Patent Application
20140280840
Embodiments described herein generally relate to managing information as a cloud service over a network.
Client devices, such as personal computers, tablets, smartphones, cameras, e-readers, gaming consoles, and the like, that may use a cloud-based service are typically a part of a client-server model to provide the end-to-end experience. In this model, a client side component communicates with a server side component to provide the service. The persistence of the client device information can be stored at the server, at the client device, or at both the server and the client device. To ensure that the device information is identical at both the server and the client device, the server and the client device need to periodically communicate, typically via software components at each end. Client devices may be used as dummy consoles to experience services because all of the information can be stored at the server end or in the cloud. This model is convenient in that a user can use any device to consume a service with proper authentication. In this model, the information retained at the servers is specific to a particular service's usage and is controlled and maintained separately by each service provider.
In the drawings, the leftmost digit(s) of a reference number may identify the drawing in which the reference number first appears.
As discussed above, client devices that may use a cloud-based service are typically a part of a client-server model to provide the end-to-end experience. In this model, a client side component communicates with a server side component to provide the service. The persistence of the client device information can be stored at the server, at the client device, or at both the server and the client device. To ensure that the device information is identical at both the server and the client device, the server and the client device need to periodically communicate, typically via software components at each end. One downside to this model of information persistence is that, if the client side software component is removed from the client device, the communication between the client and the server is interrupted and it becomes difficult to maintain information persistence at the client side.
The above may not be a concern if the client devices are used as dummy consoles to experience services because all of the information can be stored at the server end or in the cloud. This model is convenient in that a user can use any device to consume a service with proper authentication. However, in this model, the information retained at the servers is specific to a particular service's usage and is controlled and maintained separately by each service provider.
Currently, there is no single cloud persistence service that can provide a mechanism to maintain universal device information and provide device-specific information to any service that may need it. For example, there is currently no single cloud persistence service that can obtain information from one service indicating that there may be a particular activity or state associated with a particular device (e.g., peculiar or suspicious activity, a state of being lost or stolen, etc.) and be able to alert other services so that those other services can proceed as appropriate for usage of their services by that particular device.
Disclosed herein are methods, systems, and computer program products that solve the technical problem of how to manage device persistence information in a universally centralized manner for sharing with registered services.
Embodiments are now described with reference to the figures, where like reference numbers may indicate identical or functionally similar elements. While specific configurations and arrangements are discussed, it should be understood that this is done for illustrative purposes only. A person skilled in the relevant art will recognize that other configurations and arrangements can be used without departing from the spirit and scope of the description. It will be apparent to a person skilled in the relevant art that this can also be employed in a variety of other systems and applications other than what is described herein.
The registered service devices 104 may be computing devices that may include, for example, web-based service servers that allow users to log in to consume those services. Such web-based services may include, but are not to be limited to, for example, banking services, social networking services, gaining services, shopping services, anti-theft services, anti-virus services, data backup services, data storage services, etc., some of which are shown as registered service devices 204 in
The client devices 106 may be computing devices that may include, but are not to be limited to, for example, personal computers (PCs), laptop computers, ultra-laptop computers, tablets, touch pads, portable computers, handheld computers, palmtop computers, personal digital assistants (PDAs), e-readers, cellular telephones, combination cellular telephone/PDAs, televisions, smart devices (e.g., smart phones, smart tablets or smart televisions), mobile internet devices (MIDs), messaging devices, data communication devices, media playing devices, cameras, gaming consoles, etc. The client devices 106 may include controllers and other components that execute software and/or control hardware in order to consume services provided by registered service devices 104, for example, over a network. For example, the client devices 106 may include one or more software clients for accessing web-based services provided by one or more of the registered service devices 104. The client devices 106 may also, or instead, include a web interface running in a browser from which the client device can access such web-based services.
The network 108 may be any wired or wireless network, such as a Wide Area Network (WAN), a Local Area Network (LAN), and/or the like. As an example, the network 108 may be a distributed public network, such as the Internet, where the PCS server 102, the registered services 104, and the client devices 106 are connected to the network via wired or wireless connections.
According to an embodiment, service providers of the services that wish to subscribe to the persistence cloud service may register with the persistence cloud service in advance so that the persistence cloud service will be aware of what services (and, for example, what addresses of those services) to which device persistence information should be provided and also what services from which to expect device persistence information updates, as will be described in further detail below. The registered service devices 104 may each require an application program interface (API) in order to communicate with the PCS server 102. Data communication between registered service devices 104 and the PCS server 102 may be executed in any manner as would be appreciated by those skilled in the art (e.g., standard server to server communications may be used). Registering of client devices that use such registered services will now be discussed.
According to an embodiment, the client device registration data provided to the PCS server 302 by the registered service device 304 may include, for example, the client device ID, client device status information, an affiliate ID, and an affiliate policy. The client device ID may, for example, be (or be based on or derived from) a unique hardware identifier of the client device 306, such as the Media Access Control (MAC) address of the client device 306, or any other identifier for the client device 306. Client device status information may be any information that would appropriately indicate a status of the client device 306 with respect to the particular registered service providing the information. For example, the client device status information may likely be some type of “normal” indication upon initial registration of the client device 306. The affiliate ID may be a unique identifier for the registered service that is sending the information. The affiliate policy may include a policy to be followed by the persistence cloud service based on a current client device status. For example, the affiliate policy may include instructions pertaining to how the persistence cloud service should update the client device status at the PCS server 302 based on a later client device update from the registered service device 304. The affiliate policy may also include instructions pertaining to what information to include as the client device persistence information provided to the registered service device 304 based on the current client device status at the PCS server 302.
The client device information (or persistence information) 442 may be any information indicating a current status of the client device 106/306. For example, client device information 442 may include, but is not to be limited to, an indication that the client device is in a normal state, an indication that the client device has been lost or stolen, an indication that activity (e.g., login activity) at the client device is suspicious, an indication that usage of the client device should follow a defined set of policies, and/or an indication of a location of the client device. Other client device information or statuses may also be contemplated. The client device information 442 maintained by the PCS server 102/302 may be dependent upon updates that the PCS server 102/302 receives from the registered service devices 104/304 for a particular client device. The updates may depend upon the particular service provided by a registered service, as discussed in more detail below.
Registered service device 504-1 may determine a level of service to be provided to client device 506 that is based on the current client device information provided by the PCS server 502 (556). Registered service device 504-1 may send an indication of the determined level of service to client device 506 (558). According to an embodiment, the level of service may include, but is not to be limited to, allowing frill access to the registered service, denying access to the registered service, providing limited access to the registered service, and/or invoking further security actions. Other levels of service may also be contemplated. For example, if the current client device information indicates that there has been recent “suspicious activity” at client device 506, the registered service may invoke further security actions at client device 506 first, then may decide what level of access to provide (e.g., full, limited, or none) at client device 506. Invoking further security actions may include, but not be limited to, for example, executing further authentication checks, locking accounts associated with the registered service, locking client device 506, and/or deleting data from client device 506. Other further security actions may also be contemplated. In another example, if the current device information indicates that client device 506 has been reported lost or stolen, the registered service may immediately limit or deny access to the registered service at the client device 506. Limiting access to the registered service may include, but not be limited to, for example, limiting types of actions that can be conducted, limiting quantities involved in actions that can be conducted, and/or limiting a local area in which actions can be conducted. Other types of limiting access may also be contemplated. Following the banking service example, limiting types of actions that can be conducted may include, for example, allowing deposits but not withdrawals; limiting quantities may include, for example, allowing only small denomination transactions and/or limiting the number of transactions; and limiting a local area in which actions can be conducted may include, for example, allowing transactions only if the device is located within a defined radius of the rightful user's local bank.
Methods and systems are disclosed herein with the aid of functional building blocks illustrating functions, features, and relationships thereof. At least some of the boundaries of these functional building blocks have been arbitrarily defined herein for the convenience of the description. Alternate boundaries may be defined so long as the specified functions and relationships thereof are appropriately performed. While various embodiments are disclosed herein, it should be understood that they are presented as examples. The scope of the claims should not be limited by any of the example embodiments disclosed herein.
As discussed above, one or more features disclosed herein may be implemented in hardware, software, firmware, and combinations thereof, including discrete and integrated circuit logic, application specific integrated circuit (ASIC) logic, and microcontrollers, and may be implemented as part of a domain-specific integrated circuit package, or a combination of integrated circuit packages. The terms software and firmware, as used herein, refer to a computer program product including at least one computer readable medium having computer program logic, such as computer-executable instructions, stored therein to cause a computer system to perform one or more features and/or combinations of features disclosed herein. The computer readable medium may be transitory or non-transitory. An example of a transitory computer readable medium may be a digital signal transmitted over a radio frequency or over an electrical conductor, through a local or wide area network, or through a network such as the Internet. An example of a non-transitory computer readable medium may be a compact disk, a flash memory, or other data storage device.
As used in this application and in the claims, a list of items joined by the term “one or more of can mean any combination of the listed terms. For example, the phrases “one or more of A, B or C” can mean A; B; C; A and B; A and C; B and C; or A, B and C,”
The following examples pertain to further embodiments.
Example 1 may include a computing device associated with a service registered with a persistence cloud service, comprising a processor and a memory in communication with the processor, the memory having stored therein a plurality of processing instructions adapted to direct the processor to: receive, from a client device, a device identifier that identifies the client device to the registered service; request, from a persistence cloud server associated with the persistence cloud service, persistence information associated with the device identifier; receive the persistence information; determine a level of service to provide to the client device based on the persistence information; and provide the level of service to the client device.
Example 2 may include the subject matter of Example 1, wherein providing the level of service comprises providing a level of service indication to the client device, the level of service indication indicating how a client application associated with the registered service is to proceed at the client device.
Example 3 may include the subject matter of any one of Examples 1-2, wherein the processing instructions are further adapted to direct the processor to: determine whether the client device is registered with the persistence cloud service; in response to determining that the client device is not registered with the persistence cloud service, send a request to the client device inquiring whether to register the client device with the persistence cloud service; and in response to determining that the client device is to be registered with the persistence cloud service, send registration information associated with the client device to the persistence cloud server.
Example 4 may include the subject matter of Example 3, wherein the registration information includes the device identifier, a service identifier that identifies the registered service, and a policy of the registered service to be followed by the persistence cloud service based on the persistence information associated with the client device.
Example 5 may include the subject matter of any one of Examples 1-4, wherein the device identifier is based on a Media Access Control (MAC) address of the client device.
Example 6 may include the subject matter of any one of Examples 1-5, wherein the persistence information includes a device status assigned to the client device.
Example 7 may include the subject matter of Example 6, wherein the device status includes one or more of: an indication that the client device is in a normal state, an indication that the client device has been lost or stolen, an indication that activity at the client device is suspicious, an indication that usage of the client device should follow a defined set of policies, and an indication of a location of the client device.
Example 8 may include the subject matter of any one of Examples 1-7, wherein the requesting of persistence information includes providing, to the persistence cloud server, a service identifier that identifies the registered service.
Example 9 may include the subject matter of any one of Examples 1-8, wherein the level of service includes one or more of allowing full access to the registered service, denying access to the registered service, providing limited access to the registered service, and invoking further security actions.
Example 10 may include the subject matter of Example 9, wherein the providing limited access to the registered service includes one or more of: limiting types of actions that can be conducted, limiting quantities involved in actions that can be conducted, and limiting a local area in which actions can be conducted.
Example 11 may include the subject matter of any one of Examples 9-10, wherein the invoking further security actions includes one or more of: executing further authentication checks, locking accounts associated with the registered service, locking the client device, and deleting data from the client device.
Example 12 may include the subject matter of any one of Examples 1-11, wherein the processing instructions are further adapted to direct the processor to: receive, from the client device, login information of the user of the client device; and provide a device state change notification to the persistence cloud server based on the login information.
Example 13 may include an apparatus associated with a service registered with a persistence cloud service comprising means for receiving, from a client device, a device identifier that identifies the client device to the registered service; means for requesting, from a persistence cloud server associated with the persistence cloud service, persistence information associated with the device identifier; means for receiving the persistence information; means for determining a level of service to provide to the client device based on the persistence information; and means for providing the level of service to the client device.
Example 14 may include a router registered with a persistence cloud service, comprising a processor and a memory in communication with the processor, the memory having stored therein a plurality of processing instructions adapted to direct the processor to: receive, from a client device, a device identifier that identifies the client device; request, from a persistence cloud server associated with the persistence cloud service, persistence information associated with the device identifier; receive the persistence information; determine a level of service to provide based on the persistence information: and provide the level of service to the client device.
Example 15 may include the subject matter of Example 14, wherein the persistence information includes a device status assigned to the client device.
Example 16 may include the subject matter of Example 15, wherein the device status includes one or more of: an indication that the client device is in a normal state, an indication that the client device has been lost or stolen, an indication that activity at the client device is suspicious, an indication that usage of the client device should follow a defined set of policies, and an indication of a location of the client device.
Example 17 may include the subject matter of any one of Examples 14-16, wherein the requesting of persistence information includes providing, to the persistence cloud server, a router identifier that identifies the registered router.
Example 18 may include the subject matter of any one of Examples 14-17, wherein the level of service includes one or more of: allowing full network access, denying network access, providing limited network access, and invoking further security actions.
Example 19 may include a method of providing a service to a client device comprising: receiving, from a client device, a device identifier that identifies the client device; requesting, from a persistence cloud server associated with a persistence cloud service, persistence information associated with the device identifier; receiving the persistence information; determining a level of service to provide to the client device based on the persistence information; and providing the level of service to the client device.
Example 20 may include the subject matter of Example 19, wherein providing the level of service comprises providing an indication of the level of service to the client device, the level of service indication indicating how a client application associated with a service registered with the persistence cloud service is to proceed at the client device.
In Example 21, the subject matter of any one of Examples 19-20 may optionally include determining whether the client device is registered with the persistence cloud service; in response to determining that the client device is not registered with the persistence cloud service, sending a request to the client device inquiring whether to register the client device with the persistence cloud service; and in response to determining that the client device is to be registered with the persistence cloud service, sending registration information associated with the client device to the persistence cloud server.
In Example 22, the subject matter of any one of Examples 19-21 may optionally include receiving, from the client device, login information of the user of the client device; and providing a device state change notification to the persistence cloud server based on the login information.
Example 23 may include a non-transitory computer-readable medium storing control logic to instruct a processor of a computing device to: receive, from a client device, a device identifier that identifies the client device; request, from a persistence cloud server associated with a persistence cloud service, persistence information associated with the device identifier; receive the persistence information; determine a level of service to provide to the client device based on the persistence information; and provide the level of service to the client device.
Example 24 may include the subject matter of Example 23, wherein the providing of the level of service comprises providing an indication of the level of service to the client device, the level of service indication indicating how a client application associated with a service registered with the persistence cloud service is to proceed at the client device.
Example 25 may include the subject matter of any one of Examples 23-24, wherein the control logic is implemented to further instruct the processor to: determine whether the client device is registered with the persistence cloud service; in response to determining that the client device is not registered with the persistence cloud service, send a request to the client device inquiring whether to register the client device with the persistence cloud service; and in response to determining that the client device is to be registered with the persistence cloud service, send registration information associated with the client device to the persistence cloud server.
Example 26 may include the subject matter of any one of Examples 23-25, wherein the control logic is implemented to further instruct the processor to: receive, from the client device, login information of the user of the client device; and provide a device state change notification to the persistence cloud server based on the login information.
Example 27 may include a persistence cloud server associated with a persistence cloud service, comprising a processor and memory in communication with the processor, the memory having stored therein a plurality of processing instructions adapted to direct the processor to: receive, from a first computing device associated with a first service registered with the persistence cloud service, a client device update for a client device registered with the persistence cloud service; update client device persistence information associated with the client device based on the client device update; receive from a second computing device associated with a second service registered with the persistence cloud service, a request for the client device persistence information; and provide the client device persistence information to the second computing device.
Example 28 may include the subject matter of Example 27, wherein the second computing device is a router.
Example 29 may include the subject matter of Example 27, wherein the receiving the request for the client device persistence information includes receiving a service identifier that identifies the second registered service.
Example 30 may include the subject matter of Example 29, wherein the processing instructions are further adapted to direct the processor to verify, based on the received service identifier, that the second registered service is registered with the persistence cloud service.
Example 31 may include the subject matter of any one of Examples 27-30, wherein the client device persistence information includes a client device status assigned to the client device.
Example 32 may include the subject matter of Example 31, wherein the client device status includes one or more of: an indication that the client device is in a normal state, an indication that the client device has been lost or stolen, an indication that activity at the client device is suspicious, an indication that usage of the client device should follow a defined set of policies, and an indication of a location of the client device.
Example 33 may include the subject matter of any one of Examples 31-32, wherein the processing instructions are further adapted to direct the processor to: receive, from the second computing device, registration information for the client device, the registration information including a device identifier that identifies the client device, a service identifier that identifies the second registered service, and a policy set of the second registered service to be followed by the persistence cloud service based on the client device status; and store the registration information.
Example 34 may include the subject matter of Example 33, wherein the device identifier is based on a Media Access Control (MAC) address of the client device.
Example 35 may include the subject matter of any one of Examples 33-34, wherein the policy set includes one or both of: instructions pertaining to how the persistence cloud server should update the client device status based on a subsequent client device update from the second server, and instructions pertaining to what information to include as the client device persistence information provided to the second server based on the client device status.
Example 36 may include an apparatus associated with a persistence cloud service comprising means for receiving, from a first computing device associated with a first service registered with the persistence cloud service, a client device update for a client device registered with the persistence cloud service; means for updating client device persistence information associated with the client device based on the client device update; means for receiving from a second computing device associated with a second service registered with the persistence cloud service, a request for the client device persistence information; and means for providing the client device persistence information to the second computing device.
Example 37 may include a method of providing a persistence cloud service to registered services, comprising receiving, from a first computing device associated with a first service registered with the persistence cloud service, a client device update for a client device registered with the persistence cloud service; updating client device persistence information associated with the client device based on the client device update; receiving, from a second computing device associated with a second service registered with the persistence cloud service, a request for the client device persistence information; and providing the client device persistence information to the second computing device.
In Example 38, the subject matter of Example 37 may optionally include receiving, from the second computing device, registration information for the client device, the registration information including a device identifier that identifies the client device, a service identifier that identifies the second registered service, and a policy set of the second registered service to be followed by the persistence cloud service based on the client device persistence information; and storing the registration information.
Example 39 may include a non-transitory computer-readable medium storing control logic to instruct a processor of a computing device to: receive, from a first computing device associated with a first service registered with a persistence cloud service, a client device update for a client device registered with the persistence cloud service; update client device persistence information associated with the client device based on the client device update; receive, from a second computing device associated with a second service registered with the persistence cloud service, a request for the client device persistence information; and provide the client device persistence information to the second computing device.
Example 40 may include the subject matter of claim 39, wherein the control logic is implemented to further instruct the processor to: receive, from the second computing device, registration information for the client device, the registration information including a device identifier that identifies the client device, a service identifier that identifies the second registered service, and a policy set of the second registered service to be followed by the persistence cloud service based on the client device persistence information; and store the registration information.
Example 41 may include at least one machine readable medium comprising a plurality of instructions that in response to being executed on a computing device, cause the computing device to carry out the method of any one of Examples 18-21.
Example 42 may include a computer system to perform the method of any one of Examples 19-22.
Example 43 may include an apparatus configured to perform the method of any one of Examples 19-22.
Example 44 may include a machine to perform the method of any one of Examples 19-22.
Example 45 may include an apparatus comprising means for performing the method of any one of Examples 19-22.
Example 46 may include at least one machine readable medium comprising a plurality of instructions that in response to being executed on a computing device, cause the computing device to carry out the method of any one of Examples 19-22.
Example 47 may include a computer system to perform the method of any of Examples 37-38.
Example 48 may include an apparatus configured to perform the method of any one of Examples 37-38.
Example 49 may include a machine to perform the method of any of Examples 37-38.
Example 50 may include an apparatus comprising means for performing the method of any one of Examples 37-38.
The systems, methods, and computer program products described herein have an advantage of providing a universally centralized alert system that may provide immediate seamless protection for both client device users and virtually any services consumed by those users against improprietous use of those client devices. The more services registered with the persistence cloud service, the better the protection provided, as any registered service could report suspicious device activity to the system to be shared with the other registered services. Ideally, the services registered with the persistence cloud service may include some type of anti-theft service that could inform other services of the loss or theft of a device prior to the next use of their services by that device. Use of this system may even be useful in locating a lost or stolen client device and/or its perpetrator, as usage of the client device could potentially be tracked by the persistence cloud service. In this scenario, the more services registered with the persistence cloud service, the more thorough the tracking of the device. Another service that would be useful if registered with the persistence cloud service is a data backup service. If, for example, a client device has been reported as lost or stolen, a registered data backup service that may be associated with the client device may potentially be triggered to perform an unscheduled backup of the device, if the device is detected, such that data is backed up prior to a perpetrator attempting to wipe the device clean.
Another advantage of the PCS system is in its enterprise usages. A company may keep track of the user devices that it issues to its employees by, for example, the MAC address of each device or some other hardware identification. In the affiliate policy provided to the persistence cloud service for each of its devices, specific instructions can be provided as to what should happen to each device given any potential breach of security reported by the system. For example, if the device has been reported as lost or stolen, a data backup and/or data wipe of the device may be triggered to minimize any data loss or breach. In another example, the policy may provide instructions as to what level of access a specific device should have. If an employee of the company is a manager or a systems administrator or one having some key role in the company, that person's device may be allowed more extensive access to the company's systems and settings than other employees. Many other advantages and uses are also contemplated.
| Filing Document | Filing Date | Country | Kind | 371c Date |
|---|---|---|---|---|
| PCT/US13/31386 | 3/14/2013 | WO | 00 | 1/30/2014 |
