Method and system to contextually initiate synchronization services on mobile terminals in an enterprise environment
A system and method are disclosed for providing security features to a wireless mobile device based upon its context when it establishes a wireless connection with different access points. A plurality of access points are connected to a connectivity server which includes a security context middleware. Each of the access points also includes a security context middleware. Furthermore, each mobile wireless device includes security context middleware. A context manager program in the server determines a context for a wireless mobile device from a signal received from an access point indicating that the wireless mobile device is wirelessly connected to the access point. A database connected to the server stores security feature data which is accessible by the determined context to implement a security process. The context manager accesses the stored security feature data based on the determined context and sends a command representing the security feature data to the middleware programs in the server, the access point and the mobile wireless device to implement the security process in the mobile wireless device.
The invention disclosed broadly relates to context-dependent services for mobile terminals and more particularly relates to context dependent security features in communication, to properly authenticate and secure communication links for short range RF devices based on the current context of the device.
BACKGROUND OF THE INVENTION:Short-range mobile wireless devices frequently come within communicating range of stationary wireless devices, known as access points, which are connected to wireline local area networks (LANs) or wide area networks (WANs). The mobile wireless device can form a wireless link with a nearby access point to enable communication with network servers. The network servers can provide services to the mobile wireless devices, which can be customized to the particular access point currently nearest to and communicating with the mobile device. An example is a business enterprise's office building having a lobby area with an access point near the entrance and various offices and access points distributed within the interior of the building. A first access point in the lobby can provide to visitors copies of company brochures and office maps that are downloaded to their mobile devices from a network server. A second access point within a company employee's private office can provide copies of company confidential documents downloaded to the employee's mobile device from the network server. Clearly, there are different requirements for user authentication and document security in these two examples. What is needed in the prior art is a method to provide context dependent security features for short range RF devices based on the current context of the device.
Short-range wireless networks include both wireless personal area networks (“PANs”) and wireless local area network (“WLANs”). Both of these networks have the common feature of operating in unlicensed portions of the radio spectrum, usually either in the 2.4 GHz Industrial, Scientific, and Medical (ISM) band or the 5 GHz Unlicensed-National Information Infrastructure (“U-NII”) band. Wireless personal area networks use low cost, low power wireless devices that have a typical range of ten meters.
The best-known example of wireless personal area network technology is the Bluetooth Standard, which operates in the 2.4 GHz ISM band. Bluetooth is a short-range radio network, originally intended as a cable replacement. It can be used to create ad hoc networks of up to eight devices operating together. The Bluetooth Special Interest Group, Specification Of The Bluetooth System, Volumes 1 and 2, Core and Profiles: Version 1.1, 22nd February, 2001, (hereinafter “Bluetooth Specification”) describes the principles of Bluetooth device operation and communication protocols. Bluetooth devices are designed to find other Bluetooth devices and access points within their ten meter radio communications range.
The Bluetooth Specification describes the basic security features of the Bluetooth technology in its Chapter 14. The Bluetooth system provides usage protection and information confidentiality at the application layer and at the link layer. In each Bluetooth device and access point, the authentication and encryption routines are implemented in the same way, using the device's address BD_ADDR, two secret keys, and a random number which is different for each new transaction. What is needed in the prior art is a method to customize security features for short range RF devices and access points based on the current context of the mobile device.
In addition to the Bluetooth technology, examples of wireless local area network technology include the IEEE 802.11 Wireless LAN Standard and the HIPERLAN Standard, which operate in the 5 GHz U-NII band. The IEEE 802.11 Wireless LAN Standard is published in three parts as IEEE 802.11-1999; IEEE 802.11a-1999; and IEEE 802.11b-1999, which are available from the IEEE, Inc. web site http://grouper.ieee.org/groups/802/11. An overview of the HIPERLAN Type 2 principles of operation is provided in the Broadband Radio Access Networks (BRAN), HIPERLAN Type 2; System Overview, ETSI TR 101 683 VI.I.1 (2000-02). Another example of wireless local area network technology is Ultra Wideband (UWB) radio, a wireless technology for transmitting digital data over a wide spectrum of frequency bands with very low power. An Ultra Wideband (UWB) standard published by the IEEE 802.15.3a task group is a “classical” direct sequence version of UWB for Personal Area Networking.
What is needed in the prior art is a method to customize security features for short-range mobile wireless devices and access points based on the current context of the mobile device.
SUMMARY OF THE INVENTIONThe invention solves the problem of providing customizable, context dependent security features for short range RF devices based on the current context of the device. In accordance with the invention, the mobile device, the wireless access point, and the network server in the network each include security context middleware that responds to the detected location of the mobile device to provide customized security services to the mobile device. The security context middleware enables detecting, authenticating and registering the mobile device and encrypting its communications based on pre-specified security feature descriptions stored in the network server. The system administrator or a system management program can assign particular security features to individual access points in the network. The security features can be pre-specified based on the location of the access point, the identity of the user's mobile device, other characteristics of the user or the user's device, ambient conditions, such as the time of day, and the classification of any services requested by the mobile device.
When a mobile device moves into the communication domain of an access point, its presence is detected by the access point, a basic connection is established between the device and the access point, and the presence of the device is registered at the network server. The network server can then classify any service requested by the mobile device, such as synchronization to applications residing on another server and consider such service request as a factor in establishing an appropriate security feature to apply to the mobile device. For example, if the mobile device has requested synchronization with a confidential email or calendar service to update the mobile device, a high security will be assigned to the wireless connection between the mobile device and the access point.
The network server can then access a security context database to obtain the pre-specified security features corresponding to the location of the access point, the identity of the user's mobile device, other characteristics of the user or the user's device, ambient conditions, such as the time of day, and classification of any service requested by the mobile device. The network server obtains a middleware command from the database corresponding to the pre-specified security feature. The middleware command then is transmitted from the network server to the access point and to the mobile device. The middleware command invokes the particular security processing routine in the middleware of both the mobile device and the access point to implement the pre-specified security feature. The middleware command can also invoke a corresponding security processing routine in the network server when the server needs to participate in providing the security service to the mobile device.
Some of the factors considered by the security context middleware in determining the context of the mobile device include the mobile device's address BD_ADDR, the location of the access point, other available information about the mobile device, and the time of day. Other environmental factors that can also be considered by the security context middleware in determining the context of the mobile device include day of the week, season of the year, temperature, light level, and other ambient characteristics. The security context middleware can also classify any service requested by the mobile device, such as synchronization to applications residing on another server, and consider such service request as a factor in establishing an appropriate security feature to apply to the mobile device.
The network server is also responsible for maintaining additional information for comparing the determined context of the mobile device with threshold values of services that are pre-specified for the mobile device. The network server can automatically synchronize the mobile device with email or calendar services, for example, on another server. The network server can generate triggering events based on the comparison and send notices to the mobile device for suitable services or directly push service messages to the mobile device. In addition, the network server can provide necessary information to third parties for initiating services to the mobile device based on the comparison. Third party services can be provided to the mobile device either through the connected access point or via a separate cellular telephone network connection.
The resulting invention solves the problem of providing context dependent security features for short range RF devices based on the current context of the device.
The invention can be applied to wireless personal area networks employing the Bluetooth Standard, and to wireless local area networks employing the IEEE 802.11 Wireless LAN Standard or the HIPERLAN Standard.
DESCRIPTION OF THE FIGURES
In accordance with the invention, the security context middleware 10 stored in a memory of the user's wireless device 100, has a plurality of security process subroutines 602, 604 and 606 of
The security context database 182 and the security middleware commands table 182′ are shown in
Reference to
In step 200 the user's wireless device sends an inquiry response 202 to the access point 140B and receives a page 204 from the access point. Correspondingly, the access point receives the inquiry response packet from user's device 100. After inquiry and paging signals are exchanged, basic connection is established between the user's wireless device 100 and the access point 140B. At this point, an initial request for services can be sent by the mobile device 100 to the access point 140B, such as requesting synchronization of received email or synchronization of a calendar. A signal is transmitted from the access point 140B over the LAN 142 to the connectivity server 180 where the asynchronous connectionless link (ACL) is validated in step 208. Step 207 can then classify any services requested by the mobile device 100 and pass the classification information to the next step 209 where it is considered as a factor in establishing an appropriate security feature to apply to the mobile device 100.
Then passing to the path 209 the connectivity server 180 accesses the security context database 182 for security features to apply to the connection between the user's wireless device 100 and the access point 140B. This is done in step 210 using the access point address, user's device ID, any required terminal information about the user's device, the time of day and the class of service requested by the mobile device. Referring for a moment to the security context database 182 of
Step 210 in the connectivity server 180 then proceeds to step 215 which generates a link key which is transmitted via the access point 140B to the user's device 100, as step 216 in the subroutine 602 of the security context middleware 10, where it initiates security settings. In the connectivity server 180, step 215 proceeds to step 225 which sets the link key for Bluetooth 128-bit encryption. This information is then provided to the access point 140B the step 222 in the subroutine 702 of the security context middleware 10′, to establish an authenticated and encrypted middleware connection with the user's device. Correspondingly, step 216 in the user's device 100 proceeds to step 218 to establish the authenticated and encrypted middleware connection with the access point over path 220. Step 222 in the access point 140B then proceeds to step 224 where the middleware connection is established and this information is then passed back to the connectivity server 180 step 226 which generates the dynamic point-to-point protocol user name and password for additional access control. The flow then passes to step 228 to forward the PPP user name and password to the access point and the user device. Step 230 of the access point 140B, forwards the PPP user name and password to the user device and also applies it to step 236. In the user's device 100, step 232 establishes the authenticated and encrypted IP connection with the access point and flow passes to step 234. Step 234 and 236 then establish over path 235 an authenticated and encrypted IP connection. Then the connectivity server 180 in step 238 accesses the context database 182 for services available to the user's device using the access point's address, the user's device ID, terminal information, time, and service requests. The network server can automatically synchronize the mobile device with email or calendar services on another server. Reference to
If the user's device 100 were now to pass to the cashier coverage area 150C in
It is seen in
In an alternate embodiment of the invention, at least some of the functions of the connectivity server 180 and context manager 14 can be contained within the access points 140A and 140B. Similarly, at least some of the functions of the security context database 182 can be contained within the access points 140A and 140B.
Although specific embodiments of the invention has been disclosed, a person skilled in the art will understand that changes can be made to the specific embodiment without departing from the spirit and scope of the invention.
Claims
1. A system to provide security features to a wireless mobile device based on its context, comprising:
- a first middleware program stored in a memory of a wireless mobile device, having a plurality of security process subroutines selectable by a command;
- a second middleware program stored in a memory of a wireless access point device, having a plurality of security process subroutines selectable by said command;
- a third middleware program stored in a memory of a server in a network coupled to said access point device, having a plurality of security process subroutines selectable by said command;
- a context manager program in said server for determining a context for said wireless mobile device from a signal received from said access point indicating that said wireless mobile device is wirelessly connected to said access point;
- a database coupled to said server for storing security feature data accessible by said determined context to implement a security process;
- said context manager accessing said stored security feature data based on said determined context and sending a command representing said security feature data to said first, second, and third middleware programs to implement said security process in said wireless mobile device, said access point device, and said server, respectively.
2. The system of claim 1, which further comprises:
- said database storing service data accessible by said determined context to implement a service;
- said context manager accessing said stored service data based on said determined context and sending a message representing said service data to said wireless mobile device to implement said service in said wireless mobile device.
3. The system of claim 1, which further comprises:
- said database storing third-party message data accessible by said determined context to implement a service;
- said context manager accessing said stored third-party message data based on said determined context and sending a message representing said message data to a third party for providing said wireless mobile device a service.
4. The system of claim 3, which further comprises:
- a Bluetooth communications subsystem in said wireless mobile device;
- a Bluetooth communications subsystem in said wireless access point device;
- said context manager program determining said context for said wireless mobile device from a signal received from said access point indicating that said Bluetooth communications subsystems have established a connection between said wireless mobile device and said access point;
- a cellular telephone communications subsystem in said wireless mobile device;
- said third party selectively providing said service to said wireless mobile device via said cellular telephone communications subsystem or said Bluetooth communications subsystem.
5. The system of claim 3, which further comprises:
- an IEEE 802.11 wireless LAN communications subsystem in said wireless mobile device;
- an IEEE 802.11 wireless LAN communications subsystem in said wireless access point device;
- said context manager program determining said context for said wireless mobile device from a signal received from said access point indicating that said IEEE 802.11 wireless LAN communications subsystems have established a connection between said wireless mobile device and said access point;
- a cellular telephone communications subsystem in said wireless mobile device;
- said third party selectively providing said service to said wireless mobile device via said cellular telephone communications subsystem or said IEEE 802.11 wireless LAN communications subsystem.
6. The system of claim 1, which further comprises:
- said context manager program further accessing said stored security feature data based on a type of service requested by said mobile device.
7. The system of claim 1, which further comprises:
- said context manager program determining said context for said wireless mobile device from an identity of said access point and an identity of said wireless mobile device.
8. The system of claim 7, which further comprises:
- said context manager program further determining said context for said wireless mobile device from a time of day said wireless mobile device connects to said access point.
9. The system of claim 1, which further comprises:
- said security feature data stored in said database representing an authentication process accessible by said determined context to authenticate said wireless mobile device when wirelessly connected to said access point.
10. The system of claim 9, which further comprises:
- said security feature data stored in said database representing a first authentication process to be applied to authenticating a first wireless mobile device and a second authentication process to be applied to authenticating a second wireless mobile device accessible by said determined context detected at said wireless access point.
11. The system of claim 1, which further comprises:
- said security feature data stored in said database representing an encryption process accessible by said determined context to encrypt communications between said wireless mobile device and said access point.
12. The system of claim 11, which further comprises:
- said security feature data stored in said database representing a first encryption process to be applied to encrypting a first wireless mobile device and a second encryption process to be applied to encrypting a second wireless mobile device accessible by said determined context detected at said wireless access point.
13. The system of claim 1, which further comprises:
- said security feature data stored in said database representing a first selectable security process and a second selectable security process, which are alternately selectable by a system administrator to be applied when a wireless mobile device is detected by said context manager program to be at said wireless access point.
14. The system of claim 1, which further comprises:
- said security feature data stored in said database representing a first selectable security process and a second selectable security process, which are alternately selectable by a control program to be applied when a wireless mobile device is detected by said context manager program to be at said wireless access point.
15. The system of claim 1, which further comprises:
- a Bluetooth communications subsystem in said wireless mobile device;
- a Bluetooth communications subsystem in said wireless access point device;
- said context manager program determining said context for said wireless mobile device from a signal received from said access point indicating that said Bluetooth communications subsystems have established a connection between said wireless mobile device and said access point.
16. The system of claim 1, which further comprises:
- an IEEE 802.11 wireless LAN communications subsystem in said wireless mobile device;
- an IEEE 802.11 wireless LAN communications subsystem in said wireless access point device;
- said context manager program determining said context for said wireless mobile device from a signal received from said access point indicating that said IEEE 802.11 wireless LAN communications subsystems have established a connection between said wireless mobile device and said access point.
17. The system of claim 1, which further comprises:
- said context manager program classifying a service requested by said mobile device to synchronize to an application and establishing an appropriate security feature to apply to said mobile device based on said classification.
18. The system of claim 1, which further comprises:
- said context manager comparing said determined context with threshold values of services for said mobile wireless device generating a triggering event when a comparison is satisfied.
19. The system of claim 18, which further comprises:
- said triggering event initiating sending a message representing said service data to said wireless mobile device to implement said service in said wireless mobile device.
20. The system of claim 18, which further comprises:
- said triggering event initiating pushing said service represented by said service data to said wireless mobile device.
21. A method to provide security features to a wireless mobile device based on its context, comprising:
- storing a first middleware program in a memory of a wireless mobile device, having a plurality of security process subroutines selectable by a command; storing a second middleware program in a memory of a wireless access point device, having a plurality of security process subroutines selectable by said command;
- storing a third middleware program in a memory of a server in a network coupled to said access point device, having a plurality of security process subroutines selectable by said command;
- determining with a context manager program in said server a context for said wireless mobile device from a signal received from said access point indicating that said wireless mobile device is wirelessly connected to said access point;
- storing in a database coupled to said server security feature data accessible by said determined context to implement a security process;
- accessing with said context manager said stored security feature data based on said determined context and sending a command representing said security feature data to said first, second, and third middleware programs to implement said security process in said wireless mobile device, said access point device, and said server, respectively.
22. The method of claim 21, which further comprises:
- said database storing service data accessible by said determined context to implement a service;
- said context manager accessing said stored service data based on said determined context and sending a message representing said service data to said wireless mobile device to implement said service in said wireless mobile device.
23. The method of claim 21, which further comprises:
- said database storing third-party message data accessible by said determined context to implement a service;
- said context manager accessing said stored third-party message data based on said determined context and sending a message representing said message data to a third party for providing said wireless mobile device a service.
24. The method of claim 23, which further comprises:
- operating a Bluetooth communications subsystem in said wireless mobile device;
- operating a Bluetooth communications subsystem in said wireless access point device;
- said context manager program determining said context for said wireless mobile device from a signal received from said access point indicating that said Bluetooth communications subsystems have established a connection between said wireless mobile device and said access point;
- operating a cellular telephone communications subsystem in said wireless mobile device;
- said third party selectively providing said service to said wireless mobile device via said cellular telephone communications subsystem or said Bluetooth communications subsystem.
25. The method of claim 23, which further comprises:
- operating an IEEE 802.11 wireless LAN communications subsystem in said wireless mobile device;
- operating an IEEE 802.11 wireless LAN communications subsystem in said wireless access point device;
- said context manager program determining said context for said wireless mobile device from a signal received from said access point indicating that said IEEE 802.11 wireless LAN communications subsystems have established a connection between said wireless mobile device and said access point;
- operating a cellular telephone communications subsystem in said wireless mobile device;
- said third party selectively providing said service to said wireless mobile device via said cellular telephone communications subsystem or said IEEE 802.11 wireless LAN communications subsystem.
26. The method of claim 21, which further comprises:
- said context manager program further accessing said stored security feature data based on a type of service requested by said mobile device.
27. The method of claim 21, which further comprises:
- said context manager program determining said context for said wireless mobile device from an identity of said access point and an identity of said wireless mobile device.
28. The method of claim 27, which further comprises:
- said context manager program further determining said context for said wireless mobile device from a time of day said wireless mobile device connects to said access point.
29. The method of claim 21, which further comprises:
- said security feature data stored in said database representing an authentication process accessible by said determined context to authenticate said wireless mobile device when wirelessly connected to said access point.
30. The method of claim 29, which further comprises:
- said security feature data stored in said database representing a first authentication process to be applied to authenticating a first wireless mobile device and a second authentication process to be applied to authenticating a second wireless mobile device accessible by said determined context detected at said wireless access point.
31. The method of claim 21, which further comprises:
- said security feature data stored in said database representing an encryption process accessible by said determined context to encrypt communications between said wireless mobile device and said access point.
32. The method of claim 31, which further comprises:
- said security feature data stored in said database representing a first encryption process to be applied to encrypting a first wireless mobile device and a second encryption process to be applied to encrypting a second wireless mobile device accessible by said determined context detected at said wireless access point.
33. The method of claim 21, which further comprises:
- said security feature data stored in said database representing a first selectable security process and a second selectable security process, which are alternately selectable by a system administrator to be applied when a wireless mobile device is detected by said context manager program to be at said wireless access point.
34. The method of claim 21, which further comprises:
- said security feature data stored in said database representing a first selectable security process and a second selectable security process, which are alternately selectable by a control program to be applied when a wireless mobile device is detected by said context manager program to be at said wireless access point.
35. The method of claim 21, which further comprises:
- operating a Bluetooth communications subsystem in said wireless mobile device;
- operating a Bluetooth communications subsystem in said wireless access point device;
- said context manager program determining said context for said wireless mobile device from a signal received from said access point indicating that said Bluetooth communications subsystems have established a connection between said wireless mobile device and said access point.
36. The method of claim 21, which further comprises:
- operating an IEEE 802.11 wireless LAN communications subsystem in said wireless mobile device;
- operating an IEEE 802.11 wireless LAN communications subsystem in said wireless access point device;
- said context manager program determining said context for said wireless mobile device from a signal received from said access point indicating that said IEEE 802.11 wireless LAN communications subsystems have established a connection between said wireless mobile device and said access point.
37. The method of claim 21, which further comprises:
- said context manager program classifying a service requested by said mobile device to synchronize to an application, and
- establishing an appropriate security feature to apply to said mobile device based on said classification.
38. The method of claim 21, which further comprises:
- said context manager comparing said determined context with threshold values of services for said mobile wireless device generating a triggering event when a comparison is satisfied.
39. The method of claim 38, which further comprises:
- said triggering event initiating sending a message representing said service data to said wireless mobile device to implement said service in said wireless mobile device.
40. The method of claim 38, which further comprises:
- said triggering event initiating pushing said service represented by said service data to said wireless mobile device.
41. A system to provide security features to a wireless mobile device based on its context, comprising:
- a first middleware program stored in a memory of a first wireless mobile device, having a plurality of security process subroutines selectable by a command;
- a second middleware program stored in a memory of a second wireless device having a known current location, said middleware having a plurality of security process subroutines selectable by said command;
- a context manager program in a server coupled to said second wireless device for determining a context for said first wireless mobile device when said first wireless mobile device is wirelessly connected to said second wireless device;
- a database coupled to said server for storing security feature data accessible by said determined context to implement a security process;
- said context manager accessing said stored security feature data based on said determined context and issuing a command representing said security feature data to said first and second middleware programs to implement said security process in said first wireless mobile device and said second wireless device, respectively.
42. The system of claim 41, which further comprises:
- said server and said context manager are contained within said second wireless device.
43. The system of claim 42, which further comprises:
- said database is contained within said second wireless device.
44. The system of claim 41, which further comprises:
- said database storing service data accessible by said determined context to implement a service;
- said context manager accessing said stored service data based on said determined context and providing said service data to said wireless mobile device to implement said service in said wireless mobile device.
45. The system of claim 41, which further comprises:
- said database storing third-party message data accessible by said determined context to implement a service;
- said context manager accessing said stored third-party message data based on said determined context and sending a message representing said message data to a third party for providing said wireless mobile device a service.
46. The system of claim 45, which further comprises:
- a cellular telephone communications subsystem in said first wireless mobile device;
- said third party selectively providing said service to said wireless mobile device via said cellular telephone communications subsystem or said second wireless device.
47. The system of claim 41, which further comprises:
- said second wireless device is mobile and includes a location detector coupled to said context manager for providing said known current location.
48. The system of claim 47, which further comprises:
- said server and said context manager are contained within said second wireless device.
49. The system of claim 48, which further comprises:
- said database is contained within said second wireless device.
50. The system of claim 47, which further comprises:
- said database storing service data accessible by said determined context to implement a service;
- said context manager accessing said stored service data based on said determined context and providing said service data to said wireless mobile device to implement said service in said wireless mobile device.
51. The system of claim 47, which further comprises:
- said database storing third-party message data accessible by said determined context to implement a service;
- said context manager accessing said stored third-party message data based on said determined context and sending a message representing said message data to a third party for providing said wireless mobile device a service.
52. The system of claim 51, which further comprises:
- a cellular telephone communications subsystem in said first wireless mobile device;
- said third party providing said service to said wireless mobile device via said cellular telephone communications subsystem.
53. A server to provide security features to a wireless mobile device based on its context, comprising:
- a computer coupled to a wireless access point;
- a context manager program stored in a memory of the computer, for determining a context for a wireless mobile device when said wireless mobile device is wirelessly connected to said wireless access point;
- a database coupled to said computer for storing security feature data accessible by said determined context to implement a security process;
- said context manager accessing said stored security feature data based on said determined context and issuing a command representing said security feature data;
- a middleware program stored in a memory of the computer, having a plurality of security process subroutines selectable by said command, to operatively interact with a first middleware program in said access point and a second middleware program in said mobile wireless device, to implement said security process in said first wireless mobile device and said second wireless device, respectively.
54. The server of claim 53, which further comprises:
- said database storing service data accessible by said determined context to implement a service;
- said context manager accessing said stored service data based on said determined context and providing said service data to said wireless mobile device to implement said service in said wireless mobile device.
55. The server of claim 53, which further comprises:
- said database storing third-party message data accessible by said determined context to implement a service;
- said context manager accessing said stored third-party message data based on said determined context and sending a message representing said message data to a third party for providing said wireless mobile device a service.
56. The server of claim 55, which further comprises:
- said third party selectively providing said service to said wireless mobile device via a cellular telephone communications subsystem or said wireless access point.
57. The server of claim 53, which further comprises:
- said wireless access point is mobile and includes a location detector coupled to said context manager for providing a known current location.
58. The server of claim 53, which further comprises:
- said context manager program further accessing said stored security feature data based on a type of service requested by said wireless mobile device.
59. The server of claim 53, which further comprises:
- said context manager program determining said context for said wireless mobile device from an identity of said access point and an identity of said wireless mobile device.
60. The server of claim 59, which further comprises:
- said context manager program further determining said context for said wireless mobile device from a time of day said wireless mobile device connects to said access point.
61. The server of claim 53, which further comprises:
- said security feature data stored in said database representing an authentication process accessible by said determined context to authenticate said wireless mobile device when wirelessly connected to said access point.
62. The server of claim 61, which further comprises:
- said security feature data stored in said database representing a first authentication process to be applied to authenticating a first wireless mobile device and a second authentication process to be applied to authenticating a second wireless mobile device accessible by said determined context detected at said wireless access point.
63. The server of claim 53, which further comprises:
- said security feature data stored in said database representing an encryption process accessible by said determined context to encrypt communications between said wireless mobile device and said access point.
64. The server of claim 63, which further comprises:
- said security feature data stored in said database representing a first encryption process to be applied to encrypting a first wireless mobile device and a second encryption process to be applied to encrypting a second wireless mobile device accessible by said determined context detected at said wireless access point.
65. The server of claim 53, which further comprises:
- said security feature data stored in said database representing a first selectable security process and a second selectable security process, which are alternately selectable by a system administrator to be applied when a wireless mobile device is detected by said context manager program to be at said wireless access point.
66. The server of claim 53, which further comprises:
- said security feature data stored in said database representing a first selectable security process and a second selectable security process, which are alternately selectable by a control program to be applied when a wireless mobile device is detected by said context manager program to be at said wireless access point.
67. A wireless access point to provide security features to a wireless mobile device based on its context, comprising:
- a computer coupled to a memory;
- a server interface coupled to said computer, for interfacing with a server;
- a wireless communications interface coupled to said computer, for wirelessly interfacing with a mobile wireless device;
- a communications program stored in said memory, for establishing a wireless connection with said mobile device and providing context information to said server when said wireless mobile device is wirelessly connected to said wireless communications interface;
- a middleware program stored in said memory, having a plurality of security process subroutines selectable by a command received from said server in response to said context information;
- said command representing a security feature to be implemented in said access point and said wireless mobile device by one of said subroutines selected by said command.
68. The wireless access point of claim 67, which further comprises:
- a context manager program coupled to said access point, for determining a context of said mobile device based on said context information.
69. The wireless access point of claim 68, which further comprises:
- a database coupled to said access point for storing security feature data accessible by a determined context of said wireless mobile device, to implement a security process.
70. The wireless access point of claim 69, which further comprises:
- said database storing service data accessible by said determined context to implement a service;
- said context manager accessing said stored service data based on said determined context and providing said service data to said wireless mobile device to implement said service in said wireless mobile device.
71. The wireless access point of claim 69, which further comprises:
- said database storing third-party message data accessible by said determined context to implement a service;
- said context manager accessing said stored third-party message data based on said determined context and sending a message representing said message data to a third party for providing said wireless mobile device a service.
72. The wireless access point of claim 71, which further comprises:
- said third party selectively providing said service to said wireless mobile device via a cellular telephone communications subsystem or said access point.
73. The wireless access point of claim 67, which further comprises:
- a location detector coupled to said access point for providing a known current location of said access point to said context manager.
74. The wireless access point of claim 69, which further comprises:
- a Bluetooth communications subsystem in said wireless access point device and in said mobile device;
- said context manager program determining said context for said wireless mobile device from a signal received from said access point indicating that said Bluetooth communications subsystems have established a connection between said wireless mobile device and said access point.
75. The wireless access point of claim 69, which further comprises:
- an IEEE 802.11 wireless LAN communications subsystem in said wireless access point device and in said mobile device;
- said context manager program determining said context for said wireless mobile device from a signal received from said access point indicating that said IEEE 802.11 wireless LAN communications subsystems have established a connection between said wireless mobile device and said access point.
76. The wireless access point of claim 69, which further comprises:
- said context manager program further accessing said stored security feature data based on a type of service requested by said mobile device.
77. The wireless access point of claim 69, which further comprises:
- said context manager program determining said context for said wireless mobile device from an identity of said access point and an identity of said wireless mobile device.
78. The wireless access point of claim 77, which further comprises:
- said context manager program further determining said context for said wireless mobile device from a time of day said wireless mobile device connects to said access point.
79. The wireless access point of claim 69, which further comprises:
- said security feature data stored in said database representing an authentication process accessible by said determined context to authenticate said wireless mobile device when wirelessly connected to said access point.
80. The wireless access point of claim 79, which further comprises:
- said security feature data stored in said database representing a first authentication process to be applied to authenticating a first wireless mobile device and a second authentication process to be applied to authenticating a second wireless mobile device accessible by said determined context detected at said wireless access point.
81. The wireless access point of claim 69, which further comprises:
- said security feature data stored in said database representing an encryption process accessible by said determined context to encrypt communications between said wireless mobile device and said access point.
82. The wireless access point of claim 81, which further comprises:
- said security feature data stored in said database representing a first encryption process to be applied to encrypting a first wireless mobile device and a second encryption process to be applied to encrypting a second wireless mobile device accessible by said determined context detected at said wireless access point.
83. The wireless access point of claim 69, which further comprises:
- said security feature data stored in said database representing a first selectable security process and a second selectable security process, which are alternately selectable by a system administrator to be applied when a wireless mobile device is detected by said context manager program to be at said wireless access point.
84. The wireless access point of claim 69, which further comprises:
- said security feature data stored in said database representing a first selectable security process and a second selectable security process, which are alternately selectable by a control program to be applied when a wireless mobile device is detected by said context manager program to be at said wireless access point.
85. The wireless access point of claim 69, which further comprises:
- said context manager program classifying a service requested by said mobile device to synchronize to an application and establishing an appropriate security feature to apply to said mobile device based on said classification.
86. The wireless access point of claim 69, which further comprises:
- said context manager comparing said determined context with threshold values of services for said mobile wireless device generating a triggering event when a comparison is satisfied.
87. The wireless access point of claim 86, which further comprises:
- said triggering event initiating sending a message representing said service data to said wireless mobile device to implement said service in said wireless mobile device.
88. The wireless access point of claim 86, which further comprises:
- said triggering event initiating pushing said service represented by said service data to said wireless mobile device.
89. The wireless access point of claim 69, which further comprises:
- a Bluetooth-enabled device coupled to said wireless communications interface;
- said wireless communications interface receiving control signals from said wireless mobile device and forwarding them to said Bluetooth-enabled device for control thereof.
90. The wireless access point of claim 89, which further comprises:
- said wireless communications interface receiving output signals from said Bluetooth-enabled device in response to said control signals;
- said server interface forwarding said output signals to said server.
91. The wireless access point of claim 90, which further comprises:
- said Bluetooth-enabled device is a barcode reader.
92. A wireless mobile device having security features based on its context, comprising:
- a computer coupled to a memory;
- a wireless communications interface coupled to said computer, for wirelessly interfacing with an access point;
- a communications program stored in said memory, for establishing a wireless connection with said access point;
- said access point providing to a server context information about the mobile device when said access point is wirelessly connected to said wireless communications interface;
- a middleware program stored in said memory, having a plurality of security process subroutines selectable by a command received from said access point in response to said context information;
- said command representing a security feature to be implemented in said wireless mobile device by one of said subroutines selected by said command.
93. The wireless mobile device of claim 92, which further comprises:
- said access point coupled to a context manager program, for determining a context of said mobile device based on said context information.
94. The wireless mobile device of claim 93, which further comprises:
- said access point coupled to a database for storing security feature data accessible by a determined context of said wireless mobile device, to implement a security process.
95. The wireless mobile device of claim 92, which further comprises:
- said database storing service data accessible by said determined context to implement a service;
- said context manager accessing said stored service data based on said determined context and providing said service data to said wireless mobile device to implement said service in said wireless mobile device.
96. The wireless mobile device of claim 92, which further comprises:
- said database storing third-party message data accessible by said determined context to implement a service;
- said context manager accessing said stored third-party message data based on said determined context and sending a message representing said message data to a third party for providing said wireless mobile device a service.
97. The wireless mobile device of claim 96, which further comprises:
- a cellular telephone subsystem in said wireless mobile device;
- said third party selectively providing said service to said wireless mobile device via said cellular telephone communications subsystem or said access point.
98. The wireless mobile device of claim 92, which further comprises:
- a Bluetooth communications subsystem in said wireless access point device and in said mobile device;
- said context manager program determining said context for said wireless mobile device from a signal received from said access point indicating that said Bluetooth communications subsystems have established a connection between said wireless mobile device and said access point.
99. The wireless mobile device of claim 92, which further comprises:
- an IEEE 802.11 wireless LAN communications subsystem in said wireless access point device and in said mobile device;
- said context manager program determining said context for said wireless mobile device from a signal received from said access point indicating that said IEEE 802.11 wireless LAN communications subsystems have established a connection between said wireless mobile device and said access point.
100. The wireless mobile device of claim 92, which further comprises:
- said context manager program further accessing said stored security feature data based on a type of service requested by said mobile device.
101. The wireless mobile device of claim 92, which further comprises:
- said context manager program determining said context for said wireless mobile device from an identity of said access point and an identity of said wireless mobile device.
102. The wireless mobile device of claim 101, which further comprises:
- said context manager program further determining said context for said wireless mobile device from a time of day said wireless mobile device connects to said access point.
103. The wireless mobile device of claim 92, which further comprises:
- said security feature data stored in said database representing an authentication process accessible by said determined context to authenticate said wireless mobile device when wirelessly connected to said access point.
104. The wireless mobile device of claim 103, which further comprises:
- said security feature data stored in said database representing a first authentication process to be applied to authenticating a first wireless mobile device and a second authentication process to be applied to authenticating a second wireless mobile device accessible by said determined context detected at said wireless access point.
105. The wireless mobile device of claim 92, which further comprises:
- said security feature data stored in said database representing an encryption process accessible by said determined context to encrypt communications between said wireless mobile device and said access point.
106. The wireless mobile device of claim 105, which further comprises:
- said security feature data stored in said database representing a first encryption process to be applied to encrypting a first wireless mobile device and a second encryption process to be applied to encrypting a second wireless mobile device accessible by said determined context detected at said wireless access point.
107. The wireless mobile device of claim 92, which further comprises:
- said security feature data stored in said database representing a first selectable security process and a second selectable security process, which are alternately selectable by a system administrator to be applied when a wireless mobile device is detected by said context manager program to be at said wireless access point.
108. The wireless mobile device of claim 92, which further comprises:
- said security feature data stored in said database representing a first selectable security process and a second selectable security process, which are alternately selectable by a control program to be applied when a wireless mobile device is detected by said context manager program to be at said wireless access point.
109. The wireless mobile device of claim 92, which further comprises:
- said context manager program classifying a service requested by said mobile device to synchronize to an application and establishing an appropriate security feature to apply to said mobile device based on said classification.
110. The wireless mobile device of claim 92, which further comprises:
- said context manager comparing said determined context with threshold values of services for said mobile wireless device generating a triggering event when a comparison is satisfied.
111. The wireless mobile device of claim 110, which further comprises:
- said triggering event initiating sending a message representing said service data to said wireless mobile device to implement said service in said wireless mobile device.
112. The wireless mobile device of claim 110, which further comprises:
- said triggering event initiating pushing said service represented by said service data to said wireless mobile device.
113. A program product for a wireless mobile device having security features based on its context, comprising:
- a communications program for establishing a wireless connection with an access point;
- said access point providing to a server context information about the mobile device when said access point is wirelessly connected to said wireless communications interface;
- a middleware program having a plurality of security process subroutines selectable by a command received from said access point in response to said context information;
- said command representing a security feature to be implemented in said wireless mobile device by one of said subroutines selected by said command.
114. The program product of claim 113, which further comprises:
- said communications program receiving and processing a message representing service data to implement a service in said wireless mobile device in response to said context information.
115. The program product of claim 113, which further comprises:
- said communications program receiving and processing a service pushed to said wireless mobile device from said access point in response to said context information.
116. A program product for an access point to provide security features to a wireless mobile device based on its context, comprising:
- a communications program for establishing a wireless connection with a mobile device and providing context information to a server when said wireless mobile device is wirelessly connected to the access point;
- a middleware program having a plurality of security process subroutines selectable by a command received from said server in response to said context information;
- said command representing a security feature to be implemented in said access point and said wireless mobile device by one of said subroutines selected by said command.
117. The program product of claim 116, which further comprises:
- said communications program receiving service data from said server based on said determined context and providing said service data to said wireless mobile device to implement said service in said wireless mobile device.
118. The program product of claim 116, which further comprises:
- said communications program receiving third-party message data based on said determined context and sending a message representing said message data to a third party for providing said wireless mobile device a service.
119. The program product of claim 118, which further comprises:
- said third party selectively providing said service to said wireless mobile device via a cellular telephone communications subsystem or said access point.
120. The program product of claim 116, which further comprises:
- said communications program pushing a service to said wireless mobile device in response to said context information.
121. The program product of claim 116, which further comprises:
- said communications program receiving control signals from said wireless mobile device and forwarding them to a Bluetooth-enabled device for control thereof.
122. The program product of claim 121, which further comprises:
- said communications program receiving output signals from said Bluetooth-enabled device in response to said control signals and forwarding said output signals to said server.
123. A program product for a server to provide security features to a wireless mobile device based on its context, comprising:
- a context manager program for determining a context for a wireless mobile device when said wireless mobile device is wirelessly connected to a wireless access point;
- said context manager accessing stored security feature data based on said determined context and issuing a command representing said security feature data;
- a middleware program having a plurality of security process subroutines selectable by said command, to operatively interact with a first middleware program in said access point and a second middleware program in said mobile wireless device, to implement said security process in said first wireless mobile device and said second wireless device, respectively.
124. The program product of claim 123, which further comprises:
- said context manager accessing stored service data based on said determined context and providing said service data to said wireless mobile device to implement said service in said wireless mobile device.
125. The program product of claim 124, which further comprises:
- said context manager accessing a stored third-party message data based on said determined context and sending a message representing said message data to a third party for providing said wireless mobile device a service.
126. The program product of claim 125, which further comprises:
- said third party selectively providing said service to said wireless mobile device via a cellular telephone communications subsystem or said wireless access point.
127. The program product of claim 123, which further comprises:
- said context manager program further accessing said stored security feature data based on a type of service requested by said wireless mobile device.
128. The program product of claim 123, which further comprises:
- said context manager program determining said context for said wireless mobile device from an identity of said access point and an identity of said wireless mobile device.
129. The program product of claim 128, which further comprises:
- said context manager program further determining said context for said wireless mobile device from a time of day said wireless mobile device connects to said access point.
130. The program product of claim 123, which further comprises:
- said context manager program classifying a service requested by said mobile device to synchronize to an application and establishing an appropriate security feature to apply to said mobile device based on said classification.
131. The program product of claim 123, which further comprises:
- said context manager comparing said determined context with threshold values of services for said mobile wireless device generating a triggering event when a comparison is satisfied.
132. The program product of claim 123, which further comprises:
- said triggering event initiating sending a message representing said service data to said wireless mobile device to implement said service in said wireless mobile device.
133. The program product of claim 132, which further comprises:
- said triggering event initiating pushing said service represented by said service data to said wireless mobile device.
Type: Application
Filed: Oct 1, 2004
Publication Date: Apr 6, 2006
Inventors: Jouni Malinen (Espoo), Jussi Maki (Espoo)
Application Number: 10/954,197
International Classification: G06F 15/177 (20060101);