[go: up one dir, main page]

HK1140071A - Systems and methods for controlling service access on a wireless communication device - Google Patents

Systems and methods for controlling service access on a wireless communication device Download PDF

Info

Publication number
HK1140071A
HK1140071A HK10106733.7A HK10106733A HK1140071A HK 1140071 A HK1140071 A HK 1140071A HK 10106733 A HK10106733 A HK 10106733A HK 1140071 A HK1140071 A HK 1140071A
Authority
HK
Hong Kong
Prior art keywords
access control
access
wireless communication
communication device
privilege
Prior art date
Application number
HK10106733.7A
Other languages
Chinese (zh)
Inventor
H‧R‧帕特里
陈安梅
Original Assignee
高通股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 高通股份有限公司 filed Critical 高通股份有限公司
Publication of HK1140071A publication Critical patent/HK1140071A/en

Links

Description

System and method for controlling service access on a wireless communication device
Technical Field
The present invention relates to wireless communication devices, and more particularly, to methods and apparatus for controlling access to services, applications and content on a wireless communication device.
Background
Wireless communication devices through which most people worldwide have come to communicate have become commonplace. As the cost of these devices and the cost of the services associated with these devices (e.g., cellular telephone services) decrease, the overall popularity of these devices in the general population begins to increase. Wireless communication devices are no longer limited to commercial use and/or emergency communication, but are commonly used in various aspects of life.
However, conventional wireless communication devices are limited in functionality, such as to cellular telephone communications, and many wireless communication devices today are multi-function devices capable of providing multiple functions and/or accessing multiple wireless services. For example, a wireless communication device may have the capability to access the internet, and in this regard, network-based services such as audio, video, and multimedia services. Additionally, wireless communication devices are currently available for access to broadcast video and/or audio services, including mobile television. Wireless communication devices are also used to communicate via email, Short Message Service (SMS) (e.g., text messaging), push-to-talk (PPT), and the like. In addition to wireless network services, wireless communication devices may include various applications, such as video game applications, audio and/or video player applications, and so forth.
The ability to control access to many communication means, network services and applications becomes critical where wireless communication devices are widely used and each device has the ability to provide such means, access to many network services and include many applications. For example, parents who provide a wireless communication device to a child may desire to control the communication of the child on the device, the content and applications accessed by the child on the device, and so forth. In such a case, the parent may desire to set content level restrictions on the device to limit access to content and/or services that meet the set acceptable restrictions. However, control of access to services and/or content on the wireless communication device is not limited to prohibiting user access to services, content, and/or applications. In some cases, parents may be willing to have children access to certain services, content, or applications, while in other cases parents want to control (i.e., limit or prohibit) access to services, content, or applications. For example, when a child is in school during normal class hours, a parent may desire to disable access to all functions/applications/services unrelated to school and restrict access to cellular services so that the child can only call or receive calls from the parent or another designated emergency contact. In another example, when a child is at home, a parent may desire to control access on the wireless device for a time specified by the household as a study time.
Controlling access on a wireless device is not limited to the parental/child mode. In many other cases, an entity may desire to control access on a wireless device. For example, an employer may desire to control an employee's access to a wireless device at a workplace location to ensure that the employee is focused on business related things rather than personal things. In addition, public places (e.g., churches, show auditoriums, government buildings, etc.) may desire to control access to their restricted areas in order to ensure that services, shows, or meetings are not interrupted by audible ring tones or the user's talk sounds. However, in these cases, the entity desiring control of the device may desire to limit access to the services/content/applications without completely disabling use of the wireless communication device.
In addition, the user of the wireless device may desire to control access, for example, to limit the amount of call minutes during high-charge periods (e.g., on weekdays), but to allow unlimited amounts of call minutes at night or on weekends. Currently, wireless communication devices may be used to monitor the amount of minutes used, but do not provide the user with the ability to control the amount of call minutes over a specified period of time.
Currently, access control to a service or application is limited to individual control on a service or application basis. This means that a wireless device user can configure applications or services available on the wireless communication device to provide certain aspects of content access control for a particular application or service. For example, a user may configure a web browser application to limit the types of content that may be accessed, or a user may configure an SMS application to limit who receives communications from. However, no wireless communication device currently provides device-wide access control. For example, communication to certain individuals is restricted regardless of which communication service is used, or accessible content is restricted regardless of which service is used to access the content.
Accordingly, there is a need for systems and methods that can control access to services, content, and/or applications or wireless communication devices. The desired system and method should allow for user configuration of access control or device control entities, such as parents, employers, etc. In addition, the desired system and method should be able to provide device-wide content access control or access control to pre-configured services, applications and content, as desired by the user or controlling entity. The desired system and method should not only prohibit access to services, content and/or applications, but also restrict access to services based on other factors, such as device location, date, week, etc., communication entity, content type, etc.
Disclosure of Invention
The aspects presented herein provide methods, devices, systems, and computer program products for controlling access to services, content, applications, etc., on a wireless communication device. In one aspect, wireless communication device-wide access control is provided such that there is unified access control in the device; access control is provided for more than one service, content and/or application accessible on the device, and in some instances for all services, content and/or applications accessible on the device. In addition, these aspects provide for restricting or prohibiting access based on a number of access control factors, such as content type, service type, device location, time, or any other device environment and/or status characteristic. These methods, devices, systems, and computer program products for content access control may be executed on a wireless communication device or may be executed in a wireless network.
In one aspect, a method for controlling service access on a wireless communication device is defined. The method comprises the following steps: receiving at least one access control privilege (privilege), wherein the access control privilege comprises at least one access control attribute and is associated with a wireless communication device; storing the access control privileges in a memory. Each access control privilege controls access to a plurality of services available on the wireless communication device. In this regard, access control privileges may apply to any and/or all services available on a wireless device. In addition to web services, the method may control access to local or web content and/or local or web applications. The method additionally includes receiving a request to access one of a plurality of services available on the wireless communication device, and controlling access to the service if it is determined that the at least one stored access control privilege applies to the access request. Controlling access to the service may include prohibiting access and/or restricting access according to the access control privileges.
The access control attribute defining the access control privilege may comprise a predetermined geographic location of the wireless communication device or a predetermined time period. Additionally, the access control attributes may include, but are not limited to, a predetermined service type, a predetermined content type, who receives communications from, and who sends communications to, such as a predetermined URL address, a predetermined short message service address, a predetermined mobile identification number, and any combination of the above attributes.
The access control privileges may be received and/or stored at a wireless communication device or network interface. If the access control privileges are received and/or stored at the wireless communication device, typically the user will provide input through a suitable user interface. If the access control privileges are received at a network interface, such as a server or the like, the user and/or a third party entity (e.g., a parent, employer, etc.) may provide the input over a network connection (e.g., the Internet, private network, etc.). In this case, the access control privileges may be stored at the network entity or transmitted to the wireless communication device for local storage. Additionally, the access control privileges may be received by pre-configuration at the device manufacturer and/or at the network service provider.
Access to the service may be controlled locally at the wireless communication device if the access control privileges are received at the wireless communication device and stored locally. However, in other aspects, access control privileges are typically received and/or stored at a network entity where access to services is controlled remotely.
A related aspect is defined by at least one processor configured to perform the following acts: receiving at least one access control privilege, wherein the access control privilege comprises at least one access control attribute and is associated with a wireless communication device; and storing the access control privilege in memory. Each access control privilege controls access to a plurality of services available on the wireless communication device. Additionally, the at least one processor is configured to perform the following acts: receiving a request for access to one of the plurality of services available on the wireless communication device; controlling access to the service if it is determined that at least one stored access control privilege applies to the access request.
Another related aspect is provided by a computer program product comprising a computer readable medium. The computer readable medium includes: a first set of codes causes a computer to receive at least one access control privilege comprising at least one access control attribute and associated with a wireless communication device. Each access control privilege controls access to a plurality of services available on the wireless communication device. The computer readable medium further comprises: a second set of codes for causing a computer to store the access control privileges in a memory; a third set of codes for causing a computer to receive a request to access one of the plurality of services available on the wireless communication device; a fourth set of codes for causing the computer to control access to the service if it is determined that at least one of the stored access control privileges is applicable to the access request.
Yet another related aspect is defined by a device, such as a wireless communication device or a network device. The apparatus comprises: means for receiving at least one access control privilege comprising at least one access control attribute and associated with a wireless communication device, wherein each access control privilege is to control access to a plurality of services available on the wireless communication device; means for storing the at least one access control attribute in a memory; means for receiving a request to access one of the plurality of services available on the wireless communication device; means for controlling access to the service if it is determined that at least one stored access control privilege applies to the access request.
The wireless communication device defines another aspect. The apparatus comprises: a computer platform comprising a processor and a memory. The device also includes an access control module stored in the memory and in communication with the processor. The access control module is configured to receive at least one access control privilege, store the at least one access control privilege in the memory, and control access to a plurality of services available on the wireless communication device if it is determined that the at least one stored access control privilege applies to an access request, wherein the access control privilege comprises at least one access control attribute, the access control privilege to control access to the services.
The wireless device may additionally include a location determination device, such as a GPS device or the like, in communication with the processor and for communicating device location information to the access control module. In these aspects, the access control module is further configured to determine access control to the one or more services based on content access privileges associated with the location information. Similarly, the wireless device may additionally include a clock device, wherein the clock device is in communication with the processor and is configured to communicate time information to the access control module. In these aspects, the access control module is further operable to determine access control to the one or more services based on content access privileges associated with the temporal information.
The wireless communication device may also include a user interface for receiving at least one access control privilege from a device user, or in other aspects, the access control module may be further configured to receive an access control privilege from the wireless network device, such as where the access control privilege is provided by a third party entity, such as a parent, employer, etc., a network service provider, or a device manufacturer.
The network device defines another aspect. The network device includes: a computer platform comprising a processor and a memory, and an access control privilege database stored in the memory and configured to receive one or more access control privileges associated with a predetermined wireless communication device. The network device also includes a communication module to communicate the access control privileges to at least one of the predetermined wireless communication device or the network device. The access control privilege database is also operable to receive one or more access control privileges from a predetermined wireless device user, a third party entity (e.g., a parent, employer, network service provider, etc.) in network communication with the network device. The network device is further configured to communicate the access control privileges to a predetermined wireless communication device or the network device is further configured to communicate the access control privileges to a network access control filter device. In another aspect, a network device may include a network access filter module to wirelessly receive an access service request from a wireless communication device and control access to the service if it is determined that one or more access control privileges are associated with the wireless communication device and the service request.
The network device defines another aspect. The network device includes: a computer platform comprising a processor and a memory. The network device additionally includes a network access filter module to wirelessly receive an access service request from a wireless communication device, determine whether an access control privilege is associated with the service, and control access to the service if it is determined that one or more access control privileges are associated with the service request. The network access filter module is also operable to communicate with the access control server to obtain any relevant access control privileges when determining whether the access control privileges are associated with the wireless communication device. Alternatively, the network device can include an access control attribute database that includes a list of access control privileges and associated wireless communication devices, and the network access filter module can be further configured to communicate with the access control attribute database to determine whether an access control privilege is associated with a wireless communication device.
Another aspect is provided by a system for controlling access to services on a wireless communication device. The system includes an access control server that includes an access control database for receiving access control privileges for controlling access to a plurality of services available on the wireless communication device. The system also includes a plurality of wireless communication devices including a computer platform including a processor and a memory. The wireless communication devices also include an access control module stored in the memory and in communication with the processor for wirelessly receiving one or more access control privileges from the access control server, storing the one or more access control privileges in the memory, determining whether the one or more stored access control privileges apply to an access attempt, and controlling access to a service if it is determined that the stored access control privileges apply to the access attempt.
Another aspect is provided by another wireless communication system for controlling access to a service on a wireless communication device. The system includes a plurality of wireless communication devices and a first network device. The first network device includes a computer platform including a processor and a memory, and a network access filtering module. The network access filtering module is configured to wirelessly receive access service requests from a plurality of wireless communication devices, determine whether an access control privilege is associated with the access requests and the wireless communication devices, and control access to the service if one or more access control privileges are determined to be associated with the wireless communication devices and the service requests.
The system further comprises: a second network device comprising a computer platform and an access control attribute database, wherein the computer platform comprises a processor and a memory, the access control attribute database being stored in the memory and being operable to receive one or more access control privileges associated with a predetermined wireless communication device. In these aspects, the first network device communicates with the second network device to determine whether an access control privilege is associated with the access request, wireless communication device. Additionally, the system includes a third network device comprising a computer platform including a processor and a memory, and a device location database stored in the memory and operable to receive device location information from the plurality of wireless communication devices. In these aspects, the third network device is to transmit the device location information to the first network device if one or more of the determined access control privileges relate to device location.
Accordingly, the present invention provides methods, devices, computer program products and systems for controlling access to services, including content and applications, on a wireless communication device. These aspects may be configured such that control of access to any and/or all services, content, and/or applications accessible on a wireless communication device may be provided through predefined access control privileges. In addition, these aspects provide for restricting or prohibiting access based on a variety of access control factors, such as content type, service type, device location, time, or any other device environmental characteristic. These methods, devices, systems, and computer program products for content access control may be executed on a wireless communication device or may be executed in a wireless network.
Drawings
The disclosed aspects are described below in conjunction with the appended drawings, which are meant to be exemplary and not limiting, and wherein like designations denote like elements, and in which:
FIG. 1 is a block diagram of a wireless device-based system for controlling access on a wireless communication device, in accordance with an aspect;
FIG. 2 is a block diagram of a network device based system for controlling access on a wireless communication device, in accordance with an aspect;
FIG. 3 is a block diagram of a wireless device for controlling access on a wireless communication device, in accordance with another aspect;
FIG. 4 is a block diagram of a network device for controlling access to a wireless communication device, in accordance with an aspect;
FIG. 5 is a block diagram of a network device for receiving and storing access control privileges, in accordance with another aspect;
FIG. 6 is a block diagram illustrating a methodology for controlling access in a wireless communication device, in particular inhibiting reception of communication calls based on location-based access control attributes, according to one aspect;
FIG. 7 is a block diagram illustrating a method for controlling access in a wireless communication device, in particular disabling a network server from transmitting data to the wireless communication device based on a location-based access control attribute, according to one aspect;
FIG. 8 is a block diagram illustrating a methodology for controlling access in a wireless communication device, in particular prohibiting initiation of a communication call based on a time-based access control attribute, in accordance with an aspect;
FIG. 9 is a block diagram illustrating a methodology for controlling access in a wireless communication device, in particular prohibiting access to a network server by the wireless device based on a location-based access control attribute, according to one aspect;
fig. 10 is a flow diagram of a method for controlling access on a wireless communication device, in accordance with another aspect.
Detailed Description
The apparatus, devices, methods, computer program products and processors of the present invention will now be described in more detail, with reference to the accompanying drawings, in which aspects of the invention are shown. These apparatus, devices, methods, computer program products and processors may, however, be embodied in many different forms and should not be construed as limited to the aspects set forth herein, but rather as provided to make the invention more thorough and complete and to fully convey the scope of the invention to those skilled in the art. Like numbers refer to like elements throughout.
Various aspects are described herein in connection with a wireless communication device. A wireless communication device can also be called a subscriber station, a subscriber unit, mobile station, mobile, remote station, access point, remote terminal, access terminal, user agent, user device, or user equipment. A subscriber station may be a cellular telephone, a cordless telephone, a Session Initiation Protocol (SIP) phone, a Wireless Local Loop (WLL) station, a Personal Digital Assistant (PDA), a handheld device having wireless connection capability, or other processing device connected to a wireless modem.
The present invention provides systems, methods, devices and computer program products for controlling access to services, content and/or applications on a wireless communication device. These aspects may be configured such that access control may be provided through predefined access control privileges that apply to any and/or all services, content, and/or applications accessible on the wireless communication device. In this regard, these aspects may provide access control at the device level with respect to the service or application level. In addition, these aspects limit or prohibit access based on a variety of access control factors, such as content type, service type, environmental attributes (such as device location), time, and the like. As discussed in detail below, the methods, devices, systems, and computer program products for content access control may be executed on a wireless communication device, in a wireless network, or in a combination of a wireless communication device and a network.
Referring to fig. 1, a block diagram of a system 10 for providing access control in a wireless communication device is depicted. In the aspect illustrated in fig. 1, the access control decision process is performed at the wireless communication device. As will be discussed with reference to fig. 2, further aspects provide for an access control decision process to be performed at a network device, such as an access control filtering device or the like. The system 10 depicted in fig. 1 includes a wireless communication device 12 and a network device 14 that communicate wirelessly 16 over a wireless network 18.
In some aspects, network device 14 provides an access control database 20 for receiving access control privileges 22 communicated from wireless communication devices 12 and/or communication devices 24 operated by third party entities/users 26. Access control privileges 22 are rules assigned to a wireless device to control access to services, content, and/or applications accessible to or present in the wireless device. Access control privileges 22 include one or more access control attributes 23 that define parameters of access control. Access control attributes 23 include, but are not limited to: who may receive communications from, to whom may send communications, the type of content, the type of service, the length of the communication (in units of time), environmental attributes (such as the geographic location of the wireless communication device), the time of day, the time of week, and so forth.
The third party entity/user 26 may be, for example, a wireless device user, a parent controlling device access, an employer controlling device access, a network service provider, a device manufacturer, or any other entity authorized to control access to the wireless communication device 12. The third party entity/user 26 may communicate the access control privileges 22 through any known communication device 24, such as a personal computer 28, laptop 30, wireless communication device 32, and the like. As such, the communication device 24 may be in wired 34 or wireless 16 communication with the network device 14. Communication device 24 may connect with network device 14 through conventional network interfaces such as internet-based websites, private web portals, and the like, where the interfaces are implemented to receive access control privileges 22 from communication device 24, store the privileges in database 20, and communicate the access control privileges to wireless communication device 12.
The wireless communication device 12 includes a communication module 38 associated with a computer platform 36, the computer platform 36 including a memory 40 and a processor 42. In some aspects, communication module 38 is configured to receive access control privileges 22 transmitted from network device 14 and internally transmit the privileges to memory 40. In other aspects, privileges 22 go directly to wireless device 12, as discussed below. Memory 40 includes an access control module 44 that includes access control filter logic 46 for determining whether one or more access control privileges 22 are applicable to access attempts associated with a service 48, content 50, and/or application 52. The access control privileges 22 may be used to disable or restrict access to the service 48, the content 50, and/or any application 52 in accordance with any pre-configured access control attributes 23. Access control privileges 22 may be configured to control access to more than one service 48 and, in some aspects, all services 48 available on the wireless communication device. In this regard, access control privileges 22 may be configured to control access to a plurality of content items 50 and/or a plurality of applications 52 located on wireless communication device 12 and/or accessible to wireless communication device 12, and in some aspects may control access to all of the content 50 and/or applications 52 located on wireless communication device 12 and/or accessible to wireless communication device 12.
Additionally, in some aspects, access control module 44 includes an access control user interface module 54 for providing an interface, such as a display interface or the like, for a wireless communication device user 56 that allows user 56 to view and/or configure access control privileges 22. Configuring access control privileges 22 may include, but is not limited to: the access control privileges are entered, modified, aborted, and/or activated. It should be noted that the access control privileges 22 may be preconfigured to allow the user to modify, suspend, etc., or some of the access control privileges 22 may be preconfigured so that the user is not authorized to modify the access control privileges. For example, if the access control privileges are configured by a third party entity, such as a parent or employer, the privileges may be configured such that user 56 is not authorized to make the modifications. Alternatively, if user 56 has configured the privilege, the privilege may be configured to allow modification, suspension, and the like. In addition, access control interface module 54 provides a user interface, such as a visual display, for notifying user 56, such as denying a service message, when the access control privileges 22 are executed to control access, such as when user 56 attempts to access service 48, content 50, or application 52. In addition to providing notification that access is prohibited or restricted, the user interface module 54 may enable the user to modify or temporarily suspend access control for the current access attempt.
The computer platform 36 of the wireless communication device 12 includes a processor 42 for providing processing capabilities to the communication module 36 and the access control module 44. In this regard, the processor 42 provides processing capability to cause the access control filter logic 46 to determine whether one or more access control privileges 22 apply to an access attempt. Processor 42 may additionally include a processing subsystem 58 for enabling the execution of the functions of communication device 12 and the operation of the communication device on wireless network 18. Processing subsystems 58 may include components for providing context and/or status information to access control module 44. For example, in some aspects, access control privileges 22 may include attributes 23 that provide location-based or time-based access control. In these aspects, the processing subsystem 58 includes a location determination subsystem 60, such as a Global Positioning System (GPS) subsystem or the like, for determining the geographic location of the device, and/or a clock subsystem 62 for determining the time at which the access attempt occurred. Additional subsystems (not shown) may also be included as needed to determine the environmental and/or status conditions required by the predefined access control attributes 22.
Fig. 2 provides a block diagram of a system 70 that depicts a system 70 for providing access control in a wireless communication device. In the example aspect of fig. 2, the access control decision process for network service access is performed at a network communication device, such as access filtering network device 72. In addition, the system provides control of wireless communication-based access to content and/or applications located on the wireless communication 12. System 70 includes wireless communication device 12, network device 14, and network device 72, which communicate wirelessly 16 over wireless network 18. In operation, a service access attempt is initiated by the wireless communication device 12, or another communication device (whether a wired device or a wireless device) attempts to initiate communication with the wireless communication device 12. The access attempt is intercepted by network device 72, and network device 72 acts as an access control filter to verify whether access control is enabled at wireless device 12 and checks with network device 14 to determine whether any access control privileges 22 apply to the access attempt. If it is determined that access control privileges 22 apply, network device 72 either prohibits or restricts the access according to the pre-configured access control attributes 23.
Network device 14 provides an access control database 20 for receiving access control privileges 22, as defined by access control attributes 23, the access control privileges 22 communicated from wireless communication device 12 and/or a communication device 24 operated by a third party entity/user 26. The third party entity/user 26 may be, for example, a wireless device user, a parent controlling device access, an employer controlling device access, a network service provider, a device manufacturer, or any other entity authorized to control access to the wireless communication device 12. The third party entity/user 26 communicates the access control privileges 22 through any known communication device 24, such as a personal computer 28, laptop 30, wireless communication device 32, etc. As such, the communication device 24 may be in wired 34 or wireless 16 communication with the network device 14. Communication device 24 may connect with network device 14 through a conventional network interface, such as an internet-based website, private web portal, or the like, that is implemented to receive access control privileges 22 from communication device 24, store the privileges in database 20, and communicate the access control privileges to wireless communication device 12.
Network device 72 is configured to determine whether access control privileges 22 are applicable to access attempts made by wireless communication devices, such as wireless communication device 12. As such, network device 12 includes a communication module 76 and a computing platform 74, with computing platform 74 including a memory 78 and a processor 80. Communication module 76 is operable to request and receive access control privileges 22 communicated from network device 14, to receive access requests from wireless communication devices, such as wireless communication device 12, and to notify the wireless communication device whether access has been denied or restricted based on the access control privileges. The memory 78 includes an access control module 82, the access control module 82 including access control filter logic 84. Access control filter logic 84 is used to intercept access attempts and determine whether one or more access control privileges 22 apply to the access attempts. The access control privileges 22 may be used to disable or restrict access to network services in accordance with any pre-configured access control attributes. Control attributes 23 may include, but are not limited to: who receives communications from, who sends communications to, the type of content, the type of service, the length of the communication (in time), environmental attributes (e.g., geographic location of the wireless communication device), the time of day, the time of week, and so forth. Access control privileges 22 may be configured such that they may control access to more than one service 24, and in some aspects, all services 48 available on the wireless communication device.
Additionally, computing platform 74 of network device 72 includes a processor 80 for providing processing power to communication module 76 and access control module 78. In this regard, the processor 80 provides processing capability to cause the access control filter logic 84 to determine whether one or more access control privileges 22 apply to an access attempt. The processor 80 may additionally include a processing subsystem 800 that is specifically configured to perform the functions of the network device 72 and the operations of the network device on the wireless network 18. The processing subsystem 88 may include components for providing environmental or status information about the wireless device 12 to the access control module 82. For example, in some aspects, access control privileges 22 may include attributes 23 for providing location-based or time-based access control. In these aspects, processing subsystems 88 may include a location determination subsystem 90, such as a Global Positioning System (GPS) subsystem or the like, for determining the geographic location of wireless communication device 12, and/or a clock subsystem 92 for determining the time at which the access attempt occurred. Additional subsystems (not shown) may also be included as needed to determine the environmental and/or status conditions required by the predefined access control attributes 22.
It should be noted that although fig. 2 depicts the access control database 20 located in the network device 14 and the access control filter logic 84 located in the network device 72, in other aspects it is feasible to incorporate the access control attribute database 20 and the access control filter logic 84 into a single network device/entity.
The system 70 of fig. 2 also includes a wireless communication device 12 that includes a communication module 38 and a computing platform 36 that includes a memory 40 and a processor 42. The communication module 36 is used to initiate and receive service access attempts, as well as notifications from the network device 72 informing that service access has been denied or restricted based on access control privileges. Memory 40 includes an access control module 44, and access control module 44 includes an access control user interface module 54 for providing an interface, such as a display interface or the like, to a wireless communication device user 56 so that user 56 can view and/or configure access control privileges 22. Configuring the access control privileges may include, but is not limited to: the access control privileges are entered, modified, aborted, and/or activated. It should be noted that the access control privileges 22 may be preconfigured to allow the user to modify, suspend, etc., or some of the access control privileges 22 may be preconfigured so that the user is not authorized to modify the access control privileges. For example, if the access control privileges are configured by a third party entity, such as a parent or employer, the privileges may be configured such that user 56 is not authorized to make the modifications, but if the privileges have been configured by user 56, the privileges may be configured to allow the modifications, aborts, etc. In addition, access control interface module 54 provides a user interface, such as a visual display, that notifies user 56 when access control attributes are used to control access, such as when user 56 attempts to access service 48, content 50, or application 52. In addition to providing notification that access is prohibited or restricted, the user interface provides the user with a modification or temporary suspension of access control for the current access attempt.
In certain aspects, such as when the system 70 is limited to access control on network services, network content, and/or network applications, and no access control is provided for content and/or applications present on the wireless device, the access control filter logic 46 is limited to the network device 72. However, in aspects where the system additionally provides access control to content 50 and applications 52 located on the wireless device, in those aspects the access control module may additionally include access control filter logic 46 for determining whether the access control privileges 22 apply to attempts to access the locally stored content 50 and/or applications 52. Thus, in applications where the access control module includes access control filter logic 46, the logic 46 is operable to determine whether one or more access control privileges 22 apply to access attempts associated with content 50 and/or applications 52. Access control privileges 22 stored in memory 40 are received from user 56 through access control user interface module 54 or from network device 14 through communication module 38. The access control privileges 22 may be configured to prohibit or limit access to the content 50 and/or any application 52 in accordance with any pre-configured access control attribute. Control attributes include, but are not limited to: the type of content, the type of service, environmental attributes (e.g., geographic location of the wireless communication device), time of day, time of week, and the like. Access control privileges may be configured to control access to more than one content 50 item and/or more than one application 52, and in some aspects, to all content 50 and/or applications 52 located on wireless communication device 12 and/or accessible to wireless communication device 12.
The computer platform 36 of the wireless communication device 12 includes a processor 42 for providing processing capabilities to the communication module 36 and the access control module 44. In this regard, the processor 42 provides processing capability to allow the access control filter logic 46 to determine whether one or more access control privileges 22 apply to an access attempt. The processor 42 may additionally include a processing subsystem 58 for enabling the functions of the communication device 12 and the operation of the communication device on the wireless network 18. Processing subsystems 58 may include components for providing context and/or status information to access control module 44. For example, in some aspects, access control privileges 22 may include attributes 23 that provide location-based or time-based access control. In these aspects, the processing subsystem 58 includes a location determination subsystem 60, such as a Global Positioning System (GPS) subsystem or the like, for determining the geographic location of the device, and/or a clock subsystem 62 for determining the time at which the access attempt occurred. Additional subsystems (not shown) may also be included as needed to determine the environmental and/or status conditions required by the predefined access control attributes 22.
Referring to FIG. 3, a detailed block diagram of the wireless communication device 12 is depicted, according to one aspect. The wireless communication device 10 may comprise any type of computerized, communication device, such as a cellular telephone, a Personal Digital Assistant (PDA), a two-way text pager, a portable computer, or even a separate computer platform that has a wireless communication portal, and which may also be wired to a network or the internet. The wireless communication device may be a remote slave device or other device that does not have an end user but simply communicates data across the wireless network, such as remote sensors, diagnostic tools, data relays, and the like. The apparatus and methods of the present invention can thus be performed on any form of wireless communication device or wireless computer module, including a wireless communication portal, including without limitation, wireless modems, PCMCIA cards, access terminals, desktop computers, or any combination or sub-combination thereof.
The wireless communication device 12 includes a computer platform 36, which platform 36 is capable of transmitting data over a wireless network and receiving and executing routines and applications. Computer platform 36 includes memory 40, which memory 40 may include volatile and nonvolatile memory such as read-only and/or random-access memory (RAM and ROM), EPROM, EEPROM, flash cards, or any memory common to computer platforms. Further, memory 40 may include one or more flash memory cells, or may be any secondary or tertiary storage device, such as magnetic media, optical media, tape, or soft or hard disk.
Further, computer platform 36 also includes a processor 42, which may be an application specific integrated circuit ("ASIC"), or other chipset, processor, logic circuit, or other data processing device. The processor 42 or other processor such as ASIC may execute an application program interface ("API") layer 100, the layer 100 interfacing with any resident programs, such as the access control module 44 stored in the memory 40 of the wireless device 12. API 100 is typically a runtime environment executing on various wireless devices. One such operating Environment may be a wireless Binary operating Environment (Binary Runtime Environment for) developed by the general company of Google, san Diego, Calif) And (3) software. For example, other operating environments may be used to controlExecution of an application on a wireless computing device is controlled.
Processor 42 includes various processing subsystems 58 embodied in hardware, firmware, software, and combinations thereof, that enable performing functions of communication device 12 and operations of the communication device on a wireless network. For example, processing subsystems 58 allow for initiating and maintaining communications, and exchanging data, with other network devices. In aspects in which the communication device is defined as a cellular telephone, the communication processor 42 may additionally include a processing subsystem 58 or combination thereof, such as: voice, non-volatile memory, file system, transmit, receive, searcher, layer 1, layer 2, layer 3, master, remote program, cell phone, power management, digital signal processor, message, call manager, BluetoothSystem, basketLPOS, location engine, user interface, dormancy, data services, security, authentication, USIM/SIM, voice services, graphics, USB, multimedia such as MPEG, GPRS, etc. (for simplicity these are not separately depicted in fig. 2). For the disclosed aspects, processing subsystem 58 of processor 42 includes any subsystem components that interact with access control module 44, such as a position determination subsystem 60 and/or a clock subsystem 62.
The computer platform 36 additionally includes a communications module 38 implemented in hardware, firmware, software, and combinations thereof, to enable communication among the various components of the wireless communication device 12, as well as between the communication device 12 and the wireless network 18. In the depicted aspect, communication module 38 is capable of all corresponding communications between wireless communication device 12, network device 14, and network device 72. The communication module 68 may include the necessary hardware, firmware, software and/or combinations thereof for establishing a wireless network communication connection. In some aspects, the communication module may be used to receive the access control privileges 22 communicated from the network device and internally communicate the access control privileges 22 to the memory 40.
Memory 40 of computer platform 36 includes an access control module 44 operable to control access to services, content, and/or applications in accordance with pre-configured access control privileges 22. As previously described, in other aspects, access control may be determined and performed at a network device. Access control module 44 includes access control filter logic 46 for determining whether one or more access control privileges 22 apply to access attempts associated with service 48, content 50, and/or application 52. Access control privileges 22 may be configured to prohibit or restrict access to services 48, content 50, and/or any applications 52 in accordance with any pre-configured access control attributes that define access control privileges 22. Control attributes 23 include, but are not limited to: who may receive communications from, to whom may send communications, content type, service type, length of communication (in time), environmental attributes (such as geographic location of the wireless communication device), time of day, time of week, and so forth. Access control privileges 22 may be configured to control access to more than one service 48 and, in some aspects, all services 48 available on the wireless communication device. In this regard, the access control privileges may be configured such that they may control access to a plurality of content items 50 and/or applications 52 located on wireless communication device 12 and/or accessible to wireless communication device 12, and in some aspects, may control access to all of the content 50 and/or 52 located on wireless communication device 12 and/or accessible to wireless communication device 12. In some aspects where the access control privileges are not stored locally in memory 22, access control module 44 may be required to initiate wireless communications in order to retrieve the appropriate access control privileges from the network database.
In addition, the access control module 44 may include an access control user interface module 54, with the access control user interface module 54 including an access control settings user interface 102 and an access control notifications user interface 104. Access control settings interface 102 is used to provide a user interface, such as a display interface or the like, that enables a user to view and/or configure access control privileges 22. Configuring the access control privileges includes, but is not limited to: the access control privileges are entered, modified, aborted, and/or activated. It should be noted that the access control privileges 22 may be preconfigured to allow the user to modify, suspend, etc., or some of the access control privileges 22 may be preconfigured so that the user is not authorized to modify the access control privileges. Access control notification user interface 104 is used to provide a user interface, such as a visual display, for notifying a user when an access control attribute is implemented for controlling access, such as when a user attempts to access service 48, content 50, or application 52. In addition to providing notification that access is prohibited or restricted, the access control notification user interface 104 allows the user to modify or temporarily suspend access control for the current access attempt.
In addition, the wireless communication device 12 includes an input mechanism 106 and an output mechanism 108, wherein the input mechanism 106 is used to generate inputs for the communication device and the output mechanism 108 is used to generate information used by a user of the communication device. For example, the input mechanism 106 may include mechanisms such as keys or a keyboard, a mouse, a touch screen display, a microphone, and the like. In some aspects, the input mechanism 106 provides user input to interface with an application, such as the access control module 44 on a communication device. Also, for example, the output mechanism 108 may include a display, an audio speaker, a tactile feedback mechanism, and the like. In an example aspect, the output mechanism 108 may include a display for displaying an access control user interface.
Referring to fig. 4, in accordance with another aspect, a detailed block diagram of a network device 72 for determining and performing access control is shown. The network device 72 may include at least one of any type of hardware, server, personal computer, mini computer, mainframe computer, or any special purpose or general purpose computing device. Moreover, the modules and applications described herein as being executed on network device 72 or by network device 72 may all be executed on network device 72, or in other aspects, different servers or computer devices may cooperate to provide data to each other in a usable format, and/or to provide a separate layer of control in the data flow between communication device 12 and the modules and applications executed by network device 72.
The network device 72 includes a computer platform 74 that sends and receives data, and executes routines and applications over the wireless network 18. Computer platform 74 includes memory 78, which may include volatile and nonvolatile memory such as read-only and/or random-access memory (RAM and ROM), EPROM, EEPROM, flash cards, or any memory common to computer platforms. Further, memory 78 may include one or more flash memory cells, or may be any secondary or tertiary storage device, such as magnetic media, optical media, tape, or soft or hard disk.
Further, the computer platform 74 also includes a processor 80, which may be an application specific integrated circuit ("ASIC"), or other chipset, logic circuit, or other data processing device. Processor 80 includes various processing subsystems 98 embodied in hardware, firmware, software, and combinations thereof, that are capable of performing the functions of network device 72 and the operation of the network device on a wireless network. For example, processing subsystems 88 allow for initiating and maintaining communications, and exchanging data, with other network devices. For the disclosed aspects, processing subsystems 88 of processor 80 may include any subsystem components that interact with access control module 82, such as a location determination subsystem 90 and/or a clock subsystem 92.
The computer platform 74 also includes a communication module 76, implemented in hardware, firmware, software, and combinations thereof, that enables communication between the various components of the network device 72, as well as between the network device 72, the wireless communication device 12, and the network database device 14. The communication module 76 may include the necessary hardware, firmware, software and/or combinations thereof for establishing a wireless communication connection. Communication module 76 is used to receive an access attempt from a wireless device, such as wireless device 12, query the database for access control privileges associated with the access attempt, and notify the device of the attempted access if control is required.
The memory 78 of the network device 72 also includes an access control module 82 that includes access control filter logic 84. The access control filter logic 84 may include access control enable logic 110 and access control decision logic 112. The access control enabling logic 110 is used to determine whether access control of a wireless device attempting/receiving service access is enabled. The access control decision logic 112 is used to determine whether one or more access control privileges 22 apply to an access attempt. In this regard, the access control module 82 queries an access control database (whether a locally stored database or an external database) to determine whether the access attempt has an associated access control privilege 22. The access control privileges 22 may be configured in accordance with any pre-configured access control attribute 23 to prohibit or restrict access to network services, where the control attribute 23 defines the access control privileges 22. Control attributes may include, but are not limited to: who receives communications from, who sends communications to, content type, service type, environmental attributes (e.g., geographic location of the wireless communication device), time of day, time of week, and so forth. Access control privileges 22 may be configured such that they may control access to more than one service 24, and in some aspects, all services 48 available on the wireless communication device.
The access control module 82 of the network device 72 may additionally include an access control notification routine 114 for notifying the wireless communication when access is prohibited or limited. The notification 114 communicated to the wireless device 12 may be displayed to the user and may optionally be provided to the user for suspending and/or modifying the access control in order to disable the access control for this particular access attempt. It should be noted that access control may be suspended and/or modified only if access control privileges are preconfigured to allow such suspension and/or modification, typically at the discretion of the entity defining the access control privileges.
Referring to FIG. 5, in accordance with another aspect, a detailed block diagram of network device 14 for receiving and storing access control privileges 22 is shown. Network device 14 may include at least one of any type of hardware, server, personal computer, mini computer, mainframe computer, or any special purpose or general purpose computing device. Further, the modules and applications described herein as being executed on or by network device 14 may all be executed on network device 14, or in other aspects, different servers or computer devices may cooperate to provide data to each other in a usable format, and/or to provide a separate layer of control in the data flow between communication device 12 and the modules and applications executed by network device 14.
Network device 14 includes a computer platform 120 that sends and receives data, and executes routines and applications across wireless network 18. Computer platform 120 includes a database 20 that may include volatile and non-volatile memory, such as read-only and/or random-access memory (RAM and ROM), EPROM, EEPROM, flash cards, or any memory common to computer platforms. In addition, database 20 may include one or more flash memory cells, or may be any secondary or tertiary storage device, such as magnetic media, optical media, tape, or soft or hard disk. Further, computer platform 120 also includes a processor 122, which may be an application specific integrated circuit ("ASIC"), or other chipset, logic circuit, or other data processing device.
Computer platform 120 also includes a communication module 124 implemented in hardware, firmware, software, and combinations thereof, that enables communication between the various components of network device 14, as well as between network device 14, wireless communication device 12, and network filtering device 72. The communication module 124 may include the necessary hardware, firmware, software, and/or combinations thereof for establishing a wireless communication connection. Communication module 124 is operable to receive access control privileges from third party entity/user 26 and communicate the access control privileges to wireless communication device 12 and/or network filtering device 72.
Database 20 of network device 14 includes access control privileges 22, each having one or more associated access control attributes 23. Each privilege or group of privileges is associated with one wireless device user and/or wireless device. In the example aspect of FIG. 5, the first user 261With associated access control privileges 221A second user 262With associated access control privileges 222And an nth user 26nWith associated access control privileges 22nWhere n is a positive integer representing a given total number of users. The access control privileges 22 may prohibit or limit access to services, content and/or applications in accordance with any pre-configured access control attributes 23 that define the access control privileges 22. Control attributes 23 may include, but are not limited to: who receives communications from, who sends communications to, content type, service type, length of communication (in time), environmental attributes (e.g., geographic location of the wireless communication device), time of day, time of week, and so forth. Access control privileges 22 may be configured such that they may control access to a plurality of services, content, and/or applications, and in some aspects, to all services, content, and/or applications available on the wireless communication device.
Fig. 6-9 provide block diagrams that facilitate the description of various methods in which access control functions are performed at the network layer. In the aspect of fig. 6, a communication call access attempt is denied based on access control privileges that prohibit receiving access from a specified wireless device at a specified geographic location. At event 200, a third party entity/user (26) logs into a network service including an access control server (14) and designates a wireless device (12)1) Access control privileges are defined (22). The third party entity/user (26) may use any communication device to log in and define access control privileges (22), such as a PC (28), laptop (30), and/or wireless device (32). Thus, the communication device (2)8. 30, 32) and the access control server (14) may be wired or wireless. The defined access control privileges (22) include when the wireless device (12) is operating1) When in the designated position, the device (12) is disabled1) From a designated wireless device (12)2) Receiving the privileges of the call. For example, the defined access control privileges are at the device (12)1) Forbidding receiving from friends and equipment (12) when located at school2) The user of (2).
At event 202, the access control server (14) notifies the network filter device (72) of the designated wireless device (12)1) With access control functionality enabled. In some aspects, once the access control privileges (22) are defined and stored at the access control server (14), the notification may be communicated to the network filtering device (72), or the network filtering device (72), upon receiving an access attempt, may query the access control server (14) to ensure that the functionality is available at the time the access attempt is received.
At event 204, the wireless communication device (12)1) The location-based server (94) is periodically updated with the location information so that the network filtering device (72) can query the location-based server (94) to determine the wireless communication device (12)1) The position of (a).
At event 206, the wireless device (12)2) Attempting a call to a wireless communication device (12) over a wireless communication network1). At event 208, the call request is intercepted by the access control filter (72). At this point, the access control filter may check to authenticate the wireless device (12)1) Whether or not there is an access control function. As previously mentioned, this requires either verifying the capability in a local database or querying the access control server (14) to verify the capability.
At event 210, once verified as having the capability, the access control filter device (72) queries the access control server (14) to determine if one or more access control privileges (22) apply to the access attempt. In this particular example, a privilege is defined to disable wireless devicesIs prepared from (12)1) Slave wireless device (12) when in a designated location2) A call is received. At event 212, the access control filtering device (72) queries the location-based server (94) to determine the wireless device (12) based on the determined access control privileges (22)1) Current location, the access control privilege (22) being dependent on the wireless device (12)1) To control the wireless device (12)2) To access (c).
Once logic (84) in the access control filter device (72) determines the wireless device (12)1) Is located at a designated location where the wireless device (12) is disabled as defined by the access control attribute2) Communicate, then at event 214, the access attempt is denied and directed to the wireless device (12)1) A notification is sent to alert the user that the access has been denied and, optionally, to allow the user to disable or modify the access control.
At event 216, the wireless device (12)3) Attempting a call to a wireless communication device (12) over a wireless communication network1). At event 208, the access control filter (72) intercepts the call request and validates the access control capability (access control enable). Once verified as having the ability, at event 210, the access control filter device (72) queries the access control server (14) to determine if one or more access control privileges (22) apply to the access attempt. In this particular example, no access control privileges (22) are associated with the wireless device (12)3) And (4) correlating. Thus, at event 218, a wireless communication call request is allowed to pass to the wireless communication device (12)1)。
Referring to fig. 7, in accordance with one aspect, data service access attempts are denied based on access control privileges prohibiting access from being received from a specified wireless device located at a specified geographic location. At event 300, a third party entity/user (26) logs into a network service that includes an access control server (14) and defines access control privileges (22) for a given wireless device (12). The defined access control privileges (22) include privileges that prohibit access to the web server (330) when the device (12A) is in a specified location. For example, the defined access control privileges (22) may prohibit access to the network server/service (330) by the device (12) when it is located at school.
At event 302, the access control server (14) notifies the network filter device (72) that the designated wireless device (12) has an enabled access control function. At event 304, the wireless communication device (12) periodically updates the location-based server (94) with the location information so that the network filtering device (72) can query the location-based server (94) to determine the location of the wireless communication device (12).
At event 306, the network server (330) attempts to transmit data to the wireless communication device (12) over the wireless communication network. At event 308, the access control filter (72) intercepts the data communication. At this point, the access control filter may check to verify that the wireless device (12) has an enabled access control function. As previously mentioned, this requires either verifying the capability in a local database or querying the access control server (14) to verify the capability.
At event 310, once the capabilities are verified, the access control filter device (72) queries the access control server (14) to determine if one or more access control privileges (22) apply to the access attempt. In this particular example, a privilege is defined for inhibiting data reception from the network server/service (330) when the wireless device (12) is located at a specified location. At event 312, the access control filter device (72) queries the location-based server (94) to determine the current location of the wireless device (12) based on the determined access control privileges (22) to control access to the network server/service (330) based on the location of the wireless device (12).
Once logic (84) in the access control filter device (72) determines that the wireless device (12) is located at a specified location that prohibits receiving data from the network server (330) as defined by the access control attribute, at event 314, the access attempt is denied and a notification is sent to the wireless device (12) alerting the user that access has been denied and, optionally, allowing the user to deactivate the access control or modify the access control.
At event 316, the network server/service (332) attempts to transmit data to the wireless communication device (12) over the wireless communication network. At event 308, the access control filter (72) intercepts the data transmission and validates the access control capability. Once verified as having the ability, at event 310, the access control filter device (72) queries the access control server (14) to determine if one or more access control privileges (22) apply to the access attempt. In this particular example, no access control privileges (22) are associated with the web server/service (332). Thus, at event 318, data sent from the network server/service (332) is allowed to pass to the wireless communication device (12).
Referring to fig. 8, in accordance with another aspect, a communication call attempt is denied based on an access control privilege that prohibits receiving access from a specified wireless device at a specified time. At event 400, a third party entity/user (26) logs into a network service including an access control server (14) and defines a profile for a specified wireless device (12)1) Access control privileges (22). The third party entity/user (26) may use any communication device to log in and define access control privileges (22), such as a PC (28), laptop (30), and/or wireless device (32). The defined access control privileges (22) include an access control attribute for disabling the wireless device (12)1) From a given wireless device (12) at a given time2) A call is initiated. For example, the defined access control attribute may prohibit access from friends, devices (12) during normal school hours2) The user of (2). At event 402, the access control server (14) notifies the network filter device (72) of the designated wireless device (12)2) With access control functionality enabled.
At event 404, the wireless device (12)1) Attempting a call to a wireless communication device (12) over a wireless communication network2). At event 406, the call request is intercepted by the access control filter (72). In this regard, the access control filter may be checked to verify the wireless device (12)1) Whether or not to have access control enabledAnd (5) controlling functions. As previously mentioned, this requires either verifying the capability in a local database or querying the access control server (14) to verify the capability.
At event 408, once verified as having the capability, the access control filter device (72) queries the access control server (14) to determine if one or more access control privileges (22) apply to the access attempt. In this particular example, a privilege is defined for disabling the wireless device (12)1) At a given time to the wireless device (12)2) A call is initiated. At event 410, the access control filter device (72) queries the time server (96) or internal clock component to determine the current time based on the determined access control privileges (22) to control the wireless device (12) based on the current time1) To access (c).
Once logic (84) in the access control filter device (72) determines the wireless device (12)1) Attempting the call at a specified time, as defined by the access control attribute, inhibiting the call to the wireless device (12) at the specified time2) A call is initiated, and at event 412, the access attempt is denied and directed to the wireless device (12)1) A notification is sent to alert the user that the access has been denied and, optionally, to allow the user to disable or modify the access control.
At event 414, the wireless device (12)1) Attempting a call to a wireless communication device (12) over a wireless communication network3). At event 208, the access control filter (72) intercepts the call request and validates the access control capabilities. Once verified as having the ability, at event 210, the access control filter device (72) queries the access control server (14) to determine if one or more access control privileges (22) apply to the access attempt. In this particular example, no access control privileges (22) are associated with the wireless device (12)3) Related, or that the call is already outside any of the restrictions described in the access control privileges (22). Thus, at event 416, the wireless communication call request is allowed to pass to the wireless communication device (12)3)。
Referring to fig. 9, in accordance with another aspect, a web server access attempt is denied based on access control privileges for prohibiting access to the web server when the wireless device (12) is located at a specified location. At event 500, a third party entity/user (26) logs into a network service that includes an access control server (14) and defines access control privileges (22) for a given wireless device (12). The third party entity/user (26) may use any communication device, such as a PC (28), laptop (30), and/or wireless device (32), for logging in and defining the access control privileges (22). The defined access control privileges (22) include privileges that prohibit the wireless device (12) from accessing a specified network server (330) when the wireless device (12) is located at a specified location. For example, the defined access control privileges (22) may prohibit a wireless device (12) from accessing a web server (330) when the wireless device (12) is located at the employer's location.
At event 502, the access control server (14) notifies the network filter device (72) that the designated wireless device (12) has an enabled access control function. At event 504, the wireless communication device (12) periodically updates the location-based server (94) with the location information so that the network filtering device (72) can query the location-based server (94) to determine the location of the wireless communication device (12).
At event 506, the wireless device (12) attempts to access a network server (330) over the wireless communication network. At event 508, the access control filter (72) intercepts the call request. At this point, the access control filter may check to verify that the wireless device (12) has an enabled access control function. As previously mentioned, this requires either verifying the capability in a local database or querying the access control server (14) to verify the capability.
Once verified as having the ability, at event 510, the access control filter device (72) queries the access control server (14) to determine if one or more access control privileges (22) apply to the access attempt. In this particular example, a privilege is defined that prohibits the wireless device (12) from accessing the network server (330) when the device (12) is located at a specified location. At event 512, the access control filtering device (72) queries the location-based server (94) to determine the current location of the wireless device (12) based on the determined access control privileges (22) to control access of the wireless device (12) based on the current location.
Once logic (84) in the access control filter device (72) determines that the wireless device (12) is attempting to access the network server (330) at the specified time, as defined by the access control privileges (22), at event 514, the access attempt is denied and a notification is sent to the wireless device (12) to alert the user that the access has been denied and, optionally, to allow the user to disable the access control or modify the access control.
At event 516, the wireless device (12) attempts to access the network server (332) over the wireless communication network. At event 508, the access control filter (72) intercepts the call request and validates the access control capability. Once verified as having the ability, at event 510, the access control filter device (72) queries the access control server (14) to determine if one or more access control privileges (22) apply to the access attempt. In this particular example, no access control privileges (22) are associated with the web server (332), or the call is outside any location restrictions described in the access control privileges (22). Thus, at event 518, the access request to the web server (332) is allowed to pass.
Fig. 10 is a flow diagram of a method for controlling access on a wireless communication device, in accordance with an aspect. At event 600, one or more access control privileges, as defined by an access control attribute, are received for controlling access to a plurality of wireless network services available on the wireless device. For example, access control privileges may be received at an access-controlled wireless device through user interaction with a user interface that specifies defining and receiving access control privileges. Alternatively, access control privileges may be received at a network device, such as an access control database device accessible through an internet website, personal web portal, or the like. Receiving access control privileges at a network device allows authorized third party entities (such as parents, employers, etc.) to define access control characteristics and, thus, control access provided to a wireless device. In addition to controlling access to network services, the access control privileges can also control access to content and/or applications (e.g., graphics, text, audio and/or video game applications, etc.) present on the wireless device.
The access control privileges may control more than one service available to the wireless device and/or more than one content and application available on the wireless communication device, and in some aspects may control all services available to the wireless device and/or all content and applications available on the wireless communication device. Examples of access control attributes include, but are not limited to: the geographic location of the wireless communication device, the time, the type of service, the type of content, the length of the communication (in units of time), to whom communications or data are sent or received, etc. Controlling to whom or from whom communications are sent may include, but is not limited to: a URL address, a Short Message Service (SMS) address, a Mobile Identification Number (MIN)/phone number, etc. defining control. Access control includes prohibiting access or restricting access according to defined access control privileges.
At event 610, the access control privileges are stored in memory. If the access control privileges are received at the wireless communication device, they are typically stored locally in the wireless communication device, but if the wireless device has limited storage capacity or backup storage is required, the access control privileges may be uploaded into the network device for storage purposes. Access control privileges, if received at the network device, are typically stored in a network device database. Additionally, if the access control function is wireless device based, the privileges may additionally be stored at the wireless device layer.
At event 620, access to the services available on the wireless communication device is attempted. Alternatively, access to content or applications available on the wireless device may also be attempted in those aspects that also provide access control to the content and applications on the wireless device. The access attempt includes attempting to initiate a communication call, attempting to access a network device (e.g., a network server or database), attempting to receive a communication call, or attempting to receive network data transmitted from a network device (e.g., a network server or database).
At event 630, based on the access attempt, a determination is made as to whether access control privileges apply to the access attempt. The determination may be made at the wireless device or at a network device, such as an access control filtering device or the like. The determination is accomplished by comparing the access attempt attributes to the access control privileges. The access attempt attributes may include the current location of the wireless device, the current time, the address of the party attempting to communicate to or from, and so on. If the determination is done at the wireless communication device, the device may query locally stored access control privileges to determine if access control privileges are available. If the determination is done at the network device, it is possible for the device to query an external access control database to determine if access control privileges are available.
At event 640, if it is determined that one or more access control privileges apply to the access attempt, then access is controlled according to the predefined access control attributes. Controlling access may involve prohibiting or restricting access, as defined by the control attribute. In addition, the wireless communication device user is notified that access has been controlled by providing visual notification to the user. If authorized, the user may be provided with the notification so that they can suspend or modify the access control.
The various illustrative logics, logical blocks, modules, and circuits described in connection with the embodiments disclosed herein may be implemented or performed with a general purpose processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA) or other programmable logic device, discrete gate or transistor logic, discrete hardware components, or any combination thereof designed to perform the functions described herein. A general-purpose processor may be a microprocessor, but in the alternative, the processor may be any conventional processor, controller, microcontroller, or state machine. A processor may also be implemented as a combination of computing devices, e.g., a combination of a DSP and a microprocessor, a plurality of microprocessors, one or more microprocessors in conjunction with a DSP core, or any other such configuration.
Furthermore, the steps and/or actions of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. A software module may reside in RAM memory, flash memory, ROM memory, EPROM memory, EEPROM memory, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art. An exemplary storage medium is coupled to the processor such the processor can read information from, and write information to, the storage medium. Of course, the storage medium may also be integral to the processor. In addition, in some aspects, the processor and the storage medium may reside in an ASIC. The ASIC may reside in a user terminal. Of course, the processor and the storage medium may reside as discrete components in a user terminal. Further, in some aspects, the steps and/or actions of a method or algorithm may be a combination or set of codes and/or instructions on a machine readable medium and/or computer readable medium, which may be integrated into a computer program product.
While the foregoing disclosure discusses illustrative aspects and/or embodiments, it should be noted that various changes and modifications could be made herein without departing from the scope of the aspects and/or embodiments as defined by the appended claims. Furthermore, although elements of the described embodiments may be described or claimed in the singular, the plural is contemplated unless limitation to the singular is explicitly stated. Moreover, all or a portion of any aspect and/or embodiment may be utilized with all or a portion of any other aspect and/or embodiment, unless stated otherwise.
Accordingly, the present invention provides methods, devices, systems and computer program products for controlling access to services, content, applications and the like on a wireless communication device. In one aspect, access control within a wireless communication device is provided such that there is unified access control on the device; access control is provided for more than one service and/or application accessible on a device and, in some instances, for all services and/or applications accessible on a device, and further aspects provide for limiting or prohibiting access based on a number of access control attributes, such as content type, service type, device location, time, or any other device environmental characteristic. Methods, devices, systems, and computer program products for content access control may be executed on a wireless communication device or in a wireless network.
Many modifications and other aspects of the invention will come to mind to one skilled in the art to which this invention pertains having the benefit of the teachings presented in the foregoing descriptions and the associated drawings. Therefore, it is to be understood that these aspects are not to be limited to the specific aspects disclosed and that modifications and other aspects are intended to be included within the scope of the appended claims. Although specific terms are employed herein, they are used in a generic and descriptive sense only and not for purposes of limitation. Accordingly, the disclosed aspects are intended to embrace all such alterations, modifications and variations that fall within the scope and spirit of the appended claims. Furthermore, to the extent that the term "includes" is used in either the detailed description or the claims, such term is intended to be inclusive in a manner similar to the term "comprising" as "comprising" is interpreted when employed as a transitional word in a claim.

Claims (53)

1. A method for controlling access on a wireless communication device, comprising the steps of:
receiving at least one access control privilege, the access control privilege comprising at least one access control attribute and being associated with a wireless communication device, wherein each access control privilege controls access to a plurality of services available on the wireless communication device;
storing the at least one access control privilege in a memory;
receiving a request for access to one of the plurality of services available on the wireless communication device;
controlling access to the service if it is determined that at least one stored access control privilege applies to the access request.
2. The method of claim 1, wherein receiving at least one access control privilege comprising at least one access control attribute further defines the access control attribute as a geographic location of the wireless communication device.
3. The method of claim 1, wherein receiving at least one access control privilege comprising at least one access control attribute further defines the access control attribute as a time period.
4. The method of claim 1, wherein receiving at least one access control privilege comprising at least one access control attribute further defines the access control attribute as selected from the group consisting of: who sent the communication to, from whom received the communication, the type of service, the type of content received from the service, environmental conditions, status conditions, and any combination of the above attributes.
5. The method of claim 1, wherein each access control privilege further controls access to a plurality of applications available on the wireless communication device.
6. The method of claim 1, wherein each access control privilege further controls access to a plurality of content available on the wireless communication device.
7. The method of claim 1, wherein receiving at least one access control privilege further comprises: at least one access control privilege is received at the wireless communication device.
8. The method of claim 1, wherein receiving at least one access control privilege further comprises: at least one access control privilege is received at a network interface.
9. The method of claim 1, wherein storing the at least one access control attribute in the memory further comprises: storing the at least one access control attribute in a memory in the wireless communication device.
10. The method of claim 1, wherein storing the at least one access control attribute in the memory further comprises: storing the at least one access control attribute in a network device memory.
11. The method of claim 1, further comprising the steps of:
enabling an access control function of the wireless communication device.
12. The method of claim 11, wherein enabling the access control function further comprises: notifying a network entity that the access control function is enabled for the wireless communication device.
13. The method of claim 11, further comprising the steps of:
before determining whether the at least one stored access control attribute applies to the access attempt, determining whether the access control function is enabled.
14. The method of claim 1, wherein controlling access to the service if it is determined that at least one stored access control privilege applies to an access request further comprises: determining, at the wireless communication device, whether at least one stored access control privilege applies to the access request.
15. The method of claim 1, wherein controlling access to the service if it is determined that at least one stored access control privilege applies to an access request further comprises: determining, at the network device, whether at least one stored access control privilege applies to the access request.
16. The method of claim 1, wherein the step of receiving at least one access control privilege further defines the receiving as selected from the group consisting of: user input, wireless device manufacturer input, and network service provider input.
17. The method of claim 1, wherein controlling access to the service further comprises: access to the service is prohibited.
18. The method of claim 1, wherein controlling access to the service further comprises: access to the service is restricted.
19. The method of claim 18, wherein the step of restricting access to the service further defines restricting access as selected from the group consisting of: limiting the time of access to the service, limiting the geographic location of access to the service, limiting the type of content accessed, limiting the type of network service accessed, limiting who to send communications to, and limiting who to receive communications from.
20. At least one processor configured to control access on a wireless communication device, comprising:
a first module for receiving at least one access control privilege, wherein the at least one access control privilege comprises at least one access control attribute and is associated with a wireless communication device, wherein each access control privilege controls access to a plurality of services available on the wireless communication device;
a second module to store the at least one access control privilege in memory;
a third module for receiving a request to access one of the plurality of services available on the wireless communication device;
a fourth module for controlling access to the service if it is determined that the at least one stored access control privilege applies to the access request.
21. A computer program product, comprising:
a computer-readable medium comprising:
a first set of codes for causing a computer to receive at least one access control privilege, wherein the at least one access control privilege comprises at least one access control attribute and is associated with a wireless communication device, wherein each access control privilege controls access to a plurality of services available on the wireless communication device;
a second set of codes for causing a computer to store the at least one access control privilege in a memory;
a third set of codes for causing a computer to receive a request to access one of the plurality of services available on the wireless communication device;
a fourth set of codes for causing a computer to control access to the service if it is determined that the at least one stored access control privilege applies to the access request.
22. An apparatus, comprising:
means for receiving at least one access control privilege, wherein the at least one access control privilege comprises at least one access control attribute and is associated with a wireless communication device, wherein each access control privilege controls access to a plurality of services available on the wireless communication device;
means for storing the at least one access control privilege in a memory;
means for receiving a request to access one of the plurality of services available on the wireless communication device;
means for controlling access to the service if it is determined that at least one stored access control privilege applies to the access request.
23. A wireless communication device, comprising:
a computer platform comprising a processor and a memory;
an access control module stored in the memory and in communication with the processor, the access control module to receive at least one access control privilege, store the at least one access control privilege in the memory, and control access to at least one service of a plurality of services available on the wireless communication device if it is determined that the at least one stored access control privilege applies to an access request, wherein the at least one access control privilege comprises at least one access control attribute, the privilege controlling access to the plurality of services.
24. The wireless communication device of claim 23, wherein the access control module is further to: the method includes receiving at least one access control privilege, storing the at least one access control privilege in the memory, and controlling access to at least one of a plurality of content available on the wireless communication device if it is determined that the at least one stored access control privilege applies to an access request, wherein the at least one access control privilege comprises at least one access control attribute, the privilege controlling access to the plurality of content.
25. The wireless communication device of claim 23, wherein the access control module is further to: the method includes receiving at least one access control privilege, storing the at least one access control privilege in the memory, and controlling access to at least one of a plurality of content available on the wireless communication device if it is determined that the at least one stored access control privilege applies to an access request, wherein the at least one access control privilege comprises at least one access control attribute, the privilege controlling access to the plurality of content.
26. The wireless communication device of claim 23, wherein the access control module further comprises: a user interface for receiving the at least one access control privilege.
27. The wireless communication device of claim 23, wherein the access control module is further to: receiving the at least one access control privilege from a wireless network device.
28. The wireless communication device of claim 23, wherein the access control attribute is selected from the group consisting of: who sent the communication to, from whom received the communication, the type of service, the type of content received from the service, environmental conditions, status conditions, and any combination of the above attributes.
29. The wireless communication device of claim 23, wherein the access control module is further to: the at least one access control attribute is received from at least one of a group consisting of a user, a wireless device manufacturer, and a network service provider.
30. The wireless communication device of claim 23, further comprising:
a location determining device in communication with the processor and configured to communicate device location information to the access control module, wherein the access control module is further configured to determine access control for at least one of the plurality of services based on at least one access control attribute associated with the location information.
31. The wireless communication device of claim 23, further comprising:
a clock device in communication with the processor and configured to communicate time information to the access control module, wherein the access control module is further configured to determine access control for at least one of the plurality of services based on at least one access control attribute associated with the time information.
32. The wireless communication device of claim 23, wherein the access control module to control access to the service is further to: access to at least one of the plurality of services is prohibited.
33. The wireless communication device of claim 23, wherein the access control module to control access to the service is further to: restricting access to at least one of the plurality of services.
34. The wireless communication device of claim 33, wherein the access control module for restricting access to the service further defines restricting access as being selected from the group consisting of: limiting the time of access to the service, limiting the geographic location of access to the service, limiting the type of content accessed, limiting the type of network service accessed, limiting who to send communications to, and limiting who to receive communications from.
35. A network device, comprising:
a computer platform comprising a processor and a memory;
an access control privilege database stored in the memory and operable to receive one or more access control privileges associated with a predetermined wireless communication device;
a communication module to communicate an access control privilege to at least one of the predetermined wireless communication device or a network device for controlling access by the wireless device to at least one of a plurality of services.
36. The network device of claim 35, wherein the access control database is further configured to: receiving one or more access control privileges from a third party entity in network communication with the network device.
37. The network device of claim 35, wherein the access control database is further configured to: one or more access control privileges are received from a network service provider.
38. The network device of claim 35, further comprising:
a network access filter module to wirelessly receive a request from a wireless communication device for access to a service, determine whether one or more access control privileges in the database are associated with the wireless communication device and the request, and control access to the service if it is determined that one or more access control privileges are associated with the wireless communication device and the request.
39. A wireless network device, comprising:
a computer platform comprising a processor and a memory;
a communication module executed by the processor and configured to access one or more access control privileges;
a network access filter module stored in the memory and executed by the processor, wherein the network access filter is to wirelessly receive a request from a wireless communication device to access a service, determine whether the one or more access control privileges apply to the request, and control access to the service if it is determined that one or more access control privileges apply to the request.
40. The wireless network device of claim 39, wherein the communication module executed by the processor to access one or more access control privileges is further to: communicate with an access control server to obtain any access control privileges applicable to the request.
41. The wireless network device of claim 39, further comprising:
an access control attribute database comprising a list of access control privileges associated with at least one of a wireless communication device or a user.
42. The wireless network device of claim 41, wherein the communication module executed by the processor to access one or more access control privileges is further to: communicating with the access control attribute database to obtain any access control privileges applicable to the request.
43. The wireless network device of claim 39, wherein the network access filter module is further to: verifying that the wireless communication device is enabled for access control.
44. The wireless network device of claim 39, wherein the network access filter module to control access to the service is further to: access to the service is prohibited if it is determined that one or more access control privileges apply to the request.
45. The wireless network device of claim 39, wherein the network access filter module to control access to the service is further to: access to the service is restricted if it is determined that one or more access control privileges apply to the request.
46. A wireless communication system for controlling access to services on a wireless communication device, comprising:
an access control server comprising an access control privilege database, wherein the access control privilege database is configured to receive one or more access control privileges associated with a predetermined wireless communication device;
a plurality of wireless communication devices comprising a computer platform and an access control module, wherein the computer platform comprises a processor and a memory, the access control module stored in the memory and in communication with the processor, the access control module to wirelessly receive one or more access control privileges from the access control server, store the one or more access control privileges in the memory, and control access to a service if it is determined that the stored access control privileges apply to an access request.
47. The system of claim 46, wherein the access control database is further operable to: receiving the one or more access control privileges from a wireless device user in network communication with the network device.
48. The system of claim 46, wherein the access control database is further operable to: one or more access control privileges are received from a third party entity.
49. A wireless communication system for controlling access to services on a wireless communication device, comprising:
a plurality of wireless communication devices;
a first network device comprising a computer platform and a network access filter module, wherein the computer platform comprises a processor and a memory, the network access filter module to wirelessly receive a request to access a service from one of the plurality of wireless communication devices, determine whether one or more access control privileges are associated with the request, and control access to the service if it is determined that one or more access control privileges are associated with the request.
50. The system of claim 49, further comprising:
a second network device comprising a computer platform and an access control attribute database, wherein the computer platform comprises a processor and a memory, the access control attribute database being stored in the memory and being operable to receive one or more access control privileges associated with a predetermined wireless communication device.
51. The system of claim 50, wherein the first network device communicates with the second network device to determine whether an access control privilege is associated with the request.
52. The system of claim 49, further comprising:
a third network device comprising a computer platform and a device location database, wherein the computer platform comprises a processor and a memory, the device location database being stored in the memory and being used to receive device location information from the plurality of wireless communication devices.
53. The system of claim 52, wherein the third network device is to communicate the device location information to the first network device if one or more of the determined access control privileges relate to device location.
HK10106733.7A 2007-03-07 2008-03-07 Systems and methods for controlling service access on a wireless communication device HK1140071A (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
US11/683,343 2007-03-07

Publications (1)

Publication Number Publication Date
HK1140071A true HK1140071A (en) 2010-09-30

Family

ID=

Similar Documents

Publication Publication Date Title
TWI383637B (en) Systems and methods for controlling service access on a wireless communication device
CN103733597B (en) Web-based parental controls for wireless devices
JP5043431B2 (en) Parental control of mobile phones
CN103650466B (en) The intelligent head of a family for wireless device controls
JP6014670B2 (en) Controlling text messages on mobile devices
US9049305B2 (en) Granular control system
US9113299B2 (en) Method and apparatus for automatic mobile endpoint device configuration management based on user status or activity
HK1140071A (en) Systems and methods for controlling service access on a wireless communication device