identifier, the mobile device 104B is connected to the communication network 106 through a Wireless Fidelity (Wi-Fi) Direct™ protocol. At step 506, the communication controller 240 on the mobile device 104A establishes and configures a wireless link with the mobile device 104B based on the information encoded in the provision configuration identifier.
At step 508, through the established wireless link, all the provisioning information is transmitted to the mobile device 104B. At step 510, the provisioning controller 210 of the mobile device 104B uses the transmitted provisioning information to configure and provision the mobile device 104B. Provisioning the mobile device 104 includes provisioning multiple applications, provisioning an operation of an application, provisioning a data item and provisioning an operation of a data item at the mobile device 104. For example, the mobile device 104 can be provisioned to have configuration settings for various access points for connecting to the communication network 106, storing enterprise contacts, configuring virtual private network (VPN) details, adding custom wallpapers and ringtones, installing enterprise related applications and disabling irrelevant applications etc.
Provisioning information is provided at the web interface by the network administrator. The web interface can be accessed at any of the mobile devices 104A to 104N or any other computing device connected to the Internet. The provisioning information is transmitted to the information provider 102 and stored on the database (not shown). Based on the location of the provisioning information, the information provider generates a wireless link tag. The wireless link tag is encoded with a wireless link identifier that pertains to a uniform resource locator pointing to the memory location of the stored provisioning information. The wireless link tag can be any of a NFC tag, a BLE beacon, a QR code tag, a bar code tag, and an RFID tag.
To do the provisioning, the mobile device 104 (or factory reset the mobile device 104) is booted up for the first time. Upon being switched on, the processor 270 executes sets of instructions stored in the memory 260 such that the user interface 602 is displayed on a screen of the mobile device 104. The display controller 220 causes the user interface 602 to be shown.
The end-user is provided with a choice between ‘Automated Setup’ and ‘Manual Setup’ as shown in
The mobile device 104 then uses the wireless link identifier to automatically connect to the communication network 106. The wireless link is established between the information provider 102 and the communication controller 240 (shown in
Once, the setup is complete, the user interface 600 indicates that the provisioning is complete as shown in
The embodiments disclosed herein can be implemented through at least one software program running on at least one hardware device and performing network management functions to control the elements. The mobile device 104 retrieves the data from the wireless link tag to automatically connect to the communication network 106.
The foregoing description of the specific embodiments will so fully reveal the general nature of the embodiments herein that others can, by applying current knowledge, readily modify and/or adapt for various applications such specific embodiments without departing from the generic concept, and, therefore, such adaptations and modifications should and are intended to be comprehended within the meaning and range of equivalents of the disclosed embodiments. It is to be understood that the phraseology or terminology employed herein is for the purpose of description and not of limitation. Therefore, while the embodiments herein have been described in terms of preferred embodiments, those skilled in the art will recognize that the embodiments herein can be practiced with modification within the spirit and scope of the embodiments as described herein.
This application claims the benefit of U.S. Provisional Application No. 62/438,429, filed 22 Dec. 2016.
Number | Date | Country | |
---|---|---|---|
62438429 | Dec 2016 | US |