GB2524808A - Universal docking station security - Google Patents

Universal docking station security Download PDF

Info

Publication number
GB2524808A
GB2524808A GB1406032.1A GB201406032A GB2524808A GB 2524808 A GB2524808 A GB 2524808A GB 201406032 A GB201406032 A GB 201406032A GB 2524808 A GB2524808 A GB 2524808A
Authority
GB
United Kingdom
Prior art keywords
docking station
electronic device
portable electronic
security key
authorised
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
GB1406032.1A
Other versions
GB2524808B (en
GB201406032D0 (en
Inventor
William George Roose
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
DisplayLink UK Ltd
Original Assignee
DisplayLink UK Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by DisplayLink UK Ltd filed Critical DisplayLink UK Ltd
Priority to GB1406032.1A priority Critical patent/GB2524808B/en
Publication of GB201406032D0 publication Critical patent/GB201406032D0/en
Priority to PCT/GB2015/050771 priority patent/WO2015150727A1/en
Publication of GB2524808A publication Critical patent/GB2524808A/en
Application granted granted Critical
Publication of GB2524808B publication Critical patent/GB2524808B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F1/00Details not covered by groups G06F3/00 - G06F13/00 and G06F21/00
    • G06F1/16Constructional details or arrangements
    • G06F1/1613Constructional details or arrangements for portable computers
    • G06F1/1632External expansion units, e.g. docking stations

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Human Computer Interaction (AREA)
  • Software Systems (AREA)
  • Telephone Function (AREA)

Abstract

Access by a portable electronic device (200) to peripherals (104-114) connected to a docking station (100) is regulated by determining whether a security key is received from either the docking station (100) or the portable electronic device (200), if no security key is received, then causing a security mechanism to enter a first predetermined default state, which may include none or some minimum amount of access to the peripherals (104-114) being permitted, then determining whether the security key matches an authorised security key, and, if the security key does not match the authorised security key, then causing the security mechanism to enter a second predetermined default state, which may include none or some minimum amount of access to the peripherals (104-114) being permitted, i.e. there is only access to a limited or reduced functionality. If the security key is received. If the security key matches the authorised security key the portable electronic device (200) is permitted to dock with the docking station (100) and allowed some or full access to the peripherals (104-114), which may depend on the level of access authorised with respect to the security key.

Description

Universal Docking Station Security The present invention relates to methods and apparatus for providing security mechanisms for universal docking stations and to portable electronic devices.
Universal docking stations are physical devices that provide an interface between a portable electronic device (PED) and wired accessories, such as one or more full-size displays, a keyboard and a computer mouse, or other user input devices. Such a universal docking station is described in WO 2012/106568. A universal docking station enables many sorts of PEDs, such as notebook computers (including laptops, netbooks, ultrabooks, etc.), tablet computers, portable digital assistants (PDA5) and smartphones, from many different manufacturers to connect to the same docking station. This may be because the PEDs have limited battery life, and/or because it is ergonomically easier to use full-size input devices over longer periods, than the limited user input functionality available on some, smaller PEDs. A universal docking station may also provide power to the RED to charge it. The RED may be docked to the universal docking station by being connected physically to the docking station using a universal interface, such as a universal Serial Bus (USB), SATA, eSATA, FireWire, DisplayRortTM, Thunderbolt, Lightningbolt, or any other suitable interface connection, with or without physical means to restrain or lock the RED in position. In some cases, a wireless connection, such as Bluetooth, may be used.
As more and more people bring PED5 to their workplace, and the boundary between business and personal devices becomes more and more blurred, so that people often want to use the same PED for both personal and business use, they need to connect those PED5 to their office accessories. Therefore, large and small enterprises (including individuals at home) provide universal docking stations to enable anyone, perhaps including visitors, to connect to such a universal docking station, for example if they need to work on a document, or print something, or for other purposes. A universal docking station may also provide access to an enterprise network to allow a user to connect to other network devices, such as servers and other storage devices, so as to access emails and other facilities, and/or to gain access to external networks, whether private or public, such as the internet. However, allowing all docks to operate with all PEDs to provide full access to all accessories and network connected devices and other networks may not be advantageous. Such access can be restricted by permitting only certain users to dock with certain stations which are limited in their connectivity, for example to allow visitors to connect only with certain docking stations which have been preset for particular functionality, e.g. are only connected to particular accessories that a visitor may be allowed to use. Nevertheless, it would be useful to provide a mechanism whereby more flexibility in the use of universal docking stations was provided, whilst still providing control over access to various functions.
Aspects and examples of the invention are set out in the claims and address at least a part of the above described problem.
Examples of the invention may be implemented in software, middleware, firmware or hardware or any combination thereof. Embodiments of the invention comprise computer program products comprising program instructions to program a processor to perform one or more of the methods described herein, such products may be provided on computer readable storage media or in the form of a computer readable signal for transmission over a network. Embodiments of the invention provide computer readable storage media and computer readable signals carrying data structures, media data files or databases according to any of those described herein.
Apparatus aspects may be applied to method aspects and vice versa. The skilled reader will appreciate that apparatus embodiments may be adapted to implement features of method embodiments and that one or more features of any of the embodiments described herein, whether defined in the body of the description or in the claims, may be independently combined with any of the other embodiments described herein.
Embodiments of the invention will now be described in greater detail, by way of example only, with reference to the accompanying drawings, in which: Figure 1 shows a schematic diagram of a universal docking station and portable electronic device that may be used in an embodiment of the present invention; Figure 2 shows a schematic flow diagram of a method that can be carried out by a docking station according to one embodiment of the present invention; and Figure 3 shows a schematic flow diagram of a method that can be carried out by a portable electronic device according to one embodiment of the present invention.
Thus, as shown in Figure 1, a universal docking station 100 may include a number of input/output interfaces 102 through which the docking station 100 can be coupled to various devices and networks. As shown, the docking station may be coupled to one or more monitors 104, one or more input devices, such as a keyboard 106 and a mouse 108 or other computer pointer device, a printer 110, a network 112, which may be limited to local access or may provide more general internet access, and a power source 114. It will be appreciated that the docking station 100 may be coupled to more or fewer devices and networks, as desired, to provide various functionalities to a portable electronic device 200 that connects to the docking station 100. The docking station also includes interfaces for coupling to the portable electronic device 200, such as a power interface 116 and a data interface 118. The docking station 100 may also include a processor 120 and a memory 122 for storing executable instructions and data for use by the processor 120.
The portable electronic device 200 includes corresponding interfaces for coupling to the docking station 100, such as a power interface 202 and a data interface 204, and also includes a processor 206 and a memory 208 for storing executable instructions and data for use by the processor 206. The docking station interfaces 116 and/or 118 may be wired, and use any appropriate standard interface, for example the Universal Serial Bus (USB) interface, or may be wireless. Similarly, the portable electronic device interfaces 202 and/or 204 may be wired or may be wireless. It will be appreciated that the portable electronic device 200 will have many other components providing other functionality, including, usually, wireless functionality, but these aspects will not be further described here, as they are not essential to the operation of the present invention.
A security mechanism of the docking station 100 is provided by the processor 120 executing appropriate security software stored in the memory 122 to determine whether to allow a portable device full, some or no access to its peripherals. The functionality of the security mechanism will now be more fully described with reference to Figure 2.
When a portable device 200 wants to dock with the docking station 100, so that a user of the portable device 200 can utilise some or all of the functionality of the peripheral devices or network access provided through the input/output interfaces 102, the portable device 200 first enters into a communication 210 with the docking station 100. This communication 210 may be started when a wired connection, for example over a USB connection, is made between the portable device 200 and the docking station 100, whether by means of a USB cable, or a direct docking plug on the docking station 100 onto which the portable device 200 can be mounted. Alternatively, the communication 210 may be started when a wireless connection is made, for example using the Bluetooth protocol, when an initial handshake occurs, or in any other way, depending on the technology and protocol being used.
In one embodiment, the docking station 100 then requests 220 a security key, such as an identification, from the portable device 200, and waits 230 a predetermined period of time for the security key to be received by the docking station 100. This may be implemented by the provision of a timer in the docking station that is enabled when the request for the identification is sent, and the period of time expires when the timer counts down to zero, but any suitable way of determining a period of time may be used. When the predetermined period of time has expired, the docking station 100 determines 240 whether an identification has been received from the portable device 200.
If an identification is not received, for example, if the portable device did not recognise the request as such, or if it could not send an identification in an appropriate format for whatever reason, then the docking station enters 250 a predetermined default state. The default state when no identification is received at all can be either to allow 260 the portable device 200 to dock with the docking station 100 thereby providing full functionality of all peripherals, or to prevent 270 docking so that the portable device has no access to any functionality of the docking station whatsoever. Which default state is used can be chosen when the docking station is set up or by later programming and may depend on where it is used and on a level of security of the environment, as well as on what peripherals are available. For example, if the docking station is used at home and either there is no network access, or only access to a network where there is no sensitive data, then the default state may be to allow the portable device to dock. On the other hand, if the docking station is within a secure environment where sensitive data might be accessed, then the default state may be to prevent a portable device with no identification to dock to the docking station.
If an identification is received at the docking station 100 from the portable device, then the docking station 100 determines 280 whether the identification, or security key, is authorised. This determination can be made by checking whether the identification or security key matches any authorised identifications or security keys in a database in the memory 122 of the docking station 100. Alternatively, the docking station 100 may send a request to a server, for example via the network 112, for the server to determine whether the received identification or security key is authorised. This may be a preferable method if the docking station is one of many in a business enterprise, where only the server then needs to be updated with authorised identifications or security keys.
It should also be apparent that the receipt of the identification or security key may be a multi-step process where all or only parts of the identification or security key may be encrypted using public and private keys to prevent the identification or security key from being intercepted by unauthorised hackers. As will be appreciated, any security protocol can be used for this communication, as long as the docking station receives or can determine, the identification or security key of the portable device.
If it is determined 280, either at the docking station or at a remote server, for example, that the identification or security key is not authorised, then the docking station enters 290 a second predetermined default state. The second default state may be the same as the first predetermined default state or a different default state. Thus, if it is determined 280 that the received identification is not authorised, i.e. that it has been received but is found not to be authorised, then the second default state can be either to allow 260 the portable device 200 to dock with the docking station 100 thereby providing full functionality of all peripherals, or to prevent 270 docking so that the portable device has no access to any functionality of the docking station whatsoever. Which default state is used can be chosen when the docking station is set up or by later programming and may depend on where it is used and on a level of security of the environment, as well as on what peripherals are available. For example, if the docking station is used in a business environment, but not in a very secure area, then if the docking station does not have network access, but only access to a monitor, keyboard and mouse, and, perhaps, a printer, then the second default state for that docking station may be to allow the portable device to dock, whereas if the docking station does have network access, particularly if that can lead to internal servers where sensitive data might be accessed, then the second default state may be to prevent the portable device to dock to the docking station.
If, however, it is determined 280 that the identification or security key is authorised, then, in one embodiment of the invention, this causes the security mechanism in the docking station to permit 260 the portable device to dock so as to have full access to all its functionality. In an alternative embodiment, authorisation of an identification or security key may be the precursor to a determination of a level of functionality of the docking station that may be permitted. In this embodiment, once an identification or security key is determined 280 to be authorised, the security mechanism then determines 300 whether the authorisation permits full access to all the functionality of the docking station or not. If it is determined that full access is permitted, then the security mechanism permits 260 the portable device to dock with the docking station with full functionality.
However, if it is determined 300 that the authorisation permits less than full functionality of the docking station, then the security mechanism determines 310 a permitted level of functionality, and permits 320 the portable device to dock with the docking station with only limited functionality. For example, the authorisation level of the portable device may be such that the portable device is only permitted to access the monitor, keyboard and mouse, but not a network, depending on where the docking station is situated. If the portable device is permitted less than the full functionality available at the docking station, then the security mechanism controls the docking station to disable the functionality that is not permitted, for example by disabling the interfaces, or ports, to the peripherals that are not permitted to be accessed. Alternatively, the docking station may generally reside in a default state where minimal functionality is enabled, and the security mechanism only enables the particular functionality that an authorised level permits.
The identification or security key may be or include various characteristics of either the portable device or the user of the device, or both. For example, a device characteristic may include a class of the portable device, such as a laptops, a netbook, an ultrabook, a tablet computer, a portable digital assistant (PDA), a wearable, or a smartphone. It may be that a docking station will be programmed to allow some classes of portable devices to dock, but not all. For example, a portable device with little processing power may be permitted, where a laptop may not be. The device characteristic may alternatively or additionally include an identification of an originator of the device, for example, a manufacturer, a vendor, or an owner. For example, if the device characteristic is that of a manufacturer, then the docking station may only allow portable devices from the same manufacturer (or permitted manufacturers) to dock with particular docking stations (for example made by the same or a permitted manufacturer). Similarly, a vendor, such as a service provider may want to restrict docking capabilities of docking stations provided by that service provider to only permit portable devices provided by that service provider to dock. Finally, of course, an owner, such as a business enterprise that provides employees with portable devices may want to restrict docking stations on its premises from docking with portable devices that do not originate from it. Such a business enterprise may, however, wish to permit, perhaps at different, lower levels of functionality, portable devices that are privately owned by its employees to dock with its docking stations on its premises. In this case, the identification may be of a user characteristic, such as a user name or user ID, or user access code (e.g. a Personal Identification Number, PIN, or other password). An appropriately programmed docking station in a sensitive area in a business enterprise may then, for example, permit portable devices of a particular class (e.g. laptop) that it owns and provided to senior personnel, to dock with such a docking station with full functionality, whether with or without a personal user ID also being required, but to restrict other portable devices privately owned by those senior personnel to more limited functionality (e.g. by using the user characteristic, the class characteristic, and the owner characteristic), and to limit other devices, not owned by the senior personnel, but still by employees of the enterprise, even further, and to completely forbid docking of portable devices of non-employees, for example. As such, it will be apparent, that the identification or security key may be made up of a number of characteristics, of which none, some or all, may be authorised or not, and the database of authorised identifications or security keys, whether at the docking station or the remote server, would have a number of authorised characteristics of each type, which can then be individually matched or authorised, to provide an appropriate level of authorisation.
In a further aspect of the invention, a similar security mechanism can be installed on a portable device to enable the portable device to determine whether, and, in some embodiments, to what level, the portable device can dock with a docking station. For example, an enterprise that owns portable devices and provides them to its senior employees, may wish to control what docking stations those portable devices can be docked to. A security mechanism of the portable device 200 is provided by the processor 206 executing appropriate security software stored in the memory 208 to determine whether to allow the portable device to dock to a docking station with full, some or no access to its peripherals. The functionality of the security mechanism will now be more fully described with reference to Figure 3. When a portable device 200 wants to dock with the docking station 100, so that a user of the portable device 200 can utilise some or all of the functionality of the peripheral devices or network access provided through the input/output interfaces 102, the portable device 200 first enters into a communication 330 with the docking station 100. This communication 330 may be started when a wired connection, for example over a USB connection, is made between the portable device 200 and the docking station 100, whether by means of a USB cable, or a direct docking plug on the docking station 100 onto which the portable device 200 can be mounted. Alternatively, the communication 330 may be started when a wireless connection is made, for example using the Bluetooth protocol, when an initial handshake occurs, or in any other way, depending on the technology and protocol being used.
As shown in Figure 3, in this embodiment, the portable device 200 then requests 340 a security key, such as an identification, from the docking station 100, and waits 350 a predetermined period of time for the security key to be received by the portable device 200. This may be implemented by the provision of a timer in the portable device 200 that is enabled when the request for the identification is sent, and the period of time expires when the timer counts down to zero, but any suitable way of determining a period of time may be used. When the predetermined period of time has expired, the portable device determines 360 whether an identification has been received from the docking station 100.
If an identification is not received, for example, if the docking station did not recognise the request as such, or if it could not send an identification in an appropriate format for whatever reason, then the portable device 200 enters 370 a predetermined default state.
The default state when no identification is received at all can be either to allow 380 the portable device 200 to dock with the docking station 100 thereby providing full functionality of all peripherals, or to prevent 390 docking so that the portable device 200 has no access to any functionality of the docking station 100 whatsoever. Which default state is used can be chosen when the portable device 200 is set up or by later programming. For example, if the portable device 200 is used by a senior staff member of an enterprise and may well have sensitive data stored on it, then the default state may be to prevent the portable device from docking with any unauthorised docking station.
On the other hand, if the docking station is within reasonably secure environment, for example at the staff member's home, and the level of sensitivity that the staff member is exposed to is not too high, then the default state may be to permit the portable device to dock to the docking station even if it has no identification.
If an identification is received at the portable device 200 from the docking station 100, then the portable device 200 determines 400 whether the identification, or security key, is authorised. This determination can be made by checking whether the identification or security key matches any authorised identifications or security keys in a database in the memory 208 of the portable device 200. It should also be apparent that the receipt of the identification or security key may be a multi-step process where all or only parts of the identification or security key may be encrypted using public and private keys to prevent the identification or security key from being intercepted by unauthorised hackers. As will be appreciated, any security protocol can be used for this communication, as long as the portable device 200 receives or can determine, the identification or security key of the docking station 100.
If it is determined 400 at the portable device 200 that the identification or security key is not authorised, then the portable device 200 enters 410 a second predetermined default state. The second default state may be the same as the first predetermined default state or a different default state. Thus, if it is determined 400 that the received identification is not authorised, i.e. that it has been received but is found not to be authorised, then the second default state can be either to allow 380 the portable device 200 to dock with the docking station 100 thereby providing full functionality of all peripherals, orto prevent 390 docking so that the portable device 200 has no access to any functionality of the docking -10-station 100 whatsoever. Which default state is used can be chosen when the portable device 200 is set up or by later programming. For example, if the portable device 200 does not have any sensitive data stored on it, then the default state may be to allow the portable device from docking with any unauthorised docking station. On the other hand, if the docking station has an identification, but one that is not authorised, for example because it is located at a different business enterprise, then the default state may be to forbid the portable device 200 to dock to the docking station 100.
If, however, it is determined 400 that the identification or security key is authorised, then, in one embodiment, this causes the security mechanism in the portable device 200 to permit 380 the portable device 200 to dock so as to have full access to all the functionality of the docking station 100. In an alternative embodiment, authorisation of an identification or security key may be the precursor to a determination of a level of functionality of the docking station that may be permitted. In this embodiment, once an identification or security key is determined 400 to be authorised, the security mechanism then determines 420 whether the authorisation permits full access to all the functionality of the docking station 100 or not. If it is determined that full access is permitted, then the security mechanism permits 380 the portable device 200 to dock with the docking station with full functionality. However, if it is determined 420 that the authorisation permits less than full functionality of the docking station 100, then the security mechanism determines 430 a permitted level of functionality, and permits 440 the portable device to dock with the docking station 100 with only limited functionality. For example, the authorisation level of the docking station 100 may be such that the portable device 200 is only permitted to access the monitor, keyboard and mouse, but not a network, depending on where the docking station 100 is situated. If the portable device 200 is permitted less than the full functionality available at the docking station 100, then the security mechanism controls the portable device 200 to prevent it from accessing the peripherals that are not permitted to be accessed.
The docking station identification or security key may be or include a device characteristic of the docking station, where the device characteristic may include an identification of an originator of the docking station, for example, a manufacturer, a vendor, or an owner. For example, if the device characteristic is that of a manufacturer, -11 -then the security mechanism may only allow a portable device to dock with docking stations from the same manufacturer (or permitted manufacturers). Similarly, a vendor, such as a service provider may want to restrict docking capabilities of portable devices provided by that service provider to only permit those portable devices to dock with docking stations provided by that service provider. Finally, of course, an owner, such as a business enterprise that provides employees with portable devices may want to restrict the portable devices to only dock with docking stations on its premises and to prevent the portable device from docking with docking stations that do not originate from it. Such a business enterprise may, however, wish to permit, perhaps at different, lower levels of functionality, its portable devices to dock with other docking stations, perhaps at the homes of its employees. It is also possible for a docking station to have a user characteristic, in some circumstances, which could also be used by the portable device to determine whether it can, fully or in a limited fashion, dock with that docking station.
As such, it will be apparent, that the identification or security key may be made up of a number of characteristics, of which none, some or all, may be authorised or not, and the database of authorised identifications or security keys, at the portable device, may have a number of authorised device characteristics of docking stations that are authorised, which can then be individually matched or authorised, to provide an appropriate level of authorisation.
It will also be appreciated that in some circumstances, a portable device with an identification or security key may want to dock with a docking station with an identification or security key. A security key pair is thus installed on the universal docking station and the portable device. In some embodiments, a key pair can only be installed when a security dongle is connected to the docking station, allowing a security configuration to be changed. Security dongles may be available for OEMs and Corporate users. A corporate dongle would not allow the OEM security settings to be changed, but an OEM dongle would allow both the OEM and corporate security settings to be changed.
In this case, both the portable device and the docking station may carry out the security mechanism, and whether full or partial docking is permitted will depend on both the results of the security mechanism in the portable device and of the security mechanism in the docking station, and, perhaps, on the default states in both. Thus, if the key -12 -validation for the portable device and the docking station match, the portable device is allowed to use the universal docking station. If the key validation for the portable device and the docking station fails, then the security mechanism will check the "default behaviour". This can be set to "accept" or "reject" the client (portable device or docking station). If both the portable device and the docking station are set to "accept" on key failure, the portable device and docking station will still work together.
The following table I is a summary of the possible states using one security key: Portable device Portable device Docking station Docking station Portable device Security Key Default Behaviour Security Key Default Behaviour Docked? None N/A None N/A Yes Yes Accept None N/A Yes Yes Reject None N/A No None N/A Yes Accept Yes None N/A Yes Reject No Valid Accept Valid Accept Yes Invalid Accept Invalid Accept Yes Valid Reject Valid Accept Yes Invalid Reject Invalid Accept No Valid Accept Valid Reject Yes Invalid Accept Invalid Reject No Valid Reject Valid Reject Yes Invalid Reject Invalid Reject No
Table 1
Multiple security keys can be programmed into the portable device and the docking station. If there is a key failure and any of the keys are set to "reject", the docking station and portable device will not work together.
In one example of a portable device in a corporate office hot desk environment, the corporation may only want known portable devices to be able to connect to a universal docking station. To set up this environment: -13- 1. The IT admin receives the new universal docking station; 2. The IT admin purchases a "corporate security dongle" which enables the docking station security profiles to be changed. This would need to be connected to the dock, either through a USB port on the docking station, but could be Ethernet or attached to a USB host cable; 3. The security dongle is connected to the universal docking station; 4. IT admin installs software allowing him to generate and program security profiles into the universal docking station; 5. The IT admin generates a security key pair (docking station and portable device) for the docking station and portable devices using the security software. The security key is unique to the organisation or department and can be used on multiple docking stations and multiple portable devices; 6. The dock security key is programmed into the docking station; preferably where: a. The docking station can only be programmed when the security dongle is connected to the docking station; 7. The default security behaviour for the docking station is set to reject portable devices with a non-matching security keys; 8. The portable device security key is installed on the portable device that is allowed to use the docking station; preferably where: a. More than one access key can be defined on the portable device, allowing it to be used with more than once group of universal docking stations; and/or b. The portable device security key could be installed manually or by using a server distribution method e.g. Windows Group Policy; 9. The portable device security key default behaviour is set to reject unknown docking stations; and 10. The docking station and portable device can now be made available in the corporate environment.
A further example shows a home environment with an end user purchased docking station. In this case: 1. The home user purchases a universal docking station and sets it up; -14-where: a. It is assumed no security key is programmed into the docking station; 2. The user connects a home portable device with no security key; where: a. The portable device and docking station work together 3. The user disconnects the home PED and connects the corporate laptop configured in the previous example; so that: a. The corporate laptop does not connect to the docking station, as there is no valid key in the docking station and the default behaviour of the corporate laptop is to reject on security key failure.
Another example shows how an OEM could use docking station security to ensure universal docking station could only be used with their laptop platforms. In this case: 1. The OEM programs the universal docking station on the production line with a security key and an "OEM security dongle"; 2. The default behaviour is set to reject unknown portable devices; whereby: a. This prevents unknown portable devices connecting to the dock 3. The OEM programs a portable device with the security key for the docking station; whereby: a. This allows the OEM portable devices to connect to the docking station; 4. Once an IT manager purchases a docking station(s) and a portable device(s), further security access keys could be programmed into the portable device(s) and docking station (5); which a. Would only allow portable devices with the OEM access key to connect to the docking station(s); and/or b. The portable device's "behaviour on fail" could be used to choose if the OEM portable device should be allowed to connect to other universal docking stations.
It will be appreciated that although only a few particular embodiments of the invention have been described in detail, various modifications and improvements can be made by a person skilled in the art without departing from the scope of the present invention. -15-

Claims (69)

  1. Claims 1. A docking station for connecting to a portable electronic device, the docking station comprising: a universal data interface for communicatively coupling the docking station to the portable electronic device; a plurality of accessory interfaces for communicatively coupling the docking station to a plurality of accessories for providing functionality to the portable electronic device, when docked; a security mechanism configured to: determine whether a security key is received from the portable electronic device; if no security key is received from the portable electronic device before, then cause the security mechanism to enter a first predetermined default state; if the security key is received from the portable electronic device, then: determine whether the security key matches an authorised security key; if the security key does not match the authorised security key, then cause the security mechanism to enter a second predetermined default state; and if the security key matches the authorised security key, then control the docking station to permit the docking station to dock with the portable electronic device.
  2. 2. A docking station according to claim 1, wherein the security mechanism is configured to communicatively couple to the universal data interface for receiving the security key from the portable electronic device via the universal data interface.
  3. 3. A docking station according to either claim 1 or claim 2, wherein the security key comprises a device characteristic.
  4. 4. A docking station according to claim 3, wherein the device characteristic comprises a class of the portable electronic device. -16-
  5. 5. A docking station according to claim 4, wherein the class is taken from the group of classes comprising: laptops; netbooks; ultrabooks;tablet computers;portable digital assistants (PDAs); wearables; and smartphones.
  6. 6. A docking station according to any one of claims 3 to 5, wherein the device characteristic comprises an originator of the portable electronic device.
  7. 7. A docking station according to claim 6, wherein the originator is taken from the group of originators comprising: manufacturers; vendors; and owners.
  8. 8. A docking station according to any preceding claim, wherein the security key comprises a user characteristic.
  9. 9. A docking station according to claim 8, wherein the user characteristic comprises a user characteristic taken from the group of user characteristics comprising: user names; user IDs; and user access codes.
  10. 10. A docking station according to any preceding claim, wherein the security mechanism is configured to determine whether the security key matches the authorised security key by transmitting the received security key to a server and to receive a message from the server indicating whether the received security key matches the -17-authorised security key.
  11. 11. A docking station according to any preceding claim, wherein the security mechanism is further configured to: if the security key matches the authorised security key, determine a level of functionality of the docking station that the portable electronic device is permitted to access, when docked; and control the docking station to provide no more than the determined level of functionality to the portable electronic device, when docked.
  12. 12. A docking station according to claim 11, wherein the level of functionality of the docking station that the portable electronic device is permitted to access, when docked, is less than all the possible functionality that the docking station has available.
  13. 13. A docking station according to claim 12, wherein the security mechanism is configured to control the docking station to provide less than all the possible functionality to the portable electronic device, when docked, by disabling one or more ports of the universal data interface.
  14. 14. A docking station according to any preceding claim, wherein the authorised security key is prestored in the docking station.
  15. 15. A docking station according to any preceding claim, wherein the authorised security key is one of a plurality of authorised security keys prestored in the docking station.
  16. 16. A docking station according to any preceding claim, wherein the first predetermined default state causes the security mechanism to permit the docking station to dock with the portable electronic device.
  17. 17. A docking station according to any preceding claim, wherein the second predetermined default state causes the security mechanism to not allow the docking station to dock with the portable electronic device. -18-
  18. 18. A docking station according to any preceding claim, wherein to determine whether the security key is received from the portable electronic device, the security mechanism is configured to: request a security key from the portable electronic device; and wait a predetermined period of time for the security key to be received from the portable electronic device.
  19. 19. A method of controlling access by a portable electronic device to a docking station, the method comprising: determining whether a security key is received from the portable electronic device; if no security key is received from the portable electronic device, then entering a first predetermined default state; if the security key is received from the portable electronic device, then: determining whether the security key matches an authorised security key; if the security key does not match the authorised security key, then entering a second predetermined default state; and if the security key matches the authorised security key, then controlling the docking station to permit the docking station to dock with the portable electronic device.
  20. 20. A method according to claim 18, wherein the security key comprises a device characteristic.
  21. 21. A method according to claim 19, wherein the device characteristic comprises a class of the portable electronic device.
  22. 22. A method according to claim 21, wherein the class is taken from the group of classes comprising: laptops; netbooks; ultrabooks; -19-tablet computers;portable digital assistants (PDA5); wearables; and smartphones.
  23. 23. A method according to any one of claims 20 to 22, wherein the device characteristic comprises an originator of the portable electronic device.
  24. 24. A method according to claim 23, wherein the originator is taken from the group of originators comprising: manufacturers; vendors; and owners.
  25. 25. A method according to any one of claims 19 to 24, wherein the security key comprises a user characteristic.
  26. 26. A method according to claim 25, wherein the user characteristic comprises a user characteristic taken from the group of user characteristics comprising: user names; user access codes; and
  27. 27. A method according to any one of claims 19 to 26, wherein determining whether the security key matches an authorised security key comprises transmitting the received security key to a server and receiving a message from the server indicating whether the security key matches the authorised security key.
  28. 28. A method according to any one of claims 19 to 27, further comprising: if the security key matches an authorised security key, determining a level of functionality of the docking station that the portable electronic device is permitted to access, when docked; and controlling the docking station to provide no more than the determined level of functionality to the portable electronic device, when docked.-20 -
  29. 29. A method according to claim 28, wherein the level of functionality of the docking station that the portable electronic device is permitted to access, when docked, is less than all the possible functionality that the docking station has available.
  30. 30. A method according to claim 29, further comprising disabling one or more ports of the universal data interface in order to control the docking station to provide less than all the possible functionality to the portable electronic device, when docked.
  31. 31. A method according to any one of claims 19 to 30, further comprising, in the first predetermined default state, permitting the docking station to dock with the portable electronic device.
  32. 32. A method according to any one of claims 19 to 31, further comprising, in the second predetermined default state, not allowing the docking station to dock with the portable electronic device.
  33. 33. A method according to any one of claims l9to 32, wherein determining whether a security key is received from the portable electronic device comprises: requesting a security key from the portable electronic device; and waiting a predetermined period of time for the security key to be received from the portable electronic device.
  34. 34. A portable electronic device comprising: a universal data interface for communicatively coupling the portable electronic device to a docking station; a security mechanism configured to: determine whether a security key is received from the docking station; if no security key is received from the docking station, then cause the security mechanism to enter a first predetermined default state; if the security key is received from the docking station, then: determine whether the security key matches an authorised security key; -21 -if the security key does not match the authorised security key, then cause the security mechanism to enter a second predetermined default state; and if the security key matches the authorised security key, then control the portable electronic device to permit the portable electronic device to dock with the docking station.
  35. 35. A portable electronic device according to claim 34, wherein the security mechanism is configured to communicatively couple to a universal data interface of the docking station for receiving the security key from the docking station via the universal data interface.
  36. 36. A portable electronic device according to either claim 34 or claim 35, wherein, the security mechanism is further configured to: if the security key matches the authorised security key, determine a level of functionality of the docking station that the portable electronic device is permitted to access, when docked; and control the portable electronic device to access no more than the determined level of functionality of the docking station, when docked.
  37. 37. A portable electronic device according to claim 36, wherein the level of functionality of the docking station that the portable electronic device is permitted to access, when docked, is less than all the possible functionality that the docking station has available.
  38. 38. A portable electronic device according to any one of claims 34 to 37, wherein the authorised security key is prestored in the portable electronic device.
  39. 39. A portable electronic device according to any one of claims 34 to 38, wherein the authorised security key is one of a plurality of authorised security keys prestored in the portable electronic device.
  40. 40. A portable electronic device according to any one of claims 34 to 39, wherein the -22 -first predetermined default state causes the security mechanism to permit the portable electronic device to dock with the docking station.
  41. 41. A portable electronic device according to any one of claims 34 to 40, wherein the second predetermined default state causes the security mechanism to not allow the portable electronic device to dock with the docking station.
  42. 42. A portable electronic device according to any one of claims 34 to 41, wherein the security key comprises a device characteristic.
  43. 43. A portable electronic device according to claim 42, wherein the device characteristic comprises an originator of the docking station.
  44. 44. A portable electronic device according to claim 43, wherein the originator is taken from the group of originators comprising: manufacturers; vendors; and owners.
  45. 45. A portable electronic device according to any one of claims 34 to 44, wherein the security key comprises a user characteristic.
  46. 46. A portable electronic device according to claim 45, wherein the user characteristic comprises a user characteristic taken from the group of user characteristics comprising: user names; user access codes; and
  47. 47. A portable electronic device according to any one of claims 34 to 46, wherein to determine whether the security key is received from the docking station, the security mechanism is configured to: request a security key from the docking station; and wait a predetermined period of time for the security key to be received from the docking station.-23 -
  48. 48. A method of controlling access to a docking station by a portable electronic device, the method comprising: determining whether a security key is received from the docking station; if no security key is received from the docking station, then entering a first predetermined default state; if the security key is received from the docking station, then: determining whether the security key matches an authorised security key; if the security key does not match the authorised security key, then entering a second predetermined default state; and if the security key matches the authorised security key, then controlling the portable electronic device to permit the portable electronic device to dock with the docking station.
  49. 49. A method according to claim 48, further comprising: if the security key matches the authorised security key, determining a level of functionality of the docking station that the portable electronic device is permitted to access, when docked; and controlling the portable electronic device to access no more than the determined level of functionality of the docking station, when docked.
  50. 50. A method according to claim 49, wherein the level of functionality of the docking station that the portable electronic device is permitted to access, when docked, is less than all the possible functionality that the docking station has available.
  51. 51. A method according to any one of claims 48 to 50, wherein the authorised security key is prestored in the portable electronic device.
  52. 52. A method according to any one of claims 48 to 51, wherein the authorised security key is one of a plurality of authorised security keys prestored in the portable electronic device.
  53. 53. A method according to any one of claims 48 to 52, wherein the first predetermined -24 -default state causes the security mechanism to permit the portable electronic device to dock with the docking station.
  54. 54. A method according to any one of claims 48 to 53, wherein the second predetermined default state causes the security mechanism to not allow the portable electronic device to dock with the docking station.
  55. 55. A method according to any one of claims 48 to 54, wherein the security key comprises a device characteristic.
  56. 56. A method according to claim 55, wherein the device characteristic comprises an originator of the docking station.
  57. 57. A method according to claim 56, wherein the originator is taken from the group of originators comprising: manufacturers; vendors; and owners.
  58. 58. A method according to any one of claims 48 to 57, wherein the security key comprises a user characteristic.
  59. 59. A method according to claim 58, wherein the user characteristic comprises a user characteristic taken from the group of user characteristics comprising: user names; user access codes; and
  60. 60. A method according to any one of claims 48 to 59, wherein determining whether a security key is received from the docking station comprises: requesting a security key from the docking station; and waiting a predetermined period of time for the security key to be received from the docking station.-25 -
  61. 61. A method of controlling access to a docking station by a portable electronic device, the method comprising: communicating information between the docking station and the portable electronic device, the information including an ID; determining whether the ID is an authorised ID; if the ID is an authorised ID: determining a level of functionality to be accessible at the docking station by the portable electronic device, when the portable electronic device is docked to the docking station, the level of functionality being in the range between a maximum level of functionality, which allows access to all the functionality available at the docking station, and a minimum level of functionality, which allows access to a predetermined set of functions, less than the maximum level of functionality; and if the ID is not an authorised ID: determining a level of functionality to be accessible at the docking station by the portable electronic device, when the portable electronic device is docked to the docking station, the level of functionality being in the range between no functionality, which does not allow access to any of the functionality available at the docking station, and the minimum level of functionality; and controlling the level of functionality accessible by the portable electronic device, when the portable electronic device is docked to the docking station, to the determined level of functionality.
  62. 62. A method according to claim 61, wherein the ID is a device ID of the portable electronic device, the device ID is sent by the portable electronic device and received by the docking station, and the docking station determines whether the device ID is an authorised ID and determining the level of functionality to be accessible at the docking station by the portable electronic device, when the portable electronic device is docked to the docking station.
  63. 63. A method according to claim 62, wherein the device ID comprises a class of the portable electronic device.
  64. 64. A method according to claim 63, wherein the class is taken from the group of -26 -classes comprising: laptops; netbooks; ultrabooks;tablet computers;portable digital assistants (PDA5); wearables; and smartphones.
  65. 65. A method according to any one of claims 61 to 64, wherein the device ID comprises an originator of the portable electronic device.
  66. 66. A method according to claim 65, wherein the originator is taken from the group of originators comprising: manufacturers; vendors; and owners.
  67. 67. A method according to any one of claims 61 to 66, wherein the device ID comprises a user characteristic taken from the group of user characteristics comprising: user names; user access codes; and
  68. 68. A method according to any one of claims 61 to 67, wherein determining whether the device ID is an authorised ID comprises transmitting the received device ID to a server and receiving a message from the server indicating whether the device ID comprises an authorised ID.
  69. 69. A method according to claim 61, wherein the ID is a station ID of the docking station, the station ID is sent to the portable electronic device, and the portable electronic device determining whether the station ID is an authorised ID and determining the level of functionality to be accessible at the docking station by the portable electronic device, when the portable electronic device is docked to the docking station.
GB1406032.1A 2014-04-03 2014-04-03 Universal docking station security Active GB2524808B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
GB1406032.1A GB2524808B (en) 2014-04-03 2014-04-03 Universal docking station security
PCT/GB2015/050771 WO2015150727A1 (en) 2014-04-03 2015-03-17 Universal docking station security

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
GB1406032.1A GB2524808B (en) 2014-04-03 2014-04-03 Universal docking station security

Publications (3)

Publication Number Publication Date
GB201406032D0 GB201406032D0 (en) 2014-05-21
GB2524808A true GB2524808A (en) 2015-10-07
GB2524808B GB2524808B (en) 2021-04-07

Family

ID=50776784

Family Applications (1)

Application Number Title Priority Date Filing Date
GB1406032.1A Active GB2524808B (en) 2014-04-03 2014-04-03 Universal docking station security

Country Status (2)

Country Link
GB (1) GB2524808B (en)
WO (1) WO2015150727A1 (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10657674B2 (en) 2016-06-17 2020-05-19 Immersive Robotics Pty Ltd. Image compression method and apparatus
CN110494193A (en) 2017-02-08 2019-11-22 因默希弗机器人私人有限公司 User into multiplayer place shows content
CN111837384A (en) 2017-11-21 2020-10-27 因默希弗机器人私人有限公司 Frequency component selection for image compression
EP3714602A4 (en) 2017-11-21 2021-07-28 Immersive Robotics Pty Ltd Image compression for digital reality

Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050138576A1 (en) * 2003-12-23 2005-06-23 Baumert David W. System and method for sharing information based on proximity
US20080252419A1 (en) * 2007-04-11 2008-10-16 Batchelor Michael D Wireless access control system and method
WO2010027694A1 (en) * 2008-09-08 2010-03-11 Apple Inc. Cross-transport authentication
US20110246756A1 (en) * 2010-04-01 2011-10-06 Smith Ned M Protocol for authenticating functionality in a peripheral device
US20120131353A1 (en) * 2010-11-22 2012-05-24 Motorola Mobility, Inc. Peripheral authentication
US20130102282A1 (en) * 2011-10-19 2013-04-25 Motorola Mobility, Inc. Secure device identification protocol with autonomous determination of specific class and capabilities of an electronic device cradle connected to an electronic device
EP2639736A1 (en) * 2012-03-14 2013-09-18 Samsung Electronics Co., Ltd. Apparatus and method of controlling permission to applications in a portable terminal
WO2014089229A1 (en) * 2012-12-04 2014-06-12 Qualcomm Incorporated Apparatus and methods for utilizing a wireless charger in a wireless docking environment
WO2014107249A1 (en) * 2013-01-04 2014-07-10 Qualcomm Incorporated Authenticating a wireless dockee to a wireless docking service
WO2014189660A1 (en) * 2013-05-24 2014-11-27 Qualcomm Incorporated Access control for wireless docking
WO2014189659A1 (en) * 2013-05-24 2014-11-27 Qualcomm Incorporated Utilization and configuration of wireless docking environments

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130198867A1 (en) * 2011-12-09 2013-08-01 Z124 A Docking Station for Portable Devices Providing Authorized Power Transfer and Facility Access
US9021159B2 (en) * 2012-09-07 2015-04-28 Apple Inc. Connector adapter

Patent Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050138576A1 (en) * 2003-12-23 2005-06-23 Baumert David W. System and method for sharing information based on proximity
US20080252419A1 (en) * 2007-04-11 2008-10-16 Batchelor Michael D Wireless access control system and method
WO2010027694A1 (en) * 2008-09-08 2010-03-11 Apple Inc. Cross-transport authentication
US20110246756A1 (en) * 2010-04-01 2011-10-06 Smith Ned M Protocol for authenticating functionality in a peripheral device
US20120131353A1 (en) * 2010-11-22 2012-05-24 Motorola Mobility, Inc. Peripheral authentication
US20130102282A1 (en) * 2011-10-19 2013-04-25 Motorola Mobility, Inc. Secure device identification protocol with autonomous determination of specific class and capabilities of an electronic device cradle connected to an electronic device
EP2639736A1 (en) * 2012-03-14 2013-09-18 Samsung Electronics Co., Ltd. Apparatus and method of controlling permission to applications in a portable terminal
WO2014089229A1 (en) * 2012-12-04 2014-06-12 Qualcomm Incorporated Apparatus and methods for utilizing a wireless charger in a wireless docking environment
WO2014107249A1 (en) * 2013-01-04 2014-07-10 Qualcomm Incorporated Authenticating a wireless dockee to a wireless docking service
WO2014189660A1 (en) * 2013-05-24 2014-11-27 Qualcomm Incorporated Access control for wireless docking
WO2014189659A1 (en) * 2013-05-24 2014-11-27 Qualcomm Incorporated Utilization and configuration of wireless docking environments

Also Published As

Publication number Publication date
WO2015150727A1 (en) 2015-10-08
GB2524808B (en) 2021-04-07
GB201406032D0 (en) 2014-05-21

Similar Documents

Publication Publication Date Title
JP6603240B2 (en) Power management contract for accessory equipment
US9472034B2 (en) Electronic lock system
US11665151B2 (en) Utilizing caveats for wireless credential access
US9160751B2 (en) Mobile device management profile distribution
US20170177029A1 (en) Portable computing device access
US8640226B2 (en) Mechanisms to secure data on hard reset of device
WO2015150727A1 (en) Universal docking station security
US7895645B2 (en) Multiple user credentials
US10419433B2 (en) Network credentials for wirelessly accessing a LAN via an alternate communications network
US11706282B1 (en) System and method for sharing electronic data using a mobile device
US10952077B1 (en) Technologies for access control communications
US11190519B2 (en) Dock administration using a token
US20140156952A1 (en) Information processing apparatus, information processing method, and computer readable medium
US10505943B2 (en) Enabling users to perform operations that require elevated privileges
KR101314717B1 (en) Application system, control system, and user terminal control method
US10091191B2 (en) Distributed authorization
US11422602B2 (en) Computing device remote control system
US11928196B2 (en) Apparatuses for improved electronic data storage and transfer and computer-implemented methods of using the same
US11483348B2 (en) Restrictive user privileges
US20230274010A1 (en) Quick management action system
JP6202999B2 (en) Information processing apparatus, control method, and program
KR100741369B1 (en) Method for controlling the computer with remote
JP2021064869A (en) Thin-client system
KR20140053080A (en) Security method for single use of device interlocking mobile terminal, and mobile host using the same
KR20140101098A (en) Application System, control system, and control method based on the location of the user terminal