WO2005091584A2 - Remote device management system - Google Patents

Remote device management system Download PDF

Info

Publication number
WO2005091584A2
WO2005091584A2 PCT/IB2005/050874 IB2005050874W WO2005091584A2 WO 2005091584 A2 WO2005091584 A2 WO 2005091584A2 IB 2005050874 W IB2005050874 W IB 2005050874W WO 2005091584 A2 WO2005091584 A2 WO 2005091584A2
Authority
WO
WIPO (PCT)
Prior art keywords
network device
accessibility
user
accessing
information
Prior art date
Application number
PCT/IB2005/050874
Other languages
French (fr)
Other versions
WO2005091584A3 (en
Inventor
Juergen K. Mueller
Henricus X. Willems
Original Assignee
Koninklijke Philips Electronics N.V.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Koninklijke Philips Electronics N.V. filed Critical Koninklijke Philips Electronics N.V.
Publication of WO2005091584A2 publication Critical patent/WO2005091584A2/en
Publication of WO2005091584A3 publication Critical patent/WO2005091584A3/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0803Configuration setting
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/105Multiple levels of security

Definitions

  • a method of managing network-based accessibility to a network device operated by a user wherein accessibility defines access to information on said network device and access to perform actions on said network device.
  • the invention further relates to a network device adapted to manage network-based accessibility to said network device, wherein accessibility defines access to information on said network device and access to perform actions on said network device.
  • Remote Management is beneficial for a user, for example to troubleshoot problems that the user experiences with a device, or to suggest software updates or configuration changes for the devices.
  • a method of managing network-based accessibility to a network device operated by a user wherein accessibility defines access to information on said network device and access to perform actions on said network device, wherein the managing is based on one or more user selections; said method comprising the steps of: - enabling said user to select between one or more predefined accessing levels, each accessing level defining different levels of accessibility to said network device, and setting up said network device so that the accessibility will be managed based on said predefined user selected accessing level.
  • the user can limit the access to the data and the access to perform an action on the network device and therefore be fully in control of the network device.
  • the data can comprise information relating to the hardware or device configuration of said network device.
  • the data could alternatively comprise the usage statistics such as data about the time the device was turned on. Further, data could comprise user's personal information. It is essential that the information on the network device is grouped according to some predefined grouping criteria, e.g. personal group comprising personal data, hardware related group, software related group, in order to make accessibility to this information easier. Other grouping criteria would of course also be possible.
  • the accessibility defined by each accessing level defines an action where two or more groups of information are accessed simultaneously from a single accessing level.
  • the invention further relates to a computer readable medium having stored therein instructions for causing a processing unit to execute the before mentioned method.
  • the invention further relates to a network device adapted to manage network based accessibility to said network device, wherein accessibility defines access to information on said network device and access to perform actions on said network device, and wherein the managing is based on one or more user selections; said network device comprising: means for enabling said user to select between one or more predefined accessing levels, each accessing level defining different levels of accessibility to said network device, and means for setting up said network device so that the accessibility will be managed based on said predefined user selected accessing level.
  • Fig. 1 shows a network device adapted to manage network based accessibility to said device
  • Fig. 2 shows an example where the information on a user's device has been grouped into five different groups
  • Fig. 3 shows a flow diagram of the method of managing network based accessibility to a network device.
  • Fig. 1 shows a network device 103 operated by a user 101, whereby the user can select between one or more accessing levels, which define the access to groups of information on the user's device or the access to perform actions on the user's device.
  • the user selects between different accessing levels displayed on a user interface 105.
  • the user can e.g. limit or allow the access to the information that is being accessible under the selected accessing levels from an external agent 111, which is operating through a communication channel 109, such as the internet or intranet.
  • the user's device 103 can as an example be a regular computer, a consumer electronics device such as a CD player or a TV set or any kind of a portable computer such as laptop or palm computer, and the external agent 111 can as an example be another computer operated by another user or by the maintainer.
  • the information and the actions that can be performed on the network device 103 operated by the user are grouped into a plurality of groups containing different kinds of information and actions, depending on the grouping criteria. The following example shows five different groups:
  • Information or actions relating to the device usage statistics of the network device such as data about the time the network device was turned on or the number of times it was reset by the user.
  • these data are not entered explicitly by the user, but they are (locally) inferred from the (daily) use of the device.
  • Information or actions relating to the user preferences relating to the content that can be rendered by the device such as what genre mo-vies the user likes, list of favorite songs etc.
  • this data can only be entered by the user or inferred (locally) from his behavior.
  • Information or actions relating to the content data which are the actual data stored by the user. This can be content produced or otherwise obtained by the user, such as letters, music or films.
  • the user 101 selects one or more accessing levels, which are displayed at the user interface 105, where at each accessing level the accessibility to these groups is defined.
  • the accessibility defines e.g. which action can be performed on these five groups, such as whether they can only be accessed, or accessed and changed, e.g. by adding, replacing or removing information within said groups.
  • the following example illustrates different accessing levels each defining different levels of accessibility to groups of information (such as those shown before): No remote access No information or actions are accessible.
  • Change configuration parameters The logging and configuration information can be read and changed (or deleted if appropriate), e.g. by the maintainer or the device management, thereby optimizing the function of the network device. Allowed remote commands could be: get LoggingData, getConfigurationParameters, setConfigurationParameters.
  • Updating and adapting network device software On this level the device management has all possibilities of the preceding level, and it can download new software to the network device operated by the user. The user keeps an up-to-date network device without any configuration effort from his side. No personal information to the user is revealed to the outside world. Allowed remote commands: getLoggingData, getConfigurationParameters, setConfigurationParameters, installNewSWVersion. Updating and adapting service software On this level the network device management has the possibilities of the preceding level and the possibility to install extra software. No access to user preferences from the outside world. Allowed remote commands: getLoggingData, getConfigurationParameters, setConfigurationParameters, installNewSWVersion, installSWComponent, deleteSWComonent.
  • Read user profiles The access as defined above in the above levels. Further, there is read access to the network device usage statistics and content related to user preferences to suggest and provide new content. Allowed remote command: getLoggingData, getConfigurationParameters, setConfigurationParameters, installNewSWVersion, installSWComponent, deleteSWComonent, getUserPreferences.
  • Fig. 2 shows an example where the information on a device and actions that can be performed on the device have been grouped into five different groups. These five groups can as example be considered as the five groups described earlier. The first group is marked as 201, the second as 205 and the last as 211. In this example four different accessing levels have been defined, each accessing level defining different accessibility to the groups.
  • the definition for the accessibility is stored at storage means 202 of the user's device, e.g. using a linking table linking accessing level identification with the defined accessibility.
  • the first accessing level 203 (l.Ac_a) has an access to the first 201 and the second 205 group
  • the second accessing level 207 (2.Ac_b) also has an access to the first 201 and the second 205 group
  • the last accessing level 209 (4.Ac_e) has an access to the last group 211.
  • the difference between the first two accessing levels 203, 207 could be due to different definitions of accessibilities in the accessing levels.
  • FIG. 3 shows a flow diagram where the accessibility to a user's device is defined.
  • D_A information on the device 301
  • A_L accessing levels 303
  • each accessing level defines accessibility to said groups of data. Selecting one or more accessing levels can, as described under Fig.
  • any reference signs placed between parentheses shall not be construed as limiting the claim.
  • the word 'comprising' does not exclude the presence of other elements or steps than those listed in a claim.
  • the invention can be implemented by means of hardware comprising several distinct elements, and by means of a suitably programmed computer. In a device claim enumerating several means, several of these means can be embodied by one and the same item of hardware. The mere fact that certain measures are recited in mutually different dependent claims does not indicate that a combination of these measures cannot be used to advantage.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer And Data Communications (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The present invention relates to a method of managing network-based accessibility to a network device operated by a user, wherein accessibility defines access to information on said network device and access to perform actions on said network device, wherein the managing is based on one or more user selections. The method comprises the steps of enabling said user to select between one or more predefined accessing levels, each accessing level defining different levels of accessibility to said network device and setting up said network device so that the accessibility will be managed based on said predefined user selected accessing level.

Description

Remote device management system
A method of managing network-based accessibility to a network device operated by a user, wherein accessibility defines access to information on said network device and access to perform actions on said network device. The invention further relates to a network device adapted to manage network-based accessibility to said network device, wherein accessibility defines access to information on said network device and access to perform actions on said network device.
It is well known that the application of computers and especially mobile computer devices with Internet access has increased enormously in the last years. At the same time the security breaches have increased dramatically. Examples are viruses that can invade and destroy information on a user's disc, unauthorized agents that can steal credit card numbers or that confidential business files can be copied or distributed in a way that directly affects revenues. It is because of such examples that users have become more security-aware and tend to favor applications in which their privacy is better guarded. An example of a security application is java-security, where local sandbox technology is used to protect the functioning of the device from malicious downloaded applets (http://java.sun.com/marketing/collateral/security.html). Similar to the problem of downloading is the situation of remote update of a device where an external code is downloaded and local operations are initiated remotely. In such a situation, a device is completely under control of the remote operator. The device user has to trust that his privacy will be respected by the remote operator. Remote Management is beneficial for a user, for example to troubleshoot problems that the user experiences with a device, or to suggest software updates or configuration changes for the devices.
It is the object of the present invention to solve the before mentioned problems. This is obtained by a method of managing network-based accessibility to a network device operated by a user, wherein accessibility defines access to information on said network device and access to perform actions on said network device, wherein the managing is based on one or more user selections; said method comprising the steps of: - enabling said user to select between one or more predefined accessing levels, each accessing level defining different levels of accessibility to said network device, and setting up said network device so that the accessibility will be managed based on said predefined user selected accessing level. Thereby, by selecting one or more accessing levels, the user can limit the access to the data and the access to perform an action on the network device and therefore be fully in control of the network device. The data can comprise information relating to the hardware or device configuration of said network device. The data could alternatively comprise the usage statistics such as data about the time the device was turned on. Further, data could comprise user's personal information. It is essential that the information on the network device is grouped according to some predefined grouping criteria, e.g. personal group comprising personal data, hardware related group, software related group, in order to make accessibility to this information easier. Other grouping criteria would of course also be possible. In one embodiment the accessibility defined by each accessing level defines an action where two or more groups of information are accessed simultaneously from a single accessing level. The invention further relates to a computer readable medium having stored therein instructions for causing a processing unit to execute the before mentioned method. The invention further relates to a network device adapted to manage network based accessibility to said network device, wherein accessibility defines access to information on said network device and access to perform actions on said network device, and wherein the managing is based on one or more user selections; said network device comprising: means for enabling said user to select between one or more predefined accessing levels, each accessing level defining different levels of accessibility to said network device, and means for setting up said network device so that the accessibility will be managed based on said predefined user selected accessing level. In the following preferred embodiments of the invention will be described referring to figures, where Fig. 1 shows a network device adapted to manage network based accessibility to said device, Fig. 2 shows an example where the information on a user's device has been grouped into five different groups, Fig. 3 shows a flow diagram of the method of managing network based accessibility to a network device.
Fig. 1 shows a network device 103 operated by a user 101, whereby the user can select between one or more accessing levels, which define the access to groups of information on the user's device or the access to perform actions on the user's device. In this embodiment the user selects between different accessing levels displayed on a user interface 105. Thereby, by selecting one or more accessing levels, the user can e.g. limit or allow the access to the information that is being accessible under the selected accessing levels from an external agent 111, which is operating through a communication channel 109, such as the internet or intranet. The user's device 103 can as an example be a regular computer, a consumer electronics device such as a CD player or a TV set or any kind of a portable computer such as laptop or palm computer, and the external agent 111 can as an example be another computer operated by another user or by the maintainer. In order to obtain the above described functionality, the information and the actions that can be performed on the network device 103 operated by the user are grouped into a plurality of groups containing different kinds of information and actions, depending on the grouping criteria. The following example shows five different groups:
1. Information or actions relating to the configuration of the user network device, such as details about (hardware) options installed or device configurations that have been set by the user. Access to these data and actions could as an example enable a maintainer to more adequately troubleshoot any problems that the user might experience when using the device or the service rendered on it.
2. Information or actions relating to the correct functioning of the user network device, such as details about performance measurements and fault logging. Preferably, this content does not hold any relation to the user. It can only be used by the maintainer to suggest software updates or configuration changes.
3. Information or actions relating to the device usage statistics of the network device, such as data about the time the network device was turned on or the number of times it was reset by the user. Preferably these data are not entered explicitly by the user, but they are (locally) inferred from the (daily) use of the device.
4. Information or actions relating to the user preferences relating to the content that can be rendered by the device, such as what genre mo-vies the user likes, list of favorite songs etc. Preferably this data can only be entered by the user or inferred (locally) from his behavior.
5. Information or actions relating to the content data, which are the actual data stored by the user. This can be content produced or otherwise obtained by the user, such as letters, music or films. To control the accessibility to these five different groups on the user's device 103 the user 101 selects one or more accessing levels, which are displayed at the user interface 105, where at each accessing level the accessibility to these groups is defined. The accessibility defines e.g. which action can be performed on these five groups, such as whether they can only be accessed, or accessed and changed, e.g. by adding, replacing or removing information within said groups. The following example illustrates different accessing levels each defining different levels of accessibility to groups of information (such as those shown before): No remote access No information or actions are accessible. This ensures the highest degree of privacy for the user. Monitor correct functioning Only the logging data can be read, and based thereon the correct or incorrect functioning of the network device operated by the user can be verified by the maintainer or the device management. If something is found, which is not working properly, a network device management can send the user an e-mail with suggested changes. Allowed remote commands could e.g. be: getLoggingData. Suggest improvements Information relating to logging data and configuration parameters may be read to troubleshoot more effectively. Suggestions can be sent to the user by the maintainer or a device management. En example of allowed remote commands could be: getLoggingData, getConfigurationParameters.
Change configuration parameters The logging and configuration information can be read and changed (or deleted if appropriate), e.g. by the maintainer or the device management, thereby optimizing the function of the network device. Allowed remote commands could be: get LoggingData, getConfigurationParameters, setConfigurationParameters.
Updating and adapting network device software On this level the device management has all possibilities of the preceding level, and it can download new software to the network device operated by the user. The user keeps an up-to-date network device without any configuration effort from his side. No personal information to the user is revealed to the outside world. Allowed remote commands: getLoggingData, getConfigurationParameters, setConfigurationParameters, installNewSWVersion. Updating and adapting service software On this level the network device management has the possibilities of the preceding level and the possibility to install extra software. No access to user preferences from the outside world. Allowed remote commands: getLoggingData, getConfigurationParameters, setConfigurationParameters, installNewSWVersion, installSWComponent, deleteSWComonent.
Read user profiles The access as defined above in the above levels. Further, there is read access to the network device usage statistics and content related to user preferences to suggest and provide new content. Allowed remote command: getLoggingData, getConfigurationParameters, setConfigurationParameters, installNewSWVersion, installSWComponent, deleteSWComonent, getUserPreferences. Fig. 2 shows an example where the information on a device and actions that can be performed on the device have been grouped into five different groups. These five groups can as example be considered as the five groups described earlier. The first group is marked as 201, the second as 205 and the last as 211. In this example four different accessing levels have been defined, each accessing level defining different accessibility to the groups.
The definition for the accessibility is stored at storage means 202 of the user's device, e.g. using a linking table linking accessing level identification with the defined accessibility. The first accessing level 203 (l.Ac_a) has an access to the first 201 and the second 205 group, the second accessing level 207 (2.Ac_b) also has an access to the first 201 and the second 205 group, and the last accessing level 209 (4.Ac_e) has an access to the last group 211. Here the difference between the first two accessing levels 203, 207 could be due to different definitions of accessibilities in the accessing levels. In the first accessing level 203 the accessibility could define read-only actions, whereas in the second accessing level 207 the accessibility could define read-and write actions. Fig. 3 shows a flow diagram where the accessibility to a user's device is defined. First the user decides on the accessibility to information on the device 301 (D_A), wherein the information is grouped into different groups according to specific grouping criteria, such as a group comprising personal data, a hardware related group, a software related group etc. The user can select one or more accessing levels 303 (A_L) from a user interface where each accessing level defines accessibility to said groups of data. Selecting one or more accessing levels can, as described under Fig. 1, be done through a user interface where the user selects one or more accessing levels displayed on the user screen. The selected accessing levels are stored 305 (S_D) and used to activate the accessibility to said different groups of information of the user's device as well as the actions to be allowed on said information (e.g. read only access, read and write access) 307 (A_D). Thereby the user has defined his own accessibility and actions to the groups of information of the user's device. Preferably the user can at any time amend the accessibility to his network device 307 (A_D) by repeating these steps 309. It should be noted that the above-mentioned embodiments illustrate rather than limit the invention, and that those skilled in the art will be able to design many alternative embodiments without departing from the scope of the appended claims. In the claims, any reference signs placed between parentheses shall not be construed as limiting the claim. The word 'comprising' does not exclude the presence of other elements or steps than those listed in a claim. The invention can be implemented by means of hardware comprising several distinct elements, and by means of a suitably programmed computer. In a device claim enumerating several means, several of these means can be embodied by one and the same item of hardware. The mere fact that certain measures are recited in mutually different dependent claims does not indicate that a combination of these measures cannot be used to advantage.

Claims

CLAIMS:
1. A method of managing network-based accessibility to a network device operated by a user, wherein accessibility defines access to information on said network device and access to perform actions on said network device, wherein the managing is based on one or more user selections; said method comprising the steps of: - enabling said user to select between one or more predefined accessing levels, each accessing level defining different levels of accessibility to said network device, and setting up said network device so that the accessibility will be managed based on said predefined user selected accessing level.
2. A method according to claim 1, wherein the network-based accessibility is related to remote management of said network device.
3. A method according to claim 1 -2, wherein said accessing levels define accessibility to information on hardware or device configuration of said network device.
4. A method according to claim 1 -3, wherein said accessing levels define accessibility to information on usage statistics of said network device.
5. A method according to claim 1 -4, wherein said accessing levels define accessibility to information on the user's personal data of said network device.
6. A computer readable medium having stored therein instructions for causing a processing unit to execute the method of claim 1-5.
7. A network device adapted to manage network based accessibility to said network device, wherein accessibility defines access to information on said network device and access to perform actions on said network device, and wherein the managing is based on one or more user selections; said network device comprising: means for enabling said user to select between one or more predefined accessing levels, each accessing level defining different levels of accessibility to said network device, and means for setting up said network device so that the accessibility will be managed based on said predefined user selected accessing level.
PCT/IB2005/050874 2004-03-17 2005-03-11 Remote device management system WO2005091584A2 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
EP04101082 2004-03-17
EP04101082.8 2004-03-17

Publications (2)

Publication Number Publication Date
WO2005091584A2 true WO2005091584A2 (en) 2005-09-29
WO2005091584A3 WO2005091584A3 (en) 2006-03-02

Family

ID=34994445

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2005/050874 WO2005091584A2 (en) 2004-03-17 2005-03-11 Remote device management system

Country Status (1)

Country Link
WO (1) WO2005091584A2 (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2001037517A2 (en) * 1999-11-03 2001-05-25 Wayport, Inc. Distributed network communication system which enables multiple network providers to use a common distributed network infrastructure
US20030051038A1 (en) * 2000-03-01 2003-03-13 Steven Spicer Network resource control sytem

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2001037517A2 (en) * 1999-11-03 2001-05-25 Wayport, Inc. Distributed network communication system which enables multiple network providers to use a common distributed network infrastructure
US20030051038A1 (en) * 2000-03-01 2003-03-13 Steven Spicer Network resource control sytem

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
JUNOS: "Chapter 21: Configure User Access" INTERNET SOFTWARE CONFIGURATION GUIDE GETTING STARTED RELEASE 5.7, [Online] 19 March 2003 (2003-03-19), pages 267-280, XP002352421 Internet Retrieved from the Internet: URL:http://www.juniper.net/techpubs/softwa re/junos/junos57/swconfig57-getting-starte d/download/sys-mgmt-access.pdf> [retrieved on 2005-10-31] *

Also Published As

Publication number Publication date
WO2005091584A3 (en) 2006-03-02

Similar Documents

Publication Publication Date Title
US7574660B2 (en) Method and system for service-enablement gateway and its service portal
US8539604B2 (en) Method, system and program product for versioning access control settings
US6871193B1 (en) Method and system for partitioned service-enablement gateway with utility and consumer services
CN104484599B (en) A kind of behavior treating method and apparatus based on application program
US7730480B2 (en) System and method for creating a pattern installation by cloning software installed another computer
US8166406B1 (en) Internet privacy user interface
CN103562928B (en) For stopping the method and apparatus using and follow the tracks of
US7743336B2 (en) Widget security
JP5749814B2 (en) Dynamic device configuration using predicates
US8056092B2 (en) Method and apparatus for widget-container hosting and generation
US5875327A (en) Hierarchy of preferences and preference groups
US20110231927A1 (en) Internet Mediation
US9009728B2 (en) Method and apparatus for widget and widget-container distribution control based on content rules
EP2775416A2 (en) Apparatus and method for configuring password and for releasing lock
US9274774B2 (en) Common installer server
EP3374857B1 (en) Dashboard as remote computing services
WO2008012210A1 (en) Install item filter for install program
US10484388B2 (en) Span of responsibility access control system
CN106850509B (en) Network access control method and device
US7908652B1 (en) Detection of observers and countermeasures against observers
US9891902B2 (en) Performing administrative tasks associated with a network-attached storage system at a client
WO2005091584A2 (en) Remote device management system
US20110231890A1 (en) Systems and Methods for Managing Internet Access
KR20110120545A (en) Apparatus and method for blocking harmful movie in computer
KR101658912B1 (en) Method, user device and computer program for providing virtual browser

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SM SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): BW GH GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LT LU MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase in:

Ref country code: DE

WWW Wipo information: withdrawn in national office

Country of ref document: DE

122 Ep: pct application non-entry in european phase