Device management proxy for secure devices

US 9,930,050 B2
Filed: 04/01/2015
Issued: 03/27/2018
Est. Priority Date: 04/01/2015
Status: Active Grant

First Claim

Patent Images

1. A system comprising:

a first device comprising;

at least one first hardware processor;

first memory storing a first software module executable by the at least one first hardware processor, wherein the first device is configured to;

send a digitally signed request to a second device to change the hardware settings of the first device; and

a second device comprising;

at least one second hardware processor; and

second memory storing a second software module executable by the at least one second hardware processor, wherein the second device is configured to;

receive, from the first device, the digitally signed request to change the hardware settings of the first device;

determine the validity of the digitally signed request; and

change the hardware settings of the first device in accordance with the request if the validity of the digitally signed request is determined.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A hardware device architecture is described that improves security and flexibility in access to hardware device settings. A device management proxy service is digitally signed and granted access to device settings. Applications are then digitally provisioned by the proxy service and only validated signed requests from applications are permitted to change hardware device settings. Further granularity over hardware device settings is achieved through user accounts and groups established by the applications.

425 Citations

20 Claims

1. A system comprising:
- a first device comprising;
  
  at least one first hardware processor;
  
  first memory storing a first software module executable by the at least one first hardware processor, wherein the first device is configured to;
  
  send a digitally signed request to a second device to change the hardware settings of the first device; and
  
  a second device comprising;
  
  at least one second hardware processor; and
  
  second memory storing a second software module executable by the at least one second hardware processor, wherein the second device is configured to;
  
  receive, from the first device, the digitally signed request to change the hardware settings of the first device;
  
  determine the validity of the digitally signed request; and
  
  change the hardware settings of the first device in accordance with the request if the validity of the digitally signed request is determined.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The system of claim 1, wherein the first device and the second device are the same device, the at least one first processor and at least one second processor are the same processor, and the first memory and second memory are the same memory.
  - 3. The system of claim 1, wherein the first software module is an application.
  - 4. The system of claim 2, wherein in the application is a device management solution.
  - 5. The system of claim 1, wherein the second software module is a device management proxy service.
  - 6. The system of claim 5, wherein the device management proxy service is embedded in a device driver.
  - 7. The system of claim 1, wherein the first and second software modules interact using a device management application programming interface (API) over a protocol.
  - 8. The system of claim 1, wherein access to the first software module is dependent upon user privileges.
  - 9. The system of claim 1, wherein access to the first software module is dependent upon group privileges.

10. A system comprising:
- a first device comprising;
  
  at least one first hardware processor;
  
  first memory storing a first software module executable by the at least one first hardware processor, wherein the first device is configured to;
  
  send a request to a third device to authenticate a login for an account and retrieve access privileges for the account;
  
  send a digitally signed request to a second device to change the hardware settings of the first device, wherein the request is sent based upon the access privileges for the account; and
  
  a second device comprising;
  
  at least one second hardware processor; and
  
  second memory storing a second software module executable by the at least one second hardware processor, wherein the second device is configured to;
  
  receive, from the first device, the digitally signed request to change the hardware settings of the first device;
  
  determine the validity of the digitally signed request; and
  
  change the hardware settings of the first device in accordance with the request if the validity of the digitally signed request is determined; and
  
  a third device comprising;
  
  at least one third hardware processor;
  
  third memory storing a third software module executable by the at least one third hardware processor, wherein the third device is configured to;
  
  receive, from the first device, a request to authenticate a login for the account and retrieve access privileges for the account;
  
  determine the validity of the login; and
  
  send the access privileges for the account.

11. A method comprising:
- sending a digitally signed request from a first device to a second device, the digitally signed request configured to change the hardware settings of the first device, the first device comprising at least one first hardware processor and first memory storing a first software module executable by the at least one first hardware processor, and the second device comprising at least one second hardware processor and second memory storing a second software module executable by the at least one second hardware processor;
  
  receiving an indication from the second device, the indication confirming that the second device has determined the validity of the digitally signed request; and
  
  changing the hardware settings of the first device in accordance with the digitally signed request if the indication confirms that the digitally signed request is valid.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
- - 12. The method of claim 11, wherein the first device and the second device are the same device, the at least one first processor and at least one second processor are the same processor, and the first memory and second memory are the same memory.
  - 13. The method of claim 11, wherein the first software module is an application.
  - 14. The method of claim 12, wherein in the application is a device management solution.
  - 15. The method of claim 11, wherein the second software module is a device management proxy service.
  - 16. The method of claim 15, wherein the device management proxy service is embedded in a device driver.
  - 17. The method of claim 11, wherein the first and second software modules interact using a device management application programming interface (API) over a protocol.
  - 18. The method of claim 11, wherein access to the first software module is dependent upon user privileges.
  - 19. The method of claim 11, wherein access to the first software module is dependent upon group privileges.

20. A method comprising:
- sending a request from a first device to a third device, the request configured to authenticate a login for an account and to retrieve access privileges for the account, the first device comprising at least one first hardware processor and first memory storing a first software module executable by the at least one first hardware processor, and the third device comprising at least one third hardware processor and third memory storing a third software module executable by the at least one third hardware processor;
  
  receiving access privileges for the account from the third device, the third device having received the request to authenticate the login for the account, authenticated the login for the account, and retrieved the access privileges for the account;
  
  sending a digitally signed request from the first device to a second device, the digitally signed request configured to change the hardware settings of the first device, wherein the digitally signed request is sent based upon the access privileges for the account, the second device comprising at least one second hardware processor and second memory storing a second software module executable by the at least one second hardware processor;
  
  receiving an indication from the second device, the indication confirming that the second device has determined the validity of the digitally signed request; and
  
  changing the hardware settings of the first device in accordance with the digitally signed request if the indication confirms that the digitally signed request is valid.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hand Held Products Incorporated (Honeywell International Inc.)
Original Assignee
Hand Held Products Incorporated (Honeywell International Inc.)
Inventors
Yeakley, Daniel D., Millican, Arthur
Primary Examiner(s)
LE, CHAU D

Application Number

US14/676,327
Publication Number

US 20160294779A1
Time in Patent Office

1,091 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/57   Certifying or maintaining t...

H04L 41/0813   characterised by the condit...

H04L 41/28   Restricting access to netwo...

H04L 63/126   the source of the received ...

H04W 12/35   Protecting application or s...

Device management proxy for secure devices

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

425 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Device management proxy for secure devices

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

425 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links