EP2232893A2 - Procédés et systèmes d'administration de règle et de configuration - Google Patents

Procédés et systèmes d'administration de règle et de configuration

Info

Publication number
EP2232893A2
EP2232893A2 EP08869490A EP08869490A EP2232893A2 EP 2232893 A2 EP2232893 A2 EP 2232893A2 EP 08869490 A EP08869490 A EP 08869490A EP 08869490 A EP08869490 A EP 08869490A EP 2232893 A2 EP2232893 A2 EP 2232893A2
Authority
EP
European Patent Office
Prior art keywords
setting
mobile
policy
computing device
physical location
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP08869490A
Other languages
German (de)
English (en)
Inventor
Shaun Cooley
Brian Powell
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
NortonLifeLock Inc
Original Assignee
Symantec Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US11/967,975 external-priority patent/US8112785B1/en
Application filed by Symantec Corp filed Critical Symantec Corp
Publication of EP2232893A2 publication Critical patent/EP2232893A2/fr
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/02Standardisation; Integration
    • H04L41/0246Exchanging or transporting network management information using the Internet; Embedding network management web servers in network elements; Web-services-based protocols
    • H04L41/0273Exchanging or transporting network management information using the Internet; Embedding network management web servers in network elements; Web-services-based protocols using web services for network management, e.g. simple object access protocol [SOAP]
    • H04L41/0293Exchanging or transporting network management information using the Internet; Embedding network management web servers in network elements; Web-services-based protocols using web services for network management, e.g. simple object access protocol [SOAP] for accessing web services by means of a binding identification of the management service or element
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/50Service provisioning or reconfiguring
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/107Network architectures or network communication protocols for network security for controlling access to devices or network resources wherein the security policies are location-dependent, e.g. entities privileges depend on current location or allowing specific operations only from locally connected terminals
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/52Network services specially adapted for the location of the user terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/02Services making use of location information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/02Services making use of location information
    • H04W4/021Services related to particular areas, e.g. point of interest [POI] services, venue services or geofences
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0894Policy-based network configuration management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/34Network arrangements or protocols for supporting network services or applications involving the movement of software or configuration parameters 
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/63Location-dependent; Proximity-dependent

Definitions

  • Traditional policy management may include both policy definition and policy enforcement.
  • Policy definition may refer to the tools or techniques that allow administrators to define how a network device may be controlled.
  • policy enforcement may refer to the tools or techniques that enforce policy definitions. The automated nature of policy enforcement may reduce the time and effort an administrator spends monitoring a network or network device.
  • Administrators may implement traditional policy management through fixed-policy enforcement.
  • a network administrator may define a set of fixed policies for a network device. The set of fixed policies does not change, regardless of the location or status of the network device, unless the network administrator makes the policy change. While fixed-policy enforcement may be somewhat effective for a small network with a small number of non-portable network devices, fixed-policy enforcement may not be as useful to administrators managing portable network devices.
  • NLA Network Location Awareness
  • NLA may change policy definitions for a device when the device changes networks.
  • NLA may involve technology that allows a device to detect a network, receive a set of policy definitions for that network, and then enforce the policies on the device.
  • a laptop with NLA may include one set of policy definitions that corresponds to a home network and another set of definitions that corresponds to a work network.
  • NLA may provide some flexibility over fixed policy in managing portable computing network devices, but growth and expansion in network environments and use of portable devices may present challenges that neither fixed policy nor NLA may address.
  • NLA and other traditional network-policy management techniques may have limited capabilities in traditional networks and may be even less effective in environments with large, complex networks or portable network devices.
  • NLA may be ineffective where a network device may be in multiple physical locations but still connected to a single network (e.g. , a municipal or 3G network).
  • a network device may be in multiple physical locations but still connected to a single network (e.g. , a municipal or 3G network).
  • a network device may be in multiple physical locations but still connected to a single network (e.g. , a municipal or 3G network).
  • administrators may need more effective tools to manage network device access and control for both traditional networks and the networks of the future.
  • location owners and managers may need more effective tools to control network devices within their locations.
  • Embodiments of the instant disclosure may address various disadvantages and problems with prior network device administration and may also provide various other advantages and features. For example, some embodiments may allow an administrator to set a location-based device-setting policy for a mobile- computing device. Certain embodiments may provide an internet-based interface to allow the administrator to input setting and location information. Various embodiments may also allow an administrator to define geographic sub-regions and associate settings with these sub-regions.
  • a computer-implemented method may provide an administrator with access to device-setting policies of a mobile computing device of a user.
  • the method may also comprise receiving an identification of a first physical location and a first device- setting policy for the mobile-computing device from the administrator. Then, when the user takes the mobile-computing device into the first physical location, a detection mechanism may detect that the mobile-computing device is within the first physical location. After detecting that the first mobile-computing device is within the first physical location, the first device-setting policy may be implemented on the mobile- computing device.
  • device-setting policies may be stored in a database.
  • Device-setting policies may be associated with location identifiers and with mobile devices.
  • Device-setting policies may include, without limitation, a ringer setting, a lighting setting, a power setting, or a sound setting.
  • Mobile devices may include, without limitation, mobile phones, laptops, or personal digital assistant devices.
  • Various embodiments of the instant disclosure may comprise a system that provides an administrator with access to device-setting policies of mobile computing devices.
  • the system may comprise an interface configured to provide an administrator with access to device-setting policies of a first mobile-computing device of a first user.
  • the interface may be implemented on a mobile device, through a web- based interface, or as a part of any other suitable computing device.
  • the interface may also be configured to receive, from the administrator, a first device-setting policy for the mobile computing device.
  • the interface may further be configured to receive, from the administrator, an identification of a first physical location.
  • the system may receive input from the administrator through a drop-down menu, a text-box, a radio-button selection, or any other suitable input mechanism.
  • the system may comprise a detection module configured to detect that the first mobile-computing device is within the first physical location.
  • the system may also comprise an enforcement module configured to implement the first device-setting policy on the first mobile-computing device after detecting that the first mobile-computing device is within the first location.
  • Embodiments of the instant disclosure provide various methods, systems, and computer-readable media for allowing an administrator to manage mobile- device settings. Some embodiments may provide improved mobile device management and control capabilities. Certain embodiments may provide an administrator with the ability to input, for a mobile computing device, location-based settings. At least one embodiment may provide an administrator with an internet-based interface.
  • Some embodiments may verify that a source is authorized to provide mobile-computing-device policies for a physical location.
  • verifying that a source is authorized to provide mobile-computing device policies for a physical location may comprise accessing a database to verify that the source is authorized to provide a first policy for the first physical location.
  • verifying that a source is authorized to provide mobile-computing device policies for a physical location may comprise receiving a confirmation that the source is authorized to provide the first policy for the first physical location.
  • Certain embodiments may provide third-party verification that a source is authorized to create and modify mobile-computing device policies for a physical location. Such verification may allow for sources (e.g. , administrators) to control mobile device policies for their locations by access to a central control server through an internet interface.
  • sources e.g. , administrators
  • a computer-implemented method may comprise receiving verification that a source is authorized to provide mobile- computing-device policy for a first physical location.
  • the method may also comprise receiving a first mobile-computing-device policy, identifying the first physical location, and associating the first mobile-computing-device policy with the first physical location.
  • the method may further comprise implementing, based on the verification, the first mobile-computing-device policy at the first physical location.
  • the source may be a location-policy administrator, and the location-policy administrator may be authorized to provide the first policy for the location.
  • receiving the first mobile- computing-device policy comprises determining that the first mobile-computing-device policy is received from the location-policy administrator.
  • Embodiments of the instant disclosure provide various methods, systems, and computer-readable media for allowing a source to manage mobile-device settings for a physical location. Some embodiments may provide improved mobile device management and control capabilities for location owners. Various embodiments may verify that the source is authorized to provide mobile-computing device policies for a physical location. Various embodiments may combine some or all of these features and/or may provide alternative or additional features.
  • FIG. 1 is a flow diagram of an exemplary method for mobile-device- setting policy administration according to certain embodiments.
  • FIG. 2 is a block diagram of an exemplary policy administration system according to certain embodiments.
  • FIG. 3 is another block diagram of an exemplary policy administration system according to certain embodiments.
  • FIG. 4 is a flow diagram of an exemplary method for mobile device setting administration according to certain embodiments.
  • FIG. 5 is a block diagram of a system configured to receive verification from a source according to at least one embodiment.
  • FIG. 6 is a flow diagram of a computer-implemented method capable of receiving verification that a source is authorized to provide mobile-computing-device policy according to certain embodiments.
  • FIG. 7 is a flow diagram of a computer-implemented method for receiving verification that a source is authorized to provide mobile-computing-device policy for physical locations according to certain embodiments.
  • FIG. 8 is a flow diagram of a computer-implemented method for receiving multiple policies and identifying multiple locations according to at least one embodiment.
  • FIG. 9 is a flow diagram of a computer-implemented method for receiving and implementing policies for multiple sub-regions according to an additional embodiment.
  • FIG. 10 is a block diagram of a geographical coordinates defining a physical location according to certain embodiments.
  • FIG. 11 is a block diagram of sub-locations within a physical location according to certain embodiments.
  • FIG. 12 is a flow diagram of an exemplary computer-implemented method for implementing mobile-computing-device policies according to certain embodiments.
  • FIG. 13 is a block diagram of an exemplary computing system capable of implementing one or more of the embodiments described and/or illustrated herein.
  • FIG. 14 is a block diagram of an exemplary computing network capable of implementing one or more of the embodiments described and/or illustrated herein.
  • Various exemplary methods and systems for providing administrators with the ability to access location-based mobile device policies are disclosed herein.
  • the present disclosure presents methods and systems for receiving, from an administrator, location- based policies for a mobile-computing device.
  • the administrator-defined policy may be implemented on the mobile-computing device.
  • Embodiments of the instant disclosure apply to various computer and network devices and systems. As discussed in greater detail below, embodiments of the instant disclosure may provide for more efficient and effective administration of mobile-computing devices.
  • FIG. 1 illustrates a method 100 for allowing an administrator to manage device-setting policies for a mobile-computing device.
  • a management module may provide an administrator with access to device-setting policies of a first mobile- computing device of a first user (step 110).
  • Providing an administrator with access to device-setting policies may comprise allowing the administrator to set or select one or more device-setting policies for a particular mobile-computing device (e.g., the first mobile computing device) or a set of mobile-computing devices.
  • Providing an administrator with access to device-setting policies may also comprise providing the administrator with access to a device-based or internet-based interface.
  • providing an administrator with access to device-setting policies may also comprise providing an administrator with an account that allows the administrator to input or change policies for a mobile-computing device.
  • providing an administrator with access to device-setting policies may comprise any other suitable mechanism for allowing an administrator to set or otherwise change settings for a mobile-computing device.
  • the management module may receive a first device-setting policy for the mobile-computing device from the administrator (step 120).
  • the management module may receive the device-setting policy by receiving a setting selection or other setting input from the administrator.
  • the administrator may input the first device- setting policy into the mobile-computing device itself, into an internet interface, or into any other suitable interface.
  • the first device-setting policy may comprise a ringer setting, a lighting setting, a power setting, a sound setting, or any other suitable setting, as will be discussed in conjunction with FIG. 2.
  • the management module may also receive an identification of a first physical location from the administrator (step 130).
  • receiving the identification of the first physical location may comprise receiving, from the administrator, geographical coordinates of the first physical location.
  • receiving the identification of the first physical location may comprise receiving, from the administrator, boundaries of the first physical location.
  • receiving the identification of the first physical location may comprise receiving an address of the first physical location.
  • the management module may convert the address into geographical coordinates or any other suitable boundary definition for the first physical location.
  • the management module may store the first device-setting policy and the identification of the first physical location in a record associated with the first mobile-computing device.
  • the record may be stored in a database or any other suitable storage mechanism.
  • the management module may detect that the first mobile-computing device is within the first physical location (step 140). Then, the first device-setting policy may be implemented on the mobile computing device (step 150). In some embodiments, implementing the first device-setting policy may comprise changing a first setting on the first mobile-computing device while the first mobile-computing device is within the first physical location.
  • the setting may be associated with the first device-setting policy.
  • the setting may be a volume setting
  • the first device-setting policy may be a volume level of "3.”
  • Implementing the first device-setting policy may comprise changing the volume level on the device to "3" if the volume level is not already set to "3.” If the volume level is already set to "3,” the mobile-computing device may verify that the volume level matches the device-setting policy (e.g. , the mobile-computing device may send confirmation data to the management module). In other embodiments, the mobile-computing device may do nothing if the volume level already matches the device-setting policy.
  • FIG. 2 shows an exemplary policy administration system 200 for providing an administrator with access to device-setting policies of mobile-computing devices.
  • Policy administration system 200 may comprise an interface 210, a database 220, a detection module 230, and an enforcement module 240.
  • Interface 210 may include an administrator input module 212.
  • interface 210, database 220, detection module 230, and enforcement module 240 may all be part of a single system (e.g., a policy administration system on a mobile-computing device).
  • one or more of the elements illustrated in policy administration system 200 may be implemented in a network environment or on any other suitable computing device.
  • FIG. 3 provides one example of how components of a policy administration system may be implemented on different devices.
  • Interface 210 may be configured to provide an administrator with access to device-setting policies of a first mobile-computing device of a first user.
  • the term "administrator” may generally refer to an individual with access to policies for a mobile-computing device belonging to and/or used by another (e.g. , the "first user” mentioned above).
  • a “user” may be any individual who owns and/or has permission to use a mobile-computing device.
  • the phrase "device-setting policies” may generally refer to one or more policies for device settings. Such policies may be associated with various settings, such as mobile phone light brightness, ringer loudness, ringer tone, power settings, email settings, voicemail settings, network settings, notification settings (e.g. , how a device responds when an email is received), alert settings (e.g., alerts for tasks coming due or future meetings), power settings (e.g., power mode settings such as standby, on, off, hibernate, etc.), camera settings, global positioning system settings, bluetooth settings, Infrared Data Association (IrDA) settings, installed application settings, built-in application settings, and any other suitable device settings.
  • Device settings may generally be any settings that affect how a mobile-computing device functions, but do not include data usage restrictions such as calling, emailing, or text- messaging restrictions.
  • Interface 210 may be configured to receive a first device-setting policy for the mobile-computing device.
  • Interface 210 may be configured to receive an identification of a first physical location.
  • Interface 210 may, therefore, allow an administrator (rather than a user) to control and manipulate one or more settings for the mobile-computing device.
  • the administrator may be a parent who desires to control and manage a child's portable electronic device.
  • the administrator may be a manager who desires to control and manage portable electronic devices of employees.
  • An administrator may also be any other individual with access to policies of another person's mobile-computing device.
  • a mobile-computing device may be a mobile phone, a laptop, or a personal digital assistant.
  • the phrase "mobile-computing device” may also generally refer to any other portable device that may have wireless connectivity to a network.
  • Mobile-computing devices may include bluetooth devices, 802.11 devices, radio-signal devices, satellite devices, cameras, GPS devices, messaging devices, IrDA devices, and various other types of mobile devices.
  • a physical location may generally refer to a real-world location.
  • a physical location may be a hospital, a school, a theater, a city block, a city, a residence, a section of land, or any other suitable real- world location.
  • Receiving identification of a physical location may comprise receiving geographical coordinates (e.g. , latitude and longitude coordinates) or any other suitable geographical coordinates.
  • Receiving identification of a physical location may also comprise receiving an address, a zip code, or any other identification of a real-world location.
  • policy administration system 200 may also comprise a detection module 230.
  • Detection module 230 may be configured to detect that the first mobile-computing device is within the first physical location. Detection module 230 may utilize various mechanisms to determine when the first mobile- computing device enters the first physical location. In some embodiments, detection module 230 may be on a server. In such embodiments, a mobile computing device may send location data about its location to the server (e.g. , via a wireless connection). The location data may comprise geographical coordinates, an address, or any other suitable location identifier. Detection module 230 may compare the location data from the mobile-computing device with location data that corresponds to the first physical location.
  • detection module 230 may communicate this information to enforcement module 240.
  • a mobile-computing device may comprise detection module 230.
  • detection module 230 and enforcement module 240 may both be a part of the same software application on a mobile-computing device or on a server.
  • Enforcement module 240 may be configured to implement the first device-setting policy on the mobile-computing device after detecting that the first mobile-computing device is within the first physical location.
  • Implementing the device-setting policy may comprise enforcing the device-setting policy on the mobile- computing device.
  • implementing the device-setting policy may comprise providing a user of the mobile-computing device with a notification that the user may need to change a setting on the mobile-computing device if the user desires the mobile-computing device to continue to function within the first physical location.
  • implementing the device-setting policy may comprises sending the user a non-mandatory request to implement the device-setting policy on the mobile computing device while the mobile computing device is within the first physical location. For example, if the user is an employee entering a conference room with the mobile computing device, enforcement module 240 may provide the user with an alert telling the user that the user may want to change a volume setting or ringer profile of the computing device while in the conference room.
  • Enforcement module 240 may be located directly on a mobile- computing device or on a remote server in communication with the mobile-computing device.
  • implementing the first device policy may comprise sending the policy to the mobile-computing device, sending an alert or notification to the mobile-computing device, or any other suitable implementation process.
  • implementing a device-setting policy may comprise changing a setting on the mobile-computing device.
  • implementing a device-setting policy may also comprise providing the user with an alert or notification.
  • Device-setting policies and their corresponding locations may be stored locally on a mobile-computing device or remotely on a server or any other suitable computing device. In embodiments where device-setting policies are stored remotely, a mobile-computing device may need to download, be sent, or otherwise access the device-setting policies before implementing them. In embodiments where device-setting policies are stored locally, a mobile-computing device may directly access the policies when implementing them. [0049] In some embodiments, a mobile-computing device may change a setting when a user carries it into the first physical location. When the user exits the first physical location, the setting may revert back to the original setting (i.e. , the setting before the device-setting policy was implemented). In other embodiments, once changed, the setting may not change until the user manually changes it or another device-setting policy causes it to change.
  • a parent may desire to control settings for a child's cellular telephone.
  • the parent may want to power down the child's cellular telephone while the child is in school.
  • the parent may access an administrator's control interface on the child's phone.
  • the administrator's control interface may provide the parent with access to device-setting policies of the phone.
  • the parent may input a power-down setting in the interface (i.e., the phone may receive a power-down policy from the parent).
  • the parent may also enter an identification (e.g. , address or geographical coordinates) of the school.
  • the phone may associate the identification of the school with the power-down policy.
  • the phone may detect that it is within the school and may enforce the power-down policy by shutting itself down.
  • a company may want to apply ringer volume settings to its employees' cell phones.
  • An administrator for the company may access an internet-based interface that allows the administrator to access device-setting policies of the employee's phones.
  • the administrator may define policies that cause the ringer volumes of employee's phones to be muted when the phones are in conference rooms.
  • Interface 210, database 220, detection module 230, and enforcement module 240 may be interconnected in various different ways. For example, each of these elements may be located on a mobile-computing device as part of one or more applications on the mobile-computing device.
  • each of interface 210, database 220, detection module 230, and enforcement module 240 may be located on a server remote from the mobile-computing device. And, in various embodiments, interface 210, database 220, detection module 230, and/or enforcement module 240 may be divided between a mobile-computing device and a remote server.
  • FIG. 3 shows an example of various components of a policy administration system implemented in a network environment.
  • FIG. 3 illustrates a network 300 capable of implementing various embodiments of the instant disclosure.
  • Network 300 may comprise a server 310, a network 320, and a mobile-computing device 330.
  • Server 310 may include an interface 312, a database 316, and a detection module 318.
  • Interface 312 may include an administrator input module 314 configured to receive setting and location input from an administrator.
  • Database 316 may be configured to store setting data, location data, and/or associations between setting data, location data, and mobile-computing devices.
  • Mobile computing device 330 may include an enforcement module 332.
  • Mobile computing device 330 and server 310 may communicate over network 320, which may be the internet, a cell phone network, a local area network, a third generation (3G) network, a municipal network, or any other communications network.
  • 3G third generation
  • FIG. 4 illustrates a method for providing an administrator with access to location-based device-setting policies.
  • a management module may provide the administrator with access to device-setting policies of a set of mobile computing devices (step 410).
  • the set of mobile computing devices may comprise a first mobile- computing device.
  • an administrator may change, add, or remove policies for the set of mobile-computing devices such that the policies apply to each device in the set of mobile-computing devices.
  • the administrator may add, change, or remove policies on each individual mobile-computing device in the set of mobile-computing devices.
  • the management module may then receive an identification of a first physical location from the administrator (step 420).
  • the administrator may also provide a first device-setting policy for the mobile-computing device (step 430).
  • the administrator may provide a mobile-computing device with a single policy for the first physical location.
  • the administrator may provide the mobile-computing device with multiple policies for the first physical location.
  • the management module may associate the first device-setting policy with the first physical location (step 440). Then the administrator may provide a second device-setting policy for a second mobile-computing device (step 450). The set of mobile computing devices may comprise the second mobile-computing device. The management module may associate the second device-setting policy with the second physical location (step 460). The first and second device-setting policies may be implemented on the mobile-computing devices in the manner previously discussed.
  • the present disclosure also presents methods and systems for receiving verification that a source is authorized to provide mobile-computing-device policies for a physical location. Location owners may need more efficient and effective technologies to regulate the usage of mobile-computing devices that enter their properties, and the instant disclosure provides the following examples and figures as ways to meet and overcome such challenges.
  • Prior technologies may provide individual device owners with some degree of device control, but concerns beyond individual device management may require technologies capable of regulating device usage at a location level. While some current tools and technologies may attempt to give location owners some degree of control, it may be difficult to define policies for mobile-computing-device usage without applying a method for verifying that a source (e.g., a location owner) of the location is authorized to provide policies. Also, there may be a need for more intuitive and effective ways to allow sources to define usage policies. For example, internet- based interfaces may provide an intuitive and effective method for receiving policies and location identifiers.
  • Defining geographical areas to implement policies for mobile- computing devices may pose another challenge to current technologies. Methods that allow for creative and intuitive identifying of geographical areas in which to implement a policy may save time and money. For example, a location owner may manage a building in close proximity to other buildings. Such proximity may require technologies that can define policy areas with more accuracy and specificity.
  • FIG. 5 is an illustration of exemplary system 500 capable of receiving verification from a source and implementing mobile-computing-device policies based on that verification.
  • a library may utilize a server-based system similar to exemplary system 500 in order to better regulate mobile-computing-device policy on library premises.
  • System 500 may perform the function of verifying that the library administrator is authorized to provide mobile-computing device policy for the library.
  • an independent party may verify that the library administrator is in charge of policy and authorized to provide policy for the library.
  • Exemplary system 500 may include a computing device 502.
  • Computing device 502 may include a policy module 504, a location module 506, a policy-location-information database 508, an implementation module 510, and a verification mechanism 512.
  • Computing device 502 may comprise computer code operable to perform various embodiments of the instant disclosure.
  • Policy module 504 may be configured to receive a first mobile- computing-device policy, and location module 506 may be configured to identify a first physical location. Policy module 504 may receive a single policy or multiple policies and store the policies in policy-location-information database 508. Likewise, location module 506 may identify a single or multiple physical locations and store the locations in policy-location-information database 508. Policy-location-information database 508 may also store other data regarding the first mobile-computing-device policy, the first physical location, and/or the associations between the policy and location, as will be discussed in FIG. 6.
  • Implementation module 510 may be configured to enforce the first mobile-computing-device policy at the first physical location.
  • implementation module 510 may be located on a mobile-computing device.
  • implementation module 510 may be server-based software, or may be part of a server and/or the mobile-computing device.
  • the mobile computing device may include, without limitation, a laptop, a mobile phone, or a personal digital assistant.
  • Verification mechanism 512 may be configured to verify authorization of a source.
  • verification mechanism 512 may be responsible for verifying a person who claims to have authority to administer policy at a school is actually authorized to do so.
  • verification mechanism 512 may include elements separate from computing device 502.
  • verification mechanism 512 may include software that tells a device to send a letter to the physical address of a first physical location. Verification mechanism 512 may also send the letter itself or cause the letter to be sent.
  • FIG. 6 illustrates a method 600 for receiving verification that a source is authorized to provide mobile-computing-device policy for a first physical location and then implementing, based on that verification, the first mobile-computing device policy with the first physical location.
  • Method 600 may be implemented using a system similar to exemplary system 500. Each step in the method may be performed by a computing device such as computing device 502, and the steps of method 600 may occur in a different order than illustrated in FIG. 6.
  • the verification mechanism may receive verification that a source is authorized to provide mobile-computing-device policy for a first physical location.
  • Receiving verification may comprise receiving verification that a source is authorized.
  • Receiving verification may also include verifying that the source is authorized.
  • the verification mechanism may verify the source is authorized by contacting the owner of a hospital and verifying that the hospital owner is authorized to provide mobile- computing device policy for the hospital.
  • the process of verifying that a source is authorized may be performed separate from the verification mechanism, and the verification mechanism may simply receive the verification.
  • the verification mechanism may access a database to verify that the source is authorized to provide policies for the physical location.
  • a third party may verify that that hospital owner is authorized to provide policy for a hospital and store that information in a database. The verification mechanism may then access and search the database to verify that the hospital owner may provide policy for the hospital.
  • mobile-computing-device policy may refer generally to the overall mobile-computing-device policy of the first physical location, which may include multiple policies. In some embodiments, the phrase may refer to the area in which the policies may be implemented. For example, the hospital owner may be authorized to define the physical location of the hospital as well as the policies that should be enforced within that physical location. In some embodiments, the hospital owner may do nothing more than define the physical locations for a mobile-computing- device policy to be implemented.
  • a computing device may receive a first mobile-computing-device policy.
  • the first-mobile- computing-device policy may include one or more setting policies and/or one or more usage policies. Examples of policies may include, but are not limited to, a ringer setting, a lighting setting, an incoming call setting, an outgoing call setting, a power setting, an email setting, a voicemail setting, a sound setting, a network setting, a network access setting, a network usage setting, a camera setting, a global positioning system setting, a messaging setting, a bluetooth setting, an infrared data association setting, an installed application setting, a built-in application setting, and/or a communication setting.
  • the first mobile-computing-device policy may contain at least one of the above examples.
  • the policy may be received from the source through an internet-based interface.
  • the hospital owner may access, via the internet, a server similar to computing device 502.
  • Policy module 504 may be server-based software configured to provide the hospital owner with a graphical user interface for inputting the policy.
  • the hospital owner may select the policy from a set of pre-defined policies.
  • Policy module 504 may then store the policy in a database similar to policy-location-information database 508 along with any other relevant information or data concerning the policy.
  • a computing device such as computing device 502 in FIG. 5, may identify the first physical location.
  • the physical location may generally refer to a real world location.
  • the real- world physical location of the hospital may be referred to as the first physical location.
  • the process of identifying may be performed in various non-limiting embodiments.
  • identifying the first physical location may include receiving, from the source, geographical coordinates of the first physical location.
  • indentifying the first physical location may include receiving, from the source, boundaries of the first physical location.
  • indentifying the first physical location may include receiving, from the source, an address of the first physical location.
  • the identification of the first physical location may be stored in a database similar to policy-location-information database 508.
  • geographical coordinates identifying the boundaries of the hospital may be stored in a database along with policy information.
  • a computing device similar to computing device 502 in FIG. 5 may associate the first mobile- computing-device policy with the first physical location and may store these associations in a database similar to policy-location-information database 508.
  • a computing device similar to computing device 502 of FIG.5 may implement, based on the verification, the first mobile-computing-device policy at the first physical location. Methods and systems for implementing mobile- computing-device policy are described with greater detail in connection with FIG. 12.
  • the source may be a location-policy administrator authorized to provide the first policy for the first location.
  • location-policy administrators may include, but are not limited to, owners of restaurants, principals of schools, owners of hospitals, administrators or owners of churches, airport administrators, theater owners, or any other person or group authorized to provide policy for their respective locations.
  • receiving the first mobile-computing-device policy may include identifying that the first mobile-computing-device policy is received from the location-policy administrator.
  • the principal of a school may be required to provide a login username and password to access an internet-based interface capable of receiving a policy for the location.
  • FIGS. 5 and 6 The following discussion provides an example of how the principles of FIGS. 5 and 6 may be implemented.
  • a principal of a school may desire to regulate the use of mobile-computing devices on school grounds.
  • the principal may wish to provide a policy that turns the ringer setting of cell phones off.
  • a computing device similar to computing device 502 in FIG. 5 may verify that the principal is authorized to provide mobile-computing-device policy for the school.
  • the principal in this example, may have already been verified as authorized by a third party and the verification mechanism may have received this verification.
  • a policy module may receive a policy from the principal defining that the ringer settings are to be turned off for all cell phones while on school premises.
  • a location module may receive an address of the school from the principal. In some embodiments, the location module may be configured to receive an address and identify, based on the address, the physical location (e.g., geographical coordinates or boundaries) of the school.
  • the no-ring setting for cell phones may be associated with the school boundaries and stored in a database similar to policy-location-information database 508.
  • an implementation module may enforce the mobile-computing-device policy within the boundaries of the school.
  • the computing device may contain predefined policies for certain physical locations.
  • the computing device may contain a pre-defined policy for all schools.
  • the computing device may, upon discovering that the location is a school, associate the pre-defined policy with geographical coordinates that correspond to the school.
  • the principal may only need to specify that the first physical location is a school, and the pre-defined policy associated with schools may be automatically applied.
  • FIG. 7 illustrates an exemplary method 700 for receiving verification that a source is authorized to provide mobile-computing-device policy for a first physical location.
  • Method 700 shows exemplary communications between a source 702 and a verification mechanism 704.
  • source 702 may be a client device or terminal accessible by a location owner, a location-policy administrator, or any person or source authorized to provide policies for a physical location.
  • the manager of a restaurant may be a source authorized to define policies for the first physical location (e.g. , the restaurant).
  • verification mechanism 704 may be any mechanism configured to send notifications to a source, receive confirmations from a source, and/or verify that the source is authorized to provide mobile-computing-device policies.
  • verification mechanism 704 may be software capable of identifying when verification of a source is needed and may prompt mail to be sent to a physical address of the source.
  • the mail may include a password for a policy- administrator account or other information that the source may use to confirm that the source received the mail and/or is authorized to provide policies for the physical location.
  • the mail may direct the source to call a verification phone number or reply by mailing a letter to a verification administrator.
  • Verification mechanism 704 may also include software capable of identifying when confirmation mail has been returned or when a source has been verified over the phone.
  • the location administrator of a school may either mail back a notification confirmation or call to verify over the phone.
  • a verification administrator may store verification information in a database configured to allow a computing device, such as computing device 502, retrieve verification information.
  • verification mechanism 704 may send a notification to source 702 in any of methods previously discussed.
  • the source may receive confirmation information contained within the notification.
  • Confirmation information may be any information that is required to be returned or verified by the source in order to complete the authorization process.
  • Confirmation information may include, but is not limited to, personal identification numbers (PINs), passwords, identification information, confirmation numbers, or any other suitable information that may be returned or provided by the source in order to complete the verification process.
  • verification mechanism 704 may receive confirmation from the source.
  • confirmation may be received via any suitable method including mail, email, third party verification, or telephone verification.
  • the verification mechanism may store the confirmation information (step 740).
  • the principal of a school may want to regulate the usage of cell-phones.
  • the principal may have provided policies and location information before being verified as a source authorized to provide policies for the school.
  • the verification mechanism may initiate a verification process before implementing the policies for the school.
  • verification mechanism 704 may poll a database (e.g. , policy-location-information database 508) to determine whether the principal is authorized to provide policies for the school.
  • the verification mechanism may send a notification to a physical address of the school, as previously discussed.
  • FIG. 8 illustrates an exemplary method 800 for receiving multiple policies and identifying multiple locations.
  • a system similar to exemplary system 500 may be used to implement one or more of the steps in FIG. 8.
  • a verification mechanism may receive verification that a source is authorized to provide mobile-computing-device policies for a first physical location.
  • a policy module may receive a first mobile-computing device policy.
  • a location module may identify the first physical location.
  • a computing device similar to computing device 502 may then associate the first mobile-computing-device policy with the first physical location (step 840).
  • the location module may receive a set of geographical coordinates that correspond to a sub-region within the first physical location. For example, the location module may receive a set of 5 coordinates that define a boundary for a school (first physical location), and then a set of 4 coordinates that define a library area (sub-region) within the school.
  • the policy module may receive a second mobile-computing-device policy. For example, a principal may choose a "no- ring" setting for the first policy and a "no incoming calls" setting for the second policy.
  • the computing device may associate the second mobile-computing-device policy with the sub-region.
  • the implementation module may implement, based on the verification, the first mobile-computing device policy and/or the second mobile-computing device policy at the first physical location.
  • FIG. 9 illustrates a method for receiving and implementing policies for multiple sub-regions.
  • a verification mechanism may receive verification that a source is authorized to provide mobile-computing-device policies for a first physical location.
  • a policy module may then receive a first mobile-computing-device policy (step 920).
  • a location module may receive a first set of geographical coordinates that correspond to a first sub-region within the first physical location.
  • the location module may receive a second set of geographical coordinates that correspond to a second sub-region within the first physical location.
  • a computing device similar to computing device 502 may associate the first mobile-computing- device policy with the first sub-region, and at step 960 the computing device may associate a second mobile-computing-device with the second sub-region.
  • an implementation module may implement, based on the verification, first mobile- computing-device policy at the first physical location.
  • the physical locations described in methods herein may correspond to buildings and/or property boundaries.
  • a sub-region may be identified within a physical location.
  • FIG. 10 illustrates a first physical location 1000 and a sub-region located within the first physical location.
  • a boundary 1002 may be defined to encompass a building 1004.
  • a sub-boundary 1012 may be defined to encompass a room 1014 within building 1004.
  • building 1004 may be a school and room 1014 may be the library of the school.
  • a first policy may define that a child's cell phone be on a quiet ringer setting in the school. Thus the first policy may be associated with boundary 1002.
  • a second policy may be associated with sub-boundary 1012 and may define a muted ringer setting for the cell phone.
  • a physical location may be defined by a boundary of any shape or size.
  • a boundary box may be defined using two geographical coordinates (e.g., latitude and longitude coordinates).
  • a boundary may also be defined with more than two geographical coordinates, which may be useful in creating boundaries unique to the various shapes of physical locations.
  • identifying the first physical location includes receiving at least three coordinates. Boundaries of various different shapes and sizes may be defined by three or more geographical coordinates.
  • physical locations and sub-regions may be identified by an internet-based interface.
  • the internet-based interface may be provided by the location module.
  • the interface may provide tools that allow a location- policy administrator to draw and/or define different shapes and boundaries to define the first physical location and sub-regions.
  • software may be provided on a computing system similar to computing device 502 in FIG. 5 that allows a parent to identify the boundaries of a school.
  • the internet-based interface may provide tools for the parent to aid in developing unique shapes to fit the shape of the school and/or rooms within the school.
  • a first physical location may include more than one sub-region.
  • FIG. 11 illustrates an exemplary location with multiple sub-regions.
  • FIG. 11 illustrates a real-world location 1100.
  • Real-world location 1100 may include a boundary 1102 defined to be around a building 1104.
  • a sub-boundary 1112 may be defined around an area 1114, and a sub-boundary 1122 may be defined around an area 624.
  • real-world location 1100 may be located in a city.
  • Building 1104 may be a church
  • area 1114 may be a chapel within the church
  • area 1124 may be a community center within the church.
  • Boundary 1102 may be referred to as a physical location.
  • Sub-boundary 1112 and sub-boundary 1122 may be referred to as first and second sub-regions.
  • a pastor may want to define policy that will turn off cell phones for members of the congregation in the chapel and allow limited cell phone use in the community center. The pastor may also want to allow full use of cell phones in anywhere else in the church (e.g., hallways, bathrooms, foyers).
  • Boundary 1102, being the whole church, may not be associated with any policy.
  • Sub- boundary 1112 may be associated with the chapel's "no cell phone usage" policy.
  • Sub- boundary may 1122 may be associated with the community center's "limited cell phone use” policy.
  • implementing the first mobile-computing- device policy includes determining that a mobile-computing device is within the first physical location.
  • FIG. 12 is an illustration of exemplary method 1200 for implementing, based on the verification, the first mobile-computing-device policy at the first physical location.
  • Method 1200 shows exemplary communications between an implementation module 1210 and a mobile-computing device 1220.
  • mobile-computing device 1220 may transmit location information to implementation module 1210.
  • a cell phone may transmit GPS coordinates or may use any other triangulation or location technology to determine where the cell phone is located.
  • implementation module 1210 may receive location information.
  • implementation module 1210 may associate the location information with a mobile-computing-device policy.
  • implementation module 1236 may transmit the policy to the mobile-computing device.
  • the policy may be implemented (e.g., enforced) on the mobile-computing device.
  • FIG. 12 may correspond to exemplary embodiments of FIG. 11.
  • a church patron's cell phone may transmit a GPS signal to an implementation module server every five seconds.
  • the cell phone may transmit GPS coordinates to the implementation module.
  • the implementation module may receive the patron's cell phones coordinates and search a database for an associated policy. Because there may be no policy associated with building 1104, no policy may be transmitted to the patron's cell phone.
  • the cell phone may transmit its GPS again to implementation module 1210.
  • the implementation may associate the location information of the patron's cell phone with the policy for sub-boundary 1112 (the chapel's policy). At step 1236 this policy may then be transmitted to the patron's cell phone, and at step 1238 the cell phone may enforce the policy by turning off while in the chapel.
  • receiving verification that a source is authorized to provide mobile-computing-device policies may comprise receiving verification that a source has authority to create or change one or more mobile-computing device policies associated with a physical location.
  • receiving a first mobile-computing device policy may comprise allowing a location administrator to set or select one or more device-setting policies for a particular mobile-computing device or a set of mobile-computing devices.
  • a location administrator may be provided with an account that allows the administrator to input or change policies for a mobile-computing device. The location administrator may input mobile-computing device policies through an internet-based interface or any other suitable interface.
  • identifying a first physical location may comprise receiving, from the administrator, geographical coordinates of the first physical location. As previously discussed, identifying the first physical location may comprise receiving, from the administrator, boundaries of the first physical location. In at least one embodiment, identifying the first physical location may comprise receiving an address of the first physical location. In such embodiments, the address may be converted into geographical coordinates or any other suitable boundary definition for the first physical location.
  • the management module may store the mobile-computing device and the identification of the first physical location in a record.
  • the record may be stored in a database or any other suitable storage mechanism.
  • an implementation module may implement the mobile-computing-device policy on the mobile computing device.
  • implementing a mobile-computing- device policy may comprise changing a first setting on the first mobile-computing device while the first mobile-computing device is within the first physical location.
  • the setting may be associated with the first mobile-computing device policy.
  • the setting may be a volume setting
  • the mobile-computing-device policy may be a volume level of "3.”
  • Implementing the first mobile-computing-device policy may comprise changing the volume level on the device to "3" if the volume level is not already set to "3.” If the volume level is already set to "3," the mobile-computing device may verify that the volume level matches the mobile-computing-device policy. In other embodiments, the mobile-computing device may do nothing if the volume level already matches the mobile-computing-device policy.
  • FIG. 13 is a block diagram of an exemplary computing system 1310 capable of implementing one or more of the embodiments described and/or illustrated herein.
  • Computing system 1310 broadly represents any single or multi-processor computing device or system capable of executing computer-readable instructions. Examples of computing system 1310 include, without limitation, workstations, laptops, client-side terminals, servers, distributed computing systems, handheld devices, or any other computing system or device. In its most basic configuration, computing system 1310 may comprise at least one processor 1314 and a system memory 1316.
  • Processor 1314 generally represents any type or form of processing unit capable of processing data or interpreting and executing instructions.
  • processor 1314 may receive instructions from a software application or module. These instructions may cause processor 1314 to perform the functions of one or more of the exemplary embodiments described and/or illustrated herein.
  • processor 1314 may perform and/or be a means for performing, either alone or in combination with other elements, one or more of the providing, receiving, detecting, implementing, changing, associating, enforcing, and/or sending steps described herein.
  • Processor 1314 may also perform and/or be a means for performing any other steps, methods, or processes described and/or illustrated herein.
  • System memory 1316 generally represents any type or form of volatile or non-volatile storage device or medium capable of storing data and/or other computer- readable instructions. Examples of system memory 1316 include, without limitation, random access memory (RAM), read only memory (ROM), flash memory, or any other suitable memory device. Although not required, in certain embodiments computing device 1310 may comprise both a volatile memory unit (such as, for example, system memory 1316) and a non-volatile storage device (such as, for example, primary storage device 1332, as described in detail below).
  • RAM random access memory
  • ROM read only memory
  • flash memory or any other suitable memory device.
  • computing device 1310 may comprise both a volatile memory unit (such as, for example, system memory 1316) and a non-volatile storage device (such as, for example, primary storage device 1332, as described in detail below).
  • exemplary computing system 1310 may also comprise one or more components or elements in addition to processor 1314 and system memory 1316.
  • computing system 1310 may comprise a memory controller 1318, an Input/Output (I/O) controller 1320, and a communication interface 1322, each of which may be interconnected via a communication infrastructure 1312.
  • Communication infrastructure 1312 generally represents any type or form of infrastructure capable of facilitating communication between one or more components of a computing device. Examples of communication infrastructure 1312 include, without limitation, a communication bus (such as an ISA, PCI, PCIe, or similar bus) and a network.
  • Memory controller 1318 generally represents any type or form of device capable of handling memory or data or controlling communication between one or more components of computing system 1310. For example, in certain embodiments memory controller 1318 may control communication between processor 1314, system memory 1316, and I/O controller 1320 via communication infrastructure 1312. In certain embodiments, memory controller may perform and/or be a means for performing, either alone or in combination with other elements, one or more of the steps or features described and/or illustrated herein, such as providing, receiving, detecting, implementing, changing, associating, enforcing, and/or sending.
  • I/O controller 1320 generally represents any type or form of module capable of coordinating and/or controlling the input and output functions of a computing device.
  • I/O controller may control or facilitate transfer of data between one or more elements of computing system 1310, such as processor 1314, system memory 1316, communication interface 1322, display adapter 1326, input interface 1330, and storage interface 1334.
  • I/O controller 1320 may be used, for example, to perform and/or be a means for performing, either alone or in combination with other elements, one or more of the providing, receiving, detecting, implementing, changing, associating, enforcing, and/or sending steps described herein.
  • I/O controller 1320 may also be used to perform and/or be a means for performing other steps and features set forth in the instant disclosure.
  • Communication interface 1322 broadly represents any type or form of communication device or adapter capable of facilitating communication between exemplary computing system 1310 and one or more additional devices.
  • communication interface 1322 may facilitate communication between computing system 1310 and a private or public network comprising additional computing systems.
  • Examples of communication interface 1322 include, without limitation, a wired network interface (such as a network interface card), a wireless network interface (such as a wireless network interface card), a modem, and any other suitable interface.
  • communication interface 1322 may provide a direct connection to a remote server via a direct link to a network, such as the Internet.
  • Communication interface 1322 may also indirectly provide such a connection through, for example, a local area network (such as an Ethernet network), a personal area network (such as a bluetooth network), a telephone or cable network, a cellular telephone connection, a satellite data connection, or any other suitable connection.
  • a local area network such as an Ethernet network
  • a personal area network such as a bluetooth network
  • a telephone or cable network such as a cellular telephone connection
  • satellite data connection such as a satellite data connection
  • communication interface 1322 may also represent a host adapter configured to facilitate communication between computing system 1310 and one or more additional network or storage devices via an external bus or communications channel.
  • host adapters include, without limitation, SCSI host adapters, USB host adapters, IEEE 1394 host adapters, SATA and eSATA host adapters, ATA and PATA host adapters, Fibre Channel interface adapters, Ethernet adapters, or the like.
  • Communication interface 1322 may also allow computing system 1310 to engage in distributed or remote computing. For example, communication interface 1322 may receive instructions from a remote device or send instructions to a remote device for execution.
  • communication interface 1122 may perform and/or be a means for performing, either alone or in combination with other elements, one or more of the providing, receiving, detecting, implementing, changing, associating, enforcing, and/or sending steps disclosed herein.
  • Communication interface 1322 may also be used to perform and/or be a means for performing other steps and features set forth in the instant disclosure.
  • computing system 1310 may also comprise at least one display device 1324 coupled to communication infrastructure 1312 via a display adapter 1326.
  • Display device 1324 generally represents any type or form of device capable of visually displaying information forwarded by display adapter 1326.
  • display adapter 1326 generally represents any type or form of device configured to forward graphics, text, and other data from communication infrastructure 1312 (or from a frame buffer, as known in the art) for display on display device 1324.
  • exemplary computing system 1310 may also comprise at least one input device 1328 coupled to communication infrastructure 1312 via an input interface 1330.
  • Input device 1328 generally represents any type or form of input device capable of providing input, either computer or human generated, to exemplary computing system 1310. Examples of input device 1328 include, without limitation, a keyboard, a pointing device, a speech recognition device, or any other input device.
  • input device 1328 may perform and/or be a means for performing, either alone or in combination with other elements, one or more of the providing, receiving, detecting, implementing, changing, associating, enforcing, and/or sending steps disclosed herein.
  • Input device 1328 may also be used to perform and/or be a means for performing other steps and features set forth in the instant disclosure.
  • exemplary computing system 1310 may also comprise a primary storage device 1332 and a backup storage device 1333 coupled to communication infrastructure 1312 via a storage interface 1334.
  • Storage devices 1332 and 1333 generally represent any type or form of storage device or medium capable of storing data and/or other computer-readable instructions.
  • storage devices 1332 and 1333 may be a magnetic disk drive (e.g., a so-called hard drive), a floppy disk drive, a magnetic tape drive, an optical disk drive, a flash drive, or the like.
  • Storage interface 1334 generally represents any type or form of interface or device for transferring data between storage devices 1332 and 1333 and other components of computing system 1310.
  • storage devices 1332 and 1333 may be configured to read from and/or write to a removable storage unit configured to store computer software, data, or other computer-readable information.
  • suitable removable storage units include, without limitation, a floppy disk, a magnetic tape, an optical disk, a flash memory device, or the like.
  • Storage devices 1332 and 1333 may also comprise other similar structures or devices for allowing computer software, data, or other computer-readable instructions to be loaded into computing system 1310.
  • storage devices 1332 and 1333 may be configured to read and write software, data, or other computer-readable information.
  • Storage devices 1332 and 1333 may also be a part of computing system 1310 or may be a separate device accessed through other interface systems.
  • the exemplary file systems disclosed herein may be stored on primary storage device 1332, while the exemplary file-system backups disclosed herein may be stored on backup storage device 1333.
  • Storage devices 1332 and 1333 may also be used, for example, to perform and/or be a means for performing, either alone or in combination with other elements, one or more of the providing, receiving, detecting, implementing, changing, associating, enforcing, and/or sending steps disclosed herein.
  • Storage devices 1332 and 1333 may also be used to perform and/or be a means for performing other steps and features set forth in the instant disclosure.
  • Many other devices or subsystems may be connected to computing system 1310. Conversely, all of the components and devices illustrated in FIG.
  • Computing system 1310 may also employ any number of software, firmware, and/or hardware configurations.
  • one or more of the exemplary embodiments disclosed herein may be encoded as a computer program (also referred to as computer software, software applications, computer-readable instructions, or computer control logic) on a computer-readable medium.
  • computer program also referred to as computer software, software applications, computer-readable instructions, or computer control logic
  • computer- readable medium generally refers to any form of device, carrier, or medium capable of storing or carrying computer-readable instructions.
  • Examples of computer-readable media include, without limitation, transmission-type media, such as carrier waves, and physical media, such as magnetic-storage media (e.g., hard disk drives and floppy disks), optical-storage media (e.g., CD- or DVD-ROMs), electronic-storage media (e.g., solid-state drives and flash media), and other distribution systems.
  • transmission-type media such as carrier waves
  • physical media such as magnetic-storage media (e.g., hard disk drives and floppy disks), optical-storage media (e.g., CD- or DVD-ROMs), electronic-storage media (e.g., solid-state drives and flash media), and other distribution systems.
  • the computer-readable medium containing the computer program may be loaded into computing system 1310. All or a portion of the computer program stored on the computer-readable medium may then be stored in system memory 1316 and/or various portions of storage devices 1332 and 1333.
  • a computer program loaded into computing system 1310 may cause processor 1314 to perform and/or be a means for performing the functions of one or more of the exemplary embodiments described and/or illustrated herein.
  • one or more of the exemplary embodiments described and/or illustrated herein may be implemented in firmware and/or hardware.
  • computing system 1310 may be configured as an application specific integrated circuit (ASIC) adapted to implement one or more of the exemplary embodiments disclosed herein.
  • ASIC application specific integrated circuit
  • FIG. 14 is a block diagram of an exemplary network architecture 1400 in which client systems 1410, 1420, and 1430 and servers 1440 and 1445 may be coupled to a network 1450.
  • Client systems 1410, 1420, and 1430 generally represent any type or form of computing device or system, such as exemplary computing system 1310 in FIG. 13.
  • servers 1440 and 1445 generally represent computing devices or systems, such as application servers or database servers, configured to provide various database services and/or to run certain software applications.
  • Network 1450 generally represents any telecommunication or computer network; including, for example, an intranet, a wide area network (WAN), a local area network (LAN), a personal area network (PAN), or the Internet.
  • WAN wide area network
  • LAN local area network
  • PAN personal area network
  • one or more storage devices 1460(I)-(N) may be directly attached to server 1440.
  • one or more storage devices 1490(I)-(N) may be directly attached to server 1445.
  • Storage devices 1460(I)-(N) and storage devices 1490(I)-(N) generally represent any type or form of storage device or medium capable of storing data and/or other computer-readable instructions.
  • storage devices 1460(I)-(N) and storage devices 1490(I)-(N) may represent network-attached storage (NAS) devices configured to communicate with servers 1440 and 1445 using various protocols, such as NFS, SMB, or CIFS.
  • NAS network-attached storage
  • Servers 1440 and 1445 may also be connected to a storage area network (SAN) fabric 1480.
  • SAN fabric 1480 generally represents any type or form of computer network or architecture capable of facilitating communication between a plurality of storage devices.
  • SAN fabric 1480 may facilitate communication between servers 1440 and 1445 and a plurality of storage devices 1490(I)-(N) and/or an intelligent storage array 1495.
  • SAN fabric 1480 may also facilitate, via network 1450 and servers 1440 and 1450, communication between client systems 1410, 1420, and 1430 and storage devices 1490(I)-(N) and/or intelligent storage array 1495 in such a manner that devices 1490(I)-(N) and array 1495 appear as locally attached devices to client systems 1410, 1420, and 1430.
  • storage devices 1490(I)-(N) and intelligent storage array 1495 generally represent any type or form of storage device or medium capable of storing data and/or other computer-readable instructions.
  • a communication interface such as communication interface 1322 in FIG. 13, may be used to provide connectivity between each client system 1410, 1420, and 1430 and network 1450.
  • Client systems 1410, 1420, and 1430 may be able to access information on server 1440 or 1445 using, for example, a web browser or other client software.
  • client software may allow client systems 1410, 1420, and 1430 to access data hosted by server 1440, server 1445, storage devices 1460(I)-(N), storage devices 1470(I)-(N), storage devices 1490(I)-(N), or intelligent storage array 1495.
  • FIG. 14 depicts the use of a network (such as the Internet) for exchanging data, the embodiments described and/or illustrated herein are not limited to the Internet or any particular network-based environment.
  • a network such as the Internet
  • all or a portion of one or more of the exemplary embodiments disclosed herein may be encoded as a computer program and loaded onto and executed by server 1440, server 1445, storage devices 1460(I)-(N), storage devices 1470(I)-(N), storage devices 1490(I)-(N), intelligent storage array 1495, or any combination thereof.
  • network architecture 1400 may perform and/or be a means for performing, either alone or in combination with other elements, one or more of the providing, receiving, detecting, implementing, changing, associating, enforcing, and/or sending steps disclosed herein.
  • Network architecture 1400 may also be used to perform and/or be a means for performing other steps and features set forth in the instant disclosure.
  • the exemplary file systems disclosed herein may be stored on client systems 1410, 1420, and/or 1430.
  • the exemplary file-system backups disclosed herein may be stored on server 1440, server 1445, storage devices 1460(I)-(N), storage devices 1470(I)-(N), storage devices 1490(I)-(N), intelligent storage array 1495, or any combination thereof.
  • a computer-implemented method may comprise providing an administrator with access to device-setting policies of a first mobile-computing device of a first user, receiving a first device-setting policy for the mobile-computing device from the administrator, receiving an identification of a first physical location from the administrator, and implementing the first device-setting policy on the mobile-computing device after detecting that the first mobile-computing device is within the first physical location.
  • the method may further comprise receiving a second device-setting policy for a second mobile-computing device from the administrator.
  • the set of mobile-computing devices may comprise the second mobile- computing device.
  • the method may also comprise detecting that a second mobile- computing device is within the first physical location and implementing the second device-setting policy on the second mobile-computing device after detecting that the second mobile-computing device is within the first physical location.
  • implementing the first device-setting policy may comprise enforcing the first device-setting policy on the first mobile-computing device.
  • the first mobile-computing device may comprise a mobile phone, a laptop, or a personal digital assistant device.
  • the computer-implemented method may further comprise receiving a set of geographical coordinates that correspond to a sub-region within the first physical location, receiving a second device-setting policy for the first mobile-computing device, detecting that the first mobile-computing device is within the sub-region, and implementing the second device-setting policy on the mobile- computing device after detecting that the first mobile-computing device is within the sub-region.
  • receiving an identification of a first physical location may comprise receiving, from the administrator, geographical coordinates of the first physical location, boundaries of the first physical location, and an address of the first physical location.
  • the device-setting policy may comprise a ringer setting, a lighting setting, a power setting, and/or a sound setting.
  • the first device-setting policy may comprise changing a first setting on the first mobile-computing device while the first mobile-computing device is within the first physical location.
  • the first setting may be associated with the first device-setting policy.
  • providing the administrator with access to device-setting policies of the first mobile-computing device may comprise providing the administrator with permission to provide the first device-setting policy for the first mobile-computing device.
  • providing the administrator with access to device-setting policies of the first mobile-computing device may comprise providing the administrator with access to device-setting policies of a set of mobile-computing devices.
  • the set of mobile computing devices may comprise the first mobile-computing device.
  • identifying the first physical location may comprise receiving, through an internet-based interface associated with the administrator, a first location identifier that corresponds to the first physical location.
  • Receiving the first device-setting policy may comprise receiving, through the internet-based interface, the first device-setting policy.
  • receiving an identification of the first physical location may comprise receiving a set of at least three geographical coordinates.
  • receiving an identification of the first physical location may comprise receiving a first set of geographical coordinates that corresponds to a first sub-region within the first physical location, receiving a second set of geographical coordinates that corresponds to a second sub-region within the first physical location, associating the first device-setting policy with the first sub-region, and associating a second device-setting policy with the second sub-region and with the first mobile-computing device.
  • a computer-implemented method may include receiving verification that a source is authorized to provide mobile- computing-device policies for a first physical location.
  • the method may also include receiving a first mobile-computing-device policy, identifying the first physical location, and associating the first mobile-computing-device policy with the first physical location.
  • the method may further include implementing, based on the verification, the first mobile-computing-device policy at the first physical location.
  • the source may be a location-policy administrator, and the location-policy administrator may be authorized to provide the first policy for the location.
  • receiving the first mobile-computing-device policy may include identifying that the first mobile- computing-device policy is received from the location-policy administrator.
  • identifying the first physical location may include at least one: of receiving, from the source, geographical coordinates of the first physical location; receiving, from the source, boundaries of the first physical location; receiving, from the source, an address of the first physical location.
  • receiving verification may include accessing a database to verify that the source is authorized to provide the first policy for the first physical location.
  • receiving verification may include receiving a confirmation that the source is authorized to provide the first policy for the first physical location.
  • implementing the first mobile- computing-device policy comprises may include determining that a mobile-computing device is within the first physical location.
  • the first mobile-computing-device policy may be enforced on at least one of a mobile phone, a laptop, and/or a personal digital assistant device.
  • receiving verification may include sending a notification to a physical address associated with the first physical location and receiving confirmation from the source, the confirmation comprising information from the notification.
  • identifying the first physical location comprises receiving, through an internet-based interface, a first location identifier that corresponds to the first physical location.
  • receiving the first mobile-computing-device policy comprises may include receiving, through an internet-based interface, the first mobile-computing-device policy.
  • the method may include receiving a set of geographical coordinates that corresponds to a sub-region within the first physical location, receiving a second mobile-computing-device policy, and associating the second mobile-computing-device policy with the sub-region.
  • identifying the first physical location may include receiving a first set of geographical coordinates that corresponds to a first sub-region within the first physical location and receiving a second set of geographical coordinates that corresponds to a second sub-region within the first physical location.
  • associating the first mobile- computing-device policy with the first physical location may include associating the first mobile-computing device policy with the first sub-region and associating a second mobile-computing device policy with the second sub-region.
  • identifying the first physical location may include receiving at least three coordinates.
  • the mobile-computing-device policy may include at least one of a ringer setting, a lighting setting, an incoming call setting, an outgoing call setting, a power setting, an email setting, a voicemail setting, a sound setting, a network setting, a network access setting, a network usage setting, a communication setting, a camera setting, a global positioning system setting, a messaging setting, a bluetooth setting, an infrared data association setting, an installed application setting, and/or a built-in application setting.
  • a ringer setting a lighting setting, an incoming call setting, an outgoing call setting, a power setting, an email setting, a voicemail setting, a sound setting, a network setting, a network access setting, a network usage setting, a communication setting, a camera setting, a global positioning system setting, a messaging setting, a bluetooth setting, an infrared data association setting, an installed application setting, and/or a built-in application setting.
  • a system may include a verification mechanism configured to verify authorization of a source, a policy module configured to receive a first mobile-computing-device policy, a location module configured to identify a first physical location, a policy-location-information database configured to store policy information, an implementation module configured to enforce, based on an authorization of the source, the first mobile-computing-device policy at the first physical location.
  • the system of claim 13 may include a server, and the server may include the verification mechanism, the policy module, the location module, the policy-location-information database, and the enforcement module.
  • the system may also include a mobile-computing device, and the mobile computing device may include the enforcement module.
  • the implementation module may include a mobile-computing device configured to transmit location information, a device-location mechanism configured to receive location information from the mobile computing device, a determination module configured to determine whether the location information indicates that the mobile computing device is within the first physical location, a transmission mechanism configured to send the first mobile-computing-device policy to the mobile computing device, and an enforcement module configured to enforce the first mobile-computing- device policy on the mobile computing device.
  • the verification mechanism may include a notification mechanism configured to send a notification to a physical address associated with the first physical location.
  • the verification mechanism may also include a confirmation mechanism configured to receive confirmation from the source.
  • the verification mechanism may include an authorization database configured to store source authorization data and an authorization search module configured to search the authorization database for source authorization data.
  • a computer-readable medium may include a first computer-executable instruction operable to receive verification that a source is authorized to provide mobile-computing-device policies for a first physical location, a second computer-executable instruction operable to receive a first mobile- computing-device policy, a third computer-executable instruction operable to identify the first physical location, a fourth computer-executable instruction operable to associate the first mobile-computing-device policy with the first physical location, a fifth computer-executable instruction operable to implement, based on the verification, the first mobile-computing-device policy at the first physical location.
  • the third computer-executable instruction may be operable to receive a set of geographical coordinates that corresponds to a sub-region within the first physical location, receive a second mobile-computing-device policy, and associate the second mobile-computing-device policy with the sub-region.
  • the embodiments disclosed herein may also be implemented using software modules that perform certain tasks. These software modules may include script, batch, or other executable files that may be stored on a computer- readable storage medium or in a computing system. In some embodiments, these software modules may configure a computing system to perform one or more of the exemplary embodiments disclosed herein.

Abstract

L'invention concerne un procédé implémenté par ordinateur pouvant comprendre l'étape consistant à fournir à un administrateur un accès à des règles de configuration de dispositif d'un premier dispositif informatique mobile d'un premier utilisateur. Le procédé peut également comprendre la réception d'une première règle de configuration de dispositif pour le dispositif informatique mobile provenant de l'administrateur, et la réception d'une identification d'un premier emplacement physique provenant de l'administrateur. Le procédé peut comprendre les étapes consistant à détecter que le premier dispositif informatique mobile est dans le premier emplacement physique, et à implémenter la première règle de configuration de dispositif sur le dispositif informatique mobile après avoir détecté que le premier dispositif informatique mobile est dans le premier emplacement physique. Des procédés, systèmes et supports pouvant être lus sur ordinateur supplémentaires sont également décrits.
EP08869490A 2007-12-31 2008-12-29 Procédés et systèmes d'administration de règle et de configuration Withdrawn EP2232893A2 (fr)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US96791507A 2007-12-31 2007-12-31
US11/967,975 US8112785B1 (en) 2007-12-31 2007-12-31 Systems and methods for administering policies for physical locations
PCT/US2008/088410 WO2009088823A2 (fr) 2007-12-31 2008-12-29 Procédés et systèmes d'administration de règle et de configuration

Publications (1)

Publication Number Publication Date
EP2232893A2 true EP2232893A2 (fr) 2010-09-29

Family

ID=40409850

Family Applications (1)

Application Number Title Priority Date Filing Date
EP08869490A Withdrawn EP2232893A2 (fr) 2007-12-31 2008-12-29 Procédés et systèmes d'administration de règle et de configuration

Country Status (4)

Country Link
EP (1) EP2232893A2 (fr)
JP (1) JP2011522445A (fr)
CN (1) CN101953180A (fr)
WO (1) WO2009088823A2 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8909241B2 (en) 2010-11-05 2014-12-09 National Institute Of Information And Communications Technology Wireless device and communication method

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8112785B1 (en) 2007-12-31 2012-02-07 Symantec Corporation Systems and methods for administering policies for physical locations
EP2625668B1 (fr) * 2010-10-06 2020-04-08 Mastercard International Incorporated Procédés, systèmes et supports lisibles par ordinateur pour la fourniture d'informations de contenus dépendant de la position à un dispositif mobile
JP5941632B2 (ja) * 2011-08-10 2016-06-29 株式会社日立ソリューションズ ネットワークシステム、移動通信端末及びプログラム
WO2015078485A1 (fr) 2013-11-26 2015-06-04 Nokia Solutions And Networks Oy Configuration de services par lieu contrôlable par propriétaire de lieu
US10210543B2 (en) * 2014-04-06 2019-02-19 Google Llc Customized loyalty notifications
US9398411B2 (en) * 2014-09-05 2016-07-19 Qualcomm Incorporated Dispatch console client functionality

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020119788A1 (en) * 2000-04-05 2002-08-29 Gopal Parupudi Context-aware and location-aware cellular phones and methods
US20040103158A1 (en) * 2002-11-27 2004-05-27 Rga Intl, Inc. Cellular messaging alert method and system
US20060099969A1 (en) * 2004-11-05 2006-05-11 Houston Staton Method and system to monitor persons utilizing wireless media
US20070185980A1 (en) * 2006-02-03 2007-08-09 International Business Machines Corporation Environmentally aware computing devices with automatic policy adjustment features

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP3541802B2 (ja) * 2000-11-22 2004-07-14 日本電気株式会社 携帯電話機および携帯電話機の動作制御システム
US20030212684A1 (en) 2002-03-11 2003-11-13 Markus Meyer System and method for adapting preferences based on device location or network topology
EP1735923A4 (fr) 2004-04-14 2008-07-30 Lg Electronics Inc Systeme d'information d'emplacement refletant les preferences de l'utilisateur, et procede procurant le service
JP2006115339A (ja) * 2004-10-15 2006-04-27 Matsushita Electric Ind Co Ltd 伝送装置、携帯端末及び通信システム
JP4660370B2 (ja) * 2005-12-15 2011-03-30 富士通株式会社 移動端末の制御方法、移動端末、指示情報送信装置、及び移動端末の制御システム

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020119788A1 (en) * 2000-04-05 2002-08-29 Gopal Parupudi Context-aware and location-aware cellular phones and methods
US20040103158A1 (en) * 2002-11-27 2004-05-27 Rga Intl, Inc. Cellular messaging alert method and system
US20060099969A1 (en) * 2004-11-05 2006-05-11 Houston Staton Method and system to monitor persons utilizing wireless media
US20070185980A1 (en) * 2006-02-03 2007-08-09 International Business Machines Corporation Environmentally aware computing devices with automatic policy adjustment features

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See also references of WO2009088823A2 *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8909241B2 (en) 2010-11-05 2014-12-09 National Institute Of Information And Communications Technology Wireless device and communication method

Also Published As

Publication number Publication date
WO2009088823A3 (fr) 2009-09-24
JP2011522445A (ja) 2011-07-28
CN101953180A (zh) 2011-01-19
WO2009088823A2 (fr) 2009-07-16

Similar Documents

Publication Publication Date Title
US8112785B1 (en) Systems and methods for administering policies for physical locations
US10171648B2 (en) Mobile posture-based policy, remediation and access control for enterprise resources
US8111154B1 (en) Systems and methods for monitoring a mobile-computing device using geo-location information
US9374654B2 (en) Management of mobile applications
US11528609B2 (en) Communication and action approval system and method
EP2232893A2 (fr) Procédés et systèmes d'administration de règle et de configuration
US9111181B2 (en) Detecting and flagging likely confidential content in photographs to prevent automated dissemination
US9883394B2 (en) Virtual mobile phone interface system and method thereof
US20070185980A1 (en) Environmentally aware computing devices with automatic policy adjustment features
US10484501B2 (en) Intelligent subscriber profile control and management
US9060004B1 (en) Systems and methods for maintaining location-aware virtualization layers
JP2017520865A (ja) 他のモバイル装置での集中を制限して動作を行なうためにモバイル装置を使用すること
EP3320477B1 (fr) Protection de données contre un accès non autorisé
US10299304B1 (en) Securely communicating a status of a wireless technology device to a non-paired device
US9451465B2 (en) Electronically binding to a lost mobile device
US11869014B2 (en) Physical proximity graphing
US10779112B2 (en) Location-based organizational groupings for management services
US20200088523A1 (en) Navigation in an establishment site for a user using a mobile electronic device
US10783728B1 (en) Systems and methods for controlling access
US20230179952A1 (en) Initiating communication on mobile device responsive to event
US20220407692A1 (en) Multiple device collaboration authentication
JP2023509912A (ja) 状況的プライバシーのためのオペレーティングシステムレベルのアシスタント機能
WO2019046312A1 (fr) Commande et gestion intelligentes de profils d'abonnés

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20100714

AK Designated contracting states

Kind code of ref document: A2

Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MT NL NO PL PT RO SE SI SK TR

AX Request for extension of the european patent

Extension state: AL BA MK RS

DAX Request for extension of the european patent (deleted)
17Q First examination report despatched

Effective date: 20110801

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

18D Application deemed to be withdrawn

Effective date: 20130702