US20060075075A1 - Method and system to contextually initiate synchronization services on mobile terminals in an enterprise environment - Google Patents

Method and system to contextually initiate synchronization services on mobile terminals in an enterprise environment Download PDF

Info

Publication number
US20060075075A1
US20060075075A1 US10/954,197 US95419704A US2006075075A1 US 20060075075 A1 US20060075075 A1 US 20060075075A1 US 95419704 A US95419704 A US 95419704A US 2006075075 A1 US2006075075 A1 US 2006075075A1
Authority
US
United States
Prior art keywords
mobile device
wireless
wireless mobile
access point
context
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US10/954,197
Inventor
Jouni Malinen
Jussi Maki
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nokia Oyj
Original Assignee
Nokia Oyj
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Assigned to NOKIA CORPORATION reassignment NOKIA CORPORATION ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: MAKI, JUSSI E., MALINEN, JOUNI I.
Priority to US10/954,197 priority Critical patent/US20060075075A1/en
Application filed by Nokia Oyj filed Critical Nokia Oyj
Priority to US11/126,288 priority patent/US20060073788A1/en
Priority to JP2007534104A priority patent/JP2008515310A/en
Priority to EP05784420A priority patent/EP1803253A1/en
Priority to PCT/IB2005/002782 priority patent/WO2006043132A1/en
Priority to EP05850648A priority patent/EP1794935A4/en
Priority to KR1020077009959A priority patent/KR100981937B1/en
Priority to CN200580033243.4A priority patent/CN101032128B/en
Priority to US11/576,476 priority patent/US7983682B2/en
Priority to PCT/IB2005/002820 priority patent/WO2006048706A1/en
Publication of US20060075075A1 publication Critical patent/US20060075075A1/en
Abandoned legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W48/00Access restriction; Network selection; Access point selection
    • H04W48/16Discovering, processing access restriction or access information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M1/00Substation equipment, e.g. for use by subscribers
    • H04M1/72Mobile telephones; Cordless telephones, i.e. devices for establishing wireless links to base stations without route selection
    • H04M1/724User interfaces specially adapted for cordless or mobile telephones
    • H04M1/72448User interfaces specially adapted for cordless or mobile telephones with means for adapting the functionality of the device according to specific conditions
    • H04M1/72457User interfaces specially adapted for cordless or mobile telephones with means for adapting the functionality of the device according to specific conditions according to geographic location
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M1/00Substation equipment, e.g. for use by subscribers
    • H04M1/72Mobile telephones; Cordless telephones, i.e. devices for establishing wireless links to base stations without route selection
    • H04M1/724User interfaces specially adapted for cordless or mobile telephones
    • H04M1/72403User interfaces specially adapted for cordless or mobile telephones with means for local support of applications that increase the functionality
    • H04M1/72406User interfaces specially adapted for cordless or mobile telephones with means for local support of applications that increase the functionality by software upgrading or downloading
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M1/00Substation equipment, e.g. for use by subscribers
    • H04M1/72Mobile telephones; Cordless telephones, i.e. devices for establishing wireless links to base stations without route selection
    • H04M1/724User interfaces specially adapted for cordless or mobile telephones
    • H04M1/72448User interfaces specially adapted for cordless or mobile telephones with means for adapting the functionality of the device according to specific conditions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/18Processing of user or subscriber data, e.g. subscribed services, user preferences or user profiles; Transfer of user or subscriber data

Definitions

  • the invention disclosed broadly relates to context-dependent services for mobile terminals and more particularly relates to context dependent security features in communication, to properly authenticate and secure communication links for short range RF devices based on the current context of the device.
  • Short-range mobile wireless devices frequently come within communicating range of stationary wireless devices, known as access points, which are connected to wireline local area networks (LANs) or wide area networks (WANs).
  • the mobile wireless device can form a wireless link with a nearby access point to enable communication with network servers.
  • the network servers can provide services to the mobile wireless devices, which can be customized to the particular access point currently nearest to and communicating with the mobile device.
  • An example is a business enterprise's office building having a lobby area with an access point near the entrance and various offices and access points distributed within the interior of the building.
  • a first access point in the lobby can provide to visitors copies of company brochures and office maps that are downloaded to their mobile devices from a network server.
  • a second access point within a company employee's private office can provide copies of company confidential documents downloaded to the employee's mobile device from the network server.
  • Short-range wireless networks include both wireless personal area networks (“PANs”) and wireless local area network (“WLANs”). Both of these networks have the common feature of operating in unlicensed portions of the radio spectrum, usually either in the 2.4 GHz Industrial, Scientific, and Medical (ISM) band or the 5 GHz Unlicensed-National Information Infrastructure (“U-NII”) band.
  • Wireless personal area networks use low cost, low power wireless devices that have a typical range of ten meters.
  • Bluetooth The best-known example of wireless personal area network technology is the Bluetooth Standard, which operates in the 2.4 GHz ISM band.
  • Bluetooth is a short-range radio network, originally intended as a cable replacement. It can be used to create ad hoc networks of up to eight devices operating together.
  • the Bluetooth Specification describes the basic security features of the Bluetooth technology in its Chapter 14.
  • the Bluetooth system provides usage protection and information confidentiality at the application layer and at the link layer.
  • the authentication and encryption routines are implemented in the same way, using the device's address BD_ADDR, two secret keys, and a random number which is different for each new transaction.
  • What is needed in the prior art is a method to customize security features for short range RF devices and access points based on the current context of the mobile device.
  • wireless local area network technology examples include the IEEE 802.11 Wireless LAN Standard and the HIPERLAN Standard, which operate in the 5 GHz U-NII band.
  • the IEEE 802.11 Wireless LAN Standard is published in three parts as IEEE 802.11-1999; IEEE 802.11a-1999; and IEEE 802.11b-1999, which are available from the IEEE, Inc. web site http://grouper.ieee.org/groups/802/11.
  • An overview of the HIPERLAN Type 2 principles of operation is provided in the Broadband Radio Access Networks (BRAN), HIPERLAN Type 2; System Overview , ETSI TR 101 683 VI.I.1 (2000-02).
  • Ultra Wideband (UWB) radio a wireless technology for transmitting digital data over a wide spectrum of frequency bands with very low power.
  • UWB Ultra Wideband
  • An Ultra Wideband (UWB) standard published by the IEEE 802.15.3a task group is a “classical” direct sequence version of UWB for Personal Area Networking.
  • the mobile device, the wireless access point, and the network server in the network each include security context middleware that responds to the detected location of the mobile device to provide customized security services to the mobile device.
  • the security context middleware enables detecting, authenticating and registering the mobile device and encrypting its communications based on pre-specified security feature descriptions stored in the network server.
  • the system administrator or a system management program can assign particular security features to individual access points in the network.
  • the security features can be pre-specified based on the location of the access point, the identity of the user's mobile device, other characteristics of the user or the user's device, ambient conditions, such as the time of day, and the classification of any services requested by the mobile device.
  • a mobile device moves into the communication domain of an access point, its presence is detected by the access point, a basic connection is established between the device and the access point, and the presence of the device is registered at the network server.
  • the network server can then classify any service requested by the mobile device, such as synchronization to applications residing on another server and consider such service request as a factor in establishing an appropriate security feature to apply to the mobile device. For example, if the mobile device has requested synchronization with a confidential email or calendar service to update the mobile device, a high security will be assigned to the wireless connection between the mobile device and the access point.
  • the network server can then access a security context database to obtain the pre-specified security features corresponding to the location of the access point, the identity of the user's mobile device, other characteristics of the user or the user's device, ambient conditions, such as the time of day, and classification of any service requested by the mobile device.
  • the network server obtains a middleware command from the database corresponding to the pre-specified security feature.
  • the middleware command then is transmitted from the network server to the access point and to the mobile device.
  • the middleware command invokes the particular security processing routine in the middleware of both the mobile device and the access point to implement the pre-specified security feature.
  • the middleware command can also invoke a corresponding security processing routine in the network server when the server needs to participate in providing the security service to the mobile device.
  • Some of the factors considered by the security context middleware in determining the context of the mobile device include the mobile device's address BD_ADDR, the location of the access point, other available information about the mobile device, and the time of day.
  • Other environmental factors that can also be considered by the security context middleware in determining the context of the mobile device include day of the week, season of the year, temperature, light level, and other ambient characteristics.
  • the security context middleware can also classify any service requested by the mobile device, such as synchronization to applications residing on another server, and consider such service request as a factor in establishing an appropriate security feature to apply to the mobile device.
  • the network server is also responsible for maintaining additional information for comparing the determined context of the mobile device with threshold values of services that are pre-specified for the mobile device.
  • the network server can automatically synchronize the mobile device with email or calendar services, for example, on another server.
  • the network server can generate triggering events based on the comparison and send notices to the mobile device for suitable services or directly push service messages to the mobile device.
  • the network server can provide necessary information to third parties for initiating services to the mobile device based on the comparison. Third party services can be provided to the mobile device either through the connected access point or via a separate cellular telephone network connection.
  • the resulting invention solves the problem of providing context dependent security features for short range RF devices based on the current context of the device.
  • the invention can be applied to wireless personal area networks employing the Bluetooth Standard, and to wireless local area networks employing the IEEE 802.11 Wireless LAN Standard or the HIPERLAN Standard.
  • FIG. 1A is a network diagram according to an embodiment of the present invention showing a plurality of wireless access points 140 , 140 A, 140 B, and 140 C.
  • the LAN 142 interconnects the access points with the connectivity server 180 and the security context database 182 .
  • the user's wireless device 100 is shown at a first location near a first wireless access point 140 A and then later at a second location, near a second wireless access point 140 B.
  • FIG. 1B is a network diagram according to an embodiment of the present invention showing a modification in the topology of the network of FIG. 1A , where the access points are distributed within an office building.
  • the LAN 142 interconnects the access points with the connectivity server 180 .
  • Several servers are shown connected by means of the LAN to the access points, to provide business-related services when signaled by the access points.
  • FIG. 1C is a network diagram according to an embodiment of the present invention showing another modification in the topology of the network of FIG. 1A , in which there is a GSM antenna 105 as well as a Bluetooth or WLAN antenna 103 on the user's wireless device 100 .
  • a GSM cellular telephone network is an alternate way to communicate with the third party services server 190 , via a WAP protocol gateway and the Internet.
  • a barcode reader 141 is also shown connected by means of a Bluetooth link to the access point 140 A to enable control and use of the barcode reader by the user's mobile wireless device 100 .
  • FIG. 1D is a network diagram according to an embodiment of the present invention showing another modification in the topology of the network of FIG. 1A , in which the access points 140 A and 140 B are mobile and include a GPS position locator to establish their current locations.
  • a GSM cellular telephone subsystem in each access point enables it to communicate with the connectivity server over a wireless wide area network.
  • FIG. 2 is a flow diagram of the processing of a first middleware command type 3 to invoke security context middleware modules 602 , 702 , and 802 on the user's device 100 , the access point 140 B, and the connectivity server 180 , respectively, to implement a first security feature in response to detecting the user's device 100 at the access point 140 B according to an embodiment of the present invention.
  • FIG. 3 is a flow diagram of the processing of a second middleware command type 4 to invoke security context middleware modules 604 , 704 , and 804 on the user's device 100 , the access point 140 C, and the connectivity server 180 , respectively, to implement a second security feature in response to detecting the user's device at the access point 140 C according to an embodiment of the present invention.
  • FIG. 4 is a flow diagram of the processing of a third middleware command type 5 to effect a reprogramming of the access device 140 C.
  • the middleware command type 5 invokes security context middleware modules 606 , 706 , and 806 on the user's device 100 , the access point 140 C, and the connectivity server 180 , respectively, to implement a third, public key infrastructure security feature in response to detecting the user's device 100 at the access point 140 C according to an embodiment of the present invention.
  • FIG. 5A shows the security context database 182 and the security middleware commands table 182 according to an embodiment of the present invention.
  • FIG. 5B shows the security context database 182 and the security middleware commands table 182 ′ of FIG. 5A , where access point 140 C is reprogrammed to apply public key infrastructure when connected to the user's mobile device 100 according to an embodiment of the present invention.
  • FIG. 6 shows the security context middleware 10 in the user's device 100 according to an embodiment of the present invention.
  • FIG. 7 shows the security context middleware 10 ′ in each access point 140 , 140 A, B, C according to an embodiment of the present invention.
  • FIG. 8 shows the security context middleware 10 ′′ in the network server 180 according to an embodiment of the present invention.
  • FIG. 9 is another view of the network diagram of FIG. 1A , according to an embodiment of the present invention, showing various components of the user's wireless device 100 , the wireless access point 140 A, and the connectivity server 180 .
  • FIG. 1A is a network diagram according to an embodiment of the present invention showing a plurality of wireless access points 140 , 140 A, 140 B and 140 C.
  • the local area network (LAN) 142 interconnects the access points with the connectivity server 180 which in turn is connected to the security context database 182 .
  • the user's wireless device 100 is shown at a first location A near first wireless access point 140 A, and then at a later time is shown at a second location B near a second wireless access point 140 B.
  • Each respective access point has a corresponding coverage area 150 , 150 A, 150 B, 150 C, respectively.
  • Bluetooth wireless devices have typical coverage area of a radius of 10 meters.
  • IEEE 802.11 Wireless LAN devices and HIPERLAN Wireless LAN devices have a typical coverage area with a radius of 100 meters.
  • a user's wireless device 100 in FIG. 1 includes the microbrowser 102 , a key pad, and an application program 106 . Also included, in the user's wireless device is security context middleware 10 , which is shown in greater detail in FIG. 6 .
  • Each access point 140 , 140 A, 140 B and 140 C includes security context middleware 10 ′ which is shown in greater detail in FIG. 7 .
  • the connectivity server 180 includes a security context middleware 10 ′′ which is shown in greater detail in FIG. 8 .
  • the connectivity server 180 further includes the context manager 14 .
  • the connectivity server 180 is also connected to the internet 144 which is connected in turn to the WAP protocol gateway 188 which in turn is connected to the GSM access point 186 .
  • the security context middleware 10 stored in a memory of the user's wireless device 100 has a plurality of security process subroutines 602 , 604 and 606 of FIG. 6 which are selectable by a security processing middleware command issued by the context manager 14 .
  • the security context middleware program 10 ′ in the access points 140 , 140 A, 140 B and 104 C have a plurality of security process subroutines 702 , 704 and 706 of FIG. 7 , selectable by the security processing middleware command issued by the context manager 14 .
  • the security context middleware 10 ′′ in the connectivity server 180 has a plurality of security process subroutines 802 , 804 and 806 of FIG.
  • the context manager program 14 in the connectivity server 180 determines a context for the user's wireless mobile device 100 from a signal received from one of the access points 140 , 140 A, B, C indicating that the wireless mobile device is wirelessly connected to that access point.
  • the security context database 182 connected to the connectivity server 180 stores security feature data which is accessible by the determined context from the connectivity server 180 , to implement a security process.
  • the context manager 14 accesses the stored security feature data in the security context database 182 based on the determined context of the user's wireless device 100 in the vicinity of the access points 140 , 140 A, 140 B or 140 C.
  • the context manager 14 then sends the security processing middleware command representing the security feature data to the security context middleware program 10 ′′ in the connectivity server 180 , the security context middleware program 10 ′ in the access point connected to the user's wireless device 100 , and to the security context middleware 10 in the user's wireless device 100 .
  • the security processing middleware command then invokes the security process in the addressed subroutine in the wireless mobile device, in the access point and in the connectivity server 180 .
  • the security context database 182 and the security middleware commands table 182 ′ are shown in FIG. 5A .
  • a system administrator or a system control program will initialize the data in the security context database 182 to establish particular security features 294 for each of the access points 140 , 140 A, 140 B and 140 C when they are respectively wirelessly connected to the user's device 100 .
  • the security context database 182 will establish that the access point 140 A, when its wirelessly connected to any user device, as indicated in 284 , will have a type 1 security feature 294 .
  • the type 1 security feature will then invoke in the security middleware commands table 182 ′, basic Bluetooth security.
  • the type 1 security processing middleware command will be transmitted by the connectivity server 180 to the security context middleware 10 ′′ in the server 180 , to the access point 140 A and its security context middleware 10 ′, and to the user's wireless device 100 which is wirelessly connected to the access point 140 A, for the security context middleware 10 in the user's wireless device 100 .
  • a system administrator has assigned security features 294 to each of the access points 140 , 140 A, 140 B and 140 C when they are respectively wirelessly connected to particular user wireless devices.
  • Column 284 of the database 182 indicates which user devices are permitted to be assigned a security feature.
  • Column 286 specifies whether other terminal data is to be required before security features are assigned.
  • Column 288 specifies whether particular time of day intervals are required before security features are assigned.
  • Column 292 specifies one or more services which are provided to the user's wireless device 100 when it is wirelessly connected to each of the respective access 140 , 140 A, 140 B and 140 C.
  • column 294 indicates the security feature assigned by the system administrator to the respective access points and to the user's wireless device 100 when it is connected to the respective access points.
  • the security middleware commands table 182 ′ enables the system administrator to programmatically change the security feature assigned to a particular access point and wireless device connected thereto. Five types of security features are shown in the table 182 ′. Type 1 is a basic Bluetooth security. Type 2 uses an acceptable address list with the specified wireless device addresses.
  • Type 3 requires a link key and 128-bit encryption and a dynamic point-to-point protocol (PPP) user name and password.
  • Type 4 increases the security from type 3 by providing a terminal key and an encrypted link key plus the 128-bit encryption and the dynamic PPP user name/password.
  • Type 5 security feature is a public key infrastructure (PKI) security feature wherein there is a public key encryption of a random link and 128-bit bulk encryption.
  • PKI public key infrastructure
  • FIG. 1B is a network diagram according to an embodiment of the present invention showing a modification in the topology of the network of FIG. 1A where the access points are distributed within an office building 148 .
  • the local area network (LAN) 142 connects the access points 140 , 140 A, 140 B and 140 C with the connectivity server 180 .
  • Several servers are shown connected by means of the LAN 142 to the access points, to provide business related services when signaled by the access points.
  • a company confidential information server 190 and a company confidential information database 191 are connected to the LAN 142 .
  • An accounts department server 192 and an accounts department database 193 are connected to the LAN 142 .
  • a docking station server 194 and a docking station database 195 are connected to the LAN 142 .
  • a room lighting server 196 and a room lighting database 197 are connected to the LAN 142 .
  • the office building 148 has a front entrance 152 and a lobby coverage area 150 A where is located the access point 140 A.
  • Next in the office building 148 is the office coverage area 150 with the access point 140 .
  • Next in the office building 148 is the office coverage area 150 B with the access point 140 B, which is a docking station.
  • the office building 148 has a coverage area 150 C with the access point 140 C which is a cashier terminal.
  • a lighting control 198 is connected from the room lighting server 196 to the lights in the respective coverage areas of the office building 148 , as shown in FIG. 1B .
  • the access point 140 A establishes a wireless connection with the user's wireless device.
  • the mobile wireless device establishes a wireless connection with the access point 140 B, for example, when the user places the wireless device 100 into the docking station.
  • the Access Point 140 B periodically transmits inquiry packets to discover which mobile devices are in range, and determine the addresses and clocks for the devices. If a mobile device 100 that receives the inquiry packets is in the inquiry scan state, it will then enter the inquiry response state and send an inquiry response 202 to the Access Point 140 B.
  • the Access Point 140 B can compare the received address with a list of addresses of devices that are authorized to receive services and can proceed to establish a connection with an authorized mobile device.
  • the comparison can also be based on other information about the mobile device 100 , such as the class of device (CoD) field, and the list can identify those devices that are to be accepted or alternately blocked from receiving certain types of services.
  • a connection can be established by the Access Point 140 B with a paging procedure using the Bluetooth device address of the mobile device 100 .
  • the Access Point 140 B having established the connection will automatically be the master of the connection.
  • step 200 the user's wireless device sends an inquiry response 202 to the access point 140 B and receives a page 204 from the access point.
  • the access point receives the inquiry response packet from user's device 100 .
  • basic connection is established between the user's wireless device 100 and the access point 140 B.
  • an initial request for services can be sent by the mobile device 100 to the access point 140 B, such as requesting synchronization of received email or synchronization of a calendar.
  • a signal is transmitted from the access point 140 B over the LAN 142 to the connectivity server 180 where the asynchronous connectionless link (ACL) is validated in step 208 .
  • Step 207 can then classify any services requested by the mobile device 100 and pass the classification information to the next step 209 where it is considered as a factor in establishing an appropriate security feature to apply to the mobile device 100 .
  • ACL asynchronous connectionless link
  • the connectivity server 180 accesses the security context database 182 for security features to apply to the connection between the user's wireless device 100 and the access point 140 B. This is done in step 210 using the access point address, user's device ID, any required terminal information about the user's device, the time of day and the class of service requested by the mobile device. Referring for a moment to the security context database 182 of FIG. 5A , it is seen that these various factors are considered in the selection of a security feature, such as, specific identities of acceptable mobile wireless devices, other terminal data and time of day.
  • the corresponding security processing middleware command is sent on path 211 to the access point 140 B.
  • the access point 140 B implements the accessed security features in the security middleware 702 in the access point.
  • the security processing middleware command is also transmitted over path 213 to the user's device 100 where in step 214 it implements the accessed security features in the security middleware 602 in the user's device 100 .
  • Step 210 in the connectivity server 180 then proceeds to step 215 which generates a link key which is transmitted via the access point 140 B to the user's device 100 , as step 216 in the subroutine 602 of the security context middleware 10 , where it initiates security settings.
  • step 215 proceeds to step 225 which sets the link key for Bluetooth 128-bit encryption.
  • This information is then provided to the access point 140 B the step 222 in the subroutine 702 of the security context middleware 10 ′, to establish an authenticated and encrypted middleware connection with the user's device.
  • step 216 in the user's device 100 proceeds to step 218 to establish the authenticated and encrypted middleware connection with the access point over path 220 .
  • Step 222 in the access point 140 B then proceeds to step 224 where the middleware connection is established and this information is then passed back to the connectivity server 180 step 226 which generates the dynamic point-to-point protocol user name and password for additional access control.
  • the flow then passes to step 228 to forward the PPP user name and password to the access point and the user device.
  • Step 230 of the access point 140 B forwards the PPP user name and password to the user device and also applies it to step 236 .
  • step 232 establishes the authenticated and encrypted IP connection with the access point and flow passes to step 234 .
  • Step 234 and 236 then establish over path 235 an authenticated and encrypted IP connection.
  • the connectivity server 180 in step 238 accesses the context database 182 for services available to the user's device using the access point's address, the user's device ID, terminal information, time, and service requests.
  • the network server can automatically synchronize the mobile device with email or calendar services on another server.
  • FIG. 5A shows that for a connection between the user's device 100 and the access point 140 B, services allowed to the user's device include lighting from the lighting server 196 and docking facility services from the docking station server 194 in FIG. 1B .
  • FIG. 3 illustrates this different implementation of security features according to an embodiment of the present invention.
  • the subroutine 604 of the security context middleware 10 in the user's wireless device 100 is invoked by command type 4.
  • Steps 200 - 214 in FIG. 3 are the same as in FIG. 2 , except that step 210 has accessed the context security context database 182 and has obtained a type 4 security feature which it distributes as a command type 4 to the access point 140 C, the user's device 100 and the security context middleware 10 ′′ in the connectivity server 180 .
  • Step 210 passes to step 302 which generates a terminal key which is transmitted via the access point 140 C to the user's device 100 step 304 of subroutine 604 of the security context middleware 10 , where the terminal key is stored.
  • Step 302 in the connectivity server 180 passes to step 306 which constructs a random link key and encrypts it with a terminal key.
  • the encrypted link key is then transmitted via the access point 140 C to step 308 in the user's device 100 where the encrypted link key is opened with the terminal key.
  • step 306 in the connectivity server 180 passes to step 310 which sets the link key for Bluetooth 128-bit encryption and this information is then passed to step 312 of the access point 140 C.
  • step 308 passes to step 314 which establishes an authenticated and encrypted middleware connection with the access point via the path 316 .
  • step 312 of the access point 140 C establishes an authenticated and encrypted middleware connection with the user's device.
  • step 322 which forwards the PPP user name and password to the access point 140 and the user's device 100 .
  • Step 324 in the access point 140 C forwards the PPP user name and password to the user device.
  • Step 326 and the user device 100 establishes authenticated and encrypted IP connection with the access point.
  • the flow then passes to step 234 where the connection is established over the path 235 to the corresponding step 236 in the access point where the connection is established.
  • flow passes in connectivity server 180 from step 322 to step 328 to access the context database 182 for services available to the user's device using the access point address, the user's device ID, terminal information and time.
  • alternate security features are applied to access point 140 B when connected to alternate mobile devices. Additionally, alternate security features can be applied to access point 140 and the mobile device 100 based on class of services requested by the user's mobile device 100 . As an example, if the mobile device 100 has requested synchronization with a non-confidential email or calendar service, a low security type 2 security feature is assigned to the wireless connection between the mobile device 100 and the access point 140 . Alternately, if the mobile device 100 has requested synchronization with a confidential email or calendar service, a high security type 5 security feature is assigned to the wireless connection between the mobile device 100 and the access point 140 . The requested synchronization with the email or calendar service can then be carried out in step 238 of FIGS. 2, 3 , or 4 after the appropriate security feature is established for the wireless connection.
  • FIG. 5B illustrates the security context database 182 , wherein the system administrator or a system control program has reprogrammed the access point 140 C for public key infrastructure when connected to the user's device 100 according to an embodiment of the present invention. It is seen that a type 5 security feature is specified in the database 182 which corresponds to the public key encryption middleware command shown in the commands table 182 ′.
  • FIG. 4 illustrates the flow of steps in establishing the public key infrastructure authentication and encryption for the user's wireless device 100 at the access point 140 C which have a wireless connection established there between.
  • the connectivity server 180 distributes the public/private key pairs with certificates of authority in step 402 to the access point 140 C in step 404 and to the user's device 100 in step 406 .
  • steps 200 - 214 are the same as in the FIGS. 2 and 3 except that step 210 accesses the security context database 182 and obtains the security feature for public key infrastructure and the corresponding command type 5 which it distributes over path 211 to the access point 140 C and path 213 to the user's device 100 . Then the step 212 of the access point 140 C passes to step 408 which sends the access point's public key and its certificate to the user's device. At step 410 in the user's device 100 , a random link key is generated and then in step 412 , the user's device sends the user's public key and the user's certificate plus the public key encrypted random link key to the access point 140 C.
  • the access point 140 C forwards the user's certificate to the server 180 for validation and sends and acknowledgement back to the user in step 414 .
  • the user's certificate is validated in step 416 and the flow passes to step 418 which constructs a random 128-bit PIN for Bluetooth 128-bit encryption and this information is passed to step 420 of the access point 140 C.
  • Step 420 in the access point establishes an authenticated and encrypted middleware connection with the user's device.
  • Step 422 in the user's device establishes the authenticated and encrypted middleware connection with the access point 140 C over path 424 .
  • Flow then passes from step 422 to 426 to establish an authenticated and encrypted IP connection with the access point 140 C over path 430 and correspondingly the access point establishes the authenticated and encrypted connection with the user's device.
  • This information is then passed to step 238 in the connectivity server 180 where the security context database 182 is accessed for services available to user's device using the access point address, the user's device ID, terminal information, time of day, and services requested.
  • FIG. 1C shows an alternate embodiment for the network of FIGS. 1A and 1B , wherein a GSM cellular telephone communication subsystem is included in the wireless mobile device 100 .
  • This enables communication between the user's wireless device 100 and third party services server 190 for providing service to the wireless device via the cellular telephone communication's subsystem.
  • Communications is maintained over the internet 144 via the WAP protocol gateway 188 to the GSM access point 186 which communicates wirelessly with the GSM antenna 105 of the user's wireless device 100 .
  • FIG. 1C further shows a barcode reader 141 connected by means of Bluetooth communications software 143 and a Bluetooth RF link to the Bluetooth access point 140 A to enable control and use of the barcode reader 141 from the user's mobile wireless device 100 .
  • the application program 106 in the wireless mobile device 100 is programmed to control and use the barcode reader 141 to read a barcode of an article, such as a universal product code (UPC), and to have the value read from the UPC forwarded via the access point 140 A to the application program 181 in the connectivity server 180 .
  • UPC universal product code
  • application program 106 invokes the middleware 10 in the user's wireless device 100 , the middleware 10 ′ in the access point 140 A, and the middleware 10 ′′ in the connectivity server 180 .
  • Appropriate context and security processes are carried out by the access point 140 A and connectivity server 180 , as discussed above, to authenticate the user's device 100 and the barcode reader 141 and establish their respective secure connections with the access point 140 A.
  • the wireless mobile device 100 can control the barcode reader 141 to read a barcode of an article and forward the value read from the UPC via the access point 140 A to the application program 181 in the connectivity server 180 .
  • This feature of the invention to enable the user's mobile device to control and use a barcode reader can be extended to the control and use of other types of devices.
  • Bluetooth-enabled portable measurement devices can be controlled and used by an application program in the user's mobile device, to send their measurements to a server via distributed access points.
  • An example is a Bluetooth-enabled portable air flow monitor to measure the air circulation in an office building and upload the measurements to a server via access points distributed around the office building.
  • FIG. 6 shows the security context middleware 10 in the user's device 100 according to an embodiment of the present invention, which includes the subroutine 602 responsive to command type 3, the subroutine 604 responsive to the command type 4, and the subroutine 606 responsive to the command type 5.
  • FIG. 7 shows the security context middleware 10 ′ in each access point 140 , 140 A, 140 B and 140 C according to an embodiment of the present invention.
  • Security context middleware 10 ′ in the access point includes subroutine 702 responsive to command type 3, subroutine 704 responsive to command type 4, and the subroutine 706 responsive to command type 5 .
  • FIG. 8 shows the security context middleware 10 ′′ in the connectivity server 180 according to an embodiment of the present invention.
  • the subroutine 802 is responsive command type 3, subroutine 804 is responsive to command type 4, and subroutine 806 is responsive to command type 5 .
  • FIG. 9 is another view of the network diagram of FIG. 1 A , according to an embodiment of the present invention, showing some of the components of the user's wireless device 100 , the wireless access point 140 A, and the connectivity server 180 .
  • the wireless mobile device 100 includes the computer 902 and the memory 904 .
  • a Bluetooth wireless communications interface 906 wirelessly interfaces with the access point 140 A.
  • the Bluetooth communications program 908 establishes a wireless connection with the access point 140 A. Also shown is the middleware program 10 and the application program 106 .
  • FIG. 9 also shows some of the components of the wireless access point 140 A, which includes the computer 912 and the memory 914 .
  • a server interface 916 interfaces with the server 180 .
  • a Bluetooth wireless communications interface 918 wirelessly interfaces with the mobile wireless device 100 .
  • a communications program 920 establishes a wireless connection with the mobile device 100 and also provides context information to the server 180 over the LAN 142 . Also shown is the middleware program 10 ′.
  • FIG. 9 also shows some of the components of the connectivity server 180 , which includes the computer 922 and the memory 924 .
  • the context manager program 14 determines a context for the wireless mobile device 100 .
  • the database 182 stores security feature data.
  • the context manager 14 accesses the stored security feature data based on the determined context of the mobile device 100 and issues a command representing the security feature data. Also shown is the middleware program 10 ′′ and the application program 181 .
  • FIG. 1D is a network diagram showing another modification in the topology of the network of FIG. 1A , in which the access points 140 A′ and 140 B′ are mobile and include a GPS position locator to establish their current locations.
  • a GSM cellular telephone subsystem in each access point enables it to communicate with the connectivity server 180 over a wireless wide area network 142 ′.
  • the a cellular telephone communications subsystem can enable a third party to provide service to the user's wireless mobile device 100 via the wireless wide area network 142 ′.
  • At least some of the functions of the connectivity server 180 and context manager 14 can be contained within the access points 140 A and 140 B.
  • at least some of the functions of the security context database 182 can be contained within the access points 140 A and 140 B.

Abstract

A system and method are disclosed for providing security features to a wireless mobile device based upon its context when it establishes a wireless connection with different access points. A plurality of access points are connected to a connectivity server which includes a security context middleware. Each of the access points also includes a security context middleware. Furthermore, each mobile wireless device includes security context middleware. A context manager program in the server determines a context for a wireless mobile device from a signal received from an access point indicating that the wireless mobile device is wirelessly connected to the access point. A database connected to the server stores security feature data which is accessible by the determined context to implement a security process. The context manager accesses the stored security feature data based on the determined context and sends a command representing the security feature data to the middleware programs in the server, the access point and the mobile wireless device to implement the security process in the mobile wireless device.

Description

    FIELD OF THE INVENTION:
  • The invention disclosed broadly relates to context-dependent services for mobile terminals and more particularly relates to context dependent security features in communication, to properly authenticate and secure communication links for short range RF devices based on the current context of the device.
  • BACKGROUND OF THE INVENTION:
  • Short-range mobile wireless devices frequently come within communicating range of stationary wireless devices, known as access points, which are connected to wireline local area networks (LANs) or wide area networks (WANs). The mobile wireless device can form a wireless link with a nearby access point to enable communication with network servers. The network servers can provide services to the mobile wireless devices, which can be customized to the particular access point currently nearest to and communicating with the mobile device. An example is a business enterprise's office building having a lobby area with an access point near the entrance and various offices and access points distributed within the interior of the building. A first access point in the lobby can provide to visitors copies of company brochures and office maps that are downloaded to their mobile devices from a network server. A second access point within a company employee's private office can provide copies of company confidential documents downloaded to the employee's mobile device from the network server. Clearly, there are different requirements for user authentication and document security in these two examples. What is needed in the prior art is a method to provide context dependent security features for short range RF devices based on the current context of the device.
  • Short-range wireless networks include both wireless personal area networks (“PANs”) and wireless local area network (“WLANs”). Both of these networks have the common feature of operating in unlicensed portions of the radio spectrum, usually either in the 2.4 GHz Industrial, Scientific, and Medical (ISM) band or the 5 GHz Unlicensed-National Information Infrastructure (“U-NII”) band. Wireless personal area networks use low cost, low power wireless devices that have a typical range of ten meters.
  • The best-known example of wireless personal area network technology is the Bluetooth Standard, which operates in the 2.4 GHz ISM band. Bluetooth is a short-range radio network, originally intended as a cable replacement. It can be used to create ad hoc networks of up to eight devices operating together. The Bluetooth Special Interest Group, Specification Of The Bluetooth System, Volumes 1 and 2, Core and Profiles: Version 1.1, 22nd February, 2001, (hereinafter “Bluetooth Specification”) describes the principles of Bluetooth device operation and communication protocols. Bluetooth devices are designed to find other Bluetooth devices and access points within their ten meter radio communications range.
  • The Bluetooth Specification describes the basic security features of the Bluetooth technology in its Chapter 14. The Bluetooth system provides usage protection and information confidentiality at the application layer and at the link layer. In each Bluetooth device and access point, the authentication and encryption routines are implemented in the same way, using the device's address BD_ADDR, two secret keys, and a random number which is different for each new transaction. What is needed in the prior art is a method to customize security features for short range RF devices and access points based on the current context of the mobile device.
  • In addition to the Bluetooth technology, examples of wireless local area network technology include the IEEE 802.11 Wireless LAN Standard and the HIPERLAN Standard, which operate in the 5 GHz U-NII band. The IEEE 802.11 Wireless LAN Standard is published in three parts as IEEE 802.11-1999; IEEE 802.11a-1999; and IEEE 802.11b-1999, which are available from the IEEE, Inc. web site http://grouper.ieee.org/groups/802/11. An overview of the HIPERLAN Type 2 principles of operation is provided in the Broadband Radio Access Networks (BRAN), HIPERLAN Type 2; System Overview, ETSI TR 101 683 VI.I.1 (2000-02). Another example of wireless local area network technology is Ultra Wideband (UWB) radio, a wireless technology for transmitting digital data over a wide spectrum of frequency bands with very low power. An Ultra Wideband (UWB) standard published by the IEEE 802.15.3a task group is a “classical” direct sequence version of UWB for Personal Area Networking.
  • What is needed in the prior art is a method to customize security features for short-range mobile wireless devices and access points based on the current context of the mobile device.
  • SUMMARY OF THE INVENTION
  • The invention solves the problem of providing customizable, context dependent security features for short range RF devices based on the current context of the device. In accordance with the invention, the mobile device, the wireless access point, and the network server in the network each include security context middleware that responds to the detected location of the mobile device to provide customized security services to the mobile device. The security context middleware enables detecting, authenticating and registering the mobile device and encrypting its communications based on pre-specified security feature descriptions stored in the network server. The system administrator or a system management program can assign particular security features to individual access points in the network. The security features can be pre-specified based on the location of the access point, the identity of the user's mobile device, other characteristics of the user or the user's device, ambient conditions, such as the time of day, and the classification of any services requested by the mobile device.
  • When a mobile device moves into the communication domain of an access point, its presence is detected by the access point, a basic connection is established between the device and the access point, and the presence of the device is registered at the network server. The network server can then classify any service requested by the mobile device, such as synchronization to applications residing on another server and consider such service request as a factor in establishing an appropriate security feature to apply to the mobile device. For example, if the mobile device has requested synchronization with a confidential email or calendar service to update the mobile device, a high security will be assigned to the wireless connection between the mobile device and the access point.
  • The network server can then access a security context database to obtain the pre-specified security features corresponding to the location of the access point, the identity of the user's mobile device, other characteristics of the user or the user's device, ambient conditions, such as the time of day, and classification of any service requested by the mobile device. The network server obtains a middleware command from the database corresponding to the pre-specified security feature. The middleware command then is transmitted from the network server to the access point and to the mobile device. The middleware command invokes the particular security processing routine in the middleware of both the mobile device and the access point to implement the pre-specified security feature. The middleware command can also invoke a corresponding security processing routine in the network server when the server needs to participate in providing the security service to the mobile device.
  • Some of the factors considered by the security context middleware in determining the context of the mobile device include the mobile device's address BD_ADDR, the location of the access point, other available information about the mobile device, and the time of day. Other environmental factors that can also be considered by the security context middleware in determining the context of the mobile device include day of the week, season of the year, temperature, light level, and other ambient characteristics. The security context middleware can also classify any service requested by the mobile device, such as synchronization to applications residing on another server, and consider such service request as a factor in establishing an appropriate security feature to apply to the mobile device.
  • The network server is also responsible for maintaining additional information for comparing the determined context of the mobile device with threshold values of services that are pre-specified for the mobile device. The network server can automatically synchronize the mobile device with email or calendar services, for example, on another server. The network server can generate triggering events based on the comparison and send notices to the mobile device for suitable services or directly push service messages to the mobile device. In addition, the network server can provide necessary information to third parties for initiating services to the mobile device based on the comparison. Third party services can be provided to the mobile device either through the connected access point or via a separate cellular telephone network connection.
  • The resulting invention solves the problem of providing context dependent security features for short range RF devices based on the current context of the device.
  • The invention can be applied to wireless personal area networks employing the Bluetooth Standard, and to wireless local area networks employing the IEEE 802.11 Wireless LAN Standard or the HIPERLAN Standard.
  • DESCRIPTION OF THE FIGURES
  • FIG. 1A is a network diagram according to an embodiment of the present invention showing a plurality of wireless access points 140, 140A, 140B, and 140C. The LAN 142 interconnects the access points with the connectivity server 180 and the security context database 182. The user's wireless device 100 is shown at a first location near a first wireless access point 140A and then later at a second location, near a second wireless access point 140B.
  • FIG. 1B is a network diagram according to an embodiment of the present invention showing a modification in the topology of the network of FIG. 1A, where the access points are distributed within an office building. The LAN 142 interconnects the access points with the connectivity server 180. Several servers are shown connected by means of the LAN to the access points, to provide business-related services when signaled by the access points.
  • FIG. 1C is a network diagram according to an embodiment of the present invention showing another modification in the topology of the network of FIG. 1A, in which there is a GSM antenna 105 as well as a Bluetooth or WLAN antenna 103 on the user's wireless device 100. A GSM cellular telephone network is an alternate way to communicate with the third party services server 190, via a WAP protocol gateway and the Internet. A barcode reader 141 is also shown connected by means of a Bluetooth link to the access point 140A to enable control and use of the barcode reader by the user's mobile wireless device 100.
  • FIG. 1D is a network diagram according to an embodiment of the present invention showing another modification in the topology of the network of FIG. 1A, in which the access points 140A and 140B are mobile and include a GPS position locator to establish their current locations. A GSM cellular telephone subsystem in each access point enables it to communicate with the connectivity server over a wireless wide area network.
  • FIG. 2 is a flow diagram of the processing of a first middleware command type 3 to invoke security context middleware modules 602, 702, and 802 on the user's device 100, the access point 140B, and the connectivity server 180, respectively, to implement a first security feature in response to detecting the user's device 100 at the access point 140B according to an embodiment of the present invention.
  • FIG. 3 is a flow diagram of the processing of a second middleware command type 4 to invoke security context middleware modules 604, 704, and 804 on the user's device 100, the access point 140C, and the connectivity server 180, respectively, to implement a second security feature in response to detecting the user's device at the access point 140C according to an embodiment of the present invention.
  • FIG. 4 is a flow diagram of the processing of a third middleware command type 5 to effect a reprogramming of the access device 140C. The middleware command type 5 invokes security context middleware modules 606, 706, and 806 on the user's device 100, the access point 140C, and the connectivity server 180, respectively, to implement a third, public key infrastructure security feature in response to detecting the user's device 100 at the access point 140C according to an embodiment of the present invention.
  • FIG. 5A shows the security context database 182 and the security middleware commands table 182 according to an embodiment of the present invention.
  • FIG. 5B shows the security context database 182 and the security middleware commands table 182′ of FIG. 5A, where access point 140C is reprogrammed to apply public key infrastructure when connected to the user's mobile device 100 according to an embodiment of the present invention.
  • FIG. 6 shows the security context middleware 10 in the user's device 100 according to an embodiment of the present invention.
  • FIG. 7 shows the security context middleware 10′ in each access point 140, 140A, B, C according to an embodiment of the present invention.
  • FIG. 8 shows the security context middleware 10″ in the network server 180 according to an embodiment of the present invention.
  • FIG. 9 is another view of the network diagram of FIG. 1A, according to an embodiment of the present invention, showing various components of the user's wireless device 100, the wireless access point 140A, and the connectivity server 180.
  • DISCUSSION OF THE PREFERRED EMBODIMENT
  • FIG. 1A is a network diagram according to an embodiment of the present invention showing a plurality of wireless access points 140, 140A, 140B and 140C. The local area network (LAN) 142 interconnects the access points with the connectivity server 180 which in turn is connected to the security context database 182. The user's wireless device 100 is shown at a first location A near first wireless access point 140A, and then at a later time is shown at a second location B near a second wireless access point 140B. Each respective access point has a corresponding coverage area 150, 150A, 150B, 150C, respectively. Bluetooth wireless devices have typical coverage area of a radius of 10 meters. IEEE 802.11 Wireless LAN devices and HIPERLAN Wireless LAN devices have a typical coverage area with a radius of 100 meters. A user's wireless device 100 in FIG. 1 includes the microbrowser 102, a key pad, and an application program 106. Also included, in the user's wireless device is security context middleware 10, which is shown in greater detail in FIG. 6. Each access point 140, 140A, 140B and 140C includes security context middleware 10′ which is shown in greater detail in FIG. 7. The connectivity server 180 includes a security context middleware 10″ which is shown in greater detail in FIG. 8. The connectivity server 180 further includes the context manager 14. The connectivity server 180 is also connected to the internet 144 which is connected in turn to the WAP protocol gateway 188 which in turn is connected to the GSM access point 186.
  • In accordance with the invention, the security context middleware 10 stored in a memory of the user's wireless device 100, has a plurality of security process subroutines 602, 604 and 606 of FIG. 6 which are selectable by a security processing middleware command issued by the context manager 14. Similarly, the security context middleware program 10′ in the access points 140, 140A, 140B and 104C, have a plurality of security process subroutines 702, 704 and 706 of FIG. 7, selectable by the security processing middleware command issued by the context manager 14. Similarly, the security context middleware 10″ in the connectivity server 180 has a plurality of security process subroutines 802, 804 and 806 of FIG. 8 which are selectable by the security processing middleware command issued by the context manager 14. Further in accordance with the invention, the context manager program 14 in the connectivity server 180 determines a context for the user's wireless mobile device 100 from a signal received from one of the access points 140, 140A, B, C indicating that the wireless mobile device is wirelessly connected to that access point. The security context database 182 connected to the connectivity server 180 stores security feature data which is accessible by the determined context from the connectivity server 180, to implement a security process. The context manager 14 accesses the stored security feature data in the security context database 182 based on the determined context of the user's wireless device 100 in the vicinity of the access points 140, 140A, 140B or 140C. The context manager 14 then sends the security processing middleware command representing the security feature data to the security context middleware program 10″ in the connectivity server 180, the security context middleware program 10′ in the access point connected to the user's wireless device 100, and to the security context middleware 10 in the user's wireless device 100. The security processing middleware command then invokes the security process in the addressed subroutine in the wireless mobile device, in the access point and in the connectivity server 180.
  • The security context database 182 and the security middleware commands table 182′ are shown in FIG. 5A. A system administrator or a system control program will initialize the data in the security context database 182 to establish particular security features 294 for each of the access points 140, 140A, 140B and 140C when they are respectively wirelessly connected to the user's device 100. For example, the security context database 182 will establish that the access point 140A, when its wirelessly connected to any user device, as indicated in 284, will have a type 1 security feature 294. The type 1 security feature will then invoke in the security middleware commands table 182′, basic Bluetooth security. The type 1 security processing middleware command will be transmitted by the connectivity server 180 to the security context middleware 10″ in the server 180, to the access point 140A and its security context middleware 10′, and to the user's wireless device 100 which is wirelessly connected to the access point 140A, for the security context middleware 10 in the user's wireless device 100. As can be seen by inspection of the security context database 182 of FIG. 5A, a system administrator has assigned security features 294 to each of the access points 140, 140A, 140B and 140C when they are respectively wirelessly connected to particular user wireless devices. Column 284 of the database 182 indicates which user devices are permitted to be assigned a security feature. Column 286 specifies whether other terminal data is to be required before security features are assigned. Column 288 specifies whether particular time of day intervals are required before security features are assigned. Column 292 specifies one or more services which are provided to the user's wireless device 100 when it is wirelessly connected to each of the respective access 140, 140A, 140B and 140C. As was mentioned before, column 294 indicates the security feature assigned by the system administrator to the respective access points and to the user's wireless device 100 when it is connected to the respective access points. The security middleware commands table 182′ enables the system administrator to programmatically change the security feature assigned to a particular access point and wireless device connected thereto. Five types of security features are shown in the table 182′. Type 1 is a basic Bluetooth security. Type 2 uses an acceptable address list with the specified wireless device addresses. Type 3 requires a link key and 128-bit encryption and a dynamic point-to-point protocol (PPP) user name and password. Type 4 increases the security from type 3 by providing a terminal key and an encrypted link key plus the 128-bit encryption and the dynamic PPP user name/password. Type 5 security feature is a public key infrastructure (PKI) security feature wherein there is a public key encryption of a random link and 128-bit bulk encryption.
  • FIG. 1B is a network diagram according to an embodiment of the present invention showing a modification in the topology of the network of FIG. 1A where the access points are distributed within an office building 148. The local area network (LAN) 142 connects the access points 140, 140A, 140B and 140C with the connectivity server 180. Several servers are shown connected by means of the LAN 142 to the access points, to provide business related services when signaled by the access points. A company confidential information server 190 and a company confidential information database 191 are connected to the LAN 142. An accounts department server 192 and an accounts department database 193 are connected to the LAN 142. A docking station server 194 and a docking station database 195 are connected to the LAN 142. A room lighting server 196 and a room lighting database 197 are connected to the LAN 142. The office building 148 has a front entrance 152 and a lobby coverage area 150A where is located the access point 140A. Next in the office building 148 is the office coverage area 150 with the access point 140. Next in the office building 148 is the office coverage area 150B with the access point 140B, which is a docking station. Lastly, the office building 148 has a coverage area 150C with the access point 140C which is a cashier terminal. A lighting control 198 is connected from the room lighting server 196 to the lights in the respective coverage areas of the office building 148, as shown in FIG. 1B. When the user's wireless device 100 enters the office building 148 through the front entrance 152, into the lobby coverage area 150A, the access point 140A establishes a wireless connection with the user's wireless device. As the user's wireless device proceeds through the office building 148 to the office 2 coverage area 150B, the mobile wireless device establishes a wireless connection with the access point 140B, for example, when the user places the wireless device 100 into the docking station.
  • Reference to FIG. 2 illustrates the sequence of operational steps that take place beginning at this point according to an embodiment of the present invention. In the preferred embodiment, the Access Point 140B periodically transmits inquiry packets to discover which mobile devices are in range, and determine the addresses and clocks for the devices. If a mobile device 100 that receives the inquiry packets is in the inquiry scan state, it will then enter the inquiry response state and send an inquiry response 202 to the Access Point 140B. The Access Point 140B can compare the received address with a list of addresses of devices that are authorized to receive services and can proceed to establish a connection with an authorized mobile device. The comparison can also be based on other information about the mobile device 100, such as the class of device (CoD) field, and the list can identify those devices that are to be accepted or alternately blocked from receiving certain types of services. After the inquiry procedure has completed, a connection can be established by the Access Point 140B with a paging procedure using the Bluetooth device address of the mobile device 100. The Access Point 140B having established the connection will automatically be the master of the connection.
  • In step 200 the user's wireless device sends an inquiry response 202 to the access point 140B and receives a page 204 from the access point. Correspondingly, the access point receives the inquiry response packet from user's device 100. After inquiry and paging signals are exchanged, basic connection is established between the user's wireless device 100 and the access point 140B. At this point, an initial request for services can be sent by the mobile device 100 to the access point 140B, such as requesting synchronization of received email or synchronization of a calendar. A signal is transmitted from the access point 140B over the LAN 142 to the connectivity server 180 where the asynchronous connectionless link (ACL) is validated in step 208. Step 207 can then classify any services requested by the mobile device 100 and pass the classification information to the next step 209 where it is considered as a factor in establishing an appropriate security feature to apply to the mobile device 100.
  • Then passing to the path 209 the connectivity server 180 accesses the security context database 182 for security features to apply to the connection between the user's wireless device 100 and the access point 140B. This is done in step 210 using the access point address, user's device ID, any required terminal information about the user's device, the time of day and the class of service requested by the mobile device. Referring for a moment to the security context database 182 of FIG. 5A, it is seen that these various factors are considered in the selection of a security feature, such as, specific identities of acceptable mobile wireless devices, other terminal data and time of day. When the corresponding security feature 294 is identified in the database 182, in this case it is a type 3 security feature, the corresponding security processing middleware command is sent on path 211 to the access point 140B. In step 212, the access point 140B implements the accessed security features in the security middleware 702 in the access point. The security processing middleware command is also transmitted over path 213 to the user's device 100 where in step 214 it implements the accessed security features in the security middleware 602 in the user's device 100.
  • Step 210 in the connectivity server 180 then proceeds to step 215 which generates a link key which is transmitted via the access point 140B to the user's device 100, as step 216 in the subroutine 602 of the security context middleware 10, where it initiates security settings. In the connectivity server 180, step 215 proceeds to step 225 which sets the link key for Bluetooth 128-bit encryption. This information is then provided to the access point 140B the step 222 in the subroutine 702 of the security context middleware 10′, to establish an authenticated and encrypted middleware connection with the user's device. Correspondingly, step 216 in the user's device 100 proceeds to step 218 to establish the authenticated and encrypted middleware connection with the access point over path 220. Step 222 in the access point 140B then proceeds to step 224 where the middleware connection is established and this information is then passed back to the connectivity server 180 step 226 which generates the dynamic point-to-point protocol user name and password for additional access control. The flow then passes to step 228 to forward the PPP user name and password to the access point and the user device. Step 230 of the access point 140B, forwards the PPP user name and password to the user device and also applies it to step 236. In the user's device 100, step 232 establishes the authenticated and encrypted IP connection with the access point and flow passes to step 234. Step 234 and 236 then establish over path 235 an authenticated and encrypted IP connection. Then the connectivity server 180 in step 238 accesses the context database 182 for services available to the user's device using the access point's address, the user's device ID, terminal information, time, and service requests. The network server can automatically synchronize the mobile device with email or calendar services on another server. Reference to FIG. 5A shows that for a connection between the user's device 100 and the access point 140B, services allowed to the user's device include lighting from the lighting server 196 and docking facility services from the docking station server 194 in FIG. 1B.
  • If the user's device 100 were now to pass to the cashier coverage area 150C in FIG. 1B, a wireless connection is established with the access point 140C, which invokes a different set of security features, as is shown in FIG. 3. Reference to the security context database 182 in FIG. 5A shows that the system administrator has assigned a type 4 security feature to the user's device 100 when it establishes a wireless connection with the access point 140C in the cashier's coverage area 150C. The flow diagram in FIG. 3 illustrates this different implementation of security features according to an embodiment of the present invention. Here it is seen that the subroutine 604 of the security context middleware 10 in the user's wireless device 100 is invoked by command type 4. Further it is seen that the subroutine 704 in the security context middleware 10′ in access point 140C is invoked by the command type 4. Further, it is seen that the subroutine 804 in the security context middleware 10″ is invoked in the connectivity server 180 in response to the command type 4. Steps 200-214 in FIG. 3 are the same as in FIG. 2, except that step 210 has accessed the context security context database 182 and has obtained a type 4 security feature which it distributes as a command type 4 to the access point 140C, the user's device 100 and the security context middleware 10″ in the connectivity server 180. Step 210 passes to step 302 which generates a terminal key which is transmitted via the access point 140C to the user's device 100 step 304 of subroutine 604 of the security context middleware 10, where the terminal key is stored. Step 302 in the connectivity server 180 passes to step 306 which constructs a random link key and encrypts it with a terminal key. The encrypted link key is then transmitted via the access point 140C to step 308 in the user's device 100 where the encrypted link key is opened with the terminal key. Then step 306 in the connectivity server 180 passes to step 310 which sets the link key for Bluetooth 128-bit encryption and this information is then passed to step 312 of the access point 140C. In the user's device 100, step 308 passes to step 314 which establishes an authenticated and encrypted middleware connection with the access point via the path 316. Correspondingly, step 312 of the access point 140C establishes an authenticated and encrypted middleware connection with the user's device. Then flow passes from step 312 to step 318 in the access point 140C where the middleware connection is established and this information is then passed to step 320 of the connectivity server 180 where the step generates a dynamic PPP user name and password for additional access control. Flow then passes to step 322 which forwards the PPP user name and password to the access point 140 and the user's device 100. Step 324 in the access point 140C forwards the PPP user name and password to the user device. Step 326 and the user device 100 establishes authenticated and encrypted IP connection with the access point. The flow then passes to step 234 where the connection is established over the path 235 to the corresponding step 236 in the access point where the connection is established. Then flow passes in connectivity server 180 from step 322 to step 328 to access the context database 182 for services available to the user's device using the access point address, the user's device ID, terminal information and time.
  • It is seen in FIG. 5A that alternate security features are applied to access point 140B when connected to alternate mobile devices. Additionally, alternate security features can be applied to access point 140 and the mobile device 100 based on class of services requested by the user's mobile device 100. As an example, if the mobile device 100 has requested synchronization with a non-confidential email or calendar service, a low security type 2 security feature is assigned to the wireless connection between the mobile device 100 and the access point 140. Alternately, if the mobile device 100 has requested synchronization with a confidential email or calendar service, a high security type 5 security feature is assigned to the wireless connection between the mobile device 100 and the access point 140. The requested synchronization with the email or calendar service can then be carried out in step 238 of FIGS. 2, 3, or 4 after the appropriate security feature is established for the wireless connection.
  • FIG. 5B illustrates the security context database 182, wherein the system administrator or a system control program has reprogrammed the access point 140C for public key infrastructure when connected to the user's device 100 according to an embodiment of the present invention. It is seen that a type 5 security feature is specified in the database 182 which corresponds to the public key encryption middleware command shown in the commands table 182′. FIG. 4 illustrates the flow of steps in establishing the public key infrastructure authentication and encryption for the user's wireless device 100 at the access point 140C which have a wireless connection established there between. In an initial provisioning phase, the connectivity server 180 distributes the public/private key pairs with certificates of authority in step 402 to the access point 140C in step 404 and to the user's device 100 in step 406. Then in the later connection phase, steps 200-214 are the same as in the FIGS. 2 and 3 except that step 210 accesses the security context database 182 and obtains the security feature for public key infrastructure and the corresponding command type 5 which it distributes over path 211 to the access point 140C and path 213 to the user's device 100. Then the step 212 of the access point 140C passes to step 408 which sends the access point's public key and its certificate to the user's device. At step 410 in the user's device 100, a random link key is generated and then in step 412, the user's device sends the user's public key and the user's certificate plus the public key encrypted random link key to the access point 140C. Correspondingly, the access point 140C forwards the user's certificate to the server 180 for validation and sends and acknowledgement back to the user in step 414. In the connectivity server 180, the user's certificate is validated in step 416 and the flow passes to step 418 which constructs a random 128-bit PIN for Bluetooth 128-bit encryption and this information is passed to step 420 of the access point 140C. Step 420 in the access point establishes an authenticated and encrypted middleware connection with the user's device. Step 422 in the user's device establishes the authenticated and encrypted middleware connection with the access point 140C over path 424. Flow then passes from step 422 to 426 to establish an authenticated and encrypted IP connection with the access point 140C over path 430 and correspondingly the access point establishes the authenticated and encrypted connection with the user's device. This information is then passed to step 238 in the connectivity server 180 where the security context database 182 is accessed for services available to user's device using the access point address, the user's device ID, terminal information, time of day, and services requested.
  • FIG. 1C shows an alternate embodiment for the network of FIGS. 1A and 1B, wherein a GSM cellular telephone communication subsystem is included in the wireless mobile device 100. This enables communication between the user's wireless device 100 and third party services server 190 for providing service to the wireless device via the cellular telephone communication's subsystem. Communications is maintained over the internet 144 via the WAP protocol gateway 188 to the GSM access point 186 which communicates wirelessly with the GSM antenna 105 of the user's wireless device 100.
  • FIG. 1C further shows a barcode reader 141 connected by means of Bluetooth communications software 143 and a Bluetooth RF link to the Bluetooth access point 140A to enable control and use of the barcode reader 141 from the user's mobile wireless device 100. As an example, the application program 106 in the wireless mobile device 100 is programmed to control and use the barcode reader 141 to read a barcode of an article, such as a universal product code (UPC), and to have the value read from the UPC forwarded via the access point 140A to the application program 181 in the connectivity server 180. In order to accomplish this example, application program 106 invokes the middleware 10 in the user's wireless device 100, the middleware 10′ in the access point 140A, and the middleware 10″ in the connectivity server 180. Appropriate context and security processes are carried out by the access point 140A and connectivity server 180, as discussed above, to authenticate the user's device 100 and the barcode reader 141 and establish their respective secure connections with the access point 140A. After secure connections are established between the access point 140A and the user's device 100 and between the access point 140A and the barcode reader 141, the wireless mobile device 100 can control the barcode reader 141 to read a barcode of an article and forward the value read from the UPC via the access point 140A to the application program 181 in the connectivity server 180. This feature of the invention to enable the user's mobile device to control and use a barcode reader can be extended to the control and use of other types of devices. For example, Bluetooth-enabled portable measurement devices can be controlled and used by an application program in the user's mobile device, to send their measurements to a server via distributed access points. An example is a Bluetooth-enabled portable air flow monitor to measure the air circulation in an office building and upload the measurements to a server via access points distributed around the office building.
  • FIG. 6 shows the security context middleware 10 in the user's device 100 according to an embodiment of the present invention, which includes the subroutine 602 responsive to command type 3, the subroutine 604 responsive to the command type 4, and the subroutine 606 responsive to the command type 5. FIG. 7 shows the security context middleware 10′ in each access point 140, 140A, 140B and 140C according to an embodiment of the present invention. Security context middleware 10′ in the access point includes subroutine 702 responsive to command type 3, subroutine 704 responsive to command type 4, and the subroutine 706 responsive to command type 5. FIG. 8 shows the security context middleware 10″ in the connectivity server 180 according to an embodiment of the present invention. The subroutine 802 is responsive command type 3, subroutine 804 is responsive to command type 4, and subroutine 806 is responsive to command type 5.
  • FIG. 9 is another view of the network diagram of FIG. 1 A, according to an embodiment of the present invention, showing some of the components of the user's wireless device 100, the wireless access point 140A, and the connectivity server 180. The wireless mobile device 100 includes the computer 902 and the memory 904. A Bluetooth wireless communications interface 906 wirelessly interfaces with the access point 140A. The Bluetooth communications program 908 establishes a wireless connection with the access point 140A. Also shown is the middleware program 10 and the application program 106.
  • FIG. 9 also shows some of the components of the wireless access point 140A, which includes the computer 912 and the memory 914. A server interface 916 interfaces with the server 180. A Bluetooth wireless communications interface 918 wirelessly interfaces with the mobile wireless device 100. A communications program 920 establishes a wireless connection with the mobile device 100 and also provides context information to the server 180 over the LAN 142. Also shown is the middleware program 10′.
  • FIG. 9 also shows some of the components of the connectivity server 180, which includes the computer 922 and the memory 924. The context manager program 14 determines a context for the wireless mobile device 100. The database 182 stores security feature data. The context manager 14 accesses the stored security feature data based on the determined context of the mobile device 100 and issues a command representing the security feature data. Also shown is the middleware program 10″ and the application program 181.
  • FIG. 1D is a network diagram showing another modification in the topology of the network of FIG. 1A, in which the access points 140A′ and 140B′ are mobile and include a GPS position locator to establish their current locations. A GSM cellular telephone subsystem in each access point enables it to communicate with the connectivity server 180 over a wireless wide area network 142′. The a cellular telephone communications subsystem can enable a third party to provide service to the user's wireless mobile device 100 via the wireless wide area network 142′.
  • In an alternate embodiment of the invention, at least some of the functions of the connectivity server 180 and context manager 14 can be contained within the access points 140A and 140B. Similarly, at least some of the functions of the security context database 182 can be contained within the access points 140A and 140B.
  • Although specific embodiments of the invention has been disclosed, a person skilled in the art will understand that changes can be made to the specific embodiment without departing from the spirit and scope of the invention.

Claims (133)

1. A system to provide security features to a wireless mobile device based on its context, comprising:
a first middleware program stored in a memory of a wireless mobile device, having a plurality of security process subroutines selectable by a command;
a second middleware program stored in a memory of a wireless access point device, having a plurality of security process subroutines selectable by said command;
a third middleware program stored in a memory of a server in a network coupled to said access point device, having a plurality of security process subroutines selectable by said command;
a context manager program in said server for determining a context for said wireless mobile device from a signal received from said access point indicating that said wireless mobile device is wirelessly connected to said access point;
a database coupled to said server for storing security feature data accessible by said determined context to implement a security process;
said context manager accessing said stored security feature data based on said determined context and sending a command representing said security feature data to said first, second, and third middleware programs to implement said security process in said wireless mobile device, said access point device, and said server, respectively.
2. The system of claim 1, which further comprises:
said database storing service data accessible by said determined context to implement a service;
said context manager accessing said stored service data based on said determined context and sending a message representing said service data to said wireless mobile device to implement said service in said wireless mobile device.
3. The system of claim 1, which further comprises:
said database storing third-party message data accessible by said determined context to implement a service;
said context manager accessing said stored third-party message data based on said determined context and sending a message representing said message data to a third party for providing said wireless mobile device a service.
4. The system of claim 3, which further comprises:
a Bluetooth communications subsystem in said wireless mobile device;
a Bluetooth communications subsystem in said wireless access point device;
said context manager program determining said context for said wireless mobile device from a signal received from said access point indicating that said Bluetooth communications subsystems have established a connection between said wireless mobile device and said access point;
a cellular telephone communications subsystem in said wireless mobile device;
said third party selectively providing said service to said wireless mobile device via said cellular telephone communications subsystem or said Bluetooth communications subsystem.
5. The system of claim 3, which further comprises:
an IEEE 802.11 wireless LAN communications subsystem in said wireless mobile device;
an IEEE 802.11 wireless LAN communications subsystem in said wireless access point device;
said context manager program determining said context for said wireless mobile device from a signal received from said access point indicating that said IEEE 802.11 wireless LAN communications subsystems have established a connection between said wireless mobile device and said access point;
a cellular telephone communications subsystem in said wireless mobile device;
said third party selectively providing said service to said wireless mobile device via said cellular telephone communications subsystem or said IEEE 802.11 wireless LAN communications subsystem.
6. The system of claim 1, which further comprises:
said context manager program further accessing said stored security feature data based on a type of service requested by said mobile device.
7. The system of claim 1, which further comprises:
said context manager program determining said context for said wireless mobile device from an identity of said access point and an identity of said wireless mobile device.
8. The system of claim 7, which further comprises:
said context manager program further determining said context for said wireless mobile device from a time of day said wireless mobile device connects to said access point.
9. The system of claim 1, which further comprises:
said security feature data stored in said database representing an authentication process accessible by said determined context to authenticate said wireless mobile device when wirelessly connected to said access point.
10. The system of claim 9, which further comprises:
said security feature data stored in said database representing a first authentication process to be applied to authenticating a first wireless mobile device and a second authentication process to be applied to authenticating a second wireless mobile device accessible by said determined context detected at said wireless access point.
11. The system of claim 1, which further comprises:
said security feature data stored in said database representing an encryption process accessible by said determined context to encrypt communications between said wireless mobile device and said access point.
12. The system of claim 11, which further comprises:
said security feature data stored in said database representing a first encryption process to be applied to encrypting a first wireless mobile device and a second encryption process to be applied to encrypting a second wireless mobile device accessible by said determined context detected at said wireless access point.
13. The system of claim 1, which further comprises:
said security feature data stored in said database representing a first selectable security process and a second selectable security process, which are alternately selectable by a system administrator to be applied when a wireless mobile device is detected by said context manager program to be at said wireless access point.
14. The system of claim 1, which further comprises:
said security feature data stored in said database representing a first selectable security process and a second selectable security process, which are alternately selectable by a control program to be applied when a wireless mobile device is detected by said context manager program to be at said wireless access point.
15. The system of claim 1, which further comprises:
a Bluetooth communications subsystem in said wireless mobile device;
a Bluetooth communications subsystem in said wireless access point device;
said context manager program determining said context for said wireless mobile device from a signal received from said access point indicating that said Bluetooth communications subsystems have established a connection between said wireless mobile device and said access point.
16. The system of claim 1, which further comprises:
an IEEE 802.11 wireless LAN communications subsystem in said wireless mobile device;
an IEEE 802.11 wireless LAN communications subsystem in said wireless access point device;
said context manager program determining said context for said wireless mobile device from a signal received from said access point indicating that said IEEE 802.11 wireless LAN communications subsystems have established a connection between said wireless mobile device and said access point.
17. The system of claim 1, which further comprises:
said context manager program classifying a service requested by said mobile device to synchronize to an application and establishing an appropriate security feature to apply to said mobile device based on said classification.
18. The system of claim 1, which further comprises:
said context manager comparing said determined context with threshold values of services for said mobile wireless device generating a triggering event when a comparison is satisfied.
19. The system of claim 18, which further comprises:
said triggering event initiating sending a message representing said service data to said wireless mobile device to implement said service in said wireless mobile device.
20. The system of claim 18, which further comprises:
said triggering event initiating pushing said service represented by said service data to said wireless mobile device.
21. A method to provide security features to a wireless mobile device based on its context, comprising:
storing a first middleware program in a memory of a wireless mobile device, having a plurality of security process subroutines selectable by a command; storing a second middleware program in a memory of a wireless access point device, having a plurality of security process subroutines selectable by said command;
storing a third middleware program in a memory of a server in a network coupled to said access point device, having a plurality of security process subroutines selectable by said command;
determining with a context manager program in said server a context for said wireless mobile device from a signal received from said access point indicating that said wireless mobile device is wirelessly connected to said access point;
storing in a database coupled to said server security feature data accessible by said determined context to implement a security process;
accessing with said context manager said stored security feature data based on said determined context and sending a command representing said security feature data to said first, second, and third middleware programs to implement said security process in said wireless mobile device, said access point device, and said server, respectively.
22. The method of claim 21, which further comprises:
said database storing service data accessible by said determined context to implement a service;
said context manager accessing said stored service data based on said determined context and sending a message representing said service data to said wireless mobile device to implement said service in said wireless mobile device.
23. The method of claim 21, which further comprises:
said database storing third-party message data accessible by said determined context to implement a service;
said context manager accessing said stored third-party message data based on said determined context and sending a message representing said message data to a third party for providing said wireless mobile device a service.
24. The method of claim 23, which further comprises:
operating a Bluetooth communications subsystem in said wireless mobile device;
operating a Bluetooth communications subsystem in said wireless access point device;
said context manager program determining said context for said wireless mobile device from a signal received from said access point indicating that said Bluetooth communications subsystems have established a connection between said wireless mobile device and said access point;
operating a cellular telephone communications subsystem in said wireless mobile device;
said third party selectively providing said service to said wireless mobile device via said cellular telephone communications subsystem or said Bluetooth communications subsystem.
25. The method of claim 23, which further comprises:
operating an IEEE 802.11 wireless LAN communications subsystem in said wireless mobile device;
operating an IEEE 802.11 wireless LAN communications subsystem in said wireless access point device;
said context manager program determining said context for said wireless mobile device from a signal received from said access point indicating that said IEEE 802.11 wireless LAN communications subsystems have established a connection between said wireless mobile device and said access point;
operating a cellular telephone communications subsystem in said wireless mobile device;
said third party selectively providing said service to said wireless mobile device via said cellular telephone communications subsystem or said IEEE 802.11 wireless LAN communications subsystem.
26. The method of claim 21, which further comprises:
said context manager program further accessing said stored security feature data based on a type of service requested by said mobile device.
27. The method of claim 21, which further comprises:
said context manager program determining said context for said wireless mobile device from an identity of said access point and an identity of said wireless mobile device.
28. The method of claim 27, which further comprises:
said context manager program further determining said context for said wireless mobile device from a time of day said wireless mobile device connects to said access point.
29. The method of claim 21, which further comprises:
said security feature data stored in said database representing an authentication process accessible by said determined context to authenticate said wireless mobile device when wirelessly connected to said access point.
30. The method of claim 29, which further comprises:
said security feature data stored in said database representing a first authentication process to be applied to authenticating a first wireless mobile device and a second authentication process to be applied to authenticating a second wireless mobile device accessible by said determined context detected at said wireless access point.
31. The method of claim 21, which further comprises:
said security feature data stored in said database representing an encryption process accessible by said determined context to encrypt communications between said wireless mobile device and said access point.
32. The method of claim 31, which further comprises:
said security feature data stored in said database representing a first encryption process to be applied to encrypting a first wireless mobile device and a second encryption process to be applied to encrypting a second wireless mobile device accessible by said determined context detected at said wireless access point.
33. The method of claim 21, which further comprises:
said security feature data stored in said database representing a first selectable security process and a second selectable security process, which are alternately selectable by a system administrator to be applied when a wireless mobile device is detected by said context manager program to be at said wireless access point.
34. The method of claim 21, which further comprises:
said security feature data stored in said database representing a first selectable security process and a second selectable security process, which are alternately selectable by a control program to be applied when a wireless mobile device is detected by said context manager program to be at said wireless access point.
35. The method of claim 21, which further comprises:
operating a Bluetooth communications subsystem in said wireless mobile device;
operating a Bluetooth communications subsystem in said wireless access point device;
said context manager program determining said context for said wireless mobile device from a signal received from said access point indicating that said Bluetooth communications subsystems have established a connection between said wireless mobile device and said access point.
36. The method of claim 21, which further comprises:
operating an IEEE 802.11 wireless LAN communications subsystem in said wireless mobile device;
operating an IEEE 802.11 wireless LAN communications subsystem in said wireless access point device;
said context manager program determining said context for said wireless mobile device from a signal received from said access point indicating that said IEEE 802.11 wireless LAN communications subsystems have established a connection between said wireless mobile device and said access point.
37. The method of claim 21, which further comprises:
said context manager program classifying a service requested by said mobile device to synchronize to an application, and
establishing an appropriate security feature to apply to said mobile device based on said classification.
38. The method of claim 21, which further comprises:
said context manager comparing said determined context with threshold values of services for said mobile wireless device generating a triggering event when a comparison is satisfied.
39. The method of claim 38, which further comprises:
said triggering event initiating sending a message representing said service data to said wireless mobile device to implement said service in said wireless mobile device.
40. The method of claim 38, which further comprises:
said triggering event initiating pushing said service represented by said service data to said wireless mobile device.
41. A system to provide security features to a wireless mobile device based on its context, comprising:
a first middleware program stored in a memory of a first wireless mobile device, having a plurality of security process subroutines selectable by a command;
a second middleware program stored in a memory of a second wireless device having a known current location, said middleware having a plurality of security process subroutines selectable by said command;
a context manager program in a server coupled to said second wireless device for determining a context for said first wireless mobile device when said first wireless mobile device is wirelessly connected to said second wireless device;
a database coupled to said server for storing security feature data accessible by said determined context to implement a security process;
said context manager accessing said stored security feature data based on said determined context and issuing a command representing said security feature data to said first and second middleware programs to implement said security process in said first wireless mobile device and said second wireless device, respectively.
42. The system of claim 41, which further comprises:
said server and said context manager are contained within said second wireless device.
43. The system of claim 42, which further comprises:
said database is contained within said second wireless device.
44. The system of claim 41, which further comprises:
said database storing service data accessible by said determined context to implement a service;
said context manager accessing said stored service data based on said determined context and providing said service data to said wireless mobile device to implement said service in said wireless mobile device.
45. The system of claim 41, which further comprises:
said database storing third-party message data accessible by said determined context to implement a service;
said context manager accessing said stored third-party message data based on said determined context and sending a message representing said message data to a third party for providing said wireless mobile device a service.
46. The system of claim 45, which further comprises:
a cellular telephone communications subsystem in said first wireless mobile device;
said third party selectively providing said service to said wireless mobile device via said cellular telephone communications subsystem or said second wireless device.
47. The system of claim 41, which further comprises:
said second wireless device is mobile and includes a location detector coupled to said context manager for providing said known current location.
48. The system of claim 47, which further comprises:
said server and said context manager are contained within said second wireless device.
49. The system of claim 48, which further comprises:
said database is contained within said second wireless device.
50. The system of claim 47, which further comprises:
said database storing service data accessible by said determined context to implement a service;
said context manager accessing said stored service data based on said determined context and providing said service data to said wireless mobile device to implement said service in said wireless mobile device.
51. The system of claim 47, which further comprises:
said database storing third-party message data accessible by said determined context to implement a service;
said context manager accessing said stored third-party message data based on said determined context and sending a message representing said message data to a third party for providing said wireless mobile device a service.
52. The system of claim 51, which further comprises:
a cellular telephone communications subsystem in said first wireless mobile device;
said third party providing said service to said wireless mobile device via said cellular telephone communications subsystem.
53. A server to provide security features to a wireless mobile device based on its context, comprising:
a computer coupled to a wireless access point;
a context manager program stored in a memory of the computer, for determining a context for a wireless mobile device when said wireless mobile device is wirelessly connected to said wireless access point;
a database coupled to said computer for storing security feature data accessible by said determined context to implement a security process;
said context manager accessing said stored security feature data based on said determined context and issuing a command representing said security feature data;
a middleware program stored in a memory of the computer, having a plurality of security process subroutines selectable by said command, to operatively interact with a first middleware program in said access point and a second middleware program in said mobile wireless device, to implement said security process in said first wireless mobile device and said second wireless device, respectively.
54. The server of claim 53, which further comprises:
said database storing service data accessible by said determined context to implement a service;
said context manager accessing said stored service data based on said determined context and providing said service data to said wireless mobile device to implement said service in said wireless mobile device.
55. The server of claim 53, which further comprises:
said database storing third-party message data accessible by said determined context to implement a service;
said context manager accessing said stored third-party message data based on said determined context and sending a message representing said message data to a third party for providing said wireless mobile device a service.
56. The server of claim 55, which further comprises:
said third party selectively providing said service to said wireless mobile device via a cellular telephone communications subsystem or said wireless access point.
57. The server of claim 53, which further comprises:
said wireless access point is mobile and includes a location detector coupled to said context manager for providing a known current location.
58. The server of claim 53, which further comprises:
said context manager program further accessing said stored security feature data based on a type of service requested by said wireless mobile device.
59. The server of claim 53, which further comprises:
said context manager program determining said context for said wireless mobile device from an identity of said access point and an identity of said wireless mobile device.
60. The server of claim 59, which further comprises:
said context manager program further determining said context for said wireless mobile device from a time of day said wireless mobile device connects to said access point.
61. The server of claim 53, which further comprises:
said security feature data stored in said database representing an authentication process accessible by said determined context to authenticate said wireless mobile device when wirelessly connected to said access point.
62. The server of claim 61, which further comprises:
said security feature data stored in said database representing a first authentication process to be applied to authenticating a first wireless mobile device and a second authentication process to be applied to authenticating a second wireless mobile device accessible by said determined context detected at said wireless access point.
63. The server of claim 53, which further comprises:
said security feature data stored in said database representing an encryption process accessible by said determined context to encrypt communications between said wireless mobile device and said access point.
64. The server of claim 63, which further comprises:
said security feature data stored in said database representing a first encryption process to be applied to encrypting a first wireless mobile device and a second encryption process to be applied to encrypting a second wireless mobile device accessible by said determined context detected at said wireless access point.
65. The server of claim 53, which further comprises:
said security feature data stored in said database representing a first selectable security process and a second selectable security process, which are alternately selectable by a system administrator to be applied when a wireless mobile device is detected by said context manager program to be at said wireless access point.
66. The server of claim 53, which further comprises:
said security feature data stored in said database representing a first selectable security process and a second selectable security process, which are alternately selectable by a control program to be applied when a wireless mobile device is detected by said context manager program to be at said wireless access point.
67. A wireless access point to provide security features to a wireless mobile device based on its context, comprising:
a computer coupled to a memory;
a server interface coupled to said computer, for interfacing with a server;
a wireless communications interface coupled to said computer, for wirelessly interfacing with a mobile wireless device;
a communications program stored in said memory, for establishing a wireless connection with said mobile device and providing context information to said server when said wireless mobile device is wirelessly connected to said wireless communications interface;
a middleware program stored in said memory, having a plurality of security process subroutines selectable by a command received from said server in response to said context information;
said command representing a security feature to be implemented in said access point and said wireless mobile device by one of said subroutines selected by said command.
68. The wireless access point of claim 67, which further comprises:
a context manager program coupled to said access point, for determining a context of said mobile device based on said context information.
69. The wireless access point of claim 68, which further comprises:
a database coupled to said access point for storing security feature data accessible by a determined context of said wireless mobile device, to implement a security process.
70. The wireless access point of claim 69, which further comprises:
said database storing service data accessible by said determined context to implement a service;
said context manager accessing said stored service data based on said determined context and providing said service data to said wireless mobile device to implement said service in said wireless mobile device.
71. The wireless access point of claim 69, which further comprises:
said database storing third-party message data accessible by said determined context to implement a service;
said context manager accessing said stored third-party message data based on said determined context and sending a message representing said message data to a third party for providing said wireless mobile device a service.
72. The wireless access point of claim 71, which further comprises:
said third party selectively providing said service to said wireless mobile device via a cellular telephone communications subsystem or said access point.
73. The wireless access point of claim 67, which further comprises:
a location detector coupled to said access point for providing a known current location of said access point to said context manager.
74. The wireless access point of claim 69, which further comprises:
a Bluetooth communications subsystem in said wireless access point device and in said mobile device;
said context manager program determining said context for said wireless mobile device from a signal received from said access point indicating that said Bluetooth communications subsystems have established a connection between said wireless mobile device and said access point.
75. The wireless access point of claim 69, which further comprises:
an IEEE 802.11 wireless LAN communications subsystem in said wireless access point device and in said mobile device;
said context manager program determining said context for said wireless mobile device from a signal received from said access point indicating that said IEEE 802.11 wireless LAN communications subsystems have established a connection between said wireless mobile device and said access point.
76. The wireless access point of claim 69, which further comprises:
said context manager program further accessing said stored security feature data based on a type of service requested by said mobile device.
77. The wireless access point of claim 69, which further comprises:
said context manager program determining said context for said wireless mobile device from an identity of said access point and an identity of said wireless mobile device.
78. The wireless access point of claim 77, which further comprises:
said context manager program further determining said context for said wireless mobile device from a time of day said wireless mobile device connects to said access point.
79. The wireless access point of claim 69, which further comprises:
said security feature data stored in said database representing an authentication process accessible by said determined context to authenticate said wireless mobile device when wirelessly connected to said access point.
80. The wireless access point of claim 79, which further comprises:
said security feature data stored in said database representing a first authentication process to be applied to authenticating a first wireless mobile device and a second authentication process to be applied to authenticating a second wireless mobile device accessible by said determined context detected at said wireless access point.
81. The wireless access point of claim 69, which further comprises:
said security feature data stored in said database representing an encryption process accessible by said determined context to encrypt communications between said wireless mobile device and said access point.
82. The wireless access point of claim 81, which further comprises:
said security feature data stored in said database representing a first encryption process to be applied to encrypting a first wireless mobile device and a second encryption process to be applied to encrypting a second wireless mobile device accessible by said determined context detected at said wireless access point.
83. The wireless access point of claim 69, which further comprises:
said security feature data stored in said database representing a first selectable security process and a second selectable security process, which are alternately selectable by a system administrator to be applied when a wireless mobile device is detected by said context manager program to be at said wireless access point.
84. The wireless access point of claim 69, which further comprises:
said security feature data stored in said database representing a first selectable security process and a second selectable security process, which are alternately selectable by a control program to be applied when a wireless mobile device is detected by said context manager program to be at said wireless access point.
85. The wireless access point of claim 69, which further comprises:
said context manager program classifying a service requested by said mobile device to synchronize to an application and establishing an appropriate security feature to apply to said mobile device based on said classification.
86. The wireless access point of claim 69, which further comprises:
said context manager comparing said determined context with threshold values of services for said mobile wireless device generating a triggering event when a comparison is satisfied.
87. The wireless access point of claim 86, which further comprises:
said triggering event initiating sending a message representing said service data to said wireless mobile device to implement said service in said wireless mobile device.
88. The wireless access point of claim 86, which further comprises:
said triggering event initiating pushing said service represented by said service data to said wireless mobile device.
89. The wireless access point of claim 69, which further comprises:
a Bluetooth-enabled device coupled to said wireless communications interface;
said wireless communications interface receiving control signals from said wireless mobile device and forwarding them to said Bluetooth-enabled device for control thereof.
90. The wireless access point of claim 89, which further comprises:
said wireless communications interface receiving output signals from said Bluetooth-enabled device in response to said control signals;
said server interface forwarding said output signals to said server.
91. The wireless access point of claim 90, which further comprises:
said Bluetooth-enabled device is a barcode reader.
92. A wireless mobile device having security features based on its context, comprising:
a computer coupled to a memory;
a wireless communications interface coupled to said computer, for wirelessly interfacing with an access point;
a communications program stored in said memory, for establishing a wireless connection with said access point;
said access point providing to a server context information about the mobile device when said access point is wirelessly connected to said wireless communications interface;
a middleware program stored in said memory, having a plurality of security process subroutines selectable by a command received from said access point in response to said context information;
said command representing a security feature to be implemented in said wireless mobile device by one of said subroutines selected by said command.
93. The wireless mobile device of claim 92, which further comprises:
said access point coupled to a context manager program, for determining a context of said mobile device based on said context information.
94. The wireless mobile device of claim 93, which further comprises:
said access point coupled to a database for storing security feature data accessible by a determined context of said wireless mobile device, to implement a security process.
95. The wireless mobile device of claim 92, which further comprises:
said database storing service data accessible by said determined context to implement a service;
said context manager accessing said stored service data based on said determined context and providing said service data to said wireless mobile device to implement said service in said wireless mobile device.
96. The wireless mobile device of claim 92, which further comprises:
said database storing third-party message data accessible by said determined context to implement a service;
said context manager accessing said stored third-party message data based on said determined context and sending a message representing said message data to a third party for providing said wireless mobile device a service.
97. The wireless mobile device of claim 96, which further comprises:
a cellular telephone subsystem in said wireless mobile device;
said third party selectively providing said service to said wireless mobile device via said cellular telephone communications subsystem or said access point.
98. The wireless mobile device of claim 92, which further comprises:
a Bluetooth communications subsystem in said wireless access point device and in said mobile device;
said context manager program determining said context for said wireless mobile device from a signal received from said access point indicating that said Bluetooth communications subsystems have established a connection between said wireless mobile device and said access point.
99. The wireless mobile device of claim 92, which further comprises:
an IEEE 802.11 wireless LAN communications subsystem in said wireless access point device and in said mobile device;
said context manager program determining said context for said wireless mobile device from a signal received from said access point indicating that said IEEE 802.11 wireless LAN communications subsystems have established a connection between said wireless mobile device and said access point.
100. The wireless mobile device of claim 92, which further comprises:
said context manager program further accessing said stored security feature data based on a type of service requested by said mobile device.
101. The wireless mobile device of claim 92, which further comprises:
said context manager program determining said context for said wireless mobile device from an identity of said access point and an identity of said wireless mobile device.
102. The wireless mobile device of claim 101, which further comprises:
said context manager program further determining said context for said wireless mobile device from a time of day said wireless mobile device connects to said access point.
103. The wireless mobile device of claim 92, which further comprises:
said security feature data stored in said database representing an authentication process accessible by said determined context to authenticate said wireless mobile device when wirelessly connected to said access point.
104. The wireless mobile device of claim 103, which further comprises:
said security feature data stored in said database representing a first authentication process to be applied to authenticating a first wireless mobile device and a second authentication process to be applied to authenticating a second wireless mobile device accessible by said determined context detected at said wireless access point.
105. The wireless mobile device of claim 92, which further comprises:
said security feature data stored in said database representing an encryption process accessible by said determined context to encrypt communications between said wireless mobile device and said access point.
106. The wireless mobile device of claim 105, which further comprises:
said security feature data stored in said database representing a first encryption process to be applied to encrypting a first wireless mobile device and a second encryption process to be applied to encrypting a second wireless mobile device accessible by said determined context detected at said wireless access point.
107. The wireless mobile device of claim 92, which further comprises:
said security feature data stored in said database representing a first selectable security process and a second selectable security process, which are alternately selectable by a system administrator to be applied when a wireless mobile device is detected by said context manager program to be at said wireless access point.
108. The wireless mobile device of claim 92, which further comprises:
said security feature data stored in said database representing a first selectable security process and a second selectable security process, which are alternately selectable by a control program to be applied when a wireless mobile device is detected by said context manager program to be at said wireless access point.
109. The wireless mobile device of claim 92, which further comprises:
said context manager program classifying a service requested by said mobile device to synchronize to an application and establishing an appropriate security feature to apply to said mobile device based on said classification.
110. The wireless mobile device of claim 92, which further comprises:
said context manager comparing said determined context with threshold values of services for said mobile wireless device generating a triggering event when a comparison is satisfied.
111. The wireless mobile device of claim 110, which further comprises:
said triggering event initiating sending a message representing said service data to said wireless mobile device to implement said service in said wireless mobile device.
112. The wireless mobile device of claim 110, which further comprises:
said triggering event initiating pushing said service represented by said service data to said wireless mobile device.
113. A program product for a wireless mobile device having security features based on its context, comprising:
a communications program for establishing a wireless connection with an access point;
said access point providing to a server context information about the mobile device when said access point is wirelessly connected to said wireless communications interface;
a middleware program having a plurality of security process subroutines selectable by a command received from said access point in response to said context information;
said command representing a security feature to be implemented in said wireless mobile device by one of said subroutines selected by said command.
114. The program product of claim 113, which further comprises:
said communications program receiving and processing a message representing service data to implement a service in said wireless mobile device in response to said context information.
115. The program product of claim 113, which further comprises:
said communications program receiving and processing a service pushed to said wireless mobile device from said access point in response to said context information.
116. A program product for an access point to provide security features to a wireless mobile device based on its context, comprising:
a communications program for establishing a wireless connection with a mobile device and providing context information to a server when said wireless mobile device is wirelessly connected to the access point;
a middleware program having a plurality of security process subroutines selectable by a command received from said server in response to said context information;
said command representing a security feature to be implemented in said access point and said wireless mobile device by one of said subroutines selected by said command.
117. The program product of claim 116, which further comprises:
said communications program receiving service data from said server based on said determined context and providing said service data to said wireless mobile device to implement said service in said wireless mobile device.
118. The program product of claim 116, which further comprises:
said communications program receiving third-party message data based on said determined context and sending a message representing said message data to a third party for providing said wireless mobile device a service.
119. The program product of claim 118, which further comprises:
said third party selectively providing said service to said wireless mobile device via a cellular telephone communications subsystem or said access point.
120. The program product of claim 116, which further comprises:
said communications program pushing a service to said wireless mobile device in response to said context information.
121. The program product of claim 116, which further comprises:
said communications program receiving control signals from said wireless mobile device and forwarding them to a Bluetooth-enabled device for control thereof.
122. The program product of claim 121, which further comprises:
said communications program receiving output signals from said Bluetooth-enabled device in response to said control signals and forwarding said output signals to said server.
123. A program product for a server to provide security features to a wireless mobile device based on its context, comprising:
a context manager program for determining a context for a wireless mobile device when said wireless mobile device is wirelessly connected to a wireless access point;
said context manager accessing stored security feature data based on said determined context and issuing a command representing said security feature data;
a middleware program having a plurality of security process subroutines selectable by said command, to operatively interact with a first middleware program in said access point and a second middleware program in said mobile wireless device, to implement said security process in said first wireless mobile device and said second wireless device, respectively.
124. The program product of claim 123, which further comprises:
said context manager accessing stored service data based on said determined context and providing said service data to said wireless mobile device to implement said service in said wireless mobile device.
125. The program product of claim 124, which further comprises:
said context manager accessing a stored third-party message data based on said determined context and sending a message representing said message data to a third party for providing said wireless mobile device a service.
126. The program product of claim 125, which further comprises:
said third party selectively providing said service to said wireless mobile device via a cellular telephone communications subsystem or said wireless access point.
127. The program product of claim 123, which further comprises:
said context manager program further accessing said stored security feature data based on a type of service requested by said wireless mobile device.
128. The program product of claim 123, which further comprises:
said context manager program determining said context for said wireless mobile device from an identity of said access point and an identity of said wireless mobile device.
129. The program product of claim 128, which further comprises:
said context manager program further determining said context for said wireless mobile device from a time of day said wireless mobile device connects to said access point.
130. The program product of claim 123, which further comprises:
said context manager program classifying a service requested by said mobile device to synchronize to an application and establishing an appropriate security feature to apply to said mobile device based on said classification.
131. The program product of claim 123, which further comprises:
said context manager comparing said determined context with threshold values of services for said mobile wireless device generating a triggering event when a comparison is satisfied.
132. The program product of claim 123, which further comprises:
said triggering event initiating sending a message representing said service data to said wireless mobile device to implement said service in said wireless mobile device.
133. The program product of claim 132, which further comprises:
said triggering event initiating pushing said service represented by said service data to said wireless mobile device.
US10/954,197 2004-10-01 2004-10-01 Method and system to contextually initiate synchronization services on mobile terminals in an enterprise environment Abandoned US20060075075A1 (en)

Priority Applications (10)

Application Number Priority Date Filing Date Title
US10/954,197 US20060075075A1 (en) 2004-10-01 2004-10-01 Method and system to contextually initiate synchronization services on mobile terminals in an enterprise environment
US11/126,288 US20060073788A1 (en) 2004-10-01 2005-05-11 Context based connectivity for mobile devices
JP2007534104A JP2008515310A (en) 2004-10-01 2005-09-20 Method and system for contextually starting a mobile terminal synchronization service in an enterprise environment
EP05784420A EP1803253A1 (en) 2004-10-01 2005-09-20 Method and system to contextually initiate synchronization services on mobile terminals in an enterprise environment
PCT/IB2005/002782 WO2006043132A1 (en) 2004-10-01 2005-09-20 Method and system to contextually initiate synchronization services on mobile terminals in an enterprise environment
EP05850648A EP1794935A4 (en) 2004-10-01 2005-09-23 Context based connectivity for mobile devices
PCT/IB2005/002820 WO2006048706A1 (en) 2004-10-01 2005-09-23 Context based connectivity for mobile devices
KR1020077009959A KR100981937B1 (en) 2004-10-01 2005-09-23 Context based connectivity for mobile devices
CN200580033243.4A CN101032128B (en) 2004-10-01 2005-09-23 Mobile device based on contextual connectedness
US11/576,476 US7983682B2 (en) 2004-10-01 2005-09-23 Context based connectivity for mobile devices

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
US10/954,197 US20060075075A1 (en) 2004-10-01 2004-10-01 Method and system to contextually initiate synchronization services on mobile terminals in an enterprise environment

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
US11/126,288 Continuation-In-Part US20060073788A1 (en) 2004-10-01 2005-05-11 Context based connectivity for mobile devices

Related Child Applications (2)

Application Number Title Priority Date Filing Date
US11/126,288 Continuation-In-Part US20060073788A1 (en) 2004-10-01 2005-05-11 Context based connectivity for mobile devices
US11/576,476 Continuation-In-Part US7983682B2 (en) 2004-10-01 2005-09-23 Context based connectivity for mobile devices

Publications (1)

Publication Number Publication Date
US20060075075A1 true US20060075075A1 (en) 2006-04-06

Family

ID=36126173

Family Applications (3)

Application Number Title Priority Date Filing Date
US10/954,197 Abandoned US20060075075A1 (en) 2004-10-01 2004-10-01 Method and system to contextually initiate synchronization services on mobile terminals in an enterprise environment
US11/126,288 Abandoned US20060073788A1 (en) 2004-10-01 2005-05-11 Context based connectivity for mobile devices
US11/576,476 Active 2027-03-03 US7983682B2 (en) 2004-10-01 2005-09-23 Context based connectivity for mobile devices

Family Applications After (2)

Application Number Title Priority Date Filing Date
US11/126,288 Abandoned US20060073788A1 (en) 2004-10-01 2005-05-11 Context based connectivity for mobile devices
US11/576,476 Active 2027-03-03 US7983682B2 (en) 2004-10-01 2005-09-23 Context based connectivity for mobile devices

Country Status (5)

Country Link
US (3) US20060075075A1 (en)
EP (1) EP1803253A1 (en)
JP (1) JP2008515310A (en)
CN (1) CN101032128B (en)
WO (1) WO2006043132A1 (en)

Cited By (21)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020135259A1 (en) * 2000-05-25 2002-09-26 Wolf-Joachim Eggers Stator
US20050124315A1 (en) * 2003-10-31 2005-06-09 Komatsu Ltd. Operating environment setting system for mobile communications terminal
US20060105713A1 (en) * 2004-11-12 2006-05-18 Zheng Jianyu R System and method for managing wireless connections in computer
US20060123468A1 (en) * 2004-12-08 2006-06-08 International Business Machines Corporation Method, system and program for establishing a trusted relationship between a data server and a middleware server
US20060143436A1 (en) * 2004-12-27 2006-06-29 Bird Paul M Method and system for providing and utilizing a network trusted context
US20070155399A1 (en) * 2005-12-29 2007-07-05 Alberth William P Jr Devices and methods for synchronizing location information in an access point
US20090030917A1 (en) * 2007-07-25 2009-01-29 Chang Jie Guo Multimedia messaging service-based database synchronization
US20090065578A1 (en) * 2007-09-10 2009-03-12 Fisher-Rosemount Systems, Inc. Location Dependent Control Access in a Process Control System
US20100012715A1 (en) * 2008-07-21 2010-01-21 Gilbarco Inc. System and method for pairing a bluetooth device with a point-of-sale terminal
US20100070771A1 (en) * 2008-09-17 2010-03-18 Alcatel-Lucent Authentication of access points in wireless local area networks
US20110016315A1 (en) * 2002-02-13 2011-01-20 Nokia Corporation Method and system for multimedia tags
CN102215052A (en) * 2010-04-09 2011-10-12 思科技术公司 Bluetooth radio device and management application for integration with a telecommunications network
US20130005386A1 (en) * 2006-08-29 2013-01-03 Milind Kopikare Wi-Fi BASED GEO-LOCATION CONNECTIVITY
US20130034090A1 (en) * 2011-08-02 2013-02-07 Motorola Solutions, Inc. Method and apparatus for distributing wireless local area network access information
US20150289121A1 (en) * 2014-04-03 2015-10-08 Comcast Cable Communications, Llc Emergency Information Delivery
US20160099915A1 (en) * 2014-10-07 2016-04-07 Microsoft Corporation Security context management in multi-tenant environments
CN105814925A (en) * 2013-12-04 2016-07-27 诺基亚技术有限公司 Access point information for wireless access
US20160239531A1 (en) * 2015-02-13 2016-08-18 Meenakshi Sundaram P Integrated framework for data management and provisioning
US20170300549A1 (en) * 2007-01-07 2017-10-19 Apple Inc. Synchronization methods and systems
US20220321643A1 (en) * 2007-01-12 2022-10-06 ProntoForms Inc. Mobile core client architecture
US20230353636A1 (en) * 2022-04-28 2023-11-02 Rohde & Schwarz Gmbh & Co. Kg Signal processing device, gateway, management server and method

Families Citing this family (84)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2438994B (en) * 2005-03-10 2008-02-13 Dell Products Lp Apparatus and methods for dynamically configurable wireless network
US20060203743A1 (en) * 2005-03-10 2006-09-14 Quinn Liam B Apparatus and methods for dynamically configurable wireless network
US20060223582A1 (en) * 2005-03-31 2006-10-05 Nokia Corporation Switching device via power key initiated wizard
GB2434010B (en) * 2005-06-16 2008-03-05 Just Eat As Ordering system with terminal unit using a wireless network
US8010621B2 (en) * 2005-10-11 2011-08-30 Nokia Corporation Offline webpage activated by reading a tag
US7412224B2 (en) * 2005-11-14 2008-08-12 Nokia Corporation Portable local server with context sensing
KR100703375B1 (en) * 2005-12-12 2007-04-03 삼성전자주식회사 Method for managing log in bluetooth of wireless terminal
US8005459B2 (en) * 2005-12-16 2011-08-23 Research In Motion Limited System and method of authenticating login credentials in a wireless communication system
US20070293261A1 (en) * 2006-06-14 2007-12-20 Chung Woo Cheol Dual purpose mobile device usingultra wide band communications
US8185605B2 (en) * 2006-07-18 2012-05-22 Cisco Technology, Inc. Methods and apparatuses for accessing an application on a remote device
US8121585B2 (en) * 2006-08-25 2012-02-21 International Business Machines Corporation Technique for synchronizing data with a mobile device based on a synchronization context
WO2008044877A1 (en) * 2006-10-11 2008-04-17 Lg Electronics Inc. Managing contextual information for wireless communications
GB2445400A (en) * 2006-11-30 2008-07-09 Sharp Kk Method of connecting a device to a predetermined one of a plurality of available networks.
RU2436147C2 (en) 2006-12-22 2011-12-10 Квэлкомм Инкорпорейтед Improved wireless usb protocol and usb hub
US20080170537A1 (en) * 2007-01-12 2008-07-17 Inventec Appliances Corp. Communication processing apparatus and method
US20080176565A1 (en) * 2007-01-23 2008-07-24 Nokia Corporation Apparatus, method and computer program product providing rat priority list for multi-rat mobile devices
US8050707B2 (en) * 2007-02-02 2011-11-01 Dell Products L.P. Method for selecting a priority for wireless technologies via graphical representation
US9185123B2 (en) 2008-02-12 2015-11-10 Finsphere Corporation System and method for mobile identity protection for online user authentication
US8280348B2 (en) 2007-03-16 2012-10-02 Finsphere Corporation System and method for identity protection using mobile device signaling network derived location pattern recognition
US9456348B2 (en) * 2007-03-16 2016-09-27 Visa International Service Association Systems and methods for authenticating a user of a computer application, network, or device using a wireless device
US10440572B2 (en) 2007-03-16 2019-10-08 Visa International Service Association Systems and methods for authenticating a user of a computer application, network, or device using a wireless device
US8533345B2 (en) * 2007-05-08 2013-09-10 Blackberry Limited System and method for managing connections for networks used by a communication device
EP1991018B1 (en) * 2007-05-08 2010-08-18 Research In Motion Limited Method, portable communication device and computer readable medium for managing connections for networks used by a communication device
US9003488B2 (en) * 2007-06-06 2015-04-07 Datavalet Technologies System and method for remote device recognition at public hotspots
US20140355592A1 (en) 2012-11-01 2014-12-04 Datavalet Technologies System and method for wireless device detection, recognition and visit profiling
US20090170483A1 (en) * 2007-12-28 2009-07-02 General Electric Company System and method for transmitting information using a mobile phone
WO2009088932A1 (en) * 2008-01-03 2009-07-16 Connectsoft, Inc. Method and system for retrieving and displaying images of devices connected to a computing device
US8583956B2 (en) * 2008-01-31 2013-11-12 Peter Sui Lun Fong Interactive device with local area time synchronization capbility
US20090228312A1 (en) * 2008-03-05 2009-09-10 International Business Machines Corporation Method and system for a calendaring tool for claim code and workload determination
US8682960B2 (en) 2008-03-14 2014-03-25 Nokia Corporation Methods, apparatuses, and computer program products for providing filtered services and content based on user context
US8082290B2 (en) * 2008-03-19 2011-12-20 Verizon Patent And Licensing Inc. Intelligent establishment of peer-to-peer communication
US8019863B2 (en) * 2008-03-28 2011-09-13 Ianywhere Solutions, Inc. Synchronizing events between mobile devices and servers
US9123213B2 (en) * 2008-06-19 2015-09-01 Datalogic Mobile S.R.L. Portable terminal for acquiring product data
CN101655894B (en) * 2008-08-19 2012-06-27 上海华虹集成电路有限责任公司 Method for improving throughput of grouping algorithm on general serial bus encryption lock
CN101737765A (en) * 2008-11-26 2010-06-16 鸿富锦精密工业(深圳)有限公司 Working state indicating lamp of electronic device
JP5215837B2 (en) * 2008-12-24 2013-06-19 株式会社日立国際電気 Wireless communication apparatus and wireless communication system
WO2010128267A1 (en) * 2009-05-08 2010-11-11 Alexios Vratskides A system and method for use in a cellular communication network
US20110009059A1 (en) * 2009-07-10 2011-01-13 Sony Ericsson Mobile Communications Ab Extended network communication system
US20110149086A1 (en) 2009-12-23 2011-06-23 Winbush Iii Amos Camera user content synchronization with central web-based records and information sharing system
US9402207B2 (en) * 2010-05-07 2016-07-26 Zte Corporation Priority based service selection methods and apparatus
US8233925B1 (en) 2010-09-06 2012-07-31 Joingo LLC Method and system for mobile club opt-in
US8882587B1 (en) 2010-10-22 2014-11-11 Joingo, Llc Method and system for coupling mobile interactive content to a club reward system
US8644810B1 (en) 2010-10-22 2014-02-04 Joingo, Llc Method and system for dynamic font support on mobile devices
CN102480687A (en) * 2010-11-22 2012-05-30 中国移动通信集团公司 Method for pushing mail from mobile terminal to mobile terminal
US8682936B2 (en) 2010-12-15 2014-03-25 Microsoft Corporation Inherited entity storage model
US20120166244A1 (en) * 2010-12-28 2012-06-28 Microsoft Corporation Not-started customer relationship management (crm) dialogs
US9609587B2 (en) 2011-01-31 2017-03-28 Synchronoss Technologies, Inc. System and method for host and OS agnostic management of connected devices through network controlled state alteration
US8988246B2 (en) * 2011-03-29 2015-03-24 Google Inc. System and method for proximal device configuration using a directed beam
US8998076B2 (en) 2011-06-03 2015-04-07 Arthur Chang Establishing connections among electronic devices
US20130024816A1 (en) * 2011-07-22 2013-01-24 Michael John Bender Connection Status Based Application Launch System
US8631472B1 (en) 2011-08-01 2014-01-14 Sprint Communications Company L.P. Triggers for session persistence
US9770189B2 (en) 2011-08-16 2017-09-26 Elwha Llc Systematic distillation of status data relating to regimen compliance
US9560487B2 (en) 2011-12-23 2017-01-31 Intel Corporation Method and apparatus for wireless location tracking
KR101863197B1 (en) 2012-01-31 2018-05-31 삼성전자주식회사 Apparatus and method for informing of available devices in contents sharing network
US8407759B1 (en) 2012-02-24 2013-03-26 Monolith Innovations, LLC Device, method, and system for secure mobile data storage
US9280526B1 (en) 2012-04-13 2016-03-08 Joingo, Llc Mobile application utilizing accelerometer-based control
US20130331098A1 (en) * 2012-06-08 2013-12-12 Apple Inc. Automatically Determining and Alerting Users to Available Wireless Networks
CA2877453A1 (en) * 2012-06-21 2013-12-27 Cellepathy Ltd. Device context determination
CN104704907B (en) 2012-09-28 2018-08-10 瑞典爱立信有限公司 Short range communication in wireless communication system
US9776078B2 (en) 2012-10-02 2017-10-03 Razer (Asia-Pacific) Pte. Ltd. Application state backup and restoration across multiple devices
US9210203B2 (en) 2012-10-02 2015-12-08 Nextbit Systems Inc. Resource based mobile device application streaming
US9654556B2 (en) 2012-10-02 2017-05-16 Razer (Asia-Pacific) Pte. Ltd. Managing applications on an electronic device
US9268655B2 (en) 2012-10-02 2016-02-23 Nextbit Systems Inc. Interface for resolving synchronization conflicts of application states
US10425471B2 (en) 2012-10-02 2019-09-24 Razer (Asia-Pacific) Pte. Ltd. Multi-tasker
US9600552B2 (en) 2012-10-02 2017-03-21 Nextbit Systems Inc. Proximity based application state synchronization
US9112885B2 (en) 2012-10-02 2015-08-18 Nextbit Systems Inc. Interactive multi-tasker
US9747000B2 (en) 2012-10-02 2017-08-29 Razer (Asia-Pacific) Pte. Ltd. Launching applications on an electronic device
US9106721B2 (en) * 2012-10-02 2015-08-11 Nextbit Systems Application state synchronization across multiple devices
US8977723B2 (en) 2012-10-02 2015-03-10 Nextbit Systems Inc. Cloud based application fragmentation
US9717985B2 (en) 2012-10-02 2017-08-01 Razer (Asia-Pacific) Pte. Ltd. Fragment-based mobile device application streaming utilizing crowd-sourcing
US8954611B2 (en) 2013-03-21 2015-02-10 Nextbit Systems Inc. Mechanism for sharing states of applications and devices across different user profiles
US10123189B2 (en) 2013-03-21 2018-11-06 Razer (Asia-Pacific) Pte. Ltd. Electronic device system restoration by tapping mechanism
KR102094017B1 (en) * 2013-08-06 2020-03-26 삼성전자주식회사 Method for transmitting data and an electronic device thereof
US20150052239A1 (en) * 2013-08-19 2015-02-19 Anthony G. LaMarca Context based spectrum management system
USD768162S1 (en) 2013-09-30 2016-10-04 Nextbit Systems Inc. Display screen or portion thereof with graphical user interface
CN105323090A (en) * 2014-07-18 2016-02-10 中兴通讯股份有限公司 Terminal configuration service method, device and system of Internet of Things
US9288235B1 (en) * 2014-09-17 2016-03-15 Microsoft Technology Licensing, Llc Contextually aware device management
US20160212690A1 (en) * 2015-01-20 2016-07-21 Qualcomm Incorporated Method and System for Cooperative Acquisition of Network Access Information
KR102423129B1 (en) * 2015-07-31 2022-07-22 삼성전자주식회사 Network apparatus, server and control method thereof
EP3569020B1 (en) * 2017-02-13 2020-12-30 Telefonaktiebolaget LM Ericsson (PUBL) Method and server for positioning user equipment
CN109495575B (en) * 2018-11-30 2022-03-04 金蝶软件(中国)有限公司 Service configuration method, system and ERP server
US10893391B1 (en) * 2019-07-22 2021-01-12 Lindsay Friedman Tracking and monitoring system
US11457332B2 (en) * 2019-07-22 2022-09-27 Lindsay P. Friedman Tracking and monitoring system
CN113038444B (en) * 2021-03-25 2022-07-19 支付宝(杭州)信息技术有限公司 Method and device for generating application layer key

Citations (58)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5493692A (en) * 1993-12-03 1996-02-20 Xerox Corporation Selective delivery of electronic messages in a multiple computer system based on context and environment of a user
US5790974A (en) * 1996-04-29 1998-08-04 Sun Microsystems, Inc. Portable calendaring device having perceptual agent managing calendar entries
US5835061A (en) * 1995-06-06 1998-11-10 Wayport, Inc. Method and apparatus for geographic-based communications service
US5838685A (en) * 1997-02-06 1998-11-17 Hochman; Gary Method and apparatus for the transmission of data files
US5903832A (en) * 1995-12-21 1999-05-11 Nokia Mobile Phones Llimited Mobile terminal having enhanced system selection capability
US6108688A (en) * 1996-06-12 2000-08-22 Sun Microsystems, Inc. System for reminding a sender of an email if recipient of the email does not respond by a selected time set by the sender
US6134445A (en) * 1997-07-24 2000-10-17 Lucent Technologies, Inc. Wireless terminal adapted for measuring signal propagation characteristics
US6175743B1 (en) * 1998-05-01 2001-01-16 Ericsson Inc. System and method for delivery of short message service messages to a restricted group of subscribers
US6225997B1 (en) * 1998-02-17 2001-05-01 Fujitsu Limited Communication system and communication apparatus
US6255800B1 (en) * 2000-01-03 2001-07-03 Texas Instruments Incorporated Bluetooth enabled mobile device charging cradle and system
US20010007820A1 (en) * 2000-01-12 2001-07-12 Do Thanh Van Private wireless WAP system
US6266048B1 (en) * 1998-08-27 2001-07-24 Hewlett-Packard Company Method and apparatus for a virtual display/keyboard for a PDA
US6272129B1 (en) * 1999-01-19 2001-08-07 3Com Corporation Dynamic allocation of wireless mobile nodes over an internet protocol (IP) network
US20010029166A1 (en) * 1999-12-06 2001-10-11 Johan Rune Intelligent piconet forming
US20020002705A1 (en) * 2000-06-12 2002-01-03 U.S. Philips Corporation Computer profile update system
US20020006788A1 (en) * 2000-05-05 2002-01-17 Per Knutsson Method and apparatus for a mobile access system delivering location based information and services
US20020022453A1 (en) * 2000-03-31 2002-02-21 Horia Balog Dynamic protocol selection and routing of content to mobile devices
US6351271B1 (en) * 1997-10-09 2002-02-26 Interval Research Corporation Method and apparatus for sending and receiving lightweight messages
US20020083121A1 (en) * 2000-11-01 2002-06-27 Chang William Ho System for device-to-device pervasive digital output
US20020082921A1 (en) * 2000-12-27 2002-06-27 Koninklijke Philips Electronics N.V. Credit system and method
US20020116458A1 (en) * 2000-12-14 2002-08-22 Jonathan Bricklin Web-based dating service
US20020156795A1 (en) * 2001-04-20 2002-10-24 Xerox Corporation System and method for enabling communication among arbitrary components
US6484196B1 (en) * 1998-03-20 2002-11-19 Advanced Web Solutions Internet messaging system and method for use in computer networks
US20020173877A1 (en) * 2001-01-16 2002-11-21 Zweig Stephen Eliot Mobile robotic with web server and digital radio links
US20020178211A1 (en) * 2001-05-03 2002-11-28 Reefedge, Inc. A Delaware Corporation Technique for enabling remote data access and manipulation from a pervasive device
US6496849B1 (en) * 1999-08-30 2002-12-17 Zaplet, Inc. Electronic media for communicating information among a group of participants
US20030002504A1 (en) * 2001-06-29 2003-01-02 Antti Forstadius Apparatus, method and system for an object exchange bridge
US20030008662A1 (en) * 2001-07-09 2003-01-09 Stern Edith H. Systems and methods wherein a mobile user device operates in accordance with a location policy and user device information
US20030018887A1 (en) * 2001-07-17 2003-01-23 Dan Fishman Method for providing user-apparent consistency in a wireless device
US20030027636A1 (en) * 2001-07-26 2003-02-06 Eastman Kodak Company Intelligent toy with internet connection capability
US20030027553A1 (en) * 2001-08-03 2003-02-06 Brian Davidson Mobile browsing
US20030054794A1 (en) * 2001-09-18 2003-03-20 Nec Corporation Method and system for extending the capabilities of handheld devices using local resources
US6546263B1 (en) * 2000-06-12 2003-04-08 Ericsson Inc. Apparatus and method for compact icon display
US6549768B1 (en) * 1999-08-24 2003-04-15 Nokia Corp Mobile communications matching system
US6560456B1 (en) * 1999-05-24 2003-05-06 Openwave Systems, Inc. System and method for providing subscriber-initiated information over the short message service (SMS) or a microbrowser
US20030092376A1 (en) * 2001-10-26 2003-05-15 Majid Syed System and method for a push-pull gateway-directed digital receiver
US20030140246A1 (en) * 2002-01-18 2003-07-24 Palm, Inc. Location based security modification system and method
US6601093B1 (en) * 1999-12-01 2003-07-29 Ibm Corporation Address resolution in ad-hoc networking
US6625460B1 (en) * 1999-12-21 2003-09-23 Nokia Corporation Unified messaging protocol using SMS
US20030179823A1 (en) * 2002-03-25 2003-09-25 Rongzhen Yang Processing digital data prior to compression
US20030208536A9 (en) * 2000-05-19 2003-11-06 Sony Corporation Network conferencing system, equipment management method and data presentation method
US6674403B2 (en) * 2001-09-05 2004-01-06 Newbury Networks, Inc. Position detection and location tracking in a wireless network
US6678516B2 (en) * 2001-05-21 2004-01-13 Nokia Corporation Method, system, and apparatus for providing services in a privacy enabled mobile and Ubicom environment
US6714519B2 (en) * 2000-11-03 2004-03-30 Vocaltec Communications Limited Communications availability
US6721542B1 (en) * 1999-05-28 2004-04-13 Nokia Corporation System for location specific, automatic mobile station behavior control
US20040073793A1 (en) * 2002-10-10 2004-04-15 Kabushiki Kaisha Toshiba Network system, information processing device, repeater, and method of building network system
US6785542B1 (en) * 2001-02-28 2004-08-31 Palm Source, Inc. Resource proxy for mobile wireless electronic devices
US20040171379A1 (en) * 2001-04-27 2004-09-02 Alex Cabrera Method and system for wireless distribution of local information
US20040190529A1 (en) * 2001-10-11 2004-09-30 Fujitsu Limited Apparatus for use with service providing system with integrated components in ad hoc network
US6862276B1 (en) * 2000-03-30 2005-03-01 Qualcomm Incorporated Method and apparatus for a mobile station application to receive and transmit raw packetized data
US6862594B1 (en) * 2000-05-09 2005-03-01 Sun Microsystems, Inc. Method and apparatus to discover services using flexible search criteria
US6917960B1 (en) * 2000-05-05 2005-07-12 Jibe Networks Intelligent content precaching
US20050169214A1 (en) * 2001-07-12 2005-08-04 Riku Suomela System and method for accessing ubiquitous resources in an intelligent environment
US20050260996A1 (en) * 2004-05-24 2005-11-24 Groenendaal Joannes G V System and method for automatically configuring a mobile device
US20050277418A1 (en) * 2000-08-11 2005-12-15 Sandeep Kishan Singhal Enabling seamless user mobility in a short-range wireless networking environment
US20060173781A1 (en) * 2000-07-24 2006-08-03 Donner Irah H System and method for interactive messaging and/or allocating and/or upgrading and/or rewarding tickets, other event admittance means, goods and/or services
US20060170967A1 (en) * 1999-05-13 2006-08-03 Canon Kabushiki Kaisha Device search apparatus
US20080086564A1 (en) * 2002-01-15 2008-04-10 Janis Rae Putman Communication application server for converged communication services

Family Cites Families (90)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6167278A (en) * 1986-10-22 2000-12-26 Nilssen; Ole K. Combination cordless-cellular telephone system
CA2107820A1 (en) * 1992-10-16 1994-04-17 Keith Daniel O'neill Low-power wireless system for telephone services
US5668878A (en) * 1994-02-28 1997-09-16 Brands; Stefanus Alfonsus Secure cryptographic methods for electronic transfer of information
US5606617A (en) * 1994-10-14 1997-02-25 Brands; Stefanus A. Secret-key certificates
US5727057A (en) * 1994-12-27 1998-03-10 Ag Communication Systems Corporation Storage, transmission, communication and access to geographical positioning data linked with standard telephony numbering and encoded for use in telecommunications and related services
AU4958396A (en) * 1995-03-27 1996-10-16 Stefanus Alfonsus Brands System for ensuring that the blinding of secret-key certific ates is restricted, even if the issuing protocol is performe d in parallel mode
US5749081A (en) * 1995-04-06 1998-05-05 Firefly Network, Inc. System and method for recommending items to a user
CA2222794C (en) * 1995-05-31 2002-11-26 Siemens Aktiengesellschaft Mobile radio receiver for cellular radio telecommunications systems
US6092049A (en) * 1995-06-30 2000-07-18 Microsoft Corporation Method and apparatus for efficiently recommending items using automated collaborative filtering and feature-guided automated collaborative filtering
US6049777A (en) * 1995-06-30 2000-04-11 Microsoft Corporation Computer-implemented collaborative filtering based method for recommending an item to a user
US6041311A (en) * 1995-06-30 2000-03-21 Microsoft Corporation Method and apparatus for item recommendation using automated collaborative filtering
US6119101A (en) * 1996-01-17 2000-09-12 Personal Agents, Inc. Intelligent agents for electronic commerce
DE19630399C1 (en) * 1996-07-26 1997-10-16 Siemens Ag Connect path steering method for public mobile communication network
FI103546B (en) * 1996-09-16 1999-07-15 Nokia Telecommunications Oy Data service in a mobile telephone network
US6195657B1 (en) * 1996-09-26 2001-02-27 Imana, Inc. Software, method and apparatus for efficient categorization and recommendation of subjects according to multidimensional semantics
US6108493A (en) * 1996-10-08 2000-08-22 Regents Of The University Of Minnesota System, method, and article of manufacture for utilizing implicit ratings in collaborative filters
US6044062A (en) * 1996-12-06 2000-03-28 Communique, Llc Wireless network system and method for providing same
US6236768B1 (en) * 1997-10-14 2001-05-22 Massachusetts Institute Of Technology Method and apparatus for automated, context-dependent retrieval of information
US6421707B1 (en) * 1998-02-13 2002-07-16 Lucent Technologies Inc. Wireless multi-media messaging communications method and apparatus
US6065012A (en) * 1998-02-27 2000-05-16 Microsoft Corporation System and method for displaying and manipulating user-relevant data
US6064980A (en) * 1998-03-17 2000-05-16 Amazon.Com, Inc. System and methods for collaborative recommendations
US6173316B1 (en) * 1998-04-08 2001-01-09 Geoworks Corporation Wireless communication device with markup language based man-machine interface
JPH11298930A (en) * 1998-04-16 1999-10-29 Nec Corp Private branch of exchange providing hand-over function for phs
US6138158A (en) * 1998-04-30 2000-10-24 Phone.Com, Inc. Method and system for pushing and pulling data using wideband and narrowband transport systems
PT1080415T (en) * 1998-05-21 2017-05-02 Equifax Inc System and method for authentication of network users
US6006200A (en) * 1998-05-22 1999-12-21 International Business Machines Corporation Method of providing an identifier for transactions
US6182050B1 (en) * 1998-05-28 2001-01-30 Acceleration Software International Corporation Advertisements distributed on-line using target criteria screening with method for maintaining end user privacy
US6438585B2 (en) * 1998-05-29 2002-08-20 Research In Motion Limited System and method for redirecting message attachments between a host system and a mobile data communication device
US6138159A (en) * 1998-06-11 2000-10-24 Phaal; Peter Load direction mechanism
JP3581251B2 (en) * 1998-06-16 2004-10-27 株式会社東芝 Communication system, data packet transfer method, router device, and packet relay device
US6519453B1 (en) * 1998-07-01 2003-02-11 Canon Kabushiki Kaisha Communication apparatus
JP3358555B2 (en) * 1998-08-27 2002-12-24 日本電気株式会社 Path setting method in mobile packet communication
US6253202B1 (en) * 1998-09-18 2001-06-26 Tacit Knowledge Systems, Inc. Method, system and apparatus for authorizing access by a first user to a knowledge profile of a second user responsive to an access request from the first user
US6154783A (en) * 1998-09-18 2000-11-28 Tacit Knowledge Systems Method and apparatus for addressing an electronic document for transmission over a network
US6275824B1 (en) * 1998-10-02 2001-08-14 Ncr Corporation System and method for managing data privacy in a database management system
US6253203B1 (en) * 1998-10-02 2001-06-26 Ncr Corporation Privacy-enhanced database
US6023241A (en) * 1998-11-13 2000-02-08 Intel Corporation Digital multimedia navigation player/recorder
US6195651B1 (en) * 1998-11-19 2001-02-27 Andersen Consulting Properties Bv System, method and article of manufacture for a tuned user application experience
US6493550B1 (en) * 1998-11-20 2002-12-10 Ericsson Inc. System proximity detection by mobile stations
US6243581B1 (en) * 1998-12-11 2001-06-05 Nortel Networks Limited Method and system for seamless roaming between wireless communication networks with a mobile terminal
US6842877B2 (en) * 1998-12-18 2005-01-11 Tangis Corporation Contextual responses based on automated learning techniques
US6199099B1 (en) * 1999-03-05 2001-03-06 Ac Properties B.V. System, method and article of manufacture for a mobile communication network utilizing a distributed communication network
US6414955B1 (en) * 1999-03-23 2002-07-02 Innovative Technology Licensing, Llc Distributed topology learning method and apparatus for wireless networks
US6604140B1 (en) * 1999-03-31 2003-08-05 International Business Machines Corporation Service framework for computing devices
US6539225B1 (en) * 1999-06-21 2003-03-25 Lucent Technologies Inc. Seamless data network telecommunication service during mobile wireless call handoff
EP1177068A4 (en) * 1999-07-03 2004-06-16 Rodel Inc Improved chemical mechanical polishing slurries for metal
EP1087323A1 (en) * 1999-09-24 2001-03-28 Nokia Corporation A wireless system for interacting with a virtual space
US6554707B1 (en) * 1999-09-24 2003-04-29 Nokia Corporation Interactive voice, wireless game system using predictive command input
US6527641B1 (en) * 1999-09-24 2003-03-04 Nokia Corporation System for profiling mobile station activity in a predictive command wireless game system
US6445921B1 (en) * 1999-12-20 2002-09-03 Koninklijke Philips Electronics N.V. Call re-establishment for a dual mode telephone
GB2357668A (en) * 1999-12-24 2001-06-27 Nokia Mobile Phones Ltd Mobile telephone interface allowing user-specification of message delivery conditions
AU2001235001A1 (en) * 2000-02-11 2001-08-20 Richard A. Geving Device and method for transmitting vehicle position
US6430395B2 (en) * 2000-04-07 2002-08-06 Commil Ltd. Wireless private branch exchange (WPBX) and communicating between mobile units and base stations
AU2001259480A1 (en) * 2000-05-05 2001-11-20 Megachips Corporation System and method for obtaining and storing information for deferred browsing
GB2362293A (en) * 2000-05-11 2001-11-14 Nokia Mobile Phones Ltd Display of service provider identity during download
SE0003091D0 (en) * 2000-07-07 2000-09-01 Ericsson Telefon Ab L M Communication system
US6452910B1 (en) * 2000-07-20 2002-09-17 Cadence Design Systems, Inc. Bridging apparatus for interconnecting a wireless PAN and a wireless LAN
AU2001277071A1 (en) * 2000-07-21 2002-02-13 Triplehop Technologies, Inc. System and method for obtaining user preferences and providing user recommendations for unseen physical and information goods and services
KR20030022876A (en) * 2000-07-28 2003-03-17 아메리칸 캘카어 인코포레이티드 Technique for effective organization and communication of information
AU2001278148A1 (en) * 2000-08-01 2002-02-13 Hrl Laboratories, Llc Apparatus and method for context-sensitive dynamic information service
US6704024B2 (en) * 2000-08-07 2004-03-09 Zframe, Inc. Visual content browsing using rasterized representations
JP2002057698A (en) * 2000-08-09 2002-02-22 Fujitsu Ltd Packet data processor
CN1470113B (en) * 2000-08-25 2010-08-11 捷讯研究有限公司 System and method for redirecting data to a wireless device over a plurality of communication paths
US6542740B1 (en) * 2000-10-24 2003-04-01 Litepoint, Corp. System, method and article of manufacture for utilizing a wireless link in an interface roaming network framework
US20020065881A1 (en) * 2000-11-29 2002-05-30 Tapio Mansikkaniemi Wireless family bulletin board
US7164885B2 (en) * 2000-12-18 2007-01-16 Telefonaktiebolaget L M Ericsson (Publ) Method and apparatus for selective service access
AU2002232817A1 (en) * 2000-12-21 2002-07-01 Digimarc Corporation Methods, apparatus and programs for generating and utilizing content signatures
US20020094778A1 (en) * 2001-01-18 2002-07-18 Cannon Joseph M. Bluetooth connection quality indicator
US6922559B2 (en) * 2001-02-26 2005-07-26 Kineto Wireless, Inc. Unlicensed wireless communications base station to facilitate unlicensed and licensed wireless communications with a subscriber device, and method of operation
US20020198882A1 (en) * 2001-03-29 2002-12-26 Linden Gregory D. Content personalization based on actions performed during a current browsing session
DE10120772A1 (en) * 2001-04-24 2002-11-07 Siemens Ag Heterogeneous mobile radio system
US20020161921A1 (en) 2001-04-27 2002-10-31 Docomo Communications Laboratories Usa, Inc. Method of selecting a network access measure from multiple access measures
US6931429B2 (en) * 2001-04-27 2005-08-16 Left Gate Holdings, Inc. Adaptable wireless proximity networking
JP4658374B2 (en) * 2001-05-10 2011-03-23 株式会社リコー Wireless communication method and master terminal thereof
US20030013459A1 (en) * 2001-07-10 2003-01-16 Koninklijke Philips Electronics N.V. Method and system for location based recordal of user activity
US6888811B2 (en) * 2001-09-24 2005-05-03 Motorola, Inc. Communication system for location sensitive information and method therefor
US6801777B2 (en) * 2001-11-27 2004-10-05 Intel Corporation Device and method for intelligent wireless communication selection
US20030115038A1 (en) * 2001-12-18 2003-06-19 Roy Want Method and device for emulating electronic apparatus
US7133663B2 (en) * 2001-12-20 2006-11-07 Accenture Global Services, Gmbh Determining the context of surroundings
US7065382B2 (en) * 2001-12-20 2006-06-20 Nokia Corporation Wireless terminal having a scanner for issuing an alert when within the range of a target wireless terminal
US20030163558A1 (en) * 2002-02-25 2003-08-28 Docomo Communications Laboratories Usa, Inc. System and method for Hyper Operator controlled network probing across overlaid heterogeneous access networks
JP2003271630A (en) * 2002-03-15 2003-09-26 Yamaha Corp Information retrieval method, program and device
EP1495586B1 (en) * 2002-04-18 2007-10-03 Nokia Corporation Method, system and device for service selection via a wireless local area network
JP2004021686A (en) * 2002-06-18 2004-01-22 Toshiba Corp Verification processing system, verification processor, program, and verification processing method
AU2003242944A1 (en) 2002-07-10 2004-02-02 Koninklijke Philips Electronics N.V. Interface selection from multiple networks
US7065367B2 (en) * 2002-07-11 2006-06-20 Oliver Michaelis Interface selection in a wireless communication network
TWI269596B (en) * 2002-07-31 2006-12-21 Interdigital Tech Corp Wireless personal communicator and communication method
JP2004128886A (en) * 2002-10-02 2004-04-22 Canon Inc Connection information supply apparatus, connection information supply program, authentication information supply apparatus, and authentication information supply program
US8023941B2 (en) * 2003-12-17 2011-09-20 Interdigital Technology Corporation Method and apparatus for independent and efficient delivery of services to wireless devices capable of supporting multiple radio interfaces and network infrastructure
US7181215B2 (en) * 2004-06-02 2007-02-20 Sony Ericsson Mobile Communications Ab Automatic GPRS/EDGE re-attach

Patent Citations (59)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5493692A (en) * 1993-12-03 1996-02-20 Xerox Corporation Selective delivery of electronic messages in a multiple computer system based on context and environment of a user
US5835061A (en) * 1995-06-06 1998-11-10 Wayport, Inc. Method and apparatus for geographic-based communications service
US6697018B2 (en) * 1995-06-06 2004-02-24 Wayport, Inc. Method and apparatus for geographic-based communications service
US5903832A (en) * 1995-12-21 1999-05-11 Nokia Mobile Phones Llimited Mobile terminal having enhanced system selection capability
US5790974A (en) * 1996-04-29 1998-08-04 Sun Microsystems, Inc. Portable calendaring device having perceptual agent managing calendar entries
US6108688A (en) * 1996-06-12 2000-08-22 Sun Microsystems, Inc. System for reminding a sender of an email if recipient of the email does not respond by a selected time set by the sender
US5838685A (en) * 1997-02-06 1998-11-17 Hochman; Gary Method and apparatus for the transmission of data files
US6134445A (en) * 1997-07-24 2000-10-17 Lucent Technologies, Inc. Wireless terminal adapted for measuring signal propagation characteristics
US6351271B1 (en) * 1997-10-09 2002-02-26 Interval Research Corporation Method and apparatus for sending and receiving lightweight messages
US6225997B1 (en) * 1998-02-17 2001-05-01 Fujitsu Limited Communication system and communication apparatus
US6484196B1 (en) * 1998-03-20 2002-11-19 Advanced Web Solutions Internet messaging system and method for use in computer networks
US6175743B1 (en) * 1998-05-01 2001-01-16 Ericsson Inc. System and method for delivery of short message service messages to a restricted group of subscribers
US6266048B1 (en) * 1998-08-27 2001-07-24 Hewlett-Packard Company Method and apparatus for a virtual display/keyboard for a PDA
US6272129B1 (en) * 1999-01-19 2001-08-07 3Com Corporation Dynamic allocation of wireless mobile nodes over an internet protocol (IP) network
US20060170967A1 (en) * 1999-05-13 2006-08-03 Canon Kabushiki Kaisha Device search apparatus
US6560456B1 (en) * 1999-05-24 2003-05-06 Openwave Systems, Inc. System and method for providing subscriber-initiated information over the short message service (SMS) or a microbrowser
US6721542B1 (en) * 1999-05-28 2004-04-13 Nokia Corporation System for location specific, automatic mobile station behavior control
US6549768B1 (en) * 1999-08-24 2003-04-15 Nokia Corp Mobile communications matching system
US6496849B1 (en) * 1999-08-30 2002-12-17 Zaplet, Inc. Electronic media for communicating information among a group of participants
US6601093B1 (en) * 1999-12-01 2003-07-29 Ibm Corporation Address resolution in ad-hoc networking
US20010029166A1 (en) * 1999-12-06 2001-10-11 Johan Rune Intelligent piconet forming
US6625460B1 (en) * 1999-12-21 2003-09-23 Nokia Corporation Unified messaging protocol using SMS
US6255800B1 (en) * 2000-01-03 2001-07-03 Texas Instruments Incorporated Bluetooth enabled mobile device charging cradle and system
US20010007820A1 (en) * 2000-01-12 2001-07-12 Do Thanh Van Private wireless WAP system
US6862276B1 (en) * 2000-03-30 2005-03-01 Qualcomm Incorporated Method and apparatus for a mobile station application to receive and transmit raw packetized data
US20020022453A1 (en) * 2000-03-31 2002-02-21 Horia Balog Dynamic protocol selection and routing of content to mobile devices
US20020006788A1 (en) * 2000-05-05 2002-01-17 Per Knutsson Method and apparatus for a mobile access system delivering location based information and services
US6917960B1 (en) * 2000-05-05 2005-07-12 Jibe Networks Intelligent content precaching
US6862594B1 (en) * 2000-05-09 2005-03-01 Sun Microsystems, Inc. Method and apparatus to discover services using flexible search criteria
US20030208536A9 (en) * 2000-05-19 2003-11-06 Sony Corporation Network conferencing system, equipment management method and data presentation method
US20020002705A1 (en) * 2000-06-12 2002-01-03 U.S. Philips Corporation Computer profile update system
US6546263B1 (en) * 2000-06-12 2003-04-08 Ericsson Inc. Apparatus and method for compact icon display
US20060173781A1 (en) * 2000-07-24 2006-08-03 Donner Irah H System and method for interactive messaging and/or allocating and/or upgrading and/or rewarding tickets, other event admittance means, goods and/or services
US20050277418A1 (en) * 2000-08-11 2005-12-15 Sandeep Kishan Singhal Enabling seamless user mobility in a short-range wireless networking environment
US20020083121A1 (en) * 2000-11-01 2002-06-27 Chang William Ho System for device-to-device pervasive digital output
US6714519B2 (en) * 2000-11-03 2004-03-30 Vocaltec Communications Limited Communications availability
US20020116458A1 (en) * 2000-12-14 2002-08-22 Jonathan Bricklin Web-based dating service
US20020082921A1 (en) * 2000-12-27 2002-06-27 Koninklijke Philips Electronics N.V. Credit system and method
US20020173877A1 (en) * 2001-01-16 2002-11-21 Zweig Stephen Eliot Mobile robotic with web server and digital radio links
US6785542B1 (en) * 2001-02-28 2004-08-31 Palm Source, Inc. Resource proxy for mobile wireless electronic devices
US20020156795A1 (en) * 2001-04-20 2002-10-24 Xerox Corporation System and method for enabling communication among arbitrary components
US20040171379A1 (en) * 2001-04-27 2004-09-02 Alex Cabrera Method and system for wireless distribution of local information
US20020178211A1 (en) * 2001-05-03 2002-11-28 Reefedge, Inc. A Delaware Corporation Technique for enabling remote data access and manipulation from a pervasive device
US6678516B2 (en) * 2001-05-21 2004-01-13 Nokia Corporation Method, system, and apparatus for providing services in a privacy enabled mobile and Ubicom environment
US20030002504A1 (en) * 2001-06-29 2003-01-02 Antti Forstadius Apparatus, method and system for an object exchange bridge
US20030008662A1 (en) * 2001-07-09 2003-01-09 Stern Edith H. Systems and methods wherein a mobile user device operates in accordance with a location policy and user device information
US20050169214A1 (en) * 2001-07-12 2005-08-04 Riku Suomela System and method for accessing ubiquitous resources in an intelligent environment
US20030018887A1 (en) * 2001-07-17 2003-01-23 Dan Fishman Method for providing user-apparent consistency in a wireless device
US20030027636A1 (en) * 2001-07-26 2003-02-06 Eastman Kodak Company Intelligent toy with internet connection capability
US20030027553A1 (en) * 2001-08-03 2003-02-06 Brian Davidson Mobile browsing
US6674403B2 (en) * 2001-09-05 2004-01-06 Newbury Networks, Inc. Position detection and location tracking in a wireless network
US20030054794A1 (en) * 2001-09-18 2003-03-20 Nec Corporation Method and system for extending the capabilities of handheld devices using local resources
US20040190529A1 (en) * 2001-10-11 2004-09-30 Fujitsu Limited Apparatus for use with service providing system with integrated components in ad hoc network
US20030092376A1 (en) * 2001-10-26 2003-05-15 Majid Syed System and method for a push-pull gateway-directed digital receiver
US20080086564A1 (en) * 2002-01-15 2008-04-10 Janis Rae Putman Communication application server for converged communication services
US20030140246A1 (en) * 2002-01-18 2003-07-24 Palm, Inc. Location based security modification system and method
US20030179823A1 (en) * 2002-03-25 2003-09-25 Rongzhen Yang Processing digital data prior to compression
US20040073793A1 (en) * 2002-10-10 2004-04-15 Kabushiki Kaisha Toshiba Network system, information processing device, repeater, and method of building network system
US20050260996A1 (en) * 2004-05-24 2005-11-24 Groenendaal Joannes G V System and method for automatically configuring a mobile device

Cited By (47)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020135259A1 (en) * 2000-05-25 2002-09-26 Wolf-Joachim Eggers Stator
US20110016315A1 (en) * 2002-02-13 2011-01-20 Nokia Corporation Method and system for multimedia tags
US8526916B2 (en) 2002-02-13 2013-09-03 Nokia Corporation Method and system for multimedia tags
US20050124315A1 (en) * 2003-10-31 2005-06-09 Komatsu Ltd. Operating environment setting system for mobile communications terminal
US20060105713A1 (en) * 2004-11-12 2006-05-18 Zheng Jianyu R System and method for managing wireless connections in computer
US7917089B2 (en) * 2004-11-12 2011-03-29 Sony Corporation System and method for managing wireless connections in computer
US20100100642A1 (en) * 2004-11-12 2010-04-22 Jianyu Roy Zheng System and method for managing wireless connections in computer
US7668508B2 (en) * 2004-11-12 2010-02-23 Sony Corporation System and method for managing wireless connections in computer
US7647626B2 (en) 2004-12-08 2010-01-12 International Business Machines Corporation Method for establishing a trusted relationship between a data server and a middleware server
US20060123468A1 (en) * 2004-12-08 2006-06-08 International Business Machines Corporation Method, system and program for establishing a trusted relationship between a data server and a middleware server
US7661125B2 (en) 2004-12-27 2010-02-09 International Business Machines Corporation System for providing and utilizing a network trusted context
US7568039B2 (en) * 2004-12-27 2009-07-28 International Business Machines Corporation Method for providing and utilizing a network trusted context
US20080271114A1 (en) * 2004-12-27 2008-10-30 International Business Machines Corporation System for providing and utilizing a network trusted context
US20060143436A1 (en) * 2004-12-27 2006-06-29 Bird Paul M Method and system for providing and utilizing a network trusted context
US20070155399A1 (en) * 2005-12-29 2007-07-05 Alberth William P Jr Devices and methods for synchronizing location information in an access point
US20130005386A1 (en) * 2006-08-29 2013-01-03 Milind Kopikare Wi-Fi BASED GEO-LOCATION CONNECTIVITY
US9324105B2 (en) 2006-08-29 2016-04-26 Marvell World Trade Ltd. Method and apparatus to buy and sell items via a local area network
US20170300549A1 (en) * 2007-01-07 2017-10-19 Apple Inc. Synchronization methods and systems
US10891301B2 (en) * 2007-01-07 2021-01-12 Apple Inc. Synchronization methods and systems
US20220321643A1 (en) * 2007-01-12 2022-10-06 ProntoForms Inc. Mobile core client architecture
US20090030917A1 (en) * 2007-07-25 2009-01-29 Chang Jie Guo Multimedia messaging service-based database synchronization
US9760075B2 (en) 2007-09-10 2017-09-12 Fisher-Rosemount Systems, Inc. Location dependent control access in a process control system
US20090065578A1 (en) * 2007-09-10 2009-03-12 Fisher-Rosemount Systems, Inc. Location Dependent Control Access in a Process Control System
US9244455B2 (en) 2007-09-10 2016-01-26 Fisher-Rosemount Systems, Inc. Location dependent control access in a process control system
US20100012715A1 (en) * 2008-07-21 2010-01-21 Gilbarco Inc. System and method for pairing a bluetooth device with a point-of-sale terminal
US8342407B2 (en) * 2008-07-21 2013-01-01 Gilbarco, Inc. System and method for pairing a bluetooth device with a point-of-sale terminal
US9033217B2 (en) 2008-07-21 2015-05-19 Gilbarco Inc. System and method for pairing a BLUETOOTH device with a point-of-sale terminal
US9483759B2 (en) 2008-07-21 2016-11-01 Gilbarco Inc. System and method for pairing a bluetooth device with a point-of-sale terminal
US8176328B2 (en) * 2008-09-17 2012-05-08 Alcatel Lucent Authentication of access points in wireless local area networks
US20100070771A1 (en) * 2008-09-17 2010-03-18 Alcatel-Lucent Authentication of access points in wireless local area networks
CN102215052A (en) * 2010-04-09 2011-10-12 思科技术公司 Bluetooth radio device and management application for integration with a telecommunications network
US20110250842A1 (en) * 2010-04-09 2011-10-13 Cisco Technology, Inc. Bluetooth radio device and management application for integration with a telecommunications network
US20130034090A1 (en) * 2011-08-02 2013-02-07 Motorola Solutions, Inc. Method and apparatus for distributing wireless local area network access information
US9137735B2 (en) * 2011-08-02 2015-09-15 Motorola Solutions, Inc. Method and apparatus for distributing wireless local area network access information
US10212598B2 (en) * 2013-12-04 2019-02-19 Nokia Technologies Oy Access point information for wireless access
CN105814925A (en) * 2013-12-04 2016-07-27 诺基亚技术有限公司 Access point information for wireless access
US20160381559A1 (en) * 2013-12-04 2016-12-29 Nokia Technologies Oy Access point information for wireless access
US9877177B2 (en) * 2014-04-03 2018-01-23 Comcast Cable Communications, Llc Emergency information delivery
US10285036B2 (en) * 2014-04-03 2019-05-07 Comcast Cable Communications, Llc Emergency information delivery
US20190215675A1 (en) * 2014-04-03 2019-07-11 Comcast Cable Communications, Llc Emergency Information Delivery
US10779151B2 (en) * 2014-04-03 2020-09-15 Comcast Cable Communications, Llc Emergency information delivery
US20150289121A1 (en) * 2014-04-03 2015-10-08 Comcast Cable Communications, Llc Emergency Information Delivery
US11601794B2 (en) 2014-04-03 2023-03-07 Comcast Cable Communications, Llc Emergency information delivery
US9967319B2 (en) * 2014-10-07 2018-05-08 Microsoft Technology Licensing, Llc Security context management in multi-tenant environments
US20160099915A1 (en) * 2014-10-07 2016-04-07 Microsoft Corporation Security context management in multi-tenant environments
US20160239531A1 (en) * 2015-02-13 2016-08-18 Meenakshi Sundaram P Integrated framework for data management and provisioning
US20230353636A1 (en) * 2022-04-28 2023-11-02 Rohde & Schwarz Gmbh & Co. Kg Signal processing device, gateway, management server and method

Also Published As

Publication number Publication date
US20090054068A1 (en) 2009-02-26
US20060073788A1 (en) 2006-04-06
WO2006043132A1 (en) 2006-04-27
US7983682B2 (en) 2011-07-19
CN101032128B (en) 2016-04-13
EP1803253A1 (en) 2007-07-04
CN101032128A (en) 2007-09-05
JP2008515310A (en) 2008-05-08

Similar Documents

Publication Publication Date Title
US20060075075A1 (en) Method and system to contextually initiate synchronization services on mobile terminals in an enterprise environment
US7174564B1 (en) Secure wireless local area network
EP1550335B1 (en) Method and system for providing access via a first network to a service of a second network
TWI264917B (en) Method and system for authenticating user of data transfer device
EP1650915B1 (en) Method of authenticating a mobile network node for establishing a secure peer-to-peer context between a pair of communicating mobile network nodes
US7020456B2 (en) Method and system for authentication of units in a communications network
AU2010200066B2 (en) Method and system for authenticating internet user identity
US8472920B2 (en) System and method for providing wireless networks as a service
EP3021553A1 (en) Method and apparatuses for secure, anonymous wireless lan (wlan) access
US20060190991A1 (en) System and method for decentralized trust-based service provisioning
KR100749720B1 (en) Access point device and method for supporting multiple authentication policies
IL258598A (en) System and method for access control
US10554645B2 (en) Method for authenticating internet users
CN104837136B (en) Wireless access authentication method and device
US11206260B2 (en) Authentication of data transmission devices
JP2008028892A (en) Wireless communication system
AU2010246516A1 (en) A method of determining a geographical location of an internet terminal
US20240054495A1 (en) Method for validating electronic transactions
GB2546494A (en) Data relay authentication
KR101878713B1 (en) Method and System For Connecting User Equipment with Network
Koripi A Comprehensive Overview on WLAN Security for 802.11
TWI383700B (en) Hybrid communication system and method for wireless data communication
WO2002047348A2 (en) Method and system for authentication of units in a communications networks
KR20050048662A (en) Method and system for providing access via a first network to a service of a second network
Hasan Provide Simple Protection for Bluetooth Connection in Wireless Personal Area Network

Legal Events

Date Code Title Description
AS Assignment

Owner name: NOKIA CORPORATION, FINLAND

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:MALINEN, JOUNI I.;MAKI, JUSSI E.;REEL/FRAME:015857/0023

Effective date: 20041001

STCB Information on status: application discontinuation

Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION