US20050138169A1 - Management of workspace devices - Google Patents

Management of workspace devices Download PDF

Info

Publication number
US20050138169A1
US20050138169A1 US11/026,608 US2660804A US2005138169A1 US 20050138169 A1 US20050138169 A1 US 20050138169A1 US 2660804 A US2660804 A US 2660804A US 2005138169 A1 US2005138169 A1 US 2005138169A1
Authority
US
United States
Prior art keywords
management
devices
operations
authority
console
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US11/026,608
Inventor
Casey Bahr
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Intel Corp
Original Assignee
Intel Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Intel Corp filed Critical Intel Corp
Priority to US11/026,608 priority Critical patent/US20050138169A1/en
Assigned to INTEL CORPORATION reassignment INTEL CORPORATION ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: BAHR, CASEY
Assigned to INTEL CORPORATION reassignment INTEL CORPORATION ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: BAHR, CASEY
Publication of US20050138169A1 publication Critical patent/US20050138169A1/en
Abandoned legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/105Multiple levels of security
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • H04W12/084Access security using delegated authorisation, e.g. open authorisation [OAuth] protocol
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W88/00Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
    • H04W88/02Terminal devices

Definitions

  • the inventions relate to management of workspace devices.
  • IT departments typically manage an employee's collection of enterprise-provisioned devices such as a laptop, a desktop, a PDA (personal digital assistant), a smart cell phone, etc. separately from each other. Enterprise IT departments currently struggle to achieve the best cost and performance solution.
  • a device may connect to a network using one or more of the following or any other available connectivity options: Wireless Local Area Networks (WLANs) (for example, 802.11x hotspots), Wireless Wide Area Networks (WWANs) (for example, General Packet Radio Service (GPRS) or Universal Traffic Management Systems (UTMS)), and Personal Area Networks (PANs) (for example, Bluetooth).
  • WLANs Wireless Local Area Networks
  • WWANs Wireless Wide Area Networks
  • GPRS General Packet Radio Service
  • UTMS Universal Traffic Management Systems
  • PANs Personal Area Networks
  • FIG. 1 illustrates a platform management system according to some embodiments of the inventions.
  • FIG. 2 illustrates a platform management system according to some embodiments of the inventions.
  • FIG. 3 illustrates a platform management system according to some embodiments of the inventions.
  • Some embodiments of the inventions relate to management of workspace devices.
  • the inventions enable an enterprise Information Technology (IT) department to distribute the management of an employee's collection of enterprise-provisioned devices (for example, a laptop computer, a desktop computer, a personal digital assistant (PDA), and/or a smart cell phone, etc.) amongst the devices themselves rather than remotely managing each device as a separate entity.
  • IT Information Technology
  • the productivity for the management of an employee's device collection is increased.
  • intelligent management agents are able to discover and communicate management functions to identical agents on other platforms.
  • interfaces to intelligent management agents are used to enable routing of platform management operations to other devices.
  • management authority is established over managed resources of a platform (for example, the managed resources can include hardware, software, applications, services, etc.)
  • management authority is delegated from one device to another (for example, another device that includes the same management agents).
  • the above-described features and/or other features may be used to distribute management operations over a collection of devices in various ways that suit a configuration context and/or pre-set policies.
  • management operations are received from a management console at a first device of a plurality of devices to be used by a user, and management authority and operations are performed on a second device of the plurality of devices in response to the received management operations.
  • an article includes a computer readable medium having instructions thereon which when executed cause a computer to receive management operations from a management console at a first device of a plurality of devices to be used by a user, and to perform management authority and operations on a second device of the plurality of devices in response to the received management operations.
  • a user device includes a management agent to receive management operations from a management console at the user device, and to perform management authority and operations on a second user device in response to the received management operations, wherein the user device and the second user device are included in a plurality of user devices to be used by a user.
  • a system in some embodiments includes a management console to provide management operations and a plurality of devices to be used by a user including at least a first device and a second device.
  • the first device includes a first management agent to receive management operations from the management console, and to perform management authority and operations on the second device in response to the received management operations.
  • the second device includes a second management agent to receive management operations from the first management agent.
  • FIG. 1 illustrates a platform management system 100 according to some embodiments.
  • Platform management system 100 includes a plurality of managed devices (for example, a worker's device collection or workspace) including laptop personal computer (PC) 102 , desktop PC 104 , PDA 106 , and cell phone 108 .
  • the managed devices can include any combination of these types of devices illustrated in FIG. 1 and/or any other type of devices.
  • laptop 102 and desktop 104 are not limited to PCs (personal computers) and can be any type of laptop and desktop, respectively.
  • Each of the laptop 102 , desktop 104 , PDA 106 , and cell phone 108 has a corresponding management console 112 , 114 , 116 , and 118 , respectively (or in some embodiments a corresponding management console application).
  • One management console (or management console application) 112 is illustrated in the front of the other management consoles (or management console applications) 114 , 116 , and 118 in FIG. 1 , it is noted that each management console can be similar and/or identical to each other in some embodiments.
  • one or more of the management consoles 112 , 114 , 116 , and/or 118 includes a monitor application 122 and a provisioning application 124 , as illustrated in management console 112 of FIG. 1 .
  • each management console 112 , 114 , 116 , and 118 is managed independent of the other management consoles (or management console applications).
  • each of the managed devices 102 , 104 , 106 , and 108 includes a managed platform 132 .
  • a managed platform 132 is illustrated in FIG. 1 as the managed platform of the laptop 102
  • each of the other managed devices can include a similar or identical managed platform.
  • managed platform 132 includes managed platform resources 134 , management functions 136 supplied on the platform, management services 138 built on the management functions 136 , management applications 140 , a secure storage area 142 , a Management Exchange Agent (MEA) 144 , and a Management Authority component (MA) 146 .
  • management system components for example, the managed platform resources 134 , management functions 136 , management services 138 , and management applications 140 ) are exemplary and may not be included in all embodiments.
  • the managed platform resources 134 are the platform resources themselves (that is, the things to be managed).
  • managed platform resources 134 of a platform such as laptop 102 can include, for example, hardware, software, applications, and/or services, etc.
  • the management functions 136 are the fundamental (or basic) management functions supplied on the platform, and can include management functions such as Security Management, Performance Management, Fault Management, Configuration Management, and/or other types of management functions, for example, in various embodiments.
  • a management system including Security Management can be implemented as disclosed, for example, in U.S. patent application Ser. No. 10/742,225 filed on Dec. 18, 2003 and entitled “Client-Side Security Management for an Operations, Administration, and Maintenance System for Wireless Clients”.
  • management services 138 are built on the management functions 136 which may be supplied by one or more different management software vendors, for example.
  • management services 138 can include, for example, a management system A and a management system B.
  • management services 138 can include a single management system, or some other number of management systems other than that shown in FIG. 1 .
  • any particular type of management system may be used as management services 138 .
  • the management applications 140 are the management applications themselves, and can include, for example, a monitoring service (or client-side management monitor as illustrated in FIG. 1 ) and/or a provisioning application (or client-side provisioning as illustrated in FIG. 1 ).
  • secure storage area 142 is a tamper-proof secure storage area into which keys or their hashes can be installed.
  • the secure storage area 142 can be platform or silicon-based. In some embodiments a secure storage area is not necessary and is not used. However, secure storage area 142 is advantageous in some embodiments because it provides a tamper-proof area to store keys or their hashes, for example, to ensure secure or trusted communications between the platform (for example, laptop 102 ) and other similarly equipped platforms.
  • Management Exchange Agent (MEA) 144 is an intelligent (active) MEA which communicates with other MEAs on other similarly equipped platforms (for example, on desktop 104 , PDA 106 , and/or cell phone 108 ).
  • each MEA 144 includes a Management Authority component (MA) 146 .
  • MA 146 represents the level or specific domain of authority that the MEA 144 has to effect management functions on other devices. This authority may be applied as described and/or derived, for example, in U.S. patent application Ser. No. 10/742,225 filed on Dec. 18, 2003 and entitled “Client-Side Security Management for an Operations, Administration, and Maintenance System for Wireless Clients”.
  • FIG. 5 of application Ser. No. 10/742,225 illustrates the breadth and depth of possible policy control over access to managed resources in a platform.
  • FIGS. 3 and 4 of application Ser. No. 10/742,225 illustrate the mechanisms for exercising such control, and FIG. 6 of that application demonstrates the mechanisms for establishing initial authority and delegation of such authority.
  • These mechanisms may be used by the MA to derive and delegate its own management authority within its own platform and other platforms over which it may exercise management authority as described elsewhere in this application.
  • the MA contains the following functionality, some of which may be optional for some embodiments:
  • the MA is a “trusted” non-tamperable set of computer instructions. These instructions may be authenticated and authorized by means of a verifiable certificate or other keys or hashes of keys that are stored on the platform in secure storage area 142 , for example.
  • the MA has the ability to present on demand such certification of its authority.
  • the MA has the ability to store a non-tamperable representation of any additional authority granted it (e.g. by a Management Console or another MEA). In some embodiments such representation or a certificate of authenticity can be stored in secure storage area 142 .
  • the MA has the ability to retrieve and process authority representations (e.g. certificates) from a Management Console or other MEA with which its MEA communicates. It should have the ability to accomplish this independent of verification from a 3 rd party such as a 2nd Management Console or another MEA.
  • authority representations e.g. certificates
  • the MA must understand the representation of the security policy being applied ultimately from the Management Console.
  • management authority may be restricted to read-only access or read-write access and only for particular management operations or particular management resources including entire platforms.
  • the MA must know how to apply the security policy to other platforms as well as the resources within its own platform.
  • the infrastructure for such policies could be provided by the aforementioned mechanisms with the patent application Ser. No. 10/742,225.
  • the MEA 144 and/or the MA 146 provide a way to increase the productivity for managing an employee's device collection using the following features:
  • Intelligent management agents that are able to discover and communicate management functions to identical agents on other platforms.
  • a Management Exchange Agent (for example MEA 144 of FIG. 1 or any other MEA) may communicate with one or two other entities:
  • the Management Console from which it may take initial instructions and to which it may provide acknowledgment of actions taken on behalf of the Console.
  • a particular MEA may participate in either one or both of these communications depending on the role of its platform in executing management instructions. For instance:
  • the platform on which the MEA resides may be the only platform which the Console wishes to manage, in which case only communication 1. applies
  • the platform may the first of a plurality of platforms that the Console wishes to manage by means of the inventions and thus the MEA will utilize both forms of communication above, 1. and 2.
  • the platform may be under the ultimate management of the Console, but not directly. In this case, this platform's MEA will communicate with another MEA whether it be the first or an intermediate MEA in a chain of management delegation.
  • an MEA (for example, MEA 144 of FIG. 1 or any other MEA) will have the following functionalities:
  • management functionality exists to at least the extent that the instructions and policies can be applied within the MEA.
  • This set of management functionality may be less than that offered by the “Management Systems” depicted in FIG. 1 , since it need not be general-purpose.
  • FIG. 2 illustrates a platform management system 200 according to some embodiments.
  • FIG. 2 illustrates a distribution of management operations from a single management console via one device, which exerts management authority and operations over other devices in the collection of devices.
  • Platform management system 200 includes a plurality of managed devices (for example, a worker's device collection) including laptop 202 , desktop 204 , PDA 206 , and cell phone 208 .
  • the managed devices can include any combination of these types of devices illustrated in FIG. 2 and/or any other type of devices.
  • Platform management system 200 also includes a management console (or management console application) 212 for the managed devices 202 , 204 , 206 , and 208 .
  • Management console 212 includes a monitor application 222 and a provisioning application 224 .
  • each of the managed devices 102 , 104 , 106 , and 108 includes a managed platform 232 .
  • a managed platform 232 is illustrated in detail in FIG. 2 as the managed platform of the laptop 202
  • each of the other managed devices can include a similar or identical managed platform.
  • managed platform 232 includes managed platform resources 234 , management functions 236 , management services 238 , management applications 240 , a secure storage area 242 , a Management Exchange Agent (MEA) 244 , and a Management Authority component (MA) 246 .
  • MUA Management Exchange Agent
  • MA Management Authority component
  • FIG. 2 illustrates some embodiments in which the MEA 244 and MA 246 components may be utilized.
  • laptop 202 has been granted management authority over all of the other devices (for example desktop 204 , PDA 206 , and/or cell phone 208 ) in the worker's collection of devices.
  • an enterprise IT craftsperson may wish to apply a management function to the collection of devices as a whole (for example, an asset information update, a security patch, etc.)
  • management authority is granted on a per device basis, as illustrated by the arrows. This is accomplished, for example, by an exchange of MA keys derived from the secure platform storage area 242 .
  • Management operations are routed through the MEA 244 to each device individually. In some embodiments all the devices do not need to be present or connected at the same time for the management operations to take place.
  • the laptop MEA 244 may apply the operations at any time the laptop 202 comes into contact with the other devices (for example, via Bluetooth, 802.11x, Universal Serial Bus, and/or any other way).
  • the MEA 244 also has a reporting function (not illustrated by arrows in FIG. 2 ) used to report back to the management console the status of any operations.
  • FIG. 3 illustrates a platform management system 300 according to some embodiments.
  • FIG. 3 illustrates a management of a virtual workspace in which each device individually exerts management authority and operations over the next device in the collection of devices. In some embodiments this management operation exchange can occur asynchronously as devices are available.
  • Platform management system 300 includes a plurality of managed devices (for example, a worker's device collection) including laptop 302 , desktop 304 , PDA 306 , and cell phone 308 .
  • the managed devices can include any combination of these types of devices illustrated in FIG. 3 and/or any other type of devices.
  • Platform management system 300 also includes a management console (or management console application) 312 for the managed devices 302 , 304 , 306 , and 308 .
  • Management console 312 includes a monitor application 322 and a provisioning application 324 .
  • each of the managed devices 302 , 304 , 306 , and 308 includes a managed platform 332 .
  • a managed platform 332 is illustrated in detail in FIG. 2 as the managed platform of the laptop 302
  • each of the other managed devices can include a similar or identical managed platform.
  • managed platform 332 includes managed platform resources 334 , management functions 336 , management services 338 , management applications 340 , a secure storage area 342 , a Management Exchange Agent (MEA) 344 , and a Management Authority component (MA) 346 .
  • MUA Management Exchange Agent
  • MA Management Authority component
  • FIG. 3 illustrates a management operation distribution according to some embodiments and as illustrated by the arrows in FIG. 3 .
  • the laptop MEA 344 contacts one of the other devices (for example, desktop 304 ) and passes both the management authority and management operations to that device. That device in turn performs the management operations to one of the other devices (for example, PDA 306 ) in a similar fashion, and passes on the management authority and management operations to that device to further propagate the operations for all devices in the worker's virtual workspace (for example, the PDA 306 then performs the management operations to cell phone 308 in a similar fashion, and passes on the management operations and/or management authority to that device).
  • a reporting function propagates back through the chain of devices to the management console 312 to report status.
  • management operations are distributed with a maximum amount of flexibility.
  • a single management console ( 212 or 312 , for example) is used rather than multiple management consoles ( 112 , 114 , 116 , 118 , for example).
  • a single management console or console application
  • a reduction in management overhead is achieved for example, for a console operator to check one console in needing to manage and track each device of a worker.
  • a Management Console delegates its authority to an MA of a user's (or worker's) device.
  • an MA of a first user (or worker) device delegates its authority (which authority was derived from a Management Console) to an MA of a second user (or worker) device.
  • authority is delegated by a management console to a first device to perform management operations on the behalf of the management console on one or more of the plurality of devices in the user's workspace.
  • the number of consoles (or management applications) required to manage a collection of devices is reduced. This allows for a reduction in the ratio of IT resources to number of devices.
  • the number of console operations or the time to apply them may be reduced, since they are applied to other devices automatically.
  • collaborative, cross-device applications can be managed as a single entity, since distributed commands or operations are provided from a single point of control.
  • management operations may be applied in a scalable fashion, since only a single point of contact is necessary from IT to the multiple devices held by a single worker.
  • enterprise security may be enhanced by using the ability to quarantine an entire device collection from a single point (for example, assuming all devices in a worker's collection or virtual workspace are infected if one device is infected).
  • backup and restore operations may be distributed within a collection of devices.
  • remote control is implemented of devices from a management console or another device in the collection using another device in the collection as a proxy.
  • IT budgets may be reduced by utilizing management automation.
  • built-in security features are incorporated into a platform.
  • multiple devices include built-in security features.
  • all devices in a network or a collection of a worker's devices include management authority and management operations functionality.
  • enterprise management is implemented with an ability to perform collaborative, cross-device management of the devices, and the management applications are implemented via intelligent management agents with platform-based management authority.
  • the elements in some cases may each have a same reference number or a different reference number to suggest that the elements represented could be different and/or similar.
  • an element may be flexible enough to have different implementations and work with some or all of the systems shown or described herein.
  • the various elements shown in the figures may be the same or different. Which one is referred to as a first element and which is called a second element is arbitrary.
  • Coupled may mean that two or more elements are in direct physical or electrical contact. However, “coupled” may also mean that two or more elements are not in direct contact with each other, but yet still co-operate or interact with each other.
  • An algorithm is here, and generally, considered to be a self-consistent sequence of acts or operations leading to a desired result. These include physical manipulations of physical quantities. Usually, though not necessarily, these quantities take the form of electrical or magnetic signals capable of being stored, transferred, combined, compared, and otherwise manipulated. It has proven convenient at times, principally for reasons of common usage, to refer to these signals as bits, values, elements, symbols, characters, terms, numbers or the like. It should be understood, however, that all of these and similar terms are to be associated with the appropriate physical quantities and are merely convenient labels applied to these quantities.
  • Some embodiments may be implemented in one or a combination of hardware, firmware, and software. Some embodiments may also be implemented as instructions stored on a machine-readable medium, which may be read and executed by a computing platform to perform the operations described herein.
  • a machine-readable medium may include any mechanism for storing or transmitting information in a form readable by a machine (e.g., a computer).
  • a machine-readable medium may include read only memory (ROM); random access memory (RAM); magnetic disk storage media; optical storage media; flash memory devices; electrical, optical, acoustical or other form of propagated signals (e.g., carrier waves, infrared signals, digital signals, the interfaces that transmit and/or receive signals, etc.), and others.
  • An embodiment is an implementation or example of the inventions.
  • Reference in the specification to “an embodiment,” “one embodiment,” “some embodiments,” or “other embodiments” means that a particular feature, structure, or characteristic described in connection with the embodiments is included in at least some embodiments, but not necessarily all embodiments, of the inventions.
  • the various appearances “an embodiment,” “one embodiment,” or “some embodiments” are not necessarily all referring to the same embodiments.

Abstract

In some embodiments, management operations are received from a management console at a first device of a plurality of devices to be used by a user, and management authority and operations are performed on a second device of the plurality of devices in response to the received management operations. Other embodiments are described and claimed.

Description

  • This application is a Continuation-In-Part application of U.S. patent application Ser. No. 10/742,225 filed on Dec. 18, 2003 and entitled “Client-Side Security Management for an Operations, Administration, and Maintenance System for Wireless Clients” by Casey Bahr.
  • TECHNICAL FIELD
  • The inventions relate to management of workspace devices.
  • BACKGROUND
  • Information Technology (IT) departments typically manage an employee's collection of enterprise-provisioned devices such as a laptop, a desktop, a PDA (personal digital assistant), a smart cell phone, etc. separately from each other. Enterprise IT departments currently struggle to achieve the best cost and performance solution.
  • Several long-term and emerging trends in computer and communication technologies promise continued increases in worker productivity. For example, these trends include an increasing sophistication of the computers or devices themselves, multiple devices of varying computation and communication capabilities for each enterprise worker (since a worker distributes their work over these devices in the most optimal manner for the context or task in which they are working in order to create a “virtual workspace”), and/or flexibility due to an extension in an employee's work time and space which may include multiple work locations such as roaming the enterprise, telecommuting from home, traveling, etc.
  • These types of trends have created new challenges for IT departments that are charged with managing these devices (for example, provisioning, configuration, monitoring, tuning, securing, etc.) For example, the devices may not be equipped with effective management infrastructure or tools. Further, if such infrastructure exists it may vary in functionality from platform to platform or from vendor tool to vendor tool. Another challenge includes the diversity of network connectivity options, both public and private. For example, a device may connect to a network using one or more of the following or any other available connectivity options: Wireless Local Area Networks (WLANs) (for example, 802.11x hotspots), Wireless Wide Area Networks (WWANs) (for example, General Packet Radio Service (GPRS) or Universal Traffic Management Systems (UTMS)), and Personal Area Networks (PANs) (for example, Bluetooth). Such challenges come at a time when IT departments are under continuing pressure to reduce their costs to the enterprise as a whole. These factors have created an increased automation of management processes and a commensurate reduction in IT department employee headcount. Thus, enterprise IT departments struggle to achieve the best cost-performance in their services and are under constant pressure to reduce costs to the enterprise, while they must manage more devices and a wider variety of devices as time goes on.
  • Multiple worker devices have previously been managed using one management console (or console application) per device with each device managed independently of the others. This approach increases costs to the enterprise as the number and variety of devices increases.
  • BRIEF DESCRIPTION OF THE DRAWINGS
  • The inventions will be understood more fully from the detailed description given below and from the accompanying drawings of some embodiments of the inventions which, however, should not be taken to limit the inventions to the specific embodiments described, but are for explanation and understanding only.
  • FIG. 1 illustrates a platform management system according to some embodiments of the inventions.
  • FIG. 2 illustrates a platform management system according to some embodiments of the inventions.
  • FIG. 3 illustrates a platform management system according to some embodiments of the inventions.
  • DETAILED DESCRIPTION
  • Some embodiments of the inventions relate to management of workspace devices.
  • In some embodiments the inventions enable an enterprise Information Technology (IT) department to distribute the management of an employee's collection of enterprise-provisioned devices (for example, a laptop computer, a desktop computer, a personal digital assistant (PDA), and/or a smart cell phone, etc.) amongst the devices themselves rather than remotely managing each device as a separate entity.
  • In some embodiments the productivity for the management of an employee's device collection is increased. In some embodiments intelligent management agents are able to discover and communicate management functions to identical agents on other platforms. In some embodiments interfaces to intelligent management agents are used to enable routing of platform management operations to other devices. In some embodiments management authority is established over managed resources of a platform (for example, the managed resources can include hardware, software, applications, services, etc.) In some embodiments management authority is delegated from one device to another (for example, another device that includes the same management agents). In some embodiments the above-described features and/or other features may be used to distribute management operations over a collection of devices in various ways that suit a configuration context and/or pre-set policies.
  • In some embodiments, management operations are received from a management console at a first device of a plurality of devices to be used by a user, and management authority and operations are performed on a second device of the plurality of devices in response to the received management operations.
  • In some embodiments an article includes a computer readable medium having instructions thereon which when executed cause a computer to receive management operations from a management console at a first device of a plurality of devices to be used by a user, and to perform management authority and operations on a second device of the plurality of devices in response to the received management operations.
  • In some embodiments a user device includes a management agent to receive management operations from a management console at the user device, and to perform management authority and operations on a second user device in response to the received management operations, wherein the user device and the second user device are included in a plurality of user devices to be used by a user.
  • In some embodiments a system includes a management console to provide management operations and a plurality of devices to be used by a user including at least a first device and a second device. The first device includes a first management agent to receive management operations from the management console, and to perform management authority and operations on the second device in response to the received management operations. The second device includes a second management agent to receive management operations from the first management agent.
  • FIG. 1 illustrates a platform management system 100 according to some embodiments. Platform management system 100 includes a plurality of managed devices (for example, a worker's device collection or workspace) including laptop personal computer (PC) 102, desktop PC 104, PDA 106, and cell phone 108. The managed devices according to some embodiments can include any combination of these types of devices illustrated in FIG. 1 and/or any other type of devices. For example, laptop 102 and desktop 104 are not limited to PCs (personal computers) and can be any type of laptop and desktop, respectively. Each of the laptop 102, desktop 104, PDA 106, and cell phone 108 has a corresponding management console 112, 114, 116, and 118, respectively (or in some embodiments a corresponding management console application). One management console (or management console application) 112 is illustrated in the front of the other management consoles (or management console applications) 114, 116, and 118 in FIG. 1, it is noted that each management console can be similar and/or identical to each other in some embodiments. In some embodiments one or more of the management consoles 112, 114, 116, and/or 118 includes a monitor application 122 and a provisioning application 124, as illustrated in management console 112 of FIG. 1. In some embodiments each management console 112, 114, 116, and 118 (or management console application) is managed independent of the other management consoles (or management console applications).
  • In some embodiments each of the managed devices 102, 104, 106, and 108 includes a managed platform 132. Although a managed platform 132 is illustrated in FIG. 1 as the managed platform of the laptop 102, each of the other managed devices (desktop 104, PDA 106, and/or cell phone 108) can include a similar or identical managed platform.
  • In some embodiments managed platform 132 includes managed platform resources 134, management functions 136 supplied on the platform, management services 138 built on the management functions 136, management applications 140, a secure storage area 142, a Management Exchange Agent (MEA) 144, and a Management Authority component (MA) 146. Many of these management system components (for example, the managed platform resources 134, management functions 136, management services 138, and management applications 140) are exemplary and may not be included in all embodiments.
  • The managed platform resources 134 are the platform resources themselves (that is, the things to be managed). In some embodiments managed platform resources 134 of a platform such as laptop 102 can include, for example, hardware, software, applications, and/or services, etc.) In some embodiments the management functions 136 are the fundamental (or basic) management functions supplied on the platform, and can include management functions such as Security Management, Performance Management, Fault Management, Configuration Management, and/or other types of management functions, for example, in various embodiments. In some embodiments a management system including Security Management can be implemented as disclosed, for example, in U.S. patent application Ser. No. 10/742,225 filed on Dec. 18, 2003 and entitled “Client-Side Security Management for an Operations, Administration, and Maintenance System for Wireless Clients”. One or more management services 138 are built on the management functions 136 which may be supplied by one or more different management software vendors, for example. In some embodiments management services 138 can include, for example, a management system A and a management system B. In some embodiments management services 138 can include a single management system, or some other number of management systems other than that shown in FIG. 1. In some embodiments any particular type of management system may be used as management services 138. In some embodiments the management applications 140 are the management applications themselves, and can include, for example, a monitoring service (or client-side management monitor as illustrated in FIG. 1) and/or a provisioning application (or client-side provisioning as illustrated in FIG. 1).
  • In some embodiments secure storage area 142 is a tamper-proof secure storage area into which keys or their hashes can be installed. The secure storage area 142 can be platform or silicon-based. In some embodiments a secure storage area is not necessary and is not used. However, secure storage area 142 is advantageous in some embodiments because it provides a tamper-proof area to store keys or their hashes, for example, to ensure secure or trusted communications between the platform (for example, laptop 102) and other similarly equipped platforms.
  • In some embodiments Management Exchange Agent (MEA) 144 is an intelligent (active) MEA which communicates with other MEAs on other similarly equipped platforms (for example, on desktop 104, PDA 106, and/or cell phone 108).
  • In some embodiments each MEA 144 includes a Management Authority component (MA) 146. MA 146 represents the level or specific domain of authority that the MEA 144 has to effect management functions on other devices. This authority may be applied as described and/or derived, for example, in U.S. patent application Ser. No. 10/742,225 filed on Dec. 18, 2003 and entitled “Client-Side Security Management for an Operations, Administration, and Maintenance System for Wireless Clients”.
  • An embodiment on which an MA of a platform-based security management system could be based are included in certain figures and descriptions of the above-mentioned U.S. patent application Ser. No. 10/742,225. In particular, FIG. 5 of application Ser. No. 10/742,225 illustrates the breadth and depth of possible policy control over access to managed resources in a platform. FIGS. 3 and 4 of application Ser. No. 10/742,225 illustrate the mechanisms for exercising such control, and FIG. 6 of that application demonstrates the mechanisms for establishing initial authority and delegation of such authority. These mechanisms, in some embodiments, may be used by the MA to derive and delegate its own management authority within its own platform and other platforms over which it may exercise management authority as described elsewhere in this application.
  • In some embodiments the MA contains the following functionality, some of which may be optional for some embodiments:
  • In some embodiments the MA is a “trusted” non-tamperable set of computer instructions. These instructions may be authenticated and authorized by means of a verifiable certificate or other keys or hashes of keys that are stored on the platform in secure storage area 142, for example.
  • In some embodiments the MA has the ability to present on demand such certification of its authority.
  • In some embodiments the MA has the ability to store a non-tamperable representation of any additional authority granted it (e.g. by a Management Console or another MEA). In some embodiments such representation or a certificate of authenticity can be stored in secure storage area 142.
  • In some embodiments the MA has the ability to retrieve and process authority representations (e.g. certificates) from a Management Console or other MEA with which its MEA communicates. It should have the ability to accomplish this independent of verification from a 3rd party such as a 2nd Management Console or another MEA.
  • In some embodiments the MA must understand the representation of the security policy being applied ultimately from the Management Console. For example, in some embodiments, management authority may be restricted to read-only access or read-write access and only for particular management operations or particular management resources including entire platforms. Thus, the MA must know how to apply the security policy to other platforms as well as the resources within its own platform. The infrastructure for such policies could be provided by the aforementioned mechanisms with the patent application Ser. No. 10/742,225.
  • In some embodiments the MEA 144 and/or the MA 146 provide a way to increase the productivity for managing an employee's device collection using the following features:
  • 1. Intelligent management agents that are able to discover and communicate management functions to identical agents on other platforms.
  • 2. Interfaces to such management agents through which platform management operations can be routed to other devices.
  • 3. Establishing management authority over a platforms managed resource (for example, hardware, software, applications, services, etc.)
  • 4. Delegating the management authority from one device to another device (which has the same or similar features, functionality, mechanisms, etc.)
  • 5. Utilizing the above features to distribute management operations over a collection of devices in various ways that suit a configuration context or pre-set policies.
  • In some embodiments a Management Exchange Agent (for example MEA 144 of FIG. 1 or any other MEA) may communicate with one or two other entities:
  • 1. The Management Console from which it may take initial instructions and to which it may provide acknowledgment of actions taken on behalf of the Console.
  • 2. Another MEA to which the first MEA must transmit management instructions and optionally from which it must receive acknowledgment of the management actions requested by the first MEA.
  • In some embodiments a particular MEA may participate in either one or both of these communications depending on the role of its platform in executing management instructions. For instance:
  • The platform on which the MEA resides may be the only platform which the Console wishes to manage, in which case only communication 1. applies
  • The platform may the first of a plurality of platforms that the Console wishes to manage by means of the inventions and thus the MEA will utilize both forms of communication above, 1. and 2.
  • The platform may be under the ultimate management of the Console, but not directly. In this case, this platform's MEA will communicate with another MEA whether it be the first or an intermediate MEA in a chain of management delegation.
  • In some embodiments an MEA (for example, MEA 144 of FIG. 1 or any other MEA) will have the following functionalities:
  • 1. The presentation of initial or subsequent interfaces to a requesting entity (i.e. the Management Console or another MEA).
  • 2. Authentication of itself to a Console or another MEA for the purposes of establishing a trusted relationship and secure communication with the requesting entity.
  • 3. The acceptance of a set of management instructions and policies related to the use of these instructions.
  • 4. The application of the management instructions and policies. This feature means that management functionality exists to at least the extent that the instructions and policies can be applied within the MEA. This set of management functionality may be less than that offered by the “Management Systems” depicted in FIG. 1, since it need not be general-purpose.
  • 5. The ability to retain state related to the management instructions being applied such that the instructions can be applied transactionally (or atomically) to support roll-back of the instructions in case of errors.
  • 6. The ability to retain acknowledgment state that is required to be communicated back up an MEA chain, ultimately to the Console.
  • 7. Notification back up an MEA chain to a Console for the purposes of acknowledgement of a set of management functions (including errors).
  • In some embodiments only functionalities 3 and 4 are strictly required, and the other functionalities are optional (though likely to be present in some embodiments). Other functionalities may be present in some embodiments.
  • In some embodiments the kind of data included in the MEA management instruction policy may include some or all of the following:
  • Various time markings to show when the management instructions were issued, their deadline for delivery, or a deadline for acknowledgment.
  • What level of security or trust must me utilized when communicating and applying the management instructions
  • What, if any, interaction is required from the owner or user of the platform being managed
  • What sorts of transport are acceptable for communicating the management instructions from one platform to another
  • What, if any, other software or hardware must be or must not be present before applying the management instructions (e.g. if previously installed supporting management software is to be utilized)
  • What, if any, acknowledgement is required back to the transmitting MEA or Console
  • In the case of errors, what actions to take, perhaps to the level of specific errors (e.g., roll-back, abort, warning, etc.).
  • FIG. 2 illustrates a platform management system 200 according to some embodiments. In some embodiments FIG. 2 illustrates a distribution of management operations from a single management console via one device, which exerts management authority and operations over other devices in the collection of devices. Platform management system 200 includes a plurality of managed devices (for example, a worker's device collection) including laptop 202, desktop 204, PDA 206, and cell phone 208. The managed devices according to some embodiments can include any combination of these types of devices illustrated in FIG. 2 and/or any other type of devices. Platform management system 200 also includes a management console (or management console application) 212 for the managed devices 202, 204, 206, and 208. Management console 212 includes a monitor application 222 and a provisioning application 224. In some embodiments each of the managed devices 102, 104, 106, and 108 includes a managed platform 232. Although a managed platform 232 is illustrated in detail in FIG. 2 as the managed platform of the laptop 202, each of the other managed devices (desktop 204, PDA 206, and/or cell phone 208) can include a similar or identical managed platform.
  • In some embodiments managed platform 232 includes managed platform resources 234, management functions 236, management services 238, management applications 240, a secure storage area 242, a Management Exchange Agent (MEA) 244, and a Management Authority component (MA) 246. These elements of managed platform 232 can be similar to or the same as similar elements of managed platform 132 of FIG. 1.
  • FIG. 2 illustrates some embodiments in which the MEA 244 and MA 246 components may be utilized. In some embodiments laptop 202 has been granted management authority over all of the other devices (for example desktop 204, PDA 206, and/or cell phone 208) in the worker's collection of devices.
  • As illustrated by arrows in FIG. 2, for example, an enterprise IT craftsperson may wish to apply a management function to the collection of devices as a whole (for example, an asset information update, a security patch, etc.) As each device is contacted by the laptop MEA 244 via its own MEA within that other device, management authority is granted on a per device basis, as illustrated by the arrows. This is accomplished, for example, by an exchange of MA keys derived from the secure platform storage area 242. Management operations are routed through the MEA 244 to each device individually. In some embodiments all the devices do not need to be present or connected at the same time for the management operations to take place. The laptop MEA 244 may apply the operations at any time the laptop 202 comes into contact with the other devices (for example, via Bluetooth, 802.11x, Universal Serial Bus, and/or any other way). In some embodiments the MEA 244 also has a reporting function (not illustrated by arrows in FIG. 2) used to report back to the management console the status of any operations.
  • FIG. 3 illustrates a platform management system 300 according to some embodiments. In some embodiments FIG. 3 illustrates a management of a virtual workspace in which each device individually exerts management authority and operations over the next device in the collection of devices. In some embodiments this management operation exchange can occur asynchronously as devices are available. Platform management system 300 includes a plurality of managed devices (for example, a worker's device collection) including laptop 302, desktop 304, PDA 306, and cell phone 308. The managed devices according to some embodiments can include any combination of these types of devices illustrated in FIG. 3 and/or any other type of devices. Platform management system 300 also includes a management console (or management console application) 312 for the managed devices 302, 304, 306, and 308. Management console 312 includes a monitor application 322 and a provisioning application 324. In some embodiments each of the managed devices 302, 304, 306, and 308 includes a managed platform 332. Although a managed platform 332 is illustrated in detail in FIG. 2 as the managed platform of the laptop 302, each of the other managed devices (desktop 304, PDA 306, and/or cell phone 308) can include a similar or identical managed platform.
  • In some embodiments managed platform 332 includes managed platform resources 334, management functions 336, management services 338, management applications 340, a secure storage area 342, a Management Exchange Agent (MEA) 344, and a Management Authority component (MA) 346. These elements of managed platform 332 can be similar to or the same as similar elements of managed platform 132 of FIG. 1 and/or of managed platform 232 of FIG. 2.
  • FIG. 3 illustrates a management operation distribution according to some embodiments and as illustrated by the arrows in FIG. 3. For example, in some embodiments the laptop MEA 344 contacts one of the other devices (for example, desktop 304) and passes both the management authority and management operations to that device. That device in turn performs the management operations to one of the other devices (for example, PDA 306) in a similar fashion, and passes on the management authority and management operations to that device to further propagate the operations for all devices in the worker's virtual workspace (for example, the PDA 306 then performs the management operations to cell phone 308 in a similar fashion, and passes on the management operations and/or management authority to that device). In some embodiments a reporting function (not illustrated by arrows in FIG. 3) propagates back through the chain of devices to the management console 312 to report status.
  • In some embodiments other implementations are performed that mix the functions illustrated in FIG. 1, FIG. 2, and/or FIG. 3, for example. In some embodiments management operations are distributed with a maximum amount of flexibility.
  • In some embodiments (such as illustrated in and described in reference to FIGS. 2 and 3) a single management console (212 or 312, for example) is used rather than multiple management consoles (112, 114, 116, 118, for example). In embodiments in which a single management console (or console application) is used a reduction in management overhead is achieved for example, for a console operator to check one console in needing to manage and track each device of a worker.
  • In some embodiments a Management Console delegates its authority to an MA of a user's (or worker's) device. In some embodiments an MA of a first user (or worker) device delegates its authority (which authority was derived from a Management Console) to an MA of a second user (or worker) device. These types of delegation relieve the Console of the burden of having to manage each device and/or platform separately. In some embodiments authority is delegated by a management console to a first device to perform management operations on the behalf of the management console on one or more of the plurality of devices in the user's workspace.
  • As discussed above, enterprise IT departments currently struggle to achieve the best cost-performance in their services and are under constant pressure to reduce costs to the enterprise, even though they must manage a wider number and variety of devices as time moves forward. One alternative would be to resist integration of multiple and various devices and risk impact to business processes and worker productivity or “black market” management by the workers themselves in a non-uniform manner. One of the barriers that must be overcome is the inability to delegate management authority and operations to systems that can perform these functions automatically with only minimal high-level guidance. In some embodiments such automation is accomplished by distributing console intelligence and authority amongst the devices to be managed.
  • In some embodiments the number of consoles (or management applications) required to manage a collection of devices is reduced. This allows for a reduction in the ratio of IT resources to number of devices.
  • In some embodiments the number of console operations or the time to apply them may be reduced, since they are applied to other devices automatically.
  • In some embodiments collaborative, cross-device applications can be managed as a single entity, since distributed commands or operations are provided from a single point of control.
  • In some embodiments management operations (for example, a virus patch) may be applied in a scalable fashion, since only a single point of contact is necessary from IT to the multiple devices held by a single worker.
  • In some embodiments enterprise security may be enhanced by using the ability to quarantine an entire device collection from a single point (for example, assuming all devices in a worker's collection or virtual workspace are infected if one device is infected).
  • In some embodiments backup and restore operations may be distributed within a collection of devices.
  • In some embodiments remote control is implemented of devices from a management console or another device in the collection using another device in the collection as a proxy.
  • In some embodiments IT budgets may be reduced by utilizing management automation. In some embodiments built-in security features are incorporated into a platform. In some embodiments multiple devices include built-in security features. In some embodiments all devices in a network or a collection of a worker's devices include management authority and management operations functionality.
  • In some embodiments enterprise management is implemented with an ability to perform collaborative, cross-device management of the devices, and the management applications are implemented via intelligent management agents with platform-based management authority.
  • Although some embodiments have been described in reference to particular implementations, other implementations are possible according to some embodiments. Additionally, the arrangement and/or order of circuit elements or other features illustrated in the drawings and/or described herein need not be arranged in the particular way illustrated and described. Many other arrangements are possible according to some embodiments.
  • In each system shown in a figure, the elements in some cases may each have a same reference number or a different reference number to suggest that the elements represented could be different and/or similar. However, an element may be flexible enough to have different implementations and work with some or all of the systems shown or described herein. The various elements shown in the figures may be the same or different. Which one is referred to as a first element and which is called a second element is arbitrary.
  • In the description and claims, the terms “coupled” and “connected,” along with their derivatives, may be used. It should be understood that these terms are not intended as synonyms for each other. Rather, in particular embodiments, “connected” may be used to indicate that two or more elements are in direct physical or electrical contact with each other. “Coupled” may mean that two or more elements are in direct physical or electrical contact. However, “coupled” may also mean that two or more elements are not in direct contact with each other, but yet still co-operate or interact with each other.
  • An algorithm is here, and generally, considered to be a self-consistent sequence of acts or operations leading to a desired result. These include physical manipulations of physical quantities. Usually, though not necessarily, these quantities take the form of electrical or magnetic signals capable of being stored, transferred, combined, compared, and otherwise manipulated. It has proven convenient at times, principally for reasons of common usage, to refer to these signals as bits, values, elements, symbols, characters, terms, numbers or the like. It should be understood, however, that all of these and similar terms are to be associated with the appropriate physical quantities and are merely convenient labels applied to these quantities.
  • Some embodiments may be implemented in one or a combination of hardware, firmware, and software. Some embodiments may also be implemented as instructions stored on a machine-readable medium, which may be read and executed by a computing platform to perform the operations described herein. A machine-readable medium may include any mechanism for storing or transmitting information in a form readable by a machine (e.g., a computer). For example, a machine-readable medium may include read only memory (ROM); random access memory (RAM); magnetic disk storage media; optical storage media; flash memory devices; electrical, optical, acoustical or other form of propagated signals (e.g., carrier waves, infrared signals, digital signals, the interfaces that transmit and/or receive signals, etc.), and others.
  • An embodiment is an implementation or example of the inventions. Reference in the specification to “an embodiment,” “one embodiment,” “some embodiments,” or “other embodiments” means that a particular feature, structure, or characteristic described in connection with the embodiments is included in at least some embodiments, but not necessarily all embodiments, of the inventions. The various appearances “an embodiment,” “one embodiment,” or “some embodiments” are not necessarily all referring to the same embodiments.
  • If the specification states a component, feature, structure, or characteristic “may”, “might”, “can” or “could” be included, for example, that particular component, feature, structure, or characteristic is not required to be included. If the specification or claim refers to “a” or “an” element, that does not mean there is only one of the element. If the specification or claims refer to “an additional” element, that does not preclude there being more than one of the additional element.
  • Although flow diagrams and/or state diagrams may have been used herein to describe embodiments, the inventions are not limited to those diagrams or to corresponding descriptions herein. For example, flow need not move through each illustrated box or state, or in exactly the same order as illustrated and described herein.
  • The inventions are not restricted to the particular details listed herein. Indeed, those skilled in the art having the benefit of this disclosure will appreciate that many other variations from the foregoing description and drawings may be made within the scope of the present inventions. Accordingly, it is the following claims including any amendments thereto that define the scope of the inventions.

Claims (34)

1. A method comprising:
receiving management operations from a management console at a first device of a plurality of devices to be used by a user; and
performing management authority and operations on a second device of the plurality of devices in response to the received management operations.
2. The method of claim 1, further comprising reporting back to the management console a status of management operations.
3. The method of claim 1, wherein the plurality of devices to be used by a user include at least one of a laptop computer, a desktop computer, a personal digital assistant, or a cell phone.
4. The method of claim 1, wherein the management authority is a management authority over platform managed resources.
5. The method of claim 4, wherein the platform managed resources include at least one of hardware, software, applications, or services.
6. The method of claim 1, further comprising performing the management authority and operations in response to a stored key.
7. The method of claim 1, wherein the plurality of devices is a collection of devices to be used by an employee.
8. The method of claim 1, further comprising delegating authority from the management console to the first device to perform management operations on behalf of the management console on one or more other of the plurality of devices to be used by the user.
9. An article comprising:
a computer readable medium having instructions thereon which when executed cause a computer to:
receive management operations from a management console at a first device of a plurality of devices to be used by a user; and
perform management authority and operations on a second device of the plurality of devices in response to the received management operations.
10. The article of claim 9, the computer readable medium further having instructions thereon which when executed cause a computer to report back to the management console a status of management operations.
11. The article of claim 9, wherein the plurality of devices to be used by a user include at least one of a laptop computer, a desktop computer, a personal digital assistant, or a cell phone.
12. The article of claim 9, wherein the management authority is a management authority over platform managed resources.
13. The article of claim 12, wherein the platform managed resources include at least one of hardware, software, applications, or services.
14. The article of claim 9, the computer readable medium further having instructions thereon which when executed cause a computer to perform the management authority and operations in response to a stored key.
15. The article of claim 9, wherein the plurality of devices is a collection of devices to be used by an employee.
16. The article of claim 9, the computer readable medium further having instructions thereon which when executed cause a computer to delegate authority from the management console to the first device to perform management operations on behalf of the management console on one or more other of the plurality of devices to be used by the user.
17. A user device comprising:
a management agent to receive management operations from a management console at the user device, and to perform management authority and operations on a second user device in response to the received management operations, wherein the user device and the second user device are included in a plurality of user devices to be used by a user.
18. The user device of claim 17, the management agent to report back to the management console a status of management operations.
19. The user device of claim 17, wherein the plurality of devices to be used by a user include at least one of a laptop computer, a desktop computer, a personal digital assistant, or a cell phone.
20. The user device of claim 17, wherein the management authority is a management authority over platform managed resources.
21. The user device of claim 20, wherein the platform managed resources include at least one of hardware, software, applications, or services.
22. The user device of claim 17, further comprising a secure storage area to store a key, wherein the management agent is to perform the management authority and operations in response to the stored key.
23. The user device of claim 17, wherein the plurality of devices is a collection of devices to be used by an employee.
24. The user device of claim 17, wherein the management agent is to receive authority delegated from the management console to the user device to perform management operations on behalf of the management console on one or more other of the plurality of devices to be used by the user.
25. A system comprising:
a management console to provide management operations;
a plurality of devices to be used by a user including at least a first device and a second device;
wherein the first device includes a first management agent to receive management operations from the management console, and to perform management authority and operations on the second device in response to the received management operations; and
wherein the second device includes a second management agent to receive management operations from the first management agent.
26. The system of claim 25, the first management agent to report back to the management console a status of management operations.
27. The system of claim 25, wherein the plurality of devices to be used by a user include at least one of a laptop computer, a desktop computer, a personal digital assistant, or a cell phone.
28. The system of claim 25, wherein the management authority is a management authority over platform managed resources.
29. The system of claim 28, wherein the platform managed resources include at least one of hardware, software, applications, or services.
30. The system of claim 25, the first user device further comprising a secure storage area to store a key, wherein the first management agent is to perform the management authority and operations in response to the stored key.
31. The system of claim 25, the plurality of devices further comprising a third device, wherein the second management agent is to perform management authority and operations on the third device in response to the received management operations.
32. The system of claim 25, the plurality of devices further comprising a third device, wherein the first management agent is to perform management authority and operations on the third device in response to the received management operations.
33. The system of claim 25, wherein the plurality of devices is a collection of devices to be used by an employee.
34. The system of claim 25, wherein the first management agent is to receive authority delegated from the management console to the first device to perform management operations on behalf of the management console on one or more other devices.
US11/026,608 2003-12-18 2004-12-30 Management of workspace devices Abandoned US20050138169A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US11/026,608 US20050138169A1 (en) 2003-12-18 2004-12-30 Management of workspace devices

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US10/742,225 US7434256B2 (en) 2003-12-18 2003-12-18 Security management for wireless clients
US11/026,608 US20050138169A1 (en) 2003-12-18 2004-12-30 Management of workspace devices

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
US10/742,225 Continuation-In-Part US7434256B2 (en) 2003-12-18 2003-12-18 Security management for wireless clients

Publications (1)

Publication Number Publication Date
US20050138169A1 true US20050138169A1 (en) 2005-06-23

Family

ID=34678397

Family Applications (6)

Application Number Title Priority Date Filing Date
US10/742,225 Active 2025-11-29 US7434256B2 (en) 2003-12-18 2003-12-18 Security management for wireless clients
US11/026,608 Abandoned US20050138169A1 (en) 2003-12-18 2004-12-30 Management of workspace devices
US12/218,721 Active 2025-01-12 US7950054B2 (en) 2003-12-18 2008-07-15 Client-side security management for an operations, administration, and maintenance system for wireless clients
US13/042,689 Active 2024-07-02 US8533810B2 (en) 2003-12-18 2011-03-08 Client-side security management for an operations, administration, and maintenance system for wireless clients
US13/962,131 Abandoned US20130326581A1 (en) 2003-12-18 2013-08-08 Client Side Security Management for an Operations, Administrations and Maintenance System for Wireless Clients
US15/630,802 Expired - Fee Related US10313355B2 (en) 2003-12-18 2017-06-22 Client side security management for an operations, administration and maintenance system for wireless clients

Family Applications Before (1)

Application Number Title Priority Date Filing Date
US10/742,225 Active 2025-11-29 US7434256B2 (en) 2003-12-18 2003-12-18 Security management for wireless clients

Family Applications After (4)

Application Number Title Priority Date Filing Date
US12/218,721 Active 2025-01-12 US7950054B2 (en) 2003-12-18 2008-07-15 Client-side security management for an operations, administration, and maintenance system for wireless clients
US13/042,689 Active 2024-07-02 US8533810B2 (en) 2003-12-18 2011-03-08 Client-side security management for an operations, administration, and maintenance system for wireless clients
US13/962,131 Abandoned US20130326581A1 (en) 2003-12-18 2013-08-08 Client Side Security Management for an Operations, Administrations and Maintenance System for Wireless Clients
US15/630,802 Expired - Fee Related US10313355B2 (en) 2003-12-18 2017-06-22 Client side security management for an operations, administration and maintenance system for wireless clients

Country Status (4)

Country Link
US (6) US7434256B2 (en)
EP (1) EP1695245A1 (en)
CN (1) CN100449540C (en)
WO (1) WO2005064496A1 (en)

Cited By (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110004931A1 (en) * 1996-11-29 2011-01-06 Ellis Iii Frampton E Global network computers for shared processing
US20120096537A1 (en) * 2010-01-26 2012-04-19 Ellis Frampton E Basic architecture for secure internet computers
US8516033B2 (en) 1996-11-29 2013-08-20 Frampton E. Ellis, III Computers or microchips with a hardware side protected by a primary internal hardware firewall leaving an unprotected hardware side connected to a network, and with multiple internal hardware compartments protected by multiple secondary interior hardware firewalls
US8555370B2 (en) 1996-11-29 2013-10-08 Frampton E Ellis Microchips with an internal hardware firewall
US8627444B2 (en) 1996-11-29 2014-01-07 Frampton E. Ellis Computers and microchips with a faraday cage, with a side protected by an internal hardware firewall and unprotected side connected to the internet for network operations, and with internal hardware compartments
US8677026B2 (en) 1996-11-29 2014-03-18 Frampton E. Ellis, III Computers and microchips with a portion protected by an internal hardware firewalls
US8726303B2 (en) 1996-11-29 2014-05-13 Frampton E. Ellis, III Microchips with an internal hardware firewall that by its location leaves unprotected microprocessors or processing units which performs processing with a network
US20140137232A1 (en) * 2012-11-14 2014-05-15 Canon Kabushiki Kaisha Device apparatus, control method, and relating storage medium
US8739195B2 (en) 1996-11-29 2014-05-27 Frampton E. Ellis, III Microchips with an internal hardware firewall protected portion and a network portion with microprocessors which execute shared processing operations with the network
US8898768B2 (en) 2010-01-26 2014-11-25 Frampton E. Ellis Computer or microchip with a secure control bus connecting a central controller to volatile RAM and the volatile RAM to a network-connected microprocessor
US9568946B2 (en) 2007-11-21 2017-02-14 Frampton E. Ellis Microchip with faraday cages and internal flexibility sipes
US10440537B1 (en) * 2018-12-11 2019-10-08 Vmware, Inc. Defining automations for enrolled user devices
US11388239B2 (en) 2019-06-10 2022-07-12 Vmware, Inc. Previewing impacted entities in automated device definitions

Families Citing this family (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9032192B2 (en) 2004-10-28 2015-05-12 Broadcom Corporation Method and system for policy based authentication
KR100629448B1 (en) 2005-06-01 2006-09-27 에스케이 텔레콤주식회사 System for managing security data for use in wireless internet platform
US20080155641A1 (en) * 2006-12-20 2008-06-26 International Business Machines Corporation Method and system managing a database system using a policy framework
US7900248B2 (en) * 2007-05-31 2011-03-01 Microsoft Corporation Access control negation using negative groups
US20080307486A1 (en) * 2007-06-11 2008-12-11 Microsoft Corporation Entity based access management
US8468579B2 (en) * 2007-06-15 2013-06-18 Microsoft Corporation Transformation of sequential access control lists utilizing certificates
US8627470B2 (en) * 2007-11-13 2014-01-07 Cisco Technology, Inc. System and method for wireless network and physical system integration
CN101764798B (en) * 2009-07-01 2012-10-24 北京华胜天成科技股份有限公司 Safety management system and method based on client terminal
CN102244660B (en) * 2011-07-12 2012-12-12 北京航空航天大学 Encryption method for realizing support of FGAC (Fine Grained Access Control)
CN102404706B (en) * 2011-11-24 2014-08-13 中兴通讯股份有限公司 Method for managing tariff safety and mobile terminal
US20140137190A1 (en) * 2012-11-09 2014-05-15 Rapid7, Inc. Methods and systems for passively detecting security levels in client devices
DE102013226036A1 (en) * 2013-11-05 2015-05-07 Robert Bosch Gmbh An end cap
US9722703B2 (en) * 2014-03-21 2017-08-01 Commscope Technologies Llc Digital distributed antenna systems and methods for advanced cellular communication protocols

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040131064A1 (en) * 1994-01-21 2004-07-08 Alcatel Canada Inc. Digital communications system
US20040259640A1 (en) * 2003-04-16 2004-12-23 Gentles Thomas A. Layered security methods and apparatus in a gaming system environment

Family Cites Families (81)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4584639A (en) * 1983-12-23 1986-04-22 Key Logic, Inc. Computer security system
US5265221A (en) * 1989-03-20 1993-11-23 Tandem Computers Access restriction facility method and apparatus
DE69031191T2 (en) 1989-05-15 1998-02-12 Ibm System for controlling access privileges
US5414844A (en) * 1990-05-24 1995-05-09 International Business Machines Corporation Method and system for controlling public access to a plurality of data objects within a data processing system
US5224163A (en) * 1990-09-28 1993-06-29 Digital Equipment Corporation Method for delegating authorization from one entity to another through the use of session encryption keys
US5577209A (en) * 1991-07-11 1996-11-19 Itt Corporation Apparatus and method for providing multi-level security for communication among computers and terminals on a network
US5649099A (en) * 1993-06-04 1997-07-15 Xerox Corporation Method for delegating access rights through executable access control program without delegating access rights not in a specification to any intermediary nor comprising server security
US5584023A (en) * 1993-12-27 1996-12-10 Hsu; Mike S. C. Computer system including a transparent and secure file transform mechanism
IL113259A (en) * 1995-04-05 2001-03-19 Diversinet Corp Apparatus and method for safe communication handshake and data transfer
US5948094A (en) * 1995-09-29 1999-09-07 Intel Corporation Method and apparatus for executing multiple transactions within a single arbitration cycle
US6112085A (en) * 1995-11-30 2000-08-29 Amsc Subsidiary Corporation Virtual network configuration and management system for satellite communication system
US6993582B2 (en) * 1996-07-30 2006-01-31 Micron Technology Inc. Mixed enclave operation in a computer network
US6029247A (en) * 1996-12-09 2000-02-22 Novell, Inc. Method and apparatus for transmitting secured data
US5963642A (en) * 1996-12-30 1999-10-05 Goldstein; Benjamin D. Method and apparatus for secure storage of data
US5875327A (en) * 1997-02-18 1999-02-23 International Business Machines Corporation Hierarchy of preferences and preference groups
US6408336B1 (en) * 1997-03-10 2002-06-18 David S. Schneider Distributed administration of access to information
US6023467A (en) * 1997-05-08 2000-02-08 Ericsson, Inc. Operations and maintenance data flows over a point to multipoint broadband access network
US6618366B1 (en) * 1997-12-05 2003-09-09 The Distribution Systems Research Institute Integrated information communication system
US6192361B1 (en) * 1997-12-23 2001-02-20 Alcatel Usa Sourcing, L.P. Full group privileges access system providing user access security protection for a telecommunications switching system
US6317490B1 (en) * 1997-12-30 2001-11-13 Nortel Networks Limited Method and apparatus for real-time billing account query
US6754820B1 (en) * 2001-01-30 2004-06-22 Tecsec, Inc. Multiple level access system
US6427071B1 (en) * 1998-12-08 2002-07-30 At&T Wireless Services, Inc. Apparatus and method for providing transporting for a control signal
US6317584B1 (en) * 1998-12-21 2001-11-13 Nortel Networks Limited Controlling communication in wireless and satellite networks
US20040030768A1 (en) * 1999-05-25 2004-02-12 Suban Krishnamoorthy Unified system and method for downloading code to heterogeneous devices in distributed storage area networks
DE19925910B4 (en) * 1999-06-07 2005-04-28 Siemens Ag Method for processing or processing data
US7120927B1 (en) * 1999-06-09 2006-10-10 Siemens Communications, Inc. System and method for e-mail alias registration
US6782412B2 (en) * 1999-08-24 2004-08-24 Verizon Laboratories Inc. Systems and methods for providing unified multimedia communication services
US7167855B1 (en) * 1999-10-15 2007-01-23 Richard Koenig Internet-based matching service for expert consultants and customers with matching of qualifications and times of availability
US6889321B1 (en) * 1999-12-30 2005-05-03 At&T Corp. Protected IP telephony calls using encryption
US6845448B1 (en) * 2000-01-07 2005-01-18 Pennar Software Corporation Online repository for personal information
US6834341B1 (en) * 2000-02-22 2004-12-21 Microsoft Corporation Authentication methods and systems for accessing networks, authentication methods and systems for accessing the internet
US7231517B1 (en) * 2000-03-03 2007-06-12 Novell, Inc. Apparatus and method for automatically authenticating a network client
US20040088560A1 (en) * 2000-04-20 2004-05-06 Danks David Hilton Secure system access
US7237114B1 (en) * 2000-04-26 2007-06-26 Pronvest, Inc. Method and system for signing and authenticating electronic documents
US7266595B1 (en) * 2000-05-20 2007-09-04 Ciena Corporation Accessing network device data through user profiles
AU7182701A (en) * 2000-07-06 2002-01-21 David Paul Felsher Information record infrastructure, system and method
US7098793B2 (en) * 2000-10-11 2006-08-29 Avante International Technology, Inc. Tracking system and method employing plural smart tags
US6978376B2 (en) * 2000-12-15 2005-12-20 Authentica, Inc. Information security architecture for encrypting documents for remote access while maintaining access control
US20020099944A1 (en) * 2001-01-19 2002-07-25 Bowlin Bradley Allen Method and apparatus which enable a computer user to prevent unauthorized access to files stored on a computer
US6976017B1 (en) * 2001-02-27 2005-12-13 Verizon Data Services Inc. Method and apparatus for context based querying
SE520489C2 (en) * 2001-03-16 2003-07-15 Smarttrust Systems Oy Procedure and arrangement in a database
US8417632B2 (en) * 2001-03-20 2013-04-09 Verizon Business Global Llc Systems and methods for interfacing with a billing and account management unit
US20020198892A1 (en) * 2001-03-21 2002-12-26 William Rychel Method and system for point of purchase sign creation and delivery
US6671500B2 (en) * 2001-03-30 2003-12-30 Skyworks Solutions, Inc. Frequency plan
US7114178B2 (en) * 2001-05-22 2006-09-26 Ericsson Inc. Security system
US7065783B2 (en) * 2001-07-06 2006-06-20 Aramira Corporation Mobile application access control list security system
GB2378270B (en) * 2001-07-30 2005-04-20 Ibm Method and apparatus for data transfer across a network
US20030051039A1 (en) * 2001-09-05 2003-03-13 International Business Machines Corporation Apparatus and method for awarding a user for accessing content based on access rights information
AU2002343424A1 (en) * 2001-09-28 2003-04-14 Bluesocket, Inc. Method and system for managing data traffic in wireless networks
US7020635B2 (en) * 2001-11-21 2006-03-28 Line 6, Inc System and method of secure electronic commerce transactions including tracking and recording the distribution and usage of assets
JP4664572B2 (en) * 2001-11-27 2011-04-06 富士通株式会社 Document distribution method and document management method
US7380120B1 (en) * 2001-12-12 2008-05-27 Guardian Data Storage, Llc Secured data format for access control
US7921450B1 (en) * 2001-12-12 2011-04-05 Klimenty Vainstein Security system using indirect key generation from access rules and methods therefor
US7478418B2 (en) * 2001-12-12 2009-01-13 Guardian Data Storage, Llc Guaranteed delivery of changes to security policies in a distributed system
US7921284B1 (en) * 2001-12-12 2011-04-05 Gary Mark Kinghorn Method and system for protecting electronic data in enterprise environment
US20030154381A1 (en) * 2002-02-12 2003-08-14 Pervasive Security Systems, Inc. Managing file access via a designated place
US20030110169A1 (en) * 2001-12-12 2003-06-12 Secretseal Inc. System and method for providing manageability to security information for secured items
US7681034B1 (en) * 2001-12-12 2010-03-16 Chang-Ping Lee Method and apparatus for securing electronic data
US7260555B2 (en) * 2001-12-12 2007-08-21 Guardian Data Storage, Llc Method and architecture for providing pervasive security to digital assets
US20030112977A1 (en) * 2001-12-18 2003-06-19 Dipankar Ray Communicating data securely within a mobile communications network
US20030135754A1 (en) * 2002-01-11 2003-07-17 Chaucer Chiu Database expanding system and method
JP4109874B2 (en) * 2002-02-05 2008-07-02 キヤノン株式会社 Information processing apparatus, control method therefor, program, and recording medium
US9087319B2 (en) * 2002-03-11 2015-07-21 Oracle America, Inc. System and method for designing, developing and implementing internet service provider architectures
US7233959B2 (en) * 2002-06-03 2007-06-19 International Business Machines Corporation Life-cycle management engine
US20070169073A1 (en) * 2002-04-12 2007-07-19 O'neill Patrick Update package generation and distribution network
GB0212314D0 (en) * 2002-05-28 2002-07-10 Symbian Ltd Secure mobile wireless device
US7206851B2 (en) * 2002-07-11 2007-04-17 Oracle International Corporation Identifying dynamic groups
US7134022B2 (en) * 2002-07-16 2006-11-07 Flyntz Terence T Multi-level and multi-category data labeling system
US7512810B1 (en) * 2002-09-11 2009-03-31 Guardian Data Storage Llc Method and system for protecting encrypted files transmitted over a network
US7308703B2 (en) * 2002-12-18 2007-12-11 Novell, Inc. Protection of data accessible by a mobile device
US7526800B2 (en) * 2003-02-28 2009-04-28 Novell, Inc. Administration of protection of data accessible by a mobile device
ES2357414T3 (en) * 2003-02-28 2011-04-26 Research In Motion Limited SYSTEM AND METHOD OF DATA PROTECTION IN A COMMUNICATION DEVICE.
US20040221174A1 (en) * 2003-04-29 2004-11-04 Eric Le Saint Uniform modular framework for a host computer system
US7500111B2 (en) * 2003-05-30 2009-03-03 International Business Machines Corporation Querying encrypted data in a relational database system
US7653936B2 (en) * 2003-06-25 2010-01-26 Microsoft Corporation Distributed expression-based access control
US7730543B1 (en) * 2003-06-30 2010-06-01 Satyajit Nath Method and system for enabling users of a group shared across multiple file security systems to access secured files
US7395423B1 (en) * 2003-08-25 2008-07-01 Nortel Networks Limited Security association storage and recovery in group key management
US7827595B2 (en) * 2003-08-28 2010-11-02 Microsoft Corporation Delegated administration of a hosted resource
US7472422B1 (en) * 2003-09-10 2008-12-30 Symantec Corporation Security management system including feedback and control
US20050079859A1 (en) * 2003-10-14 2005-04-14 Eakin William Joseph System and method for remotely accessing a private database
US7565696B1 (en) * 2003-12-10 2009-07-21 Arcsight, Inc. Synchronizing network security devices within a network security system

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040131064A1 (en) * 1994-01-21 2004-07-08 Alcatel Canada Inc. Digital communications system
US20040259640A1 (en) * 2003-04-16 2004-12-23 Gentles Thomas A. Layered security methods and apparatus in a gaming system environment

Cited By (31)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8892627B2 (en) 1996-11-29 2014-11-18 Frampton E. Ellis Computers or microchips with a primary internal hardware firewall and with multiple internal harware compartments protected by multiple secondary interior hardware firewalls
US9531671B2 (en) 1996-11-29 2016-12-27 Frampton E. Ellis Computer or microchip controlled by a firewall-protected master controlling microprocessor and firmware
US20110004931A1 (en) * 1996-11-29 2011-01-06 Ellis Iii Frampton E Global network computers for shared processing
US9183410B2 (en) 1996-11-29 2015-11-10 Frampton E. Ellis Computer or microchip with an internal hardware firewall and a master controlling device
US8516033B2 (en) 1996-11-29 2013-08-20 Frampton E. Ellis, III Computers or microchips with a hardware side protected by a primary internal hardware firewall leaving an unprotected hardware side connected to a network, and with multiple internal hardware compartments protected by multiple secondary interior hardware firewalls
US8555370B2 (en) 1996-11-29 2013-10-08 Frampton E Ellis Microchips with an internal hardware firewall
US8561164B2 (en) 1996-11-29 2013-10-15 Frampton E. Ellis, III Computers and microchips with a side protected by an internal hardware firewall and an unprotected side connected to a network
US8627444B2 (en) 1996-11-29 2014-01-07 Frampton E. Ellis Computers and microchips with a faraday cage, with a side protected by an internal hardware firewall and unprotected side connected to the internet for network operations, and with internal hardware compartments
US8677026B2 (en) 1996-11-29 2014-03-18 Frampton E. Ellis, III Computers and microchips with a portion protected by an internal hardware firewalls
US8726303B2 (en) 1996-11-29 2014-05-13 Frampton E. Ellis, III Microchips with an internal hardware firewall that by its location leaves unprotected microprocessors or processing units which performs processing with a network
US9172676B2 (en) 1996-11-29 2015-10-27 Frampton E. Ellis Computer or microchip with its system bios protected by one or more internal hardware firewalls
US8739195B2 (en) 1996-11-29 2014-05-27 Frampton E. Ellis, III Microchips with an internal hardware firewall protected portion and a network portion with microprocessors which execute shared processing operations with the network
US9021011B2 (en) 1996-11-29 2015-04-28 Frampton E. Ellis Computer or microchip including a network portion with RAM memory erasable by a firewall-protected master controller
US9568946B2 (en) 2007-11-21 2017-02-14 Frampton E. Ellis Microchip with faraday cages and internal flexibility sipes
US8898768B2 (en) 2010-01-26 2014-11-25 Frampton E. Ellis Computer or microchip with a secure control bus connecting a central controller to volatile RAM and the volatile RAM to a network-connected microprocessor
US10965645B2 (en) 2010-01-26 2021-03-30 Frampton E. Ellis Computer or microchip with a secure system bios having a separate private network connection to a separate private network
US8474033B2 (en) 2010-01-26 2013-06-25 Frampton E. Ellis Computer or microchip with a master controller connected by a secure control bus to networked microprocessors or cores
US9009809B2 (en) 2010-01-26 2015-04-14 Frampton E. Ellis Computer or microchip with a secure system BIOS and a secure control bus connecting a central controller to many network-connected microprocessors and volatile RAM
US9003510B2 (en) 2010-01-26 2015-04-07 Frampton E. Ellis Computer or microchip with a secure system bios having a separate private network connection to a separate private network
US11683288B2 (en) 2010-01-26 2023-06-20 Frampton E. Ellis Computer or microchip with a secure system bios having a separate private network connection to a separate private network
US8255986B2 (en) * 2010-01-26 2012-08-28 Frampton E. Ellis Methods of securely controlling through one or more separate private networks an internet-connected computer having one or more hardware-based inner firewalls or access barriers
US10057212B2 (en) 2010-01-26 2018-08-21 Frampton E. Ellis Personal computer, smartphone, tablet, or server with a buffer zone without circuitry forming a boundary separating zones with circuitry
US20120096537A1 (en) * 2010-01-26 2012-04-19 Ellis Frampton E Basic architecture for secure internet computers
US8813212B2 (en) 2010-01-26 2014-08-19 Frampton E. Ellis Computer or microchip with a master controller connected by a secure control bus to networked microprocessors or cores
US8869260B2 (en) 2010-01-26 2014-10-21 Frampton E. Ellis Computer or microchip with a master controller connected by a secure control bus to networked microprocessors or cores
US10375018B2 (en) 2010-01-26 2019-08-06 Frampton E. Ellis Method of using a secure private network to actively configure the hardware of a computer or microchip
US9154504B2 (en) * 2012-11-14 2015-10-06 Canon Kabushiki Kaisha Device apparatus, control method, and relating storage medium
US20140137232A1 (en) * 2012-11-14 2014-05-15 Canon Kabushiki Kaisha Device apparatus, control method, and relating storage medium
US10440537B1 (en) * 2018-12-11 2019-10-08 Vmware, Inc. Defining automations for enrolled user devices
US10999720B2 (en) 2018-12-11 2021-05-04 Vmware, Inc. Defining automations for enrolled user devices
US11388239B2 (en) 2019-06-10 2022-07-12 Vmware, Inc. Previewing impacted entities in automated device definitions

Also Published As

Publication number Publication date
US8533810B2 (en) 2013-09-10
US20100024027A1 (en) 2010-01-28
US20110179464A1 (en) 2011-07-21
CN100449540C (en) 2009-01-07
US20180020352A1 (en) 2018-01-18
US7434256B2 (en) 2008-10-07
US20130326581A1 (en) 2013-12-05
WO2005064496A1 (en) 2005-07-14
CN1890667A (en) 2007-01-03
US20050135623A1 (en) 2005-06-23
EP1695245A1 (en) 2006-08-30
US10313355B2 (en) 2019-06-04
US7950054B2 (en) 2011-05-24

Similar Documents

Publication Publication Date Title
US20050138169A1 (en) Management of workspace devices
US8539225B2 (en) Method and device for dynamic deployment of trust bridges in an ad hoc wireless network
CA2604926C (en) System topology for secure end-to-end communications between wireless device and application data source
CN101291205B (en) Backup data transmitting method, system, mirror-image server
EP2220810B1 (en) Communication apparatus, control method thereof, and storage medium
CN110535833A (en) A kind of data sharing control method based on block chain
GB2424559A (en) Selecting authentication protocol for a device in an EAP system from preferably the most recently used or most often used by that device
KR20110040691A (en) Apparatus and methods for managing network resources
JP2012526454A5 (en)
EP2186376A1 (en) Apparatus and method for sharing of an encryption key in an ad-hoc network
CN101631125A (en) Method and apparatus to provide secure communication
EP2220809A1 (en) Communication apparatus and control method thereof
CN110276615A (en) A kind of mobile cut-in method of block chain digital asset and system
CN114826766B (en) Block chain cross-chain based security verifiable service providing method and system
CN113901432A (en) Block chain identity authentication method, equipment, storage medium and computer program product
CN106535089A (en) Machine to machine virtual private network
Korba Towards secure agent distribution and communication
Simpson et al. Mobile Ad Hoc for Enterprise Level Security
EP2028822B1 (en) Method and system for securing a commercial grid network over non-trusted routes
EP2552052B1 (en) Network management method and network management system
CN101924636A (en) Relevant authentication information issuing method, device and network equipment
CN206805534U (en) A kind of electric power data storage system and search system
JP2015179464A (en) Terminal management system, mobile terminal and terminal management program
CN114978638B (en) Block chain cross-chain supervision method based on shared node
Kandil et al. Mobile agents' authentication using a proposed light Kerberos system

Legal Events

Date Code Title Description
AS Assignment

Owner name: INTEL CORPORATION, CALIFORNIA

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:BAHR, CASEY;REEL/FRAME:016151/0020

Effective date: 20041230

AS Assignment

Owner name: INTEL CORPORATION, CALIFORNIA

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:BAHR, CASEY;REEL/FRAME:016609/0854

Effective date: 20050527

STCB Information on status: application discontinuation

Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION