Patent Grant
11350238
This disclosure is related to the field of computer security. In particular, it relates to the use of networking equipment to secure a computer system and/or detect an intruder within a detection area.
Computer security, sometimes colloquially known as cybersecurity, is the protection of the integrity or safety of computers, particularly from theft or damage of hardware, software, or information or data. This includes interference with normal computer operation, such as through denial-of-service attacks, or other disruption or misdirection of services provided or made available by computer systems.
One common way computer systems are compromised is by gaining unauthorized access to the computer and then deploying hidden malware on the compromised machine. Such malware may, for example, scan the device for valuable confidential information and acquire credentials for access to financial accounts. This data is then transmitted from the infected machine to the hacker. Other malware uses compromised machines to form a botnet and then attack other systems over a network. Still other malware uses a compromised computer to mine cryptocurrency. These attacks have one feature in common in that they rely on the use of networking hardware to complete the attack.
Most malware is initially installed due to unpatched security flaws, authorized users improperly providing access, or a combination of those. “Hacking” is sometimes dramatized as sophisticated computer programmers using specialized software or hardware systems to break into secured computers; in reality, hacking is more often accomplished by tricking a person who already has secure access into voluntarily providing access, which can range from providing confidential authentication credentials to improperly hitting “ok” on a prompt. Another way to gain unauthorized access is to use a known attack on a large set of computers and simply accept that computers with up-to-date security patches will be immune. The cost and effort involved in hacking a system with a custom hack is generally prohibitive, so these easier, more reliable and faster hacks are preferred. In the case of the authorized user that is tricked into providing credentials, it is often also difficult to track and nearly impossible to prevent. Because modern computer systems, properly maintained, are very difficult to hack, methods that don't have to subvert a properly maintained modern security system are preferred.
Another way malware may initially be installed is for someone to install it on an unattended computer. Computer systems may be accessible while unattended in any number of circumstances. For example, a computer may be left unattended in a public place for a short period of time, such as while the user is refilling a drink at a coffee shop, or using the bathroom. Additionally, many publicly accessible computers can be found unattended at libraries, universities, and other similar types of locations.
There is a need in the art to diminish the ability of an attacker to use initial access to a computer system to further attack said computer or, as part of a botnet, other computers.
The following is a summary of the invention in order to provide a basic understanding of some aspects of the invention. This summary is not intended to identify key or critical elements of the invention or to delineate the scope of the invention. The sole purpose of this section is to present some concepts of the invention in a simplified form as a prelude to the more detailed description that is presented later.
Because of these and other problems in the art, described herein, among other things, is a method for securing an unattended computer system comprising: providing a computer having a radio transceiver; providing a human user in physical proximity to the computer to use the computer; the human user manipulating the computer to provide authentication credentials for the human user to access the computer; validating, at the computer, the authentication credentials; detecting, when the authentication credentials are validated, the physical proximity to the computer of the human user, the detecting comprising network presence sensing using the radio transceiver; repeating the detecting step until the human user is no longer detected in physical proximity to use the computer; and after the human user is no longer detected in physical proximity to use the computer, detecting that the detected user is no longer in physical proximity to use the computer, securing the computer from unauthorized use.
In a further embodiment of the method, securing the computer from unauthorized use comprises the computer executing a security action.
In a further embodiment of the method, the security action is selected from the group consisting of: locking the computer; setting the computer to sleep mode; disabling the radio transceiver; disabling network hardware of the computer; disabling access to a digital wallet; disabling a storage medium; encrypting data stored at the computer; and deleting data stored at the computer.
In a further embodiment of the method, the disabling the radio transceiver comprises discontinuing electric power to the radio transceiver or network hardware, and the disabling the network hardware of the computer comprises discontinuing electric power to the network hardware.
In a further embodiment of the method, the method further comprises: after the securing the computer from unauthorized use, a second human user manipulating the computer to provide second authentication credentials for the second human user to access the computer; determining that the second authentication credentials are invalid; after the determining that the second authentication credentials are invalid, further securing the computer from unauthorized use.
In a further embodiment of the method, the human user and the second human user are not the same.
In a further embodiment of the method, the further securing the computer from unauthorized use comprises the computer executing a security action.
In a further embodiment of the method, the security action is selected from the group consisting of: locking the computer; setting the computer to sleep mode; disabling the radio transceiver; disabling network hardware of the computer; disabling access to a digital wallet; disabling a storage medium; encrypting data stored at the computer; and deleting data stored at the computer.
In a further embodiment of the method, the disabling the radio transceiver comprises discontinuing electric power to the radio transceiver or network hardware, and the disabling the network hardware of the computer comprises discontinuing electric power to the network hardware.
Also described herein, among other things, is a system for securing an unattended computer system comprising: a computer having a manually operable interface for receiving user input, a radio transceiver, a microprocessor, and a non-transitory, computer-readable storage medium having stored thereon program instructions which, when executed by the microprocessor, cause the computer to perform the steps of: receiving, via the interface, user input comprising authentication credentials for a human user to access the computer; validating the authentication credentials; detecting, when the authentication credentials are validated, the physical proximity to the computer of the human user, the detecting comprising network presence sensing using the radio transceiver; repeating the detecting step until the human user is no longer detected in physical proximity to use the computer; and after the human user is no longer detected in physical proximity to use the computer, securing the computer from unauthorized use.
In a further embodiment of the system, the securing the computer from unauthorized use comprises the computer executing a security action.
In a further embodiment of the system, the security action is selected from the group consisting of: locking the computer; setting the computer to sleep mode; disabling the radio transceiver; disabling network hardware of the computer; disabling access to a digital wallet; disabling a storage medium; encrypting data stored at the computer; and deleting data stored at the computer.
In a further embodiment of the system, the disabling the radio transceiver comprises discontinuing electric power to the radio transceiver or network hardware, and the disabling the network hardware of the computer comprises discontinuing electric power to the network hardware.
In a further embodiment of the system, the program instructions, when executed by the microprocessor, further cause the computer to perform the steps of: after the securing the computer from unauthorized use, receiving, via the interface, second user input comprising second authentication credentials for a second human user to access the computer; determining that the second authentication credentials are invalid; and after the determining that the second authentication credentials are invalid, further securing the computer from unauthorized use.
In a further embodiment of the system, the further securing the computer from unauthorized use comprises the computer executing a security action.
In a further embodiment of the system, the security action is selected from the group consisting of: locking the computer; setting the computer to sleep mode; disabling the radio transceiver; disabling network hardware of the computer; disabling access to a digital wallet; disabling a storage medium; encrypting data stored at the computer; and deleting data stored at the computer.
In a further embodiment of the system, the disabling the radio transceiver comprises discontinuing electric power to the radio transceiver or network hardware, and the disabling the network hardware of the computer comprises discontinuing electric power to the network hardware.
The following detailed description and disclosure illustrates by way of example and not by way of limitation. This description will clearly enable one skilled in the art to make and use the disclosed systems and methods, and describes several embodiments, adaptations, variations, alternatives and uses of the disclosed systems and methods. As various changes could be made in the above constructions without departing from the scope of the disclosures, it is intended that all matter contained in the description or shown in the accompanying drawings shall be interpreted as illustrative and not in a limiting sense.
Throughout this disclosure, the term “computer” describes hardware which generally implements functionality provided by digital computing technology, particularly computing functionality associated with microprocessors. The term “computer” is not intended to be limited to any specific type of computing device, but it is intended to be inclusive of all computational devices including, but not limited to: processing devices, microprocessors, personal computers, desktop computers, laptop computers, workstations, terminals, servers, clients, portable computers, handheld computers, cell phones, mobile phones, smart phones, tablet computers, server farms, hardware appliances, minicomputers, mainframe computers, video game consoles, handheld video game products, and wearable computing devices including but not limited to eyewear, wristwear, pendants, fabrics, and clip-on devices.
As used herein, a “computer” is necessarily an abstraction of the functionality provided by a single computer device outfitted with the hardware and accessories typical of computers in a particular role. By way of example and not limitation, the term “computer” in reference to a laptop computer would be understood by one of ordinary skill in the art to include the functionality provided by pointer-based input devices, such as a mouse or track pad, whereas the term “computer” used in reference to an enterprise-class server would be understood by one of ordinary skill in the art to include the functionality provided by redundant systems, such as RAID drives and dual power supplies.
It is also well known to those of ordinary skill in the art that the functionality of a single computer may be distributed across a number of individual machines. This distribution may be functional, as where specific machines perform specific tasks; or, balanced, as where each machine is capable of performing most or all functions of any other machine and is assigned tasks based on its available resources at a point in time. Thus, the term “computer” as used herein, can refer to a single, standalone, self-contained device or to a plurality of machines working together or independently, including without limitation: a network server farm, “cloud” computing system, software-as-a-service, or other distributed or collaborative computer networks.
Those of ordinary skill in the art also appreciate that some devices which are not conventionally thought of as “computers” nevertheless exhibit the characteristics of a “computer” in certain contexts. Where such a device is performing the functions of a “computer” as described herein, the term “computer” includes such devices to that extent. Devices of this type include but are not limited to: network hardware, print servers, file servers, NAS and SAN, load balancers, and any other hardware capable of interacting with the systems and methods described herein in the matter of a conventional “computer.”
Throughout this disclosure, the terms “media” and “medium” mean one or more volatile and/or non-volatile computer readable medium. The computer readable medium may be a computer readable signal medium or a computer readable storage medium. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. More specific examples (a non-exhaustive list) of the computer readable storage medium would include the following: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a random access memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or Flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this document, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
A computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated signal may take any of a variety of forms, including, but not limited to, electromagnetic, optical, or any suitable combination thereof. A computer readable signal medium may be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.
Throughout this disclosure, the term “software” refers to code objects, program logic, command structures, data structures and definitions, source code, executable and/or binary files, machine code, object code, compiled libraries, implementations, algorithms, libraries, or any instruction or set of instructions capable of being executed by a computer processor, or capable of being converted into a form capable of being executed by a computer processor, including without limitation virtual processors, or by the use of run-time environments, virtual machines, and/or interpreters. Those of ordinary skill in the art recognize that software can be wired or embedded into hardware, including without limitation onto a microchip, and still be considered “software” within the meaning of this disclosure. For purposes of this disclosure, software includes without limitation: instructions stored or storable in RAM, ROM, flash memory BIOS, CMOS, mother and daughter board circuitry, hardware controllers, USB controllers or hosts, peripheral devices and controllers, video cards, audio controllers, network cards, Bluetooth® and other wireless communication devices, virtual memory, storage devices and associated controllers, firmware, and device drivers. The systems and methods described here are contemplated to use computers and computer software typically stored in a computer- or machine-readable storage medium or memory.
Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
Throughout this disclosure, the term “transmitter” refers to equipment, or a set of equipment, having the hardware, circuitry, and/or software to generate and transmit electromagnetic waves carrying messages, signals, data, or other information. A transmitter may also comprise the componentry to receive electric signals containing such messages, signals, data, or other information, and convert them to such electromagnetic waves. The term “receiver” refers to equipment, or a set of equipment, having the hardware, circuitry, and/or software to receive such transmitted electromagnetic waves and convert them into signals, usually electrical, from which the message, signal, data, or other information may be extracted. The term “transceiver” generally refers to a device or system that comprises both a transmitter and receiver, such as, but not necessarily limited to, a two-way radio, or wireless networking router or access point. For purposes of this disclosure, all three terms should be understood as interchangeable unless otherwise indicated; for example, the term “transmitter” should be understood to imply the presence of a receiver, and the term “receiver” should be understood to imply the presence of a transmitter.
For purposes of this disclosure, there will also be significant discussion of a special type of computer referred to as a “mobile communication device” or simply “mobile device”. A mobile communication device may be, but is not limited to, a smart phone, tablet PC, e-reader, satellite navigation system (“SatNav”), fitness device (e.g. a Fitbit™ or Jawbone™) or any other type of mobile computer whether of general or specific purpose functionality. Generally speaking, a mobile communication device is network-enabled and communicating with a server system providing services over a telecommunication or other infrastructure network. A mobile communication device is essentially a mobile computer, but one which is commonly not associated with any particular location, is also commonly carried on a user's person, and usually is in near-constant real-time communication with a network.
This application should be understood with respect to the systems and methods for detecting the presence of a human within a detection network, or “Network Presence Sensing” (NPS) described in U.S. Utility patent application Ser. No. 15/674,328, filed Aug. 10, 2017, U.S. Utility patent application Ser. No. 15/600,380, filed May 19, 2017, U.S. Utility Pat. Nos. 9,693,195, 9,474,042, United States Provisional Patent Application No. 62/252,954, filed Nov. 9, 2015, and U.S. Provisional Patent Application No. 62/219,457, filed Sep. 16, 2015. This disclosures of all of these documents are incorporated herein by reference. Various aspects of these disclosures are discussed herein, including NPS, which is, at a high level, the inference of the presence of humans within a detection network based on changes in the characteristics of wireless network signals caused by the absorption of wireless waves caused by the water mass of the human body within the detection network.
Described herein are systems and methods for providing an additional layer of security for computer systems, particularly when unattended. The systems and methods described herein use network presence sensing (NPS) technology to detect the presence or absence of a user at a computer system, and take action in response to secure the computer. At a high level, the basic components of the systems and methods described herein are determining physical motion, presence, or occupancy of a computer or computer system by a human, and then taking an action in response to secure that computer system. The particulars of NPS are set out in the patent applications mentioned above.
As will be understood by a person of ordinary skill in the art, most modern computers, and even many still-functional older computer systems, include some form of wireless network communication, such as a Wi-Fi™ or Bluetooth™ transceiver, which generally includes an antenna. The NPS technologies described in the above-referenced applications can be used in connection with these transceivers to detect the presence of a person within the detection network of the cards, and in connection with other devices associated therewith.
For example, many modern computer systems use short-range radio-based protocols, such as Bluetooth™, to connect a keyboard and mouse to the computer. It is also common to have peripherals, such as headphones, or wearable devices, such as pedometers or smartwatches, wirelessly paired with the computer. Typically, at least one wireless device is communicating wirelessly with a given computer in any given circumstance. These devices may be utilized to perform NPS as described herein. In a public space, for example, the computer is generally communicating via Wi-Fi™ with a wireless router managed by the venue. Alternatively, the computer may use a cellular or satellite data connection. This may be direct or via tethering, e.g., using data telecommunications connections of a separate device. Due to the close range required for a person to physically interact with the computer, the presence of the person is usually detectable by NPS.
The systems and methods described herein generally comprise a computer (101) of a user having at least one wireless transceiver (102) associated therewith. Typically, the transceiver (102) is part of the computer (101) as shown, but other relationships are possible. For example, the transceiver (102) could be externally separable connected, such as via USB. In the depicted embodiment of
In an embodiment, when an authorized user begins to use the computer (101), the user generally will initially authenticate (203) him or herself Authentication (203) may be through any means now known or later developed in the art. Presently, authentication typically comprises entering a user name and/or password, sometimes with an additional token, such as in a two-factor authentication scheme. Once authentication is complete, NPS may be used (205) to determine whether there is an individual currently present at the keyboard. In an embodiment, a determination may be made based on the timing of the authentication and the timing of the NPS detection (205), that the person currently at the keyboard is an authorized user. This inference may be drawn because correct authentication credentials were supplied at the time the person was detected by NPS (205). This status is then tracked or stored and presence is continually or periodically maintained for a change in presence.
After a period of time of the user operating the computer (101) (and the aforementioned NPS monitoring), NPS detects a change (207) in human presence at the computer (101). Generally, this is following a period during which a human was consistently detected as being present. When NPS detects that the authenticated human is no longer present (207) at the computer (101), the computer (101) may then perform one or more security actions (209). This action will vary from embodiment to embodiment, and from circumstance to circumstance, and may depend upon the particular security settings of the computer (101).
These settings may be provided by the user of the computer (101), or established by an administrator or other device management organization. For example, if the computer (101) is the property of a company, and has been issued to an employee for company use, the information services department of the company may set security policies. Where the computer (101) is owned by or managed by the user directly, the user may set the security policies. These policies are generally represented in configuration and setting data, as will be familiar to a person of ordinary skill in the art.
Generally, the security action (209) comprises one or more of two major categories of actions—inhibiting access to the computer (101) and/or its data, or inhibiting use of networking hardware. The security actions (209) may range from automatically locking the computer (211), to requiring re-authentication (213), to disabling certain features of the computer. Re-authentication (213) has the advantage of requiring that proper authentication credentials be entered (203) by a person physically proximate to the computer, which allows the use of NPS to once again confirm the presence of an authorized user (205), thus restarting the loop.
As another example, when the user is no longer at the computer (101) as detected by NPS (207), the computer (101) may take a security action (209) to automatically disable all network access hardware. This may include the transceiver (102). Alternatively and/or additionally, the computer (101) may automatically disable all network access hardware at the hardware level, inhibiting remote attacks from being carried out on the system.
In an embodiment, other security actions (209) may be taken in conjunction with, or alternatively to, NPS. By way of example and not limitation, manual user input may be used to determine the presence or absence of a human at the computer (101). For example, the user may set an alarm when he or she departs to indicate absence. Also by way of example, the use of cameras, microphones, weight plates, or other sensors, may be used to determine that a human is present at the computer (101).
In an embodiment, after the security action (209) is taken, NPS continues to operate until a human is once again detected present at the computer. In the depicted embodiment in
Because most attacks rely on the use of network access to be successful, a typical security action (209) to disable wireless network access at the hardware level, meaning electrical power to the networking hardware is discontinued. This prevents the antenna from being energized to send or receive signals at all when no human is detected as present at the computer, resulting in the computer (101), even if compromised by an intruder, being rendered mostly useless for an attack. As an example, for a botnet type infection, this security measure increases the cost to infect a computer (101), since it may only be infected while a human is present, while also reducing the benefit an attacker may gain from infecting the computer system, since it may only participate in said botnet when a human is present. As a result, such attacks become less lucrative and more difficult, which would result in a reduction of the prevalence of attacks in general.
It is important to understand the difference between disabling the hardware at the “hardware level” versus disabling at the “software level”. Disabling at the software level generally means disabling driver software used to operate the networking hardware (102) or filtering access based on certain rules or policies. By way of examine and not limitation, a blacklist or whitelist approach may be used, where communications to or from certain Internet Protocol (IP) addresses (or address ranges) is disallowed while no human is detected as being present at the computer. Alternatively, traffic may filtered at the packet level based on source or destination port, protocol type, characteristics of payloads, originating application, address. These are typical operating system functions that usually can be carried out using standard system administration and configuration software. This approach provides significant flexibility in the specific security action taken, but has certain limitations when facing a sophisticated attack.
A limitation of software disconnections is that an attacker could re-enable the drivers or modify the filter rules or policies. With a hardware disconnect, the physical ability to utilize the network hardware (102) at all is eliminated. This means that no amount of software tampering can reenable wireless access. From the point of view of the operating system, the wireless card (102) is simply not present. As will be understood by a person of ordinary skill in the art, disabling at the hardware level would generally require specialized hardware specifically configured and designed to support this function.
In an embodiment, the security action (209) may comprise encrypting and/or decrypting sensitive information. By way of example and not limitation, this may comprise encrypting and/or decrypting specifically designated folders, drives, or data files. In the depicted embodiment of
Other keys may also be managed in this fashion. For example, keys may be used to sign transactions for a public ledger system, such as a blockchain. A blockchain wallet is often stored on a removable media, such as thumb drive, and connected to the computer (and thus, connected to the network) only when needed for a transaction. In this state, the wallet is known as a “hot wallet,” and, for security reasons, cryptocurrency users generally only connect the wallet when necessary for transactions. A wallet that is not connected is a “cold” wallet and is invulnerable to hacking while disconnected. However, a “cold” wallet is inconvenient because the user must keep track of a physical removable media device, which can be lost or stolen, and remember to plug it in and remove it to gain the security advantages. This is annoying, inconvenient, and introduces risk of the media being misplaced, and the wallet being lost.
One embodiment of the systems and methods described herein facilities use of a wallet with the convenience of a hot wallet when a user is detected (205) as being present at the computer, and the safety of a cold wallet when no user is detected as being present at the computer. This could be done, for example, by storing a private key (113) on an encrypted medium (107) that can only be decoded using the key (111) when an authorized user is detected (205) as being present.
Many variations of this embodiment are possible. For example, the method for allowing access to the medium (107) may not require encryption and decryption, but rather, may simply provide or withhold electrical power to the medium (107). Similarly, the encrypted medium (107) may not be an entire physical drive, but may instead be a partition, folder, or other subdivision of a physical drive.
This concept may be used at a facility level. An exemplary embodiment is depicted in
For example, when users are detected as being present at home (119), and traffic (117) from an interactive video game company is detected to or from the home (119), such traffic (117) would be allowed because it is presumed that the detected users at home (119) are playing the game. However, if no users are detected as being present at home, and connections are detected to or from the house (119) from an interactive service of this kind, the traffic may be blocked, because an unoccupied home (119) would have nobody in it who could be playing an interactive video game. Thus, it is more likely that this traffic (117) is malicious at worst or erroneous at best.
In either case, there is a justification for inhibiting or disallowing the traffic entirely. For example, the user may have an unauthorized intruder in the home that has not been detected. Alternatively, the computer system may be compromised and the malicious software may be piggy-backing its activities on a known game or other innocuous protocol, such as through a modification, packet sniffer, man-in-the-middle attack, and so forth. A third possibility is that the software itself is operating without modification but is inherently vulnerable and has been infected with malware of which its publishers are unaware. Conversely, hacking attempts from outside to infect a computer in the home, or to scan the home computers or otherwise transmit viruses or other malware, can be thwarted without interfering with normal operations. Additionally, when the house is unoccupied, the traffic is blocked, therefore unattended machines cannot be used as zombies in a botnet. Yet another benefit is that behavior information can be used to flag a service as potentially suspicious and create a warning to users, ISPs, service creators, or any other parties, so that they can act to resolve the root issue. By way of example and not limitation, such behavior information may include changes to traffic characteristics generated by a particular program or computer. If, for example, a game ordinarily produces, on a regular basis, a certain amount of network bandwidth, but unexpected begins to consume far more, it might be inferred that the sudden and unexpected change in behavior is caused by malicious programming.
Still other implementations of this principle are also possible. For example, the computer in a given facility, which may be a commercial or business building, or a home, may be connected to a home automation system and receive inputs from that system concerning the occupancy of the facility. For example, a room or office containing the computer in question may include occupancy sensors, such as motion sensors within the room, or sensors that detect whether the door is open or closed. If a change in the occupancy state is detected by such a system showing that the office in which the computer is located is no longer occupied (e.g., the motion sensor detects motion in the room, followed by no motion, or a door that is opened is detected as being closed), this information may be provided to the computer, which may immediately respond with a change to its security state or other operation of automation systems (e.g., lighting, HVAC, etc.).
For example, the computer may immediately go into a lock screen, or a sleep or standby mode. In this fashion, presence indicators are used to protect the computer from threats in a more immediate and responsive way than do current systems. For example, the two major forms of physical computer security in use now are manually locking, which users generally forget to do, or locking after a predetermined time out. However, predetermined time outs still run the risk of a given computer being available in an unlocked and unsecure state for some amount of time unattended. Further, even when such devices become locked, they do not currently require a second factor to be unlocked. This second factor of human presence would be provided by the invention described herein.
An additional benefit of this system is that access to the computers may be disabled, while the computer acts as a node in the network presence sensing system as described in the patent applications referenced above. In such an embodiment, energy savings commands may be distributed to or from the computer system which will result in energy savings by disabling the computer when nobody is present. This prevents the problem of timeouts continuing to have the computer running and wasting energy when it is not in use and nobody is present at it.
Another use of this system is to provide information in a computing pool. A computing pool can be generally thought of as pool of computers ordinarily used by individual users in which unused computing power may be shared. For example, when any given user is done working for the day, the processing potential of that user's computer is essentially wasted, even while others continue to work and experience latency and slowdowns due to inherent processing throughput limitations. This is particularly true for computationally intensive industries. In a computing pool, all participating computers can share idle processing capacity to assist with high processing loads experienced by other computers in the pool. When each computer in the pool is being used directly (e.g., a user is detected as being present at the computer), it may be automatically removed from the computing pool to ensure that the designated user has full access to its processing facilities. However, when the user departs and is no longer detected as present at the computer, the computer may be added back to the pool so that its idle processing power may be utilized by others. This is an improvement over current methods in the art, which generally use some combination of schedules, time since last user interaction, and resource utilization, to determine when to add or remove a given computer to or from the computing pool. By detecting presence at the computer, individual computers can be correctly managed in a computing pool in real-time or near real-time with the arrival and departure of the designated user for each computer. This approach would improve resource utilization and reduce waste.
As should be clear to one of ordinary skill in the art, the above embodiments can be varied in a number of ways. By way of example and not limitation, the method of detecting an user is nearby, the optional method of detecting whether a user is authorized and the actions taken may all be varied. As noted in some of the above embodiments, many different methods can determine the presence of a user such as: NPS (with or without the computer being part of the presence sensing network), PIR sensors, weight plates, cameras, and/or microphones. Similarly, many different methods can determine that the user is authorized, such as: a password entered at the computer, disarming an alarm, or biometric information as determined by a sensor (note that this could be the same sensor that detected presence, such as an NPS sensing network, a camera or a microphone). Finally, many different actions may be taken, such as: locking a computer, changing the power state of the whole computer or a particular piece of hardware, changing firewall settings, disabling a driver, encrypting a file or a drive; note that these actions may extend beyond security to provide other benefits, such as power savings, more predictable bandwidth utilization, or to inform a controller about the computer's availability in a computing pool.
While the invention has been disclosed in conjunction with a description of certain embodiments, including those that are currently believed to be the preferred embodiments, the detailed description is intended to be illustrative and should not be understood to limit the scope of the present disclosure. As would be understood by one of ordinary skill in the art, embodiments other than those described in detail herein are encompassed by the present invention. Modifications and variations of the described embodiments may be made without departing from the spirit and scope of the invention.
This application is a Continuation in Part (CIP) of U.S. Utility patent application Ser. No. 16/053,761, filed Aug. 2, 2018, which is a Continuation of U.S. Utility patent application Ser. No. 15/600,380, filed May 19, 2017 and now U.S. Pat. No. 10,064,013, which is a Continuation of U.S. Utility patent application Ser. No. 15/227,717, filed Aug. 3, 2016 and now U.S. Pat. No. 9,693,195, which is a Continuation of U.S. Utility patent application Ser. No. 15/084,002, filed Mar. 29, 2016 and now U.S. Pat. No. 9,474,042. U.S. Utility patent application Ser. No. 15/227,717 also claims the benefit of U.S. Provisional Patent Application Ser. No. 62/252,954, and U.S. Provisional Patent Application Ser. No. 62/219,457. The entire disclosure of all the above documents is herein incorporated by reference.
| Number | Name | Date | Kind |
|---|---|---|---|
| 4054879 | Wright et al. | Oct 1977 | A |
| 4649388 | Atlas | Mar 1987 | A |
| 4740045 | Goodson et al. | Apr 1988 | A |
| 5270720 | Stove | Dec 1993 | A |
| 5563455 | Cheng | Oct 1996 | A |
| 5696514 | Nathanson et al. | Dec 1997 | A |
| 6075797 | Thomas | Jun 2000 | A |
| 6493380 | Wu et al. | Dec 2002 | B1 |
| 6539483 | Harrison et al. | Mar 2003 | B1 |
| 6573861 | Hommel et al. | Jun 2003 | B1 |
| 6693536 | Bauer, Jr. et al. | Feb 2004 | B2 |
| 7047015 | Hawe | May 2006 | B2 |
| 7295109 | Kobayashi | Nov 2007 | B2 |
| 7317419 | Sugar et al. | Jan 2008 | B2 |
| 7423576 | Sahinoglu et al. | Sep 2008 | B2 |
| 7652617 | Kurtz et al. | Jan 2010 | B2 |
| 7663325 | McDonough et al. | Feb 2010 | B2 |
| 7733220 | Libby | Jun 2010 | B2 |
| 8138918 | Habib et al. | Mar 2012 | B2 |
| 8274386 | Dea et al. | Sep 2012 | B1 |
| 8354925 | Libby et al. | Jan 2013 | B1 |
| 8402543 | Ranjan et al. | Mar 2013 | B1 |
| 8456304 | van Doorn et al. | Jun 2013 | B2 |
| 8502666 | Tam | Aug 2013 | B1 |
| 8531134 | Chemel et al. | Sep 2013 | B2 |
| 8536998 | Siu et al. | Sep 2013 | B1 |
| 8552664 | Chemel et al. | Oct 2013 | B2 |
| 8555388 | Wang et al. | Oct 2013 | B1 |
| 8593264 | Umezawa et al. | Nov 2013 | B2 |
| 8624734 | Inomata et al. | Jan 2014 | B2 |
| 8682812 | Ranjan | Mar 2014 | B1 |
| 8762298 | Ranjan et al. | Jun 2014 | B1 |
| 8766556 | Meyer | Jul 2014 | B2 |
| 8793790 | Khurana et al. | Jul 2014 | B2 |
| 8818288 | Patwari et al. | Aug 2014 | B2 |
| 8836344 | Habib et al. | Sep 2014 | B2 |
| 8842010 | Cehelnik | Sep 2014 | B2 |
| 8844038 | Niemela | Sep 2014 | B2 |
| 8849471 | Daniel et al. | Sep 2014 | B2 |
| 8984581 | Luna et al. | Mar 2015 | B2 |
| 9143413 | Manku et al. | Sep 2015 | B1 |
| 9143968 | Manku et al. | Sep 2015 | B1 |
| 9144041 | Curtis et al. | Sep 2015 | B2 |
| 9185121 | Chari et al. | Nov 2015 | B2 |
| 9245426 | Caicedo Fernandez et al. | Jan 2016 | B2 |
| 9369476 | Chekina et al. | Jun 2016 | B2 |
| 9378361 | Yen et al. | Jun 2016 | B1 |
| 9407663 | Pauley, Jr. et al. | Aug 2016 | B1 |
| 9413839 | Annan et al. | Aug 2016 | B2 |
| 9523760 | Kravets et al. | Dec 2016 | B1 |
| 9524628 | Omer et al. | Dec 2016 | B1 |
| 9584974 | Omer et al. | Feb 2017 | B1 |
| 9693195 | Wootton et al. | Jun 2017 | B2 |
| 9743294 | Omer et al. | Aug 2017 | B1 |
| 9900794 | Han et al. | Feb 2018 | B2 |
| 9980020 | Sharp et al. | May 2018 | B1 |
| 10064013 | Wootton et al. | Aug 2018 | B2 |
| 20030108119 | Mohebbi et al. | Jun 2003 | A1 |
| 20040080415 | Sorenson | Apr 2004 | A1 |
| 20040196140 | Sid | Oct 2004 | A1 |
| 20050055568 | Agrawala et al. | Mar 2005 | A1 |
| 20050083199 | Hall et al. | Apr 2005 | A1 |
| 20060037077 | Gadde et al. | Feb 2006 | A1 |
| 20060217132 | Drummond-Murray et al. | Sep 2006 | A1 |
| 20070133487 | Wang et al. | Jun 2007 | A1 |
| 20070225000 | Cleveland | Sep 2007 | A1 |
| 20070283002 | Bornhoevd et al. | Dec 2007 | A1 |
| 20080062940 | Othmer et al. | Mar 2008 | A1 |
| 20080119130 | Sinha | May 2008 | A1 |
| 20080148398 | Mezack et al. | Jun 2008 | A1 |
| 20080214111 | Moshir et al. | Sep 2008 | A1 |
| 20080240008 | Backes et al. | Oct 2008 | A1 |
| 20080303655 | Johnson | Dec 2008 | A1 |
| 20080318564 | Kreiner et al. | Dec 2008 | A1 |
| 20090040952 | Cover et al. | Feb 2009 | A1 |
| 20090062696 | Nathan et al. | Mar 2009 | A1 |
| 20090184804 | Seppa | Jul 2009 | A1 |
| 20090256483 | Gehman et al. | Oct 2009 | A1 |
| 20090284245 | Kirby et al. | Nov 2009 | A1 |
| 20100125897 | Jain et al. | May 2010 | A1 |
| 20100141437 | Karam et al. | Jun 2010 | A1 |
| 20100145545 | Mosebrook et al. | Jun 2010 | A1 |
| 20100265093 | Cho et al. | Oct 2010 | A1 |
| 20100315284 | Trizna et al. | Dec 2010 | A1 |
| 20100328492 | Fedorovskaya et al. | Dec 2010 | A1 |
| 20110130092 | Yun | Jun 2011 | A1 |
| 20110141647 | Garcia et al. | Jun 2011 | A1 |
| 20110153811 | Jeong et al. | Jun 2011 | A1 |
| 20110211563 | Herrala et al. | Sep 2011 | A1 |
| 20110260871 | Karkowski | Oct 2011 | A1 |
| 20110309931 | Rose | Dec 2011 | A1 |
| 20120009882 | Patwari et al. | Jan 2012 | A1 |
| 20120046003 | Ying | Feb 2012 | A1 |
| 20120092060 | Ganesan | Apr 2012 | A1 |
| 20120115512 | Grainger et al. | May 2012 | A1 |
| 20120146788 | Wilson et al. | Jun 2012 | A1 |
| 20120181865 | Muthu | Jul 2012 | A1 |
| 20120184296 | Milosiu et al. | Jul 2012 | A1 |
| 20120207481 | Elberbaum | Aug 2012 | A1 |
| 20120207484 | Hunt | Aug 2012 | A1 |
| 20130067566 | Oh | Mar 2013 | A1 |
| 20130090151 | Ngai et al. | Apr 2013 | A1 |
| 20130162459 | Aharony et al. | Jun 2013 | A1 |
| 20130175863 | Pan | Jul 2013 | A1 |
| 20130260602 | German et al. | Oct 2013 | A1 |
| 20130283256 | Proud | Oct 2013 | A1 |
| 20140004874 | Schwartz et al. | Jan 2014 | A1 |
| 20140015706 | Ishihara et al. | Jan 2014 | A1 |
| 20140087752 | Zhu et al. | Mar 2014 | A1 |
| 20140128778 | Chan et al. | May 2014 | A1 |
| 20140135042 | Buchhein et al. | May 2014 | A1 |
| 20140140231 | Haiut et al. | May 2014 | A1 |
| 20140165207 | Engel et al. | Jun 2014 | A1 |
| 20140247179 | Furuskog et al. | Sep 2014 | A1 |
| 20140286380 | Prager et al. | Sep 2014 | A1 |
| 20140312128 | Matsuoka et al. | Oct 2014 | A1 |
| 20140330960 | Haga et al. | Nov 2014 | A1 |
| 20150005900 | Steele et al. | Jan 2015 | A1 |
| 20150022123 | Van De Sluis et al. | Jan 2015 | A1 |
| 20150043377 | Cholas et al. | Feb 2015 | A1 |
| 20150049745 | Han et al. | Feb 2015 | A1 |
| 20150049792 | Han et al. | Feb 2015 | A1 |
| 20150059248 | Iwata et al. | Mar 2015 | A1 |
| 20150069242 | Alameh et al. | Mar 2015 | A1 |
| 20150078295 | Mandyam et al. | Mar 2015 | A1 |
| 20150098377 | Amini et al. | Apr 2015 | A1 |
| 20150143454 | Lee et al. | May 2015 | A1 |
| 20150187192 | Tabe | Jul 2015 | A1 |
| 20150195100 | Imes et al. | Jul 2015 | A1 |
| 20150212205 | Shpater | Jul 2015 | A1 |
| 20150236848 | Ma et al. | Aug 2015 | A1 |
| 20150245164 | Merrill | Aug 2015 | A1 |
| 20150257167 | Chen et al. | Sep 2015 | A1 |
| 20150282081 | Oren | Oct 2015 | A1 |
| 20150295808 | O'Malley et al. | Oct 2015 | A1 |
| 20150301173 | Vangeel et al. | Oct 2015 | A1 |
| 20150338507 | Oh et al. | Nov 2015 | A1 |
| 20150344265 | Hakonen et al. | Dec 2015 | A1 |
| 20150348007 | Khan | Dec 2015 | A1 |
| 20160018508 | Chen et al. | Jan 2016 | A1 |
| 20160021485 | Sallas et al. | Jan 2016 | A1 |
| 20160028763 | Cruz Mota et al. | Jan 2016 | A1 |
| 20160035196 | Chan | Feb 2016 | A1 |
| 20160050182 | Edross | Feb 2016 | A1 |
| 20160050224 | Ricafort et al. | Feb 2016 | A1 |
| 20160100046 | Meru et al. | Apr 2016 | A1 |
| 20160104365 | Henderson | Apr 2016 | A1 |
| 20160105278 | Huang | Apr 2016 | A1 |
| 20160161339 | Tan | Jun 2016 | A1 |
| 20160183059 | Nagy et al. | Jun 2016 | A1 |
| 20160187475 | Horng et al. | Jun 2016 | A1 |
| 20160189532 | Malhotra et al. | Jun 2016 | A1 |
| 20160210838 | Yan et al. | Jul 2016 | A1 |
| 20160234167 | Engel et al. | Aug 2016 | A1 |
| 20160241999 | Chin et al. | Aug 2016 | A1 |
| 20160261986 | Nord | Sep 2016 | A1 |
| 20160301543 | Minezawa et al. | Oct 2016 | A1 |
| 20160335861 | Shimura | Nov 2016 | A1 |
| 20160371959 | Henderson et al. | Dec 2016 | A1 |
| 20170024574 | Agrawal | Jan 2017 | A1 |
| 20170146656 | Belsley et al. | May 2017 | A1 |
| 20170257744 | Wootton et al. | Sep 2017 | A1 |
| 20170343658 | Ramirez et al. | Nov 2017 | A1 |
| 20170366938 | Wootton et al. | Dec 2017 | A1 |
| 20180026481 | Ku et al. | Jan 2018 | A1 |
| 20180131554 | Liu et al. | May 2018 | A1 |
| Number | Date | Country |
|---|---|---|
| 2834522 | May 2014 | CA |
| 2945702 | Aug 2015 | CA |
| 101013522 | Aug 2007 | CN |
| 101184353 | May 2008 | CN |
| 101346640 | Jan 2009 | CN |
| 101436336 | May 2009 | CN |
| 201319687 | Sep 2009 | CN |
| 201467534 | May 2010 | CN |
| 201639825 | Nov 2010 | CN |
| 201839492 | May 2011 | CN |
| 102131327 | Jul 2011 | CN |
| 102331302 | Jan 2012 | CN |
| 202475882 | Oct 2012 | CN |
| 102883360 | Jan 2013 | CN |
| 202738203 | Feb 2013 | CN |
| 202759621 | Feb 2013 | CN |
| 203241317 | Oct 2013 | CN |
| 203243557 | Oct 2013 | CN |
| 203251317 | Oct 2013 | CN |
| 103458413 | Dec 2013 | CN |
| 103596266 | Feb 2014 | CN |
| 104459688 | Mar 2015 | CN |
| 104502982 | Apr 2015 | CN |
| 104835277 | Aug 2015 | CN |
| 1829003 | Nov 2013 | EP |
| H01162186 | Jun 1989 | JP |
| 2005136532 | May 2005 | JP |
| 2005535950 | Nov 2005 | JP |
| 2006129098 | May 2006 | JP |
| 2007159370 | Jun 2007 | JP |
| 2008305800 | Dec 2008 | JP |
| 2009229318 | Oct 2009 | JP |
| 2011109784 | Jun 2011 | JP |
| 2012190161 | Oct 2012 | JP |
| 201552475 | Mar 2015 | JP |
| 2015052475 | Mar 2015 | JP |
| 2015527573 | Sep 2015 | JP |
| 2015222173 | Dec 2015 | JP |
| 2016206851 | Dec 2016 | JP |
| 100887425 | Mar 2009 | KR |
| 100912039 | Aug 2009 | KR |
| 20090113941 | Nov 2009 | KR |
| 101009613 | Jan 2011 | KR |
| 20130012996 | Feb 2013 | KR |
| 20130017298 | Feb 2013 | KR |
| 20140025207 | Mar 2014 | KR |
| 20140080755 | Jul 2014 | KR |
| 20140120748 | Oct 2014 | KR |
| 20130027 | Jun 2014 | RS |
| 2011062445 | May 2011 | WO |
| 2012004420 | Jan 2012 | WO |
| 2012010170 | Jan 2012 | WO |
| 2014021574 | Feb 2014 | WO |
| 2014026226 | Feb 2014 | WO |
| 2014109486 | Jul 2014 | WO |
| 2014135738 | Sep 2014 | WO |
| 2014201574 | Dec 2014 | WO |
| 2015035830 | Mar 2015 | WO |
| 2015117566 | Aug 2015 | WO |
| 2015168700 | Nov 2015 | WO |
| 2017078811 | May 2017 | WO |
| Entry |
|---|
| International Search Report, International Patent Application No. PCT/US2018/047555, dated Nov. 13, 2018 (10 pages). |
| International Search Report, International Patent Application No. PCT/US2018/045835, dated Nov. 20, 2018 (21 pages). |
| Extended European Search Report, Application No. EP 16862628, dated Apr. 8, 2019 (8 pages). |
| Office Action issued in PRC (China) Patent Application No. 201680062704.9, dated Apr. 15, 2019 (11 pages). |
| International Search Report, International Patent Application No. PCT/US2015/013127, dated Apr. 24, 2015 (10 pages). |
| International Search Report, International Patent Application No. PCT/US2015/058019, dated Feb. 5, 2016 (10 pages). |
| International Search Report, International Patent Application No. PCT/US2015/057869, dated Feb. 5, 2016 (10 pages). |
| International Search Report, International Patent Application No. PCT/US2016/016836, dated May 24, 2016 (12 pages). |
| International Search Report, International Patent Application No. PCT/US2016/045611, dated May 16, 2017, (10 pages). |
| Adib, Fadel et al., “See Through Walls with Wi-Fi!”, ACM SIGCOMM Computer Communication Review, Oct. 2013, vol. 43, Issue 4, pp. 75-86 (12 pages). |
| International Search Report and Written Opinion issued for related Application No. PCT/US2020/020992, dated Jul. 22, 2020, 10 pages. |
| Youssef, Moustafa, et al., “Challenges: Device-free Passive Localization for Wireless Environments”, Mobicom 2007 Proceedings of the 13th Annual ACM International Conference on Mobile Computing and Networking, held on Sep. 9-14, 2007, in Montreal, Quebec, Canada, pp. 222-229 (8 pages). |
| NETGEAR®, “N600 WiFi Cable Modem Router, Model C3700 User Manual”, dated Mar. 2014 (101 pages). |
| OpenWRT, “Wireless Configuration”, https://web.archive.org/web/20140402033233/http://wiki.openwrt.org/doc/uci/wireless (capture of URL http://wiki.openwrt.org/doc/uci/wireless on Apr. 2, 2014), printed on Jan. 25, 2018 (10 pages). |
| Japan Radio Co., Ltd; “26GHz FWA—Technology”; http://www.jrc.co.jp/eng/product/lineup/26ghz_wireless_ip_access_system/tech.html, printed on Jan. 25, 2018 (3 pages). |
| Apple Insider; “Intel to reportedly supply LTE chips for 2016 iPhone”; http://appleinsider.com/articles/15/03/11/intel-to-reportedly-supply-lte-chips-for-2016-iphone, published Nov. 3, 2015, printed on Jan. 25, 2018 (9 pages). |
| CEVA; CEVA's DSP Cores Power the World's Leading Mobile Broadband and M2M Applications; http://www.ceva-dsp.com/Mobile-Broadband; May 15, 2016, printed on Jan. 25, 2018 (3 pages). |
| quora.com; “What is the function of the baseband processor in wireless devices?”; https://www.quora.com/What-is-the-function-of-the-baseband-processor-in-wireless-devices; May 15, 2016, printed on Jan. 25, 2018 (2 pages). |
| Wikipedia; “Baseband processor”, rhttps://en.wikipedia.org/wiki/Bandband_processor; 2 pages; version dated Apr. 19, 2016, printed on Jan. 25, 2018 (1 page). |
| European Search Report issued for European Application No. EP20166495.0, dated Sep. 8, 2020, 5 pages. |
| International Search Report and Written Opinion issued for International Application No. PCT/IB2020/000143, dated Jul. 22, 2020, 10 pages. |
| European Search Report and Written Opinion for Application No. PCT/19US/014197, dated Sep. 1, 2021, 8 pages. |
| China National Intellectual Property Administration, First Office Action and Search Report, dated Dec. 30, 2021, 3 pages. |
| Intellectual Property India, The Patent Office, Examination Report, emailed Mar. 18, 2022, 7 pages. |
| Number | Date | Country | |
|---|---|---|---|
| 20190215653 A1 | Jul 2019 | US |
| Number | Date | Country | |
|---|---|---|---|
| 62252954 | Nov 2015 | US | |
| 62219457 | Sep 2015 | US |
| Number | Date | Country | |
|---|---|---|---|
| Parent | 15600380 | May 2017 | US |
| Child | 16053761 | US | |
| Parent | 15227717 | Aug 2016 | US |
| Child | 15600380 | US | |
| Parent | 15084002 | Mar 2016 | US |
| Child | 15227717 | US |
| Number | Date | Country | |
|---|---|---|---|
| Parent | 16053761 | Aug 2018 | US |
| Child | 16298530 | US |
