News Column

Researchers Submit Patent Application, "System and Method for Automatic Provisioning of Managed Devices", for Approval

June 3, 2014



By a News Reporter-Staff News Editor at Information Technology Newsweekly -- From Washington, D.C., VerticalNews journalists report that a patent application by the inventors Brown, John R. (Boynton Beach, FL); Dare, Robert M. (Sunrise, FL); Aiello, Andy A. (Boca Raton, FL), filed on April 4, 2013, was made available online on May 22, 2014.

No assignee for this patent application has been made.

News editors obtained the following quote from the background information supplied by the inventors: "There is a current move in the mobile device industry to enable the management of such devices on behalf of enterprises. For example, an enterprise may provide mobile devices to its employees and may wish to have those devices managed. Alternatively, an enterprise may permit sensitive applications and data to be installed on the personal mobile devices of its employees, which may lead to a management scheme being implemented for these devices. In either arrangement, the managed devices need to be registered with a managing service and correctly provisioned with certain software packages and policies. This provisioning process is daunting, especially considering the number of devices that need to be handled. As such, there is a need to streamline this process."

As a supplement to the background information on this patent application, VerticalNews correspondents also obtained the inventors' summary information for this patent application: "A method for automatic provisioning of communication devices is described herein. The method can include the steps of receiving a pre-authorization request from a communication device and receiving an authorization request based on the pre-authorization request in which the authorization request is in a first form. The method can also include the steps of converting the authorization request into a second form that may be recognizable by a directory service and obtaining an authorization approval from the directory service. The authorization approval can include a functional indicator that can correspond to a function associated with the operation of the communication device. Based on the authorization approval, the communication device can be established as a managed communication device. The method can also include the step of delivering a bundle to the managed communication device based on the functional indicator.

"In one arrangement, the pre-authorization request may include an enterprise identifier. Also, the method can further include the step of redirecting the pre-authorization request to a provisioning facilitator based on the enterprise identifier, and the provisioning facilitator may be assigned to an enterprise that may be assigned the enterprise identifier. The method can also include the step of mapping data elements associated with a management service with data elements of the directory service to enable the converting of the authorization request from the first form to the second form that is recognizable by the directory service. In another arrangement, the method can further include the steps of converting the authorization approval into the first form and transmitting the authorization approval to the communication device.

"The method can further include the steps of decrypting the pre-authorization request when the pre-authorization request is received from the communication device, decrypting the authorization request when the authorization request is received and encrypting the authorization approval when the authorization approval is obtained from the directory service. As an example, the directory service may be part of a protected environment of an enterprise, and the method can further include the step of receiving the functional indicator from the directory service. The method can also include the step of receiving a features report from the communication device in which the features report may include operational capabilities of the communication device.

"Another method for automatically provisioning a communication device is described herein. The method can include the steps of receiving identification information that is used to form a pre-authorization request and sending the pre-authorization request to a management service. Based on feedback from the management service, an authorization request can be sent to a provisioning facilitator in which the authorization request is in a form that is recognizable by the management service.

"The authorization request can also be received in a form that is recognizable by a directory service. In response to the authorization request, an authorization approval can be selectively provided in the form that may be recognizable by the directory service. The method can also include the steps of receiving the authorization approval in a form that may be recognizable by the managing service and based on the authorization approval, receiving at the communication device a bundle that can be selected in view of a function of a user who is associated with the directory service.

"In one arrangement, the identification information can include an enterprise identifier, and the enterprise identifier may be associated with the provisioning facilitator that receives the authorization request. The method can also include the steps of encrypting the pre-authorization request for transmission to the management service and decrypting the authorization approval when the authorization approval is received. As another example, the authorization approval can include a functional indicator, and the functional indicator may determine the bundle that the communication device receives.

"In another arrangement, the method can include the step of--prior to authenticating the communication device--restricting user information from storage at the management service and the step of storing the user information at the directory service prior to and following the authentication of the communication device. The method can further include the step of selectively providing data elements of the directory service to enable the provisioning facilitator to map the data elements of the directory service to data elements of the managing service. In yet another arrangement, the method can include the steps of determining one or more operational capabilities of the communication device and sending the operational capabilities to the management service as part of a features report. The features report may affect the provisioning of the communication device.

"Another method of automatically provisioning a communication device is described herein. The method can include the steps of receiving identification information, generating a pre-authorization request based on the identification information and sending the pre-authorization request to a management service. Based on feedback from the management service, an authorization request can be sent to a provisioning facilitator that is communicatively coupled to a directory service in a protected environment of an enterprise. The method can also include the steps of receiving from the provisioning facilitator an authorization approval, sending the authorization approval to the management service and receiving a bundle from the management service. The bundle may be based on a function of a user who is associated with the enterprise.

"A system for automatic provisioning of communication devices is described herein. The system can include a management server, and the management server can be configured to receive a pre-authorization request from a communication device. The system may also include a provisioning facilitator in which the provisioning facilitator may be configured to communicate with a directory service of an enterprise. The management server may be further configured to redirect the communication device to the provisioning facilitator based on the pre-authorization request. The provisioning facilitator may be further configured to receive an authorization request from the communication device in a form that may be recognizable by the management server and to convert the authorization request into a form that may be recognizable by the directory service. Additionally, the provisioning facilitator can be configured to receive an authorization approval from the directory service. Based on this authorization approval, the management server can be further configured to deliver a bundle to the communication device to convert the communication device to a managed communication device.

"The management server may be further configured to deliver the bundle to the communication device based on a function of a user of the communication device. In one arrangement, the management server can include a table that may store identities of one or more provisioning facilitators. As an example, the pre-authorization request may contain an enterprise identifier, and the management server may include a processor. The processor can search the table for a provisioning facilitator that may correspond to the enterprise identifier to determine which provisioning facilitator is to receive the authorization request from the communication device.

"The management server may also include an encryption engine that is configured to decrypt the pre-authorization request from the communication device and to encrypt the bundle that is delivered to the communication device. In another embodiment, the management server can include one or more storage units that may be configured to store bundles that can be delivered to the communication devices.

"The provisioning facilitator can be further configured to map data elements that may be associated with the management server to data elements that may be associated with the directory service. In addition, the directory service may be within a protected environment of the enterprise, and the provisioning facilitator can be outside the protected environment of the enterprise. In another embodiment, the management server can be further configured to receive and process a features report from the communication device in which the features report may include operational capabilities of the communication device.

"A communication device is also described herein. The communication device can include a user interface element that can be configured to receive identification information that is associated with a user who is assigned to an enterprise and can also include a transceiver that can be configured to receive and transmit communication signals. The communication device can also include a processor that may be communicatively coupled to the user interface element and the transceiver. The processor can be configured to generate a pre-authorization request based on the identification information and to cause the transceiver to send the pre-authorization request to a management service. Based on feedback from the management service, the processor can cause the transceiver to send an authorization request to a provisioning facilitator that may be communicatively coupled to a directory service of the enterprise. The processor can also be configured to receive an authorization approval from the provisioning facilitator and to cause the transceiver to send the authorization approval to the management service. The processor may also be configured to receive and process a bundle from the management service in which the bundle may be based on a function of the user who is assigned to the enterprise.

"As an example, the identification information includes an identifier for the enterprise, and the identifier for the enterprise can be a domain name. The communication device can also include an encryption engine in which the encryption engine can be configured to encrypt the pre-authorization request and the authorization approval prior to transmission to the management service and to decrypt the authorization approval from the provisioning facilitator. The processor may also be configured to to generate a features report for transmission to the management service in which the features report may include operational capabilities of the communication device.

"Further features and advantages of the invention, as well as the structure and operation of various embodiments of the invention, are described in detail below with reference to the accompanying drawings. It is noted that the invention is not limited to the specific embodiments described herein. Such embodiments are presented herein for illustrative purposes only. Additional embodiments will be apparent to persons skilled in the relevant art(s) based on the teachings contained herein.

BRIEF DESCRIPTION OF THE DRAWINGS/FIGURES

"The accompanying drawings, which are incorporated herein and form part of the specification, illustrate certain non-limiting embodiments and, together with the description, further serve to explain the principles of these embodiments.

"FIG. 1 illustrates an example of a system for automatic provisioning of communication devices.

"FIG. 2 illustrates an example of some of the components of FIG. 1 in more detail.

"FIG. 3 illustrates an example of a method for automatic provisioning of communication devices.

"Applicants expressly disclaim any rights to any third-party trademarks or copyrighted images included in the figures. Such marks and images have been included for illustrative purposes only and constitute the sole property of their respective owners.

"The features and advantages of the non-limiting embodiments will become more apparent from the detailed description set forth below when taken in conjunction with the drawings, in which like reference characters identify corresponding elements throughout. In the drawings, like reference numbers generally indicate identical, functionally similar, and/or structurally similar elements."

For additional information on this patent application, see: Brown, John R.; Dare, Robert M.; Aiello, Andy A. System and Method for Automatic Provisioning of Managed Devices. Filed April 4, 2013 and posted May 22, 2014. Patent URL: http://appft.uspto.gov/netacgi/nph-Parser?Sect1=PTO2&Sect2=HITOFF&u=%2Fnetahtml%2FPTO%2Fsearch-adv.html&r=99&p=2&f=G&l=50&d=PG01&S1=20140515.PD.&OS=PD/20140515&RS=PD/20140515

Keywords for this news article include: Patents, Information Technology, Information and Data Encoding and Encryption.

Our reports deliver fact-based news of research and discoveries from around the world. Copyright 2014, NewsRx LLC


For more stories covering the world of technology, please see HispanicBusiness' Tech Channel



Source: Information Technology Newsweekly


Story Tools






HispanicBusiness.com Facebook Linkedin Twitter RSS Feed Email Alerts & Newsletters