Portable or mobile computing systems, devices, and electronic components in general may be sold or configured to work with a docking station or other component adapted to receive the portable device. Such devices may require hardware or software security mechanisms to prevent unauthorized access, theft, or other unintended consequences.
Computing systems, devices, and components such as laptop computers, thin clients, tablets, smartphones, handheld scanners, retail point of sale devices, and other computing equipment (hereinafter “device” or “devices”) may be portable or mobile, such that the devices can be used in environments where portability is required.
While convenient, such devices may introduce concerns related to theft of the portable hardware, or unpermitted access to the hardware and/or software running on the devices. Such access may have wide-ranging effects including financial loss, loss of productivity, data and identity theft, industrial espionage, audit failures, and other negative consequences.
In some cases, docking stations and/or physical security measures such as locks, keys, and/or cables may be employed to permit or restrict access to a device. However, such measures may result in the need to manage a number of keys for a number of users, especially in a corporate environment, requiring significant overhead. At times, authorized users may be unable to access a device due to a lost key, a broken lock, or an inability to locate an administrator charged with providing access to the device.
Moreover, such measures do not allow for management of access to, for example, input/output (“IO”) ports on a device, such as USB or Firewire ports. Such measures also do not allow for advanced authentication features, such as biometrics or two-factor authentication. Finally, such measures often require the installation of hardware mechanisms such as locks or cables that detract from the appearance of a docking station and/or device.
According to an example of providing access to a portable computing device, a connection is established with a docking station. A request from the docking station to perform an action related to a portable computing device is received, and a rule associated with the portable computing device from a policy database is fetched. A determination is made whether to perform the action, and in the event that an action is to be performed, an instruction is transmitted to perform the action on the docking station.
In an example, in block 102, a connection is established with a docking station. The docking station may be, e.g., a receiving device configured to receive a device, such as a laptop, tablet, or other devices described above. In some examples, a connection may also be established directly with a device paired or mated with a docking station, or with both the docking station and the device.
In block 104, a request for an action is received from the docking station or, in some examples, directly from the device. A requested action may be, for example, to unlock the device from the docking station through remote activation of a physical lock; to unlock the device from the docking station through remote activation of a digital or software lock; to allow access to an input/output (“I/O”) port on the device; or to launch or trigger an application protocol interface (“API”) on the device, or receive input from the API.
In block 106, a rule is fetched from a policy database. The rule may relate to time, the user, groups, the device, the docking station, or some other parameter used to determine whether the action requested in block 104 should be executed. For example, a rule may indicate that a docking station should unlock a physical lock on a docking station to permit removal of a device from the docking station between the hours of 9 AM and 5 PM. In another example, the rule may indicate that access to the USB port on a device or docking station may only be allowed when the device is coupled to the docking station, and only if accessed by a user associated with an administrator group. In other examples, particular users may be restricted from accessing certain devices or docking stations. In yet other examples, the rules may further comprise restrictions, such as bandwidth or traffic restrictions.
In block 108, a determination is made whether to perform the requested action based on the rule. The determination may be based on the processing of a single rule, multiple rules, or combinations of rules using, e.g., Boolean operators.
In block 110, an Instruction is transmitted to the docking station or, in some examples, directly to a device or to both the device and docking station. For example, the instruction may be to unlock a physical lock, using a motor or solenoid, on the docking station, or to permit I/O access. In some examples, the instruction may also include an Instruction to “autolock” a device, e.g., to lock the physical lock or port access after a pre-set interval of use or inactivity.
In block 202, in an example, an instruction is received from a remote server, e.g., the cloud server discussed with respect to
In block 206, if the instruction type is to lock or unlock a physical or mechanical lock, e.g., using a solenoid, the lock is locked or unlocked. For example, the docking station may receive a digital instruction to unlock a device from the docking station, and trigger the solenoid to release a mechanical lock.
In block 208, if the instruction type is to enable an autolock, the autolock feature on the docking station and/or device is enabled. As discussed above, the autolock feature may comprise a timer or countdown, or monitor for a period of inactivity.
In block 210, if the instruction type is to permit or deny access to an I/O port, the access is permitted or denied on the docking station or device. For example, block 210 may permit access to a USB port on a device, but deny access to a Firewire port. In some examples, block 210 may also permit only certain types of traffic over a port, or may throttle the amount of data transmitted over a port based on a rule.
In block 212, if the instruction type is to launch or trigger an application programming interface (“API”), the docking station may instruct the device to launch an API, or the device may receive the Instruction directly. In some examples, the API may be a software tool requesting a password on the device, or other type of authentication such as biometric authentication or a text message code validation routine. The results of block 212 may be transmitted back to a remote server for further processing, e.g., through the steps of
The requests for actions and instructions received and transmitted in
In some examples, docking station 300 may comprise a key lock 304 which may be disabled or overridden, or which may serve as a backup in case access to a remote server, as discussed above, is not available. Arm release lever 306, or other release mechanism, may be utilized to release or remove a device from the docking station 300.
An arm 308 may connect the docking area to a base 310. In some examples, the arm 308 may comprise multiple hinges to allow flexibility of the docking station. Docking station 300 may also comprise an eject switch 312, a charging LED 314, and a docking connector 316.
Docking station 300 may also comprise a hardware switch controller, including one or more chipsets. The hardware switch controller may be coupled to a physical locking mechanism, which may include an electronic solenoid and a power source.
In an example, device 500 comprises a processor or CPU 502, memory 504, network interface 506, and a computer readable medium 510. The processor 502, memory 504, network interface 506, and computer readable medium 510 may be coupled by a bus or other interconnect. In some examples, computer readable medium 510 may comprise an operating system 512, network applications 514, and/or a policy access application 516 for receiving or transmitting instructions and/or processing rules related to access to a device. Device 500 may also comprise an embedded controller.
Some or all of the operations set forth in the figures may be contained as a utility, program, or subprogram In any desired computer readable storage medium, or embedded on hardware. In addition, the operations may be embodied by machine-readable instructions. For example, they may exist as machine-readable instructions in source code, object code, executable code, or other formats. The computer readable medium may also store other machine-readable instructions, including instructions downloaded from a network or the Internet.
The computer-readable medium may also store a firmware that may perform basic tasks such as recognizing input from input devices, such as a keyboard or a keypad; sending output to a display; keeping track of files and directories on a computer readable medium; controlling peripheral devices, such as drives, printers, or image capture devices; and managing traffic on a bus. The network applications may include various components for establishing and maintaining network connections, such as machine readable instructions for implementing communication protocols including but not limited to TCP/IP, HTTP, HTTPS, Ethernet, USB, and FireWire.
The above discussion is meant to be illustrative of the principles and various examples of the present disclosure. Numerous variations and modifications will become apparent to those skilled in the art once the above disclosure is fully appreciated. It is intended that the following claims be interpreted to embrace all such variations and modifications.
Filing Document | Filing Date | Country | Kind |
---|---|---|---|
PCT/US2014/055536 | 9/13/2014 | WO | 00 |