[go: up one dir, main page]

WO2022000445A1 - Methods and apparatuses for secure device sharing - Google Patents

Methods and apparatuses for secure device sharing Download PDF

Info

Publication number
WO2022000445A1
WO2022000445A1 PCT/CN2020/100042 CN2020100042W WO2022000445A1 WO 2022000445 A1 WO2022000445 A1 WO 2022000445A1 CN 2020100042 W CN2020100042 W CN 2020100042W WO 2022000445 A1 WO2022000445 A1 WO 2022000445A1
Authority
WO
WIPO (PCT)
Prior art keywords
user
access configuration
another user
transmitting
services
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/CN2020/100042
Other languages
French (fr)
Inventor
Zhi Wang
Guannan YANG
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nokia Technologies Beijing Co Ltd
Nokia Technologies Oy
Original Assignee
Nokia Technologies Beijing Co Ltd
Nokia Technologies Oy
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nokia Technologies Beijing Co Ltd, Nokia Technologies Oy filed Critical Nokia Technologies Beijing Co Ltd
Priority to PCT/CN2020/100042 priority Critical patent/WO2022000445A1/en
Publication of WO2022000445A1 publication Critical patent/WO2022000445A1/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/104Grouping of entities

Definitions

  • Various example embodiments relate to methods and apparatuses for secure device sharing.
  • the Internet of Things is a network of physical objects, such as vehicles, machines, home appliances, and so on, which may connect and exchange data over the Internet.
  • a method comprising transmitting, at a first apparatus of a user and to a second apparatus, at least one of an access configuration for a third apparatus of the user and an indication of the access configuration, and receiving, at the first apparatus and from the second apparatus, information on usage of the third apparatus by another user at least partly according to the access configuration.
  • the access configuration may comprise at least one of an identity of the third apparatus, a description of the third apparatus, one or more services of the third apparatus allowed for the another user, one or more services of the third apparatus denied for the another user, charging rate for the one or more services of the third apparatus allowed for the another user, and one or more actions of the third apparatus in response to one or more access attempts to the third apparatus by the another user.
  • the method may further comprise transmitting, at the first apparatus and to the second apparatus, an authentication for granting the second apparatus permission to access data of the third apparatus.
  • the method may further comprise receiving, at the first apparatus and from the second apparatus, information on at last one of a status of the third apparatus, service usage, and charging.
  • the method may further comprise transmitting, at the first apparatus and to the second apparatus, an indication to stop sharing the third apparatus.
  • a method comprising receiving, at a first apparatus of a user and from a second apparatus, at least one of an access configuration for a third apparatus of another user and an indication of the access configuration, and transmitting, at the first apparatus and to the second apparatus, a request to book the third apparatus according to the access configuration.
  • the access configuration may comprise at least one of an identity of the third apparatus, a description of the third apparatus, one or more services of the third apparatus allowed for the user, one or more services of the third apparatus denied for the user, charging rate for the one or more services of the third apparatus allowed for the user, and one or more actions of the third apparatus in response to one or more access attempts to the third apparatus by the user.
  • the method may further comprise transmitting, at the first apparatus and to the third apparatus, a request for a service of the third apparatus.
  • the method may further comprise transmitting, at the first apparatus and to the second apparatus, information on usage of the third apparatus.
  • the method may further comprise receiving, at the first apparatus and from the second apparatus, information on at least one of a status of the third apparatus, service usage, and charging.
  • a method comprising receiving, at an apparatus of a user, a request from another user for a service of the apparatus, and performing the service in a case where the service is allowed for the another user in an access configuration for the apparatus.
  • the access configuration may comprise at least one of an identity of the apparatus, a description of the apparatus, one or more services of the apparatus allowed for the another user, one or more services of the apparatus denied for the another user, charging rate for the one or more services of the apparatus allowed for the another user, and one or more actions of the apparatus in response to one or more access attempts to the apparatus by the another user.
  • the method may further comprise storing the access configuration at the apparatus.
  • the method may further comprise determining, at the apparatus, whether the service is allowed for the another user in the access configuration.
  • the method may further comprise reporting information on usage of the apparatus.
  • a method comprising receiving, at a first apparatus and from a second apparatus of a user, at least one of an access configuration for a third apparatus of the user and an indication of the access configuration, transmitting, at the first apparatus, at least one of the access configuration and the indication to a fourth apparatus of another user, receiving, at the first apparatus and from the fourth apparatus, a request to book the third apparatus according to the access configuration, transmitting, at the first apparatus, the access configuration to at least one of the third apparatus and a fifth apparatus as a delegate apparatus of the third apparatus, and transmitting, at the first apparatus and to at least one of the second apparatus and the fourth apparatus, information on usage of the third apparatus by the another user at least partly according to the access configuration.
  • the access configuration may comprise at least one of an identity of the third apparatus, a description of the third apparatus, one or more services of the third apparatus allowed for the another user, one or more services of the third apparatus denied for the another user, charging rate for the one or more services of the third apparatus allowed for the another user, and one or more actions of the third apparatus in response to one or more access attempts to the third apparatus by the another user.
  • the method may further comprise receiving, at the first apparatus and from the second apparatus, an authentication for granting the first apparatus permission to access data of the third apparatus, and transmitting, at the first apparatus and to at least one of the third apparatus and the fifth apparatus, a request to monitor the third apparatus.
  • the method may further comprise determining, at the first apparatus, a status of the third apparatus, and transmitting, at the first apparatus and to at least one of the second apparatus and the fourth apparatus, information on the status of the third apparatus.
  • the method may further comprise receiving, at the first apparatus and from at least one of the third apparatus, the fourth apparatus, and the fourth apparatus, information on usage of the third apparatus.
  • a method comprising receiving, at a first apparatus and from a second apparatus, at least one of an access configuration for a third apparatus of a user and an indication of the access configuration, and acceptance of the access configuration by another user, receiving, at the first apparatus, a request from the another user for a service of the third apparatus, determining, at the first apparatus, whether the service is allowed for the another user in the access configuration, and transmitting, at the first apparatus, the request to the third apparatus.
  • the access configuration may comprise at least one of an identity of the third apparatus, a description of the third apparatus, one or more services of the third apparatus allowed for the another user, one or more services of the third apparatus denied for the another user, charging rate for the one or more services of the third apparatus allowed for the another user, and one or more actions of the third apparatus in response to one or more access attempts to the third apparatus by the another user.
  • the method may further comprise receiving, at the first apparatus and from the third apparatus, information on usage of the third apparatus, and reporting, at the first apparatus, the information to the second apparatus.
  • the method may further comprise receiving, at the first apparatus and from the second apparatus, a request to monitor the third apparatus, and verifying, at the first apparatus, whether the second apparatus is authorized by the user.
  • the method may further comprise determining, at the first apparatus, whether time assigned to the another user for using the third apparatus is ended, and transmitting, at the first apparatus and to the second apparatus, information on that the time assigned to the another user for using the third apparatus is ended.
  • an apparatus may comprise at least one processor and at least one memory comprising computer program code.
  • the at least one memory and the computer program code may be configured to, with the at least one processor, cause the apparatus as a first apparatus to perform transmitting, to a second apparatus, at least one of an access configuration for a third apparatus of the user and an indication of the access configuration, and receiving, from the second apparatus, information on usage of the third apparatus by another user at least partly according to the access configuration.
  • the access configuration may comprise at least one of an identity of the third apparatus, a description of the third apparatus, one or more services of the third apparatus allowed for the another user, one or more services of the third apparatus denied for the another user, charging rate for the one or more services of the third apparatus allowed for the another user, and one or more actions of the third apparatus in response to one or more access attempts to the third apparatus by the another user.
  • the at least one memory and the computer program code may be further configured to, with the at least one processor, cause the apparatus to perform transmitting, to the second apparatus, an authentication for granting the second apparatus permission to access data of the third apparatus.
  • the at least one memory and the computer program code may be further configured to, with the at least one processor, cause the apparatus to perform receiving, from the second apparatus, information on at last one of a status of the third apparatus, service usage, and charging.
  • the at least one memory and the computer program code may be further configured to, with the at least one processor, cause the apparatus to perform transmitting, to the second apparatus, an indication to stop sharing the third apparatus.
  • an apparatus may comprise at least one processor and at least one memory comprising computer program code.
  • the at least one memory and the computer program code may be configured to, with the at least one processor, cause the apparatus as a first apparatus to perform receiving, from a second apparatus, at least one of an access configuration for a third apparatus of another user and an indication of the access configuration, and transmitting, to the second apparatus, a request to book the third apparatus according to the access configuration.
  • the access configuration may comprise at least one of an identity of the third apparatus, a description of the third apparatus, one or more services of the third apparatus allowed for the user, one or more services of the third apparatus denied for the user, charging rate for the one or more services of the third apparatus allowed for the user, and one or more actions of the third apparatus in response to one or more access attempts to the third apparatus by the user.
  • the at least one memory and the computer program code may be further configured to, with the at least one processor, cause the apparatus to perform transmitting, to the third apparatus, a request for a service of the third apparatus.
  • the at least one memory and the computer program code may be further configured to, with the at least one processor, cause the apparatus to perform transmitting, to the second apparatus, information on usage of the third apparatus.
  • the at least one memory and the computer program code may be further configured to, with the at least one processor, cause the apparatus to perform receiving, from the second apparatus, information on at least one of a status of the third apparatus, service usage, and charging.
  • an apparatus may comprise at least one processor and at least one memory comprising computer program code.
  • the at least one memory and the computer program code may be configured to, with the at least one processor, cause the apparatus of a user to perform receiving a request from another user for a service of the apparatus, and performing the service in a case where the service is allowed for the another user in an access configuration for the apparatus.
  • the access configuration may comprise at least one of an identity of the apparatus, a description of the apparatus, one or more services of the apparatus allowed for the another user, one or more services of the apparatus denied for the another user, charging rate for the one or more services of the apparatus allowed for the another user, and one or more actions of the apparatus in response to one or more access attempts to the apparatus by the another user.
  • the at least one memory and the computer program code may be further configured to, with the at least one processor, cause the apparatus to perform storing the access configuration at the apparatus.
  • the at least one memory and the computer program code may be further configured to, with the at least one processor, cause the apparatus to perform determining, at the apparatus, whether the service is allowed for the another user in the access configuration.
  • the at least one memory and the computer program code may be further configured to, with the at least one processor, cause the apparatus to perform reporting information on usage of the apparatus.
  • an apparatus may comprise at least one processor and at least one memory comprising computer program code.
  • the at least one memory and the computer program code may be configured to, with the at least one processor, cause the apparatus as a first apparatus to perform receiving, from a second apparatus of a user, at least one of an access configuration for a third apparatus of the user and an indication of the access configuration, transmitting at least one of the access configuration and the indication to a fourth apparatus of another user, receiving, from the fourth apparatus, a request to book the third apparatus according to the access configuration, transmitting the access configuration to at least one of the third apparatus and a fifth apparatus as a delegate apparatus of the third apparatus, and transmitting, to at least one of the second apparatus and the fourth apparatus, information on usage of the third apparatus by the another user at least partly according to the access configuration.
  • the access configuration may comprise at least one of an identity of the third apparatus, a description of the third apparatus, one or more services of the third apparatus allowed for the another user, one or more services of the third apparatus denied for the another user, charging rate for the one or more services of the third apparatus allowed for the another user, and one or more actions of the third apparatus in response to one or more access attempts to the third apparatus by the another user.
  • the at least one memory and the computer program code may be further configured to, with the at least one processor, cause the apparatus to perform receiving, from the second apparatus, an authentication for granting the first apparatus permission to access data of the third apparatus, and transmitting, to at least one of the third apparatus and the fifth apparatus, a request to monitor the third apparatus.
  • the at least one memory and the computer program code may be further configured to, with the at least one processor, cause the apparatus to perform determining a status of the third apparatus, and transmitting, to at least one of the second apparatus and the fourth apparatus, information on the status of the third apparatus.
  • the at least one memory and the computer program code may be further configured to, with the at least one processor, cause the apparatus to perform receiving, from at least one of the third apparatus, the fourth apparatus, and the fourth apparatus, information on usage of the third apparatus.
  • an apparatus may comprise at least one processor and at least one memory including computer program code.
  • the at least one memory and the computer program code may be configured to, with the at least one processor, cause the apparatus as a first apparatus to perform receiving, from a second apparatus, at least one of an access configuration for a third apparatus of a user and an indication of the access configuration, and acceptance of the access configuration by another user, receiving a request from the another user for a service of the third apparatus, determining whether the service is allowed for the another user in the access configuration, and transmitting the request to the third apparatus.
  • the access configuration may comprise at least one of an identity of the third apparatus, a description of the third apparatus, one or more services of the third apparatus allowed for the another user, one or more services of the third apparatus denied for the another user, charging rate for the one or more services of the third apparatus allowed for the another user, and one or more actions of the third apparatus in response to one or more access attempts to the third apparatus by the another user.
  • the at least one memory and the computer program code may be further configured to, with the at least one processor, cause the apparatus to perform receiving, from the third apparatus, information on usage of the third apparatus, and reporting the information to the second apparatus.
  • the at least one memory and the computer program code may be further configured to, with the at least one processor, cause the apparatus to perform receiving, from the second apparatus, a request to monitor the third apparatus, and verifying whether the second apparatus is authorized by the user.
  • the at least one memory and the computer program code may be further configured to, with the at least one processor, cause the apparatus to perform determining whether time assigned to the another user for using the third apparatus is ended, and transmitting, to the second apparatus, information on that the time assigned to the another user for using the third apparatus is ended.
  • an apparatus may comprise means for transmitting, at the apparatus as a first apparatus of a user and to a second apparatus, at least one of an access configuration for a third apparatus of the user and an indication of the access configuration, and means for receiving, at the first apparatus and from the second apparatus, information on usage of the third apparatus by another user at least partly according to the access configuration.
  • the access configuration may comprise at least one of an identity of the third apparatus, a description of the third apparatus, one or more services of the third apparatus allowed for the another user, one or more services of the third apparatus denied for the another user, charging rate for the one or more services of the third apparatus allowed for the another user, and one or more actions of the third apparatus in response to one or more access attempts to the third apparatus by the another user.
  • the apparatus may further comprise means for transmitting, to the second apparatus, an authentication for granting the second apparatus permission to access data of the third apparatus.
  • the apparatus may further comprise means for receiving, from the second apparatus, information on at last one of a status of the third apparatus, service usage, and charging.
  • the apparatus may further comprise means for transmitting, to the second apparatus, an indication to stop sharing the third apparatus.
  • an apparatus may comprise means for receiving, at the apparatus as a first apparatus of a user and from a second apparatus, at least one of an access configuration for a third apparatus of another user and an indication of the access configuration, and means for transmitting, at the first apparatus and to the second apparatus, a request to book the third apparatus according to the access configuration.
  • the access configuration may comprise at least one of an identity of the third apparatus, a description of the third apparatus, one or more services of the third apparatus allowed for the user, one or more services of the third apparatus denied for the user, charging rate for the one or more services of the third apparatus allowed for the user, and one or more actions of the third apparatus in response to one or more access attempts to the third apparatus by the user.
  • the apparatus may further comprise means for transmitting, to the third apparatus, a request for a service of the third apparatus.
  • the apparatus may further comprise means for transmitting, to the second apparatus, information on usage of the third apparatus.
  • the apparatus may further comprise means for receiving, from the second apparatus, information on at least one of a status of the third apparatus, service usage, and charging.
  • an apparatus may comprise means for receiving, at the apparatus of a user, a request from another user for a service of the apparatus, and means for performing the service in a case where the service is allowed for the another user in an access configuration for the apparatus.
  • the access configuration may comprise at least one of an identity of the apparatus, a description of the apparatus, one or more services of the apparatus allowed for the another user, one or more services of the apparatus denied for the another user, charging rate for the one or more services of the apparatus allowed for the another user, and one or more actions of the apparatus in response to one or more access attempts to the apparatus by the another user.
  • the apparatus may further comprise means for storing the access configuration at the apparatus.
  • the apparatus may further comprise means for determining whether the service is allowed for the another user in the access configuration.
  • the apparatus may further comprise means for reporting information on usage of the apparatus.
  • an apparatus may comprise means for receiving, at the apparatus as a first apparatus and from a second apparatus of a user, at least one of an access configuration for a third apparatus of the user and an indication of the access configuration, means for transmitting, at the first apparatus, at least one of the access configuration and the indication to a fourth apparatus of another user, means for receiving, at the first apparatus and from the fourth apparatus, a request to book the third apparatus according to the access configuration, means for transmitting, at the first apparatus, the access configuration to at least one of the third apparatus and a fifth apparatus as a delegate apparatus of the third apparatus, and means for transmitting, at the first apparatus and to at least one of the second apparatus and the fourth apparatus, information on usage of the third apparatus by the another user at least partly according to the access configuration.
  • the access configuration may comprise at least one of an identity of the third apparatus, a description of the third apparatus, one or more services of the third apparatus allowed for the another user, one or more services of the third apparatus denied for the another user, charging rate for the one or more services of the third apparatus allowed for the another user, and one or more actions of the third apparatus in response to one or more access attempts to the third apparatus by the another user.
  • the apparatus may further comprise means for receiving, from the second apparatus, an authentication for granting the first apparatus permission to access data of the third apparatus, and means for transmitting, to at least one of the third apparatus and the fifth apparatus, a request to monitor the third apparatus.
  • the apparatus may further comprise determining a status of the third apparatus, and means for transmitting, to at least one of the second apparatus and the fourth apparatus, information on the status of the third apparatus.
  • the apparatus may further comprise means for receiving, from at least one of the third apparatus, the fourth apparatus, and the fourth apparatus, information on usage of the third apparatus.
  • an apparatus may comprise means for receiving, at the apparatus as a first apparatus and from a second apparatus, at least one of an access configuration for a third apparatus of a user and an indication of the access configuration, and acceptance of the access configuration by another user, means for receiving, at the first apparatus, a request from the another user for a service of the third apparatus, means for determining, at the first apparatus, whether the service is allowed for the another user in the access configuration, and means for transmitting, at the first apparatus, the request to the third apparatus.
  • the access configuration may comprise at least one of an identity of the third apparatus, a description of the third apparatus, one or more services of the third apparatus allowed for the another user, one or more services of the third apparatus denied for the another user, charging rate for the one or more services of the third apparatus allowed for the another user, and one or more actions of the third apparatus in response to one or more access attempts to the third apparatus by the another user.
  • the apparatus may further comprise means for receiving, from the third apparatus, information on usage of the third apparatus, and means for reporting the information to the second apparatus.
  • the apparatus may further comprise means for receiving, from the second apparatus, a request to monitor the third apparatus, and means for verifying whether the second apparatus is authorized by the user.
  • the apparatus may further comprise means for determining whether time assigned to the another user for using the third apparatus is ended, and means for transmitting, to the second apparatus, information on that the time assigned to the another user for using the third apparatus is ended.
  • a computer readable medium may comprise instructions stored thereon for causing a first apparatus to perform transmitting, to a second apparatus, at least one of an access configuration for a third apparatus of the user and an indication of the access configuration, and receiving, from the second apparatus, information on usage of the third apparatus by another user at least partly according to the access configuration.
  • the access configuration may comprise at least one of an identity of the third apparatus, a description of the third apparatus, one or more services of the third apparatus allowed for the another user, one or more services of the third apparatus denied for the another user, charging rate for the one or more services of the third apparatus allowed for the another user, and one or more actions of the third apparatus in response to one or more access attempts to the third apparatus by the another user.
  • the instructions may further cause the first apparatus to perform transmitting, to the second apparatus, an authentication for granting the second apparatus permission to access data of the third apparatus.
  • the instructions may further cause the first apparatus to perform receiving, from the second apparatus, information on at last one of a status of the third apparatus, service usage, and charging.
  • the instructions may further cause the first apparatus to perform transmitting, to the second apparatus, an indication to stop sharing the third apparatus.
  • a computer readable medium may comprise instructions stored thereon for causing a first apparatus to perform receiving, from a second apparatus, at least one of an access configuration for a third apparatus of another user and an indication of the access configuration, and transmitting, to the second apparatus, a request to book the third apparatus according to the access configuration.
  • the access configuration may comprise at least one of an identity of the third apparatus, a description of the third apparatus, one or more services of the third apparatus allowed for the user, one or more services of the third apparatus denied for the user, charging rate for the one or more services of the third apparatus allowed for the user, and one or more actions of the third apparatus in response to one or more access attempts to the third apparatus by the user.
  • the instructions may further the first apparatus to perform transmitting, to the third apparatus, a request for a service of the third apparatus.
  • the instructions may further the first apparatus to perform transmitting, to the second apparatus, information on usage of the third apparatus.
  • the instructions may further the first apparatus to perform receiving, from the second apparatus, information on at least one of a status of the third apparatus, service usage, and charging.
  • a computer readable medium may comprise instructions stored thereon for causing apparatus of a user to perform receiving a request from another user for a service of the apparatus, and performing the service in a case where the service is allowed for the another user in an access configuration for the apparatus.
  • the access configuration may comprise at least one of an identity of the apparatus, a description of the apparatus, one or more services of the apparatus allowed for the another user, one or more services of the apparatus denied for the another user, charging rate for the one or more services of the apparatus allowed for the another user, and one or more actions of the apparatus in response to one or more access attempts to the apparatus by the another user.
  • the instructions may further the apparatus to perform storing the access configuration at the apparatus.
  • the instructions may further the apparatus to perform determining, at the apparatus, whether the service is allowed for the another user in the access configuration.
  • the instructions may further the apparatus to perform reporting information on usage of the apparatus.
  • a computer readable medium may comprise instructions stored thereon for causing a first apparatus to perform receiving, from a second apparatus of a user, at least one of an access configuration for a third apparatus of the user and an indication of the access configuration, transmitting at least one of the access configuration and the indication to a fourth apparatus of another user, receiving, from the fourth apparatus, a request to book the third apparatus according to the access configuration, transmitting the access configuration to at least one of the third apparatus and a fifth apparatus as a delegate apparatus of the third apparatus, and transmitting, to at least one of the second apparatus and the fourth apparatus, information on usage of the third apparatus by the another user at least partly according to the access configuration.
  • the access configuration may comprise at least one of an identity of the third apparatus, a description of the third apparatus, one or more services of the third apparatus allowed for the another user, one or more services of the third apparatus denied for the another user, charging rate for the one or more services of the third apparatus allowed for the another user, and one or more actions of the third apparatus in response to one or more access attempts to the third apparatus by the another user.
  • the instructions may further the first apparatus to perform receiving, from the second apparatus, an authentication for granting the first apparatus permission to access data of the third apparatus, and transmitting, to at least one of the third apparatus and the fifth apparatus, a request to monitor the third apparatus.
  • the instructions may further the first apparatus to perform determining a status of the third apparatus, and transmitting, to at least one of the second apparatus and the fourth apparatus, information on the status of the third apparatus.
  • the instructions may further the first apparatus to perform receiving, from at least one of the third apparatus, the fourth apparatus, and the fourth apparatus, information on usage of the third apparatus.
  • a computer readable medium may comprise instructions stored thereon for causing a first apparatus to perform receiving, from a second apparatus, at least one of an access configuration for a third apparatus of a user and an indication of the access configuration, and acceptance of the access configuration by another user, receiving a request from the another user for a service of the third apparatus, determining whether the service is allowed for the another user in the access configuration, and transmitting the request to the third apparatus.
  • the access configuration may comprise at least one of an identity of the third apparatus, a description of the third apparatus, one or more services of the third apparatus allowed for the another user, one or more services of the third apparatus denied for the another user, charging rate for the one or more services of the third apparatus allowed for the another user, and one or more actions of the third apparatus in response to one or more access attempts to the third apparatus by the another user.
  • the instructions may further the first apparatus to perform receiving, from the third apparatus, information on usage of the third apparatus, and reporting the information to the second apparatus.
  • the instructions may further the first apparatus to perform receiving, from the second apparatus, a request to monitor the third apparatus, and verifying whether the second apparatus is authorized by the user.
  • the instructions may further the first apparatus to perform determining whether time assigned to the another user for using the third apparatus is ended, and transmitting, to the second apparatus, information on that the time assigned to the another user for using the third apparatus is ended.
  • FIG. 1 illustrates an example device sharing in an embodiment.
  • FIG. 2 illustrates an example system for secure device sharing in an embodiment.
  • FIG. 3 illustrates an example of actions of the system for secure device sharing in an embodiment.
  • FIG. 4 illustrates an example method for secure device sharing in an embodiment.
  • FIG. 5 illustrates an example user interface in an embodiment.
  • FIG. 6 illustrates in an example apparatus for secure device sharing in an embodiment.
  • FIG. 7 illustrates an example apparatus for secure device sharing in an embodiment.
  • FIG. 8 illustrates an example method for secure device sharing in an embodiment.
  • FIG. 9 illustrates an example user interface in an embodiment.
  • FIG. 10 illustrates an example apparatus for secure device sharing in an embodiment.
  • FIG. 11 illustrates an example apparatus for secure device sharing in an embodiment.
  • FIG. 12 illustrates an example method for secure device sharing in an embodiment.
  • FIG. 13 illustrates an example apparatus for secure device sharing in an embodiment.
  • FIG. 14 illustrates an example apparatus for secure device sharing in an embodiment.
  • FIG. 15 illustrates an example apparatus for secure device sharing in an embodiment.
  • FIG. 16 illustrates an example method for secure device sharing in an embodiment.
  • FIG. 17 illustrates an example of the access configuration in an embodiment.
  • FIG. 18 illustrates an example apparatus for secure device sharing in an embodiment.
  • FIG. 19 illustrates an example apparatus for secure device sharing in an embodiment.
  • FIG. 20 illustrates an example of actions of the system for secure device sharing in an embodiment.
  • FIG. 21 illustrates an example of actions of the system for secure device sharing in an embodiment.
  • FIG. 22 illustrates an example of actions of the system for secure device sharing in an embodiment.
  • FIG. 23 illustrates an example method for secure device sharing in an embodiment.
  • FIG. 24 illustrates an example of actions of the system for secure device sharing in an embodiment.
  • FIG. 25 illustrates an example apparatus for secure device sharing in an embodiment.
  • FIG. 26 illustrates an example apparatus for secure device sharing in an embodiment.
  • FIG. 1 illustrates an example application scenario based on IoT in an embodiment, where a user 110 (also called as Owner herein) owns an IoT device 120 such as a vehicle, a drone, a home appliance, and so on, and another user 130 (also called as Renter herein) wants to use the IoT device 120 of the user 110.
  • the user 130 may request the user 110 to share the IoT device 120, and then may use the IoT device 120 after the user 110 agrees to share the IoT device 120.
  • such a procedure may be based on credential information exchange between the user 110 and the user 130, so that the user 130 may control or use the IoT device 120 based on a password or an access token provided by the user 110.
  • the user 130 holding the password or access token from the user 110 may have full control of the IoT device 120, which may lead to an unsecure sharing of the IoT device 120.
  • the IoT device 120 is a vehicle
  • the user 130 holding the password or access token from the user 110 may perform one or more services/functionalities which the user 110 does not expect to share, for example when the user 130 violates the agreement with the user 110.
  • FIG. 2 illustrates an example system 200 for secure device sharing in an example embodiment, where the example system 200 may include a user equipment (UE) 210 of the user 110 (also called as Owner UE or an apparatus 210 herein) , a UE 230 of the user 130 (also called as Renter UE or an apparatus 230 herein) , a server 220 (also called as an apparatus 220 herein) , a capability exposure network element 240 (also called as an apparatus 240 herein) , a data management network element 250 (also called as an apparatus 250 herein) , a mobility management network element 260 (also called as an apparatus 260 herein) , and the IoT device 120 (also called as an apparatus 120 herein) .
  • UE user equipment
  • the Owner UE 210 may be any suitable apparatus on which the user 110 may operate to perform one or more expected applications/functions, such as publishing and/or updating information on sharing the IoT device 120 and/or an indication to sharing the IoT device 120, receiving and showing information on usage and/or charging and/or status of the IoT device 120, controlling the IoT device 120, or the like, or may be at least a part of such apparatus.
  • the apparatus 210 may communicate (transmit and/or receive) information with one or more another apparatuses in the example system 200, such as the apparatuses 230, 220, 240, 120 and so on, in either wireless or wired manner, either directly or indirectly, based on any one or more suitable protocols, for example based on Long Term Evolution (LTE) system, New Radio (NR or 5G) system, or the like.
  • LTE Long Term Evolution
  • NR or 5G New Radio
  • the examples of the apparatus 210 may include, but are not limited to, a smart phone, a tablet computer, a desktop computer, and so on.
  • the Renter UE 230 may be any suitable apparatus on which the user 130 may operate to perform one or more expected applications/functions, such as searching and viewing information on sharing the IoT device 120, requesting to use the IoT device 120, receiving and showing information on usage and/or charging and/or status of the IoT device 120, requesting a service of the IoT device 120, or the like, or may be at least a part of such apparatus.
  • the apparatus 230 may also communicate (transmit and/or receive) information with one or more another apparatuses in the example system 200, such as the apparatuses 210, 220, 240, 120 and so on, in either wireless or wired manner, either directly or indirectly, based on any one or more suitable protocols, for example based on LTE system, NR system, or the like.
  • the examples of the apparatus 230 may include, but are not limited to, a smart phone, a tablet computer, a desktop computer, and so on.
  • the IoT device 120 may be any suitable apparatus owned by the user 110, which may be connected and/or accessed via IoT and may perform one or more expected applications/functions such as responding a service request, providing a requested service, or the like, or may be at least a part of such apparatus.
  • the IoT device 120 may include one or more 3rd Generation Partnership Project (3GPP) protocol entities, and may function as another UE of the user 110.
  • 3GPP 3rd Generation Partnership Project
  • the apparatus 120 may communicate (transmit and/or receive) information with one or more another apparatuses in the example system 200, such as the apparatuses 110, 240, 260, and so on, in either wireless or wired manner, either directly or indirectly, based on any one or more suitable protocols, for example based on LTE system, NR system, or the like.
  • the examples the IoT device 120 may include, but are not limited to, a vehicle, a drone, a home appliance, a smart phone, a computer, a server, and so on.
  • the server 220 (also called as the apparatus 220 herein) may be configured to communicate with one or more another apparatuses in the example system 200 such as the apparatuses 210, 230, 240, and so on, in either wireless or wired manner, either directly or indirectly, based on any one or more suitable protocols, for example based on LTE system, NR system, or the like, and to perform one or more expected functions such as accessing to one or more monitored/used services, evaluating the monitored/used services, evaluating one or more allowable services, or the like.
  • suitable protocols for example based on LTE system, NR system, or the like
  • the apparatus 220 may include or may be configured to provide one or more functions of an Application Server (AS) or a Services Capability Server (SCS) for example as defined in 3GPP Technical Standard (TS) 23.682.
  • AS Application Server
  • SCS Services Capability Server
  • the apparatus 220 may be at least a part of the AS and/or SCS.
  • the apparatus 220 may be implemented or configured in any suitable manners.
  • the apparatus 220 may include or provide a decentralized ledger system based on for example blockchain, IOTA, and so on, so that the incorruptibility of the decentralized ledger system may be utilized to achieve information immutability, reliability, auditability and so on.
  • the capability exposure network element 240 may be configured to communicate with one or more another apparatuses in the example system 200 such as the apparatuses 210, 220, 230, 250, 260, and so on, in either wireless or wired manner, either directly or indirectly, based on any one or more suitable protocols, for example based on LTE system, NR system, or the like, and to perform one or more expected functions such as configuring and/or communicating (transmitting and/or receiving) data.
  • the example system 200 may be implemented based on LTE system, and the apparatus 240 may include or may be configured to provide one or more functions of Service Capability Exposure Function (SCEF) network element.
  • SCEF Service Capability Exposure Function
  • the apparatus 240 may be at least a part of the SCEF network element.
  • the example system 200 may be implemented based on NR system, and the apparatus 240 may include or may be configured to provide one or more functions of Network Exposure Function (NEF) network element.
  • NEF Network Exposure Function
  • apparatus 240 may be at least a part of the NEF network element.
  • the data management network element 250 may be configured to communicate with one or more another apparatuses in the example system 200 such as the apparatuses 240, 260, and so on, in either wireless or wired manner, either directly or indirectly, based on any one or more suitable protocols, for example based on LTE system, NR system, or the like, and to perform one or more expected functions such as storing and maintaining user data, evaluating the usage and/or selection of services, providing provisioning capability to restrict the type of services, receiving events for example due to activities of the apparatuses 120 and 230, configuring and/or reporting the collected data and changes, and so on.
  • suitable protocols for example based on LTE system, NR system, or the like
  • the example system 200 may be implemented based on LTE system, and the apparatus 250 may include or may be configured to provide one or more functions of Home Subscriber Server (HSS) network element.
  • HSS Home Subscriber Server
  • the apparatus 250 may be at least a part of the HSS network element.
  • the example system 200 may be implemented based on NR system, and the apparatus 250 may include or may be configured to provide one or more functions of Unified Data Management (UDM) network element.
  • UDM Unified Data Management
  • the mobility management network element 260 may be configured to communicate with one or more another apparatuses in the example system 200 such as the apparatuses 240, 250, 120, and so on, in either wireless or wired manner, either directly or indirectly, based on any one or more suitable protocols, for example based on LTE system, NR system, or the like, and to perform one or more expected functions such as providing Non-Access Stratum (NAS) connectivity to the apparatuses 230 and 120, and so on.
  • the example system 200 may be implemented based on LTE system, and the apparatus 260 may include or may be configured to provide one or more functions of Mobility Management Entity (MME) network element, for example serving the IoT device 120.
  • MME Mobility Management Entity
  • the apparatus 260 may be at least a part of the MME network element.
  • the example system 200 may be implemented based on NR system, and the apparatus 260 may include or may be configured to provide one or more functions of Access and Mobility Management Function (AMF) network element, for example serving the IoT device 120.
  • AMF Access and Mobility Management Function
  • apparatus 260 may be at least a part of the AMF network element.
  • the user 110 when the user 110 offers the IoT device 120 for sharing (e.g. for rent) , the user 110 may operate on the apparatus 210 to transmit an access configuration for the IoT device 120 and/or an indication of the access configuration for the IoT device 120 to the apparatus 220.
  • the access configuration for the IoT device 120 may include, but is not limited to, one or more of an identity of the IoT device 120, a description of the IoT device 120, one or more services of the IoT device 120 allowed for one or more another users such as the user 130, one or more services of the IoT device 120 denied or restricted for one or more another users such as the user 130, charging rate for the one or more services of the IoT device 120 allowed for one or more another users such as the user 130, one or more actions of the IoT device 130 in response to one or more access attempts to the IoT device 120 by one or more another users such as the user 130, and so on.
  • the user 130 when the user 130 wants to use (for example, to rent) the IoT device 120 of the user 110, for example, the user 130 may operate on the apparatus 230 to obtain from the apparatus 220 the access configuration for the IoT device 120, and then to transmit to the apparatus 220 a request to book the IoT device 120.
  • the apparatus 220 may handle the booking request from the user 130.
  • the apparatus 220 may transmit the access configuration for the IoT 120, which has been confirmed by the user 130 via the apparatus 230, to the apparatus 250 and the apparatus 260 serving the IoT device 120.
  • the user 130 may request one or more services of the IoT device 120.
  • the user 130 may transmit the service request via the apparatus 230.
  • the user may also operate on the IoT device 120 (e.g. a controller such as a control panel of the IoT device 120) to request one or more services directly to the IoT device 120.
  • the apparatus 240 may determine whether the requested service is allowed for the user 130 in the access configuration for the IoT 120 which has been confirmed by the user 130. For example, if the request service is allowed, the service request may be transmitted to the IoT device 120, for example through collaboration among the apparatuses 240, 250 and 260.
  • the apparatus 230 may also transmit, to at least one of the apparatuses 210 and 230, information on the usage of the IoT device 120 by the user 130.
  • the example system 200 may also include one or more another apparatuses or network elements or network functions which are not illustrated in FIG. 2, such as Machine Type Communications-Interworking Function (MTC-IWF) as defined in 3GPP TS 23.682, for example.
  • MTC-IWF Machine Type Communications-Interworking Function
  • several apparatuses in the example system 200 may be combined; an apparatus in the example system 200 may also be implemented in several parts; one or more functions of an apparatus may be implemented in another apparatus or may be omitted; or the like.
  • communications among various apparatuses in the example system 200 may be real-time communications; any suitable communication technology may be adopted, such as Ultra-reliable and Low Latency Communications (URLLC) , Enhanced Mobile Broadband (eMMB) , and Massive Machine Type Communication (mMTC) ; the apparatuses 250 and 260 may be implemented as a part of the apparatus 240; in a case where the apparatus 220 is implemented based on a decentralized ledger system, a part of functions such as data storage and maintenance may be implemented in the apparatus 220; a part of functions of the apparatuses 240, 250 and 260 may be also implemented in the IoT device 120; the IoT device 120 may keep the access configuration and determine whether a service request is allowed by itself; or the like.
  • any suitable communication technology may be adopted, such as Ultra-reliable and Low Latency Communications (URLLC) , Enhanced Mobile Broadband (eMMB) , and Massive Machine Type Communication (mMTC) ; the apparatuses 250 and 260 may be implemented as a part
  • real-time communication to meet URLLC latency and reliability needs may be allowed or made selectable to renters, such as the user 130, who will rent the IoT device 120 (e.g. vehicle, semi-autonomous, autonomous vehicle, vehicle, drone, robot for controlling navigation, or the like) .
  • renters such as the user 130
  • the IoT device 120 e.g. vehicle, semi-autonomous, autonomous vehicle, vehicle, drone, robot for controlling navigation, or the like
  • FIG. 4 illustrates an example method 400 for secure device sharing in an embodiment, which may be performed in the apparatus 210 (the Owner UE) of the user 110.
  • the example method 400 may include a step 410 of transmitting, to the apparatus 220, at least one of an access configuration for the IoT device 120 of the user 110 and an indication of the access configuration, and a step 420 of receiving, from the apparatus 220, information on usage of the IoT device 120 by the user 130 at least partly according to the access configuration.
  • the access configuration for the IoT device 120 may include, but is not limited to, one or more of an identity of the IoT device 120, a description of the IoT device 120, one or more services of the IoT device 120 allowed for one or more another users such as the user 130, one or more services of the IoT device 120 denied or restricted for one or more another users such as the user 130, charging rate for the one or more services of the IoT device 120 allowed for one or more another users such as the user 130, one or more actions of the IoT device 130 in response to one or more access attempts to the IoT device 120 by one or more another users such as the user 130, and so on.
  • an Owner UE Application may be installed on the apparatus 210 (Owner UE) , and the user 110 may operate on the apparatus 210, for example by operating the Owner UE APP, to control the IoT device 120 based on any suitable protocols such as those defined in 3GPP TS 23.682.
  • FIG. 5 illustrates an example user interface (UI) 510 of the Owner UE APP running on the apparatus 210.
  • UI user interface
  • various options/information of the access configuration 520 for the IoT device 120, which the user 110 may confirm or fill in or update may be shown/listed on the example UI 510, such as “IoT Device ID” where the user 110 may fill or confirm or update an identity of the IoT device 120 (e.g. a string, a serial code, a quick response code, and so on, which may identify the IoT device 120, ownership information, and so on) , “IoT Device Info” where the user 110 may fill or confirm or update a description of the IoT device 120 (e.g.
  • Access Criteria where the user 110 may fill or confirm or update which service of the IoT device 120 is allowed/denied/restricted for another user such as the user 130
  • Access Rule where the user 110 may fill or confirm or update actions of the example system 200 for one or more access attempts of another user such as the user 130 on the IoT device 120 (e.g.
  • “Charging Rule” the user 110 may fill or confirm or update the charging rate for one or more services of the IoT device 120 requested by another user such as user 130 (e.g. the user 130 should pay $1 per minute for the time window between turning on and turning off the IoT device 120) , and so on.
  • the user 110 may press the button “Publish” on the example UI 510 to offer the IoT device 120 for sharing, so that the step 410 of the example method 400 may be performed in the apparatus 210 to transmit the access configuration for the IoT device 120 to the apparatus 220.
  • the user 110 may also press the button “Cancel” on the example UI 510 to cancel one or more actions/operations applied on the example UI 510, for example to cancel filling/confirming/updating the access configuration.
  • FIG. 5 is an example of the UI of the owner UE APP running on the apparatus 210.
  • one or more another options such as the address of the MTC-IWF or SCEF in operator network which is serving the communication of the IoT device 120, may be included in the access configuration and may be edited through the UI of the owner UE APP running on the apparatus 210; one or more another UI screens may be provided by the owner UE APP, and any suitable layout of comments may be applied to the UI of the owner UE APP; one or more another buttons such as a button for stopping sharing the IoT device 120 may be provided; one or more buttons in the example UI 510 such as “Cancel” may be removed from the example UI 510 or may be moved to another UI screen of the owner UE APP; or the like.
  • the user 110 may operate on the apparatus 210 to obtain the access configuration for the IoT device 120 from the apparatus 220, and to confirm or update the access configuration for the IoT device 120.
  • the changed part of the updated access configuration for the IoT device 120 may be transmitted from the apparatus 210 to the apparatus 220 differentially, so as to reduce the amount of data to be transferred.
  • an application may be deployed on network, for example on one or more of the apparatuses 220, 240, 250, and 260, which may configure or provide the access configuration for the IoT device 120 on behalf of the user 110.
  • an indication of the access configuration for the IoT device 120 may be transmitted from the apparatus 210 to the apparatus 220.
  • the apparatus 210 may perform the step 420 to receive, from the apparatus 220, information on usage of the IoT device 120 by the user 130.
  • information on usage of the IoT device 120 by the user 130 may include, but is not limited to, one or more of information on when and/or where the user 130 performs what actions and/or requests what services on/for the IoT device 120, information on the user 130 (e.g. an identity or credit of the user 130, and so on) , information on the real-time location of the IoT device 120, information on the real-time condition of the IoT device 120, and so on.
  • the owner UE APP running on the apparatus 210 may also provide a screen to show such information.
  • the actions of the user 130 on the IoT device 120 of the user 110 may be controlled and monitored, and thus the IoT device 120 of the user 110 may be shared securely to the user 130.
  • the example method 400 may also include receiving, from the apparatus 220, information on at least one of a status of the IoT device 120 (e.g. whether the IoT device 120 is being used by another user, whether the IoT device 120 is now ready for sharing, and so on) , service usage (e.g. remaining time window for the user 130 to use the IoT device 120, the service list user 130 requested, and so on) , charging (e.g. fees paid by the user 130 before or during or after using the IoT device 120) , and so on.
  • the example method 400 may further include transmitting, to the apparatus 220, an indication to stop or re-start sharing the IoT device 120, so that the user 110 may control whether and when to share the IoT device 120.
  • the example method 400 may also include transmitting, to the apparatus 220, an authentication for granting the apparatus 220 permission to access data of the IoT device 120.
  • such authentication may be transmitted in the step 410 together with the access configuration for the IoT device 120.
  • such authentication may be a token for the apparatus 220 which is associated with the access configuration for the IoT device 120, through which the apparatus 220 may be enabled to access information (e.g. monitoring or monitored data) of the IoT device 120. More details with respect to the authentication will be described later.
  • the communication between the apparatus 210 and one or more another apparatuses in the example system 200 may be real-time communication based at least partly on type of activity and/or service associated with IoT device 120.
  • communication associated with the apparatus 210 may also include communication towards or from one or more another apparatus in the example system 200 such as the apparatus 230 (the Renter UE) , for example by using URLLC.
  • an activity or action of the user 130 on the IoT device 120 may relate to one or more services of the IoT device 120.
  • the activity or action of the user 130 on the IoT device 120 may relate one or more location-based services, for example in a scenario of Augmented Reality (AR) or Virtual Reality (VR) .
  • AR Augmented Reality
  • VR Virtual Reality
  • FIG. 6 illustrates an example of the apparatus 210.
  • the apparatus 210 may include at least one processor 610 and at least one memory 620 that may include computer program code 630.
  • the at least one memory 620 and the computer program code 630 may be configured to, with the at least one processor 610, cause the apparatus 210 at least to perform at least the steps of the example method 400 described above.
  • the at least one processor 610 in the apparatus 210 may include, but is not limited to, at least one hardware processor, including at least one microprocessor such as a central processing unit (CPU) , a portion of at least one hardware processor, and any other suitable dedicated processor such as those developed based on for example Field Programmable Gate Array (FPGA) and Application Specific Integrated Circuit (ASIC) . Further, the at least one processor 610 may also include at least one other circuitry or element not shown in FIG. 6.
  • at least one hardware processor including at least one microprocessor such as a central processing unit (CPU) , a portion of at least one hardware processor, and any other suitable dedicated processor such as those developed based on for example Field Programmable Gate Array (FPGA) and Application Specific Integrated Circuit (ASIC) .
  • FPGA Field Programmable Gate Array
  • ASIC Application Specific Integrated Circuit
  • the at least one memory 620 in the apparatus 210 may include at least one storage medium in various forms, such as a volatile memory and/or a non-volatile memory.
  • the volatile memory may include, but not limited to, for example, a random-access memory (RAM) , a cache, and so on.
  • the non-volatile memory may include, but not limited to, for example, a read only memory (ROM) , a hard disk, a flash memory, and so on.
  • the at least memory 620 may include, but are not limited to, an electric, a magnetic, an optical, an electromagnetic, an infrared, or a semiconductor system, apparatus, or device or any combination of the above.
  • the apparatus 210 may also include at least one other circuitry, element, and interface, for example at least one I/O interface, at least one antenna element, and the like.
  • the apparatus 210 may also include a display circuit and a display panel configured to display the example UI 510 of the owner UE APP described above.
  • the circuitries, parts, elements, and interfaces in the example apparatus 210 including the at least one processor 610 and the at least one memory 620, may be coupled together via any suitable connections including, but are not limited to, buses, crossbars, wiring and/or wireless lines, in any suitable ways, for example electrically, magnetically, optically, electromagnetically, and the like.
  • FIG. 7 illustrates another example of the apparatus 210.
  • the apparatus 210 may include means 710 for performing the step 410 of the example method 400 and means 720 for performing the step 420 of the example method 400.
  • at least one I/O interface, at least one antenna element, and the like may also be included in the apparatus 210.
  • the apparatus 210 may further include one or more means for performing one or more additional steps in the example method 400.
  • examples of means 710 and 720 may include circuitries.
  • an example of means 710 may include a circuitry configured to perform the step 410 of the example method 400
  • an example of means 720 may include a circuitry configured to perform the step 420 of the example method 400.
  • examples of means may also include software modules and any other suitable function entities.
  • circuitry throughout this disclosure may refer to one or more or all of the following: (a) hardware-only circuit implementations (such as implementations in only analog and/or digital circuitry) ; (b) combinations of hardware circuits and software, such as (as applicable) (i) a combination of analog and/or digital hardware circuit (s) with software/firmware and (ii) any portions of hardware processor (s) with software (including digital signal processor (s) ) , software, and memory (ies) that work together to cause an apparatus, such as a mobile phone or server, to perform various functions) ; and (c) hardware circuit (s) and or processor (s) , such as a microprocessor (s) or a portion of a microprocessor (s) , that requires software (e.g., firmware) for operation, but the software may not be present when it is not needed for operation.
  • hardware-only circuit implementations such as implementations in only analog and/or digital circuitry
  • combinations of hardware circuits and software such as (as applicable) (i) a
  • circuitry also covers an implementation of merely a hardware circuit or processor (or multiple processors) or portion of a hardware circuit or processor and its (or their) accompanying software and/or firmware.
  • circuitry also covers, for example and if applicable to the claim element, a baseband integrated circuit or processor integrated circuit for a mobile device or a similar integrated circuit in server, a cellular network device, or other computing or network device.
  • FIG. 8 illustrates an example method 800 for secure device sharing in an embodiment, which may be performed in the apparatus 230 (the Renter UE) of the user 130.
  • the example method 800 may include a step 810 of receiving, from the apparatus 220, at least one of an access configuration for the IoT device 120 of the user 110 and an indication of the access configuration, and a step 820 of transmitting, to the apparatus 220, a request to book the IoT device 120 according to the access configuration.
  • the access configuration for the IoT device 120 may include, but is not limited to, one or more of an identity of the IoT device 120, a description of the IoT device 120, one or more services of the IoT device 120 allowed for one or more another users such as the user 130, one or more services of the IoT device 120 denied or restricted for one or more another users such as the user 130, charging rate for the one or more services of the IoT device 120 allowed for one or more another users such as the user 130, one or more actions of the IoT device 130 in response to one or more access attempts to the IoT device 120 by one or more another users such as the user 130, and so on.
  • a Renter UE APP may be installed on the apparatus 230 (Renter UE) , and the user 130 may operate on the apparatus 230, for example by operating the Renter UE APP, to search and check available IoT devices.
  • the Renter UE APP may be downloaded into or updated in the apparatus 230 (e.g. a s mart phone or the like) .
  • the Renter UE APP may provide tailored service for the user 130 to use the IoT device 120. For example, downloading or updating of the Renter UE APP may occur after the service is accepted. In an embodiment, the downloading or updating of the Renter UE APP may occur when the service time begins.
  • the Renter UE APP and/or its collected data may be uploaded for example to the apparatus 220 and/or the apparatus 250, or may be deleted or denied to be used to control the IoT device 120 in the apparatus 230.
  • FIG. 9 illustrates an example UI 910 of the Renter UE APP running on the apparatus 230.
  • the user 130 may use the apparatus 230 to obtain one or more IoT devices shared by other users, where the “IoT device #5” may correspond to the IoT device 120 or the user 110.
  • the apparatus 230 may perform the step 810 in response to a click of the user 130 on the link of the “IoT device #5” , so as to obtain the access configuration for IoT device 120.
  • the obtained access configuration for IoT device 120 may be displayed in another screen of the example UI 910 of the Renter UE APP.
  • the user 130 may click the button “Rent” on the example UI 910 so that the apparatus 230 may perform the step 820 of the example method 800 to book the IoT device 120.
  • the user 130 may also press the button “Cancel” on the example UI 910 to cancel one or more actions/operations applied on the example UI 910, for example to cancel renting IoT devices.
  • FIG. 9 is an example of the UI of the Renter UE APP running on the apparatus 230.
  • the Renter UE APP may also request the user 130 to upload information of identity or credit card, or request the user 130 to provide information on the purpose of using the IoT device 120 and/or an estimated time window for using the IoT device 120, or the like.
  • the user 130 may provide usage requirement via the apparatus 230, for example by inputting information on the usage requirement via the example UI 910 of the Renter UE APP. Then, the usage requirement may be formalized and transmitted from the apparatus 230 to the apparatus 220.
  • an application may be deployed on network, for example on one or more of the apparatuses 220, 240, 250, and 260, which may match the formalized usage requirement of the user 130 and access configurations of one or more IoT devices which have been offered for sharing/rent, for example based on any suitable technologies such as artificial intelligence (AI) technology.
  • AI artificial intelligence
  • the user 130 may request to use an IoT device which has been used before and corresponding access configuration has been cached locally in the apparatus 230. Then, in the step 810, an indication of the access configuration for the IoT device 120 may be received from the apparatus 230 to the apparatus 220.
  • the request to book the IoT device 120 which is transmitted in the step 920, may include one or more parameters such as an identity of the IoT device 120, time window of using the IoT device 120, one or more requested/expected services of the IoT device 120, and so on.
  • the actions of the user 130 on the IoT device 120 of the user 110 may be controlled and monitored, and thus the IoT device 120 of the user 110 may be shared securely to the user 130.
  • the user 130 may operate on the IoT device 120 after booking the IoT device 120.
  • the IoT device 120 is a vehicle
  • the user 130 may start the engine of the vehicle and control the vehicle through the steering wheel, joystick and/or control panel of the vehicle.
  • the user 130 may request service of the IoT device 120 via the apparatus 230.
  • the example method 900 may also include transmitting a request for one or more services of the IoT device 120, to the IoT device 120, for example via at least one of the apparatuses 240, 250, and 260 in the example system 200.
  • the example method 800 may also include transmitting, to the apparatus 220, information on usage of the IoT device 120.
  • the example method 800 may also include receiving, from the apparatus 220, one or more of a status of the IoT device 120 (e.g. whether the IoT device 120 is being used by another user, whether the IoT device 120 is now ready for sharing, and so on) , service usage (e.g. remaining time window for the user 130 to use the IoT device 120, and so on) , charging (e.g. fees paid by the user 130 before or during or after using the IoT device 120) , and so on.
  • a status of the IoT device 120 e.g. whether the IoT device 120 is being used by another user, whether the IoT device 120 is now ready for sharing, and so on
  • service usage e.g. remaining time window for the user 130 to use the IoT device 120, and so on
  • charging e.g. fees paid by the user 130 before or during or after using the Io
  • the communication between the apparatus 230 and one or more another apparatuses in the example system 200 such as the apparatus 210, 240, and so on may be real-time communication based at least partly on type of activity and/or service associated with IoT device 120.
  • an activity or action of the user 130 on the IoT device 120 may relate to one or more services of the IoT device 120.
  • the activity or action of the user 130 on the IoT device 120 may relate one or more location-based services, for example in a scenario of AR or VR.
  • FIG. 10 illustrates an example of the apparatus 230.
  • the apparatus 230 may include at least one processor 1010 and at least one memory 1020 that may include computer program code 1030.
  • the at least one memory 1020 and the computer program code 1030 may be configured to, with the at least one processor 1010, cause the apparatus 230 at least to perform at least the steps of the example method 800 described above.
  • the at least one processor 1010 in the apparatus 230 may include, but is not limited to, at least one hardware processor, including at least one microprocessor such as a CPU, a portion of at least one hardware processor, and any other suitable dedicated processor such as those developed based on for example FPGA and ASIC. Further, the at least one processor 1010 may also include at least one other circuitry or element not shown in FIG. 10.
  • the at least one memory 1020 in the apparatus 230 may include at least one storage medium in various forms, such as a volatile memory and/or a non-volatile memory.
  • the volatile memory may include, but not limited to, for example, a RAM, a cache, and so on.
  • the non-volatile memory may include, but not limited to, for example, a ROM, a hard disk, a flash memory, and so on.
  • the at least memory 1020 may include, but are not limited to, an electric, a magnetic, an optical, an electromagnetic, an infrared, or a semiconductor system, apparatus, or device or any combination of the above.
  • the apparatus 230 may also include at least one other circuitry, element, and interface, for example at least one I/O interface, at least one antenna element, and the like.
  • the apparatus 230 may also include a display circuit and a display panel configured to display the example UI 910 of the owner UE APP described above.
  • the circuitries, parts, elements, and interfaces in the example apparatus 230, including the at least one processor 1010 and the at least one memory 1020 may be coupled together via any suitable connections including, but are not limited to, buses, crossbars, wiring and/or wireless lines, in any suitable ways, for example electrically, magnetically, optically, electromagnetically, and the like.
  • FIG. 11 illustrates another example of the apparatus 230.
  • the apparatus 230 may include means 1110 for performing the step 810 of the example method 800 and means 1120 for performing the step 820 of the example method 800.
  • at least one I/O interface, at least one antenna element, and the like may also be included in the apparatus 230.
  • the apparatus 230 may further include one or more means for performing one or more additional steps in the example method 800.
  • examples of means 1110 and 1120 may include circuitries.
  • an example of means 1110 may include a circuitry configured to perform the step 810 of the example method 800
  • an example of means 1120 may include a circuitry configured to perform the step 820 of the example method 1100.
  • examples of means may also include software modules and any other suitable function entities.
  • FIG. 12 illustrates an example method 1200 for secure device sharing in an embodiment, which may be performed in the apparatus 220 (the server) .
  • the example method 1200 may include a step 1210 of receiving, from the apparatus 210 of the user 110, at least one of the access configuration for the IoT device 120 of the user 110 and an indication of the access configuration, a step 1220 of transmitting at least one of the access configuration and the indication to the apparatus 230 of the user 130, a step 1230 of receiving from the apparatus 230 of the user 130, a request to book the IoT device 120 according to the access configuration, a step 1240 of transmitting the access configuration to at least one of the IoT device 120 and the apparatus 240 as a delegate apparatus of the IoT device 120, and a step 1250 of transmitting, to at least one of the apparatus 210 and the apparatus 230, information on usage of the IoT device 120 by the user 130 at least partly according to the access configuration.
  • the apparatus 220 may perform the step 1210 to cooperate with the apparatus 210 performing the step 410 of the example method 400, may perform the steps 1220 and 1230 to cooperate with the apparatus 230 performing the steps 810 and 820 of the example method 800, and may perform the step 1250 to cooperate with at least the apparatus 210 performing the step 420 of the example method 400.
  • the apparatus 220 may also transmit the information on usage of the IoT device 120 by the user 130 to the apparatus 230 of the user 130, so that the user 130 may be also able to review and track actions/activities on the IoT device 120 and related fees/costs and so on.
  • the IoT device 120 may be configured to support functions such as maintaining the access configuration, performing business logic, and checking whether one or more services requested by the user 130 is allowed in the access configuration. Then, the apparatus 220 may transmit the access configuration to the IoT device 120 in the step 1240, for example via the apparatuses, 240, 250, and 260.
  • the apparatus 240 or a combination including at least one of the apparatuses 240, 250, and 260 may be configured to delegate the IoT device 120 to achieve the above example functions such as maintaining the access configuration, performing business logic, checking whether one or more services requested by the user 130 is allowed in the access configuration, and so on, where the apparatus 240 or the combination including at least one of the apparatuses 240, 250, and 260 may be a delegate apparatus of the IoT device 120. Then, in the step 1240, the apparatus 220 may transmit the access configuration to the delegate apparatus of the IoT device 120, so that, for example, the example system 200 may be also applied to both those IoT devices with constrained resources and those legacy IoT devices.
  • the access configuration may include, but is not limited to, at least one of an identity of the IoT device 120, a description of the IoT device 120, one or more services of the IoT device 120 allowed for the user 130, one or more services of the IoT device 120 denied for the user 130, charging rate for the one or more services of the IoT device 120 allowed for the user 130, one or more actions of the IoT device 120 in response to one or more access attempts to the IoT device 120 by the user 130, and so on.
  • the apparatus 210 of the user 110 may also transmit an authentication for granting the apparatus 220 permission to access data of the IoT device 120.
  • the example method 1200 performed by the apparatus 220 may also include receiving the authentication from the apparatus 210, and transmitting a request to monitor the IoT device 120 to the delegate apparatus of the IoT device 120 and/or to the IoT device 120 for example via at least one of the apparatuses 240, 250, and 260.
  • unexpected/illegal attempts to control the IoT device 120 may be avoided or mitigated in the example system 200.
  • the example method 1200 performed by the apparatus 220 may also include determining a status of the IoT device 120, and transmitting information on the status of the IoT device 120 to one or more of another apparatuses in the example system 200 including one or more of the apparatuses 210, 230, 240, and so on.
  • the apparatus 210 may update the status of the IoT device 120 to indicate that the IoT device 120 is ready for sharing (e.g. may be rent by one or more another users such as the user 130) , when the apparatus 220 receives, for example from the apparatus 240, a successful response to the request to monitor the IoT device 120.
  • the apparatus 210 may transmit the status of the IoT device 120 to the apparatus 220.
  • the apparatus 220 may update the status of the IoT device 120 automatically on behalf of the user 110, for example in a case where the user 110 grants the apparatus 220 via the apparatus 210 permission to update the status of the IoT device 120 on behalf of the user 110.
  • the apparatus 220 may handle the booking request, for example by transferring the booking request to the apparatus 210 of the user 110 and waiting for a decision feedback by the user 110 via the apparatus 210, or by handling the booking request on behalf of the user 110, for example based on local provisioning which may be provided for example in advance by the user 110 through the apparatus 210 or automatically or semi-automatically through AI technologies.
  • the status of the IoT device 120 may be kept unchanged, for example; if the booking request is accepted, for example, the apparatus 220 may update the status of the IoT device 120 to indicate that the IoT device 120 is booked by the user 130; if the booking request is accepted with one or more conditions, for example, the apparatus 220 may update the status of the IoT device 120 to indicate that the IoT device 120 is booked conditionally by the user 130, or that the IoT device 120 is during a period of booking; or the like.
  • At least one of the apparatus 220, the IoT device 120, and the delegate apparatus of the IoT device 120 may be configured to perform operations such as monitoring the usage time of the IoT device 120 remained for the user 130, monitoring and check whether the one or more services requested by the user 130 is allowed in the access configuration for the IoT device 120, monitoring real-time location/condition of the IoT device 120, and so on.
  • the accepted using time of the IoT device 120 for the user 130 ends or the IoT device 120 is turned off (e.g.
  • the apparatus 220 may notify such information for example to at least one of the apparatuses 210 and 230, and may update the status of the IoT device 120 to indicate that the user 130 stops using the IoT device 120 and/or the IoT device 120 may be booked. For example, if the apparatus 220 determines, for example by means of at least one of the apparatuses 240, 250, and 260, that the IoT device 120 is in failure or in an unexpected condition (e.g.
  • the apparatus 220 may notify such information for example to the apparatuses 210 and/or 230 and even to organizations such as the Service Provider, Transportation Bureau, Public Security Bureau, Fire Bureau, and so on, and may update the status of the IoT device 120 to indicate such a condition.
  • the user 110 may stop sharing the IoT device 120, and the apparatus 220 may receive, from the apparatus 210 of the user 110, an indication to stop sharing the IoT device 120. Then, for example, the apparatus 220 may terminate monitoring the IoT device 120, and may update the status of the IoT device 120 to indicate that the IoT device 120 is not shared, or may delete the IoT device 120 from a list including one or more IoT devices being shared and available for sharing so that the IoT device 120 will not be displayed for example on the example UI 910 of the Renter UE APP running on the apparatus 230 of the user 130.
  • the example method 1200 performed by the apparatus 220 may also include receiving information on usage of the IoT device 120, for example from one or more of the apparatuses 230, 240, and 120. Then, for example, the apparatus 220 may calculate the service usage to determine the charging information and so on, and may report information on the usage and charging of the IoT device 120 and so on to the apparatus 210 of the user 110.
  • FIG. 13 illustrates an example of the apparatus 220.
  • the apparatus 220 may include at least one processor 1310 and at least one memory 1320 that may include computer program code 1330.
  • the at least one memory 1320 and the computer program code 1330 may be configured to, with the at least one processor 1310, cause the apparatus 220 at least to perform at least the steps of the example method 1200 described above.
  • the at least one processor 1310 in the apparatus 220 may include, but is not limited to, at least one hardware processor, including at least one microprocessor such as a CPU, a portion of at least one hardware processor, and any other suitable dedicated processor such as those developed based on for example FPGA and ASIC. Further, the at least one processor 1310 may also include at least one other circuitry or element not shown in FIG. 13.
  • the at least one memory 1320 in the apparatus 220 may include at least one storage medium in various forms, such as a volatile memory and/or a non-volatile memory.
  • the volatile memory may include, but not limited to, for example, a RAM, a cache, and so on.
  • the non-volatile memory may include, but not limited to, for example, a ROM, a hard disk, a flash memory, and so on.
  • the at least memory 1320 may include, but are not limited to, an electric, a magnetic, an optical, an electromagnetic, an infrared, or a semiconductor system, apparatus, or device or any combination of the above.
  • the apparatus 220 may also include at least one other circuitry, element, and interface, for example at least one I/O interface, at least one antenna element, and the like.
  • the circuitries, parts, elements, and interfaces in the example apparatus 220 including the at least one processor 1310 and the at least one memory 1320, may be coupled together via any suitable connections including, but are not limited to, buses, crossbars, wiring and/or wireless lines, in any suitable ways, for example electrically, magnetically, optically, electromagnetically, and the like.
  • FIG. 14 illustrates another example of the apparatus 220.
  • the apparatus 220 may include means 1410 for performing the step 1210 of the example method 1200, means 1420 for performing the step 1220 of the example method 1200, means 1430 for performing the step 1230 of the example method 1200, means 1440 for performing the step 1240 of the example method 1200, and means 1450 for performing the step 1250 of the example method 1200.
  • at least one I/O interface, at least one antenna element, and the like may also be included in the apparatus 220.
  • the apparatus 220 may further include one or more means for performing one or more additional steps in the example method 1200.
  • examples of means 1410, 1420, 1430, 1440, and 1450 may include circuitries.
  • an example of means 1410 may include a circuitry configured to perform the step 1210 of the example method 1200
  • an example of means 1420 may include a circuitry configured to perform the step 1220 of the example method 1200
  • an example of means 1430 may include a circuitry configured to perform the step 1230 of the example method 1200
  • an example of means 1440 may include a circuitry configured to perform the step 1240 of the example method 1200
  • an example of means 1450 may include a circuitry configured to perform the step 1250 of the example method 1200.
  • examples of means may also include software modules and any other suitable function entities.
  • the implementation/structure of the apparatus 220 is not limited to the above examples.
  • the apparatus 220 may be also implemented or configured based on a decentralized ledger system such as blockchain and IOTA.
  • FIG. 15 illustrates an example of the apparatus 220 which is implemented based on blockchain technology. Based on such apparatus 220, one or more functions/operations of the apparatuses 240, 250, and 260 which have been described above and are to be described below, such as the maintenance and storage of the access configuration for the IoT device 120, may be implemented in the apparatus 220, so that less changes may be applied to the apparatuses 240, 250, and 260, or even the legacy apparatuses 240, 250, and 260 may be used in the example system 200.
  • a module 1520 (IoT Device Access Configuration Distributor) , a module 1530 (IoT Device Access Configuration Executor) , and a module 1540 (IoT Device Access Configuration Manager) may be implemented and deployed on the blockchain 1510.
  • the modules 1510, 1520, and 1530 may be implemented as blockchain scripts which may be triggered periodically or in response to one or more specific events.
  • the module 1520 may be triggered when receiving a new access configuration for the IoT device 120 or a request to update the access configuration for the IoT device 120 from the apparatus 210 of the user 110. After authentication of the ownership of the IoT device 120, the module 1520 may confirm with the user 110 the new or modified access configuration for the IoT device 120, for example via the apparatus 210, and may further transmit the access configuration for the IoT device 120 to the apparatus 240 and/or the IoT device 120.
  • the module 1530 may check the report/information from at least one of the apparatuses 230, 240, and 120, for example periodically, and may perform corresponding handling based on the access configuration for the IoT device 120, such as applying charging for the usage of the IoT device 120, handling event predefined in the access configuration for the IoT device 120, and so on.
  • the module 1540 may perform provisioning local on the blockchain 1510. For example, the module 1540 may verify the consistency of data of the IoT device 120 which is generated by one or more of the apparatuses 120, 230, 240, and so on, and may notify the user 110, for example via the apparatus 210, when identifying inconsistency. Also, the module 1540 may be also configured to apply one or more predefined operations when identifying inconsistency, such as disabling the access configuration for the IoT device 120, marking suspicious data, and so on.
  • the implementation of the apparatus 220 may be not limited to the above example.
  • the apparatus 220 may be also implemented based on any other suitable decentralized ledger system such as IOTA.
  • the operation of checking whether one or more service requests of the user 130 for the IoT device 120 are allowed in the access configuration for the IoT device 120 may be implemented in either the IoT device 120 or the delegate apparatus of the IoT device 120 (e.g. the apparatus 240, or a combination of one or more of the apparatuses 240, 250, and 260, or the apparatus 220 in case where the apparatus 220 is implemented based on a decentralized ledger system) .
  • the delegate apparatus of the IoT device 120 e.g. the apparatus 240, or a combination of one or more of the apparatuses 240, 250, and 260, or the apparatus 220 in case where the apparatus 220 is implemented based on a decentralized ledger system
  • FIG. 16 illustrates an example method 1600 for secure device sharing in an embodiment, which may be performed in the apparatus 240, on behalf of the IoT device 120, to check whether one or more service requests of the user 130 for the IoT device 120 are allowed in the access configuration for the IoT device 120.
  • the example method 1600 performed in the apparatus 240 may include a step 1610 of receiving, from the apparatus 220, at least one of the access configuration for the IoT device 120 and an indication of the access configuration, and acceptance of the access configuration for the IoT device 120 by the user 130, a step 1620 of receiving a request from the user 130 for a service of the IoT device 120, a step 1630 of determining whether the service is allowed for the user 130 in the access configuration for the IoT device 120, and a step 1640 of transmitting the request to the IoT device 120 for example in a case where the service is allowed for the user 130 in the access configuration for the IoT device 120.
  • the apparatus 230 may perform the step 1610 to cooperate with the apparatus 220 performing the step 1210 of the example method 1200.
  • the apparatus 220 may also transmit an explicit acceptance of the access configuration for the IoT device 120 by the user 130 to the apparatus 230.
  • the access configuration for the IoT device 120 may be associated with the user 130, for example, associated with the identifier of the user 130, after the user 130 confirms and accepts the access configuration for the IoT device 120, for example when the user 130 transmits a request to book the IoT device 120 via the apparatus 230.
  • the apparatus 230 may receive one or more requests from the user 130 for one or more services of the IoT device 120, directly from the user 130 for example in a case where the user 130 operates on the IoT device 120 directly, or from the apparatus 230 of the user 130 for example in a case where the user 130 operates on the apparatus 230 to transmit one or more such requests.
  • an identifier (e.g. a string, or a serial number, or the like) may be allocated for a service of the IoT device 120, and the request from the user 130 may include one or more identifiers of one or more services of the IoT device 120.
  • the access configuration for the IoT device 120 may include a list of indenters of one or more services of the IoT device 120 allowed for the user 130. Then, in the step 1630, the apparatus 240 may check whether the list in the access configuration includes the one or more identifiers in the request received in the step 1620.
  • the access configuration for the IoT device 120 may include a mapping indicating enablement/disablement of the services supported by the IoT device 120, and the identifier of a service included in the request from the user 130 may correspond to an index of an item in the mapping. For example, as illustrated in FIG.
  • an example mapping may be a list of binary values, where the item with index “0” may correspond to the service “Manual Driving” , the item with index “1” may correspond to the service “Automatic Driving” , the item with index “2” may correspond to the service “Entertainment” , the item with index “3” may correspond to the service “Emergency Rescue” , and the like, and where “1” indicates that the corresponding service is allowed for the user 130 and “0” indicates that the corresponding service is denied for the user 130.
  • other values may be possible, for example, “2” indicating that the corresponding service is allowed for the user 130 with conditions, or the like.
  • the services “Manual Driving” and “Emergency Rescue” are allowed for the user 130, and the services “Automatic Driving” and “Entertainment” are denied for the user 130.
  • the apparatus 240 may determine that the service the user 130 is requesting a service “Manual Driving” of the IoT device 120 which is allowed for the user 130, and a service “Entertainment” of the IoT device 120 which is denied for the user 130.
  • the apparatus 240 may transmit the request to the IoT device 120 so that the IoT device 120 may operate to respond to the request.
  • the apparatus 240 may transmit information on the rejection to one or more of the apparatus 210 of the user 110 and the apparatus 230 of the user 130.
  • the example method 1600 performed by the apparatus 240 may also include receiving, from the IoT device 120, information on usage of the IoT device 120, and reporting the information on the usage of the IoT device 120 to the apparatus 220, so that the apparatus 220 may calculate service usage to determine the charging information and so on.
  • the apparatus 220 may transmit a request to monitor the IoT device to the apparatus 240.
  • such monitor request may include authorization information such as a token of the apparatus 220.
  • the example method 1600 performed by the apparatus 240 may also include receiving such request from the apparatus 220, and verifying whether the apparatus 240 is authorized by the user 110, for example according to the authorization information in the request. If it is determined that the apparatus 220 is authorized by the user 110, for example, the authorization information such as a token of the apparatus 220 may be associated with the access configuration for the IoT device 120, and one or more monitor events may be subscribed for example from the apparatus 260 serving the IoT device 120. Then, for example, a successful response to the request to monitor the IoT device 120 may be feedback to the apparatus 220, so that the apparatus 220 may update the status of the IoT device 120.
  • the access configuration for the IoT device 120 may be saved locally or in the apparatus 450.
  • service profile for the IoT device 120 may be modified, for example to change the charging to the user 130 from the user 110 during the period while the user 130 is using the IoT device 120 of the user 110.
  • the example method 1600 may also include determining whether time assigned to the user 130 for using the IoT device 120 is ended, and transmitting, to the apparatus 220, information on that the time or accepted time window assigned to the user 130 for using the IoT device 120 is ended, so that the apparatus 220 may update the status of the IoT device 120 accordingly.
  • a timer may be configured to track the time assigned to the user 130 for using the IoT device 120.
  • the service profile for the IoT device 120 may be modified back, for example to change the charging back to the user 110 from the user 130, and may reject subsequent service request from the user 130.
  • FIG. 18 illustrates an example of the apparatus 240.
  • the apparatus 240 may include at least one processor 1810 and at least one memory 1820 that may include computer program code 1830.
  • the at least one memory 1820 and the computer program code 1830 may be configured to, with the at least one processor 1810, cause the apparatus 240 at least to perform at least the steps of the example method 1600 described above.
  • the at least one processor 1810 in the apparatus 240 may include, but is not limited to, at least one hardware processor, including at least one microprocessor such as a CPU, a portion of at least one hardware processor, and any other suitable dedicated processor such as those developed based on for example FPGA and ASIC. Further, the at least one processor 1810 may also include at least one other circuitry or element not shown in FIG. 18.
  • the at least one memory 1820 in the apparatus 240 may include at least one storage medium in various forms, such as a volatile memory and/or a non-volatile memory.
  • the volatile memory may include, but not limited to, for example, a RAM, a cache, and so on.
  • the non-volatile memory may include, but not limited to, for example, a ROM, a hard disk, a flash memory, and so on.
  • the at least memory 1820 may include, but are not limited to, an electric, a magnetic, an optical, an electromagnetic, an infrared, or a semiconductor system, apparatus, or device or any combination of the above.
  • the apparatus 240 may also include at least one other circuitry, element, and interface, for example at least one I/O interface, at least one antenna element, and the like.
  • the circuitries, parts, elements, and interfaces in the example apparatus 240 including the at least one processor 1810 and the at least one memory 1820, may be coupled together via any suitable connections including, but are not limited to, buses, crossbars, wiring and/or wireless lines, in any suitable ways, for example electrically, magnetically, optically, electromagnetically, and the like.
  • FIG. 19 illustrates another example of the apparatus 240.
  • the apparatus 240 may include means 1910 for performing the step 1610 of the example method 1600, means 1920 for performing the step 1620 of the example method 1600, means 1930 for performing the step 1630 of the example method 1600, and means 1940 for performing the step 1640 of the example method 1600.
  • at least one I/O interface, at least one antenna element, and the like may also be included in the apparatus 240.
  • the apparatus 240 may further include one or more means for performing one or more additional steps in the example method 1600.
  • examples of means 1910, 1920, 1930, and 1940 may include circuitries.
  • an example of means 1910 may include a circuitry configured to perform the step 1610 of the example method 1600
  • an example of means 1920 may include a circuitry configured to perform the step 1620 of the example method 1600
  • an example of means 1930 may include a circuitry configured to perform the step 1630 of the example method 1600
  • an example of means 1940 may include a circuitry configured to perform the step 1640 of the example method 1600.
  • examples of means may also include software modules and any other suitable function entities.
  • the implementation/structure of the apparatus 240 is not limited to the above examples.
  • one or more operations/steps in the example method 1600 or the functions in the apparatus 240 may be implemented in the apparatuses 250, 260, and 120.
  • FIG. 20 illustrates an example where one or more operations/steps in the example method 1600 during a period when the user 110 offers the IoT device 120 for sharing are implemented in the apparatuses 250 and 260.
  • the apparatus 240 may transfer the monitor request from the apparatus 220 to the apparatus 250, and the apparatus 250 may verify the authorization information and subscribe monitor event from the apparatus 260 serving the IoT device 120.
  • FIG. 21 illustrates an example where one or more operations/steps in the example method 1600 during a period when the user 130 books the IoT device 120 are implemented in the apparatuses 250 and 260.
  • the maintenance/storage of the access configuration for the IoT device 120 and the modification of the service profile for the IoT device 120 may be performed in the apparatus 250, and the modified service profile for the IoT device 120 may be transmitted to the apparatuses 240 and 260.
  • FIG. 22 illustrates an example where one or more operations/steps in the example method 1600 during a period when the user 130 request a service of the IoT device 120 are implemented in the apparatuses 250 and 260.
  • the maintenance/storage of the access configuration for the IoT device 120 e.g. deleting the access configuration for IoT device 120 when the time assigned to the user 130 to use the IoT device 120 ends
  • the modification of the service profile for the IoT device 120 e.g. changing the charging back to the user 110 from the user 130 when the time assigned to the user 130 to use the IoT device 120 ends
  • the modified service profile for the IoT device 120 may be transmitted to the apparatuses 240 and 260.
  • FIG. 20, FIG. 21, and FIG. 22 also illustrate another example of actions/operations of the example system 200.
  • the apparatus 210 of the user 110 may transmit an access configuration for the IoT device 120 together with authorization information (e.g. a token for the apparatus 220) to the apparatus 220.
  • authorization information e.g. a token for the apparatus 220
  • the apparatus 220 may transmit a Monitor Request (e.g. location, power information, and so on) including the authorization information via the apparatus 240 to the apparatus 250.
  • the apparatus 250 may verify the authorization information to determine whether the apparatus 220 is authorized by the user 110. If the apparatus 220 is authorized by the user 110, the apparatus 250 may subscribe monitor event from the apparatus 260 serving the IoT device 120, and may transmit a Monitor Response to the apparatus 220 via the apparatus 240. Then, the apparatus 220 may update the status of the IoT device 120 for example to indicate that the IoT device 120 is available for sharing, and may transmit the information on the IoT device status to the apparatuses 210 and 230.
  • the apparatus 220 may either transfer the Booking Request to the apparatus 210 of the user 110 or handle it on behalf of the user 110 based on local provisioning.
  • the Booking Request may be rejected if it cannot meet the acceptable criteria defined by the user 110, and apparatus 220 may transmit a Booking Response indicating a rejection to the apparatus 230 of the user 130. If the Booking Request meets the acceptable criteria defined by the user 110, the apparatus 220 may transmit a Booking Response indicating an acceptance to the apparatus 230 of the user 130.
  • the access configuration for the IoT device 120 may be updated or an access policy for the IoT device 120 may be generated based on the acceptance, the service profile for the IoT device 120, and the access configuration for the IoT device 120, where, for example, an identifier of the user 130 may be associated.
  • the apparatus 220 may update the status of the IoT device 120 to indicate that the IoT device is booked by the user 130 at given time window, and may notify the IoT device status to the apparatus 210.
  • the apparatus 250 may change the charging to the user 130 from the user 110 during the period while the user 130 is using the IoT device 120 of the user 110, and transmit the modified service profile for the IoT device 120 or notify the modification to the apparatuses 240 and 260.
  • the apparatus 240 may handle the service request from the user 130 or the apparatus 230 based on the access configuration or access policy for the IoT device 120 in the accepted time window for the user 130. For example, the apparatus 240 may transfer the service request to the IoT device 120 via the apparatus 260 so that the IoT device 120 may perform the service accordingly, and may receive the Service Usage Report from the apparatus 260. For example, the apparatus 240 may report the service and the monitored event to the apparatus 220 and the apparatus 230 based on the access configuration or access policy for the IoT device 120. When the time accepted for the user 130 ends, the apparatus 250 may notify the apparatus 220 that the handling has done.
  • the apparatus 220 may update the IoT device status, and may notify the updated status to the apparatuses 210 and 230.
  • the IoT device 120 may perform the service in response to the service request from the apparatus 240, and may report information on the service performing to the apparatus 260 serving the IoT device 120.
  • service profile for the IoT device 120 may be modified depending on stage of service usage. For example, when the IoT device 120 is in a state of being available for sharing but has not yet been used by another user such as the user 130, the service profile for the IoT device 120 may indicate that responsibilities and costs for the IoT 120 are associated with the user 110. Then, when the user 130 start to use the IoT device 120 of the user 110, for example as illustrated in FIG. 21, the service profile for the IoT device 120 may be modified so that the at least a part of responsibilities and costs with respect to the IoT device 120 is associated with the user 130 instead of the user 110. Then, when the accepted time window for the user 130 ends, for example as illustrated in FIG.
  • the service profile for the IoT device 120 may be modified again so that responsibilities and costs for the IoT 120 are associated again with the user 110. Further, as described above, one or more functions of the apparatuses 240, 250, and 260, such as maintenance and storage of the access configuration, service checking, and so on, may be also implemented in the IoT device 120.
  • FIG. 23 illustrates an example method 2300 for secure device sharing in an embodiment, which may be performed in the IoT device 120.
  • the example method 2300 may include a step 2310 of receiving a request from the user 130 for a service of the IoT device 120, and a step 2320 of performing the service in a case where the service is allowed for the user 130 in the access configuration for the IoT device 120.
  • the example method 2300 performed by the IoT device 120 may also include one or more of the following steps: storing the access configuration; determining whether the service is allowed for the user 130 in the access configuration; and reporting information on usage of the IoT device 120, for example via the apparatus 260.
  • FIG. 24 illustrates an example of the actions of the example system 200 in a case where the IoT device 120 performs the service check.
  • the apparatuses 240, 250, and 260 transfer the access configuration and service request to the IoT device 120, for example without saving and/or handling, and the IoT device 120 may maintain the access configuration and determine whether the requested service is allowed for the user 130 by itself.
  • FIG. 25 illustrates an example of the apparatus 2500 which may be at least a part of the IoT device 120.
  • the apparatus 2500 may include at least one processor 2510 and at least one memory 2520 that may include computer program code 2530.
  • the at least one memory 2520 and the computer program code 2530 may be configured to, with the at least one processor 2510, cause the apparatus 2500 at least to perform at least the steps of the example method 2300 described above.
  • the at least one processor 2510 in the apparatus 2500 may include, but is not limited to, at least one hardware processor, including at least one microprocessor such as a CPU, a portion of at least one hardware processor, and any other suitable dedicated processor such as those developed based on for example FPGA and ASIC. Further, the at least one processor 2510 may also include at least one other circuitry or element not shown in FIG. 25.
  • the at least one memory 2520 in the apparatus 2500 may include at least one storage medium in various forms, such as a volatile memory and/or a non-volatile memory.
  • the volatile memory may include, but not limited to, for example, a RAM, a cache, and so on.
  • the non-volatile memory may include, but not limited to, for example, a ROM, a hard disk, a flash memory, and so on.
  • the at least memory 2520 may include, but are not limited to, an electric, a magnetic, an optical, an electromagnetic, an infrared, or a semiconductor system, apparatus, or device or any combination of the above.
  • the apparatus 2500 may also include at least one other circuitry, element, and interface, for example at least one I/O interface, at least one antenna element, and the like.
  • the circuitries, parts, elements, and interfaces in the example apparatus 2500, including the at least one processor 2510 and the at least one memory 2520 may be coupled together via any suitable connections including, but are not limited to, buses, crossbars, wiring and/or wireless lines, in any suitable ways, for example electrically, magnetically, optically, electromagnetically, and the like.
  • FIG. 26 illustrates another example of the apparatus 2600 which may be at least a part of the IoT device 120.
  • the apparatus 2600 may include means 2610 for performing the step 2310 of the example method 2300, and means 2620 for performing the step 2320 of the example method 2300.
  • at least one I/O interface, at least one antenna element, and the like may also be included in the apparatus 2600.
  • the apparatus 2600 may further include one or more means for performing one or more additional steps in the example method 2300.
  • examples of means 2610 and 2620 may include circuitries.
  • an example of means 2610 may include a circuitry configured to perform the step 2310 of the example method 2300
  • an example of means 2620 may include a circuitry configured to perform the step 2320 of the example method 2300.
  • examples of means may also include software modules and any other suitable function entities.
  • Another example embodiment may relate to computer program codes or instructions which may cause an apparatus to perform at least respective methods described above.
  • Another example embodiment may be related to a computer readable medium having such computer program codes or instructions stored thereon.
  • a computer readable medium may include at least one storage medium in various forms such as a volatile memory and/or a non-volatile memory.
  • the volatile memory may include, but not limited to, for example, a RAM, a cache, and so on.
  • the non-volatile memory may include, but not limited to, a ROM, a hard disk, a flash memory, and so on.
  • the non-volatile memory may also include, but are not limited to, an electric, a magnetic, an optical, an electromagnetic, an infrared, or a semiconductor system, apparatus, or device or any combination of the above.
  • the words “comprise, ” “comprising, ” and the like are to be construed in an inclusive sense, as opposed to an exclusive or exhaustive sense; that is to say, in the sense of “including, but not limited to. ”
  • the word “coupled” refers to two or more elements that may be either directly connected, or connected by way of one or more intermediate elements.
  • the word “connected” refers to two or more elements that may be either directly connected, or connected by way of one or more intermediate elements.
  • conditional language used herein such as, among others, “can, ” “could, ” “might, ” “may, ” “e.g., ” “for example, ” “such as” and the like, unless specifically stated otherwise, or otherwise understood within the context as used, is generally intended to convey that certain embodiments include, while other embodiments do not include, certain features, elements and/or states.
  • conditional language is not generally intended to imply that features, elements and/or states are in any way required for one or more embodiments or that one or more embodiments necessarily include logic for deciding, with or without author input or prompting, whether these features, elements and/or states are included or are to be performed in any particular embodiment.
  • modifiers such as “first” and “second” throughout this disclosure may be used for distinguish different elements, components, circuits, modules, apparatuses, or steps, rather than emphasizing order, positional relationship, importance, priority, or the like, and modifiers such as “first” and “second” may be interchangeable.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Telephonic Communication Services (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

Disclosed are methods for secure device sharing. An example method may include transmitting, at a first apparatus of a user and to a second apparatus, at least one of an access configuration for a third apparatus of the user and an indication of the access configuration, and receiving, at the first apparatus and from the second apparatus, information on usage of the third apparatus by another user at least partly according to the access configuration.. The Related apparatuses and computer readable media are also disclosed.

Description

METHODS AND APPARATUSES FOR SECURE DEVICE SHARING TECHNICAL FIELD
Various example embodiments relate to methods and apparatuses for secure device sharing.
BACKGROUND
The Internet of Things (IoT) is a network of physical objects, such as vehicles, machines, home appliances, and so on, which may connect and exchange data over the Internet.
SUMMARY
In a first aspect, disclosed is a method comprising transmitting, at a first apparatus of a user and to a second apparatus, at least one of an access configuration for a third apparatus of the user and an indication of the access configuration, and receiving, at the first apparatus and from the second apparatus, information on usage of the third apparatus by another user at least partly according to the access configuration.
In some embodiments, the access configuration may comprise at least one of an identity of the third apparatus, a description of the third apparatus, one or more services of the third apparatus allowed for the another user, one or more services of the third apparatus denied for the another user, charging rate for the one or more services of the third apparatus allowed for the another user, and one or more actions of the third apparatus in response to one or more access attempts to the third apparatus by the another user.
In some embodiments, the method may further comprise transmitting, at the first apparatus and to the second apparatus, an authentication for granting the second apparatus permission to access data of the third apparatus.
In some embodiments, the method may further comprise receiving, at the first apparatus and from the second apparatus, information on at last one of a status of the third  apparatus, service usage, and charging.
In some embodiments, the method may further comprise transmitting, at the first apparatus and to the second apparatus, an indication to stop sharing the third apparatus.
In a second aspect, disclosed is a method comprising receiving, at a first apparatus of a user and from a second apparatus, at least one of an access configuration for a third apparatus of another user and an indication of the access configuration, and transmitting, at the first apparatus and to the second apparatus, a request to book the third apparatus according to the access configuration.
In some embodiments, the access configuration may comprise at least one of an identity of the third apparatus, a description of the third apparatus, one or more services of the third apparatus allowed for the user, one or more services of the third apparatus denied for the user, charging rate for the one or more services of the third apparatus allowed for the user, and one or more actions of the third apparatus in response to one or more access attempts to the third apparatus by the user.
In some embodiments, the method may further comprise transmitting, at the first apparatus and to the third apparatus, a request for a service of the third apparatus.
In some embodiments, the method may further comprise transmitting, at the first apparatus and to the second apparatus, information on usage of the third apparatus.
In some embodiments, the method may further comprise receiving, at the first apparatus and from the second apparatus, information on at least one of a status of the third apparatus, service usage, and charging.
In a third aspect, disclosed is a method comprising receiving, at an apparatus of a user, a request from another user for a service of the apparatus, and performing the service in a case where the service is allowed for the another user in an access configuration for the apparatus.
In some embodiments, the access configuration may comprise at least one of an identity of the apparatus, a description of the apparatus, one or more services of the apparatus allowed for the another user, one or more services of the apparatus denied for the another user, charging rate for the one or more services of the apparatus allowed for the another user, and one or more actions of the apparatus in response to one or more access attempts to the  apparatus by the another user.
In some embodiments, the method may further comprise storing the access configuration at the apparatus.
In some embodiments, the method may further comprise determining, at the apparatus, whether the service is allowed for the another user in the access configuration.
In some embodiments, the method may further comprise reporting information on usage of the apparatus.
In a fourth aspect, disclosed is a method comprising receiving, at a first apparatus and from a second apparatus of a user, at least one of an access configuration for a third apparatus of the user and an indication of the access configuration, transmitting, at the first apparatus, at least one of the access configuration and the indication to a fourth apparatus of another user, receiving, at the first apparatus and from the fourth apparatus, a request to book the third apparatus according to the access configuration, transmitting, at the first apparatus, the access configuration to at least one of the third apparatus and a fifth apparatus as a delegate apparatus of the third apparatus, and transmitting, at the first apparatus and to at least one of the second apparatus and the fourth apparatus, information on usage of the third apparatus by the another user at least partly according to the access configuration.
In some embodiments, the access configuration may comprise at least one of an identity of the third apparatus, a description of the third apparatus, one or more services of the third apparatus allowed for the another user, one or more services of the third apparatus denied for the another user, charging rate for the one or more services of the third apparatus allowed for the another user, and one or more actions of the third apparatus in response to one or more access attempts to the third apparatus by the another user.
In some embodiments, the method may further comprise receiving, at the first apparatus and from the second apparatus, an authentication for granting the first apparatus permission to access data of the third apparatus, and transmitting, at the first apparatus and to at least one of the third apparatus and the fifth apparatus, a request to monitor the third apparatus.
In some embodiments, the method may further comprise determining, at the first apparatus, a status of the third apparatus, and transmitting, at the first apparatus and to at least one of the second apparatus and the fourth apparatus, information on the status of the third  apparatus.
In some embodiments, the method may further comprise receiving, at the first apparatus and from at least one of the third apparatus, the fourth apparatus, and the fourth apparatus, information on usage of the third apparatus.
In a fifth aspect, disclosed is a method comprising receiving, at a first apparatus and from a second apparatus, at least one of an access configuration for a third apparatus of a user and an indication of the access configuration, and acceptance of the access configuration by another user, receiving, at the first apparatus, a request from the another user for a service of the third apparatus, determining, at the first apparatus, whether the service is allowed for the another user in the access configuration, and transmitting, at the first apparatus, the request to the third apparatus.
In some embodiments, the access configuration may comprise at least one of an identity of the third apparatus, a description of the third apparatus, one or more services of the third apparatus allowed for the another user, one or more services of the third apparatus denied for the another user, charging rate for the one or more services of the third apparatus allowed for the another user, and one or more actions of the third apparatus in response to one or more access attempts to the third apparatus by the another user.
In some embodiments, the method may further comprise receiving, at the first apparatus and from the third apparatus, information on usage of the third apparatus, and reporting, at the first apparatus, the information to the second apparatus.
In some embodiments, the method may further comprise receiving, at the first apparatus and from the second apparatus, a request to monitor the third apparatus, and verifying, at the first apparatus, whether the second apparatus is authorized by the user.
In some embodiments, the method may further comprise determining, at the first apparatus, whether time assigned to the another user for using the third apparatus is ended, and transmitting, at the first apparatus and to the second apparatus, information on that the time assigned to the another user for using the third apparatus is ended.
In a sixth aspect, an apparatus is disclosed. The apparatus may comprise at least one processor and at least one memory comprising computer program code. The at least one memory and the computer program code may be configured to, with the at least one  processor, cause the apparatus as a first apparatus to perform transmitting, to a second apparatus, at least one of an access configuration for a third apparatus of the user and an indication of the access configuration, and receiving, from the second apparatus, information on usage of the third apparatus by another user at least partly according to the access configuration.
In some embodiments, the access configuration may comprise at least one of an identity of the third apparatus, a description of the third apparatus, one or more services of the third apparatus allowed for the another user, one or more services of the third apparatus denied for the another user, charging rate for the one or more services of the third apparatus allowed for the another user, and one or more actions of the third apparatus in response to one or more access attempts to the third apparatus by the another user.
In some embodiments, the at least one memory and the computer program code may be further configured to, with the at least one processor, cause the apparatus to perform transmitting, to the second apparatus, an authentication for granting the second apparatus permission to access data of the third apparatus.
In some embodiments, the at least one memory and the computer program code may be further configured to, with the at least one processor, cause the apparatus to perform receiving, from the second apparatus, information on at last one of a status of the third apparatus, service usage, and charging.
In some embodiments, the at least one memory and the computer program code may be further configured to, with the at least one processor, cause the apparatus to perform transmitting, to the second apparatus, an indication to stop sharing the third apparatus.
In a seventh aspect, an apparatus is disclosed. The apparatus may comprise at least one processor and at least one memory comprising computer program code. The at least one memory and the computer program code may be configured to, with the at least one processor, cause the apparatus as a first apparatus to perform receiving, from a second apparatus, at least one of an access configuration for a third apparatus of another user and an indication of the access configuration, and transmitting, to the second apparatus, a request to book the third apparatus according to the access configuration.
In some embodiments, the access configuration may comprise at least one of an  identity of the third apparatus, a description of the third apparatus, one or more services of the third apparatus allowed for the user, one or more services of the third apparatus denied for the user, charging rate for the one or more services of the third apparatus allowed for the user, and one or more actions of the third apparatus in response to one or more access attempts to the third apparatus by the user.
In some embodiments, the at least one memory and the computer program code may be further configured to, with the at least one processor, cause the apparatus to perform transmitting, to the third apparatus, a request for a service of the third apparatus.
In some embodiments, the at least one memory and the computer program code may be further configured to, with the at least one processor, cause the apparatus to perform transmitting, to the second apparatus, information on usage of the third apparatus.
In some embodiments, the at least one memory and the computer program code may be further configured to, with the at least one processor, cause the apparatus to perform receiving, from the second apparatus, information on at least one of a status of the third apparatus, service usage, and charging.
In an eighth aspect, an apparatus is disclosed. The apparatus may comprise at least one processor and at least one memory comprising computer program code. The at least one memory and the computer program code may be configured to, with the at least one processor, cause the apparatus of a user to perform receiving a request from another user for a service of the apparatus, and performing the service in a case where the service is allowed for the another user in an access configuration for the apparatus.
In some embodiments, the access configuration may comprise at least one of an identity of the apparatus, a description of the apparatus, one or more services of the apparatus allowed for the another user, one or more services of the apparatus denied for the another user, charging rate for the one or more services of the apparatus allowed for the another user, and one or more actions of the apparatus in response to one or more access attempts to the apparatus by the another user.
In some embodiments, the at least one memory and the computer program code may be further configured to, with the at least one processor, cause the apparatus to perform storing the access configuration at the apparatus.
In some embodiments, the at least one memory and the computer program code may be further configured to, with the at least one processor, cause the apparatus to perform determining, at the apparatus, whether the service is allowed for the another user in the access configuration.
In some embodiments, the at least one memory and the computer program code may be further configured to, with the at least one processor, cause the apparatus to perform reporting information on usage of the apparatus.
In a ninth aspect, an apparatus is disclosed. The apparatus may comprise at least one processor and at least one memory comprising computer program code. The at least one memory and the computer program code may be configured to, with the at least one processor, cause the apparatus as a first apparatus to perform receiving, from a second apparatus of a user, at least one of an access configuration for a third apparatus of the user and an indication of the access configuration, transmitting at least one of the access configuration and the indication to a fourth apparatus of another user, receiving, from the fourth apparatus, a request to book the third apparatus according to the access configuration, transmitting the access configuration to at least one of the third apparatus and a fifth apparatus as a delegate apparatus of the third apparatus, and transmitting, to at least one of the second apparatus and the fourth apparatus, information on usage of the third apparatus by the another user at least partly according to the access configuration.
In some embodiments, the access configuration may comprise at least one of an identity of the third apparatus, a description of the third apparatus, one or more services of the third apparatus allowed for the another user, one or more services of the third apparatus denied for the another user, charging rate for the one or more services of the third apparatus allowed for the another user, and one or more actions of the third apparatus in response to one or more access attempts to the third apparatus by the another user.
In some embodiments, the at least one memory and the computer program code may be further configured to, with the at least one processor, cause the apparatus to perform receiving, from the second apparatus, an authentication for granting the first apparatus permission to access data of the third apparatus, and transmitting, to at least one of the third apparatus and the fifth apparatus, a request to monitor the third apparatus.
In some embodiments, the at least one memory and the computer program code may be further configured to, with the at least one processor, cause the apparatus to perform determining a status of the third apparatus, and transmitting, to at least one of the second apparatus and the fourth apparatus, information on the status of the third apparatus.
In some embodiments, the at least one memory and the computer program code may be further configured to, with the at least one processor, cause the apparatus to perform receiving, from at least one of the third apparatus, the fourth apparatus, and the fourth apparatus, information on usage of the third apparatus.
In a tenth aspect, an apparatus is disclosed. The apparatus may comprise at least one processor and at least one memory including computer program code. The at least one memory and the computer program code may be configured to, with the at least one processor, cause the apparatus as a first apparatus to perform receiving, from a second apparatus, at least one of an access configuration for a third apparatus of a user and an indication of the access configuration, and acceptance of the access configuration by another user, receiving a request from the another user for a service of the third apparatus, determining whether the service is allowed for the another user in the access configuration, and transmitting the request to the third apparatus.
In some embodiments, the access configuration may comprise at least one of an identity of the third apparatus, a description of the third apparatus, one or more services of the third apparatus allowed for the another user, one or more services of the third apparatus denied for the another user, charging rate for the one or more services of the third apparatus allowed for the another user, and one or more actions of the third apparatus in response to one or more access attempts to the third apparatus by the another user.
In some embodiments, the at least one memory and the computer program code may be further configured to, with the at least one processor, cause the apparatus to perform receiving, from the third apparatus, information on usage of the third apparatus, and reporting the information to the second apparatus.
In some embodiments, the at least one memory and the computer program code may be further configured to, with the at least one processor, cause the apparatus to perform receiving, from the second apparatus, a request to monitor the third apparatus, and verifying  whether the second apparatus is authorized by the user.
In some embodiments, the at least one memory and the computer program code may be further configured to, with the at least one processor, cause the apparatus to perform determining whether time assigned to the another user for using the third apparatus is ended, and transmitting, to the second apparatus, information on that the time assigned to the another user for using the third apparatus is ended.
In an eleventh aspect, an apparatus is disclosed. The apparatus may comprise means for transmitting, at the apparatus as a first apparatus of a user and to a second apparatus, at least one of an access configuration for a third apparatus of the user and an indication of the access configuration, and means for receiving, at the first apparatus and from the second apparatus, information on usage of the third apparatus by another user at least partly according to the access configuration.
In some embodiments, the access configuration may comprise at least one of an identity of the third apparatus, a description of the third apparatus, one or more services of the third apparatus allowed for the another user, one or more services of the third apparatus denied for the another user, charging rate for the one or more services of the third apparatus allowed for the another user, and one or more actions of the third apparatus in response to one or more access attempts to the third apparatus by the another user.
In some embodiments, the apparatus may further comprise means for transmitting, to the second apparatus, an authentication for granting the second apparatus permission to access data of the third apparatus.
In some embodiments, the apparatus may further comprise means for receiving, from the second apparatus, information on at last one of a status of the third apparatus, service usage, and charging.
In some embodiments, the apparatus may further comprise means for transmitting, to the second apparatus, an indication to stop sharing the third apparatus.
In a twelfth aspect, an apparatus is disclosed. The apparatus may comprise means for receiving, at the apparatus as a first apparatus of a user and from a second apparatus, at least one of an access configuration for a third apparatus of another user and an indication of the access configuration, and means for transmitting, at the first apparatus and to the second  apparatus, a request to book the third apparatus according to the access configuration.
In some embodiments, the access configuration may comprise at least one of an identity of the third apparatus, a description of the third apparatus, one or more services of the third apparatus allowed for the user, one or more services of the third apparatus denied for the user, charging rate for the one or more services of the third apparatus allowed for the user, and one or more actions of the third apparatus in response to one or more access attempts to the third apparatus by the user.
In some embodiments, the apparatus may further comprise means for transmitting, to the third apparatus, a request for a service of the third apparatus.
In some embodiments, the apparatus may further comprise means for transmitting, to the second apparatus, information on usage of the third apparatus.
In some embodiments, the apparatus may further comprise means for receiving, from the second apparatus, information on at least one of a status of the third apparatus, service usage, and charging.
In a thirteenth aspect, an apparatus is disclosed. The apparatus may comprise means for receiving, at the apparatus of a user, a request from another user for a service of the apparatus, and means for performing the service in a case where the service is allowed for the another user in an access configuration for the apparatus.
In some embodiments, the access configuration may comprise at least one of an identity of the apparatus, a description of the apparatus, one or more services of the apparatus allowed for the another user, one or more services of the apparatus denied for the another user, charging rate for the one or more services of the apparatus allowed for the another user, and one or more actions of the apparatus in response to one or more access attempts to the apparatus by the another user.
In some embodiments, the apparatus may further comprise means for storing the access configuration at the apparatus.
In some embodiments, the apparatus may further comprise means for determining whether the service is allowed for the another user in the access configuration.
In some embodiments, the apparatus may further comprise means for reporting information on usage of the apparatus.
In a fourteenth aspect, an apparatus is disclosed. The apparatus may comprise means for receiving, at the apparatus as a first apparatus and from a second apparatus of a user, at least one of an access configuration for a third apparatus of the user and an indication of the access configuration, means for transmitting, at the first apparatus, at least one of the access configuration and the indication to a fourth apparatus of another user, means for receiving, at the first apparatus and from the fourth apparatus, a request to book the third apparatus according to the access configuration, means for transmitting, at the first apparatus, the access configuration to at least one of the third apparatus and a fifth apparatus as a delegate apparatus of the third apparatus, and means for transmitting, at the first apparatus and to at least one of the second apparatus and the fourth apparatus, information on usage of the third apparatus by the another user at least partly according to the access configuration.
In some embodiments, the access configuration may comprise at least one of an identity of the third apparatus, a description of the third apparatus, one or more services of the third apparatus allowed for the another user, one or more services of the third apparatus denied for the another user, charging rate for the one or more services of the third apparatus allowed for the another user, and one or more actions of the third apparatus in response to one or more access attempts to the third apparatus by the another user.
In some embodiments, the apparatus may further comprise means for receiving, from the second apparatus, an authentication for granting the first apparatus permission to access data of the third apparatus, and means for transmitting, to at least one of the third apparatus and the fifth apparatus, a request to monitor the third apparatus.
In some embodiments, the apparatus may further comprise determining a status of the third apparatus, and means for transmitting, to at least one of the second apparatus and the fourth apparatus, information on the status of the third apparatus.
In some embodiments, the apparatus may further comprise means for receiving, from at least one of the third apparatus, the fourth apparatus, and the fourth apparatus, information on usage of the third apparatus.
In a fifteenth aspect, an apparatus is disclosed. The apparatus may comprise means for receiving, at the apparatus as a first apparatus and from a second apparatus, at least one of an access configuration for a third apparatus of a user and an indication of the access  configuration, and acceptance of the access configuration by another user, means for receiving, at the first apparatus, a request from the another user for a service of the third apparatus, means for determining, at the first apparatus, whether the service is allowed for the another user in the access configuration, and means for transmitting, at the first apparatus, the request to the third apparatus.
In some embodiments, the access configuration may comprise at least one of an identity of the third apparatus, a description of the third apparatus, one or more services of the third apparatus allowed for the another user, one or more services of the third apparatus denied for the another user, charging rate for the one or more services of the third apparatus allowed for the another user, and one or more actions of the third apparatus in response to one or more access attempts to the third apparatus by the another user.
In some embodiments, the apparatus may further comprise means for receiving, from the third apparatus, information on usage of the third apparatus, and means for reporting the information to the second apparatus.
In some embodiments, the apparatus may further comprise means for receiving, from the second apparatus, a request to monitor the third apparatus, and means for verifying whether the second apparatus is authorized by the user.
In some embodiments, the apparatus may further comprise means for determining whether time assigned to the another user for using the third apparatus is ended, and means for transmitting, to the second apparatus, information on that the time assigned to the another user for using the third apparatus is ended.
In a sixteenth aspect, a computer readable medium is disclosed. The computer readable medium may comprise instructions stored thereon for causing a first apparatus to perform transmitting, to a second apparatus, at least one of an access configuration for a third apparatus of the user and an indication of the access configuration, and receiving, from the second apparatus, information on usage of the third apparatus by another user at least partly according to the access configuration.
In some embodiments, the access configuration may comprise at least one of an identity of the third apparatus, a description of the third apparatus, one or more services of the third apparatus allowed for the another user, one or more services of the third apparatus denied  for the another user, charging rate for the one or more services of the third apparatus allowed for the another user, and one or more actions of the third apparatus in response to one or more access attempts to the third apparatus by the another user.
In some embodiments, the instructions may further cause the first apparatus to perform transmitting, to the second apparatus, an authentication for granting the second apparatus permission to access data of the third apparatus.
In some embodiments, the instructions may further cause the first apparatus to perform receiving, from the second apparatus, information on at last one of a status of the third apparatus, service usage, and charging.
In some embodiments, the instructions may further cause the first apparatus to perform transmitting, to the second apparatus, an indication to stop sharing the third apparatus.
In a seventeenth aspect, a computer readable medium is disclosed. The computer readable medium may comprise instructions stored thereon for causing a first apparatus to perform receiving, from a second apparatus, at least one of an access configuration for a third apparatus of another user and an indication of the access configuration, and transmitting, to the second apparatus, a request to book the third apparatus according to the access configuration.
In some embodiments, the access configuration may comprise at least one of an identity of the third apparatus, a description of the third apparatus, one or more services of the third apparatus allowed for the user, one or more services of the third apparatus denied for the user, charging rate for the one or more services of the third apparatus allowed for the user, and one or more actions of the third apparatus in response to one or more access attempts to the third apparatus by the user.
In some embodiments, the instructions may further the first apparatus to perform transmitting, to the third apparatus, a request for a service of the third apparatus.
In some embodiments, the instructions may further the first apparatus to perform transmitting, to the second apparatus, information on usage of the third apparatus.
In some embodiments, the instructions may further the first apparatus to perform receiving, from the second apparatus, information on at least one of a status of the third apparatus, service usage, and charging.
In an eighteenth aspect, a computer readable medium is disclosed. The computer readable medium may comprise instructions stored thereon for causing apparatus of a user to perform receiving a request from another user for a service of the apparatus, and performing the service in a case where the service is allowed for the another user in an access configuration for the apparatus.
In some embodiments, the access configuration may comprise at least one of an identity of the apparatus, a description of the apparatus, one or more services of the apparatus allowed for the another user, one or more services of the apparatus denied for the another user, charging rate for the one or more services of the apparatus allowed for the another user, and one or more actions of the apparatus in response to one or more access attempts to the apparatus by the another user.
In some embodiments, the instructions may further the apparatus to perform storing the access configuration at the apparatus.
In some embodiments, the instructions may further the apparatus to perform determining, at the apparatus, whether the service is allowed for the another user in the access configuration.
In some embodiments, the instructions may further the apparatus to perform reporting information on usage of the apparatus.
In a nineteenth aspect, a computer readable medium is disclosed. The computer readable medium may comprise instructions stored thereon for causing a first apparatus to perform receiving, from a second apparatus of a user, at least one of an access configuration for a third apparatus of the user and an indication of the access configuration, transmitting at least one of the access configuration and the indication to a fourth apparatus of another user, receiving, from the fourth apparatus, a request to book the third apparatus according to the access configuration, transmitting the access configuration to at least one of the third apparatus and a fifth apparatus as a delegate apparatus of the third apparatus, and transmitting, to at least one of the second apparatus and the fourth apparatus, information on usage of the third apparatus by the another user at least partly according to the access configuration.
In some embodiments, the access configuration may comprise at least one of an  identity of the third apparatus, a description of the third apparatus, one or more services of the third apparatus allowed for the another user, one or more services of the third apparatus denied for the another user, charging rate for the one or more services of the third apparatus allowed for the another user, and one or more actions of the third apparatus in response to one or more access attempts to the third apparatus by the another user.
In some embodiments, the instructions may further the first apparatus to perform receiving, from the second apparatus, an authentication for granting the first apparatus permission to access data of the third apparatus, and transmitting, to at least one of the third apparatus and the fifth apparatus, a request to monitor the third apparatus.
In some embodiments, the instructions may further the first apparatus to perform determining a status of the third apparatus, and transmitting, to at least one of the second apparatus and the fourth apparatus, information on the status of the third apparatus.
In some embodiments, the instructions may further the first apparatus to perform receiving, from at least one of the third apparatus, the fourth apparatus, and the fourth apparatus, information on usage of the third apparatus.
In a twentieth aspect, a computer readable medium is disclosed. The computer readable medium may comprise instructions stored thereon for causing a first apparatus to perform receiving, from a second apparatus, at least one of an access configuration for a third apparatus of a user and an indication of the access configuration, and acceptance of the access configuration by another user, receiving a request from the another user for a service of the third apparatus, determining whether the service is allowed for the another user in the access configuration, and transmitting the request to the third apparatus.
In some embodiments, the access configuration may comprise at least one of an identity of the third apparatus, a description of the third apparatus, one or more services of the third apparatus allowed for the another user, one or more services of the third apparatus denied for the another user, charging rate for the one or more services of the third apparatus allowed for the another user, and one or more actions of the third apparatus in response to one or more access attempts to the third apparatus by the another user.
In some embodiments, the instructions may further the first apparatus to perform receiving, from the third apparatus, information on usage of the third apparatus, and reporting  the information to the second apparatus.
In some embodiments, the instructions may further the first apparatus to perform receiving, from the second apparatus, a request to monitor the third apparatus, and verifying whether the second apparatus is authorized by the user.
In some embodiments, the instructions may further the first apparatus to perform determining whether time assigned to the another user for using the third apparatus is ended, and transmitting, to the second apparatus, information on that the time assigned to the another user for using the third apparatus is ended.
BRIEF DESCRIPTION OF THE DRAWINGS
Some example embodiments will now be described, by way of non-limiting examples, with reference to the accompanying drawings.
FIG. 1 illustrates an example device sharing in an embodiment.
FIG. 2 illustrates an example system for secure device sharing in an embodiment.
FIG. 3 illustrates an example of actions of the system for secure device sharing in an embodiment.
FIG. 4 illustrates an example method for secure device sharing in an embodiment.
FIG. 5 illustrates an example user interface in an embodiment.
FIG. 6 illustrates in an example apparatus for secure device sharing in an embodiment.
FIG. 7 illustrates an example apparatus for secure device sharing in an embodiment.
FIG. 8 illustrates an example method for secure device sharing in an embodiment.
FIG. 9 illustrates an example user interface in an embodiment.
FIG. 10 illustrates an example apparatus for secure device sharing in an embodiment.
FIG. 11 illustrates an example apparatus for secure device sharing in an  embodiment.
FIG. 12 illustrates an example method for secure device sharing in an embodiment.
FIG. 13 illustrates an example apparatus for secure device sharing in an embodiment.
FIG. 14 illustrates an example apparatus for secure device sharing in an embodiment.
FIG. 15 illustrates an example apparatus for secure device sharing in an embodiment.
FIG. 16 illustrates an example method for secure device sharing in an embodiment.
FIG. 17 illustrates an example of the access configuration in an embodiment.
FIG. 18 illustrates an example apparatus for secure device sharing in an embodiment.
FIG. 19 illustrates an example apparatus for secure device sharing in an embodiment.
FIG. 20 illustrates an example of actions of the system for secure device sharing in an embodiment.
FIG. 21 illustrates an example of actions of the system for secure device sharing in an embodiment.
FIG. 22 illustrates an example of actions of the system for secure device sharing in an embodiment.
FIG. 23 illustrates an example method for secure device sharing in an embodiment.
FIG. 24 illustrates an example of actions of the system for secure device sharing in an embodiment.
FIG. 25 illustrates an example apparatus for secure device sharing in an embodiment.
FIG. 26 illustrates an example apparatus for secure device sharing in an embodiment.
DETAILED DESCRIPTION
FIG. 1 illustrates an example application scenario based on IoT in an embodiment, where a user 110 (also called as Owner herein) owns an IoT device 120 such as a vehicle, a drone, a home appliance, and so on, and another user 130 (also called as Renter herein) wants to use the IoT device 120 of the user 110. As illustrated in FIG. 1, the user 130 may request the user 110 to share the IoT device 120, and then may use the IoT device 120 after the user 110 agrees to share the IoT device 120. For example, such a procedure may be based on credential information exchange between the user 110 and the user 130, so that the user 130 may control or use the IoT device 120 based on a password or an access token provided by the user 110.
However, the user 130 holding the password or access token from the user 110 may have full control of the IoT device 120, which may lead to an unsecure sharing of the IoT device 120. For example, if the IoT device 120 is a vehicle, there may be more and more value-added services/functionalities provided on the vehicle besides driving, such as entertainment service, automatic driving service, emergency rescue service, and so on. However, the user 130 holding the password or access token from the user 110 may perform one or more services/functionalities which the user 110 does not expect to share, for example when the user 130 violates the agreement with the user 110.
FIG. 2 illustrates an example system 200 for secure device sharing in an example embodiment, where the example system 200 may include a user equipment (UE) 210 of the user 110 (also called as Owner UE or an apparatus 210 herein) , a UE 230 of the user 130 (also called as Renter UE or an apparatus 230 herein) , a server 220 (also called as an apparatus 220 herein) , a capability exposure network element 240 (also called as an apparatus 240 herein) , a data management network element 250 (also called as an apparatus 250 herein) , a mobility management network element 260 (also called as an apparatus 260 herein) , and the IoT device 120 (also called as an apparatus 120 herein) .
In various embodiments, the Owner UE 210 (also called as the apparatus 210 herein) may be any suitable apparatus on which the user 110 may operate to perform one or more expected applications/functions, such as publishing and/or updating information on  sharing the IoT device 120 and/or an indication to sharing the IoT device 120, receiving and showing information on usage and/or charging and/or status of the IoT device 120, controlling the IoT device 120, or the like, or may be at least a part of such apparatus. For example, the apparatus 210 may communicate (transmit and/or receive) information with one or more another apparatuses in the example system 200, such as the  apparatuses  230, 220, 240, 120 and so on, in either wireless or wired manner, either directly or indirectly, based on any one or more suitable protocols, for example based on Long Term Evolution (LTE) system, New Radio (NR or 5G) system, or the like. In various embodiments, the examples of the apparatus 210 may include, but are not limited to, a smart phone, a tablet computer, a desktop computer, and so on.
Similar to the apparatus 210, in various embodiments, the Renter UE 230 (also called as the apparatus 230 herein) may be any suitable apparatus on which the user 130 may operate to perform one or more expected applications/functions, such as searching and viewing information on sharing the IoT device 120, requesting to use the IoT device 120, receiving and showing information on usage and/or charging and/or status of the IoT device 120, requesting a service of the IoT device 120, or the like, or may be at least a part of such apparatus. For example, the apparatus 230 may also communicate (transmit and/or receive) information with one or more another apparatuses in the example system 200, such as the  apparatuses  210, 220, 240, 120 and so on, in either wireless or wired manner, either directly or indirectly, based on any one or more suitable protocols, for example based on LTE system, NR system, or the like. In various embodiments, the examples of the apparatus 230 may include, but are not limited to, a smart phone, a tablet computer, a desktop computer, and so on.
In various embodiments, the IoT device 120 (also called as the apparatus 120 herein) may be any suitable apparatus owned by the user 110, which may be connected and/or accessed via IoT and may perform one or more expected applications/functions such as responding a service request, providing a requested service, or the like, or may be at least a part of such apparatus. For example, the IoT device 120 may include one or more 3rd Generation Partnership Project (3GPP) protocol entities, and may function as another UE of the user 110. For example, the apparatus 120 may communicate (transmit and/or receive) information with one or more another apparatuses in the example system 200, such as the  apparatuses  110, 240, 260, and so on, in either wireless or wired manner, either directly or indirectly, based on any  one or more suitable protocols, for example based on LTE system, NR system, or the like. As described above, the examples the IoT device 120 may include, but are not limited to, a vehicle, a drone, a home appliance, a smart phone, a computer, a server, and so on.
In various embodiments, the server 220 (also called as the apparatus 220 herein) may be configured to communicate with one or more another apparatuses in the example system 200 such as the  apparatuses  210, 230, 240, and so on, in either wireless or wired manner, either directly or indirectly, based on any one or more suitable protocols, for example based on LTE system, NR system, or the like, and to perform one or more expected functions such as accessing to one or more monitored/used services, evaluating the monitored/used services, evaluating one or more allowable services, or the like. In an embodiment, the apparatus 220 may include or may be configured to provide one or more functions of an Application Server (AS) or a Services Capability Server (SCS) for example as defined in 3GPP Technical Standard (TS) 23.682. For example, the apparatus 220 may be at least a part of the AS and/or SCS. In an embodiment, the apparatus 220 may be implemented or configured in any suitable manners. For example, the apparatus 220 may include or provide a decentralized ledger system based on for example blockchain, IOTA, and so on, so that the incorruptibility of the decentralized ledger system may be utilized to achieve information immutability, reliability, auditability and so on.
In various embodiments, the capability exposure network element 240 (also called as the apparatus 240 herein) may be configured to communicate with one or more another apparatuses in the example system 200 such as the  apparatuses  210, 220, 230, 250, 260, and so on, in either wireless or wired manner, either directly or indirectly, based on any one or more suitable protocols, for example based on LTE system, NR system, or the like, and to perform one or more expected functions such as configuring and/or communicating (transmitting and/or receiving) data. In an embodiment, the example system 200 may be implemented based on LTE system, and the apparatus 240 may include or may be configured to provide one or more functions of Service Capability Exposure Function (SCEF) network element. For example, the apparatus 240 may be at least a part of the SCEF network element. In an embodiment, the example system 200 may be implemented based on NR system, and the apparatus 240 may include or may be configured to provide one or more functions of Network  Exposure Function (NEF) network element. For example, apparatus 240 may be at least a part of the NEF network element.
In various embodiments, the data management network element 250 (also called as the apparatus 250 herein) may be configured to communicate with one or more another apparatuses in the example system 200 such as the  apparatuses  240, 260, and so on, in either wireless or wired manner, either directly or indirectly, based on any one or more suitable protocols, for example based on LTE system, NR system, or the like, and to perform one or more expected functions such as storing and maintaining user data, evaluating the usage and/or selection of services, providing provisioning capability to restrict the type of services, receiving events for example due to activities of the  apparatuses  120 and 230, configuring and/or reporting the collected data and changes, and so on. In an embodiment, the example system 200 may be implemented based on LTE system, and the apparatus 250 may include or may be configured to provide one or more functions of Home Subscriber Server (HSS) network element. For example, the apparatus 250 may be at least a part of the HSS network element. In an embodiment, the example system 200 may be implemented based on NR system, and the apparatus 250 may include or may be configured to provide one or more functions of Unified Data Management (UDM) network element. For example, apparatus 250 may be at least a part of the UDM network element.
In various embodiments, the mobility management network element 260 (also called as the apparatus 260 herein) may be configured to communicate with one or more another apparatuses in the example system 200 such as the  apparatuses  240, 250, 120, and so on, in either wireless or wired manner, either directly or indirectly, based on any one or more suitable protocols, for example based on LTE system, NR system, or the like, and to perform one or more expected functions such as providing Non-Access Stratum (NAS) connectivity to the  apparatuses  230 and 120, and so on. In an embodiment, the example system 200 may be implemented based on LTE system, and the apparatus 260 may include or may be configured to provide one or more functions of Mobility Management Entity (MME) network element, for example serving the IoT device 120. For example, the apparatus 260 may be at least a part of the MME network element. In an embodiment, the example system 200 may be implemented based on NR system, and the apparatus 260 may include or may be configured to provide one  or more functions of Access and Mobility Management Function (AMF) network element, for example serving the IoT device 120. For example, apparatus 260 may be at least a part of the AMF network element.
Based on the example system 200, for example as illustrated in FIG. 3, when the user 110 offers the IoT device 120 for sharing (e.g. for rent) , the user 110 may operate on the apparatus 210 to transmit an access configuration for the IoT device 120 and/or an indication of the access configuration for the IoT device 120 to the apparatus 220. In various embodiments, for example, the access configuration for the IoT device 120 may include, but is not limited to, one or more of an identity of the IoT device 120, a description of the IoT device 120, one or more services of the IoT device 120 allowed for one or more another users such as the user 130, one or more services of the IoT device 120 denied or restricted for one or more another users such as the user 130, charging rate for the one or more services of the IoT device 120 allowed for one or more another users such as the user 130, one or more actions of the IoT device 130 in response to one or more access attempts to the IoT device 120 by one or more another users such as the user 130, and so on.
Then, as illustrated in FIG. 3, when the user 130 wants to use (for example, to rent) the IoT device 120 of the user 110, for example, the user 130 may operate on the apparatus 230 to obtain from the apparatus 220 the access configuration for the IoT device 120, and then to transmit to the apparatus 220 a request to book the IoT device 120. The apparatus 220 may handle the booking request from the user 130. For example, the apparatus 220 may transmit the access configuration for the IoT 120, which has been confirmed by the user 130 via the apparatus 230, to the apparatus 250 and the apparatus 260 serving the IoT device 120.
Then, the user 130 may request one or more services of the IoT device 120. In an example, the user 130 may transmit the service request via the apparatus 230. In another example, the user may also operate on the IoT device 120 (e.g. a controller such as a control panel of the IoT device 120) to request one or more services directly to the IoT device 120. Then, the apparatus 240 may determine whether the requested service is allowed for the user 130 in the access configuration for the IoT 120 which has been confirmed by the user 130. For example, if the request service is allowed, the service request may be transmitted to the IoT device 120, for example through collaboration among the  apparatuses  240, 250 and 260.  Further, as illustrated in FIG. 3, the apparatus 230 may also transmit, to at least one of the  apparatuses  210 and 230, information on the usage of the IoT device 120 by the user 130.
Through the example system 200, the operations/actions of the user 130 on the IoT device 120 of the user 110 may be controlled according to the access configuration for the IoT device 120, which may be initially configured by the user 110 and be later confirmed by the user 130. For example, the service request, which is denied in the access configuration, may be rejected by example system 200, so that secure device sharing may be achieved.
It is appreciated that various apparatuses in the example system 200 and collaboration among these apparatuses may be not limited to the above examples. For example, the example system 200 may also include one or more another apparatuses or network elements or network functions which are not illustrated in FIG. 2, such as Machine Type Communications-Interworking Function (MTC-IWF) as defined in 3GPP TS 23.682, for example. Moreover, in different embodiments, several apparatuses in the example system 200 may be combined; an apparatus in the example system 200 may also be implemented in several parts; one or more functions of an apparatus may be implemented in another apparatus or may be omitted; or the like. For example, communications among various apparatuses in the example system 200 may be real-time communications; any suitable communication technology may be adopted, such as Ultra-reliable and Low Latency Communications (URLLC) , Enhanced Mobile Broadband (eMMB) , and Massive Machine Type Communication (mMTC) ; the  apparatuses  250 and 260 may be implemented as a part of the apparatus 240; in a case where the apparatus 220 is implemented based on a decentralized ledger system, a part of functions such as data storage and maintenance may be implemented in the apparatus 220; a part of functions of the  apparatuses  240, 250 and 260 may be also implemented in the IoT device 120; the IoT device 120 may keep the access configuration and determine whether a service request is allowed by itself; or the like. For example, in some embodiments, real-time communication to meet URLLC latency and reliability needs may be allowed or made selectable to renters, such as the user 130, who will rent the IoT device 120 (e.g. vehicle, semi-autonomous, autonomous vehicle, vehicle, drone, robot for controlling navigation, or the like) .
More details of the apparatuses in the example system 200 and more examples  of the the example system 200 will be described below. It is appreciated that one or more aspects and/or features of one or more apparatuses in the example system 200 may be also applied to or implemented in or combined with another one or more another apparatuses in the example system 200. Thus, for concise description, one or more aspects and/or features of one or more apparatuses in the example system 200 may be described briefly or omitted if such one or more aspects and/or features have been described with respect to one or more another apparatuses in the example system 200.
FIG. 4 illustrates an example method 400 for secure device sharing in an embodiment, which may be performed in the apparatus 210 (the Owner UE) of the user 110.
As illustrated in FIG. 4, the example method 400 may include a step 410 of transmitting, to the apparatus 220, at least one of an access configuration for the IoT device 120 of the user 110 and an indication of the access configuration, and a step 420 of receiving, from the apparatus 220, information on usage of the IoT device 120 by the user 130 at least partly according to the access configuration.
As describe above, the access configuration for the IoT device 120 may include, but is not limited to, one or more of an identity of the IoT device 120, a description of the IoT device 120, one or more services of the IoT device 120 allowed for one or more another users such as the user 130, one or more services of the IoT device 120 denied or restricted for one or more another users such as the user 130, charging rate for the one or more services of the IoT device 120 allowed for one or more another users such as the user 130, one or more actions of the IoT device 130 in response to one or more access attempts to the IoT device 120 by one or more another users such as the user 130, and so on.
For example, an Owner UE Application (APP) may be installed on the apparatus 210 (Owner UE) , and the user 110 may operate on the apparatus 210, for example by operating the Owner UE APP, to control the IoT device 120 based on any suitable protocols such as those defined in 3GPP TS 23.682.
FIG. 5 illustrates an example user interface (UI) 510 of the Owner UE APP running on the apparatus 210. As illustrated in FIG. 5, various options/information of the access configuration 520 for the IoT device 120, which the user 110 may confirm or fill in or update, may be shown/listed on the example UI 510, such as “IoT Device ID” where the user  110 may fill or confirm or update an identity of the IoT device 120 (e.g. a string, a serial code, a quick response code, and so on, which may identify the IoT device 120, ownership information, and so on) , “IoT Device Info” where the user 110 may fill or confirm or update a description of the IoT device 120 (e.g. word description on the type, condition, production date, and so on of the IoT device 120, and/or one or more pictures of the IoT device 120) , “Access Criteria” where the user 110 may fill or confirm or update which service of the IoT device 120 is allowed/denied/restricted for another user such as the user 130, “Access Rule” where the user 110 may fill or confirm or update actions of the example system 200 for one or more access attempts of another user such as the user 130 on the IoT device 120 (e.g. reporting the one or more access attempts of another user such as the user 130 on the IoT device 120 and results to the apparatus 220, showing such information on the apparatus 210, transmitting warning to the apparatus 230, and so on) , “Charging Rule” the user 110 may fill or confirm or update the charging rate for one or more services of the IoT device 120 requested by another user such as user 130 (e.g. the user 130 should pay $1 per minute for the time window between turning on and turning off the IoT device 120) , and so on.
After the user 110 fills/confirms/updates the access configuration for the IoT device 120, the user 110 may press the button “Publish” on the example UI 510 to offer the IoT device 120 for sharing, so that the step 410 of the example method 400 may be performed in the apparatus 210 to transmit the access configuration for the IoT device 120 to the apparatus 220. The user 110 may also press the button “Cancel” on the example UI 510 to cancel one or more actions/operations applied on the example UI 510, for example to cancel filling/confirming/updating the access configuration.
It is appreciated that FIG. 5 is an example of the UI of the owner UE APP running on the apparatus 210. For example, one or more another options, such as the address of the MTC-IWF or SCEF in operator network which is serving the communication of the IoT device 120, may be included in the access configuration and may be edited through the UI of the owner UE APP running on the apparatus 210; one or more another UI screens may be provided by the owner UE APP, and any suitable layout of comments may be applied to the UI of the owner UE APP; one or more another buttons such as a button for stopping sharing the IoT device 120 may be provided; one or more buttons in the example UI 510 such as “Cancel”  may be removed from the example UI 510 or may be moved to another UI screen of the owner UE APP; or the like.
In an embodiment, the user 110 may operate on the apparatus 210 to obtain the access configuration for the IoT device 120 from the apparatus 220, and to confirm or update the access configuration for the IoT device 120. Thus, for example, the changed part of the updated access configuration for the IoT device 120 may be transmitted from the apparatus 210 to the apparatus 220 differentially, so as to reduce the amount of data to be transferred. In an embodiment, an application may be deployed on network, for example on one or more of the  apparatuses  220, 240, 250, and 260, which may configure or provide the access configuration for the IoT device 120 on behalf of the user 110. Then, in the step 410, an indication of the access configuration for the IoT device 120 may be transmitted from the apparatus 210 to the apparatus 220.
Then, the apparatus 210 may perform the step 420 to receive, from the apparatus 220, information on usage of the IoT device 120 by the user 130. For example, such information on usage of the IoT device 120 by the user 130 may include, but is not limited to, one or more of information on when and/or where the user 130 performs what actions and/or requests what services on/for the IoT device 120, information on the user 130 (e.g. an identity or credit of the user 130, and so on) , information on the real-time location of the IoT device 120, information on the real-time condition of the IoT device 120, and so on. For example, the owner UE APP running on the apparatus 210 may also provide a screen to show such information.
Through the access configuration for the IoT device 120, the actions of the user 130 on the IoT device 120 of the user 110 may be controlled and monitored, and thus the IoT device 120 of the user 110 may be shared securely to the user 130.
In addition to the  steps  410 and 420, in an embodiment, the example method 400 may also include receiving, from the apparatus 220, information on at least one of a status of the IoT device 120 (e.g. whether the IoT device 120 is being used by another user, whether the IoT device 120 is now ready for sharing, and so on) , service usage (e.g. remaining time window for the user 130 to use the IoT device 120, the service list user 130 requested, and so on) , charging (e.g. fees paid by the user 130 before or during or after using the IoT device 120) ,  and so on. In an embodiment, the example method 400 may further include transmitting, to the apparatus 220, an indication to stop or re-start sharing the IoT device 120, so that the user 110 may control whether and when to share the IoT device 120.
In an embodiment, the example method 400 may also include transmitting, to the apparatus 220, an authentication for granting the apparatus 220 permission to access data of the IoT device 120. In an embodiment, such authentication may be transmitted in the step 410 together with the access configuration for the IoT device 120. For example, such authentication may be a token for the apparatus 220 which is associated with the access configuration for the IoT device 120, through which the apparatus 220 may be enabled to access information (e.g. monitoring or monitored data) of the IoT device 120. More details with respect to the authentication will be described later.
For example, the communication between the apparatus 210 and one or more another apparatuses in the example system 200 such as the  apparatus  220, 240, and so on may be real-time communication based at least partly on type of activity and/or service associated with IoT device 120. For example, besides the apparatus 220, communication associated with the apparatus 210 may also include communication towards or from one or more another apparatus in the example system 200 such as the apparatus 230 (the Renter UE) , for example by using URLLC. Moreover, an activity or action of the user 130 on the IoT device 120 may relate to one or more services of the IoT device 120. In some embodiments, the activity or action of the user 130 on the IoT device 120 may relate one or more location-based services, for example in a scenario of Augmented Reality (AR) or Virtual Reality (VR) .
FIG. 6 illustrates an example of the apparatus 210. As shown in FIG. 6, the apparatus 210 may include at least one processor 610 and at least one memory 620 that may include computer program code 630. The at least one memory 620 and the computer program code 630 may be configured to, with the at least one processor 610, cause the apparatus 210 at least to perform at least the steps of the example method 400 described above.
In various example embodiments, the at least one processor 610 in the apparatus 210 may include, but is not limited to, at least one hardware processor, including at least one microprocessor such as a central processing unit (CPU) , a portion of at least one hardware processor, and any other suitable dedicated processor such as those developed based on for  example Field Programmable Gate Array (FPGA) and Application Specific Integrated Circuit (ASIC) . Further, the at least one processor 610 may also include at least one other circuitry or element not shown in FIG. 6.
In various example embodiments, the at least one memory 620 in the apparatus 210 may include at least one storage medium in various forms, such as a volatile memory and/or a non-volatile memory. The volatile memory may include, but not limited to, for example, a random-access memory (RAM) , a cache, and so on. The non-volatile memory may include, but not limited to, for example, a read only memory (ROM) , a hard disk, a flash memory, and so on. Further, the at least memory 620 may include, but are not limited to, an electric, a magnetic, an optical, an electromagnetic, an infrared, or a semiconductor system, apparatus, or device or any combination of the above.
Further, in various example embodiments, the apparatus 210 may also include at least one other circuitry, element, and interface, for example at least one I/O interface, at least one antenna element, and the like. For example, the apparatus 210 may also include a display circuit and a display panel configured to display the example UI 510 of the owner UE APP described above. In various example embodiments, the circuitries, parts, elements, and interfaces in the example apparatus 210, including the at least one processor 610 and the at least one memory 620, may be coupled together via any suitable connections including, but are not limited to, buses, crossbars, wiring and/or wireless lines, in any suitable ways, for example electrically, magnetically, optically, electromagnetically, and the like.
FIG. 7 illustrates another example of the apparatus 210. As shown in FIG. 7, the apparatus 210 may include means 710 for performing the step 410 of the example method 400 and means 720 for performing the step 420 of the example method 400. In one or more another example embodiments, at least one I/O interface, at least one antenna element, and the like may also be included in the apparatus 210. In one or more another example embodiments, the apparatus 210 may further include one or more means for performing one or more additional steps in the example method 400.
In some example embodiments, examples of  means  710 and 720 may include circuitries. For example, an example of means 710 may include a circuitry configured to perform the step 410 of the example method 400, and an example of means 720 may include a  circuitry configured to perform the step 420 of the example method 400. In some example embodiments, examples of means may also include software modules and any other suitable function entities.
The term “circuitry” throughout this disclosure may refer to one or more or all of the following: (a) hardware-only circuit implementations (such as implementations in only analog and/or digital circuitry) ; (b) combinations of hardware circuits and software, such as (as applicable) (i) a combination of analog and/or digital hardware circuit (s) with software/firmware and (ii) any portions of hardware processor (s) with software (including digital signal processor (s) ) , software, and memory (ies) that work together to cause an apparatus, such as a mobile phone or server, to perform various functions) ; and (c) hardware circuit (s) and or processor (s) , such as a microprocessor (s) or a portion of a microprocessor (s) , that requires software (e.g., firmware) for operation, but the software may not be present when it is not needed for operation. This definition of circuitry applies to one or all uses of this term in this disclosure, including in any claims. As a further example, as used in this disclosure, the term circuitry also covers an implementation of merely a hardware circuit or processor (or multiple processors) or portion of a hardware circuit or processor and its (or their) accompanying software and/or firmware. The term circuitry also covers, for example and if applicable to the claim element, a baseband integrated circuit or processor integrated circuit for a mobile device or a similar integrated circuit in server, a cellular network device, or other computing or network device.
It is appreciated that the implementation/structure of the apparatus 210 is not limited to the above examples.
FIG. 8 illustrates an example method 800 for secure device sharing in an embodiment, which may be performed in the apparatus 230 (the Renter UE) of the user 130.
As illustrated in FIG. 8, the example method 800 may include a step 810 of receiving, from the apparatus 220, at least one of an access configuration for the IoT device 120 of the user 110 and an indication of the access configuration, and a step 820 of transmitting, to the apparatus 220, a request to book the IoT device 120 according to the access configuration.
For example, the access configuration for the IoT device 120 may include, but is  not limited to, one or more of an identity of the IoT device 120, a description of the IoT device 120, one or more services of the IoT device 120 allowed for one or more another users such as the user 130, one or more services of the IoT device 120 denied or restricted for one or more another users such as the user 130, charging rate for the one or more services of the IoT device 120 allowed for one or more another users such as the user 130, one or more actions of the IoT device 130 in response to one or more access attempts to the IoT device 120 by one or more another users such as the user 130, and so on.
For example, a Renter UE APP may be installed on the apparatus 230 (Renter UE) , and the user 130 may operate on the apparatus 230, for example by operating the Renter UE APP, to search and check available IoT devices. In an embodiment, for using the service, the Renter UE APP may be downloaded into or updated in the apparatus 230 (e.g. a s mart phone or the like) . Then, for example, the Renter UE APP may provide tailored service for the user 130 to use the IoT device 120. For example, downloading or updating of the Renter UE APP may occur after the service is accepted. In an embodiment, the downloading or updating of the Renter UE APP may occur when the service time begins. When the service time is in the end, for example, the Renter UE APP and/or its collected data may be uploaded for example to the apparatus 220 and/or the apparatus 250, or may be deleted or denied to be used to control the IoT device 120 in the apparatus 230. FIG. 9 illustrates an example UI 910 of the Renter UE APP running on the apparatus 230. As illustrated in FIG. 9, the user 130 may use the apparatus 230 to obtain one or more IoT devices shared by other users, where the “IoT device #5” may correspond to the IoT device 120 or the user 110. Then, for example, the apparatus 230 may perform the step 810 in response to a click of the user 130 on the link of the “IoT device #5” , so as to obtain the access configuration for IoT device 120. For example, the obtained access configuration for IoT device 120 may be displayed in another screen of the example UI 910 of the Renter UE APP. After checking the access configuration for IoT device 120, the user 130 may click the button “Rent” on the example UI 910 so that the apparatus 230 may perform the step 820 of the example method 800 to book the IoT device 120. The user 130 may also press the button “Cancel” on the example UI 910 to cancel one or more actions/operations applied on the example UI 910, for example to cancel renting IoT devices.
It is appreciated that FIG. 9 is an example of the UI of the Renter UE APP running on the apparatus 230. For example, the Renter UE APP may also request the user 130 to upload information of identity or credit card, or request the user 130 to provide information on the purpose of using the IoT device 120 and/or an estimated time window for using the IoT device 120, or the like.
In an embodiment, the user 130 may provide usage requirement via the apparatus 230, for example by inputting information on the usage requirement via the example UI 910 of the Renter UE APP. Then, the usage requirement may be formalized and transmitted from the apparatus 230 to the apparatus 220. For example, an application may be deployed on network, for example on one or more of the  apparatuses  220, 240, 250, and 260, which may match the formalized usage requirement of the user 130 and access configurations of one or more IoT devices which have been offered for sharing/rent, for example based on any suitable technologies such as artificial intelligence (AI) technology. In an embodiment, the user 130 may request to use an IoT device which has been used before and corresponding access configuration has been cached locally in the apparatus 230. Then, in the step 810, an indication of the access configuration for the IoT device 120 may be received from the apparatus 230 to the apparatus 220.
In various embodiments, the request to book the IoT device 120, which is transmitted in the step 920, may include one or more parameters such as an identity of the IoT device 120, time window of using the IoT device 120, one or more requested/expected services of the IoT device 120, and so on.
Through the access configuration for the IoT device 120, the actions of the user 130 on the IoT device 120 of the user 110 may be controlled and monitored, and thus the IoT device 120 of the user 110 may be shared securely to the user 130.
In an embodiment, the user 130 may operate on the IoT device 120 after booking the IoT device 120. For example, if the IoT device 120 is a vehicle, the user 130 may start the engine of the vehicle and control the vehicle through the steering wheel, joystick and/or control panel of the vehicle. In an embodiment, the user 130 may request service of the IoT device 120 via the apparatus 230. Then, the example method 900 may also include transmitting a request for one or more services of the IoT device 120, to the IoT device 120, for  example via at least one of the  apparatuses  240, 250, and 260 in the example system 200.
In an embodiment, the example method 800 may also include transmitting, to the apparatus 220, information on usage of the IoT device 120. In an embodiment, the example method 800 may also include receiving, from the apparatus 220, one or more of a status of the IoT device 120 (e.g. whether the IoT device 120 is being used by another user, whether the IoT device 120 is now ready for sharing, and so on) , service usage (e.g. remaining time window for the user 130 to use the IoT device 120, and so on) , charging (e.g. fees paid by the user 130 before or during or after using the IoT device 120) , and so on.
For example, the communication between the apparatus 230 and one or more another apparatuses in the example system 200 such as the  apparatus  210, 240, and so on may be real-time communication based at least partly on type of activity and/or service associated with IoT device 120. For example, an activity or action of the user 130 on the IoT device 120 may relate to one or more services of the IoT device 120. In some embodiments, the activity or action of the user 130 on the IoT device 120 may relate one or more location-based services, for example in a scenario of AR or VR.
FIG. 10 illustrates an example of the apparatus 230. As shown in FIG. 10, the apparatus 230 may include at least one processor 1010 and at least one memory 1020 that may include computer program code 1030. The at least one memory 1020 and the computer program code 1030 may be configured to, with the at least one processor 1010, cause the apparatus 230 at least to perform at least the steps of the example method 800 described above.
In various example embodiments, the at least one processor 1010 in the apparatus 230 may include, but is not limited to, at least one hardware processor, including at least one microprocessor such as a CPU, a portion of at least one hardware processor, and any other suitable dedicated processor such as those developed based on for example FPGA and ASIC. Further, the at least one processor 1010 may also include at least one other circuitry or element not shown in FIG. 10.
In various example embodiments, the at least one memory 1020 in the apparatus 230 may include at least one storage medium in various forms, such as a volatile memory and/or a non-volatile memory. The volatile memory may include, but not limited to, for example, a RAM, a cache, and so on. The non-volatile memory may include, but not limited  to, for example, a ROM, a hard disk, a flash memory, and so on. Further, the at least memory 1020 may include, but are not limited to, an electric, a magnetic, an optical, an electromagnetic, an infrared, or a semiconductor system, apparatus, or device or any combination of the above.
Further, in various example embodiments, the apparatus 230 may also include at least one other circuitry, element, and interface, for example at least one I/O interface, at least one antenna element, and the like. For example, the apparatus 230 may also include a display circuit and a display panel configured to display the example UI 910 of the owner UE APP described above. In various example embodiments, the circuitries, parts, elements, and interfaces in the example apparatus 230, including the at least one processor 1010 and the at least one memory 1020, may be coupled together via any suitable connections including, but are not limited to, buses, crossbars, wiring and/or wireless lines, in any suitable ways, for example electrically, magnetically, optically, electromagnetically, and the like.
FIG. 11 illustrates another example of the apparatus 230. As shown in FIG. 11, the apparatus 230 may include means 1110 for performing the step 810 of the example method 800 and means 1120 for performing the step 820 of the example method 800. In one or more another example embodiments, at least one I/O interface, at least one antenna element, and the like may also be included in the apparatus 230. In one or more another example embodiments, the apparatus 230 may further include one or more means for performing one or more additional steps in the example method 800.
In some example embodiments, examples of means 1110 and 1120 may include circuitries. For example, an example of means 1110 may include a circuitry configured to perform the step 810 of the example method 800, and an example of means 1120 may include a circuitry configured to perform the step 820 of the example method 1100. In some example embodiments, examples of means may also include software modules and any other suitable function entities.
It is appreciated that the implementation/structure of the apparatus 230 is not limited to the above examples.
FIG. 12 illustrates an example method 1200 for secure device sharing in an embodiment, which may be performed in the apparatus 220 (the server) .
As illustrated in FIG. 12, the example method 1200 may include a step 1210 of  receiving, from the apparatus 210 of the user 110, at least one of the access configuration for the IoT device 120 of the user 110 and an indication of the access configuration, a step 1220 of transmitting at least one of the access configuration and the indication to the apparatus 230 of the user 130, a step 1230 of receiving from the apparatus 230 of the user 130, a request to book the IoT device 120 according to the access configuration, a step 1240 of transmitting the access configuration to at least one of the IoT device 120 and the apparatus 240 as a delegate apparatus of the IoT device 120, and a step 1250 of transmitting, to at least one of the apparatus 210 and the apparatus 230, information on usage of the IoT device 120 by the user 130 at least partly according to the access configuration.
The apparatus 220 may perform the step 1210 to cooperate with the apparatus 210 performing the step 410 of the example method 400, may perform the  steps  1220 and 1230 to cooperate with the apparatus 230 performing the  steps  810 and 820 of the example method 800, and may perform the step 1250 to cooperate with at least the apparatus 210 performing the step 420 of the example method 400. In addition, in the step 1250, the apparatus 220 may also transmit the information on usage of the IoT device 120 by the user 130 to the apparatus 230 of the user 130, so that the user 130 may be also able to review and track actions/activities on the IoT device 120 and related fees/costs and so on.
In an embodiment, the IoT device 120 may be configured to support functions such as maintaining the access configuration, performing business logic, and checking whether one or more services requested by the user 130 is allowed in the access configuration. Then, the apparatus 220 may transmit the access configuration to the IoT device 120 in the step 1240, for example via the apparatuses, 240, 250, and 260.
In an embodiment, the apparatus 240 or a combination including at least one of the  apparatuses  240, 250, and 260 may be configured to delegate the IoT device 120 to achieve the above example functions such as maintaining the access configuration, performing business logic, checking whether one or more services requested by the user 130 is allowed in the access configuration, and so on, where the apparatus 240 or the combination including at least one of the  apparatuses  240, 250, and 260 may be a delegate apparatus of the IoT device 120. Then, in the step 1240, the apparatus 220 may transmit the access configuration to the delegate apparatus of the IoT device 120, so that, for example, the example system 200 may be also  applied to both those IoT devices with constrained resources and those legacy IoT devices.
In various embodiments, the access configuration may include, but is not limited to, at least one of an identity of the IoT device 120, a description of the IoT device 120, one or more services of the IoT device 120 allowed for the user 130, one or more services of the IoT device 120 denied for the user 130, charging rate for the one or more services of the IoT device 120 allowed for the user 130, one or more actions of the IoT device 120 in response to one or more access attempts to the IoT device 120 by the user 130, and so on.
As described above, the apparatus 210 of the user 110 may also transmit an authentication for granting the apparatus 220 permission to access data of the IoT device 120. Correspondingly, in an embodiment, the example method 1200 performed by the apparatus 220 may also include receiving the authentication from the apparatus 210, and transmitting a request to monitor the IoT device 120 to the delegate apparatus of the IoT device 120 and/or to the IoT device 120 for example via at least one of the  apparatuses  240, 250, and 260. Thus, for example, unexpected/illegal attempts to control the IoT device 120 may be avoided or mitigated in the example system 200.
In an embodiment, the example method 1200 performed by the apparatus 220 may also include determining a status of the IoT device 120, and transmitting information on the status of the IoT device 120 to one or more of another apparatuses in the example system 200 including one or more of the  apparatuses  210, 230, 240, and so on.
For example, the apparatus 210 may update the status of the IoT device 120 to indicate that the IoT device 120 is ready for sharing (e.g. may be rent by one or more another users such as the user 130) , when the apparatus 220 receives, for example from the apparatus 240, a successful response to the request to monitor the IoT device 120. For example, the apparatus 210 may transmit the status of the IoT device 120 to the apparatus 220. For example, the apparatus 220 may update the status of the IoT device 120 automatically on behalf of the user 110, for example in a case where the user 110 grants the apparatus 220 via the apparatus 210 permission to update the status of the IoT device 120 on behalf of the user 110.
For example, when the apparatus 220 receives a request to book the IoT device 120 from the apparatus 230 of the user 130, the apparatus 220 may handle the booking request,  for example by transferring the booking request to the apparatus 210 of the user 110 and waiting for a decision feedback by the user 110 via the apparatus 210, or by handling the booking request on behalf of the user 110, for example based on local provisioning which may be provided for example in advance by the user 110 through the apparatus 210 or automatically or semi-automatically through AI technologies. If the booking request is rejected, for example because it does not meet the acceptable criteria defined by the user 110, the status of the IoT device 120 may be kept unchanged, for example; if the booking request is accepted, for example, the apparatus 220 may update the status of the IoT device 120 to indicate that the IoT device 120 is booked by the user 130; if the booking request is accepted with one or more conditions, for example, the apparatus 220 may update the status of the IoT device 120 to indicate that the IoT device 120 is booked conditionally by the user 130, or that the IoT device 120 is during a period of booking; or the like.
For example, during the usage of the IoT device 120 by the user 130, at least one of the apparatus 220, the IoT device 120, and the delegate apparatus of the IoT device 120 may be configured to perform operations such as monitoring the usage time of the IoT device 120 remained for the user 130, monitoring and check whether the one or more services requested by the user 130 is allowed in the access configuration for the IoT device 120, monitoring real-time location/condition of the IoT device 120, and so on. Thus, for example, if the accepted using time of the IoT device 120 for the user 130 ends or the IoT device 120 is turned off (e.g. the engine of a vehicle is stopped) either by user 130 or due to other causes such as failures, the apparatus 220 may notify such information for example to at least one of the  apparatuses  210 and 230, and may update the status of the IoT device 120 to indicate that the user 130 stops using the IoT device 120 and/or the IoT device 120 may be booked. For example, if the apparatus 220 determines, for example by means of at least one of the  apparatuses  240, 250, and 260, that the IoT device 120 is in failure or in an unexpected condition (e.g. the shared vehicle is driven onto a dangerous road) , the apparatus 220 may notify such information for example to the apparatuses 210 and/or 230 and even to organizations such as the Service Provider, Transportation Bureau, Public Security Bureau, Fire Bureau, and so on, and may update the status of the IoT device 120 to indicate such a condition.
For example, as described above, the user 110 may stop sharing the IoT device 120, and the apparatus 220 may receive, from the apparatus 210 of the user 110, an indication to stop sharing the IoT device 120. Then, for example, the apparatus 220 may terminate monitoring the IoT device 120, and may update the status of the IoT device 120 to indicate that the IoT device 120 is not shared, or may delete the IoT device 120 from a list including one or more IoT devices being shared and available for sharing so that the IoT device 120 will not be displayed for example on the example UI 910 of the Renter UE APP running on the apparatus 230 of the user 130.
In an embodiment, the example method 1200 performed by the apparatus 220 may also include receiving information on usage of the IoT device 120, for example from one or more of the  apparatuses  230, 240, and 120. Then, for example, the apparatus 220 may calculate the service usage to determine the charging information and so on, and may report information on the usage and charging of the IoT device 120 and so on to the apparatus 210 of the user 110.
FIG. 13 illustrates an example of the apparatus 220. As shown in FIG. 13, the apparatus 220 may include at least one processor 1310 and at least one memory 1320 that may include computer program code 1330. The at least one memory 1320 and the computer program code 1330 may be configured to, with the at least one processor 1310, cause the apparatus 220 at least to perform at least the steps of the example method 1200 described above.
In various example embodiments, the at least one processor 1310 in the apparatus 220 may include, but is not limited to, at least one hardware processor, including at least one microprocessor such as a CPU, a portion of at least one hardware processor, and any other suitable dedicated processor such as those developed based on for example FPGA and ASIC. Further, the at least one processor 1310 may also include at least one other circuitry or element not shown in FIG. 13.
In various example embodiments, the at least one memory 1320 in the apparatus 220 may include at least one storage medium in various forms, such as a volatile memory and/or a non-volatile memory. The volatile memory may include, but not limited to, for example, a RAM, a cache, and so on. The non-volatile memory may include, but not limited  to, for example, a ROM, a hard disk, a flash memory, and so on. Further, the at least memory 1320 may include, but are not limited to, an electric, a magnetic, an optical, an electromagnetic, an infrared, or a semiconductor system, apparatus, or device or any combination of the above.
Further, in various example embodiments, the apparatus 220 may also include at least one other circuitry, element, and interface, for example at least one I/O interface, at least one antenna element, and the like. In various example embodiments, the circuitries, parts, elements, and interfaces in the example apparatus 220, including the at least one processor 1310 and the at least one memory 1320, may be coupled together via any suitable connections including, but are not limited to, buses, crossbars, wiring and/or wireless lines, in any suitable ways, for example electrically, magnetically, optically, electromagnetically, and the like.
FIG. 14 illustrates another example of the apparatus 220. As shown in FIG. 14, the apparatus 220 may include means 1410 for performing the step 1210 of the example method 1200, means 1420 for performing the step 1220 of the example method 1200, means 1430 for performing the step 1230 of the example method 1200, means 1440 for performing the step 1240 of the example method 1200, and means 1450 for performing the step 1250 of the example method 1200. In one or more another example embodiments, at least one I/O interface, at least one antenna element, and the like may also be included in the apparatus 220. In one or more another example embodiments, the apparatus 220 may further include one or more means for performing one or more additional steps in the example method 1200.
In some example embodiments, examples of  means  1410, 1420, 1430, 1440, and 1450 may include circuitries. For example, an example of means 1410 may include a circuitry configured to perform the step 1210 of the example method 1200, an example of means 1420 may include a circuitry configured to perform the step 1220 of the example method 1200, an example of means 1430 may include a circuitry configured to perform the step 1230 of the example method 1200, an example of means 1440 may include a circuitry configured to perform the step 1240 of the example method 1200, and an example of means 1450 may include a circuitry configured to perform the step 1250 of the example method 1200. In some example embodiments, examples of means may also include software modules and any other suitable function entities.
It is appreciated that the implementation/structure of the apparatus 220 is not  limited to the above examples. For example, as described above, the apparatus 220 may be also implemented or configured based on a decentralized ledger system such as blockchain and IOTA.
FIG. 15 illustrates an example of the apparatus 220 which is implemented based on blockchain technology. Based on such apparatus 220, one or more functions/operations of the  apparatuses  240, 250, and 260 which have been described above and are to be described below, such as the maintenance and storage of the access configuration for the IoT device 120, may be implemented in the apparatus 220, so that less changes may be applied to the  apparatuses  240, 250, and 260, or even the  legacy apparatuses  240, 250, and 260 may be used in the example system 200.
In the example as shown in FIG. 15, a module 1520 (IoT Device Access Configuration Distributor) , a module 1530 (IoT Device Access Configuration Executor) , and a module 1540 (IoT Device Access Configuration Manager) may be implemented and deployed on the blockchain 1510. For example, the  modules  1510, 1520, and 1530 may be implemented as blockchain scripts which may be triggered periodically or in response to one or more specific events.
For example, the module 1520 may be triggered when receiving a new access configuration for the IoT device 120 or a request to update the access configuration for the IoT device 120 from the apparatus 210 of the user 110. After authentication of the ownership of the IoT device 120, the module 1520 may confirm with the user 110 the new or modified access configuration for the IoT device 120, for example via the apparatus 210, and may further transmit the access configuration for the IoT device 120 to the apparatus 240 and/or the IoT device 120.
For example, the module 1530 may check the report/information from at least one of the  apparatuses  230, 240, and 120, for example periodically, and may perform corresponding handling based on the access configuration for the IoT device 120, such as applying charging for the usage of the IoT device 120, handling event predefined in the access configuration for the IoT device 120, and so on.
For example, the module 1540 may perform provisioning local on the blockchain 1510. For example, the module 1540 may verify the consistency of data of the  IoT device 120 which is generated by one or more of the  apparatuses  120, 230, 240, and so on, and may notify the user 110, for example via the apparatus 210, when identifying inconsistency. Also, the module 1540 may be also configured to apply one or more predefined operations when identifying inconsistency, such as disabling the access configuration for the IoT device 120, marking suspicious data, and so on.
It is appreciated that the implementation of the apparatus 220 may be not limited to the above example. In an embodiment, the apparatus 220 may be also implemented based on any other suitable decentralized ledger system such as IOTA.
As described above, the operation of checking whether one or more service requests of the user 130 for the IoT device 120 are allowed in the access configuration for the IoT device 120 may be implemented in either the IoT device 120 or the delegate apparatus of the IoT device 120 (e.g. the apparatus 240, or a combination of one or more of the  apparatuses  240, 250, and 260, or the apparatus 220 in case where the apparatus 220 is implemented based on a decentralized ledger system) .
FIG. 16 illustrates an example method 1600 for secure device sharing in an embodiment, which may be performed in the apparatus 240, on behalf of the IoT device 120, to check whether one or more service requests of the user 130 for the IoT device 120 are allowed in the access configuration for the IoT device 120.
As illustrated in FIG. 16, the example method 1600 performed in the apparatus 240 may include a step 1610 of receiving, from the apparatus 220, at least one of the access configuration for the IoT device 120 and an indication of the access configuration, and acceptance of the access configuration for the IoT device 120 by the user 130, a step 1620 of receiving a request from the user 130 for a service of the IoT device 120, a step 1630 of determining whether the service is allowed for the user 130 in the access configuration for the IoT device 120, and a step 1640 of transmitting the request to the IoT device 120 for example in a case where the service is allowed for the user 130 in the access configuration for the IoT device 120.
The apparatus 230 may perform the step 1610 to cooperate with the apparatus 220 performing the step 1210 of the example method 1200. In an embodiment, the apparatus 220 may also transmit an explicit acceptance of the access configuration for the IoT device 120  by the user 130 to the apparatus 230. In an embodiment, the access configuration for the IoT device 120 may be associated with the user 130, for example, associated with the identifier of the user 130, after the user 130 confirms and accepts the access configuration for the IoT device 120, for example when the user 130 transmits a request to book the IoT device 120 via the apparatus 230.
In the step 1620, the apparatus 230 may receive one or more requests from the user 130 for one or more services of the IoT device 120, directly from the user 130 for example in a case where the user 130 operates on the IoT device 120 directly, or from the apparatus 230 of the user 130 for example in a case where the user 130 operates on the apparatus 230 to transmit one or more such requests.
In an embodiment, an identifier (e.g. a string, or a serial number, or the like) may be allocated for a service of the IoT device 120, and the request from the user 130 may include one or more identifiers of one or more services of the IoT device 120. For example, the access configuration for the IoT device 120 may include a list of indenters of one or more services of the IoT device 120 allowed for the user 130. Then, in the step 1630, the apparatus 240 may check whether the list in the access configuration includes the one or more identifiers in the request received in the step 1620.
In an embodiment, the access configuration for the IoT device 120 may include a mapping indicating enablement/disablement of the services supported by the IoT device 120, and the identifier of a service included in the request from the user 130 may correspond to an index of an item in the mapping. For example, as illustrated in FIG. 17, an example mapping may be a list of binary values, where the item with index “0” may correspond to the service “Manual Driving” , the item with index “1” may correspond to the service “Automatic Driving” , the item with index “2” may correspond to the service “Entertainment” , the item with index “3” may correspond to the service “Emergency Rescue” , and the like, and where “1” indicates that the corresponding service is allowed for the user 130 and “0” indicates that the corresponding service is denied for the user 130. In another example, other values may be possible, for example, “2” indicating that the corresponding service is allowed for the user 130 with conditions, or the like. Thus, in the example of FIG. 17, the services “Manual Driving” and “Emergency Rescue” are allowed for the user 130, and the services “Automatic Driving” and  “Entertainment” are denied for the user 130. Then, for example, if the request received from the user 130 in the step 1620 includes a service index “0” and a service index “2” , then in the step 1630, the apparatus 240 may determine that the service the user 130 is requesting a service “Manual Driving” of the IoT device 120 which is allowed for the user 130, and a service “Entertainment” of the IoT device 120 which is denied for the user 130.
For the request with respect to the allowed service, for example, the apparatus 240 may transmit the request to the IoT device 120 so that the IoT device 120 may operate to respond to the request. For the request with respect to the denied service, for example, the apparatus 240 may transmit information on the rejection to one or more of the apparatus 210 of the user 110 and the apparatus 230 of the user 130.
In an embodiment, the example method 1600 performed by the apparatus 240 may also include receiving, from the IoT device 120, information on usage of the IoT device 120, and reporting the information on the usage of the IoT device 120 to the apparatus 220, so that the apparatus 220 may calculate service usage to determine the charging information and so on.
In an embodiment, as described above, the apparatus 220 may transmit a request to monitor the IoT device to the apparatus 240. For example, such monitor request may include authorization information such as a token of the apparatus 220. Then, the example method 1600 performed by the apparatus 240 may also include receiving such request from the apparatus 220, and verifying whether the apparatus 240 is authorized by the user 110, for example according to the authorization information in the request. If it is determined that the apparatus 220 is authorized by the user 110, for example, the authorization information such as a token of the apparatus 220 may be associated with the access configuration for the IoT device 120, and one or more monitor events may be subscribed for example from the apparatus 260 serving the IoT device 120. Then, for example, a successful response to the request to monitor the IoT device 120 may be feedback to the apparatus 220, so that the apparatus 220 may update the status of the IoT device 120.
In an embodiment, for example after receiving, from the apparatus 220, the access configuration for the IoT device 120 and an acceptance of the user 130, in the example method 1600, the access configuration for the IoT device 120 may be saved locally or in the  apparatus 450. In an embodiment, for example after receiving, from the apparatus 220, the access configuration for the IoT device 120 and an acceptance of the user 130, or after receiving a request from the user 130 for a service of the IoT device 120, in the example method 1600, service profile for the IoT device 120 may be modified, for example to change the charging to the user 130 from the user 110 during the period while the user 130 is using the IoT device 120 of the user 110.
In an embodiment, the example method 1600 may also include determining whether time assigned to the user 130 for using the IoT device 120 is ended, and transmitting, to the apparatus 220, information on that the time or accepted time window assigned to the user 130 for using the IoT device 120 is ended, so that the apparatus 220 may update the status of the IoT device 120 accordingly. For example, a timer may be configured to track the time assigned to the user 130 for using the IoT device 120. Further, for example, in the example method 1600, when the accepted time window is down, the service profile for the IoT device 120 may be modified back, for example to change the charging back to the user 110 from the user 130, and may reject subsequent service request from the user 130.
FIG. 18 illustrates an example of the apparatus 240. As shown in FIG. 18, the apparatus 240 may include at least one processor 1810 and at least one memory 1820 that may include computer program code 1830. The at least one memory 1820 and the computer program code 1830 may be configured to, with the at least one processor 1810, cause the apparatus 240 at least to perform at least the steps of the example method 1600 described above.
In various example embodiments, the at least one processor 1810 in the apparatus 240 may include, but is not limited to, at least one hardware processor, including at least one microprocessor such as a CPU, a portion of at least one hardware processor, and any other suitable dedicated processor such as those developed based on for example FPGA and ASIC. Further, the at least one processor 1810 may also include at least one other circuitry or element not shown in FIG. 18.
In various example embodiments, the at least one memory 1820 in the apparatus 240 may include at least one storage medium in various forms, such as a volatile memory and/or a non-volatile memory. The volatile memory may include, but not limited to, for  example, a RAM, a cache, and so on. The non-volatile memory may include, but not limited to, for example, a ROM, a hard disk, a flash memory, and so on. Further, the at least memory 1820 may include, but are not limited to, an electric, a magnetic, an optical, an electromagnetic, an infrared, or a semiconductor system, apparatus, or device or any combination of the above.
Further, in various example embodiments, the apparatus 240 may also include at least one other circuitry, element, and interface, for example at least one I/O interface, at least one antenna element, and the like. In various example embodiments, the circuitries, parts, elements, and interfaces in the example apparatus 240, including the at least one processor 1810 and the at least one memory 1820, may be coupled together via any suitable connections including, but are not limited to, buses, crossbars, wiring and/or wireless lines, in any suitable ways, for example electrically, magnetically, optically, electromagnetically, and the like.
FIG. 19 illustrates another example of the apparatus 240. As shown in FIG. 19, the apparatus 240 may include means 1910 for performing the step 1610 of the example method 1600, means 1920 for performing the step 1620 of the example method 1600, means 1930 for performing the step 1630 of the example method 1600, and means 1940 for performing the step 1640 of the example method 1600. In one or more another example embodiments, at least one I/O interface, at least one antenna element, and the like may also be included in the apparatus 240. In one or more another example embodiments, the apparatus 240 may further include one or more means for performing one or more additional steps in the example method 1600.
In some example embodiments, examples of  means  1910, 1920, 1930, and 1940 may include circuitries. For example, an example of means 1910 may include a circuitry configured to perform the step 1610 of the example method 1600, an example of means 1920 may include a circuitry configured to perform the step 1620 of the example method 1600, an example of means 1930 may include a circuitry configured to perform the step 1630 of the example method 1600, and an example of means 1940 may include a circuitry configured to perform the step 1640 of the example method 1600. In some example embodiments, examples of means may also include software modules and any other suitable function entities.
It is appreciated that the implementation/structure of the apparatus 240 is not limited to the above examples. For example, as described above, one or more  operations/steps in the example method 1600 or the functions in the apparatus 240 may be implemented in the  apparatuses  250, 260, and 120.
FIG. 20 illustrates an example where one or more operations/steps in the example method 1600 during a period when the user 110 offers the IoT device 120 for sharing are implemented in the  apparatuses  250 and 260.
As illustrated in FIG. 20, the apparatus 240 may transfer the monitor request from the apparatus 220 to the apparatus 250, and the apparatus 250 may verify the authorization information and subscribe monitor event from the apparatus 260 serving the IoT device 120.
FIG. 21 illustrates an example where one or more operations/steps in the example method 1600 during a period when the user 130 books the IoT device 120 are implemented in the  apparatuses  250 and 260.
As illustrated in FIG. 21, the maintenance/storage of the access configuration for the IoT device 120 and the modification of the service profile for the IoT device 120 (e.g. changing the charging to the user 130 from the user 110 during the period while the user 130 is using the IoT device 120 of the user 110) may be performed in the apparatus 250, and the modified service profile for the IoT device 120 may be transmitted to the  apparatuses  240 and 260.
FIG. 22 illustrates an example where one or more operations/steps in the example method 1600 during a period when the user 130 request a service of the IoT device 120 are implemented in the  apparatuses  250 and 260.
As illustrated in FIG. 22, the maintenance/storage of the access configuration for the IoT device 120 (e.g. deleting the access configuration for IoT device 120 when the time assigned to the user 130 to use the IoT device 120 ends) and the modification of the service profile for the IoT device 120 (e.g. changing the charging back to the user 110 from the user 130 when the time assigned to the user 130 to use the IoT device 120 ends) may be performed in the apparatus 250, and the modified service profile for the IoT device 120 may be transmitted to the  apparatuses  240 and 260.
FIG. 20, FIG. 21, and FIG. 22 also illustrate another example of actions/operations of the example system 200.
As illustrated in FIG. 20, the apparatus 210 of the user 110 may transmit an access configuration for the IoT device 120 together with authorization information (e.g. a token for the apparatus 220) to the apparatus 220. When receiving the access configuration for the IoT device 120, the apparatus 220 may transmit a Monitor Request (e.g. location, power information, and so on) including the authorization information via the apparatus 240 to the apparatus 250. The apparatus 250 may verify the authorization information to determine whether the apparatus 220 is authorized by the user 110. If the apparatus 220 is authorized by the user 110, the apparatus 250 may subscribe monitor event from the apparatus 260 serving the IoT device 120, and may transmit a Monitor Response to the apparatus 220 via the apparatus 240. Then, the apparatus 220 may update the status of the IoT device 120 for example to indicate that the IoT device 120 is available for sharing, and may transmit the information on the IoT device status to the  apparatuses  210 and 230.
Then, when the user 130 transmit a Booking Request for the IoT device 120 via the apparatus 230 to the apparatus 220, the apparatus 220 may either transfer the Booking Request to the apparatus 210 of the user 110 or handle it on behalf of the user 110 based on local provisioning. For example, the Booking Request may be rejected if it cannot meet the acceptable criteria defined by the user 110, and apparatus 220 may transmit a Booking Response indicating a rejection to the apparatus 230 of the user 130. If the Booking Request meets the acceptable criteria defined by the user 110, the apparatus 220 may transmit a Booking Response indicating an acceptance to the apparatus 230 of the user 130. Accordingly, for example, the access configuration for the IoT device 120 may be updated or an access policy for the IoT device 120 may be generated based on the acceptance, the service profile for the IoT device 120, and the access configuration for the IoT device 120, where, for example, an identifier of the user 130 may be associated. Also, for example the apparatus 220 may update the status of the IoT device 120 to indicate that the IoT device is booked by the user 130 at given time window, and may notify the IoT device status to the apparatus 210. In addition, the apparatus 250 may change the charging to the user 130 from the user 110 during the period while the user 130 is using the IoT device 120 of the user 110, and transmit the modified service profile for the IoT device 120 or notify the modification to the  apparatuses  240 and 260.
Then, as illustrated in FIG. 22, the apparatus 240 may handle the service request from the user 130 or the apparatus 230 based on the access configuration or access policy for the IoT device 120 in the accepted time window for the user 130. For example, the apparatus 240 may transfer the service request to the IoT device 120 via the apparatus 260 so that the IoT device 120 may perform the service accordingly, and may receive the Service Usage Report from the apparatus 260. For example, the apparatus 240 may report the service and the monitored event to the apparatus 220 and the apparatus 230 based on the access configuration or access policy for the IoT device 120. When the time accepted for the user 130 ends, the apparatus 250 may notify the apparatus 220 that the handling has done. Correspondingly, the apparatus 220 may update the IoT device status, and may notify the updated status to the  apparatuses  210 and 230. As illustrated in FIG. 22, the IoT device 120 may perform the service in response to the service request from the apparatus 240, and may report information on the service performing to the apparatus 260 serving the IoT device 120.
As described above, service profile for the IoT device 120 may be modified depending on stage of service usage. For example, when the IoT device 120 is in a state of being available for sharing but has not yet been used by another user such as the user 130, the service profile for the IoT device 120 may indicate that responsibilities and costs for the IoT 120 are associated with the user 110. Then, when the user 130 start to use the IoT device 120 of the user 110, for example as illustrated in FIG. 21, the service profile for the IoT device 120 may be modified so that the at least a part of responsibilities and costs with respect to the IoT device 120 is associated with the user 130 instead of the user 110. Then, when the accepted time window for the user 130 ends, for example as illustrated in FIG. 22, the service profile for the IoT device 120 may be modified again so that responsibilities and costs for the IoT 120 are associated again with the user 110. Further, as described above, one or more functions of the  apparatuses  240, 250, and 260, such as maintenance and storage of the access configuration, service checking, and so on, may be also implemented in the IoT device 120.
FIG. 23 illustrates an example method 2300 for secure device sharing in an embodiment, which may be performed in the IoT device 120.
As illustrated in FIG. 23, the example method 2300 may include a step 2310 of receiving a request from the user 130 for a service of the IoT device 120, and a step 2320 of  performing the service in a case where the service is allowed for the user 130 in the access configuration for the IoT device 120.
In an embodiment, the example method 2300 performed by the IoT device 120 may also include one or more of the following steps: storing the access configuration; determining whether the service is allowed for the user 130 in the access configuration; and reporting information on usage of the IoT device 120, for example via the apparatus 260.
FIG. 24 illustrates an example of the actions of the example system 200 in a case where the IoT device 120 performs the service check. Compared with the example of FIG. 3, in the example of FIG. 24, the  apparatuses  240, 250, and 260 transfer the access configuration and service request to the IoT device 120, for example without saving and/or handling, and the IoT device 120 may maintain the access configuration and determine whether the requested service is allowed for the user 130 by itself.
FIG. 25 illustrates an example of the apparatus 2500 which may be at least a part of the IoT device 120. As shown in FIG. 25, the apparatus 2500 may include at least one processor 2510 and at least one memory 2520 that may include computer program code 2530. The at least one memory 2520 and the computer program code 2530 may be configured to, with the at least one processor 2510, cause the apparatus 2500 at least to perform at least the steps of the example method 2300 described above.
In various example embodiments, the at least one processor 2510 in the apparatus 2500 may include, but is not limited to, at least one hardware processor, including at least one microprocessor such as a CPU, a portion of at least one hardware processor, and any other suitable dedicated processor such as those developed based on for example FPGA and ASIC. Further, the at least one processor 2510 may also include at least one other circuitry or element not shown in FIG. 25.
In various example embodiments, the at least one memory 2520 in the apparatus 2500 may include at least one storage medium in various forms, such as a volatile memory and/or a non-volatile memory. The volatile memory may include, but not limited to, for example, a RAM, a cache, and so on. The non-volatile memory may include, but not limited to, for example, a ROM, a hard disk, a flash memory, and so on. Further, the at least memory 2520 may include, but are not limited to, an electric, a magnetic, an optical, an electromagnetic,  an infrared, or a semiconductor system, apparatus, or device or any combination of the above.
Further, in various example embodiments, the apparatus 2500 may also include at least one other circuitry, element, and interface, for example at least one I/O interface, at least one antenna element, and the like. In various example embodiments, the circuitries, parts, elements, and interfaces in the example apparatus 2500, including the at least one processor 2510 and the at least one memory 2520, may be coupled together via any suitable connections including, but are not limited to, buses, crossbars, wiring and/or wireless lines, in any suitable ways, for example electrically, magnetically, optically, electromagnetically, and the like.
FIG. 26 illustrates another example of the apparatus 2600 which may be at least a part of the IoT device 120. As shown in FIG. 26, the apparatus 2600 may include means 2610 for performing the step 2310 of the example method 2300, and means 2620 for performing the step 2320 of the example method 2300. In one or more another example embodiments, at least one I/O interface, at least one antenna element, and the like may also be included in the apparatus 2600. In one or more another example embodiments, the apparatus 2600 may further include one or more means for performing one or more additional steps in the example method 2300.
In some example embodiments, examples of  means  2610 and 2620 may include circuitries. For example, an example of means 2610 may include a circuitry configured to perform the step 2310 of the example method 2300, and an example of means 2620 may include a circuitry configured to perform the step 2320 of the example method 2300. In some example embodiments, examples of means may also include software modules and any other suitable function entities.
It is appreciated that the disclosure is not limited to the above example embodiments.
Another example embodiment may relate to computer program codes or instructions which may cause an apparatus to perform at least respective methods described above. Another example embodiment may be related to a computer readable medium having such computer program codes or instructions stored thereon. In some example embodiments, such a computer readable medium may include at least one storage medium in various forms  such as a volatile memory and/or a non-volatile memory. The volatile memory may include, but not limited to, for example, a RAM, a cache, and so on. The non-volatile memory may include, but not limited to, a ROM, a hard disk, a flash memory, and so on. The non-volatile memory may also include, but are not limited to, an electric, a magnetic, an optical, an electromagnetic, an infrared, or a semiconductor system, apparatus, or device or any combination of the above.
Unless the context clearly requires otherwise, throughout the description and the claims, the words “comprise, ” “comprising, ” and the like are to be construed in an inclusive sense, as opposed to an exclusive or exhaustive sense; that is to say, in the sense of “including, but not limited to. ” The word “coupled” , as generally used herein, refers to two or more elements that may be either directly connected, or connected by way of one or more intermediate elements. Likewise, the word “connected” , as generally used herein, refers to two or more elements that may be either directly connected, or connected by way of one or more intermediate elements. Additionally, the words “herein, ” “above, ” “below, ” and words of similar import, when used in this application, shall refer to this application as a whole and not to any particular portions of this application. Where the context permits, words in the description using the singular or plural number may also include the plural or singular number respectively. The word “or” in reference to a list of two or more items, that word covers all of the following interpretations of the word: any of the items in the list, all of the items in the list, and any combination of the items in the list.
Moreover, conditional language used herein, such as, among others, “can, ” “could, ” “might, ” “may, ” “e.g., ” “for example, ” “such as” and the like, unless specifically stated otherwise, or otherwise understood within the context as used, is generally intended to convey that certain embodiments include, while other embodiments do not include, certain features, elements and/or states. Thus, such conditional language is not generally intended to imply that features, elements and/or states are in any way required for one or more embodiments or that one or more embodiments necessarily include logic for deciding, with or without author input or prompting, whether these features, elements and/or states are included or are to be performed in any particular embodiment.
Moreover, the modifiers such as “first” and “second” throughout this disclosure  may be used for distinguish different elements, components, circuits, modules, apparatuses, or steps, rather than emphasizing order, positional relationship, importance, priority, or the like, and modifiers such as “first” and “second” may be interchangeable.
While some embodiments have been described, these embodiments have been presented by way of example, and are not intended to limit the scope of the disclosure. Indeed, the apparatus, methods, and systems described herein may be embodied in a variety of other forms; furthermore, various omissions, substitutions and changes in the form of the methods and systems described herein may be made without departing from the spirit of the disclosure. For example, while blocks are presented in a given arrangement, alternative embodiments may perform similar functionalities with different components and/or circuit topologies, and some blocks may be deleted, moved, added, subdivided, combined, and/or modified. At least one of these blocks may be implemented in a variety of different ways. The order of these blocks may also be changed. Any suitable combination of the elements and acts of some embodiments described above can be combined to provide further embodiments. The accompanying claims and their equivalents are intended to cover such forms or modifications as would fall within the scope and spirit of the disclosure.

Claims (60)

  1. A method comprising:
    transmitting, at a first apparatus of a user and to a second apparatus, at least one of an access configuration for a third apparatus of the user and an indication of the access configuration; and
    receiving, at the first apparatus and from the second apparatus, information on usage of the third apparatus by another user at least partly according to the access configuration.
  2. The method of claim 1 wherein the access configuration comprises at least one of an identity of the third apparatus, a description of the third apparatus, one or more services of the third apparatus allowed for the another user, one or more services of the third apparatus denied for the another user, charging rate for the one or more services of the third apparatus allowed for the another user, and one or more actions of the third apparatus in response to one or more access attempts to the third apparatus by the another user.
  3. The method of any of claims 1 to 2 further comprising:
    transmitting, at the first apparatus and to the second apparatus, an authentication for granting the second apparatus permission to access data of the third apparatus.
  4. The method of any of claims 1 to 3 further comprising:
    receiving, at the first apparatus and from the second apparatus, information on at last one of a status of the third apparatus, service usage, and charging.
  5. The method of any of claims 1 to 4 further comprising:
    transmitting, at the first apparatus and to the second apparatus, an indication to stop sharing the third apparatus.
  6. A method comprising:
    receiving, at a first apparatus of a user and from a second apparatus, at least one of an  access configuration for a third apparatus of another user and an indication of the access configuration; and
    transmitting, at the first apparatus and to the second apparatus, a request to book the third apparatus according to the access configuration.
  7. The method of 6 wherein the access configuration comprises at least one of an identity of the third apparatus, a description of the third apparatus, one or more services of the third apparatus allowed for the user, one or more services of the third apparatus denied for the user, charging rate for the one or more services of the third apparatus allowed for the user, and one or more actions of the third apparatus in response to one or more access attempts to the third apparatus by the user.
  8. The method of any of claims 6 to 7 further comprising:
    transmitting, at the first apparatus and to the third apparatus, a request for a service of the third apparatus.
  9. The method of any of claims 6 to 8 further comprising:
    transmitting, at the first apparatus and to the second apparatus, information on usage of the third apparatus.
  10. The method of any of claims 6 to 9 further comprising:
    receiving, at the first apparatus and from the second apparatus, information on at least one of a status of the third apparatus, service usage, and charging.
  11. A method comprising:
    receiving, at an apparatus of a user, a request from another user for a service of the apparatus; and
    performing the service in a case where the service is allowed for the another user in an access configuration for the apparatus.
  12. The method of claim 11 wherein the access configuration comprises at least one of an identity of the apparatus, a description of the apparatus, one or more services of the apparatus allowed for the another user, one or more services of the apparatus denied for the another user, charging rate for the one or more services of the apparatus allowed for the another user, and one or more actions of the apparatus in response to one or more access attempts to the apparatus by the another user.
  13. The method of any of claims 11 to 12 further comprising:
    storing the access configuration at the apparatus.
  14. The method of claim 13 further comprising:
    determining, at the apparatus, whether the service is allowed for the another user in the access configuration.
  15. The method of any of claims 11 to 14 further comprising:
    reporting information on usage of the apparatus.
  16. A method comprising:
    receiving, at a first apparatus and from a second apparatus of a user, at least one of an access configuration for a third apparatus of the user and an indication of the access configuration;
    transmitting, at the first apparatus, at least one of the access configuration and the indication to a fourth apparatus of another user;
    receiving, at the first apparatus and from the fourth apparatus, a request to book the third apparatus according to the access configuration;
    transmitting, at the first apparatus, the access configuration to at least one of the third apparatus and a fifth apparatus as a delegate apparatus of the third apparatus; and
    transmitting, at the first apparatus and to at least one of the second apparatus and the fourth apparatus, information on usage of the third apparatus by the another user at least partly according to the access configuration.
  17. The method of claim 16 wherein the access configuration comprises at least one of an identity of the third apparatus, a description of the third apparatus, one or more services of the third apparatus allowed for the another user, one or more services of the third apparatus denied for the another user, charging rate for the one or more services of the third apparatus allowed for the another user, and one or more actions of the third apparatus in response to one or more access attempts to the third apparatus by the another user.
  18. The method of any of claims 16 to 17 further comprising:
    receiving, at the first apparatus and from the second apparatus, an authentication for granting the first apparatus permission to access data of the third apparatus; and
    transmitting, at the first apparatus and to at least one of the third apparatus and the fifth apparatus, a request to monitor the third apparatus.
  19. The method of any of claims 16 to 18 further comprising:
    determining, at the first apparatus, a status of the third apparatus; and
    transmitting, at the first apparatus and to at least one of the second apparatus and the fourth apparatus, information on the status of the third apparatus.
  20. The method of any of claims 16 to 19 further comprising:
    receiving, at the first apparatus and from at least one of the third apparatus, the fourth apparatus, and the fourth apparatus, information on usage of the third apparatus.
  21. A method comprising:
    receiving, at a first apparatus and from a second apparatus, at least one of an access configuration for a third apparatus of a user and an indication of the access configuration, and acceptance of the access configuration by another user;
    receiving, at the first apparatus, a request from the another user for a service of the third apparatus;
    determining, at the first apparatus, whether the service is allowed for the another user in  the access configuration; and
    transmitting, at the first apparatus, the request to the third apparatus.
  22. The method of claim 21 wherein the access configuration comprises at least one of an identity of the third apparatus, a description of the third apparatus, one or more services of the third apparatus allowed for the another user, one or more services of the third apparatus denied for the another user, charging rate for the one or more services of the third apparatus allowed for the another user, and one or more actions of the third apparatus in response to one or more access attempts to the third apparatus by the another user.
  23. The method of any of claims 21 to 22 further comprising:
    receiving, at the first apparatus and from the third apparatus, information on usage of the third apparatus; and
    reporting, at the first apparatus, the information to the second apparatus.
  24. The method of any of claims 21 to 23 further comprising:
    receiving, at the first apparatus and from the second apparatus, a request to monitor the third apparatus; and
    verifying, at the first apparatus, whether the second apparatus is authorized by the user.
  25. The method of any of claims 21 to 24 further comprising:
    determining, at the first apparatus, whether time assigned to the another user for using the third apparatus is ended; and
    transmitting, at the first apparatus and to the second apparatus, information on that the time assigned to the another user for using the third apparatus is ended.
  26. An apparatus comprising:
    at least one processor; and
    at least one memory including computer program code, the at least one memory and the computer program code being configured to, with the at least one processor, cause the  apparatus as a first apparatus to perform
    transmitting, to a second apparatus, at least one of an access configuration for a third apparatus of the user and an indication of the access configuration, and
    receiving, from the second apparatus, information on usage of the third apparatus by another user at least partly according to the access configuration.
  27. The apparatus of claim 26 wherein the access configuration comprises at least one of an identity of the third apparatus, a description of the third apparatus, one or more services of the third apparatus allowed for the another user, one or more services of the third apparatus denied for the another user, charging rate for the one or more services of the third apparatus allowed for the another user, and one or more actions of the third apparatus in response to one or more access attempts to the third apparatus by the another user.
  28. The apparatus of any of claims 26 to 27 wherein the at least one memory and the computer program code are further configured to, with the at least one processor, cause the apparatus to perform
    transmitting, to the second apparatus, an authentication for granting the second apparatus permission to access data of the third apparatus.
  29. The apparatus of any of claims 26 to 28 wherein the at least one memory and the computer program code are further configured to, with the at least one processor, cause the apparatus to perform
    receiving, from the second apparatus, information on at last one of a status of the third apparatus, service usage, and charging.
  30. The apparatus of any of claims 26 to 29 wherein the at least one memory and the computer program code are further configured to, with the at least one processor, cause the apparatus to perform
    transmitting, to the second apparatus, an indication to stop sharing the third apparatus.
  31. An apparatus comprising:
    at least one processor; and
    at least one memory including computer program code, the at least one memory and the computer program code being configured to, with the at least one processor, cause the apparatus as a first apparatus to perform
    receiving, from a second apparatus, at least one of an access configuration for a third apparatus of another user and an indication of the access configuration, and
    transmitting, to the second apparatus, a request to book the third apparatus according to the access configuration.
  32. The apparatus of claim 31 wherein the access configuration comprises at least one of an identity of the third apparatus, a description of the third apparatus, one or more services of the third apparatus allowed for the user, one or more services of the third apparatus denied for the user, charging rate for the one or more services of the third apparatus allowed for the user, and one or more actions of the third apparatus in response to one or more access attempts to the third apparatus by the user.
  33. The apparatus of any of claims 31 to 32 wherein the at least one memory and the computer program code are further configured to, with the at least one processor, cause the apparatus to perform
    transmitting, to the third apparatus, a request for a service of the third apparatus.
  34. The apparatus of any of claims 31 to 32 wherein the at least one memory and the computer program code are further configured to, with the at least one processor, cause the apparatus to perform
    transmitting, to the second apparatus, information on usage of the third apparatus.
  35. The apparatus of any of claims 31 to 34 wherein the at least one memory and the computer program code are further configured to, with the at least one processor, cause the apparatus to perform
    receiving, from the second apparatus, information on at least one of a status of the third apparatus, service usage, and charging.
  36. An apparatus comprising:
    at least one processor; and
    at least one memory including computer program code, the at least one memory and the computer program code being configured to, with the at least one processor, cause the apparatus of a user to perform receiving a request from another user for a service of the apparatus, and performing the service in a case where the service is allowed for the another user in an access configuration for the apparatus.
  37. The apparatus of claim 36 wherein the access configuration comprises at least one of an identity of the apparatus, a description of the apparatus, one or more services of the apparatus allowed for the another user, one or more services of the apparatus denied for the another user, charging rate for the one or more services of the apparatus allowed for the another user, and one or more actions of the apparatus in response to one or more access attempts to the apparatus by the another user.
  38. The apparatus of any of claims 36 to 37 wherein the at least one memory and the computer program code are further configured to, with the at least one processor, cause the apparatus to perform storing the access configuration at the apparatus.
  39. The apparatus of claim 38 wherein the at least one memory and the computer program code are further configured to, with the at least one processor, cause the apparatus to perform determining, at the apparatus, whether the service is allowed for the another user in the access configuration.
  40. The apparatus of any of claims 36 to 39 wherein the at least one memory and the computer program code are further configured to, with the at least one processor, cause the apparatus to perform reporting information on usage of the apparatus.
  41. An apparatus comprising:
    at least one processor; and
    at least one memory including computer program code, the at least one memory and the computer program code being configured to, with the at least one processor, cause the apparatus as a first apparatus to perform
    receiving, from a second apparatus of a user, at least one of an access configuration for a third apparatus of the user and an indication of the access configuration,
    transmitting at least one of the access configuration and the indication to a fourth apparatus of another user,
    receiving, from the fourth apparatus, a request to book the third apparatus according to the access configuration,
    transmitting the access configuration to at least one of the third apparatus and a fifth apparatus as a delegate apparatus of the third apparatus, and
    transmitting, to at least one of the second apparatus and the fourth apparatus, information on usage of the third apparatus by the another user at least partly according to the access configuration.
  42. The apparatus of claim 41 wherein the access configuration comprises at least one of an identity of the third apparatus, a description of the third apparatus, one or more services of the third apparatus allowed for the another user, one or more services of the third apparatus denied for the another user, charging rate for the one or more services of the third apparatus allowed for the another user, and one or more actions of the third apparatus in response to one or more access attempts to the third apparatus by the another user.
  43. The apparatus of any of claims 41 to 42 wherein the at least one memory and the computer program code are further configured to, with the at least one processor, cause the apparatus to perform
    receiving, from the second apparatus, an authentication for granting the first apparatus permission to access data of the third apparatus, and
    transmitting, to at least one of the third apparatus and the fifth apparatus, a request to monitor the third apparatus.
  44. The apparatus of any of claims 41 to 43 wherein the at least one memory and the computer program code are further configured to, with the at least one processor, cause the apparatus to perform
    determining a status of the third apparatus, and
    transmitting, to at least one of the second apparatus and the fourth apparatus, information on the status of the third apparatus.
  45. The apparatus of any of claims 41 to 44 wherein the at least one memory and the computer program code are further configured to, with the at least one processor, cause the apparatus to perform
    receiving, from at least one of the third apparatus, the fourth apparatus, and the fourth apparatus, information on usage of the third apparatus.
  46. An apparatus comprising:
    at least one processor; and
    at least one memory including computer program code, the at least one memory and the computer program code being configured to, with the at least one processor, cause the apparatus as a first apparatus to perform
    receiving, from a second apparatus, at least one of an access configuration for a third apparatus of a user and an indication of the access configuration, and acceptance of the access configuration by another user,
    receiving a request from the another user for a service of the third apparatus,
    determining whether the service is allowed for the another user in the access configuration, and
    transmitting the request to the third apparatus.
  47. The apparatus of claim 46 wherein the access configuration comprises at least one of  an identity of the third apparatus, a description of the third apparatus, one or more services of the third apparatus allowed for the another user, one or more services of the third apparatus denied for the another user, charging rate for the one or more services of the third apparatus allowed for the another user, and one or more actions of the third apparatus in response to one or more access attempts to the third apparatus by the another user.
  48. The apparatus of any of claims 46 to 47 wherein the at least one memory and the computer program code are further configured to, with the at least one processor, cause the apparatus to perform
    receiving, from the third apparatus, information on usage of the third apparatus, and
    reporting the information to the second apparatus.
  49. The apparatus of any of claims 46 to 48 wherein the at least one memory and the computer program code are further configured to, with the at least one processor, cause the apparatus to perform
    receiving, from the second apparatus, a request to monitor the third apparatus, and
    verifying whether the second apparatus is authorized by the user.
  50. The apparatus of any of claims 46 to 49 wherein the at least one memory and the computer program code are further configured to, with the at least one processor, cause the apparatus to perform
    determining whether time assigned to the another user for using the third apparatus is ended, and
    transmitting, to the second apparatus, information on that the time assigned to the another user for using the third apparatus is ended.
  51. An apparatus comprising:
    means for transmitting, at the apparatus as a first apparatus of a user and to a second apparatus, at least one of an access configuration for a third apparatus of the user and an indication of the access configuration; and
    means for receiving, at the first apparatus and from the second apparatus, information on usage of the third apparatus by another user at least partly according to the access configuration.
  52. An apparatus comprising:
    means for receiving, at the apparatus as a first apparatus of a user and from a second apparatus, at least one of an access configuration for a third apparatus of another user and an indication of the access configuration; and
    means for transmitting, at the first apparatus and to the second apparatus, a request to book the third apparatus according to the access configuration.
  53. An apparatus comprising:
    means for receiving, at the apparatus of a user, a request from another user for a service of the apparatus; and
    means for performing the service in a case where the service is allowed for the another user in an access configuration for the apparatus.
  54. An apparatus comprising:
    means for receiving, at the apparatus as a first apparatus and from a second apparatus of a user, at least one of an access configuration for a third apparatus of the user and an indication of the access configuration;
    means for transmitting, at the first apparatus, at least one of the access configuration and the indication to a fourth apparatus of another user;
    means for receiving, at the first apparatus and from the fourth apparatus, a request to book the third apparatus according to the access configuration;
    means for transmitting, at the first apparatus, the access configuration to at least one of the third apparatus and a fifth apparatus as a delegate apparatus of the third apparatus; and
    means for transmitting, at the first apparatus and to at least one of the second apparatus and the fourth apparatus, information on usage of the third apparatus by the another user at least partly according to the access configuration.
  55. [Corrected under Rule 26, 14.07.2020]
    An apparatus comprising:
    means for receiving, at the apparatus as a first apparatus and from a second apparatus, at least one of an access configuration for a third apparatus of a user and an indication of the access configuration, and acceptance of the access configuration by another user;
    means for receiving, at the first apparatus, a request from the another user for a service of the third apparatus;
    means for determining, at the first apparatus, whether the service is allowed for the another user in the access configuration; and
    means for transmitting, at the first apparatus, the request to the third apparatus.
  56. [Corrected under Rule 26, 14.07.2020]
    A computer readable medium comprising instructions stored thereon for causing a first apparatus to perform
    transmitting, to a second apparatus, at least one of an access configuration for a third apparatus of the user and an indication of the access configuration, and
    receiving, from the second apparatus, information on usage of the third apparatus by another user at least partly according to the access configuration.
  57. [Corrected under Rule 26, 14.07.2020]
    A computer readable medium comprising instructions stored thereon for causing a first apparatus to perform
    receiving, from a second apparatus, at least one of an access configuration for a third apparatus of another user and an indication of the access configuration, and
    transmitting, to the second apparatus, a request to book the third apparatus according to the access configuration.
  58. [Corrected under Rule 26, 14.07.2020]
    A computer readable medium comprising instructions stored thereon for causing apparatus of a user to perform
    receiving a request from another user for a service of the apparatus, and
    performing the service in a case where the service is allowed for the another user in an access configuration for the apparatus.
  59. [Corrected under Rule 26, 14.07.2020]
    A computer readable medium comprising instructions stored thereon for causing a first apparatus to perform
    receiving, from a second apparatus of a user, at least one of an access configuration for a third apparatus of the user and an indication of the access configuration,
    transmitting at least one of the access configuration and the indication to a fourth apparatus of another user,
    receiving, from the fourth apparatus, a request to book the third apparatus according to the access configuration,
    transmitting the access configuration to at least one of the third apparatus and a fifth apparatus as a delegate apparatus of the third apparatus, and
    transmitting, to at least one of the second apparatus and the fourth apparatus, information on usage of the third apparatus by the another user at least partly according to the access configuration.
  60. [Corrected under Rule 26, 14.07.2020]
    A computer readable medium comprising instructions stored thereon for causing a first apparatus to perform
    receiving, from a second apparatus, at least one of an access configuration for a third apparatus of a user and an indication of the access configuration, and acceptance of the access configuration by another user,
    receiving a request from the another user for a service of the third apparatus,
    determining whether the service is allowed for the another user in the access configuration, and
    transmitting the request to the third apparatus.
PCT/CN2020/100042 2020-07-03 2020-07-03 Methods and apparatuses for secure device sharing Ceased WO2022000445A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/CN2020/100042 WO2022000445A1 (en) 2020-07-03 2020-07-03 Methods and apparatuses for secure device sharing

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2020/100042 WO2022000445A1 (en) 2020-07-03 2020-07-03 Methods and apparatuses for secure device sharing

Publications (1)

Publication Number Publication Date
WO2022000445A1 true WO2022000445A1 (en) 2022-01-06

Family

ID=79317799

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2020/100042 Ceased WO2022000445A1 (en) 2020-07-03 2020-07-03 Methods and apparatuses for secure device sharing

Country Status (1)

Country Link
WO (1) WO2022000445A1 (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150058936A1 (en) * 2013-08-20 2015-02-26 Samsung Electronics Co., Ltd. System, apparatus, and method for sharing electronic device
WO2016060370A1 (en) * 2014-10-17 2016-04-21 Samsung Electronics Co., Ltd. Terminal for internet of things and operation method of the same
CN107464172A (en) * 2017-08-16 2017-12-12 董志国 A kind of individual equipment shares method for running and system
US20180288209A1 (en) * 2017-03-29 2018-10-04 Samsung Electronics Co., Ltd. Method for managing and controlling external iot device and electronic device supporting the same

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150058936A1 (en) * 2013-08-20 2015-02-26 Samsung Electronics Co., Ltd. System, apparatus, and method for sharing electronic device
WO2016060370A1 (en) * 2014-10-17 2016-04-21 Samsung Electronics Co., Ltd. Terminal for internet of things and operation method of the same
US20180288209A1 (en) * 2017-03-29 2018-10-04 Samsung Electronics Co., Ltd. Method for managing and controlling external iot device and electronic device supporting the same
CN107464172A (en) * 2017-08-16 2017-12-12 董志国 A kind of individual equipment shares method for running and system

Similar Documents

Publication Publication Date Title
EP3511848B1 (en) Industrial automation device and cloud service
US9754091B2 (en) Restricted accounts on a mobile platform
US20210211429A1 (en) Certificate based profile confirmation
US11082850B2 (en) Blockchain based wireless access point password management
US9712542B1 (en) Permissions decisions in a service provider environment
EP4037360A1 (en) Service layer dynamic authorization
EP3082355A1 (en) A method for controlling remotely the permissions and rights of a target secure element
US10187386B2 (en) Native enrollment of mobile devices
US20150143471A1 (en) Method for establishing resource access authorization in m2m communication
US20170017956A1 (en) Systems, methods, and computer program products for managing states
US10142172B2 (en) Internet service provider management platform
WO2019195673A1 (en) Global device management architecture for iot devices with regional autonomy
JP7208080B2 (en) Automatic activation and onboarding of connected equipment
US20190188393A1 (en) Mobile device management broker
JP2024504286A (en) Creation, generation and distribution of ESIM
US20150113614A1 (en) Client based systems and methods for providing users with access to multiple data bases
CN114651424A (en) Access management for publisher nodes with secure access to MAAS networks
KR20180048845A (en) Service layer registration
CN109963275B (en) Sending method and receiving method of subscription data and processing system of subscription data
US11140554B2 (en) Management of a multi-SIM offer with multiple activation codes
KR20100018484A (en) Method and system for modeling options for opaque management data for a user and/or an owner
WO2014189569A1 (en) Systems, methods, and computer program products for managing states
WO2022000445A1 (en) Methods and apparatuses for secure device sharing
US20220247577A1 (en) Provisioning system and method
KR20220023963A (en) Remote management of user devices

Legal Events

Date Code Title Description
NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 20942818

Country of ref document: EP

Kind code of ref document: A1