All material in this document, including the figures, is subject to copyright protections under the laws of the United States and other countries. The owner has no objection to the reproduction of this document or its disclosure as it appears in official governmental records. All other rights are reserved.
Short-range wireless communications technologies and related standards such as Near Field Communications (NFC)1, RFID2, and Bluetooth3 have grown in popularity and usage in recent years, in part due to the growing popularity of “smartphones”, tablet computers, and other mobile computing and communications devices. The advent and growing prevalence of short range wireless technologies on mobile handsets and other communications and computing devices are leading to new opportunities for utilizing these technologies in ways that can make particular use of their short range, for example for security applications in which longer range signal interception would be undesirable, and for specialized marketing opportunities that can be coupled with confirmed device presence at a location or near a specific asset or item.
Certain early-proposed uses of short-range wireless communications such as NFC fall within the general subject area of access control, The use of a pair of wireless communications units for controlling access to a physical area closed by a door, and utilizing a transmitted access code, and with one wireless unit having a range of less than ten meters, is presented in U.S. Pat. No. 7,796,012. Another personnel access control system involving mobile wireless devices, and based on pairs of NFC devices, is presented in US patent publication 2012/0220216. The use of NFC to remotely modify access credentials, and to control access to certain assets, within a secure access system, is presented in U.S. Pat. No. 8,150,374. In U.S. Pat. No. 8,127,337, a system incorporating short-range wireless communications and transmission and use of biometric templates is presented, in Which one or more privacy policies regarding permissible dissemination of the information in the biometric template are associated with the communications.
In the present application, we disclose certain novel uses of short-range wireless communications such as NFC in regard to management of specific capabilities and functions of mobile devices. Our application considers and presents uses of both passive NFC elements (“tags”), and active NFC devices, in both location-based and non-location-based situations.
The following describes preferred embodiments. However, the invention is not limited to those embodiments. The description that follows is for purpose of illustration and not limitation. Other systems, methods, features and advantages will be or will become apparent to one skilled in the art upon examination of the figures and detailed description. It is intended that all such additional systems, methods, features, and advantages be included within this description, be within the scope of the inventive subject matter, and be protected by the accompanying claims.
Aspects of the invention, including attestation and related concepts, can be implemented and utilized to both facilitate and augment such policy-based access control and management systems and methods, including ways in which attestation can be beneficially utilized in mobile computing security and mobile handset management.
U.S. patent application Ser. No. 13/945,677 discloses a system for policy-based access control and management for mobile computing devices, the disclosure of which is incorporated as if fully set forth herein, Such a system is summarized in
Short-range wireless technologies such as NFC can be beneficially utilized to complement and augment such a policy-based access control and management system.
In the embodiment represented in
Additional embodiments include active NFC devices rather than passive NFC tags.
In a further embodiment, the handset may be used as a “badge” to access a protected facility in which taking pictures is not allowed. In this manner, a person such as an employee can use the handset as a badge when arriving and leaving. During the time that person is at the facility, the PDP responses ensure that the handset complies with the security policies specific for the protected facility or room within the facility. In one embodiment, such a facility would be a health club where a policy might disallow camera in the locker room. In another embodiment, a school may wish to disallow phone capabilities such as texting in an examination room, or a movie theater may wish to disable audible phone capabilities and alerts, except for emergency calls, in theaters during movie presentations, and possibly also to limit phone screen brightness in the theater during movie presentations. These are just examples. Further embodiments are contemplated by the invention, and will immediately become apparent to a person of ordinary skill in the art.
For any embodiment with active or passive NFC devices presented above, specialized reporting functions are contemplated by the invention for presenting the accumulated handset data, for example, relating to a venue such as a meeting room. In one embodiment, a report may contain data such as the total number of handsets N that are currently present in the room, based upon swipes at the NFC reader at the entrance into the meeting room. N may then be compared with other counts of meeting room attendees such as from a show of hands or other method, or with the expected number of conference attendees, for purposes such as data validation, or as a security measure to detect unauthorized attendees, or to gauge conference participation levels by comparison with expected attendance levels.
Also contemplated are embodiments for use with multiple meeting rooms within a given venue, such as a conference with parallel meeting sessions in separate rooms. In such an embodiment, a distinct NFC reader would be provided for each room. A hierarchy of deployments of “layered” access controls is also contemplated, for cases such as overall building or conference access control with subsequent access control to rooms within the building or conference. One simple example of such a layered embodiment is represented in
Apart from the location-specific situations such as those involving meeting rooms presented above, other embodiments represent useful and convenient ways to manage and control sets of handset capabilities through policy invocation involving NFC tags used as PCPs. For example, as given tag with a unique identifier may simply be coupled with a specific policy or set of policies on the PDP that are then caused to be examined by the PDP when the tag is read or “consumed” by a handset, without necessarily any reference to a room or other location. In this manner, such a tag is in essence a token representing and triggering specific sets of policies to be active. A simplified representation of this is provided in flowchart form in
As another example of the aforementioned embodiments, an enterprise may enable a visitor's handset to temporarily comply with the enterprise's security policies. To have the enablement happen, the visitor may go to the enterprise's security officer who scans the handset and checks it in. From that point, the handset follows the enterprise's security policies regardless of the visitor's specific location, until the handset is checked out. In further embodiments, additional potential capability enablement on presentation of the handset to an NFC tag at an entry point of a secured facility could include the activation, of video chat software or other application software on the handset to enable communication and further authentication with security personnel or systems. In such embodiments, security personnel or an automated system could provide further instructions to the handset user, conduct a live verification or authentication, with successful verification or authentication then resulting in triggering of door opening, local wireless network access, and to enablement of other capabilities or access to services.
In certain embodiments, policy authoring and query processing for our system, as well as device capability control and policy enforcement, may typically be controlled by a 3rd party such as a network carrier or other communications service provider. This presents certain business opportunities for such a service provider, which are contemplated by the invention. In one embodiment, the service provider may offer to manage and provide policy-based control of handsets to an enterprise or other entity, for a fee such as a subscription fee or per-service fee, or per-handset fee. In another embodiment, a communications carrier may provide blockage of handset camera usage to a business customer such as a health club, as a service offering for a fee. These are but a few embodiments that will immediately become apparent to a person of ordinary skill.
While many embodiments described herein refers to wireless technologies collectively known as Near Field Communications (NFC), the invention contemplates that other wireless as well as wired communications and locating technologies may be substituted for NFC. Such technologies include but are not restricted to geo-location technologies such as the Global Positioning System (GPS), or visibility or proximity of a beacon, cell tower, or similar device, as well as use of network adapter and network adapter Media Address Control (MAC) address and Internet Protocol (IP) address, or combination of these technologies. Furthermore, while the term “handset” and similar terms are used throughout this disclosure, it is used as a representative term for brevity reasons. The invention contemplates substitution of any computing device with appropriate communication capabilities for a typical handset, such as any phone, tablet, or other computing device with the requisite capabilities.
1. NFC Forum (2007), “Near Field Communication and the NFC. Forum: The Keys to Truly Interoperable Communications” (PDF), http://www.nfc-forum.org, retrieved Oct. 30, 2012
2. Landt, Jerry (2001), “Shrouds of Time: The history of RFID”, AIM, Inc, pp 5-7
3. Bluetooth Special Interest Group website, “A Look at the Basics of Bluetooth Wireless Technology”, http:www.bluetooth.com/Pages/Basics.aspx, retrieved Oct. 29, 2012
This application claims priority to U.S. provisional application 61/746,533 filed on Dec. 27, 2012. In addition, this application is a continuation-impart of U.S. application Ser. No. 14/062,849 filed on Oct. 24, 2013, which claims benefit to U.S. provisional application 61/718,660, filed on Oct. 25, 2012. This application is also a continuation-in-part of U.S. application Ser. No. 13/945,677 filed on Jul. 18, 2013, which claims benefit to US provisional application 61/673,220, filed on Jul. 18, 2012. This application incorporates the disclosures of all applications mentioned in this paragraph by reference as if Lilly set forth herein.
Filing Document | Filing Date | Country | Kind |
---|---|---|---|
PCT/US13/78004 | 12/27/2013 | WO | 00 |
Number | Date | Country | |
---|---|---|---|
61746533 | Dec 2012 | US |
Number | Date | Country | |
---|---|---|---|
Parent | 13945677 | Jul 2013 | US |
Child | 14655148 | US | |
Parent | 14062849 | Oct 2013 | US |
Child | 13945677 | US |