WO2006074258A2 - Plateforme pour dispositif mobile - Google Patents

Plateforme pour dispositif mobile Download PDF

Info

Publication number
WO2006074258A2
WO2006074258A2 PCT/US2006/000240 US2006000240W WO2006074258A2 WO 2006074258 A2 WO2006074258 A2 WO 2006074258A2 US 2006000240 W US2006000240 W US 2006000240W WO 2006074258 A2 WO2006074258 A2 WO 2006074258A2
Authority
WO
WIPO (PCT)
Prior art keywords
mobility device
recited
data
cooperating
mobility
Prior art date
Application number
PCT/US2006/000240
Other languages
English (en)
Other versions
WO2006074258A3 (fr
Inventor
Peter Bookman
Rick White
Michael Anderer
Original Assignee
Realm Systems, Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Realm Systems, Inc. filed Critical Realm Systems, Inc.
Publication of WO2006074258A2 publication Critical patent/WO2006074258A2/fr
Publication of WO2006074258A3 publication Critical patent/WO2006074258A3/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/2854Wide area networks, e.g. public data networks
    • H04L12/2856Access arrangements, e.g. Internet access
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/18Multiprotocol handlers, e.g. single devices capable of handling multiple protocols

Definitions

  • the herein described systems and methods relate to mobile computing technologies, and more importantly, to a mobility device platform.
  • a computer user may wish to have their financial planning and management data from his/her financial planning and management computing application (e.g. Quicken, Microsoft Money) with them at all times to address any payments that might spring up (e.g. a lapsed bill).
  • his/her financial planning and management computing application e.g. Quicken, Microsoft Money
  • the computing user is relegated to install the financial planning and management computing application and data on each of his/her computing environments (including his/her corporate computer — which may be in violation of corporate computing policies and procedures) so that he/she can have access to this desired data.
  • enterprises may wish to effectively and immediately terminate all access to sensitive corporate data from employees who are to be terminated. Under current practices that are based on device-centric computing, the employee is asked to turn in their computing environments (e.g.
  • the end-user is offered two user experiences - the experience encountered when interfacing with a conventional computing environment and the experience encountered when interfacing with the mobile device (e.g., small display screen, modified user peripherals, etc.).
  • a user's experience is different with current mobile computing practices.
  • current mobile computing practices do not afford the user the ability to "carry" their personal computing environment preferences, user rights, privileges, authorizations, and authentication data.
  • an end- user often, is relegated to having two different custom settings/preferences for their mobile computing environment and their non-mobile computing environment.
  • an end-user is not offered a complete seamless transition as the end-user switches between a mobile and non-mobile computing environment.
  • an end-user is often relegated to customizing the various computing environments manually and, moreover, having to manually re-authenticate themselves when interfacing with cooperating server computing environments.
  • the inability to carry custom settings/preferences forecloses an end- users ability to interface with disparate computing environments (e.g., enterprise computing environment, personal home computing environment, automotive computing environment, consumer electronic computing environment, media sharing computing environment, etc) without relegating manual customization, configuration, authentication, and verification by the end-user with each of the disparate computing environments.
  • disparate computing environments e.g., enterprise computing environment, personal home computing environment, automotive computing environment, consumer electronic computing environment, media sharing computing environment, etc
  • an exemplary mobility device platform allowing for mobile computing is provided.
  • an exemplary mobility device platform comprises a mobility device operable to communicate with at least one host environment through a selected communications interface, a communications network operable to communicate data and computing applications, and a mobility device management server operable to generate, process, store, communicate and encrypt data and/or applications to the mobility device.
  • the mobility device management server can be operable to perform one or more mobility device management functions for a cooperating mobility device.
  • the exemplary mobility device can be configured for use on a cooperating host environment according to a selected trust model, hi the illustrative operation, the selected trust model can instruct the mobility device to cooperate with the host environment to communicate custom settings/preferences (e.g., persona) to the host environment (e.g., presentation of an aura).
  • the mobility device can cooperate with the host environment to control one or more processing and memory functions of the host environment.
  • the mobility device can cooperate with the host environment to have access to one or more input peripherals of the host environment as well as host environment power sources.
  • the mobility device can establish communications with cooperating one or more mobility device management servers using a selected trust model.
  • the mobility device management server can communicate data and/or applications (including custom settings, custom preferences, and content licenses (e.g., digital management rights)) to cooperating mobility device according to one or more instructions provided by the selected trust model.
  • the selected trust model can comprise instructions for the mobility device management server to perform one or more functions for a cooperating mobility device including but not limited to authentication, encryption, verification, provisioning, administration, content licensing/rights management, and monitoring.
  • Figure 1 is a block diagram of an exemplary computing environment in accordance with an implementation of the herein described systems and methods
  • Figure 2 is a block diagram of an exemplary computing network environment in accordance with the herein described system and methods
  • Figure 3 is a block diagram showing an illustrative interaction between exemplary computing components in accordance with the herein described systems and methods;
  • FIG. 4 is a block diagram of an illustrative implementation of a mobility device platform in accordance with the herein described systems and methods;
  • FIG. 5 is a block diagram of another illustrative implementation of a mobility device platform in accordance with the herein described systems and methods;
  • Figure 6 is a block diagram showing the deployment of a trust model between a mobility device and a host environment in accordance with the herein described systems and methods;
  • Figure 7 is a block diagram showing the interaction of exemplary components when presenting a stored persona as an aura on a cooperating host environment in accordance with the herein described systems and methods;
  • Figure 8 is a block diagram showing the deployment of a mobile desktop environment in accordance with the herein described systems and methods
  • Figure 9 is a flow diagram of processing performed to configure an illustrative implementation of a mobility device platform in accordance with the herein described systems and methods;
  • Figure 10 is a flow diagram of processing performed by an illustrative implementation of a mobility device platform in accordance with the herein described systems and methods;
  • FIG. 11 is a flow diagram of processing performed by another illustrative implementation of a mobility device platform in accordance with the herein described systems and methods;
  • Figure 12 is a flow diagram of processing performed by another illustrative implementation of a mobility device platform in accordance with the herein described systems and methods;
  • Figure 13 is a flow diagram of processing performed by an illustrative implementation of a mobility device platform when employing a selected trust model in accordance with the herein described systems and methods;
  • Figure 14 is a flow diagram of processing performed by an illustrative implementation of a mobility device platform when presenting a persona as an aura in accordance with the herein described systems and methods;
  • Figure 15 is a block diagram showing the deployment of a mobility device on a municipal broadband data grid in accordance with the herein described systems and methods.
  • the herein described systems and methods offer a "user-centric” approach to computing and mobile computing.
  • Current computing solutions enterprise or individual, are generally designed using a “device-centric” model.
  • the device-centric model aims at managing and tracking users based on device assignments and designations.
  • Current "device-centric” computing practices are cumbersome and offer limited capabilities.
  • DRM digital rights management
  • user authorizations e.g., online passwords and user ids
  • user privileges e.g., access to enterprise data
  • user custom preferences e.g., web browser bookmarks, the dim level of a room in the user's house controlled by a home automation system, the position of a steering wheel and/or driver's seat in a user's car that is controlled by an electronic automotive control system
  • a participating user is currently charged with customizing each cooperating electronic environment that the participating user controls.
  • the participating user since with current practices, the participating user is not offered a centralized customization capability so that the custom preferences, user rights, user privileges, and user authentications can be accessed and deployed in the cooperating electronic environment.
  • Such inability results in a lack of optimization of the available features and operations of the cooperating electronic environments.
  • a participating user is relegated to customize their work computer with their preferences, rights, authentications, and privileges and have to do the same with their home computer, their personal digital assistant, their mobile telephone, their home automation system, their automotive automation system, etc.
  • the enterprise computing environment may comprise a number of server computing environments and numerous client computing environments.
  • each user in the enterprise is provisioned client computing environment (e.g. personal computer or laptop computer) that is generally networked to the server computing environment through the enterprise communications interface or, if the user is remote to the enterprise communications network, through a virtual private network (VPN).
  • client computing environment e.g. personal computer or laptop computer
  • VPN virtual private network
  • the users are provided user identification information and password information through a directory services structure that associates user rights and privileges to certain enterprise data and computing applications.
  • the herein described systems and methods aim to ameliorate the shortcomings of existing practices by providing a mobility device platform (MDP) designed using a "user-centric" model.
  • the mobility device platform comprises at least one mobility device (MD) operable to communicate with one or more cooperating computing environments (e.g.
  • the mobility device platform can comprise one or more mobility device management servers (MDMS) that operate to authenticate and verify and provide user and device management/administration for cooperating mobility devices and their users.
  • MDMS mobility device management servers
  • the mobility device management servers can operate to provide data and applications to the mobility device.
  • the mobility device may cooperate with one or more computing environments invoking one or more work spaces to process data.
  • the data may be executed from computing applications local to the MD, or the MD may cooperate with one or more MDMS to obtain the desired data.
  • the MDMS can operate to authenticate requesting MDs to ensure that they have the rights and privileges to the requested data and to verify the persona of the MD.
  • the MDMS can cooperate with third party data providers to obtain requested data.
  • the MDMS can act to translate the data from a non-MD native data format to a native MD data.
  • the MDMS and MD can engage in 1028 bit and/or 2056 bit encryption (e.g. PKI encryption) using user and device authentication and verification information. Additionally, the MD can operate to store the participating user's customized settings and preferences local to the MD so they are available to the user at all times. Further, the MD and MDMS can execute a selected trust model (e.g., bi-lateral trust arbitration) as part of the device/user authentication/verification and data encryption processes. Additionally, the selected trust model can be deployed by the MD on the cooperating electronic host environment to project a persona (e.g., customized settings, privileges, rights, and authentications) to the cooperating electronic host environment to generate an aura (e.g., a projected persona).
  • a persona e.g., customized settings, privileges, rights, and authentications
  • the mobility device platform can allow for trust-enabled mobile computing, hi the illustrative implementation, the selected trust model can comprise encryption keys to allow for the encrypted communication of data between a cooperating mobility device management server and cooperating mobility devices, an authentication protocol that provides instructions for the authentication of cooperating mobility devices, and a verification protocol that provides instructions for the verification of cooperating mobility devices requesting data from the mobility device management server.
  • the selected trust model can comprise a plurality of modalities for authentication and verification of cooperating mobility devices such as bionietric authentication/verification and fortified query authentication/verification.
  • the trust model can also leverage custom settings known as personas to project an aura between the mobility device and a cooperating computing environment.
  • the exemplary mobility device can operate on its own power supply to support an independent (i.e., independent from the cooperating computing environment) personalized and portable computing and/or operations control environment.
  • the exemplary mobility device can operate using power from a cooperating communications interface (e.g., powered Ethernet) to support an independent (i.e., independent from the cooperating computing environment) personalized and portable computing and/or operations control environment, hi the illustrative implementation, the mobility device can operate according to a parasitic and/or redundant power protocol.
  • a cooperating communications interface e.g., powered Ethernet
  • independent i.e., independent from the cooperating computing environment
  • the mobility device can operate according to a parasitic and/or redundant power protocol.
  • a parasitic power protocol can comprise a method in which the mobility device first draws power from the cooperating computing environment and, in the instance that power supply becomes unavailable, being able to draw power from a power sources found on the mobility device. Further a parasitic power protocol can include the following instructions: 1) powering the mobility device, 2) charging the mobility device, 3) powering the mobility device, 4) powering the mobility device while also charging an energy store on the mobility device, 3) powering the mobility device while also discharging (drawing from) an exemplary energy store.
  • Some power sources for the mobility device can include but are not limited to, 1) power charger (direct), 2) power-over-Ethernet, 3) power-over- USB, 4) power-over-FireWire, 5) power-over-PCI-express, 6) any serial or parallel physical input/output channel, and 7) any serial or parallel wireless input/output channel (e.g., RFID, GPRS).
  • Some power storage devices can include one or more of following, 1) battery, 2) fuel cell, 3) capacitor, and 4) fly wheel.
  • an exemplary parasitic power protocol can comprise the instruction which can be executed by the mobility device to overdraw(discharge) from multiple power sources or stores when performance demands require it, and under- draw/charge from one or two sources to one or more stores when performance demands allow it.
  • a redundant power protocol can comprise having more than one power source for the mobility device such that operation is not comprised if one of the more than one power supplies fails.
  • the mobility device can present itself to the cooperating computing environment as one of peripheral devices including but not limited to any peripheral device operating on various interface ports (e.g., IEEE spec ports, video port, peripheral ports, display ports, etc.).
  • the mobility device can also present itself to the cooperating computing environment as an external flash storage drive with the appearance of containing two files, e.g., "in” file and "out” files.
  • an exemplary network routing process operating on the mobility device can drop (and pick up) data communication frames (e.g., Ethernet frames) to/from the flash resident "in” and "out” files.
  • the presented flash resident files can operate to stream block input/output interfaces to processes running on the exemplary mobility device.
  • the mobility device can operate in a manner to process, store, and retrieve forensic evidence.
  • forensic evidence can be stored in a secure container within the mobility device.
  • the secure container can comprise hardware, firmware, and software components so as to reduce opportunities for mischief.
  • the mobility device in being able to handle forensic evidence can be used to comply with higher expectations relating to evidentiary procedure.
  • the mobility device platform can provide a computer network system that provides a mobility device having a customizable and portable desktop computing environment ("Mobile Desktop Environment (MDE)").
  • MDE Mobile Desktop Environment
  • the MDE can be presented to a cooperating electronic host environment to allow participating users controls over the MD using one or more peripherals of the cooperating electronic host environment.
  • the MDE can be used to retrieve data from the MD (or a cooperating one or more of MDMS) as well as launch executables for execution on the MD (e.g., the executables found on the MD and/or provided by a cooperating one or more of the MDMS).
  • the executables can be displayed by the MD through a display device of the cooperating electronic host environment (e.g., in this context the cooperating electronic host enviorment can include but is not limited to a personal copmuter, laptop computer, or the like).
  • the mobility device platform can comprise a mobile personal server (MPS) that is capable of porting and operating on applications and data files across a plurality of cooperating electronic host environments.
  • the MPS can maintain the required computing power and memory to accomplish such porting and operating functions.
  • the MPS can be used as a local data/applications server to a cooperating electronic host environment such that a participating user can access desired data and/or applications (e.g., executables) from the MPS.
  • the mobility device of an exemplary mobility device platform can present itself to the cooperating electronic host environment as one or more accepted peripherals to allow the mobility device to "mount" onto the cooperating electronic host environment.
  • the mobility device can be operable to configure any physical or virtual device through a selected USB/CD-ROM startup procedure.
  • the mobility device can operated to create a "pass-through" device driver so that the required output driver can be virtualized remotely.
  • the mobility device that which can be presented to the cooperating electronic host environment as a USB/CD-ROM can operate to load software onto the cooperating electronic host environment such that the loaded software can probe the cooperating electronic host environment to retrieve an IP address, hi the illustrative operation, the retrieved IP address can be transferred to the mobility device so the mobility device can re-present itself to the cooperating electronic host environment as a USB/Ethernet-network interface card (NIC) and not as a virtual hub (e.g., USB/CD-ROM device).
  • NIC USB/Ethernet-network interface card
  • the USB/CD-ROM presented mobility device can read sequentially one file name from four sets of empty files in selected data storage locations.
  • each of the file names can have a name such that it can be a number from 0 to 255.
  • the mobility device acting as a USB/CD-ROM device can operate to interpret the file name from each of the four sets of empty files to be a part of an IP address (e.g., reading f0/[0-255].fl/[0-255].f3[0- 255].f4[0-255j).
  • the mobility device can un-mount as a USB/CD-ROM and remount as a NIC configured to the IP address that the mobility device interpreted.
  • the mobility device can present itself to the cooperating electronic host environment as two files (e.g., an input file and an output file). This presentation allows the mobility device to interact with the cooperating electronic host environment without conflicting with firewall protections found on the cooperating electronic host environment.
  • the input file can be used by the mobility device to present data/executables to the cooperating host environment and the output file can be used to present data/executables/instructions to the mobility device.
  • the mobility device can comprise software and/or hardware components that allow the mobility device to securely boot the operating system found on the mobility device and to allow the mobility device to load and execute trusted (e.g., signed) software code segments onto a cooperating electronic host environment.
  • the mobility device performs a secure boot of the mobility device operating system which is completely independent of any operating system found on a cooperating electronic host environment.
  • the secure boot of the mobility device operating system can be accomplished by discrete hardware and software components found on the mobility device including but not limited to secure memory elements, redundant and compartmentalized processing elements, and selected instructions instructing the discrete hardware components to perform a secure boot operation.
  • the mobility device can comprise software and/or hardware components that allow the mobility device to boot the mobility device within a cooperating electronic host environment.
  • the mobility device can operate to perform a selected parasitic injection and configuration of the cooperating electronic host environment to allow the mobility device and cooperating electronic host environment to operate together (e.g., to boot up together) as if the mobility device and cooperating electronic host environment were not operating independently.
  • the exemplary mobility device platform can provide base infrastructure services for operation and deployment on cooperating electronic host environments as accomplished by cooperation between the various components of the exemplary mobility device platform (e.g., mobility device, cooperating electronic host environment, and mobility device management server).
  • the exemplary mobility device platform can comprises a license management engine capable of separating license grants from bundles of content, which in turn can enable flexible and secure content distribution and licensing models including but not limited to pass-through license transfers.
  • the licensing engine can reside as hardware and/or software on the mobility device and/or mobility device management server.
  • a license grant can be purchased by a participating user of the mobility device and stored on the mobility device.
  • the stored license grant can then be communicated for storage and processing on one or more cooperating mobility device management servers for subsequent use.
  • a participating user can invoke the purchased license grant by deploying the mobility device on a cooperating electronic host environment (e.g., a participating user purchases an expiring license to a movie and uses the mobility device on a cooperating digital video recorder (DVR) to invoke the purchased license; responsive to the invocation of the license, the DVR can cooperate with cooperating components - e.g., MDMS and/or content servers having the movie content, to retrieve the movie for display to the participating user).
  • cooperating electronic host environment e.g., a participating user purchases an expiring license to a movie and uses the mobility device on a cooperating digital video recorder (DVR) to invoke the purchased license; responsive to the invocation of the license, the DVR can cooperate with cooperating components - e.g., MDMS and/or content servers having the movie content, to retrieve the movie for display to the participating user).
  • cooperating components e.g.
  • the exemplary mobility device platform can comprise a role definition and management engine that can be operable to separate the roles of a participating user (e.g., roles that a participating user may play — e.g., persona) and host the associated security elements (e.g., encryption keys), user profiles, files, and content separately and securely from each other to avoid overlap and contamination of such role information.
  • the role definition and management engine can reside as hardware and/or software on the mobility device and/or mobility device management server.
  • the persona can be projected onto a cooperating electronic host environment to generate an aura for use and execution on the cooperating electronic host environment.
  • the exemplary mobility device platform comprises a mobility device capable of injecting a BIOS and/or virtual machine onto a cooperating electronic host environment such that applications can be executed on the injected virtual machine through a selected license borrowing paradigm.
  • the mobility device can identity the license grants available to the mobility device by the cooperating electronic host environment.
  • the mobility device can operate to inject a virtual machine (and/or required BIOS) onto the cooperating electronic host environment and can execute one more applications on the injected virtual machine using one or more licenses grant found on the cooperating electronic host environment.
  • the cooperating electronic host environment can comprise a license to a word processing application.
  • the mobility device in an illustrative operation, can identity the word processing application license on the cooperating electronic host environment, borrow the license from the cooperating electronic host environment, and inject a virtual machine executing a separate and independent instance of the same word processing application executable on the borrowed license.
  • the exemplary mobility device platform can comprises a mobility device having one or more of the following mechanisms capable of performing one or more of the following features/operations: a mechanism for keeping attackers from changing the system clock of the mobility device or preventing the mobility device from synchronizing with a secure system clock; a mechanism for separating the roles, rights and privileges of the owner of the mobility device from the user of the mobility device, and the manager of the MPS; a mechanism for importing data from GSM cards and other electronic identity cards; a mechanism for checking state, diagnose, copy files to/from, repair, disable, backup and secure a cooperating electronic host environment; a mechanism for enabling smart documents, such as a passport with an embedded RFID tag to enable RFID reads via proximity to a user-activated mobility device (hi an illustrative operation, the passport can be activated via bio-metric data at the point of entry into a country, otherwise the passport could operate to remain deactivated).
  • the mobility device can operate such that the RFID is enabled via one or more signals: within a 'cage', which provides one signal.
  • the mobility device with optional user authentication, provides another signal, RFID tag can be read/written/zero'd/disabled, RFDD tag maybe emulated, where single 'smart' RFID tag emulates multiple 'stupid' or 'single RFID tags; a mechanism for tracking and managing smart electronic and RFID-embedded paper documents; a mechanism for providing limited access to federal law enforcement data to local law enforcement officials and vice- versa; a mechanism for providing access to local or remote financial information and applications with or without single-sign-on.
  • the mobility device can further comprise one or more of the following mechanisms operating to perform one or more of the following operations/features: a mechanism for discretely and granularly selecting which pieces of medical data will be provided to a participant in the health care system; a mechanism for allowing doctors roaming access to computing resources while maintaining compliance with Health Insurance Portability and Accountability Act (HIPAA) regulations; a mechanism for indicating to environmental controllers (e.g. home, car) the preferences of an mobility device holder in proximity to those controllers; a mechanism for providing "project trust” or mapping rights and permissions to other devices within the environment. (Policies and device profiles dictate which devices are afforded various trust levels.
  • HIPAA Health Insurance Portability and Accountability Act
  • Rights, permissions and keys can be mapped within the mobility device from the mobility device's internal "rights vault” to those required to support various digital rights management schemes.
  • Content is played in degraded form on those devices that are not highly trusted.); a mechanism for providing "melded trust” or allowing external playback devices within the local environment to utilize the content protection capabilities of the mobility device; a mechanism for automatically optimizing or manually managing the scattering and allocation of data and computational resources for network-hosted tasks; a mechanism for providing multi-factor authentication of the user (e.g., factors can include: possession, knowledge of a secret, and a biometric such as fingerprint); a mechanism for providing that intermittently connected devices can be correlated with "always-running” processes or software agents with the ability to "park” the mobility device based on manual configuration or an automatically based on parameters of the mobility device and/or cooperating electronic host environment including: operating environment computational capacity (MIPS) and scalability, security of the operating environment, content licensing (rights management) capability, system management capabilities, operating environment stability (
  • the mobility device can further comprise one or more of the following mechanisms operating to perform one or more of the following operations/features: a mechanism to import or export global system for mobile communications (GSM) data via a wired or wireless link (e.g., the GSM data can then be projected and managed), a mechanism to connect to a high-resolution screen; a mechanism to track internet access usage by user or software program, and cache access pattern information, and specific content; connectivity to a network through powered Ethernet.
  • GSM global system for mobile communications
  • the mobility device platform can further comprise one or more of the following mechanisms operating to perform one or more of the following operations/features: provides for a platform to allow for dynamic and effective project collaboration using expiring user rights and authentication; provides for a per-use (per-use of feature) licensing model for applications and services; provides for content aggregation of application drivers; provides for content integration and single-sign on; provides for RAM borrowing from a local environment; provides for a virtualization of a gaming system; provides for bi-directional trust arbitration to allow extended security perimeters of existing services models; provides for multi authentication of a user using a selected sequence of finge ⁇ rint inputs (finger print is first layer, second layer of authentication is through sequence of finger prints - i.e., first third and fourth finger).
  • a web service can be defined as any information source running business logic processes conveniently packaged for use by an application or end-user.
  • Web services are increasingly becoming the means through which one can provide functionality over a network.
  • Web services typically include some combination of programming and data that are made available from an application server for end users and other network-connected application programs. Web services range from such services as storage management and customer relationship management down to much more limited services such as the furnishing of a stock quote and the checking of bids for an auction item.
  • WSDL Web Services Description Language
  • XML Extensible Markup Language
  • the operations and messages are described abstractly, and then bound to a concrete network protocol and message format to define an endpoint.
  • Related concrete endpoints are combined into abstract endpoints (services).
  • the advocated web service usage model is generally as follows. [0065] (1) Services are implemented and deployed on one site, often referred to as the server side.
  • UDDI Universal Description, Discovery, and Integration
  • Client applications use web services at another site, often referred to as the client side, by first interpreting one or more WSDL documents. Once interpreted, the clients can understand the characteristics of the associated service(s). For example, service characteristics may include service API specifications such as (a) input data type, (b) service input data format, (c) service access mechanism or style (e.g., RPC versus messaging), and (d) related encoding format.
  • service API specifications such as (a) input data type, (b) service input data format, (c) service access mechanism or style (e.g., RPC versus messaging), and (d) related encoding format.
  • Client applications invoke a particular service according to the manner specified for the service, such as in an associated WSDL document.
  • a mobility device platform having a mobile device management server which includes, among other things, a web services translation module operative to accept data from web services web services providers and present them in a web service model native to cooperating mobility devices.
  • HTTP hyper-text transfer protocol
  • FTP file transport protocol
  • simple object access protocol can be considered to be message content.
  • SOAP can be used in various operations including but not limited to file transfer, message transfer, notification, request/response, and asynchronous request/response.
  • message content formats can include but are not limited to hyper-text mark-up language (HTML), extensible mark-up language (XML),
  • SOAP Simple Object Access Protocol
  • RPC Remote Procedure Call style
  • a SOAP message consists of a SOAP envelope that encloses two data structures, the SOAP header and the SOAP body, and information about the name spaces used to define them.
  • the header is optional; when present, it conveys information about the request defined in the SOAP body. For example, it might contain transactional, security, contextual, or user profile information.
  • the body contains a Web Service request or reply to a request in XML format.
  • the high-level structure of a SOAP message is shown in the following figure.
  • SOAP messages when used to carry Web Service requests and responses, can conform to the web services definition language (WSDL) definition of available Web
  • WSDL web services definition language
  • WSDL can define the SOAP message used to access the Web Services, the protocols over which such SOAP messages can be exchanged, and the Internet locations where these Web Services can be accessed.
  • the WSDL descriptors can reside in UDDI or other directory services, and they can also be provided via configuration or other means such as in the body of SOAP request replies.
  • the SOAP client uses an XML document that conforms to the SOAP specification and which contains a request for the service.
  • the SOAP client sends the document to a SOAP server, and the SOAP servlet running on the server handles the document using, for example, HTTP or HTTPS.
  • the Web service receives the SOAP message, and dispatches the message as a service invocation to the application providing the requested service.
  • a response from the service is returned to the SOAP server, again using the
  • SOAP is described herein as a communication protocol for the herein described systems and methods that such description is merely illustrative as the herein described systems and methods may employ various communication protocols and messaging standards.
  • FIG. 1 depicts an exemplary computing system 100 in accordance with herein described system and methods.
  • Computing system 100 is capable of executing a variety of operating systems 180 and computing applications 180' (e.g. web browser and mobile desktop environment) operable on operating system 180.
  • Exemplary computing system 100 is controlled primarily by computer readable instructions, which may be in the form of software, where and how such software is stored or accessed. Such software may be executed within central processing unit (CPU) 110 to cause data processing system 100 to do work.
  • CPU central processing unit
  • central processing unit 110 is implemented by micro-electronic chips CPUs called microprocessors.
  • Coprocessor 115 is an optional processor, distinct from main CPU 110, that performs additional functions or assists CPU 110.
  • CPU 110 may be connected to coprocessor 115 through interconnect 112.
  • coprocessor One common type of coprocessor is the floatingpoint coprocessor, also called a numeric or math coprocessor, which is designed to perform numeric calculations faster and better than general-purpose CPU 110.
  • the floatingpoint coprocessor also called a numeric or math coprocessor, which is designed to perform numeric calculations faster and better than general-purpose CPU 110.
  • CPU 110 fetches, decodes, and executes instructions, and transfers information to and from other resources via the computer's main data-transfer path, system bus 105.
  • System bus 105 typically includes data lines for sending data, address lines for sending addresses, and control lines for sending interrupts and for operating the system bus.
  • PCI Peripheral Component Interconnect
  • Some of today's advanced busses provide a function called bus arbitration that regulates access to the bus by extension cards, controllers, and CPU 110. Devices that attach to these busses and arbitrate to take over the bus are called bus masters.
  • Bus master support also allows multiprocessor configurations of the busses to be created by the addition of bus master adapters containing a processor and its support chips.
  • Memory devices coupled to system bus 105 include random access memory (RAM) 125 and read only memory (ROM) 130. Such memories include circuitry that allows information to be stored and retrieved. ROMs 130 generally contain stored data that cannot be modified. Data stored in RAM 125 can be read or changed by CPU 110 or other hardware devices. Access to RAM 125 and/or ROM 130 may be controlled by memory controller 120. Memory controller 120 may provide an address translation function that translates virtual addresses into physical addresses as instructions are executed. Memory controller 120 may also provide a memory protection function that isolates processes within the system and isolates system processes from user processes.
  • computing system 100 may contain peripherals controller 135 responsible for communicating instructions from CPU 110 to peripherals, such as, printer 140, keyboard 145, mouse 150, and data storage drive 155.
  • peripherals controller 135 responsible for communicating instructions from CPU 110 to peripherals, such as, printer 140, keyboard 145, mouse 150, and data storage drive 155.
  • Display 165 which is controlled by display controller 163, is used to display visual output generated by computing system 100. Such visual output may include text, graphics, animated graphics, and video. Display 165 maybe implemented with a CRT- based video display, an LCD-based flat-panel display, gas plasma-based flat-panel display, a touch-panel, or other display forms. Display controller 163 includes electronic components required to generate a video signal that is sent to display 165.
  • computing system 100 may contain network adaptor 170 which may be used to connect computing system 100 to an external communication network 160.
  • Communications network 160 may provide computer users with means of communicating and transferring software and information electronically. Additionally, communications network 160 may provide distributed processing, which involves several computers and the sharing of workloads or cooperative efforts in performing a task. It will be appreciated that the network connections shown are exemplary and other means of establishing a communications link between the computers may be used.
  • exemplary computer system 100 is merely illustrative of a computing environment in which the herein described systems and methods may operate and does not limit the implementation of the herein described systems and methods in computing environments having differing components and configurations as the inventive concepts described herein may be implemented in various computing environments having various components and configurations.
  • Computing system 100 can be deployed as part of a computer network.
  • the above description for computing environments applies to both server computers and client computers deployed in a network environment.
  • Figure 2 illustrates an exemplary illustrative networked computing environment 200, with a server in communication with client computers via a communications network, in which the herein described systems and methods may be employed.
  • server 205 may be interconnected via a communications network 160 (which may be either of, or a combination of a fixed- wire or wireless LAN, WAN, intranet, extranet, peer-to-peer network, the Internet, or other communications network) with a number of client computing environments such as tablet personal computer 210, mobile telephone 215, telephone 220, personal computer 100, and personal digital assistance 225. Additionally, the herein described systems and methods may cooperate with automotive computing environments (not shown), consumer electronic computing environments (not shown), and building automated control computing environments (not shown) via communications network 160.
  • a communications network 160 which may be either of, or a combination of a fixed- wire or wireless LAN, WAN, intranet, extranet, peer-to-peer network, the Internet, or other communications network
  • client computing environments such as tablet personal computer 210, mobile telephone 215, telephone 220, personal computer 100, and personal digital assistance 225.
  • client computing environments such as tablet personal computer 210, mobile telephone 215, telephone 220, personal computer 100, and personal digital assistance 225.
  • server 205 can be dedicated computing environment servers operable to process and communicate web services to and from client computing environments 100, 210, 215, 220, and 225 via any of a number of known protocols, such as, hypertext transfer protocol (HTTP), file transfer protocol (FTP), simple object access protocol (SOAP), or wireless application protocol (WAP).
  • HTTP hypertext transfer protocol
  • FTP file transfer protocol
  • SOAP simple object access protocol
  • WAP wireless application protocol
  • Each client computing environment 100, 210, 215, 220, and 225 can be equipped with browser operating system 180 operable to support one or more computing applications such as a web browser (not shown), or a mobile desktop environment (not shown) to gain access to server computing environment 205.
  • a user may interact with a computing application running on a client computing environments to obtain desired data and/or computing applications.
  • the data and/or computing applications may be stored on server computing environment 205 and communicated to cooperating users through client computing environments 100, 210, 215, 220, and 225, over exemplary communications network 160.
  • a participating user may request access to specific data and applications housed in whole or in part on server computing environment 205 using web services transactions. These web services transactions may be communicated between client computing environments 100, 210, 215, 220, and 220 and server computing environments for processing and storage.
  • Server computing environment 205 may host computing applications, processes and applets for the generation, authentication, encryption, and communication of web services and may cooperate with other server computing environments (not shown), third party service providers (not shown), network attached storage (NAS) and storage area networks (SAN) to realize such web services transactions.
  • server computing environments not shown
  • third party service providers not shown
  • NAS network attached storage
  • SAN storage area networks
  • the systems and methods described herein can be utilized in a computer network environment having client computing environments for accessing and interacting with the network and a server computing environment for interacting with client computing environments.
  • the systems and methods providing the mobility device platform can be implemented with a variety of network-based architectures, and thus should not be limited to the example shown. The herein described systems and methods will now be described in more detail with reference to a presently illustrative implementation.
  • Figure 3 shows an exemplary interaction between the components of an exemplary mobility device platform.
  • exemplary mobility device platform 300 in simple terms, can comprise mobility device 310 cooperating with cooperating electronic host environment (CEHE)IOO using communications interface 305 operating on a selected communications protocol (not shown). Additionally, exemplary mobility device platform 300 may further comprise communications network 160 (of Figure 1) and server computing environment 205.
  • La operation mobility device may cooperate with cooperating electronic host environment 100 through communications interface 305 to execute one or more executables 180' originating from mobility device 310 and displayable for user interaction on cooperating electronic host environment 100.
  • Executable 180' may include but are not limited to, a browser application offering the look and feel of conventional operating systems, word processing applications, spreadsheets, virtual machines, content management applications, license management engine, infrastructure services, database applications, web services applications, and user management/preference applications, etc.. Additionally, mobility device 310 may cooperate with server computing environment 205 via communications network 160 using CEHE 100 to obtain data and/or computing applications in the form of web services.
  • mobility device 310 can act as a "smart cable" capable of acting as the interface for other devices (not shown) to the cooperating electronic host environment 100.
  • mobility device 310 can comprise one or more receiving interface inputs (not shown) allowing the mobility device to provide access to cooperating electronic host environment 100 to one or more other cooperating devices (e.g., personal digital assistant).
  • the access provided to the cooperating electronic host environment in the illustrative implementation, can be access to one or more peripherals coupled to cooperating electronic host environment 100 (e.g., display, keyboard, mouse, etc.
  • FIG. 4 shows the interaction of components for exemplary mobility device platform 400.
  • exemplary mobility device platform 400 comprises mobility device (MD) 405, cooperating electronic host environment (CEHE) 410, communications network 435, mobility device management server (MDMS) 420 and third party web service providers 440.
  • MD 405 further comprises processing unit (PU), operating system (OS), storage memory (RAM/ROM), and an MD communications interface.
  • MDMS 420 further comprise trust model 427, data 425, applications (e.g., executables) 430, and mobility device admin application 432.
  • MD 405 can communicate with cooperating electronic host environment 410 using one or more of MD components PU, OS, RAM/ROM and MD communications interface through MD/computing environment communications interface.
  • MD 405 can execute one or more executables (e.g., applications - not shown) that can include but are not limited to, a mobile desktop environment, user customization and authentication manager, and other executables as part of a configuration process.
  • executables e.g., applications - not shown
  • MD 405 can further cooperate with CEHE 410 to process one or more web services (e.g. web service data and/or computing applications), hi such context, MD 405 can communicate with cooperating MDMS 420 using communications network 435 request and process data and/or executables.
  • MDMS 420 may operate to authenticate MD 405 to ensure that the participating user (not shown) and mobility device 405 have the correct privileges to the requested data and/or executables according to selected trust model 427.
  • trust model 427 can comprise one or more instructions to instruct MD 405 and/or MDMS 420 to perform authentication and verification processes. Additionally, in the illustrative implementation, trust model 427 can comprise one or more parameters for use as part of the authentication/verification process.
  • MD 405 can operate to execute processes local to MD 405 and cooperate with cooperating electronic host environment 410 to display data and receive instructions/interface inputs from one or more of peripherals (not show) that can be coupled to cooperating electronic host environment.
  • MF 405 can operate to share processing of instructions and executables with the processing resources found on cooperating electronic host environment.
  • processes can be spawned, suspended, resumed, terminated, or migrated based on policy or command of MD 405.
  • an operating environment can be loaded onto cooperating electronic host environment 410 by MD 405 as part of a data processing and execution of one or more executables.
  • MDMS 420 can further operate to locate the requested data and/or executables locally to MDMS 420 and provide such requested data and/or executables (e.g., applications, services, etc.) to the authenticated MD 405 over communications network 435, or operate to cooperate with third party services providers 440 to obtain the requested data and/or executables for communication to the authenticated MD 405.
  • MDMS 420 may operate to translate the data and/or executables (e.g., originating on a legacy server and presented to MD 405 through a presentation server (not shown)) originating from third party web services providers 440 to an MD native format.
  • MDMS 420 can operate to encrypt requested data and/or executables using when satisfying requests for data and/or executables from authenticated MD 405 according to selected trust model 427. [00103] Additionally, MDMS 420 can further operate to cooperate with a file system (not shown) using a selected encryption protocol (e.g. PKI encryption) to obtain the requested data for communication to MD 405.
  • the cooperating file system may include but is not limited to file allocation table (FAT) file systems and new technology files system (NTFS).
  • FIG. 5 shows another illustrative implementation of an exemplary mobility device platform.
  • mobility device platform 500 comprises MD 505 cooperating with a plurality of computing environments, computing environment “A” 515, computing environment “B” 525, up to computing environment “N” 520 through MD/computing environment communications interface 510. Additionally, mobility device platform 500 further comprises communications network 530 third party services providers 585, Java virtual machine (JVM) emulator and provisioner, plurality of MDMS, MDMS “A” 535 operating on applications/data 540, MDMS “B” operating on applications/data 550, up to MDMS “N” 555 operating on applications/data 560 operating through firewall 567.
  • JVM Java virtual machine
  • mobility device platform 500 may further comprise, in another illustrative implementation, MDMS "C" operating on web services 580, communications network 570, and firewall 565.
  • MDMS "C” operating on web services 580
  • communications network 570 may further comprise, in another illustrative implementation, MDMS "C" operating on web services 580, communications network 570, and firewall 565.
  • mobility device 505 cooperating with one or more of computing environments 515, 525, up to 520 may process data and/or executables for navigation and control on computing environments 515, 525, up to 520.
  • MD 505 may request data and/or executables (e.g., applications, services, etc.), 540, 550, or 560 from one ore more cooperating MDMS 535, MDMS 545, up to MDMS 555 via communications network 530.
  • any of the MDMS, 535, 545, up to 555 can operate to authenticate the requesting MD 505 to ensure that MD 505 has the right user rights, permissions, and privileges to obtain the requested data and/or executables according to a selected trust model (not shown).
  • MDMS 535, 545, up to 555 may operate to process MD 505's request and provide the requested data and/or executables.
  • MDMS 535, 545, up to 555 can further operate to translate the requested data and/or executables (if required - e.g. data and/or executables originates from third party providers 585) to an MD 505 native web service format.
  • MDMS 535, 545, up to 555 may operate to encrypt the requested data and/or executables using MD and user authentication and verification information to ensure that the requested data and/or executable is communicated over communications network 530 in a secure manner.
  • mobility device platform 500 may operate to obtain legacy data and/or computing applications by employing Java virtual machines.
  • MD 505 can cooperate with a dynamic JAVA virtual machine (A 7 M) emulator and provisioner (which although not shown may comprise a portion of one or more of MDMS 535, 545, up to 555) to request data and/or computing applications from legacy systems 590.
  • Dynamic JVM emulator and provisioner 595 may operate to cooperate with legacy systems 590 to obtain the requested data and/or computing applications from the requesting MD 505.
  • dynamic JVM emulator and provisioner may generate one or more java virtual machines that operate on the legacy system to present the requested data and computing applications as a web service to MD 505.
  • dynamic JVM emulator and provisioner may first authenticate MD 505 prior to obtaining the requested information.
  • Mobility device platform 500 further allows for the use of multiple workspaces by mobility device 505.
  • a single mobility device 505 may operate to support a number of "personas" for participating users.
  • a participating user may choose to use the same mobility device for corporate use and several personal uses.
  • the mobility device may operate to provide a plurality of "work spaces" (e.g., define various personas) within the mobility device such that each work space is governed by its own set of user/device authentication and verification information. Accordingly, when a participating user (not shown) wishes to retrieve information from their corporate network (e.g.
  • MDMS "A" 535 is a corporate server
  • they may log onto MD 505 and activate the first work space (not shown) by using the participating user's corporate user authentication and identification information.
  • the coiporate MDMS (e.g. MDMS "A" 535 for purposes of this illustration) proceeds to authenticate the user based on the user's corporate user authentication and verification information, and if authenticated, may process a data and/or executable request for MD 505 via communications network 530 (e.g. corporate LAN for purposes of this illustration).
  • communications network 530 e.g. corporate LAN for purposes of this illustration
  • the user may invoke the gaming work space by logging off their corporate workspace and logging on the gaming work space using his/her gaming user id and password (e.g. user authentication and verification information).
  • the participating user may access MDMS "C” 575 through a daisy chain, first getting to MDMS "A” 535 through communications interface 530 and then to gaming data and/or executables MDMS “C” 580 through the corporate firewall 565 and via external communications network 570 (e.g. Internet).
  • external communications network 570 e.g. Internet
  • a participating user may use a single MD having multiple workspaces (and personas) to realize their corporate and personal computing needs in a secure manner by leveraging the various user authentication and verification information.
  • mobility device platform 500 is . capable of operating in a manner such that a single mobility device may interact with a plurality of disparate computing environments.
  • cooperating computing environments include but are not limited to stand alone computing environments, networked computing environments, and embedded computing environments.
  • embedded computing environments the herein described systems and methods can be employed to allow for interaction (e.g., the projection of a persona) with embedded automotive computing environments to customize automotive driving and comfort settings (e.g.
  • the mobility device may be configured to have a participating user's driving and comfort settings stored such that when the participating user is in the mobility the mobility device cooperates with the embedded automotive computing environment according to a selected communications interface and protocol to set the driving and comfort settings of the automobile in accordance with the stored settings).
  • a mobility device can operate to facilitate the retrieval of multimedia from a variety of disparate locations.
  • the mobility device may have stored thereon digital rights and licenses to multimedia and cooperate with one ore more consumer electronic having an embedded computing environment through a selected communications interface and communications protocol (e.g. wireless Internet Protocol) to obtain stored multimedia.
  • a selected communications interface and communications protocol e.g. wireless Internet Protocol
  • an MP3 enabled receiver can have stored thereon or have the capability of retrieving through an external communications network (e.g.
  • exemplary mobility device platform 500 may operate to provide a participating user access to such songs by communicating through a rights and content management application the required rights and licenses to the cooperating MP3 enabled receiver.
  • mobility device platfo ⁇ n 500 is shown to have a particular configuration and operable on various components, that such description is merely illustrative as the herein described systems and methods that comprise exemplary mobility device platform 500 maybe realized through various alternate configurations and components.
  • FIG. 6 shows the interaction between components of exemplary mobility device platform 600.
  • exemplary mobility device platform 600 comprises mobility device 615, communications interface 620, and cooperating electronic host environment (CEHE) 625, and trust model 630.
  • mobility device comprises persona 610 having persona parameters 605.
  • CEHE 625 further comprises projected persona (e.g., aura) 607 having persona parameters 605.
  • trust model 630 further comprises trust model components including but not limited to security component 635, identity component 640, right component 645, and applications component 650.
  • mobility device 615 can mount to CEHE 625 through communications interface 620.
  • mobility device 615 can store a "persona" (e.g., custom preferences, rights, authentications, and privileges) 610 for projection onto CEHE 625 to generate aura 607.
  • Persona 610 can comprise persona parameters 605 that are communicable to CEHE 625 by mobility device 615 for use on CEHE 625.
  • mobility device can operate to "mount" onto CEHE 625 according to trust model 630.
  • trust model 630 can comprise instructions to the mobility device 615 to allow mobility device 615 to communicate one or more persona parameters 605 when generating and presenting aura 607 on CEHE 625.
  • trust model 630 can comprise various components including but not limited to security component 635, identity component 640, rights component 645, and applications component 650.
  • security component 635 of trust model 630 can operate to establish rules and requirements to establish secure communications and data/executable exchange between mobility device 615 and other cooperating components (e.g., CEHE 625, MDMS (not shown), etc.).
  • the security requirements can be defined by the intended use of the mobility device 615, the privileges of the mobility device (e.g., privileges of the participating user of the mobility device) that can be ascertained from identity component 640 of trust model 630.
  • trust model 630 in the illustrative implementation, provides the rights to the mobility device 615 for use in presenting various data/executables (e.g., applications 650), to other cooperating components in accordance with the trust model defined persona 610.
  • FIG. 7 shows a detailed implementation of a persona in exemplary mobility device platform 700.
  • exemplary mobility device 700 comprises mobility device 705 having secured storage area 710 and communications interface 725. Additionally, as is shown, mobility device storage area 710 further comprises data store 715 capable of storing persona 720.
  • mobility device 710 can store persona 720 (and personal parameters (not shown)) as defined by a selected trust model (not shown) in data store 715 residing as part of secured storage area 710.
  • persona 720 can then be projected as an aura (as illustrated by the dashed data box) 720 through communications interface 725 to other cooperating components (not shown) of exemplary mobility device platform 700.
  • persona 720 can be projected (as indicated by the dashed lines) to cooperating components according to a selected trust model (not shown).
  • FIG. 8 shows another illustrative implementation of exemplary mobility device platform 800.
  • exemplary mobility device platform 800 comprises mobility device 815, communications interface 825, and cooperating electronic host environment (CEHE) 830.
  • mobility device 815 further comprises persona 810 having persona parameters 805 (that when projected onto CEHE 830 generate an aura), mobile desktop environment 865 capable of executing on mobility device 815 in processing area 860, and mobility device instruction set 820.
  • CEHE 830 farther comprises projected persona (i.e., aura) 805 and is coupled to communications network 850, keyboard 845, mouse 840, and display 835.
  • display 835 can be capable of displaying mobile desktop environment (as per aura definition) 867.
  • communications network 850 can be coupled to cooperating platform components 855.
  • mobility device 815 can mount onto CEHE 830 according to one or more instructions provided by MD instruction sets 820 to project aura 805 onto CEHE 830.
  • mobility device 815 can operate execute mobile desktop environment (e.g., local execution on mobility device 815 and/or combination execution on mobility device 815 and CEHE 830) for display and navigation on display 835 that can be coupled to CEHE 830.
  • displayed mobile desktop environment 867 can comprise navigation/display panes 875, shortcut launch buttons 880, and navigation buttons 870 and 885.
  • a participating user (not shown) can define aura 805 (based on the participating user's rights, privileges, and authentications) for projection onto CEHE 830.
  • the aura defined mobile desktop environment is executed by mobility device 815 for display through CEHE 830's coupled display 835.
  • the participating user can interact with the aura defined mobile desktop environment 867 using one or more of keyboard 845 and mouse 840 that are coupled to CEHE 830 to execute executables and/or interact with data (e.g., executables/data local to CEHE 830, mobility device 815, and/or communicated by cooperating components 855 over communications network 850 to mobility device 815).
  • data e.g., executables/data local to CEHE 830, mobility device 815, and/or communicated by cooperating components 855 over communications network 850 to mobility device 815.
  • the mobility device platforms described in Figures 6-8 are provided merely as illustrative implementations and is not intended to limit the scope of the herein described system and methods. Rather, the herein described systems and methods provide a mobility device platform and/or mobility device that can include but are not limited to the following additional mechanisms and can operate to perform functions and operations including but not limited to: a mobility device operable to interact with a participating user through a directly connected, or embedded physical or virtual display and keyboard; a mobility device operable to connect via a cooperating electronic host environment and/or directly (via a wire or wirelessly) to various environmental and biometric sensors, including but not limited to a fingerprint reader, a DNA sensor, a particulate sensor, a location and orientation sensor, RFBD tags, or RFID-enabled SIM cards; a mobility device operable to connect through a cooperating host environment and/or directly to (either via a wire or wirelessly) various input-output devices (e.g. printer, camera) via one or more interfaces, including
  • the herein described systems and methods provide a mobility device platform and/or mobility device that can include but are not limited to the following additional mechanisms and can operate to perform functions and operations including but not limited to: a mobility device platform comprising a trusted platform module (TPM) for key management, data integrity management and verification of code segments before execution.
  • TPM trusted platform module
  • This allows for the creation of a contained (f ⁇ rewalled) environment, which is secure against hacking attacks, viruses, and malicious code. This further allows for the management of high-value content.
  • TPM allows for temporary lending of "trust" to a participating user of the mobility device.
  • a mobility device platform and/or mobility device can include but are not limited to the following additional mechanisms and can operate to perform functions and operations including but not limited to: a mobility device comprising a USB to Virtual Device scheme that can be specific to a more general pass-through scheme including a proxy and an active agent.
  • a mobility device comprising a USB to Virtual Device scheme that can be specific to a more general pass-through scheme including a proxy and an active agent.
  • Other examples may include, but not be limited to SD to USB and Ethernet to USB and any generic intermediate processing device that can take action based on various inputs.
  • the herein described systems and methods provide a mobility device platform and/or mobility device that can include but are not limited to the following additional mechanisms and can operate to perform functions and operations including but not limited to: a mobility device comprising an embedded laser display chip to project a display onto any surface, allowing the display of identity information, digital rights or licensing information; a mobility device that can be configured to allow the enablement, disablement or destruction of RFID tags.
  • the MD can also be used in a lock-and-key model with an RFID tag such that neither the MD nor the RFE) have enough information to complete a particular transaction independent of each other.
  • a mobility device platform and/or mobility device can include but are not limited to the following additional mechanisms and can operate to perform functions and operations including but not limited to: a mobility device could have the form factor of a mouse device acting as a peripheral to a host environment and other form factors including but not limited to RFE) cards, mobile telephones, personal digital assistant, MP3 player, Flash key, credit card, proximity card, pen, wallet, purse, eye-wear, footwear, clothing, under-garments, jewelry, dental appliance, implantable bio-chip, prosthetics, dossier, brief-case, portable telephone, portable facsimile, remote controls, USB device, Ethernet device, SD device, and etc; a mobility device capable of employing separate secure input and/or output devices apart from those coupled to a cooperating electronic host environment; a mobility device operable to utilize an "on-board" trust platform module (TPM) within the MD itself, or to utilize TPMs available in the environment; a mobility device capable of implementing the TPMs (or subset
  • fingerprint or DNA information can be used to generally determine age, which then could be used to set various local, network and environmental permissions.
  • the mobility device can be equipped with sensors to scan for biological or chemical agents or markers either within the environment or within the person activating the MPS unit.
  • the herein described systems and methods provide a mobility device platform and/or mobility device that can include but are not limited to the following additional mechanisms and can operate to perform functions and operations including but not limited to: mobility device utilizing separate batteries (power) for TPM key storage in tamper-resistant volatile memory, for the system clock, for the real-time clock, for the trusted time service, and for the MD system itself; a mobility device platform comprising a network or server-based back-up or "mirror" of an intermittently connected mobility device. It should be further recognized that the mobility device-session can optionally be mirrored from within a networked operating environment, and that mobile desktop environment sessions can be handed off from the mobile desktop environment to the networked operating environment and vice-versa.
  • the herein described systems and methods provide a mobility device platform and/or mobility device that can include but are not limited to the following additional mechanisms and can operate to perform functions and operations including but not limited to: a mobility device platform capable of employing an X- windows proxy in the mobility device to virtualize desktop and application displays from local cooperating hosts, remote desktops, and those from cooperating MDMS.
  • a mobility device platform capable of employing an X- windows proxy in the mobility device to virtualize desktop and application displays from local cooperating hosts, remote desktops, and those from cooperating MDMS.
  • the virtualized desktops or application displays can be viewed locally on the mobility device, remotely, rendered within the MDMS, and/or rendered and captured by a selected network service.
  • the herein described systems and methods provide a mobility device platform and/or mobility device that can include but are not limited to the following additional mechanisms and can operate to perform functions and operations including but not limited to: a mobility device comprising one or more processors.
  • a mobility device comprising one or more processors.
  • the mobility device hardware can be optionally virtualized and the single or multiple instances of an operating system can operate in parallel such that each of the operating systems and their applications can be isolated from one another.
  • the herein described systems and methods provide a mobility device platform and/or mobility device that can include but are not limited to the following additional mechanisms and can operate to perform functions and operations including but not limited to: a mobility device operable to add interfaces through expansion slots or natively within the mobility device to support many wireless transport standards, including, but not limited to: Zigbee, GSM, EVDO, Bluetooth, WiFi, RFID, NFC, UWB and wireless USB.; a mobility device capable of supporting various extensions or "daughter cards” performing various functions including but not limited to support for additional connectivity, additional computational or storage resources or additional sensors (e.g., microphones, speakers, additional flash storage, cameras, nano-sensors (CO2, biological, chemical, temperature), and clocks or time services).
  • a mobility device operable to add interfaces through expansion slots or natively within the mobility device to support many wireless transport standards, including, but not limited to: Zigbee, GSM, EVDO, Bluetooth, WiFi, RFID, NFC, UWB and wireless USB.
  • a mobility device capable of supporting
  • a mobility device platform and/or mobility device that can include but are not limited to the following additional mechanisms and can operate to perform functions and operations including but not limited to: a mobility device platform comprising a mobility device capable of mounting onto a cooperating electronic host environment as a USB type device including but not limited to a USB hub, USB device, USB-Ethernet hub device, and the like using conventional USB mounting processes.
  • the herein described systems and methods provide a mobility device platform and/or mobility device that can include but are not limited to the following additional mechanisms and can operate to perform functions and operations including but not limited to: a mobility device capable of utilizing an external TPM a wired or wireless interface to a host environment.
  • a host environment can utilize a TPM within the mobility device for trust management (as part of a trust model), DRM, access control, secure boot operations and code-segment validation (antivirus protection and anti-SPAM measures);
  • the MDE can implement policies that require multi-factor authentication and interaction with a server for the authentication process.
  • MDE policies include time-outs, expiry of access rights when not renewed and abuse detection.
  • the herein described systems and methods provide a mobility device platform and/or mobility device that can include but are not limited to the following additional mechanisms and can operate to perform functions and operations including but not limited to: a mobility device that can operate without a dedicated display, keyboard or mouse, and utilize a cooperating environment's resources for the keyboard, display, mouse and network functionality.
  • the herein described systems and methods provide a mobility device platform and/or mobility device that can include but are not limited to the following additional mechanisms and can operate to perform functions and operations including but not limited to: a mobility device having connectivity to application services and that utilizes a secure channel to those services that originates from the mobility device to ensure integrity and protection from viruses.
  • the herein described systems and methods provide a mobility device platform and/or mobility device that can include but are not limited to the following additional mechanisms and can operate to perform functions and operations including but not limited to: a mobility device that automatically synchronizes its state with those of persistently running application services, allowing for backups, data consistency, and long- running application service jobs.
  • the herein described systems and methods provide a mobility device platform and/or mobility device that can include but are not limited to the following additional mechanisms and can operate to perform functions and operations including but not limited to: a mobility device comprising a browser running from within the mobility device itself and utilizes a cooperating host environment's peripherals such as a keyboard, display and network gateway, allows application developers and publishers to protect DHTML content, and enables strict protection of content licensing rights.
  • the mobility device can employ a digital rights management (DRM) component in conjunction with the TPM to provide granular license grants to application users, subscription service subscribers, and content viewers.
  • DRM digital rights management
  • the herein described systems and methods provide a mobility device platform and/or mobility device that can include but are not limited to the following additional mechanisms and can operate to perfonn functions and operations including but not limited to: a mobility device comprising a mobile desktop environment that implements a secure administration model, which can be distributed across various cooperating components and which requires no root user.
  • the model can operate to separate the owner of the mobility device from the user of the mobility device and the manager of the mobility device.
  • the herein described systems and methods provide a mobility device platform and/or mobility device that can include but are not limited to the following additional mechanisms and can operate to perform functions and operations including but not limited to: a mobility device operating to ensure the state of the users data, content, files, applications and sessions are consistent and that such state information can be migrated from one host to another upon an asynchronous disconnect and re-connect.
  • a mobility device platform and/or mobility device that can include but are not limited to the following additional mechanisms and can operate to perform functions and operations including but not limited to: a mobility device operating capable of determining geographic location information via ad-hoc network protocols (Zigbee), triangulation, or global positioning system (GPS).
  • Zigbee ad-hoc network protocols
  • GPS global positioning system
  • the herein described systems and methods provide a mobility device platform and/or mobility device that can include but are not limited to the following additional mechanisms and can operate to perform functions and operations including but not limited to: a mobility device utilizing out-of-band (e.g. radio and other) updates to prevent attackers from changing the mobility device clock and to supplement the network news transfer protocol (NNTP), the secure time protocols and the internal clock.
  • a mobility device utilizing out-of-band (e.g. radio and other) updates to prevent attackers from changing the mobility device clock and to supplement the network news transfer protocol (NNTP), the secure time protocols and the internal clock.
  • the mobility device can operate to utilize unidirectional transforms (incremental) and hardware "to-expire" dates and countdown counters to prevent reversals in the clock counters.
  • a mobility device platform and/or mobility device that can include but are not limited to the following additional mechanisms and can operate to perform functions and operations including but not limited to: a mobility device comprising an internal "trust vault' to manage rights, privileges, licenses, subscriptions, session tokens and keys.
  • the mobility device can operate to "project trust” to various environmental devices (e.g. iPod), via mapping rights and keys to the appropriate DRM scheme, and supports degraded playback of content on less secure devices.
  • the herein described systems and methods provide a mobility device platform and/or mobility device that can include but are not limited to the following additional mechanisms and can operate to perform functions and operations including but not limited to: a mobility device that operate to employ an internal "trust vault", to manage rights, privileges, licenses, subscriptions, session tokens and keys.
  • the mobility device can operate to "meld trust" with various external computational devices, so that the content protection capabilities of the mobility device can be utilized by those external devices.
  • a mobility device platform and/or mobility device that can include but are not limited to the following additional mechanisms and can operate to perform functions and operations including but not limited to: a mobility device comprising a mobility device environment utilizing a visual interface using color graphics and/or numbers and size to indicate security, content protection ("DRM") level, CPU processing resources, storage (capacity and attached bandwidth), and network distance, latency, capacity (bandwidth), availability and scalability.
  • DRM content protection
  • the herein described systems and methods provide a mobility device platform and/or mobility device that can include but are not limited to the following additional mechanisms and can operate to perform functions and operations including but not limited to: a mobility device operable to utilize a data and computation scattering method, by which network resources can be optimally utilized, and system response times and/or costs can be optimized.
  • active network agents can be automatically parked, or collapsed whenever some pre-set time period has elapsed, or computational resource budgets have been exceeded.
  • the "autopark" function can be policy-based, and can utilize redundant path optimization methods, including available sensor-node feedback for real-time resource availability feedback.
  • the herein described systems and methods provide a mobility device platform and/or mobility device that can include but are not limited to the following additional mechanisms and can operate to perform functions and operations including but not limited to: a mobility device operable to utilize the a selected algorithm (e.g., "urinal separation algorithm") to maximize separation of computational resources used by active network processes.
  • a mobility device operable to utilize the a selected algorithm (e.g., "urinal separation algorithm") to maximize separation of computational resources used by active network processes.
  • the herein described systems and methods provide a mobility device platform and/or mobility device that can include but are not limited to the following additional mechanisms and can operate to perform functions and operations including but not limited to: a mobility device comprising a partial fingerprint sensor for fingerprint verification of the user of the mobility device as part of a multi-factor authentication scheme.
  • the herein described systems and methods provide a mobility device platform and/or mobility device that can include but are not limited to the following additional mechanisms and can operate to perform functions and operations including but not limited to: a mobility device operable to scan the cooperating electronic host environment, determining available computational resources on the cooperating electronic host environment, available devices coupled to or in cooperation with the cooperating electronic host environment, and communication pathways (hotspots).
  • a mobility device platform and/or mobility device that can include but are not limited to the following additional mechanisms and can operate to perform functions and operations including but not limited to: a mobility device platform operable to utilize secure authentication and time and location services, and to implement digital chain of custody tracking.
  • the mobility device can operate to: a) authenticate the user, b) determine the time and location, c) wrap and stamp a data record with the user BD, the time and data, and optionally the location of the transaction.
  • this information can be archived and validated at a future date.
  • the herein described systems and methods provide a mobility device platform and/or mobility device that can include but are not limited to the following additional mechanisms and can operate to perform functions and operations including but not limited to: a mobility device platform operable to utilize the secure authentication, time and location services, to implement private and secure access to medical records or lab results.
  • the mobility device can operate to: a) authenticate the user (doctor), b) determine the time and location, c) determine the authenticity of the output device, d) unwrap and present the requested medical information, e) stamp the medical record access log with the time, data, location and user ID.
  • this access log information can be archived and validated at a future date.
  • the herein described systems and methods provide a mobility device platform and/or mobility device that can include but are not limited to the following additional mechanisms and can operate to perform functions and operations including but not limited to: a mobility device platform operable to utilize the secure authentication, time and location services, to implement cooperative yet secure access to medical records or other sensitive information.
  • the mobility device can operate to: a) authenticate the user (content owner), b) determine the time and location, c) determine the authenticity of the output device, d) unwrap and present the requested sensitive information, and e) stamp the data record access log with the time, data, location and user ID.
  • this access log information can be archived and validated at a future date.
  • the herein described systems and methods provide a mobility device platform and/or mobility device that can include but are not limited to the following additional mechanisms and can operate to perform functions and operations including but not limited to: a mobility device platform operable to utilize secure authentication, time and location services, to implement video checksums and watermarking.
  • the mobility device can operate to: a) authenticate the user (content owner), b) determine the time and location, c) cache the stream of video information, d) stamps the video stream with an embedded (watermark) or associated cryptogram based on the cumulative video data, in the illustrative implementation, the checksum information can be retrieved and validated at a future date.
  • a mobility device platform and/or mobility device that can include but are not limited to the following additional mechanisms and can operate to perform functions and operations including but not limited to: a mobility device platform operable to utilize individual preferences and parameters to customize a participating user's environment.
  • a mobility device operating in cooperation with an automobile electronic host environment could operate to set/limit maximum speed, collect maintenance information, and recall preferred settings for seat and mirror positions and other parameters.
  • a mobility device operating in cooperation with a home AV system could recall preferred music/video "play-lists", preferred listening locations, and preferred equalizer settings, among other variables.
  • the herein described systems and methods provide a mobility device platform and/or mobility device that can include but are not limited to the following additional mechanisms and can operate to perform functions and operations including but not limited to: a mobility device platform operable to utilize the local policy of the mobility device to cache fingerprints on each access attempt, and to dump the fingerprint files to an authority or maintenance server on events as determined by a policy rule set.
  • a mobility device platform and/or mobility device that can include but are not limited to the following additional mechanisms and can operate to perform functions and operations including but not limited to: a mobility device platform operable to utilize the local individual preference and parameters of the mobility device set to maintain IP address and other telephone system parameters to ensure calls coming to a local voice communication console (telephone) are intended for the holder of the mobility device, hi the illustrative implementation, the telephone number moves with the mobility device holder and can be projected to a local (desktop or mobile) telephone, along with call lists and stored numbers (contact lists), hi the illustrative implementation, the MPS can operate to share display and keypad or other input devices of the external voice communication console, hi the illustrative implementation, the MPS can be controlled by voice command through a voice communication console.
  • a mobility device platform operable to utilize the local individual preference and parameters of the mobility device set to maintain IP address and other telephone system parameters to ensure calls coming to a local voice communication console (telephone) are intended for the holder of the mobility device
  • the herein described systems and methods provide a mobility device platform and/or mobility device that can include but are not limited to the following additional mechanisms and can operate to perform functions and operations including but not limited to: a mobility device platform operable to utilize media streaming, encoding and decoding capabilities to support secure watermarking of video, pictures and audio.
  • a mobility device platform and/or mobility device that can include but are not limited to the following additional mechanisms and can operate to perform functions and operations including but not limited to: a mobility device operable to utilize available computing resources to enable hardware acceleration of VOIP (Voice over IP) to limit strain on host or environmental devices.
  • VOIP Vehicle over IP
  • the herein described systems and methods provide a mobility device platform and/or mobility device that can include but are not limited to the following additional mechanisms and can operate to perform functions and operations including but not limited to: a mobility device platform operable to available computing resources to implement software or hardware SDR (software defined radio).
  • a mobility device platform operable to available computing resources to implement software or hardware SDR (software defined radio).
  • a mobility device platform and/or mobility device that can include but are not limited to the following additional mechanisms and can operate to perform functions and operations including but not limited to: a mobility device platform comprising a mobility device operable to utilize available computing resources to implement an MP3 (digital music) player.
  • the player controls can be projected to a display device via IR, wired or wireless interfaces.
  • the herein described systems and methods provide a mobility device platform and/or mobility device that can include but are not limited to the following additional mechanisms and can operate to perform functions and operations including but not limited to: a mobility device platform operable to utilize trust and DRM capabilities to interact with and grant "trust" to all environmentally local playback devices, based on the capabilities of those devices in the data formats used by those devices.
  • a mobility device platform operable to utilize trust and DRM capabilities to interact with and grant "trust" to all environmentally local playback devices, based on the capabilities of those devices in the data formats used by those devices.
  • the herein described systems and methods provide a mobility device platform and/or mobility device that can include but are not limited to the following additional mechanisms and can operate to perform functions and operations including but not limited to: mobility device platform operable to utilize internal personal data, preference and policy management capabilities to implement a "personal domain controller", allowing the device to collect and aggregate information such as health information.
  • the mobility device can utilize nano-sensor technology, either embedded or attached, to monitor various medical and environmental variables such as insulin level and heart rate.
  • the herein described systems and methods provide a mobility device platform and/or mobility device that can include but are not limited to the following additional mechanisms and can operate to perform functions and operations including but not limited to: a mobility device platform comprising one or more mobility devices that can be connected to a high-bandwidth back-plane, such a data-center rack, to enable the one or more mobility devices to be programmed as a single clustered or virtual parallel machine, enabling the creation of low-cost, low-power and compact supercomputers.
  • the herein described systems and methods provide a mobility device platform and/or mobility device that can include but are not limited to the following additional mechanisms and can operate to perform functions and operations including but not limited to: a mobility device platform operable to utilize multiple CPUs and/or isolated operating system instances to implement firewall and security applications.
  • a mobility device platform operable to utilize multiple CPUs and/or isolated operating system instances to implement firewall and security applications.
  • the addition of an additional Ethernet interface can enable the implementation of a physical, logical or virtual personal firewall, a personal DMZ, a personal network proxy and a personal network analyzer.
  • a mobility device platform and/or mobility device that can include but are not limited to the following additional mechanisms and can operate to perform functions and operations including but not limited to: a mobility device platform comprising a mobility device having a proximity card or other form-factor that can utilize a local or remote display capability, a fingerprint recognition capability, and a storage capability to satisfy federal government fingerprint and digital identity specifications (e.g., providing two copies of a fingerprint, and two copies of a digital photograph for storage).
  • a mobility device platform comprising a mobility device having a proximity card or other form-factor that can utilize a local or remote display capability, a fingerprint recognition capability, and a storage capability to satisfy federal government fingerprint and digital identity specifications (e.g., providing two copies of a fingerprint, and two copies of a digital photograph for storage).
  • the herein described systems and methods provide a mobility device platform and/or mobility device that can include but are not limited to the following additional mechanisms and can operate to perform functions and operations including but not limited to: a mobility device platform operable to be used as a local web or web- service cache, allowing access to information even without host connectivity.
  • the mobility device cache could be automatically updated according to preferences or manually updated by watching the user's Internet access patterns.
  • the mobility device can appear as a remote web-service.
  • the herein described systems and methods provide a mobility device platform and/or mobility device that can include but are not limited to the following additional mechanisms and can operate to perform functions and operations including but not limited to: a mobility device platform operable to utilize software and secure network access capabilities to enable the anytime ability to delivery software demonstrations to cooperating electronic host environments.
  • the herein described systems and methods provide a mobility device platform and/or mobility device that can include but are not limited to the following additional mechanisms and can operate to perform functions and operations including but not limited to: a mobility device platform operable to utilize its secure network access capabilities to enable single-sign on and secure data and/or application environment from a cooperating electronic host environment, m the illustrative implementation, the communication sessions can be secured by VPN or SSL-VPN communications managed from within the mobility device.
  • a mobility device platform and/or mobility device that can include but are not limited to the following additional mechanisms and can operate to perform functions and operations including but not limited to: a mobility device platform comprising a mobility device operable to utilize secure network access capabilities and content management capabilities to allow participating users (e.g., students) to carry around their files, records and application access privileges to cooperating electronic host environments (e.g., computers) within an organization (e.g., a school) or enable access to those resources from a remote cooperating computing environment cooperating with the mobility device.
  • a mobility device platform comprising a mobility device operable to utilize secure network access capabilities and content management capabilities to allow participating users (e.g., students) to carry around their files, records and application access privileges to cooperating electronic host environments (e.g., computers) within an organization (e.g., a school) or enable access to those resources from a remote cooperating computing environment cooperating with the mobility device.
  • a mobility device platform and/or mobility device that can include but are not limited to the following additional mechanisms and can operate to perform functions and operations including but not limited to: a mobility device platform comprising a mobility device operable to utilize secure network access capabilities and content management capabilities to allow customers of financial institutions instant access to any financial service, financial service portal or their own encrypted local financial information (checkbook) from any machine without risk of compromising security or privacy.
  • a mobility device platform comprising a mobility device operable to utilize secure network access capabilities and content management capabilities to allow customers of financial institutions instant access to any financial service, financial service portal or their own encrypted local financial information (checkbook) from any machine without risk of compromising security or privacy.
  • Figure 9 shoes the processing performed by exemplary mobility device platform 400 of Figure 4 when configuring the components of exemplary mobility device platform 400 for operation.
  • processing begins at block 900 and proceeds to block 910 where the mobility device is configured to operate with at least one cooperating electronic host environment.
  • exemplary mobility device platform can initiate communications with at least one cooperating electronic host environment through a selected communications interface operating a selected communications interface protocol.
  • exemplary mobility device platform can instruct the mobility device to execute one or more executables for display and navigation on a connected cooperating electronic host environment. Included in the mobility device executables can be a mobile desktop computing environment.
  • processing proceeds to block 920 where communications are established between the MD and cooperating MDMS over an exemplary communications network (not shown) operating on a exemplary communications network protocol (not shown).
  • the MD and MDMS user/device authentication and verification values are created and stored for subsequent use at block 930.
  • the MDMS is capable of associating file system file and group settings at block 940.
  • the file and group associations, and authentication and verification values are stored for subsequent use at block 950.
  • a check is then performed at block 960 to determine if an association in files or groups is required for the MD on the MDMS.
  • processing reverts to block 940 and proceeds there from. [00166] However, if at block 960 it is determined that there are no MD file and/or group association settings to be made, processing proceeds to block 970 where data and/or computing application communications between the MD and MDMS are performed using the generated and stored MD and user authentication and verifications values. Processing then terminates at block 980.
  • Figure 10 shows processing performed by exemplary mobility device platform 400 of Figure 4 when processing web services requests from cooperating exemplary mobility device 405 of Figure 4 according to an illustrative implementation.
  • processing begins at block 1000 and proceeds to block 1005 where a check is performed to ensure that exemplary mobile device 405 is in communication with at least one cooperating electronic host environment (415 of Figure 4). If the check at block 1005 indicates that exemplary mobility device is not in communication with at least one cooperating electronic host environment, processing reverts to block 1000 and proceeds from there.
  • processing proceeds to block 1010 where a check is performed to determine if the mobility device has been authenticated on a user basis (e.g. if the proper user identification and password information provided by a participating user). If the mobility device has not been successfully authenticated on a user basis, processing proceeds to block 1015 where an error is generated (and possibly displayable to participating users). From there a check is performed at block 717 to determine if the user authentication of the mobility device is to be attempted again (i.e. a participating user is afforded the ability to re-input their user identification and password). If the authentication is being performed again at block 1017, processing reverts back to block 1010 and proceeds there from. However, if at block 1017 it is determined that the user authentication is not to be attempted again, processing terminates at block 1020.
  • a check is performed to determine if the mobility device has been authenticated on a user basis (e.g. if the proper user identification and password information provided by a participating user). If the mobility device has not been successfully authenticated on a user
  • processing proceeds to block 1025 where the mobility device mobile desktop environment is initiated on the at least one cooperating electronic host environment. From there processing proceeds to block 1030 where a check is performed to determine if there are any requests for data and/or computing applications by the MD to at least one cooperating MDMS that has authenticated the MD. If the check at block 1030 indicates that there are no requests by the authenticated MD, processing reverts back to the input of block 1030.
  • processing proceeds to block 1035 where the MD is searched locally for the requested data and/or computing application.
  • a check is then performed at block 1040 to determine if the request was satisfied by the local search of the MD. If the check at block 1040 indicates that the request has been satisfied by the local search of the MD, processing reverts to the input of block 1030 and proceeds from there.
  • processing proceeds to block 1045 where cooperating MDMS are searched for using the user authentication information provided at block 1010. From there, cooperating MDMS that are capable of authenticating the seeking MD proceed to authenticate the MD using the user authentication information.
  • a check is then performed at block 1055 to determine if the MD was authenticated on an MD basis using the user authentication information. If the check at block 1055 indicates that the MD has been authenticated by the MDMS, processing proceeds to block 1060 where the MDMS provides the requested data and/or computing applications to the requesting, now authenticated, MD. From there processing reverts to the input of block 1030 and proceeds from there.
  • processing proceeds to block 1065 where the error in authentication is provided to the requesting MD. From there processing proceeds to block 1070 where a check is performed to determine whether to try authenticating the MD again by the cooperating MDMS . If the check at block 1070 indicates that authentication is to be attempted again, processing reverts to the input of block 1055 and proceeds from there. [00173] However, if at block 1070 it is determined that authentication is not to be attempted again by the MDMS, processing proceeds to block 1075 and terminates.
  • Figure 11 shows processing performed by exemplary mobility device platform 400 of Figure 4 when processing data/applications requests from cooperating exemplary mobility device 405 of Figure 4 according to another illustrative implementation.
  • processing begins at block 1100 and proceeds to block 1105 where a check is performed to ensure that exemplary mobile device 405 is in communication with at least one cooperating electronic host environment (415 of Figure 4). If the check at block 1105 indicates that exemplary mobility device is not in communication with at least one cooperating computing environment, processing reverts to block 1100 and proceeds from there.
  • processing proceeds to block 1110 where a check is performed to determine if the mobility device has been authenticated on a user basis (e.g. if the proper user identification and password information provided by a participating user). If the mobility device has not been successfully authenticated on a user basis, processing proceeds to block 1115 where an error is generated (and possibly displayable to participating users). From there a check is performed at block 1117 to determine if the user authentication of the mobility device is to be attempted again (i.e. a participating user is afforded the ability to re-input their user identification and password). If the authentication is be performed again at block 1117, processing reverts back to block 1110 and proceeds there from. However, if at block 1117 it is determined that the user authentication is not to be attempted again, processing terminates at block 1120.
  • a check is performed to determine if the mobility device has been authenticated on a user basis (e.g. if the proper user identification and password information provided by a participating user). If the mobility device has not been successfully authenticated on a user
  • processing proceeds to block 1125 where the mobility device mobile desktop environment is initiated on the at least one cooperating computing environment. From there, communications are initiated with at least one cooperating MDMS using the user authentication information and MD specific authentication and verification information (e.g. public/private keys). A check is then performed at block 1135 to determine if at least one cooperating MDMS has properly authenticated the MD. If at block 1135 it is determined that the MD has not been authenticated by at least one cooperating MDMS, processing proceeds to block 1140 where an error is generated (and possibly displayable to participating users through the mobile desktop environment). From there processing terminates at block 1145.
  • MD specific authentication and verification information e.g. public/private keys
  • processing proceeds to block 1150 where a check is performed to determine if there are any requests for data and/or computing applications by the MD to at least one cooperating MDMS that has authenticated the MD. If the check at block 1150 indicates that there are no requests by the authenticated MD, processing reverts back to the input of block 1150.
  • processing proceeds to block 1155 where the MD is searched locally for the requested data and/or computing application.
  • a check is then performed at block 1160 to determine if the request was satisfied by the local search of the MD. If the check at block 1160 indicates that the request has been satisfied by the local search of the MD, processing reverts to the input of block 1150 and proceeds from there. [00179] If, however, the check at block 1160 indicates that the request has not been satisfied, processing proceeds to block 865 where the cooperating MDMS are queried for the requested data and/or computing applications.
  • Figure 12 shows the processing performed by exemplary mobility device platform 400 of Figure 4 when cooperating with third party data/application providers to process data/application requests from cooperating exemplary mobility device 405 of Figure 4.
  • processing begins at block 1200 and proceeds to block 1205 where a check is performed to ensure that exemplary mobile device 405 is in communication with at least one cooperating electronic host environment (415 of Figure 4). If the check at block 1205 indicates that exemplary mobility device is not in communication with at least one cooperating computing environment, processing reverts to block 1200 and proceeds from there.
  • processing proceeds to block 1210 where a check is performed to determine if the mobility device has been authenticated on a user basis (e.g. if the proper user identification and password information provided by a participating user). If the mobility device has not been successfully authenticated on a user basis, processing proceeds to block 1215 where an error is generated (and possibly displayable to participating users). From there a check is performed at block 1217 to determine if the user authentication of the mobility device is to be attempted again (i.e. a participating user is afforded the ability to re-input their user identification and password). If the authentication is be performed again at block 1217, processing reverts back to block 1210 and proceeds there from. However, if at block 1217 it is dete ⁇ nined that the user authentication is not to be attempted again, processing terminates at block 1220.
  • a check is performed to determine if the mobility device has been authenticated on a user basis (e.g. if the proper user identification and password information provided by a participating user). If the mobility device has not been successfully
  • processing proceeds to block 1225 where the mobility device mobile desktop environment is initiated on the at least one cooperating computing environment. From there, communications are initiated with at least one cooperating MDMS using the user authentication information and MD specific authentication and verification information (e.g. public/private keys). A check is then performed at block 1235 to determine if at least one cooperating MDMS has properly authenticated the MD. If at block 1235 it is determined that the MD has not been authenticated by at least one cooperating MDMS, processing proceeds to block 1240 where an error is generated (and possibly displayable to participating users through the mobile desktop environment). From there processing terminates at block 1245.
  • MD specific authentication and verification information e.g. public/private keys
  • processing proceeds to block 1250 where a check is performed to determine if there are any requests for data and/or computing applications by the MD to at least one cooperating MDMS that has authenticated the MD. If the check at block 950 indicates that there are no requests by the authenticated MD, processing reverts back to the input of block 1250.
  • processing proceeds to block 1255 where the MD is searched locally for the requested data and/or computing application.
  • a check is then performed at block 1260 to determine if the request was satisfied by the local search of the MD. If the check at block 1260 indicates that the request has been satisfied by the local search of the MD, processing reverts to the input of block 1250 and proceeds from there. [00185] If, however, the check at block 1260 indicates that the request has not been satisfied, processing proceeds to block 1265 where the cooperating MDMS are queried for the requested data and/or computing applications.
  • processing proceeds to block 1270 where the cooperating MDMS cooperates with third party data/application providers to obtain the requested data and/or computing applications.
  • the requested data and/or computing applications are then provided to the requesting authenticated MD at block 1275. From there processing reverts to the input of block 1250 and proceeds there from.
  • Figure 13 shows the processing performed when deploying a trust model as employed by an exemplary mobility device platform.
  • processing begins at block 1400 and proceeds to block 1305 where a trust model is defined. From there processing proceeds to block 1320 where trust is associated with cooperating components of a mobility device platform (not shown) according to the defined trust model.
  • trust can be considered authentication and verification of a device to perform on or more operations/functions according to selected criteria.
  • a check is then performed at block 1315 to determine if the trust has been invoked by one or more of the cooperating components having trust. If the check at block 1315 indicates that trust has not been invoked, processing reverts to the input of block 1315 and proceeds from there.
  • processing proceeds to block 1320 where a check is performed to determine if the trust has been authenticated against the defined trust model. If the check at block 1320 indicates that the trust has not been authenticated, processing proceeds to block 1345 where an error is generate. From there, the trust can be modified at block 1350 to overcome the authentication error. Processing then reverts back to block 1320 and proceeds from there. [00188] However, if at block 1320 it is determined that the trust has been authenticated, processing proceeds to block 1325 to grant trust to requesting component. From there processing proceeds to block 1330 where the trust is executed by the component.
  • a mobility device can request trust to display protected content on a cooperating electronic host environment.
  • the trust can be authenticated to ensure that the requesting mobility device has the adequate privileges, rights, and licenses to display the protect content (e.g., trust) according to selected trust model. If the trust is authenticated, the trust can be executed (e.g., the content can be displayed by the mobility device on the cooperating electronic host environment) by the requesting component (e.g., mobility device).
  • the trust model is updated. From there processing proceeds to block 1310 and continues from there.
  • Figure 14 shows the processing performed when generating and projecting a persona to generate an aura for as deployed by an exemplary mobility device platform.
  • processing begins at block 1400 and proceeds to block 1405 a persona is defined.
  • a persona can be considered custom preferences, privileges, rights (content and access), and authentications available to users and to mobility devices for use as part of a trust model and for use in projecting the persona as an aura on a cooperating electronic host environment.
  • processing proceeds to block 1410 where the persona is stored (e.g., stored on a cooperating mobility device and/or mobility device management server).
  • a check is then performed at block 1415 to determine whether to project the persona on a cooperating electronic host environment.
  • processing proceeds to the input of block 1415 and continues from there. [00191] However, if the check at block 1415 indicates that a persona is to be projected, processing proceeds to block 1420 where a check is performed to determine if the cooperating environment accepting the persona is ready to receive the persona. If the check at block 1420 indicates that the cooperating environment is not ready to receive the persona, processing proceeds to block 1445 where an error is generated. From there, the cooperating environment can be configured as per the persona parameters. Processing reverts back to block 1420 and proceeds from there.
  • processing proceeds to block 1425 where the persona is projected to the ready cooperating environment to generate an aura on the cooperating environment.
  • an aura can be considered a projected persona (in whole or in part).
  • processing proceeds to block 1430 where the aura is made available to participating users of the cooperating environment.
  • a check is then performed at block 1435 to determine if the persona and/or persona parameters have changed. If the check at block 1435 indicates that the persona has not changed, processing reverts back to block 1430 and proceeds from there.
  • processing proceeds to block 1440 where the persona is updated. From there, processing reverts back to block 1410 and proceeds from there.
  • FIG. 15 shows a block diagram of an illustrative implementation of the deployment of an exemplary mobility device platform in a municipal data communications grid environment 1500.
  • Municipal data communications grid environment 1500 comprises municipal data communications grid 1540 and mobility device 1505.
  • mobility device 1505 comprises a plurality of wireless and wired transceivers operating on various wireless and wired communication protocols.
  • mobility device 1505 comprises a plurality of wireless transceivers including but not limited to: WI-FI wireless transceiver 1510, WiMax wireless transceiver 1515, CDMA wireless transceiver 1520, and GSM wireless transceiver 1325.
  • municipal data communication grid 1540 comprises a plurality of wireless (or wired) data communication cells interconnected across a geographic area by electronic interconnects 1535.
  • Municipal data communications grid 1540 can operate to electronically (wirelessly and non-wirelessly) communicate data between data communications cells 1530 and with cooperating devices such as mobility device 1505.
  • municipal data communications grid can comprise of a homogenous data communication cell architecture or a non-homogenous data communication cell architecture.
  • mobility device 1505 in an illustrative operation, can cooperate with municipal data communications grid using one of the plurality of transceivers (e.g., if the municipal data communications grid 1540 comprises WiMax data communication cells operating on the WiMax (i.e., 802.16) wireless communications protocol, mobility device 1505 can select the WiMax wireless transceiver to communicate data over such a municipal data communication grid).
  • the mobility device 1305, in another illustrative operation can operate to perform transceiver selection (i.e., select a transceiver for communication of data) based on the location of mobility device 1505 within municipal data communications grid 1540.
  • mobility device 1505 can select the CDMA transceiver to wirelessly communicate data across that part of municipal data communications grid 1540. Subsequently, if mobility device 1505 moves geographically (e.g., commuting from school which is located in a CDMA data communications cell region of the municipal data communications grid to home which is a WT-FI data communications cell region of the municipal data communications grid) to another portion of the municipal data communications grid operating data communications cells using a WI-FI communications protocol, mobility device 1505 can change the selection of the transceiver from the CDMA transceiver 1520 to the WI-FI transceiver 1510.
  • geographically e.g., commuting from school which is located in a CDMA data communications cell region of the municipal data communications grid to home which is a WT-FI data communications cell region of the municipal data communications grid
  • mobility device 1505 can have the form factor of a mobile telephone having multiple transceivers and selecting the appropriate transceiver depending on available data communication protocols.
  • mobility device 1505 can operate to connect to an exemplary data communications grid (wirelessly or non-wirelessly) such that data and voice communications can be realized regardless of the available data communications protocol.
  • the present herein described systems and methods can be implemented in a variety of computer environments (including both non- wireless and wireless computer environments), partial computing environments, and real world environments.
  • the various techniques described herein may be implemented in hardware or software, or a combination of both.
  • the techniques are implemented in computing environments maintaining programmable computers that include a processor, a storage medium readable by the processor (including volatile and non-volatile memory and/or storage elements), at least one input device, and at least one output device.
  • Computing hardware logic cooperating with various instructions sets are applied to data to perform the functions described above and to generate output information.
  • the output information is applied to one or more output devices.
  • Programs used by the exemplary computing hardware may be preferably implemented in various programming languages, including high level procedural or object oriented programming language to communicate with a computer system.
  • the herein described apparatus and methods may be implemented in assembly or machine language, if desired. In any case, the language may be a compiled or interpreted language.
  • Each such computer program is preferably stored on a storage medium or device (e.g., ROM or magnetic disk) that is readable by a general or special purpose programmable computer for configuring and operating the computer when the storage medium or device is read by the computer to perform the procedures described above.
  • the apparatus may also be considered to be implemented as a computer- readable storage medium, configured with a computer program, where the storage medium so configured causes a computer to operate in a specific and predefined manner.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

L'invention concerne une plateforme pour dispositif mobile permettant d'effectuer des communications mobiles en toute sécurité. Dans un mode de réalisation, la plateforme pour dispositif mobile comprend un dispositif mobile pouvant être utilisé pour communiquer avec au moins un environnement hôte par l'intermédiaire d'une ou de plusieurs interfaces de communication. Le dispositif mobile peut également être utilisé pour traiter et stocker des données. La plateforme peut également comprendre un réseau de communication pouvant être utilisé pour communiquer des données et la mobilité obtenue d'un ou de plusieurs composants associés, et un serveur de gestion de dispositif mobile utilisé pour générer, traiter, stocker, communiquer et chiffrer des données pour le dispositif mobile. Le serveur de gestion de dispositif mobile peut, de plus, être utilisé pour exécuter des fonctions d'utilisation, d'administration et de gestion d'un ou de plusieurs dispositifs mobiles, et pour authentifier et vérifier les dispositifs mobiles associés à partir d'un modèle de confiance sélectionné.
PCT/US2006/000240 2005-01-05 2006-01-05 Plateforme pour dispositif mobile WO2006074258A2 (fr)

Applications Claiming Priority (10)

Application Number Priority Date Filing Date Title
US64139505P 2005-01-05 2005-01-05
US60/641,395 2005-01-05
US64180605P 2005-01-06 2005-01-06
US60/641,806 2005-01-06
US67161105P 2005-04-15 2005-04-15
US60/671,611 2005-04-15
US71101305P 2005-08-24 2005-08-24
US60/711,013 2005-08-24
US73849305P 2005-11-21 2005-11-21
US60/738,493 2005-11-21

Publications (2)

Publication Number Publication Date
WO2006074258A2 true WO2006074258A2 (fr) 2006-07-13
WO2006074258A3 WO2006074258A3 (fr) 2007-08-16

Family

ID=36648155

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2006/000240 WO2006074258A2 (fr) 2005-01-05 2006-01-05 Plateforme pour dispositif mobile

Country Status (1)

Country Link
WO (1) WO2006074258A2 (fr)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2013056104A1 (fr) * 2011-10-12 2013-04-18 C-Sam, Inc. Plateforme mobile d'activation de transaction sécurisée à plusieurs étages
US8781923B2 (en) 2001-01-19 2014-07-15 C-Sam, Inc. Aggregating a user's transactions across a plurality of service institutions
CN104092656A (zh) * 2014-04-10 2014-10-08 鸿富锦精密工业(深圳)有限公司 移动终端、数据传输系统及方法
US9064281B2 (en) 2002-10-31 2015-06-23 Mastercard Mobile Transactions Solutions, Inc. Multi-panel user interface
US9189192B2 (en) 2007-03-20 2015-11-17 Ricoh Company, Ltd. Driverless printing system, apparatus and method
US9454758B2 (en) 2005-10-06 2016-09-27 Mastercard Mobile Transactions Solutions, Inc. Configuring a plurality of security isolated wallet containers on a single mobile device
US9886691B2 (en) 2005-10-06 2018-02-06 Mastercard Mobile Transactions Solutions, Inc. Deploying an issuer-specific widget to a secure wallet container on a client device

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050091308A1 (en) * 2003-09-29 2005-04-28 Peter Bookman Mobility device
US20050220048A1 (en) * 2004-04-02 2005-10-06 Samsung Electronics Co., Ltd. Internet connection service method, system, and medium for mobile nodes
US20050286489A1 (en) * 2002-04-23 2005-12-29 Sk Telecom Co., Ltd. Authentication system and method having mobility in public wireless local area network

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050286489A1 (en) * 2002-04-23 2005-12-29 Sk Telecom Co., Ltd. Authentication system and method having mobility in public wireless local area network
US20050091308A1 (en) * 2003-09-29 2005-04-28 Peter Bookman Mobility device
US20050220048A1 (en) * 2004-04-02 2005-10-06 Samsung Electronics Co., Ltd. Internet connection service method, system, and medium for mobile nodes

Cited By (31)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9471914B2 (en) 2001-01-19 2016-10-18 Mastercard Mobile Transactions Solutions, Inc. Facilitating a secure transaction over a direct secure transaction channel
US9208490B2 (en) 2001-01-19 2015-12-08 Mastercard Mobile Transactions Solutions, Inc. Facilitating establishing trust for a conducting direct secure electronic transactions between a user and a financial service providers
US10217102B2 (en) 2001-01-19 2019-02-26 Mastercard Mobile Transactions Solutions, Inc. Issuing an account to an electronic transaction device
US9697512B2 (en) 2001-01-19 2017-07-04 Mastercard Mobile Transactions Solutions, Inc. Facilitating a secure transaction over a direct secure transaction portal
US9070127B2 (en) 2001-01-19 2015-06-30 Mastercard Mobile Transactions Solutions, Inc. Administering a plurality of accounts for a client
US9177315B2 (en) 2001-01-19 2015-11-03 Mastercard Mobile Transactions Solutions, Inc. Establishing direct, secure transaction channels between a device and a plurality of service providers
US9870559B2 (en) 2001-01-19 2018-01-16 Mastercard Mobile Transactions Solutions, Inc. Establishing direct, secure transaction channels between a device and a plurality of service providers via personalized tokens
US8781923B2 (en) 2001-01-19 2014-07-15 C-Sam, Inc. Aggregating a user's transactions across a plurality of service institutions
US9317849B2 (en) 2001-01-19 2016-04-19 Mastercard Mobile Transactions Solutions, Inc. Using confidential information to prepare a request and to suggest offers without revealing confidential information
US9330388B2 (en) 2001-01-19 2016-05-03 Mastercard Mobile Transactions Solutions, Inc. Facilitating establishing trust for conducting direct secure electronic transactions between a user and airtime service providers
US9330389B2 (en) 2001-01-19 2016-05-03 Mastercard Mobile Transactions Solutions, Inc. Facilitating establishing trust for conducting direct secure electronic transactions between users and service providers via a mobile wallet
US9330390B2 (en) 2001-01-19 2016-05-03 Mastercard Mobile Transactions Solutions, Inc. Securing a driver license service electronic transaction via a three-dimensional electronic transaction authentication protocol
US9400980B2 (en) 2001-01-19 2016-07-26 Mastercard Mobile Transactions Solutions, Inc. Transferring account information or cash value between an electronic transaction device and a service provider based on establishing trust with a transaction service provider
US9811820B2 (en) 2001-01-19 2017-11-07 Mastercard Mobile Transactions Solutions, Inc. Data consolidation expert system for facilitating user control over information use
US9064281B2 (en) 2002-10-31 2015-06-23 Mastercard Mobile Transactions Solutions, Inc. Multi-panel user interface
US10032160B2 (en) 2005-10-06 2018-07-24 Mastercard Mobile Transactions Solutions, Inc. Isolating distinct service provider widgets within a wallet container
US10176476B2 (en) 2005-10-06 2019-01-08 Mastercard Mobile Transactions Solutions, Inc. Secure ecosystem infrastructure enabling multiple types of electronic wallets in an ecosystem of issuers, service providers, and acquires of instruments
US9508073B2 (en) 2005-10-06 2016-11-29 Mastercard Mobile Transactions Solutions, Inc. Shareable widget interface to mobile wallet functions
US9454758B2 (en) 2005-10-06 2016-09-27 Mastercard Mobile Transactions Solutions, Inc. Configuring a plurality of security isolated wallet containers on a single mobile device
US10269011B2 (en) 2005-10-06 2019-04-23 Mastercard Mobile Transactions Solutions, Inc. Configuring a plurality of security isolated wallet containers on a single mobile device
US9886691B2 (en) 2005-10-06 2018-02-06 Mastercard Mobile Transactions Solutions, Inc. Deploying an issuer-specific widget to a secure wallet container on a client device
US10026079B2 (en) 2005-10-06 2018-07-17 Mastercard Mobile Transactions Solutions, Inc. Selecting ecosystem features for inclusion in operational tiers of a multi-domain ecosystem platform for secure personalized transactions
US9626675B2 (en) 2005-10-06 2017-04-18 Mastercard Mobile Transaction Solutions, Inc. Updating a widget that was deployed to a secure wallet container on a mobile device
US10096025B2 (en) 2005-10-06 2018-10-09 Mastercard Mobile Transactions Solutions, Inc. Expert engine tier for adapting transaction-specific user requirements and transaction record handling
US9189192B2 (en) 2007-03-20 2015-11-17 Ricoh Company, Ltd. Driverless printing system, apparatus and method
US10558963B2 (en) 2007-10-31 2020-02-11 Mastercard Mobile Transactions Solutions, Inc. Shareable widget interface to mobile wallet functions
US10510055B2 (en) 2007-10-31 2019-12-17 Mastercard Mobile Transactions Solutions, Inc. Ensuring secure access by a service provider to one of a plurality of mobile electronic wallets
US10546283B2 (en) 2007-10-31 2020-01-28 Mastercard Mobile Transactions Solutions, Inc. Mobile wallet as a consumer of services from a service provider
US10546284B2 (en) 2007-10-31 2020-01-28 Mastercard Mobile Transactions Solutions, Inc. Mobile wallet as provider of services consumed by service provider applications
WO2013056104A1 (fr) * 2011-10-12 2013-04-18 C-Sam, Inc. Plateforme mobile d'activation de transaction sécurisée à plusieurs étages
CN104092656A (zh) * 2014-04-10 2014-10-08 鸿富锦精密工业(深圳)有限公司 移动终端、数据传输系统及方法

Also Published As

Publication number Publication date
WO2006074258A3 (fr) 2007-08-16

Similar Documents

Publication Publication Date Title
US20060253894A1 (en) Mobility device platform
US10686655B2 (en) Proximity and context aware mobile workspaces in enterprise systems
US20080301443A1 (en) Mobility device platform
US20090044259A1 (en) Mobility device platform paradigm
KR101573669B1 (ko) 문서들의 디지털 사용 권한들을 관리하기 위한 방법 및 디바이스
CN105359486B (zh) 使用代理安全访问资源
US20080301819A1 (en) Mobility device
US9231948B1 (en) Techniques for providing remote computing services
CN100593166C (zh) 便携式计算环境
CN105659557A (zh) 用于单点登录的基于网络的接口集成
US20080244265A1 (en) Mobility device management server
CN105379223A (zh) 用于移动应用管理的对移动应用的身份的验证
JP2017539017A (ja) サービスとしてのアイデンティティインフラストラクチャ
WO2014183106A2 (fr) Element securise sous la forme de poche numerique
BRPI0707220A2 (pt) métodos e sistemas para fornecer acesso a um ambiente de computação
KR20120126084A (ko) 개인 휴대형 보안 네트워크 액세스 시스템
CN110826043A (zh) 一种数字身份申请系统及方法、身份认证系统及方法
WO2020024929A1 (fr) Procédé de mise à niveau d'une plage d'application de service d'une carte d'identité électronique, et dispositif de terminal
WO2006074258A2 (fr) Plateforme pour dispositif mobile
JP2013517584A (ja) 個人用のポータブルで安全性の確保されたネットワークアクセスシステム
US8881256B1 (en) Portable access to auditing information
Buecker et al. Enterprise Single Sign-On Design Guide Using IBM Security Access Manager for Enterprise Single Sign-On 8.2
JP2008046679A (ja) インターネットサービス提供システム、可搬性記憶媒体及び通信端末
US20090259757A1 (en) Securely Pushing Connection Settings to a Terminal Server Using Tickets
Toth et al. The persona concept: a consumer-centered identity model

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase in:

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1)EPC (EPO FORM 1205A DATED 23.10.07)

122 Ep: pct application non-entry in european phase

Ref document number: 06717444

Country of ref document: EP

Kind code of ref document: A2