WO2011022053A1 - System and methods for device management - Google Patents

System and methods for device management Download PDF

Info

Publication number
WO2011022053A1
WO2011022053A1 PCT/US2010/002264 US2010002264W WO2011022053A1 WO 2011022053 A1 WO2011022053 A1 WO 2011022053A1 US 2010002264 W US2010002264 W US 2010002264W WO 2011022053 A1 WO2011022053 A1 WO 2011022053A1
Authority
WO
WIPO (PCT)
Prior art keywords
local
devices
registration
hand held
device control
Prior art date
Application number
PCT/US2010/002264
Other languages
French (fr)
Inventor
Errol David Naiman
David Edwin Crabbs
Original Assignee
Errol David Naiman
David Edwin Crabbs
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Errol David Naiman, David Edwin Crabbs filed Critical Errol David Naiman
Publication of WO2011022053A1 publication Critical patent/WO2011022053A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2149Restricted operating environment

Definitions

  • the present invention relates generally to a system and methods for controlling hand held computer devices with communication features including a personal digital assistant (PDA), smart phone, tablet (iPad) or similar devices. More specifically, the present invention is directed to a system and methods for dynamically establishing, monitoring, and controlling hand held computer devices irrespective of the particular system used to operate the devices.
  • PDA personal digital assistant
  • iPad tablet
  • the monitoring, managing, and controlling of hand held computer devices provided to individual users is a desirable capability for those having ultimate
  • a hand held computing devices as used in this application can be wireless devices, such as any mobile device or smart mobile device, a personal data assistant (PDA), a smart hand-held computing device, a cellular telephone, a book reader, a tablet (e.g. iPad like device), laptop or netbook computer, hand held computer game console, a MP3 player, or similar hand held computer devices.
  • PDA personal data assistant
  • the business or individual or individuals having ultimate responsibility for such devices can be the device owner, an employer, the parent, or the guardian of the user and will be generally identified in the following as the owner.
  • Individuals and entities that wish to control the use of devices when on their premises or in their domain of control are identified in this application as a "policy control authority".
  • a policy control authority is a parent of children having access to different mobile devices or smart mobile devices under a single family membership, then certain restrictions on the use of the mobile device may be desirable.
  • the parent may wish to limit the time of day when the child can text to prevent texting on weekdays during night hours throughout a school year.
  • Other individuals, institutions, and business entities may also desire to control how such devices are utilized on their premises.
  • educational institutions may desire that limited access to device services that are available in a classroom setting, such as phone services or texting services.
  • Different instructors may desire different option availability of hand held computer device applications for different courses, sections of their courses, and/or for different tests.
  • Students at earlier stages of a course or in lower grade levels may be restricted from using some of the functions of a calculator application operating on the device during exams, etc., whereas later in the course or in upper grade levels may be expected to use such application functions during an exam to solve more advanced mathematical or scientific problems.
  • a problem exists with respect to the ability to place different restrictions on the use of a hand held computer devices with respect to location, time, and specific users in different environments by different commercial and non-commercial enterprises.
  • MDM Mobile Device Management
  • known systems have been focused on business MDM and government MDM. Such systems are directed to the support and security services of mobile devices owned by a particular enterprise with a focus often on access to enterprise data and systems. In these systems, the managers make device control decisions imposed by entities providing the devices to users. The managers also determine the control policies and management services that apply to the devices.
  • Such known MDM systems provide very little flexibility in the management of devices based on location, time, or enterprise by which the hand held computer devices may be controlled when the enterprise is other than the subscribing company.
  • the management and control techniques used with known MDM systems do not foster interoperability with competing entities and systems, and are often an obstacle to important uses of the device and desired applications.
  • Existing MDM systems are generally not able to manage and control end-user applications using different types of computer systems, operating systems, and applications software, interconnected by different types of local and wide area networks for hand held device users not
  • MDM systems Interoperability limitations of MDM systems have resulted in the loss of the availability of many useful applications, for example, limited or no control of devices when they are used in different locations (under the management and control of different control authorities) or in different social, educational, or business environments.
  • closed MDM systems are ones that require all of the devices controlled by the system to have a membership with the MDM system. Membership can take the form of, for example, employee/employer, service member and a unit of the Armed Forces, or an independent contractor relationship which are referred to as organizational relationships.
  • the management of devices is established by a policy control authority inputting data into the MDM system and policies are made obligatory to all of the members subscribing to the service - control of the device is mandatory and imposed by fiat.
  • the control of the devices is further limited by a geographic boundary of the MDM system. Other MDM systems operating by different control authorities in adjacent geographic regions typically do not operate with non-members of the subscribed to MDM system.
  • hand held computing devices are dynamic and are typified by changes to their operating characteristics that occur from time to time without authorization from a security system or an enterprise information technology department or controller.
  • a hand held computer device that is compliant with a MDM system can be readily changed to present a security risk subsequent to registration.
  • application software can be easily added to the devices from an application store or other less reliable or controlled sources.
  • Hand held computer devices can be "jail broken” and otherwise “hacked” introducing software imitating ("or spoofing") legitimate educational applications.
  • a device can be reset eliminating the device control software from the device without the permission or knowledge of the enterprise. Such "hacking and spoofing" could facilitate cheating or other unauthorized operations in, for example, a testing or other high security environment.
  • the present invention relates generally to a method and system for controlling hand held computer devices with communication features, and methods for dynamically establishing, monitoring and controlling the devices' behavior based on location and time.
  • the present invention also pertains to interoperable control regimes and policies established by separate control authorities which may be independent of the device owner. These control regimes may be layered and may also coexist and cooperate providing multiple benefits to the device owner, its user and the enterprises that implement and operate the device control regime.
  • MDM Mobile Device Management
  • OTA software over the air
  • MDM may also provide the ability to retrieve information from a device for troubleshooting and analysis.
  • the present MDM system can optimize mobile device functionality and ensure better interoperation with a different service provider's network.
  • the system is open to subscription by any device owner who chooses to voluntarily subscribe and have their device managed and to opt-in and have their device controlled.
  • the device owner benefits from the multiple independent entities who implement control regimes.
  • the system is open to any enterprises (inclusive of households) who implement MDM device control within the boundaries of the enterprise's premises.
  • the locus of such Open MDM (OMDM) control is limited to the geographic boundaries of the participating household's or enterprise's location or locations. Once the device is located outside the boundaries of those locations, the device-management regime restores the device to an uncontrolled state or to a default control policy established by the user (or their parents or guardian in the case of minor children).
  • OMDM Open MDM
  • One embodiment of the present invention has an open architecture that separates the provision, authentication of a subscribed user, establishment of control policies, and administration of the control policies into logically independent components.
  • OMDM can be implemented to provide substantial benefits in a variety of applications that include but are not limited to schools, homes, airlines in flight, movie theaters, testing authorities, etc.
  • One advantage of the present invention is the open opt-in feature.
  • Another advantage of the present invention is the multi-entity multi-policy independent device control feature.
  • One embodiment of the invention can provide "enterprise device management"- like services for those that may not be associated, for example, with a large enterprise with a sophisticated information technology (IT) department. Such embodiment may provide voluntary device management that renders hand-held computer devices more useful and more accepted. For the small business owner or for the operator of public services and facilities, the present embodiment can provide device management controls over a public who do not need to share a common employer or other
  • Voluntary opt-in device-management allows households and enterprises to adopt standard control policies.
  • the hand-held computing devices can be controlled on entry into the enterprise based on at least one of the following: global positioning satellite (GPS) coordinates; Near Field Communications (NFC) technologies and applications and/or standard policy profiles stored on a user's device at the time the device was registered and provisioned; or information provided in the device controller as described in the educational application below.
  • GPS global positioning satellite
  • NFC Near Field Communications
  • a device control policy based on time and location could be created in a smart phone application that has global positioning satellite services available.
  • a device control policy based on time and location could be implemented in a background process in a smart phone that listens for device controller communications, accepts and implements device control policy received from a device controller, enforces device control polices based on white (approved) and black
  • a policy control authority can use multiple redundant approaches that provide automated device management, control, and alerts to notify the policy control authority about possible out of compliance events. These could include applications related to test registration, check in procedures, GPS information, and local controller operation.
  • the degree of security can be arbitrarily set by a policy control authority based on selected implementations that one skilled in the art would be able to construct from the description that follows.
  • FIG. 1 shows an architecture diagram of an Open Mobile Device Management (OMDM) system in an illustrative embodiment incorporating features of the present invention
  • FIG. 2A and 2B show component diagrams of a system for a user to subscribe to the OMDM system, download device management software and have their device information registered in a global device management database in an illustrative embodiment incorporating features of the present invention
  • FIG. 3 shows a component diagram of an OMDM system for setting up or modifying device control policies governing approved applications and services to run on a hand held computer device in an illustrative embodiment incorporating features of the present invention
  • FIG. 4 shows a component diagram of an OMDM system for setting, establishing or modifying local device management policies governing approved applications to run on a hand held computer device in an illustrative embodiment incorporating features of the present invention
  • FIG. 5 shows a component diagram of an OMDM system for registering a new hand held computer device, periodic device compliance monitoring and authentication of the device, and updating an enterprise registration database in an illustrative embodiment incorporating features of the present invention
  • FIG. 6 shows a flow chart of a hand held computer device "no-click log-in" process in an illustrative embodiment incorporating features of the present invention
  • FIG 7 shows a flow chart of device control monitoring, event logging and alert processes in an illustrative embodiment incorporating features of the present invention.
  • a system and methods for controlling usage of a hand held computing device such as a wireless device, such as a personal data assistant, a smart hand-held computing device, a smart phone, a cellular telephone, a book reader, a tablet (e.g. devices similar to the Apple iPad), a laptop or netbook computer, hand held computer game console or MP3 player or similar computer devices is disclosed.
  • a hand held computing device such as a wireless device, such as a personal data assistant, a smart hand-held computing device, a smart phone, a cellular telephone, a book reader, a tablet (e.g. devices similar to the Apple iPad), a laptop or netbook computer, hand held computer game console or MP3 player or similar computer devices is disclosed.
  • communication channels may include cellular phone networks, cellular phone data services, and 802.11 x (Wi-Fi 33) and 802.15 x (Bluetooth) networking services and the like.
  • Restrictions on use of device functions can include, but are not limited to, specific hand held computing device applications, use of web browser or other web access and file transfer technology, electronic mails, telephone calls, text messaging, MP3 player, video player, camera usage, computer and video games, etc. and the myriad of applications available from a variety of sources including the iPhone and Android . application stores and the like.
  • a policy is a set of restrictions regarding which features of a hand held computer device will be available for use within specific time periods, geographic locations, or other parameters. These restrictions may relate to hardware and software features, functions and services such as access to WIFI, 3G, Bluetooth, camera, files, etc., that may be used, and also to general features such as persistence of state between separate usages of software applications.
  • a control domain can be a physical location such as a home, school, college campuses, retail facilities such as stores, gyms, etc., industrial offices, corporate offices, military bases or facilities, public facilities (e.g. airports, arenas, stadiums, theatres, churches, mosques, synagogues, or other religious facilities), etc.
  • control policies or policies are those that can limit the use of the following: software; services-specific hardware supported services such as camera, phone, texting and/or other network connections and services; access to files; persistence of the state of user applications; and a subset of features and functions an approved application can provide during a control session or in a particular context.
  • a context can be, for example, a test item, course module, or similar item.
  • Control policies may be implemented to invoke a function to wipe files created during a control session or in other circumstances.
  • Control policies illustrate the definition of control policies with reference to an embodiment relating to use in an educational setting.
  • Control policies as defined in this application have multiple applications in multiple industries so that the description provided here is not meant to limit the generality nor scope of the present invention.
  • Control policies can be implemented by specifying white list items and black list items.
  • White list items will mean for purposes of this application those features, functions, applications and tools, etc. that a user can use in the specific time or place or as otherwise controlled such as on exams as described below.
  • Black list items will mean for purposes of this application those features, functions, applications and tools, etc. that are off-limit and prohibited for use.
  • Embodiments of the present invention provide an easy to use tool for instructors to establish, add to, modify and delete items to the white list and black list.
  • control policies can exist in a particular time and location.
  • an instructor can assign students to different groups and each group can have a different control policy. This allows instructors to accommodate different lessons or lesson versions for different groups of students having different needs and/or capabilities that are simultaneously located in the same classroom.
  • employees and clients can be assigned to groups for the purpose of providing each of them different privileges or benefits.
  • employees and clients can be assigned to groups for the purpose of providing each of them different privileges or benefits.
  • a customer loyalty program application may provide different services, privileges and pricing to customers based on their group membership.
  • Other embodiments may allow a member of a grocery store's customer loyalty program to have their device equipped with a conformable shopping list application.
  • the member's device could communicate with the grocery store's "policy server" applications that provided weekly specials, special pricing for loyalty program members, suggested items of interest, and/or a map through the store so that the customer could minimize the time and effort required to do their shopping.
  • These applications could also include a check-out and payment function that utilized NFC technology and applications.
  • students can be assigned to different groups to suit the needs of the instructor's lesson plan and/or their individualized education program (IEP) as mandated by Federal government regulations.
  • IEP individualized education program
  • a broad policy may be selected for a curriculum and testing site, where an instructor could further define which program features and functions were available for use in the class, section of a course or during an exam. These could be used in conjunction with the policy group feature defined above to ensure compliance
  • control policy feature could be employed in an electronic test administration application that could vary the features and functions of an
  • FIG. 1 is a diagram that provides a general overview of the alternate uses and implementation of embodiments of the invention. Subsequent drawings show embodiments of a specific educational application, but such particular application should not be inferred to diminish the generality of the invention's application that spans both the public and private sectors.
  • numerous specific details are set forth in order to provide a more thorough disclosure of embodiments of the invention. It will be apparent to one skilled in the art that the embodiments disclosed may be practiced without all of the specific details provided for each embodiment. In some instances, well-known features may have not been described in detail so as not to obscure the features disclosed. Moreover, it is envisioned that features in the various embodiments may be used in other embodiments as is known to those skilled in the art.
  • SyncML MDM Extensible Markup Language
  • XML Extensible Markup Language
  • the invention will serve as the basis for a Device
  • Management module for an OMA hand held standard will promote multiplatform implementation of MDM technologies and provide an industry standard promoting interoperability.
  • FIG. 1 illustrates a first embodiment of the present invention which is an open MDM system, shown generally as 10.
  • the open MDM system 10 has a plurality of enterprises connected to one another via an internet connection 12.
  • the enterprises illustrated in the FIG. 1 embodiment are an educational institution 14, fitness center 16, corporation 18, movie theater 20, church 22, and airplane 24.
  • one or more other types of enterprises can be substituted for one or more of the above-described enterprises.
  • other embodiments of the invention may include residential housing, military installations, etc.
  • FIG. 1 illustrates independent hand held computer devices 26 of various users that can be connected to the internet 12. These users can voluntarily opt-in to the system 10 by subscription and have MDM control which is independent of the limited control provided by original equipment manufacturers. More specifically, in certain embodiments of the present invention, the present system is not manufacturer specific in terms of MDM control, but instead spans the breath of device manufacturers to provide a global hand held computer device management control system 10.
  • the embodiment of system 10 is open to subscription by any user of the devices 26 who voluntarily chooses to have their device managed and opt-in to have their device controlled by the system 10. Since the embodiment of system 10 is globally managed, an advantage of subscribing to the present system is that control is not limited according to specific boundaries, such as geographical boundaries.
  • a Global Device Management Services facility 28 provides registration, compliance and authentication services to various hand held computer devices; it may also provide one or more of the devices with downloads for the required hand-held device control application. Authentication services are particularly important, since a major benefit is the global service's frequent verification of the authenticity of the hand held device's device control software. The global service also provides registration support for local device controllers, facilitating their
  • a connection to the internet from various local device control servers and from the Global Device Management Services facility is preferably via a wired connections, such as connection 30. However, it is contemplated that most hand held devices will connect via a wireless facility with the present system.
  • FIG. 2A 1 an embodiment of a system now identified as 100 for providing network security for hand held computer devices is shown.
  • the system 100 of the embodiment shown in FIG. 2A is directed towards a user that is a student of an educational institution.
  • the system includes at least one hand held computer device, such as a student smart phone 102 having electronic data storage and software operability and capable of (operable for) wireless communication on a network, shown generally as 104.
  • the network 104 includes the internet connection 12 and also a wireless data network 106 constructed and configured for wireless communication between the at least one mobile device 100 and at least one device control server 108.
  • the device control server 108 further includes a multi-layered and/or multi-mode security system operable thereon to provide platform-independent security for controlling the device's capabilities and operation.
  • Application and device control software and policies 110 are also stored on the server 108, and synchronized with the smart phone 102.
  • subscription and registration software 112 are stored on the server 108 in this embodiment.
  • an embodiment of the smart phone 102 is selected by a user to have device control software 216 and application software 218 installed thereon. Upon completion of these installations, the smart phone 102 is registered in a global registration data base 114 shown in FIG. 2A.
  • the device control software 216 and device control policies controls the smart phone's functions when the smart phone is within the limits of a MDM and subject to its local device control server and control policies.
  • Such control enterprises can be, for example, the enterprises 14-24 shown in FIG. 1. Enforcement of the security policies set by the security software results in the smart phone 102 being able to access the network 104 and data, applications and device services associated with the network only if the user agrees to operate the smart phone 102 in compliance with the policies established by enterprises subscribed to the system.
  • the enterprises would subscribe to the system 100 for a specified fee and create policies related to each specific enterprise's device control needs.
  • Other embodiments may have enterprises being able to establish policies with payment of a fee, and device users paying fees for a subscription to global registry and authentication service 100.
  • FIG. 3 illustrates an example of a subscribing enterprise establishing MDM control policies specific to that enterprise.
  • an educational institution is shown as an enterprise.
  • a campus device control administrative officer is selected by the educational institution to operate an educational institution's policy console 300. More specifically, the campus device control administrator logs on to the educational institution's policy console 300 and accesses preferably via a secured connection a campus control server 302 which stores a MDM policy management module 304.
  • the MDM policy management module 304 provides a web page interface to policy creation logic that facilitates establishment of an educational institution MDM policy.
  • Policies can be implemented by using templates that are pre-populated with the most common policies typical for the type of enterprise. Thus, in the present example there can be templates specifically tailored for college, high school, or elementary school.
  • Policy values predetermined by the templates can be modified by a campus security officer accessing drop down lists and radio buttons.
  • the campus device control administrator may wish to make the policy values global in scope for the educational institution.
  • One such policy value might be preventing any modification to a rule that prohibits the use of cameras in locker rooms of the educational institution.
  • the campus device control administrator might select other less restrictive policy values if the educational institution desired more relaxed policies for other types of rules, such as camera use in a cafeteria or outside campus buildings.
  • the campus device control administrator can selectively impose a global policy value on specific policies of the educational institution, imposed less restrictive policy values, or authorize localized control of policy values to specific policies during log on of the educational institution's policy console 300.
  • a data management module 306 stored on the campus control server 302 may assist such that the MDM policy is recorded in a campus database 308.
  • the campus database 308 is connected to the data
  • the campus database 308 can further include storage for all class databases of the educational institution, or alternatively such class device control policies databases can be stored in separate databases connected to the campus database 308 as is known to those skilled in the art.
  • FIG. 4 illustrates and embodiment of a process by which an educational instructor of the educational institution may modify a default campus policy implemented by a campus security officer in a local area.
  • a student smart phone 102 selected by a user to have device control software 216 and application software 218 installed thereon, enters a zone 400.
  • the zone 400 can be a classroom of the educational institution.
  • a local policy console 402 and local controller 404 are also located in the zone. The local controller is preferably wirelessly connected to the local policy console 402 and smart phone 102.
  • the system permits the educational instructor to log on to the local console 402 and access, preferably via a secured connection, the local controller 404 which stores a local MDM policy management module 406.
  • the local MDM policy management module 406 provides a web page interface to policy creation logic that facilitates establishment of a local class MDM policy or policies. Policies can be implemented by using localized templates that are pre-populated with the most common local policies typical for the type of local environment within the specific enterprise.
  • the local controller 404 also has a local data management module 408 in this embodiment stored on the local controller.
  • the local controller 404 communicates with the campus controller 302.
  • the campus controller 302 communicates with the campus database 308 as discussed above with reference to FIG. 3.
  • the local console 402 and local controller 404 in this embodiment are shown being located within the zone 400, it is envisioned that one or both of these components could be located in an area outside the zone.
  • the local controller 404 could be in a storage area adjacent to the classroom.
  • the local controller 404 could be designed to operate with a plurality of zones (e.g., multiple classrooms).
  • FIG. 5 illustrates a process by which an educational institution's local MDM controllers 404 (one controller shown for brevity) constantly monitor for any new hand held computer device 100 requesting network service via a local registration verification module 406.
  • each controller 404 compares a respective device identity with the devices registered with the educational institution by sending an inquiry to the campus controller 302 and its registration module 304 which searches the campus registration data base 308. If registered, the registration module 304 sends the local registration verification module 406 a message indicating that the device is registered.
  • the campus registration module 304 interrogates the new hand held computer device 100 for its global registration information. Upon receipt of the global registration information, the campus registration module 304 interrogates a global registration server 108 running a registration authentication module 110 and the global registration data base 114 to authenticate the new hand held computer device 102.
  • the global registration server 108 returns appropriate compliance and registration records to the campus controller 302 and the campus registration module 304 creates a new registration record for the device 102 and adds it to the campus' master registration data base granting it permission to use the school's campus network.
  • the campus registration module 304 then sends a message to the local registration verification module 406 to notify the local registration verification module that the hand held computer unit 102 is registered and compliant.
  • the global device registration authentication module 304 If the global device registration authentication module 304 does not find a registration for the hand held computer device 102, then the global device registration authentication module returns a message of non-registration to the educational institution. The educational institution then issues an alert to the local control console 402.
  • FIG. 6 a flow chart illustrates the log in and monitoring of a hand held computer device in an educational environment for an embodiment of the present invention.
  • a student brings a hand held computer device that has been properly provisioned and registered with the educational institution onto the educational institution at start step 600.
  • the device controller starts at step 602.
  • a local controller's listener module listens (i.e., monitors whether the mobile device has entered a domain) for the mobile device at step 604.
  • Step 606 determines if the mobile device is detected, and if not the device controller keeps listening at step 604. If yes indicating that the device is detected, device login is initiated at step 608 and the local controller first requests the registration and compliance status of the hand held computer device.
  • step 610 the device transmits registration information.
  • the device control software if present, sends the registration and compliance information to the local controller. If not present, the device control software issues an alert at step 612.
  • the local controller validates the registration at step 614. If the device is registered, the local controller completes the login process and then initiates the device control and management logic at step 616. (See FIG. 7). If the device is not registered, then the local controller issues an alert at step 618.
  • the local controller begins device monitoring at step 702.
  • the local controller then issues an appropriate control policy to the hand held computer device at step 704.
  • the device next implements a policy at step 706 and then reports compliance with the policy at step 708.
  • the device is logged as compliant in step 710.
  • the local controller next starts periodic device monitoring at step 712, which includes polling the hand-held computing device periodically to ensure that the approved device management application is running, and in control of the device at step 714. If the local controller does not receive a proper response from a poll at step 714, then the local controller re-checks for compliance at step 712 and issued an alert at step 720.
  • Step 720 issues an alert to a local security official noting the time and tracking a duration and/or non-compliance which is stored in a session event database and which the local controller logs in the event log database at step 718.
  • a student desires to run a task (educational application, game, etc.) such will be monitored by the device's resident control software at step 714. If such tasks are not compliant with the enterprise policy, the control software will kill or prevent operation of the application and the non-compliant behavior will be reported at step 714 and an alert will be issued at step 720.
  • a task educational application, game, etc.
  • the registration process identifies the GPS coordinates of all enterprises near the device being registered and downloads those to the hand held computer device.
  • the GPS coordinates can be stored in a file and up loaded during registration, or alternatively, a user can identify an educational institution or other enterprise and if unknown provide the enterprise's address.
  • the control program Based on the enterprise location information, the control program continually monitors the device's location. When the device is within a predetermined distance of the enterprise during a first visit, the device can enter listener mode on the preferred control program security communication service (G3 Data, 802.11x, 802.15x, etc.). When a connection to a local networking service has been established, then the hand held computing device commences the local registration process as described above.
  • an enterprise interrogates its global registry to verify on-going compliance of all devices registered in the enterprise's master registration database.
  • the enterprise can rebuilt its enterprise database from the global master database.
  • the hand held device and local device control servers employ NFC technology and applications to perform the log in and registration processes described above.
  • the hand held device runs a proprietary service that begins a communication session with the local device controller.
  • the local device controller Upon receiving the session request, the local device controller first verifies the registration and compliance status of the requesting hand-held computing device as described above.
  • the local controller grants service and initiates monitoring.
  • the monitoring includes polling the hand-held computing device periodically to ensure that the approved application is running and in control of the device. If the local controller does not receive a proper response from a poll, then the local controller issues an alert to a local security official noting the time and tracks the duration or apparent non-compliance which it stores in a session event database. If a user desires to run another task such as an educational application, the device will start a new application if and only if it is permitted by the device control policy resident on the hand held device.
  • An example of the present invention for a single tasking operating system with low level access is now provided with reference to a student entering an educational domain.
  • the application runs a proprietary service that begins a communication session with the local controller.
  • the local controller Upon receiving the session request, the local controller first verifies the registration and compliance status of the requesting hand-held computing device. The local controller then verifies that the application requesting service is permitted by the local policy then extant.
  • the local controller Upon successful verifications in the above first and second steps, the local controller then permits service and initiates monitoring in a third step.
  • the local controller issues an alert to the local security official and logs the event into the local controller's event database.
  • the monitoring includes polling the hand-held computing device periodically to ensure that the approved application is running and in control of the device. While the session is live, the hand-held computing device answers the polling request with data detailing the applications and services active on the device.
  • the local controller files these polling status reports in an auditable device control record for each such device. If the local controller does not receive a proper response from a polling request, then the local controller issues an alert to the local security official noting the time and tracking the duration or apparent non-compliance which are stored in a session event database. If a student terminates one application and decides to run another approved application compliant with the security service according to the present invention, then the process goes to the third step above.
  • the application runs a proprietary device control low level service that begins a communication session with a local controller.
  • the local controller first verifies the registration and compliance status of the requesting hand-held computing device.
  • the local controller verifies that the application requesting service is permitted by the local policy then extant.
  • the local controller grants service and initiates monitoring.
  • the monitoring includes polling the hand-held computing device periodically to ensure that the approved application is running and in control of the device.
  • the local controller can update the list of approved services and applications as it receives policy modifications from an authorized security official.
  • the hand held computing device answers the polling request with data detailing the applications and services active on the device supplied by the low level device control service.
  • the low level service may employ either active or passive control strategies or both. Active control strategies enable only functions approved by the local security policy. Passive control strategies deny service to any request that is not on the policy approved services and applications.
  • the local controller files these polling status reports in an auditable device control record for each such device. If the local controller does not receive a proper response from a poll, then the local controller issues an alert to the local security official noting the time and tracking the duration or apparent non-compliance which is stored in a session event database. If the student initiates another task, then the local controller would examine the approved applications and services as contained in local controller's local copy of the policy. If the task is contained in a local copy of the policy on the local controller, then the local controller would permit the task or service to operate on the device, otherwise the local controller would deny the request.
  • ETS ETS for standardized tests such as the ACT, SAT, etc.
  • every test site could be configured such that a test site is an OMDM enterprise.
  • Such OMDM enterprises could interrogate a global registry to determine registration status, and if needed, the OMDM enterprises could create temporary registrations for the duration of a test for unregistered devices present at the test site. Such temporary registrations could be entered into the global device registry. Another embodiment would not record such "ad hoc" registrations in the global database.
  • Another embodiment is home device management for minor children or others. Such an embodiment would only need a central controller.
  • multiple polices could be implemented and tailored to the device management needs for each child.
  • multiple device management policies could be established for multiple classes of controlled hand held computer devices based on the characteristics of the device owner and/or other characteristics of the device owner's profile.
  • An exemplary embodiment is described for standardized test sites.
  • This embodiment is an example of multiple ad hoc embodiments that pertain to any authorized use or uses specified in a policy.
  • This embodiment is a specific case illustrative of the more general ad hoc embodiments.
  • the present invention may be used in this embodiment to control and monitor mobile calculating devices during the administration of standardized examinations.
  • a user arrives at a test site with a mobile device, and the user must register the device as a condition of being able to take the examination.
  • the registration by the user is done ad hoc at the test site, and involves making a positive connection between the hand held computer device and a local security controller managed by the test administrator.
  • the user will be using his mobile device as a graphing calculator.
  • the purpose of the registration process is to turn off unauthorized functionality of the device for the duration of the exam, and to monitor the device at regular intervals to verify that the device remains in compliance, with unauthorized functionality of the device remaining disabled until the user leaves the test site.
  • the user may be given a login identity.
  • the security controller acquires and stores the mobile device's identification.
  • the log on process may be implemented as a feature of the graphing calculator application on the mobile device.
  • an encrypted packet containing the security policy is downloaded to the mobile device and used to facilitate subsequent compliance monitoring transactions, each of which is also encrypted.
  • the security policy in this case can include a time interval (i.e., the duration of the exam), a geographic location (i.e., the test site), and a list of unauthorized functions to be disabled while the policy remains in effect (e.g., incoming/outgoing calls, text messaging, camera, voice recorder, blue tooth, wireless communication with anything other than the local security controller, applications other than the graphing calculator, etc.).
  • a time interval i.e., the duration of the exam
  • a geographic location i.e., the test site
  • a list of unauthorized functions to be disabled while the policy remains in effect e.g., incoming/outgoing calls, text messaging, camera, voice recorder, blue tooth, wireless communication with anything other than the local security controller, applications other than the graphing calculator, etc.
  • the hand held computer device is considered to be compliant for the specified time interval as long as the device remains in the specified geographic location, responds correctly each time the local security controller queries the device's status, and all unauthorized functions are verified disabled during each query. Otherwise, the hand held computer device is designated as non-compliant, and the local security controller takes an appropriate action to notify the exam administrator.
  • the default state is non-compliant, so the mobile device is automatically non-compliant prior to
  • All compliance monitoring transactions can be logged by the security controller, which can provide a full audit trail for each hand held computer device registered at the test site.
  • the local security monitor can also be the global security monitor in this scenario, since the local security monitor is the sole source of compliance policy for the administration of the exam.
  • the invention will provide a "no-click sign-on" process by continuously monitoring network traffic using traffic detection and analysis technology. This allows detection of traffic from unregistered devices and the signaling of an alarm indicating traffic from unregistered devices even if a hand held computer device does not have a monitoring application installed.
  • This embodiment would monitor traffic on all relevant wireless frequencies and all relevant protocols such as but not limited to 802.11 (Wi-Fi), 802.15 (Bluetooth), 802.16 (WiMax) and Carrier provided Wireless Cellular Data services such as but not limited to "3G” and "4G.”
  • the local device controller will interrogate the local registration and authentication database registry, and if necessary, the global registration and authentication database registry, to validate that the particular mobile computing device is registered, and also that the control software is authentic and compliant. This is accomplished by comparing the registration data received from the hand held computing device with that contained in the registry, including such information as to authenticate the control software.
  • This process allows a registered, authenticated and compliant hand held computer device to complete the login process without the device's user having to take any action. In a preferred embodiment, this could provide automatic attendance taking in a class room.
  • a controlling device is provided with hardware and software that allows it to control use of the hand held computing device.
  • the controlling device is, for instance, a wireless access device, a special hardware machine implementing key supervisory and control functions, telephone, a PDA, or personal computer comprising an application which provides a way to control the wireless access device.
  • the application runs on a controlling entity's wireless access point device.
  • the policy management application may be a web- based application where parameters are established using common web based user controls such as drop down lists, radio buttons and the like.
  • the policy management application may interact with the local security official in a structured dialogue.
  • the system and method may for example be used by a controlling entity (Controller) such as a parent, to control or manage use of a child's cellular telephone, a school administrator or their delegated security official to set campus policies controlling students use of their smart devices, a classroom teacher or an exam proctor or the like to set local policies that are more or less restrictive than the campus policy, or an International testing agency to ensure the uniform
  • the testing agency can develop a standard policy which can be disseminated globally to all local control devices.
  • the testing authorities may be directly supplied verified compliant local control devices that they can distribute under the security methods they use for their test materials.
  • the present invention provides for a multi-layered policy regime.
  • a campus policy sets the defaults for a campus. In some instances, those policy settings are absolute and cannot be modified. Local policies established by instructors for their classes can more or less restrictive than the campus policy. Special policy provisions can be made for certain testing authorities during their testing. For example, testing authorities can establish policies that supersede campus policies. These policies could be distributed via a central service to the appropriate locations or by the agencies directly.
  • the present invention permits restrictions based on time by identifying periods when the child or student may make use of the hand held computer device. For example, telephone calls may be restricted based on time of day, such as during class, or day of the week, such as weekdays or weekends when different policies might apply.
  • the present invention permits restrictions based on location.
  • the enterprise controller might establish different policies for locker rooms and language labs.
  • the identified time restrictions are stored in an enterprise control database accessed by the authorized hand held computer devices. Teachers, proctors, etc. can modify the enterprise policies as they deem appropriate if permitted by their
  • the local controller devices communicate with security software on the hand held computer devices to either affirmatively enable or disable (or both) the applications and services that the device can employ or run.
  • students and or their parents opt-in to device control by acquiring software for their device and registering their hand held computer devices with a central registry. During the software installation and registration process on the devices, certain unique parameters are established that permit the registry to validate the authenticity and continued compliance of the devices. In an embodiment, the registry periodically audits the continued compliance of the device. Moreover, the registry and compliance service will be provided on a subscription basis.
  • a foreign device i.e., new device external to a domain
  • controllers will interrogate the new device.
  • the foreign device will report a registration status, with a failure to respond indicating non-compliance. If the foreign device reports that it is compliant, then the local controller will interrogate the global registration and authentication database registry to validate that the particular hand-held computing device is registered and compliant. This is done by comparing data received from the foreign device with that contained in the global registration and authentication registry.
  • the foreign device If the foreign device is not registered in the global registration and authentication registry, or not in compliance an alert will be sent to the local control official. If the foreign device is compliant, then the foreign device will be registered with the enterprise device registration data base.
  • hand held computer devices can be validated at the examination site prior to administering of the test.
  • instructors could be provided with lists of approved devices detected with the associated student names.
  • the teachers could further implement a campus policy for non-controlled devices which were being used in unauthorized ways.
  • a campus can have a registration procedure so that students would be required to have their devices provisioned and authenticated as being compliant.
  • compliance and control procedures would not invoke privacy issues since such procedures would be self-selected by parents, guardians, or students on an explicit opt-in procedure and as explicitly detailed in an end user license agreement (EULA).
  • EULA end user license agreement
  • Unauthorized searches of the device owner's files would not be allowed unless there was significant evidence of illicit use of the device or possession of lost or stolen property. Such evidence could be produced by the present invention's audit and verification procedures that the device owner had explicitly authorized.
  • a situation where a device operator's authorization might not be present would be where an instrument was, for example, lost or stolen and used without an owner's permission.
  • the present invention could indicate new phones coming into a domain. Teachers or other officials might decide to investigate if the name in the registry and the student using the device did not match. Lost or stolen devices could also be reported to the registry and alerts could be dispatched to local officials indicating that a specific device was reported as lost or stolen.
  • one embodiment of the present invention can have device control affected by a layer upon which an educational application operates, and would continually report the controlling device status. Failure to report a status to the controller would create compliance alert.
  • the communication between the controller and the device control software would be encrypted and contain information that would be unique and not easily replicated by hacked software or spoofing.
  • device control in a multitasking environment with low level system management access, device control can be achieved by a low level control program that would monitor, control, and report system status providing audit trails and
  • Communication with the controlling device could be in a manner similar to that described above.

Abstract

A method for device management includes steps of downloading a device control application to one or more hand held devices, registenng the one or more hand held devices with the global registry, authentication and compliance service, and establishing a communication session between the one or more hand-held devices and local device control equipment The method also has steps of creating the communication session between the one or more hand held devices and the local device control equipment, verifying the registration and compliance status of the one or more hand held devices, and monitonng the use of one or more approved applications and hand held devices including one or more restnctions in the use of the one or more hand held device and their features and functions

Description

SYSTEM AND METHODS FOR DEVICE MANAGEMENT
This application claims the benefit of U.S. Provisional Application No. 61/274,528 filed August 18, 2009, which is hereby incorporated by reference.
FIELD OF THE INVENTION
The present invention relates generally to a system and methods for controlling hand held computer devices with communication features including a personal digital assistant (PDA), smart phone, tablet (iPad) or similar devices. More specifically, the present invention is directed to a system and methods for dynamically establishing, monitoring, and controlling hand held computer devices irrespective of the particular system used to operate the devices.
BACKGROUND OF THE INVENTION
The monitoring, managing, and controlling of hand held computer devices provided to individual users is a desirable capability for those having ultimate
responsibility for these devices. A hand held computing devices as used in this application can be wireless devices, such as any mobile device or smart mobile device, a personal data assistant (PDA), a smart hand-held computing device, a cellular telephone, a book reader, a tablet (e.g. iPad like device), laptop or netbook computer, hand held computer game console, a MP3 player, or similar hand held computer devices. For purposes of this application, the business or individual or individuals having ultimate responsibility for such devices can be the device owner, an employer, the parent, or the guardian of the user and will be generally identified in the following as the owner. Individuals and entities that wish to control the use of devices when on their premises or in their domain of control are identified in this application as a "policy control authority". For example, if a policy control authority is a parent of children having access to different mobile devices or smart mobile devices under a single family membership, then certain restrictions on the use of the mobile device may be desirable. The parent may wish to limit the time of day when the child can text to prevent texting on weekdays during night hours throughout a school year. Other individuals, institutions, and business entities may also desire to control how such devices are utilized on their premises. For example, educational institutions may desire that limited access to device services that are available in a classroom setting, such as phone services or texting services. Different instructors may desire different option availability of hand held computer device applications for different courses, sections of their courses, and/or for different tests. Students at earlier stages of a course or in lower grade levels may be restricted from using some of the functions of a calculator application operating on the device during exams, etc., whereas later in the course or in upper grade levels may be expected to use such application functions during an exam to solve more advanced mathematical or scientific problems. Generally, a problem exists with respect to the ability to place different restrictions on the use of a hand held computer devices with respect to location, time, and specific users in different environments by different commercial and non-commercial enterprises.
The field of hand held computer device management is often referred to as Mobile Device Management (MDM). Generally, known systems have been focused on business MDM and government MDM. Such systems are directed to the support and security services of mobile devices owned by a particular enterprise with a focus often on access to enterprise data and systems. In these systems, the managers make device control decisions imposed by entities providing the devices to users. The managers also determine the control policies and management services that apply to the devices. Such known MDM systems provide very little flexibility in the management of devices based on location, time, or enterprise by which the hand held computer devices may be controlled when the enterprise is other than the subscribing company. The management and control techniques used with known MDM systems do not foster interoperability with competing entities and systems, and are often an obstacle to important uses of the device and desired applications. Existing MDM systems are generally not able to manage and control end-user applications using different types of computer systems, operating systems, and applications software, interconnected by different types of local and wide area networks for hand held device users not
subscribed to a particular MDM system.
Interoperability limitations of MDM systems have resulted in the loss of the availability of many useful applications, for example, limited or no control of devices when they are used in different locations (under the management and control of different control authorities) or in different social, educational, or business environments.
However, a known problem of these MDM systems is that they are closed MDM systems and permit only one control authority. For purposes of this application, closed MDM systems are ones that require all of the devices controlled by the system to have a membership with the MDM system. Membership can take the form of, for example, employee/employer, service member and a unit of the Armed Forces, or an independent contractor relationship which are referred to as organizational relationships. The management of devices is established by a policy control authority inputting data into the MDM system and policies are made obligatory to all of the members subscribing to the service - control of the device is mandatory and imposed by fiat. The control of the devices is further limited by a geographic boundary of the MDM system. Other MDM systems operating by different control authorities in adjacent geographic regions typically do not operate with non-members of the subscribed to MDM system.
Current systems do not make important architectural distinctions among enterprises and functions that permit flexible control regimes. The systems require that the device owner and policy control authority have an organizational relationship, if not be the same entity. Device provisioning or initiating of the device for communication with a network is provided under the control of the enterprise as are also authentication of a device, establishment of control policies for the device, and administration of the control policies. The control authorities all have an organizational relationship with device users, and most often the control authorities share a common management policy-making apparatus. This limits how devices can be controlled by a policy since only devices of users in those organizational relationships are controlled by the policy.
Other known problems with existing hand held computing devices are that such devices are dynamic and are typified by changes to their operating characteristics that occur from time to time without authorization from a security system or an enterprise information technology department or controller. A hand held computer device that is compliant with a MDM system can be readily changed to present a security risk subsequent to registration. For example, application software can be easily added to the devices from an application store or other less reliable or controlled sources. Hand held computer devices can be "jail broken" and otherwise "hacked" introducing software imitating ("or spoofing") legitimate educational applications. A device can be reset eliminating the device control software from the device without the permission or knowledge of the enterprise. Such "hacking and spoofing" could facilitate cheating or other unauthorized operations in, for example, a testing or other high security environment.
It is clear that there is a demand for a system and methods that allows hand held computer devices to be operated such that the above organizational relationship is not required to control hand held computer devices, such that the devices have their functions subject to the control of multiple control authorities, and such that the devices be able to operate in educational and other environments so that the devices are not jail broken, hacked, or spoofed. The present invention satisfies these various demands.
SUMMARY OF THE INVENTION
The present invention relates generally to a method and system for controlling hand held computer devices with communication features, and methods for dynamically establishing, monitoring and controlling the devices' behavior based on location and time. The present invention also pertains to interoperable control regimes and policies established by separate control authorities which may be independent of the device owner. These control regimes may be layered and may also coexist and cooperate providing multiple benefits to the device owner, its user and the enterprises that implement and operate the device control regime.
Mobile Device Management (MDM) provides the ability to improve mobile device functionality by updating firmware, changing configurations, and managing software over the air (OTA). MDM may also provide the ability to retrieve information from a device for troubleshooting and analysis. The present MDM system can optimize mobile device functionality and ensure better interoperation with a different service provider's network.
From a topological point of view, the system is open to subscription by any device owner who chooses to voluntarily subscribe and have their device managed and to opt-in and have their device controlled. The device owner benefits from the multiple independent entities who implement control regimes. The system is open to any enterprises (inclusive of households) who implement MDM device control within the boundaries of the enterprise's premises.
In one embodiment of the present invention, the locus of such Open MDM (OMDM) control is limited to the geographic boundaries of the participating household's or enterprise's location or locations. Once the device is located outside the boundaries of those locations, the device-management regime restores the device to an uncontrolled state or to a default control policy established by the user (or their parents or guardian in the case of minor children).
One embodiment of the present invention has an open architecture that separates the provision, authentication of a subscribed user, establishment of control policies, and administration of the control policies into logically independent components.
OMDM can be implemented to provide substantial benefits in a variety of applications that include but are not limited to schools, homes, airlines in flight, movie theaters, testing authorities, etc. One advantage of the present invention is the open opt-in feature. Another advantage of the present invention is the multi-entity multi-policy independent device control feature.
One embodiment of the invention can provide "enterprise device management"- like services for those that may not be associated, for example, with a large enterprise with a sophisticated information technology (IT) department. Such embodiment may provide voluntary device management that renders hand-held computer devices more useful and more accepted. For the small business owner or for the operator of public services and facilities, the present embodiment can provide device management controls over a public who do not need to share a common employer or other
association and who opt-in for device-management. Users get more benefits and better quality of service without a control authority ever needing to take physical possession of their devices.
Voluntary opt-in device-management allows households and enterprises to adopt standard control policies. The hand-held computing devices can be controlled on entry into the enterprise based on at least one of the following: global positioning satellite (GPS) coordinates; Near Field Communications (NFC) technologies and applications and/or standard policy profiles stored on a user's device at the time the device was registered and provisioned; or information provided in the device controller as described in the educational application below.
In one embodiment, a device control policy based on time and location could be created in a smart phone application that has global positioning satellite services available.
In one embodiment, a device control policy based on time and location could be implemented in a background process in a smart phone that listens for device controller communications, accepts and implements device control policy received from a device controller, enforces device control polices based on white (approved) and black
(prohibited) lists while communicating and reporting to the device controller as required.
For high security test applications corresponding to educational standardized tests, a policy control authority can use multiple redundant approaches that provide automated device management, control, and alerts to notify the policy control authority about possible out of compliance events. These could include applications related to test registration, check in procedures, GPS information, and local controller operation. The degree of security can be arbitrarily set by a policy control authority based on selected implementations that one skilled in the art would be able to construct from the description that follows.
BRIEF DESCRIPTION OF THE DRAWINGS
The preferred embodiments of the invention will be described in conjunction with the appended drawings provided to illustrate and not to the limit the invention, where like designations denoted like elements, and in which: FIG. 1 shows an architecture diagram of an Open Mobile Device Management (OMDM) system in an illustrative embodiment incorporating features of the present invention;
FIG. 2A and 2B show component diagrams of a system for a user to subscribe to the OMDM system, download device management software and have their device information registered in a global device management database in an illustrative embodiment incorporating features of the present invention;
FIG. 3 shows a component diagram of an OMDM system for setting up or modifying device control policies governing approved applications and services to run on a hand held computer device in an illustrative embodiment incorporating features of the present invention;
FIG. 4 shows a component diagram of an OMDM system for setting, establishing or modifying local device management policies governing approved applications to run on a hand held computer device in an illustrative embodiment incorporating features of the present invention;
FIG. 5 shows a component diagram of an OMDM system for registering a new hand held computer device, periodic device compliance monitoring and authentication of the device, and updating an enterprise registration database in an illustrative embodiment incorporating features of the present invention;
FIG. 6 shows a flow chart of a hand held computer device "no-click log-in" process in an illustrative embodiment incorporating features of the present invention, and FIG 7 shows a flow chart of device control monitoring, event logging and alert processes in an illustrative embodiment incorporating features of the present invention.
DETAILED DESCRIPTION OF PREFERRED EMBODIMENTS
A system and methods for controlling usage of a hand held computing device such as a wireless device, such as a personal data assistant, a smart hand-held computing device, a smart phone, a cellular telephone, a book reader, a tablet (e.g. devices similar to the Apple iPad), a laptop or netbook computer, hand held computer game console or MP3 player or similar computer devices is disclosed.
Use of hand held computer devices encompasses outgoing and incoming communication channels as well as application usage. Outgoing or incoming
communication channels may include cellular phone networks, cellular phone data services, and 802.11 x (Wi-Fi 33) and 802.15 x (Bluetooth) networking services and the like.
Restrictions on use of device functions can include, but are not limited to, specific hand held computing device applications, use of web browser or other web access and file transfer technology, electronic mails, telephone calls, text messaging, MP3 player, video player, camera usage, computer and video games, etc. and the myriad of applications available from a variety of sources including the iPhone and Android . application stores and the like.
For the purposes of this invention, a policy is a set of restrictions regarding which features of a hand held computer device will be available for use within specific time periods, geographic locations, or other parameters. These restrictions may relate to hardware and software features, functions and services such as access to WIFI, 3G, Bluetooth, camera, files, etc., that may be used, and also to general features such as persistence of state between separate usages of software applications. A control domain can be a physical location such as a home, school, college campuses, retail facilities such as stores, gyms, etc., industrial offices, corporate offices, military bases or facilities, public facilities (e.g. airports, arenas, stadiums, theatres, churches, mosques, synagogues, or other religious facilities), etc.
For the purposes of this invention, control policies or policies are those that can limit the use of the following: software; services-specific hardware supported services such as camera, phone, texting and/or other network connections and services; access to files; persistence of the state of user applications; and a subset of features and functions an approved application can provide during a control session or in a particular context. A context can be, for example, a test item, course module, or similar item. Control policies may be implemented to invoke a function to wipe files created during a control session or in other circumstances.
The following embodiments illustrate the definition of control policies with reference to an embodiment relating to use in an educational setting. Control policies as defined in this application have multiple applications in multiple industries so that the description provided here is not meant to limit the generality nor scope of the present invention.
Control policies can be implemented by specifying white list items and black list items. White list items will mean for purposes of this application those features, functions, applications and tools, etc. that a user can use in the specific time or place or as otherwise controlled such as on exams as described below. Black list items will mean for purposes of this application those features, functions, applications and tools, etc. that are off-limit and prohibited for use. Embodiments of the present invention provide an easy to use tool for instructors to establish, add to, modify and delete items to the white list and black list.
Multiple control policies can exist in a particular time and location. In one embodiment, an instructor can assign students to different groups and each group can have a different control policy. This allows instructors to accommodate different lessons or lesson versions for different groups of students having different needs and/or capabilities that are simultaneously located in the same classroom.
In one embodiment, employees and clients can be assigned to groups for the purpose of providing each of them different privileges or benefits. In another
embodiment, a customer loyalty program application may provide different services, privileges and pricing to customers based on their group membership.
Other embodiments may allow a member of a grocery store's customer loyalty program to have their device equipped with a conformable shopping list application. The member's device could communicate with the grocery store's "policy server" applications that provided weekly specials, special pricing for loyalty program members, suggested items of interest, and/or a map through the store so that the customer could minimize the time and effort required to do their shopping. These applications could also include a check-out and payment function that utilized NFC technology and applications. In one embodiment, students can be assigned to different groups to suit the needs of the instructor's lesson plan and/or their individualized education program (IEP) as mandated by Federal government regulations.
A broad policy may be selected for a curriculum and testing site, where an instructor could further define which program features and functions were available for use in the class, section of a course or during an exam. These could be used in conjunction with the policy group feature defined above to ensure compliance
government IEP requirements.
In one embodiment, the control policy feature could be employed in an electronic test administration application that could vary the features and functions of an
educational tool such as a graphing calculator on an item-by-item basis, scramble test items, multiply choice item parameters, scramble answer alternatives or test sections, etc., so that no two adjacent students have the same test item and so that no two tests were exactly the same. This is important to educators and test administrators who might wish to deploy the present invention with an electronic test administration application to take advantage of hand held computer devices for use in standardized tests.
Turning now with reference to the drawings, FIG. 1 is a diagram that provides a general overview of the alternate uses and implementation of embodiments of the invention. Subsequent drawings show embodiments of a specific educational application, but such particular application should not be inferred to diminish the generality of the invention's application that spans both the public and private sectors. In the following description, numerous specific details are set forth in order to provide a more thorough disclosure of embodiments of the invention. It will be apparent to one skilled in the art that the embodiments disclosed may be practiced without all of the specific details provided for each embodiment. In some instances, well-known features may have not been described in detail so as not to obscure the features disclosed. Moreover, it is envisioned that features in the various embodiments may be used in other embodiments as is known to those skilled in the art.
In particular, almost every device manufacturer provides facilities and services that aid in MDM. Examples of such services are the wide spread implementation of Microsoft Exchange Active Sync Device Management or implementations based on technologies like the SyncML MDM standard sponsored by the multi-enterprise Open Mobile Alliance (OMA). The SyncML MDM standard is a variant of Extensible Markup Language (XML) and its use in the applications anticipated in embodiments of the invention are well known to those skilled in the art.
In one embodiment, the invention will serve as the basis for a Device
Management module for an OMA hand held standard. The embodiment will promote multiplatform implementation of MDM technologies and provide an industry standard promoting interoperability.
In the following description like reference numbers designate like or
corresponding parts throughout the several views. The illustrations are for the purpose of describing a preferred embodiment of the invention and are not intended to limit the invention thereto. As discussed above, FIG. 1 illustrates a first embodiment of the present invention which is an open MDM system, shown generally as 10. In this embodiment, the open MDM system 10 has a plurality of enterprises connected to one another via an internet connection 12. The enterprises illustrated in the FIG. 1 embodiment are an educational institution 14, fitness center 16, corporation 18, movie theater 20, church 22, and airplane 24. In other embodiments, one or more other types of enterprises can be substituted for one or more of the above-described enterprises. For example, other embodiments of the invention may include residential housing, military installations, etc.
FIG. 1 illustrates independent hand held computer devices 26 of various users that can be connected to the internet 12. These users can voluntarily opt-in to the system 10 by subscription and have MDM control which is independent of the limited control provided by original equipment manufacturers. More specifically, in certain embodiments of the present invention, the present system is not manufacturer specific in terms of MDM control, but instead spans the breath of device manufacturers to provide a global hand held computer device management control system 10. The embodiment of system 10 is open to subscription by any user of the devices 26 who voluntarily chooses to have their device managed and opt-in to have their device controlled by the system 10. Since the embodiment of system 10 is globally managed, an advantage of subscribing to the present system is that control is not limited according to specific boundaries, such as geographical boundaries. The present embodiment of system 10 maintains control of a device and restores a device to an uncontrolled state or pre-established default control policy once the device is external to a specific geographical boundary or boundaries. A Global Device Management Services facility 28 provides registration, compliance and authentication services to various hand held computer devices; it may also provide one or more of the devices with downloads for the required hand-held device control application. Authentication services are particularly important, since a major benefit is the global service's frequent verification of the authenticity of the hand held device's device control software. The global service also provides registration support for local device controllers, facilitating their
registration of client devices as described herein. A connection to the internet from various local device control servers and from the Global Device Management Services facility is preferably via a wired connections, such as connection 30. However, it is contemplated that most hand held devices will connect via a wireless facility with the present system.
As best seen in FIG. 2A1 an embodiment of a system now identified as 100 for providing network security for hand held computer devices is shown. The system 100 of the embodiment shown in FIG. 2A is directed towards a user that is a student of an educational institution. The system includes at least one hand held computer device, such as a student smart phone 102 having electronic data storage and software operability and capable of (operable for) wireless communication on a network, shown generally as 104.
The network 104 includes the internet connection 12 and also a wireless data network 106 constructed and configured for wireless communication between the at least one mobile device 100 and at least one device control server 108. The device control server 108 further includes a multi-layered and/or multi-mode security system operable thereon to provide platform-independent security for controlling the device's capabilities and operation. Application and device control software and policies 110 are also stored on the server 108, and synchronized with the smart phone 102.
Additionally, subscription and registration software 112 are stored on the server 108 in this embodiment.
As shown in FIG 2B1 an embodiment of the smart phone 102 is selected by a user to have device control software 216 and application software 218 installed thereon. Upon completion of these installations, the smart phone 102 is registered in a global registration data base 114 shown in FIG. 2A. The device control software 216 and device control policies controls the smart phone's functions when the smart phone is within the limits of a MDM and subject to its local device control server and control policies. Such control enterprises can be, for example, the enterprises 14-24 shown in FIG. 1. Enforcement of the security policies set by the security software results in the smart phone 102 being able to access the network 104 and data, applications and device services associated with the network only if the user agrees to operate the smart phone 102 in compliance with the policies established by enterprises subscribed to the system. In one embodiment, it is envisioned that the enterprises would subscribe to the system 100 for a specified fee and create policies related to each specific enterprise's device control needs. Other embodiments may have enterprises being able to establish policies with payment of a fee, and device users paying fees for a subscription to global registry and authentication service 100.
FIG. 3 illustrates an example of a subscribing enterprise establishing MDM control policies specific to that enterprise. In this example, an educational institution is shown as an enterprise. A campus device control administrative officer is selected by the educational institution to operate an educational institution's policy console 300. More specifically, the campus device control administrator logs on to the educational institution's policy console 300 and accesses preferably via a secured connection a campus control server 302 which stores a MDM policy management module 304. The MDM policy management module 304 provides a web page interface to policy creation logic that facilitates establishment of an educational institution MDM policy. Policies can be implemented by using templates that are pre-populated with the most common policies typical for the type of enterprise. Thus, in the present example there can be templates specifically tailored for college, high school, or elementary school. Policy values predetermined by the templates can be modified by a campus security officer accessing drop down lists and radio buttons. In some instances, the campus device control administrator may wish to make the policy values global in scope for the educational institution. One such policy value might be preventing any modification to a rule that prohibits the use of cameras in locker rooms of the educational institution. In other instances, however, the campus device control administrator might select other less restrictive policy values if the educational institution desired more relaxed policies for other types of rules, such as camera use in a cafeteria or outside campus buildings. Alternatively or in addition, it may be desired to delegate some or all authority to a class instructor to modify a specific policy for that instructor's classes with or without restriction. In essence, the campus device control administrator can selectively impose a global policy value on specific policies of the educational institution, imposed less restrictive policy values, or authorize localized control of policy values to specific policies during log on of the educational institution's policy console 300. Once the overall campus policy has been established which assigns policy values to each of the educational institutions policies, then a data management module 306 stored on the campus control server 302 may assist such that the MDM policy is recorded in a campus database 308. The campus database 308 is connected to the data
management module 306 preferably by a secured connection. The campus database 308 can further include storage for all class databases of the educational institution, or alternatively such class device control policies databases can be stored in separate databases connected to the campus database 308 as is known to those skilled in the art.
FIG. 4 illustrates and embodiment of a process by which an educational instructor of the educational institution may modify a default campus policy implemented by a campus security officer in a local area. A student smart phone 102, selected by a user to have device control software 216 and application software 218 installed thereon, enters a zone 400. By way of example, the zone 400 can be a classroom of the educational institution. A local policy console 402 and local controller 404 are also located in the zone. The local controller is preferably wirelessly connected to the local policy console 402 and smart phone 102.
Other smart phones (not shown) for other students may be similarly connected to the local controller 404 and subject to the same restrictions of use imposed upon the smart phone 102. However, even more localized (i.e., groups of student or even student specific) restrictions may be imposed should further device control flexibility be desired. Generally, the system permits the educational instructor to log on to the local console 402 and access, preferably via a secured connection, the local controller 404 which stores a local MDM policy management module 406. The local MDM policy management module 406 provides a web page interface to policy creation logic that facilitates establishment of a local class MDM policy or policies. Policies can be implemented by using localized templates that are pre-populated with the most common local policies typical for the type of local environment within the specific enterprise.
The local controller 404 also has a local data management module 408 in this embodiment stored on the local controller. The local controller 404 communicates with the campus controller 302. The campus controller 302 communicates with the campus database 308 as discussed above with reference to FIG. 3.
Although the local console 402 and local controller 404 in this embodiment are shown being located within the zone 400, it is envisioned that one or both of these components could be located in an area outside the zone. For example, the local controller 404 could be in a storage area adjacent to the classroom. Moreover, the local controller 404 could be designed to operate with a plurality of zones (e.g., multiple classrooms).
FIG. 5 illustrates a process by which an educational institution's local MDM controllers 404 (one controller shown for brevity) constantly monitor for any new hand held computer device 100 requesting network service via a local registration verification module 406. For a local classroom network domain 500 and a campus network domain 502, each controller 404 compares a respective device identity with the devices registered with the educational institution by sending an inquiry to the campus controller 302 and its registration module 304 which searches the campus registration data base 308. If registered, the registration module 304 sends the local registration verification module 406 a message indicating that the device is registered.
If not registered locally, the campus registration module 304 interrogates the new hand held computer device 100 for its global registration information. Upon receipt of the global registration information, the campus registration module 304 interrogates a global registration server 108 running a registration authentication module 110 and the global registration data base 114 to authenticate the new hand held computer device 102.
If registered, the global registration server 108 returns appropriate compliance and registration records to the campus controller 302 and the campus registration module 304 creates a new registration record for the device 102 and adds it to the campus' master registration data base granting it permission to use the school's campus network. The campus registration module 304 then sends a message to the local registration verification module 406 to notify the local registration verification module that the hand held computer unit 102 is registered and compliant.
If the global device registration authentication module 304 does not find a registration for the hand held computer device 102, then the global device registration authentication module returns a message of non-registration to the educational institution. The educational institution then issues an alert to the local control console 402.
Referring now to FIG. 6, a flow chart illustrates the log in and monitoring of a hand held computer device in an educational environment for an embodiment of the present invention. A student brings a hand held computer device that has been properly provisioned and registered with the educational institution onto the educational institution at start step 600. The device controller starts at step 602. A local controller's listener module listens (i.e., monitors whether the mobile device has entered a domain) for the mobile device at step 604. Step 606 determines if the mobile device is detected, and if not the device controller keeps listening at step 604. If yes indicating that the device is detected, device login is initiated at step 608 and the local controller first requests the registration and compliance status of the hand held computer device.
Next, in step 610 the device transmits registration information. The device control software, if present, sends the registration and compliance information to the local controller. If not present, the device control software issues an alert at step 612. The local controller validates the registration at step 614. If the device is registered, the local controller completes the login process and then initiates the device control and management logic at step 616. (See FIG. 7). If the device is not registered, then the local controller issues an alert at step 618.
Turning now to FIG. 7, a flow chart of the device control and management logic is illustrated for an embodiment of the present invention. Once the device is determined to be registered, the local controller begins device monitoring at step 702. The local controller then issues an appropriate control policy to the hand held computer device at step 704. The device next implements a policy at step 706 and then reports compliance with the policy at step 708. The device is logged as compliant in step 710. The local controller next starts periodic device monitoring at step 712, which includes polling the hand-held computing device periodically to ensure that the approved device management application is running, and in control of the device at step 714. If the local controller does not receive a proper response from a poll at step 714, then the local controller re-checks for compliance at step 712 and issued an alert at step 720. If compliance of the device is reported at step 714, then compliance is logged at step 718 in an event logged and monitoring is continued at step 712. Step 720 issues an alert to a local security official noting the time and tracking a duration and/or non-compliance which is stored in a session event database and which the local controller logs in the event log database at step 718.
If a student desires to run a task (educational application, game, etc.) such will be monitored by the device's resident control software at step 714. If such tasks are not compliant with the enterprise policy, the control software will kill or prevent operation of the application and the non-compliant behavior will be reported at step 714 and an alert will be issued at step 720.
In one embodiment of the present invention, the registration process identifies the GPS coordinates of all enterprises near the device being registered and downloads those to the hand held computer device. The GPS coordinates can be stored in a file and up loaded during registration, or alternatively, a user can identify an educational institution or other enterprise and if unknown provide the enterprise's address. Based on the enterprise location information, the control program continually monitors the device's location. When the device is within a predetermined distance of the enterprise during a first visit, the device can enter listener mode on the preferred control program security communication service (G3 Data, 802.11x, 802.15x, etc.). When a connection to a local networking service has been established, then the hand held computing device commences the local registration process as described above. Periodically, it is envisioned that an enterprise interrogates its global registry to verify on-going compliance of all devices registered in the enterprise's master registration database. In the unlikely event of an unrecoverable failure of an enterprise's master registration database, it is also envisioned that the enterprise can rebuilt its enterprise database from the global master database.
In another embodiment, the hand held device and local device control servers employ NFC technology and applications to perform the log in and registration processes described above.
Once a user starts a hand held device that has been properly provisioned and registered with the enterprise, then the hand held device runs a proprietary service that begins a communication session with the local device controller. Upon receiving the session request, the local device controller first verifies the registration and compliance status of the requesting hand-held computing device as described above.
Once a device is found registered and compliant, the local controller then grants service and initiates monitoring. The monitoring includes polling the hand-held computing device periodically to ensure that the approved application is running and in control of the device. If the local controller does not receive a proper response from a poll, then the local controller issues an alert to a local security official noting the time and tracks the duration or apparent non-compliance which it stores in a session event database. If a user desires to run another task such as an educational application, the device will start a new application if and only if it is permitted by the device control policy resident on the hand held device.
An example of the present invention for a single tasking operating system with low level access is now provided with reference to a student entering an educational domain. Once the student starts an application that has been properly provisioned and registered with the educational institution, the application runs a proprietary service that begins a communication session with the local controller. Upon receiving the session request, the local controller first verifies the registration and compliance status of the requesting hand-held computing device. The local controller then verifies that the application requesting service is permitted by the local policy then extant. Upon successful verifications in the above first and second steps, the local controller then permits service and initiates monitoring in a third step. Upon an unsuccessful verification in the third step, the local controller issues an alert to the local security official and logs the event into the local controller's event database. The monitoring includes polling the hand-held computing device periodically to ensure that the approved application is running and in control of the device. While the session is live, the hand-held computing device answers the polling request with data detailing the applications and services active on the device. The local controller files these polling status reports in an auditable device control record for each such device. If the local controller does not receive a proper response from a polling request, then the local controller issues an alert to the local security official noting the time and tracking the duration or apparent non-compliance which are stored in a session event database. If a student terminates one application and decides to run another approved application compliant with the security service according to the present invention, then the process goes to the third step above.
A second example of the present invention for a multi-tasking operating system with low level access is now provided with reference to a student entering an
educational domain. Once the student starts the application that has been properly provisioned and registered with the educational domain, then the application runs a proprietary device control low level service that begins a communication session with a local controller. Upon receiving the session request, the local controller first verifies the registration and compliance status of the requesting hand-held computing device. The local controller then verifies that the application requesting service is permitted by the local policy then extant. Upon successful verifications in the above first and second steps, the local controller then grants service and initiates monitoring. The monitoring includes polling the hand-held computing device periodically to ensure that the approved application is running and in control of the device. The local controller can update the list of approved services and applications as it receives policy modifications from an authorized security official. While the session is live, the hand held computing device answers the polling request with data detailing the applications and services active on the device supplied by the low level device control service. The low level service may employ either active or passive control strategies or both. Active control strategies enable only functions approved by the local security policy. Passive control strategies deny service to any request that is not on the policy approved services and applications. The local controller files these polling status reports in an auditable device control record for each such device. If the local controller does not receive a proper response from a poll, then the local controller issues an alert to the local security official noting the time and tracking the duration or apparent non-compliance which is stored in a session event database. If the student initiates another task, then the local controller would examine the approved applications and services as contained in local controller's local copy of the policy. If the task is contained in a local copy of the policy on the local controller, then the local controller would permit the task or service to operate on the device, otherwise the local controller would deny the request.
There are many exemplary implementations were a hierarchy of an open mobile device management network could be reduced or increased in levels. One embodiment would be high security test administration as required by the Educational Testing
Service (ETS) for standardized tests such as the ACT, SAT, etc. In these embodiments every test site could be configured such that a test site is an OMDM enterprise. Such OMDM enterprises could interrogate a global registry to determine registration status, and if needed, the OMDM enterprises could create temporary registrations for the duration of a test for unregistered devices present at the test site. Such temporary registrations could be entered into the global device registry. Another embodiment would not record such "ad hoc" registrations in the global database.
Another embodiment is home device management for minor children or others. Such an embodiment would only need a central controller. In this embodiment, multiple polices could be implemented and tailored to the device management needs for each child. In other embodiments, multiple device management policies could be established for multiple classes of controlled hand held computer devices based on the characteristics of the device owner and/or other characteristics of the device owner's profile.
An exemplary embodiment is described for standardized test sites. This embodiment is an example of multiple ad hoc embodiments that pertain to any authorized use or uses specified in a policy. This embodiment is a specific case illustrative of the more general ad hoc embodiments. The present invention may be used in this embodiment to control and monitor mobile calculating devices during the administration of standardized examinations. In this embodiment, a user arrives at a test site with a mobile device, and the user must register the device as a condition of being able to take the examination. The registration by the user is done ad hoc at the test site, and involves making a positive connection between the hand held computer device and a local security controller managed by the test administrator. The user will be using his mobile device as a graphing calculator. The purpose of the registration process is to turn off unauthorized functionality of the device for the duration of the exam, and to monitor the device at regular intervals to verify that the device remains in compliance, with unauthorized functionality of the device remaining disabled until the user leaves the test site.
In this embodiment, the user may be given a login identity. Once logged on, the security controller acquires and stores the mobile device's identification. The log on process may be implemented as a feature of the graphing calculator application on the mobile device. During the login transaction, an encrypted packet containing the security policy is downloaded to the mobile device and used to facilitate subsequent compliance monitoring transactions, each of which is also encrypted. The security policy in this case can include a time interval (i.e., the duration of the exam), a geographic location (i.e., the test site), and a list of unauthorized functions to be disabled while the policy remains in effect (e.g., incoming/outgoing calls, text messaging, camera, voice recorder, blue tooth, wireless communication with anything other than the local security controller, applications other than the graphing calculator, etc.).
The hand held computer device is considered to be compliant for the specified time interval as long as the device remains in the specified geographic location, responds correctly each time the local security controller queries the device's status, and all unauthorized functions are verified disabled during each query. Otherwise, the hand held computer device is designated as non-compliant, and the local security controller takes an appropriate action to notify the exam administrator. The default state is non-compliant, so the mobile device is automatically non-compliant prior to
registration at the exam site and after the compliance policy expires at the end of the exam, or whenever the device leaves the exam site.
All compliance monitoring transactions can be logged by the security controller, which can provide a full audit trail for each hand held computer device registered at the test site. The local security monitor can also be the global security monitor in this scenario, since the local security monitor is the sole source of compliance policy for the administration of the exam.
In another embodiment, the invention will provide a "no-click sign-on" process by continuously monitoring network traffic using traffic detection and analysis technology. This allows detection of traffic from unregistered devices and the signaling of an alarm indicating traffic from unregistered devices even if a hand held computer device does not have a monitoring application installed. This embodiment would monitor traffic on all relevant wireless frequencies and all relevant protocols such as but not limited to 802.11 (Wi-Fi), 802.15 (Bluetooth), 802.16 (WiMax) and Carrier provided Wireless Cellular Data services such as but not limited to "3G" and "4G."
When a device comes into a domain secured by the invention it will attempt to interrogate the device. The interrogation will only succeed if the device has the invention's authentic monitoring software installed, and is properly registered. The device will respond to the interrogation with its registration status. Failure to respond will indicate non-compliance.
If the newly arrived mobile device reports that it is registered, then the local device controller will interrogate the local registration and authentication database registry, and if necessary, the global registration and authentication database registry, to validate that the particular mobile computing device is registered, and also that the control software is authentic and compliant. This is accomplished by comparing the registration data received from the hand held computing device with that contained in the registry, including such information as to authenticate the control software. This process allows a registered, authenticated and compliant hand held computer device to complete the login process without the device's user having to take any action. In a preferred embodiment, this could provide automatic attendance taking in a class room.
A controlling device is provided with hardware and software that allows it to control use of the hand held computing device. The controlling device is, for instance, a wireless access device, a special hardware machine implementing key supervisory and control functions, telephone, a PDA, or personal computer comprising an application which provides a way to control the wireless access device. In one embodiment, the application runs on a controlling entity's wireless access point device.
Alternatively or in addition, the policy management application may be a web- based application where parameters are established using common web based user controls such as drop down lists, radio buttons and the like.
In another embodiment, the policy management application may interact with the local security official in a structured dialogue. The system and method may for example be used by a controlling entity (Controller) such as a parent, to control or manage use of a child's cellular telephone, a school administrator or their delegated security official to set campus policies controlling students use of their smart devices, a classroom teacher or an exam proctor or the like to set local policies that are more or less restrictive than the campus policy, or an International testing agency to ensure the uniform
implementation of its exam security policies and procedures.
For standardized tests, the testing agency can develop a standard policy which can be disseminated globally to all local control devices. Alternatively, the testing authorities may be directly supplied verified compliant local control devices that they can distribute under the security methods they use for their test materials.
The present invention provides for a multi-layered policy regime. In an
educational setting, a campus policy sets the defaults for a campus. In some instances, those policy settings are absolute and cannot be modified. Local policies established by instructors for their classes can more or less restrictive than the campus policy. Special policy provisions can be made for certain testing authorities during their testing. For example, testing authorities can establish policies that supersede campus policies. These policies could be distributed via a central service to the appropriate locations or by the agencies directly.
In one embodiment, the present invention permits restrictions based on time by identifying periods when the child or student may make use of the hand held computer device. For example, telephone calls may be restricted based on time of day, such as during class, or day of the week, such as weekdays or weekends when different policies might apply.
In another embodiment, the present invention permits restrictions based on location. For example, the enterprise controller might establish different policies for locker rooms and language labs.
The identified time restrictions are stored in an enterprise control database accessed by the authorized hand held computer devices. Teachers, proctors, etc. can modify the enterprise policies as they deem appropriate if permitted by their
authorization level and enterprise policy.
In one embodiment, the local controller devices communicate with security software on the hand held computer devices to either affirmatively enable or disable (or both) the applications and services that the device can employ or run.
In another embodiment, students and or their parents opt-in to device control by acquiring software for their device and registering their hand held computer devices with a central registry. During the software installation and registration process on the devices, certain unique parameters are established that permit the registry to validate the authenticity and continued compliance of the devices. In an embodiment, the registry periodically audits the continued compliance of the device. Moreover, the registry and compliance service will be provided on a subscription basis.
In another embodiment, when a foreign device (i.e., new device external to a domain) comes into a domain secured by the present invention's controllers, such controllers will interrogate the new device. The foreign device will report a registration status, with a failure to respond indicating non-compliance. If the foreign device reports that it is compliant, then the local controller will interrogate the global registration and authentication database registry to validate that the particular hand-held computing device is registered and compliant. This is done by comparing data received from the foreign device with that contained in the global registration and authentication registry.
If the foreign device is not registered in the global registration and authentication registry, or not in compliance an alert will be sent to the local control official. If the foreign device is compliant, then the foreign device will be registered with the enterprise device registration data base.
In one embodiment for examination situations, hand held computer devices can be validated at the examination site prior to administering of the test.
In another embodiment, instructors could be provided with lists of approved devices detected with the associated student names. The teachers could further implement a campus policy for non-controlled devices which were being used in unauthorized ways. In another embodiment, a campus can have a registration procedure so that students would be required to have their devices provisioned and authenticated as being compliant.
In yet another embodiment, compliance and control procedures would not invoke privacy issues since such procedures would be self-selected by parents, guardians, or students on an explicit opt-in procedure and as explicitly detailed in an end user license agreement (EULA). Unauthorized searches of the device owner's files would not be allowed unless there was significant evidence of illicit use of the device or possession of lost or stolen property. Such evidence could be produced by the present invention's audit and verification procedures that the device owner had explicitly authorized.
A situation where a device operator's authorization might not be present would be where an instrument was, for example, lost or stolen and used without an owner's permission. In one embodiment, the present invention could indicate new phones coming into a domain. Teachers or other officials might decide to investigate if the name in the registry and the student using the device did not match. Lost or stolen devices could also be reported to the registry and alerts could be dispatched to local officials indicating that a specific device was reported as lost or stolen.
In the case of a borrowed hand held computer device, use by an authorized person could optionally be governed by the terms of the owner's software license as detailed by the terms and conditions of the EULA.
In a single tasking operating system which does not provide facilities to directly interrogate low level system management facilities, one embodiment of the present invention can have device control affected by a layer upon which an educational application operates, and would continually report the controlling device status. Failure to report a status to the controller would create compliance alert. The communication between the controller and the device control software would be encrypted and contain information that would be unique and not easily replicated by hacked software or spoofing.
In a further embodiment, in a multitasking environment with low level system management access, device control can be achieved by a low level control program that would monitor, control, and report system status providing audit trails and
compliance alerts. Communication with the controlling device could be in a manner similar to that described above.
While the present inventions and what is considered presently to be the best modes thereof have been described in a manner that establishes possession thereof by the inventors and that enables those of ordinary skill in the art to make and use the inventions, it will be understood and appreciated that there are many equivalents to the exemplary embodiments disclosed herein and that myriad modifications and variations may be made thereto without departing from the scope and spirit of the inventions, which are to be limited not by the exemplary embodiments but by the appended claims.

Claims

WHAT IS CLAIMED IS:
1. A method for device management comprising the steps of:
downloading a device control application to one or more hand-held devices; registering the one or more hand-held devices within a global registry service; requesting a communication session between the one or more hand-held devices and a local device control policy server;
creating the communication session between the one or more hand-held devices and the local device control policy server;
verifying the registration and compliance status of the one or more hand-held devices;
granting service to one or more approved applications including one or more restrictions from the local device control policy server to the one or more hand held devices;
monitoring compliance of the one or more hand held devices with the device control policy resident on those devices;
issuing non-compliance alerts to the policy control administrators; and
logging events into a database of the local device control policy server.
2. The method of Claim 1 , wherein said requesting, creating, verifying, granting, monitoring, and logging steps operate independent of device user interaction upon initiation of the creating the communication session step.
3. The method of Claim 1 , wherein the one or more restrictions are based on time.
4. The method of Claim 1 , wherein the one or more restrictions are based on location.
5. The method of Claim 1 , wherein the one or more restrictions are based on sensor information available on a mobile device that implements control policies.
6. The method of Claim 1 , wherein said sensor information comprises motion sensor data.
7. The method of Claim 1 , further comprising a step of determining whether the one or more hand devices are unregistered.
8. The method of Claim 7, wherein an alarm is generated for unregistered hand held devices.
9. The method of Claim 1 , wherein said monitoring step further includes the steps of:
polling the one or more hand-held devices to ensure that the device control software is running, that only zero, or one or more approved applications and services are running and that no prohibited applications and services are running;
providing data regarding the one or more hand-held devices;
generating one or more status reports; and
filing the one or more status reports in an auditable control record.
10. A system for network security for hand held computer devices comprising:
a local policy management server configured to connect to an internet network and having one or more registration modules stored thereon;
a device control console connected to the local policy management server and configured to facilitate user entry of local device control policies;
a database connected to the local device control policy server and configured to store registrations of one or more hand held computer devices; and
a global registration server connected to the local device control policy server via a network, the global registration server configured to determine if the hand held computer device is registered globally on the global registration server.
11. The system of Claim 10, wherein said registration modules comprises at least an authentication registration module configured to authorize registrations for a local entity.
12. The system of Claim 10, further comprising a local controller connected to the local device control policy server.
13. The system of claim 12, wherein the local controller has at least one registration module configured to verify registration of the one or more hand held computer devices with the local device control policy server.
14. The system of Claim 12, further comprising a local controller console connected to the local controller, the local controller console configured to facilitate user entry of local policy data unless entry of the local policy data is restricted by the policy stored on the enterprise registration database.
15. The system of Claim 14, wherein the local controller initiates determination of registration of the one or more hand held computer devices upon the devices entering a local network domain within an enterprise network domain, and if the devices are unregistered, then transmitting a request for registration to the enterprise controller to determine whether the devices are registered with the local device control policy server.
16. The system of Claim 15, wherein if the devices are unregistered with the enterprise controller, then the enterprise controller transmits a request to the global registration server to determine whether the devices are registered globally.
17. The system of Claim 16, wherein upon determination that the devices are registered globally, then a request is transmitted to the enterprise controller requesting local registration and enterprise registration of the globally registered devices.
18. The system of claim 17, wherein an alert is provided to at least the local console upon a determination that the one or more hand held devices are lacking a global registration.
PCT/US2010/002264 2009-08-18 2010-08-18 System and methods for device management WO2011022053A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US27452809P 2009-08-18 2009-08-18
US61/274,528 2009-08-18

Publications (1)

Publication Number Publication Date
WO2011022053A1 true WO2011022053A1 (en) 2011-02-24

Family

ID=43607262

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2010/002264 WO2011022053A1 (en) 2009-08-18 2010-08-18 System and methods for device management

Country Status (1)

Country Link
WO (1) WO2011022053A1 (en)

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2013006553A1 (en) * 2011-07-01 2013-01-10 Fiberlink Communications Corporation Rules based actions for mobile device management
WO2014004403A1 (en) 2012-06-27 2014-01-03 Amazon Technologies, Inc. Managing a fleet of electronic devices
US20140258511A1 (en) * 2013-03-11 2014-09-11 Bluebox Security Inc. Methods and Apparatus for Reestablishing Secure Network Communications
EP2898444A4 (en) * 2012-09-20 2016-04-27 Airwatch Llc Controlling distribution of resources on a network
NL2016522A (en) * 2014-04-16 2016-09-23 Jamf Software Llc Device management server.
US9571554B1 (en) * 2013-05-09 2017-02-14 Amazon Technologies, Inc. Directed interaction of device
US9680763B2 (en) 2012-02-14 2017-06-13 Airwatch, Llc Controlling distribution of resources in a network
US9935847B2 (en) 2014-08-20 2018-04-03 Jamf Software, Llc Dynamic grouping of managed devices
US10404615B2 (en) 2012-02-14 2019-09-03 Airwatch, Llc Controlling distribution of resources on a network
WO2020227005A1 (en) * 2019-05-06 2020-11-12 Apple Inc. Configuring context-based restrictions for a computing device
CN113194022A (en) * 2020-01-14 2021-07-30 连株式会社 Electronic device, method, and computer-readable recording medium for disabling a chat room of a messaging application
US11824644B2 (en) 2013-03-14 2023-11-21 Airwatch, Llc Controlling electronically communicated resources

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6031830A (en) * 1996-08-07 2000-02-29 Telxon Corporation Wireless software upgrades with version control
US6553375B1 (en) * 1998-11-25 2003-04-22 International Business Machines Corporation Method and apparatus for server based handheld application and database management
US20060094412A1 (en) * 2004-10-29 2006-05-04 Yoko Nonoyama System and method for restricting functionality of a mobile device
US20080070495A1 (en) * 2006-08-18 2008-03-20 Michael Stricklen Mobile device management
US20080076400A1 (en) * 2006-09-21 2008-03-27 Research In Motion Limited System and method for electronic notes in a mobile environment
US20080125079A1 (en) * 2006-11-07 2008-05-29 O'neil Douglas Methods, systems and computer products for remote monitoring and control of application usage on mobile devices

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6031830A (en) * 1996-08-07 2000-02-29 Telxon Corporation Wireless software upgrades with version control
US6553375B1 (en) * 1998-11-25 2003-04-22 International Business Machines Corporation Method and apparatus for server based handheld application and database management
US20060094412A1 (en) * 2004-10-29 2006-05-04 Yoko Nonoyama System and method for restricting functionality of a mobile device
US20080070495A1 (en) * 2006-08-18 2008-03-20 Michael Stricklen Mobile device management
US20080076400A1 (en) * 2006-09-21 2008-03-27 Research In Motion Limited System and method for electronic notes in a mobile environment
US20080125079A1 (en) * 2006-11-07 2008-05-29 O'neil Douglas Methods, systems and computer products for remote monitoring and control of application usage on mobile devices

Cited By (24)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9071518B2 (en) 2011-07-01 2015-06-30 Fiberlink Communications Corporation Rules based actions for mobile device management
WO2013006553A1 (en) * 2011-07-01 2013-01-10 Fiberlink Communications Corporation Rules based actions for mobile device management
US9680763B2 (en) 2012-02-14 2017-06-13 Airwatch, Llc Controlling distribution of resources in a network
US10404615B2 (en) 2012-02-14 2019-09-03 Airwatch, Llc Controlling distribution of resources on a network
US11082355B2 (en) 2012-02-14 2021-08-03 Airwatch, Llc Controllng distribution of resources in a network
US10951541B2 (en) 2012-02-14 2021-03-16 Airwatch, Llc Controlling distribution of resources on a network
US11483252B2 (en) 2012-02-14 2022-10-25 Airwatch, Llc Controlling distribution of resources on a network
US9705813B2 (en) 2012-02-14 2017-07-11 Airwatch, Llc Controlling distribution of resources on a network
US9021069B2 (en) 2012-06-27 2015-04-28 Amazon Technologies, Inc. Preventing deregistration from fleet accounts
WO2014004403A1 (en) 2012-06-27 2014-01-03 Amazon Technologies, Inc. Managing a fleet of electronic devices
EP3301604A1 (en) * 2012-09-20 2018-04-04 Airwatch LLC Controlling distribution of resources on a network
EP2898444A4 (en) * 2012-09-20 2016-04-27 Airwatch Llc Controlling distribution of resources on a network
US20140258511A1 (en) * 2013-03-11 2014-09-11 Bluebox Security Inc. Methods and Apparatus for Reestablishing Secure Network Communications
US11824644B2 (en) 2013-03-14 2023-11-21 Airwatch, Llc Controlling electronically communicated resources
US9571554B1 (en) * 2013-05-09 2017-02-14 Amazon Technologies, Inc. Directed interaction of device
US9998914B2 (en) 2014-04-16 2018-06-12 Jamf Software, Llc Using a mobile device to restrict focus and perform operations at another mobile device
US10484867B2 (en) 2014-04-16 2019-11-19 Jamf Software, Llc Device management based on wireless beacons
US10313874B2 (en) 2014-04-16 2019-06-04 Jamf Software, Llc Device management based on wireless beacons
NL2016522A (en) * 2014-04-16 2016-09-23 Jamf Software Llc Device management server.
US9935847B2 (en) 2014-08-20 2018-04-03 Jamf Software, Llc Dynamic grouping of managed devices
WO2020227005A1 (en) * 2019-05-06 2020-11-12 Apple Inc. Configuring context-based restrictions for a computing device
CN113785295A (en) * 2019-05-06 2021-12-10 苹果公司 Configuring context-based restrictions for computing devices
US11468197B2 (en) 2019-05-06 2022-10-11 Apple Inc. Configuring context-based restrictions for a computing device
CN113194022A (en) * 2020-01-14 2021-07-30 连株式会社 Electronic device, method, and computer-readable recording medium for disabling a chat room of a messaging application

Similar Documents

Publication Publication Date Title
WO2011022053A1 (en) System and methods for device management
JP7238015B2 (en) Using a mobile device to perform distraction-free activities on another mobile device
ES2730829T3 (en) Training and intelligent management of dynamic conversation groups
US7400891B2 (en) Methods, systems and computer program products for remotely controlling wireless terminals
US7203752B2 (en) Method and system for managing location information for wireless communications devices
US10250582B2 (en) Secure private location based services
US9037714B2 (en) Cross-platform application manager
US20140215573A1 (en) System and method for application accounts
JP2019527880A (en) Multi-factor authentication to access services
KR20190136011A (en) Core network access provider
US9699055B2 (en) Client-independent network supervision application
US20090254392A1 (en) Method and system for enterprise network access control and management for government and corporate entities
US20030008662A1 (en) Systems and methods wherein a mobile user device operates in accordance with a location policy and user device information
US11594085B2 (en) Electronic identification, location tracking, communication and notification system with beacon clustering
KR20150122637A (en) Utilizations and applications of near field communications in mobile device management and security
CN101313555A (en) Authentication management system and method, authentication management server
US10402558B2 (en) Device restrictions during events
KR101263423B1 (en) Log in confirmation service implementation method for mobile terminal
CN106330899A (en) Private cloud device account management method and system, electronic device and server
JP2006092040A (en) Service provision system and method
US11694279B1 (en) Dynamic creation of interactive user device pools
US11900748B2 (en) System for analyzing and attesting physical access
Berzin et al. The IoT Exchange
Cook Enterprise solutions and technologies
Lagzdinyte-Budnike et al. Centralized network access control system based on the Spatio-Temporal-RBAC model and Radius protocol

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 10810275

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 10810275

Country of ref document: EP

Kind code of ref document: A1