WO2016024220A1 - Methods and systems to enable presence related services - Google Patents
Methods and systems to enable presence related services Download PDFInfo
- Publication number
- WO2016024220A1 WO2016024220A1 PCT/IB2015/056109 IB2015056109W WO2016024220A1 WO 2016024220 A1 WO2016024220 A1 WO 2016024220A1 IB 2015056109 W IB2015056109 W IB 2015056109W WO 2016024220 A1 WO2016024220 A1 WO 2016024220A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- mobile device
- special area
- passwords
- defining
- signal
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/107—Network architectures or network communication protocols for network security for controlling access to devices or network resources wherein the security policies are location-dependent, e.g. entities privileges depend on current location or allowing specific operations only from locally connected terminals
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
- H04L63/0838—Network architectures or network communication protocols for network security for authentication of entities using passwords using one-time-passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/02—Services making use of location information
- H04W4/021—Services related to particular areas, e.g. point of interest [POI] services, venue services or geofences
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/60—Context-dependent security
- H04W12/63—Location-dependent; Proximity-dependent
Definitions
- the invention relates to methods and apparatusto enable presence related services.
- Microprocessor smart cards have been commonly used to protect keys and secret data of given applications from service providers. Being considered as a "anti-tamper" device, the smart cards have been used to protect payment applications from banks, ticketing applications from transportation authorities or personal data for access control purposes.
- a mobile device application providing access to presence related services need to be anti-tamper, and this invention provides methods to achieve that target even if not using, for example, a microprocessor smart card to either perform part of the mobile device application processing or to store sensitive data of the service providers ' mobile device applications.
- a mobile deviceapplication in a mobile device is personalized such that the mobile device is able to self- determine its presence status in at least one special areaassociated to the mobile device, each special area being defined by the combination of distinctive wireless signals from one or more radio communication devices; and the mobile devicesends an updating signal about its presence in one or more special areas to the mobile telephone network, the signal being routed to special operating means of a service provider entity, that enable or disable presence related services depending on whether the updating signal indicates that the mobile device is present or not into one or more special areas.
- Presence updating signals may be used to enable or disable presence related services, and in certain contexts it is desirable to provide mechanisms to securely authenticate at least part of the presence updating signals.
- client-server-based one-time- usecalculations are used to securely authenticate presence updating signals.
- the one-time-use calculations depend on input data associated to radio communication devices, but only those radio communication devices associated to special areas personalized into the mobile device application may produce a successful authentication in the referred special operating means of the service provider. So on top of having the right mobile device and mobile device application personalization, the user must be in the right environment for an updating signal being accepted as authentic by the special operating means.
- a Personal Identification Number is required as input for the referred one-time-use calculations, thus in such implementations the authentication methods are defined such that it is necessary that the user will enter a personal secret code as a precondition for an updating signal being later securely authenticated.
- pre-calculated tokens and/or hardcoded keys/parameters are used to make the one-time-use calculations that securely authenticate presence updating signals.
- a fully automatic methodfor securely enabling/disabling presence related services by sending a presence updating signal and a onetime-use related calculation is desired; while in others it may be required that the user will insert a PIN to make presence related services being enabled or disabled by the special operating means of the service provider.
- the fully automatic methods may be used to make one-time-use calculations associated to N updating signals sent from the mobile device about its presence in one or more special areas, but a PIN may be required as an input for a one-time-use calculation correlated to sending the N+1 updating signal about the mobile device presence in the one or more special areas.
- two-factor authentication may be used in correlation with at least part of the updating signals sent, so the user identity is verified on a periodic basis.
- service providers are provided with amethod to securely enable (or disable) presence related services by using amobile device application, where said method can be mostly performed at the domain of the services providers, without restrictions from third party owners of secure elements.
- this is achieved by providing a method associated with one or more providers of presence related services in connection with the use of a mobile device and at least a first radio communication defining device that transmits a first distinctive defining signal and a second radio communication defining device that transmits a second distinctive defining signal, the first distinctive defining signal at least partly defines a first special area by its coverage, the second distinctive defining signal at least partly defining a second special area by its coverage.
- the method may include (i) electronically storing in one or more memories data capable of linking the mobile device to the first and second special areas, the data including a first checking data of the first radio communication defining device, a second checking data of the second radio communication defining device, and a first identifier related to the mobile device, (ii)transmitting via a mobile telephone network to the mobile device at least a portion of the first checking data, and transmitting via the mobile telephone network to the mobile device at least a portion of the second checking data, (iii)receiving from the mobile device via the mobile telephone network a first updating signal uncorrelated to any mobile device phone call establishment that identifies the mobile device ' s presence in at least the first special area, and receiving from the mobile device via the mobile telephone network a second updating signal uncorrelated to any mobile device phone call establishment that identifies the mobile device ' s presence in at least the second special area, the first updating signal including a second identifier related to the mobile device, the second updating signal including a third identifier related to the mobile
- access to presence driven services relates to presence of the mobile device into one or more special areas but, on top of that, additional OTP-based authentication may be performed by the one or more processing devices. Furthermore, at least one of the OTP calculations is performed when the mobile device is present into the first special area, based on information that is included in at least oneof the distinctive defining signals that define the first special area.
- the mobile device determines that it is present into the first special area, then at least a portion of the checking data received into the distinctive defining signalsthat define the first special area will produce a successful OTP validation by the one or more processing devices, when used as input data to calculate said OTP.
- This approach can provide a fully automatic OTP calculation, associated to the first updating signal, empowered by information related to the context of the mobile device being into the first special area. More than one OTP may be sent univocally associated to the first updating signal, and said other OTPs may also be calculated using data from the context of the mobile device being into the first special area as input data and/or a user ' s Personal Identification Number (PIN).
- PIN Personal Identification Number
- At least one of the OTPs that aresent from the mobile device and that are univocally correlated to an updating signal is calculated by the mobile device by using a user ' s Personal Identification Number (PIN) as input data for the calculation.
- PIN Personal Identification Number
- at least one of the OTPs that are sent from the mobile device and that are univocally correlated to an updating signal is calculated by the mobile device based on information that is included in at least one of the distinctive defining signals that define the special area and also using a user ' s Personal Identification Number (PIN) as input data for the OTP calculation.
- pre-calculated tokens and/or hardcoded keys/parameters may also be used as input data in any of the above referred OTP calculations.
- the user is prompted to enter a PIN as an input for the OTP calculation.
- the user is prompted to enter the PIN before the presence updating signal is sent to the service provider, via the mobile telephone network.
- each OTP may be calculated by the mobile device based on information that is included in at least one of the distinctive defining signals that define the second special area and/or using a user ' s Personal Identification Number (PIN) as input data for the OTP calculation and/or using hardcoded keys/parameters as input data for the OTP calculation and/or using pre-calculated tokens as input data for the OTP calculation.
- PIN Personal Identification Number
- Different alternatives are possible in connection to the calculation of the OTPs, and in relation to perform the above referred univocal correlation between an updating signal and an OTP. Some of these alternatives are explained in detail below.
- an OTP is calculated when the mobile device enters into or exists out of a special area, and the OTP is sent comprised into thepresence updating signal.
- the OTP and the updating signal are sent in the context of the same https session, so they can be easily correlated.
- the at least one OTP and the presence updating signal are sent via different channels (e.g. one is sent via an https data connection and the other one is sent via SMS) but both are transmitted with a common identifier, that can be used by the one or more processing devices to later match them.
- a first OTP is calculated when the mobile device enters into one special area, but the updating signal will be sent later.
- the updating signal will comprise the referred first OTP (e.g. calculated based on information that is included in at least one of the distinctive defining signals that define the special area) and a second OTP (calculated at the time of sending the presence updating signal, for example, after the user inserts a PIN that is used as an input to calculate the second OTP). So in this example the one or more processing devices will be able to authenticate both the context of the presence determination into the special area (validating the first OTP) and the content of the presence updating defined by the user inserting a PIN (validating the second OTP).
- a first OTP is calculated when the mobile device remains in a first special area, said first OTP being calculated based on checking data that is included in a received first distinctive defining signal that partly defines a first special area; the first OTP is sent comprised in a first updating signal; and a second OTP is calculated when the mobile device entersinto a second special area, the second OTP calculation requiring the user to insert a PIN; the second OTP is sent comprised into a second updating signal.
- the OTP is not calculated if the communication channel to send the presence updating signal is not available for the mobile device.
- the data stored in the one or more memories also includes the keys and parameters necessary to validate by the one or more processing devices the at least one OTP associated to a presence updating signal; and keys and parameters necessary for OTP calculations by the mobile device are transmitted via a mobile telephone network to the mobile device.
- At least one OTP calculation is triggered by the mobile device being in the first special area, and at least part of the first checking data is inputted to the calculation from the storage/memory of the mobile device.
- at least one OTP calculation is triggered by the mobile device being in the first special area, and at least part of the checking data that at least partly defines the first special area is inputted to the calculation from the storage/memory of the mobile device (so in this implementation the OTP may be calculated based on information (e.g. checking data) included in the first distinctive defining signal and/or based on information (e.g.
- checking data that also at least partially defines the first special area included in other distinctive defining signals that may also partly define the first special area.
- at least part of the first checking data is inputted inat least one OTP calculation after being received(and perhaps decoded) from at least one of the distinctive defining signals that at least partially define the first special area (in these implementations at least part of other checking data that also partly define the first special area may also be inputted into the at least one OTP calculation from the storage/memory of the mobile device).
- the user is prompted to enter a PIN when the mobile device enters into/remains into/leaves out of an special area (such that a first OTP calculation is made), and to enter the PIN again before the presence updating signal is sent to the service provider system (and a second OTP calculation is made), the presence updating signal comprising the first and the second OTP results.
- the one or more processing devices will be able to authenticate both the context of the presence determination and the context where the presence updating signal is sent. This may be of interest, for example, when the presence determination information is not sent at the time of determination, but with a delay. So the second OTP ensures that the updating signal sending has also been validated by the user after, for example, inserting a secret code.
- part of the information that is included in at least one of the distinctive defining signals that define the special area is used as challenge for an OTP calculation, and the PIN inserted by the user is used as part of the OTP key.
- to make a first special area and/or second special area of one or more providers of presence related services becoming at least partly registered for a mobile device requires the user inserting an activation code into the mobile device and a successful validation of said activation code by the one or more processing devices.
- there is a first set of checking data related to one or more radio communication defining devices the first set ofchecking data defining (together with special area rules)one of more special areas related, for example, to home presence services
- a second set of checking data related to one or more other radio communication defining devices the second set ofchecking data defining (together with special area rules) other one or more special areas related, for example, to smart city presence services.
- to make a first special area and/or second special area of one or more providers of presence related services becoming at least partly registered into a mobile device requires the user inserting an activation code into the mobile device and a successful validation of said activation code by the one or more processing devices, and also requires the user to select or insert a Personal Identification Number (PIN) in the context of said registration process.
- PIN Personal Identification Number
- the data stored in the one or more memories related to the first special area is stored in a first memory or set of memories of a first provider of presence related services and the data stored in the one or more memories related to the second special area is stored in a second memory or set of memories of a second provider of presence related services.
- the mobile telephone network transmits to the mobile device the at least portion of the first checking data and the at least portion of the second checking data at different times.
- a first special area is defined by a service provider and the related checking data are transmitted to the mobile device;
- a second special area is defined later by the same service provider, and the checking data are afterwards transmitted to the same mobile device.
- several special areas are defined by different service providers, and the at least portion of the checking data related to the special areas of each service provider is transmitted to the mobile device independently of the transmission of the at least portion of the checking data related to the special areas of the other service providers.
- the one or more processing devices has access to at least a portion of thedata (such as, for example an identifier related to the mobile device) and updates at least one first operating parameter in a database of the one or more providers of presence related services depending on the presence of the mobile device in the first special area and/or second special area.
- thedata such as, for example an identifier related to the mobile device
- the one or more processing devices has access to at least a portion of thedata (such as, for example an identifier related to the mobile device and the checking data) and updates at least one second operating parameter in a database of the one or more providers of presence related servicesdepending on the result of the validation ofthe at least one OTP that is univocally correlated to the updating signal about the presence of the mobile device in the first special area and/or second special area.
- thedata such as, for example an identifier related to the mobile device and the checking data
- the updating of the at least two operating parameters depends on the result of a multi-level authentication, where the first level relates to the mobile device presence status in the special area, as provided by the updating signal, and the other levels relates to the validation result of the at least one OTP that is correlated to said presence updating signal.
- the first operating parameter is a tariff flag or a service flag that enables or disables a special tariff or a service for the mobile device.
- the one or more processing devices include a first processing device associated with a first provider of presence related services and a second processing device associated with a second provider of presence related services.
- the first processing device has access to at least a portion of thedata (such as, for example an identifier related to the mobile device) and updates at least one first operating parameter in a database of the first provider of presence related services depending on the presence of the mobile device in the first special area
- the second processing device has access to at least a portion of the data (such as, for example an identifier related to the mobile device) and updates at least one first operating parameter in a database of the second provider of presence related services depending on the presence of the mobile device in the second special area.
- the first processing device has access to at least a portion of thedata (such as, for example an identifier related to the mobile device and the first checking data) and updates at least one second operating parameter in a database of the first provider of presence related services depending on the result of the validation of the at least one OTP that is univocally correlated to the updating signal about the presence of the mobile device in the first special area
- the second processing device has access to at least a portion of thedata (such as, for example an identifier related to the mobile device and the second checking data) and updates at least one second operating parameter in a database of the second provider of presence related services depending on the result of the validation of the at least one OTP that is univocally correlated to the updating signal about the presence of the mobile device in the second special area
- the updating of the at least one first operating parameter in a database of the first service provider depends on the presence of the mobile device in the first special area; and the updating of the at least one second operating parameter in a database of the first provider of presence related servicesdepends on the result of the validation of a first OTP that has been calculated based on information that is included in at least one of the distinctive defining signals that define the first special area and on the result of the validation of a second OTP that has been calculated based on a PIN inserted by the user in the mobile device, both OTPs are univocally correlated to the first updating signal.
- the first operating parameter is a tariff flag or a service flag that enables or disables a special tariff or a service for the mobile device.
- the first, second and third identifiers related to the mobile device are the same.
- the enabling or disabling of the first and/or second presence related service includes transmitting via the mobile telephone network a signal to the mobile device that is capable of being used to enable or disable one or more related functions in the mobile device.
- the signal enables, when the mobile device is present, for example, in a home special area, software in the mobile device that records statistic data about mobile device usage in said home special area (e.g. type of applications used, used connections, periods of activity, etc.). The same applies to other types of special areas, such as, for example, mobile device usage in acompany special area.
- the signal enables a mobile device payment capability when the mobile device is in a special area defined by, for example, certain NFC Point of Sale terminals at merchant locations; or into a special area defined by certain Bluetooth Low Energy devices.
- the signal enables a mobile device ticketing capability (e.g. a mobile boarding card) when the mobile device is into a special area defined by certainBLEboarding-area-devices in an airport.
- the one or more memories and the one or more processing devices reside in one or more servers of the one or more providers of presence related services.
- the storing of the first and second checking data in the one or more memories comprises electronically receiving from the mobile device the first and second checking data.
- the mobile telephone network is cellular.
- at least one of the first and second updating signals comprises the result of a previous determination performed by the mobile device about the mobile device ' s presence in the first and second special areas, respectively.
- data about wireless home appliances is recorded at the mobile device, when the mobile device enters into the special area defined foreach oneof the appliances (e.g. a wireless TV, a wireless washing machine and a wireless iron).
- data about each electronic appliance is recorded at the mobile device, together with an OTP calculated using the corresponding home appliance checking data, but the mobile device only sends the information when a threshold in the amount of information to be sent has been exceeded or on a periodic basis (e.g. periods of 30 minutes) after entering in the first special area with data to be sent.
- the presence status of the mobile device having entered into the different special areas, plus the associated information data, are comprised in a presence updating signal; the OTPs related to the presence of the mobile device into the special areas are also comprised into the updating signal.
- the conditions to send the updating signal are met, the user is prompted to insert a PIN, and a calculated OTP(PIN) is also send comprised into the updating signal.
- At least one of the first and second updating signals is received via the mobile telephone network from the mobile device at least one of (i) periodically, (ii) at times recent to when the mobile device respectively enters into or exists from the first special area and/or second special area, (iii) when the mobile device respectively remains in the first special area and/or the second special area, and (iv) when the mobile device respectively remains outside the first special area and/or second special area.
- At least one of the first and second updating signals comprises a request to access to a service and the one or more processing devices enable the provision of a presence related service based upon the mobile device ' s presence in the first and second special area, respectively, and also depending on the result of the validation of the at least one OTP that is univocally correlated to the updating signal about the presence of the mobile device in the first special area and second special area, respectively.
- the service is a request to repair an smart city radio communication defining device that measure the traffic flow in a given area
- the radio device partly defines a special area personalized into the user ' s smartphone
- the service request includes the alarm related information and the radio communication device serial number.
- an OTP is comprised into the presence updating signal, and said OTP has been calculated using part of the radio communication defining device serial number (i.e. part of the checking data in this example) as input data.
- a method associated with the use of a mobile device and at least one radio communication defining device that transmits a distinctive defining signal that at least partly defines a special area by its coverage, the distinctive defining signal including data the method including; (i) receiving and processing one or more defining signals in the mobile device to determine, based on a previously obtained at least portion of the data, whether the one or more defining signals are one or more distinctive defining signals and to determine whether or not the mobile device is present in the special area; (ii) sending from the mobile device via a mobile telephone network an updating signal to one or more servers of a provider of presence related services about the mobile device ' s presence in the special area, the sending of the updating signal being uncorrelated to any mobile device phone call establishment, the updating signal being sent at least one of (i) periodically, (ii) at times recent to when the mobile device enters into or exists from the special area, (iii) when the mobile device remains in the special area and (iv) when the mobile device remains outside the special
- the updating signal comprises the result of a previous determination performed by the mobile device about the mobile device ' s presence in the special area.
- the frequency of the updating signal is different from the frequency of the distinctive defining signal.
- the mobile device enables or disables one or more functions related to a presence related service upon receiving enabling or disabling instructions from the provider of presence related services.
- a non-transitory computer readable medium storing computer readable program code for causing a processor of a mobile device to perform a method associated with the use of at least one radio communication defining device that transmits a distinctive defining signal that at least partly defines a special area by its coverage, the distinctive defining signal including data.
- the method includes: (i) receiving and processing one or more defining signals in the mobile device to determine, based on a previously obtained at least portion of the data, whether the one or more defining signals are one or more distinctive defining signals and to determine whether or not the mobile device is present in the special area; (ii) sending from the mobile device via a mobile telephone network an updating signal to one or more servers of a provider of presence related services about the mobile device ' s presence in the special area, the sending of the updating signal being uncorrelated to any mobile device phone call establishment, the updating signal being sent at least one of (i) periodically, (ii) at times recent to when the mobile device enters into or exists from the special area, (iii) when the mobile device remains in the special area and (iv) when the mobile device remains outside the special area; and (iii) sending from the mobile device via a mobile telephone network to the one or more servers of a provider of presence related services at least one One-Time-Password (OTP) that is univocally correlated to the
- the non-transitory computer readable medium storing computer readable program code further causes the processor to calculateat least one OTP based on information that is included in at least one of the distinctive defining signals that define the special area.
- a non-transitory computer readable medium storing computer readable program code is provided that further causes the processor to send the updating signal with information related to the result of a previous determination performed by the mobile device about the mobile device ' s presence in the special area.
- a non-transitory computer readable medium storing computer readable program code is provided that further causes the processor to enable or disable one or more functions in the mobile device related to a presence related service upon the mobile device receiving enabling or disabling instructions from the provider of presence related services.
- a mobile device is provided that is capable of receiving a distinctive defining signal from a radio communication defining device that at least partly defines a special area by its coverage, the distinctive defining signal including data, the mobile device comprising: (i) an electronic storage medium that stores at least a portion of the data; and (ii) a processor adapted to process one or more defining signals to determine, based on the at least portion of the data, whether the one or more defining signals are one or more distinctive defining signals and to determine whether or not the mobile device is present in the special area, the processor further adapted to send from the mobile device via a mobile telephone network an updating signal to one or more servers of a provider of presence related services about the mobile device ' s presence in the special area, the sending of the updating signal being uncorrelated to any mobile device phone call establishment, the updating signal being sent at least one of (i) periodically, (ii) at times recent to when the mobile device enters into or exists from the special area, (iii) when the mobile device remains in the
- the processor when the updating signal indicates that the mobile device is present in the special area, the processor is adapted to calculate at least one OTP based on information that is included in at least one of the distinctive defining signals that define the special area.
- the processor is adapted to enable or disable one or more functions related to a presence related service upon the mobile device receiving enabling or disabling instructions from the provider of presence related services.
- a mobile device receives first and second distinctive defining signals respectively from first and second radio communication defining devices, the first and second distinctive defining signals at least partly define first and second special areas, respectively, by their coverage, each of the first and second distinctive defining signals respectively including first and second data.
- a method includes: (i) receiving and processing one or more defining signals in the mobile device to determine, based on a previously obtained at least portion of the first data, whether the one or more defining signals are one or more first distinctive defining signals and to determine whether or not the mobile device is present in the first special area; (ii) receiving and processing one or more defining signals in the mobile device to determine, based on a previously obtained at least portion of the second data, whether the one or more defining signals are one or more second distinctive defining signals and to determine whether or not the mobile device is present in the second special area; (iii) sending from the mobile device via a mobile telephone network, when the mobile device determination refers to the first special area, a
- the first updating signal is sent with information related to the result of a previous determination performed by the mobile device about the mobile device ' s presence in the first special area.
- the second updating signal is sent with information related to the result of a previous determination performed by the mobile deviceabout the mobile device ' s presence in the second special area.
- a non-transitory computer readable medium storing computer readable program code for causing a processor of a mobile device to perform a method associated with the mobile device receiving first and second distinctive defining signals that at least partly define a first and second special areas, respectively, by their coverage, each of the first and second distinctive defining signal respectively including first and second data, the method comprising: (i) receiving and processing one or more defining signals in the mobile device to determine, based on a previously obtained at least portion of the first data, whether the one or more defining signals are one or more first distinctive defining signals and to determine whether or not the mobile device is present in the first special area; (ii) receiving and processing one or more defining signals in the mobile device to determine, based on a previously obtained at least portion of the second data, whether the one or more defining signals are one or more second distinctive defining signals and to determine whether or not the mobile device is present in the second special area,(iii) sending from the mobile device via a mobile telephone network, when the
- a non-transitory computer readable medium storing computer readable program code further causes the processor to send the first updating signal with information related to the result of a previous determination performed by the mobile device about the mobile device ' s presence in the first special area.
- a non-transitory computer readable medium storing computer readable program code further causes the processor to send the second updating signal with information related to the result of a previous determination performed by the mobile device about the mobile device ' s presence in the second special area.
- Fig. 1 Aillustrates a mobile proxy application in the context of an ecosystem of radio communication defining devices
- Fig. 1 .B shows different possible categories for radio communications defining devices.
- Fig. 2 shows a mobile device capable of enabling presence related services in an ecosystem of radio communication defining devices
- Fig. 4 is a schematic diagram illustrating a system according to some implementations to enable presence related services;
- Fig. 5 shows some scenarios to enable services related to radio communication defining devices and it is used to analyse the benefits of utilizing mobile device centric presence determination capabilities.
- Fig. 6 also shows some scenarios to enable services related to radio communication defining devices and it is used to analyse how presence determination serves to provide spectral efficiency and adequate user control and privacy.
- Fig. 7 is a schematic diagram that generally illustrates some functional blocks according to some implementations where mobile centric presence determination and authentication methods are used to securely enable presence related services.
- Fig.8 is a schematic diagram illustrating methods and apparatusaccording to some implementations to enable presence related services by one or more service providers, where a more detailed description is provided in connection to the presence system of a service provider 1 .
- FIG. 9 is a schematic diagram illustrating methods and apparatusaccording to some implementations to enable presence related services by one or more service providers, where a detailed description is provided in connection to a first provider of presence related services (service provider 1 ) and to a second provider of presence related services (service provider 2).
- Fig. 10 is a schematic diagram illustrating methods and apparatusaccording to some implementations where a parameters database of one presence services provider is shown and parameters updating processes are described in the context of presence services provision.
- Fig. 1 1 illustrates a set of mobile device applications related to a set of service providers where presence updating signals are sent from the mobile device to enable presence related services.
- Figure 1 Aillustratesan exemplary ecosystem of devices with wireless communication capabilities.
- the wireless devices may be home appliances, smart city objects, hot spots, base stations, wireless sensors, NFC tags, contactless Point of Sale devices, contactless ATMs, PCT routers, wireless meters, merchants ' short range communication devices, M2M devices, etc., as shown in the figure.
- barcodes and QR codesassociated to devices may be wirelessly read via optical means and converted to electrical signals.
- the wireless devices are referred to herein as radio communication defining devices and the devices in Figure 1 A are merely illustrative as shall be understood that in an Internet of Things ecosystem any "thingVobjectVdevice" may become enabled with communication capabilities, so may be a radio communication defining device.
- Figure I B shows different possible categories for radio communication defining devices. While some of those devices may be interpreted as belonging to a smart home environment, some others may be associated to categories such as smart cities, smart shops, Internet of Things in general, wireless sensors networks, active objects or other categories. These types of categories are well known and are only referenced in this description for illustration purposes.
- FIG. 1 A a smartphone is shown with a proxy application that is able to receive input data from the radio communication defining devices, retransmitting it (or part of it) to a service provider. So in an example the smartphone is able to receive input signals from NFC, ZigBee, WiFi, Bluetooth, BLE, 2G/3G/4G devices or RFID tags, to process them via the proxy application, and to retransmit the information to the service provider.
- an application operating as a mere proxy for information coming from radio communication defining devices will produce a set of problems, considering that in the future world there will be trillions of radio communication defining devices.
- FIG. 2 illustrates again the same ecosystem of radio communication defining devices (i.e. an ecosystem of devices with wireless communication capabilities via NFC, ZigBee, WiFi, Bluetooth, BLE, 2G/3G/4G, RFID, etc.).
- a personalized and contextual value proposition may be associated to any object, such that an "Internet of Things" service is provided when certain conditions are met.
- the user is allowed to define himself (or a service provider to define for the user) the set of radio communication defining devices he would like to pair with, in order to receive presence-based services associated to any of them.
- a presence related status is mobile-device-centric verified and sent to one or more service providers so that one or more defined presence-related services may be provided.
- Figure 2 illustrates that some special areas have been personalized in the mobile device. Said personalization permits the mobile device to self-determine whether it is present or not into one or more special areas defined by the coverage or one or more radio communication defining devices.
- the mobile device When signals from the radio communication defining devices are received by the mobile device, it is able to determine whether it is present or not into one or more special areas. To make that determination the mobile device uses information that has been stored in its memory during the referred personalization process, and in particular it uses data referred to herein as "checking data".
- the stored checking data are used by the mobile device to determine whether or not a defining signal received from a radio communication defining device is or not a distinctive defining signal, where a received signal being distinctive means that itat least partly defines a special area.
- the mobile device is prepared to receive defining signals from radio communication defining devices, and has to determine whether a defining signal received is or not a distinctive one. In a particular example the mobile device is ready to receive NFC defining signals from contactless POSs, but only those defining signals from certain POS (e.g. those belonging to merchants associated to the service provider) are distinctive (according to the checking data personalization into the mobile device).
- Figure 3 illustrates coverage areas defined by the combination of the coverage of one or more radio communication defining devices. These coverage areas may be associated to a user ' s mobile device and to a set of services, and are named as special areas in the context in the invention.
- the radio communication defining devices may be any type of short range wireless communications devices such as Bluetooth, WIFI, Bluetooth Low Energy, Zig Bee or NFC devices; and also long range wireless communication devices such as Base Stations (BTS) or micro/pico/femto cells from mobile network operators.
- short range wireless communications devices such as Bluetooth, WIFI, Bluetooth Low Energy, Zig Bee or NFC devices
- long range wireless communication devices such as Base Stations (BTS) or micro/pico/femto cells from mobile network operators.
- BTS Base Stations
- micro/pico/femto cells from mobile network operators.
- the radio communication defining devices may be located in environments like airports, company's premises business centres, homes, train stations, the streets, areas outside a building, lights, bins, etc., and may be embedded in home appliances, vehicles, clothing, food packaging, meters, ATMs, etc.
- Figure 3A shows an example of a special area defined by the sum of the coverage of three radio communication defining devices 1 (the figure illustrates three BTSs as an example).
- the mobile device determines that it is present into the special area if it receives a distinctive defining signal from at least one of the three radio communication defining devices (the mobile device uses the appropriate checking data to perform said determination).
- Figure 3A illustrates a scenario where a mobile device A determines that it is present into the special area because it is receiving distinctive defining signals from two radio communication defining devices (mobile device A uses the stored checking data to perform said determination).
- Mobile device B has not been personalized for said special area, so in spite of it beingwithin the range of coverage of one of the radio communication defining devices, none of the received defining signals from said radio communication defining deviceis considered as being distinctive for mobile device B, and mobile device B is not present into the special area.
- Figure 3B shows an example of a special area defined by the coverage of one radio communication defining device 2a (for example a wireless enabled washing machine or a car with an embedded Bluetooth communications).
- a mobile device determines that it is present into the special area if it receives a distinctive defining signal from the radio communication defining device (the mobile device uses the appropriate checking data to perform said determination).
- Figure 3C shows an example of a special area defined by the intersection of the coverage of two radio communication defining devices 2b and 2c.
- the mobile device determines that it is present into the special area if it receives a distinctive defining signal from the two radio communication defining devices, each one defining the special area partly (the mobile device uses the appropriate checking data to perform said determination).
- Figure 3D shows an example of a special area defined by the sum of the coverage of N radio communication defining devices 2d-2g (the figure illustrates only four of them).
- the mobile device determines that it is present into the special area if it receives a distinctive defining signal from at least one of the N radio communication defining devices (the mobile device uses the appropriate checking data to perform said determination).
- the N radio communication defining devices maybe, for example, all the wireless ATMs of a given bank; or all the BLE devices of a given merchant or set of merchants; or a set of wireless enabled home appliances that belongs to the user of the mobile device.
- Figure 3D also illustrates a scenario where a mobile device A determines that it is present in the special area because it is receiving a distinctive defining signal from one radio communication defining device 2d (mobile device A uses the stored checking data to perform said determination).
- Mobile device B has not been personalized for said special area, so in spite it is within the range of coverage of one of the radio communication defining devices 2e, none of the received defining signals from said radio communication defining device is considered as being distinctive for mobile device B, and mobile device B is not present into the special area.
- Figure 3E shows an example of a special area defined by the coverage of one radio communication defining device 2h (for example a Pay per View wireless decoder).
- a mobile device determines that it is present into the special area if it receives a distinctive defining signal from the radio communication defining device (the mobile device uses the appropriate checking data to perform said determination).
- Figure 3F shows an example of a special area defined by the coverage of one radio communication defining device 2i (for example an ADSL WiFi router).
- a mobile device determines that it is present into the special area if it receives a distinctive defining signal from the radio communication defining device (the mobile device uses the appropriate checking data to perform said determination).
- the distinctive defining signal may contain radio communication defining device identification data and reliable information confirming that the radio communication defining device is effectively located into a predetermined environment.
- the service provider advantageously avoids fraud linked to a possible shifting of the (portable) radio communication defining device.
- the checking data stored into the mobile device and associated to the radio communication defining device includes said radio communication defining device identification data.
- Figure 3F also illustrates a scenario where a mobile device A determines that it is present into the special area because it is receiving a distinctive defining signal from the radio communication defining device (mobile device A uses the stored checking data to perform said determination; and it is required for the received defining signal to be considered as distinctive that the reliable information received will confirm that the radio communication defining device will indicate that it is located into a predetermined environment).
- Mobile device B is not within the range of coverage of the radio communication defining device, so it is not receiving the related distinctive defining signal, and it is not present into the special area.
- a special area associated to a mobile device can be defined by one or more distinctive defining signals. Therefore the checking data may preferably contain information included in every distinctive defining signal defining completely a special area (each one defines it partially) and the mobile device tries to find any of this information in any defining signal received by use of comparison means.
- the mobile device may receive defining signals that do not define any special area for it. In the case where the special area is defined by two or more distinctive defining signals, this special area may be the intersection of all or part of them or the global coverage of the defining signals.
- the distinctive defining signals may be coded and the mobile device processing means include decoding means to decode the distinctive defining signals received.
- a radio distinctive defining signal that at least partly defines a special area may be transmitted by a radio communication defining devices in the frequency range allocated to a mobile telephone network (in the case of certain devices, such as BTS, being part of the mobile telephone network of a given mobile telecom operator) or in a different frequency range (which would be the case for the large majority of radio communication defining devices in an loT ecosystem, transmitting information via NFC, BLE, Bluetooth, WiFi, ZigBee, etc.).
- the radio distinctive defining signal that at least party defines the special area contains radio communication device identification data and the checking data stored into the mobile device and associated to this special area includes this radio communication defining device identification data.
- This identification data may be a unique identifier of the radio communication defining device (e.g. a serial number for identifying a single manufactured unit; a BTS identification code; a MAC address; a UDID or new identifiers defining for Apple devices, etc.).
- Processing means of the mobile device processes the defining signals received from radio communication defining devices and compare their radio communication device identification data with the checking data and determine whether one or more distinctive defining signals are received.
- mobile device A receives from a radio communication defining device 2d its identification data and determines, comparing those data with stored checking data, that it receiving a distinctive defining signal and that it is present into the special area.
- the checking data associated to the special area includes this at least part of the radio communication defining device identification data (e.g. using the generic part of the data that identify the bins in a city into the distinctive defining signal may be enough for the mobile device to determine it is present in the special area constituted by all the city bins and the mobile device may later send the related bin unique identifier data comprised into the updating signal, to request the city council service provider to empty the bin; e.g.
- the predetermined environment may be one or more specific geographical locations (for example several fixed points into a restaurant) or a physical environment that can be mobile (for example a car, a plane or a boat). In a particular example the predetermined environment is defined by the provider of presence related services.
- the reliable information comprised into thedistinctive defining signal confirms that the radio communication defining device is effectively located in a predetermined geographical environment when it is physically connected to any one of a set of fixed network connection points 3 defined for the special area and it is also authenticated into the fixed network through any of the mentioned fixed network connection points.
- the radio communication defining device 2h also comprises means for communicatingwith the fixed network via any one of the set of fixed connection points 3.
- some parameters are stored into the radio communication defining device during its configuration stage and such parameters are used by the radio communication defining device to perform the authentication process into the fixed network.
- These connection points may be PSTN ('Public Switching Telephony Network') connectors for ADSL network services or electrical sockets for PLC ('Power Line Communication') home network services for example.
- the reliable information comprised into thedistinctive defining signal confirms that the radio communication defining device is effectively located into a predetermined physical environment when:
- the radio communication defining device 2h is physically connected to a system 3 as illustrated in Figure 3E registered and authorised by the presence services provider for the purposes of the invention and
- the radio communication defining device is authenticated into the mentioned system.
- parameters are stored in the radio communication defining device during its configuration stage and such parameters are used by the radio communication defining device to perform the referred authentication process into the system.
- the system may be an embedded computer in a car or a boat and the radio communication defining device is authenticated into the system.
- the radio communication defining device is configured to be located either in a geographical environment, such as for example the user's home, or into a physical environment, which may be mobile, such as for example the user's car, such environments being typically defined by the presence services provider.
- reliable information may be comprised in the distinctive defining signal that confirms that the radio communication defining device is effectively located into a predetermined geographical environment when:
- the radio communication defining device is able to receive a RBU signal from at least one radio broadcasting unit (RBU),
- RBU radio broadcasting unit
- the radio communication defining device receives, through the RBU signal from the RBU, the RBU identification data that are included into a
- the storage of the RBU identification data into the radio communication defining device RBU identification data database may be done at the radio communication defining device configuration stage.
- the RBU is a base station 4and the RBU identification data is a base station identification code.
- the radio communication defining device is authenticated into the mobile telephone network comprising the base station and may receive the base station signal when it is located within the range of coverage of the base station.
- processing means comprised in the mobile device may compare any radio communication defining device identification data received with the checking data stored in its internal mobile device database and determines that a radio defining signal received is a distinctive defining signal when:
- radio defining signal is coded in a format predefined for a distinctive defining signal
- the radio communicationdefining device identification data comprised into the defining signal is equal to at least one of the radio communication device identification data stored into the internal mobile device database for the special area and
- the reliable information comprised into the defining signal confirms that the radio communication device is effectively located into a predetermined environment.
- a special area may be defined by just one radio communication defining device or by many; and defining a special area may be the result of using radio communication defining devices transmitting information via a set of communication technologies (for example a BLE iron and a ADSL WiFi router may be used to define the same special area).
- the special areas may be defined by the sum and/or the intersection of the coverage of a set of radio communication defining devices (e.g. an special area could be defined by the intersection of the coverage of a BTS and a WiFi router plus the sum of the coverage of all the hot spots from a given service provider in a city).
- FIG. 4 is a schematic diagram illustrating an exemplary mobile system wherein a mobile telephone network is used to perform certain processes.
- a mobile telephone network typically includes a large number of base stations and all the data processing means required to provide the telecommunication service to each mobile device serviced by said mobile network.
- the mobile telephone network may be cellular or not.
- FIG. 4 shows a system associated with one or more providers of presence related services in connection with the use of a mobile device and a set of radio communication defining devices that transmits radio distinctive defining signals where each distinctive defining signal at least partly defines a special area by its coverage.
- At least a first radio communication defining device transmits a first distinctive defining signal and a second radio communication defining device transmits a second distinctive defining signal, the first distinctive defining signal at least partly defines a first special area by its coverage, the second distinctive defining signal at least partly defining a second special area by its coverage.
- FIG. 4 illustrates an exemplary preparatory process of adding new checking data into one or more memories of two different service providers, SP1 and SP2, and later sending the checking data to the user mobile device for storage.
- step (1 .a) a user inputs checking data related to some owned radio communication defining devices into a web interface of SP1 , and the checking data is stored in one or more memories of SP1 ; and also inputs some other checking data related to other owned radio communication defining devices into a web interface of SP2, and the other checking data is stored into one or more memories of SP2.
- step (1 .a) several entities (e.g. a car manufacturer, an energy provider or a merchant) associated to a set of radio communication defining devices (e.g. wireless devices embedded into cars, PLC WiFi devices at users home location or iBeacon BLE devices at merchants locations) send checking data related to those devices to SP1 .
- SP1 stores the checking data in one or more memories, and other entities associated to another set of radio communication defining devices send other checking data related to those other devices toSP2, which also stores the other checking data in one or more memories.
- step (1 .a) SP1 stores some checking data related to some owned radio communication defining devices into one or more of its owned memories and SP2 also stores some checking data related to some owned radio communication defining devices into one or more of its owned memories.
- step (2. a) the user downloads a mobile device application to enable presence related services from the corresponding applications store to the mobile device.
- the application store may be Google Play for Android devices, iTunes for Apple devices and Blackberry World for Blackberry devices.
- the mobile device application is already available in the mobile device memory when the mobile device is initially delivered to the user.
- step (3. a) some special areas are defined by SP1 and some other special areas are defined by SP2. The definition of each special area relates to checking data associated to the one or more radio communication defining devices that defines it and, when a special area is defined by more than one radio communication defining device, to certain rules that also defines the special area (e.g.
- a special area may be defined by the sum and/or intersection of the coverage of a set of radio communication defining devices as previously discussed in conjunction with Figure 3.
- process (3. a) ends the checking data related to the referred special areas and the rules that defines the special areas are stored into the one or more memories of SP1 and SP2 respectively.
- step (4. a) the stored checking data and associated special area rules are sent from SP1 to the mobile device that stores them in an internal memory of the mobile device; and the stored checking data and associated special area rules are also sent fromSP2 to the mobile device, which stores them in an internal memory of the mobile device.
- the checking data and the associated special area rules related to special areas defined by SP1 are sent to the mobile device in the context of a registration process of the mobile device for those special areas.
- the checking data and the associated special area rules are linked in the one or more memories of SP1 to a first identifier related to the mobile device (e.g. the smartphone IMEI), the identifier being sent from the mobile device to the SP1 in the context of the referred registration process.
- a first identifier related to the mobile device e.g. the smartphone IMEI
- OTP One Time Password
- keys and parameters are sent from SP1 to the mobile device during the referred registration process, to be later used in the context of requesting presence related services from the mobile device to SP1 .
- a PIN may also be selected by the user during the registration process, said PIN being later used to request certain presence related services from the mobile device; the same approach may apply in connection to SP2 and the related special areas.
- Figure 8 describes this registration process in more detail.
- the checking data,the associated special area rules and the OTP keys and parameters are stored into a memory of the mobile device that relates to a mobile device application, the mobile device application being the one determining the presence status of the mobile device into one or more special areas.
- the mobile device Once the mobile device has been personalized for special areas presence determination, it is capable to monitor the presence of the mobile device in one or more special areasassociated to the mobile device. With reference to Figure 4, according to some implementations the following steps are involved.
- step (1 .b) at least one radio communication defining device transmits repeatedly in at least a channel one radio distinctive defining signal that at least partly defines one of the special areas by its coverage.
- step (2.b) the mobile device observes the channel and processes any signal received in order to determine whether or not it is receiving any defining signal;
- step (3.b) the mobile device processes any defining signal received in order to determine, using the above referred checking data and the associated special area rules, whether or not the defining signal received is a distinctive defining signal that at least partly defines one or more of the special areas, and determines whether or not it is present in one or more of the special areas;
- step (4.b) the mobile device sends an updating signal to a mobile telephone network comprising information about its presence in one or more of the special areas, where the updating signal sending is uncorrelated to any mobile device phone call establishment and comprises an identifier related to the mobile device;
- step (5.b) the mobile telephone network routes the updating signal to one or more processing devices of SP2 (in this example the updating signal refers to an special area defined by SP2) that adapt in step (6.b) the value of at least one operating parameter depending on the presence of the mobile device in each of the special areas, and depending on such a presence status and other possible defined rules and verifications a presence related service may be provided by SP2 in step (7.b).
- the updating signal refers to an special area defined by SP2
- the service provider (SP1 or SP2 depending on whether one or the other defined the first special area) receives (step 6.b) from the mobile device via the mobile telephone network a first updating signal uncorrelated to any mobile device phone call establishment that identifies the mobile device ' s presence in at least the first special area, and the service provider (SP1 or SP2 depending on whether one or the other defined the second special area) receives from the mobile device via the mobile telephone network a second updating signal uncorrelated to any mobile device phone call establishment that identifies the mobile device ' s presence in at least the second special area, the first updating signal including a second identifier related to the mobile device, the second updating signal including a third identifier related to the mobile device,
- This second and third referred identifiers related to the mobile device have the purpose to match each updating signal with a first mobile device identifier that is stored in the one or more memories of the corresponding service provider. According to some implementations the identifiers for a particular mobile device are the same.
- step (6.b) the service provider (SP1 or SP2) derives from the first updating signal by one or more processing devices having access to at least a portion of the data whether or not the mobile device is present in the first special area, and deriving from the second updating signal by the one or more processing devices whether or not the mobile device is present in the second special area.
- step 7.b the service provider (SP1 or SP2) enables or disables by use of the one or more processing devices a presence related service based upon the mobile device ' s presence or non-presence in the first special area, and the service provider enables or disables by use of the one or more processing devices a presence related service based upon the mobile device ' s presence or non-presence in the second special area.
- a presence related service may be granted depending on the presence of the mobile device in the special area, but also depending on other additional considerations from the service provider.
- the presence determination information may be enough to enable the presence related services as the secure element itself has the capability to securely store sensitive data and to establish a secure channel with the service provider system, via the mobile telephone network.
- the mobile device application is to be entirely stored in the memory of the mobile device (it is the device memory where games, videos, productivity, music, health, messaging, applications from applications markets, and the like are stored), additional security measures and processes could be desirable to prevent certain type of attacks to gain unauthorized access to presence related services.
- enabling the presence related service associated to the mobile device ' s presence in the first special area also depends on a successful validation by use of the one or more processing devices of the service provider of at least one One-Time-Password (OTP) that is sent from the mobile device and that is univocally correlated to the first updating signal, where at least one OTP is calculated based on information that is included in at least one of the distinctive defining signals that define the first special area, and enabling the presence related service associated to the mobile device ' s presence in the second special area also depends on successful validation by use of the one or more processing devices of the service provider of at least one One-Time-Password (OTP) that is sent from the mobile device and that is univocally correlated to the second updating signal.
- OTP One-Time-Password
- access to presence driven services relates to presence of the mobile device into one or more special areas but, on top of that, additional OTP-based authentication is performed by the one or more processing devices.
- additional OTP-based authentication is performed by the one or more processing devices.
- at least one of the OTP calculations is performed when the mobile device is present in a first special area, based on information from the context. If the context information does not relate to the mobile device being present into the first special area, then the validation of said OTP by the one or more processing devices would not (typically) be successful.
- the method could also be deployed in scenarios where a secure element into the mobile device stores part of the mobile device application sensitive data.
- the mobile device application is entirely stored in the referred mobile device memory, thus avoiding the aforementioned business model barriers and technical complexities for the service providers while simultaneously providing the appropriate security.
- Figure 5 shows different scenarios to enable services related to radio communication defining devices.
- a "thing" representation into the internet is driven, at least partly, from information provided to the internet by the object itself (or by another element "on behalf" of the object).
- a city maintenance service can be managed more efficiently if each tree is equipped with a wireless sensor to be able to self-determine and inform to smart city services about when it requires special care, such that maintenance routes can be organized.
- System A in Figure 5 shows a traditional Machine-To-Machine (M2M) approach where the "things” (RCDDs) are equipped with a SIM card and a data subscription; nevertheless, from a smart sensing perspective, the loT "objects” should generally be equipped with cheap, consumption efficient, short range communications (as shown in connection to systems B and C in Figure 5).
- M2M Machine-To-Machine
- the info comprised into the first signal is a "location" info that allows the server to generate a second signal that make server prediction about where the user is going to be in the future (e.g. if the calendar arrangement indicated that the user will arrive tomorrow morning to the office, then the second signal indicates to the office thermostat that the heating shall start at 08h 00).
- the devices all have long range communications, fixed or mobile, so in case of the devices having long range mobile communications it relates to a traditional M2M approach as the one illustrated in figure 5 (A)and the rationale included herein below would apply.
- the hub-device supporting proximity interactions with a multiplicity of "objects”, and being endowed with long range communications to deliver the "objects” related information to the internet and to the service provider.
- the referred hub functions could be provided by dedicated devices (as illustrated for example, in system C of Figure 5), which the user would need to buy "in addition”, or be provided by a user mobile device (as shown in system B of Figure 5).
- RCDDs wireless enabled things
- System B of Figure 5 shows the user mobile device being used as the referred hub-device in the context of the potentially trillions of radio communication defining devices but furthermore also illustrates that in an efficient ecosystem, hub-related services shall be enabled by usingmobile centric presence determination methods.
- the mobile device in system B the mobile device is able to self-determine its presence status around certain personalized special areas, defined each by the coverage of one or more radio communication defining devices, such determination being used to trigger presence related services; if mobile centric presence determination methods would not be used in the referred context, a set of problems would appear, as already commented in connection to Figure 1 A and further elaborated now in connection to Figure 6.
- Figure 6 also shows different scenarios to enable services related to radio communication defining devices.
- System A of Figure 6 shows a "hub” mobile device able to determine its proximity toradio communication defining devices ("objects”) and, only as a result of that proximity, a connection to the internet is established to send objects related information to a service provider.
- objects such devices
- Such approach would derive in systems being spectrally inefficient, chaotic and out of control, and to daily reduce the battery duration on the mobile device.
- RCDDs wireless objects
- they may usehub services from mobile devices (e.g. smartphones, tablets, etc.), the wireless objects being endowed with at least one of BLE, NFC, Bluetooth, WiFi or ZigBee short range communications.
- BLE Bluetooth
- WiFi WiFi
- ZigBee short range communications In a "reference journey" of just one mobile device, it can move through the range of coverage of hundreds/thousands of those radio communication defining devices... every day.
- the mobile device If the mobile deviceis tomake an internet connection simply for being in the proximity of any of the objects, the mobile device would attempt a connection to the internet hundreds if not thousands of times per day, although it is supposed that ⁇ 1 % of those connections would relate to a service associated to a user-related "thing" (RCDD), the rest being "channel garbage".
- RCDD user-related "thing”
- hub mobile device of system A of Figure 6 would not be able to offer an appropriate solution in terms of safe guarding user privacy (as it would be transmitting RCDDs-related information without control).
- a smartphone from a user would be sending to the internet information about the washing machine of his neighbor as a result of being in the proximity of that "object" (RCDD).
- RCDD "object"
- this smartphone resources would be used without the owner ' s authorization to transmit information that is property of a third party. No doubt that a system based on such policies would systematically breach privacy rights of potentially billions of users, making it commercially infeasible.
- Wireless "things" (RCDDs) related services enabled via mobile devices cannot be massively deployed without adequate personalization and user control.
- System B of Figure 6 provides this by using "checking data" and special areas personalization in the mobile device which is used to match user related objects with user special areas; by using the checking data and the associatedspecial areas rules, presence status of the mobile device into user personalized coverage areas is determined. So it is possible to configure the system such that mobile device connections associated to RCDDs will be associated to presence of the mobile device into special areas defined by the coverage of one or more radio communication defining devices, so control, spectral efficiency and privacy are properly guaranteed.
- system B of Figure 6 facilitates: - Usage of just-one technology for the entire ecosystem of "things” (RCDDs) in terms of presence related services, thus avoiding market fragmentation;
- RCDDs presence-services related to the user ' s things
- client-server-based one-time-use calculations may be used to securely authenticate a presence updating signal.
- the one-time-use calculations depend on input data associated to radio communication devices, but only those radio communication devices associated to special areas personalized into the mobile device application may produce a successful authentication by the service provider processing the signal. So in those scenarios, on top of having the right mobile device and mobile device application personalization, the user must be in the right environment for an updating signal being accepted as authentic by the service provider.
- Figure 7 is a schematic diagram that generally illustrates some functional blocks according to an implementation.
- Figure 7 shows a legacy system 3000 of a service providerand a network presence system 5000 of the service provider.
- the network presence system elements may be located in one server, or spread in several servers, or computers.
- step (1 ) several entities (1001 ....
- the checking data contains at least part of at least one unique identifier of the corresponding radio communication defining device (e.g. at least part of the serial number of a WiFi router), or at least part of at least one identifier of a radio communication defining device category (e.g.
- part of the radio communication defining devices may be base stations of one or more mobile telephony networks, and other part may be wireless devices with short range communications capabilities such as Bluetooth, DECT, WIFI, Bluetooth Low Energy (BLE), Near Field Communications (NFC), Zig Bee, etc.
- Some of the radio communication defining devices are endowed with special area location monitoring means, as those described in connection to figures 3E and 3F, to ensure that they are located in a predetermined environment (e.g. a pay TV wireless decoder is endowed with special area location monitoring means to ensure that presence related pay TV services are not provided if the decoder is moved out of the authorized location).
- Special areas may be defined by distinctive defining signals from one or more radio communication defining devices, each one at least party defining at least one special area by its coverage; if a special area relates to several radio communication defining devices it may be defined by the sum and/or the intersection of the coverage of one or more distinctive defining signals from the radio communication defining devices; and also, in some cases, a defining signal being distinctive depends on the radio communication defining device being located in the planned location, as controlled by radio communication defining device special area location monitoring means, and reported by the radio communication defining device to the mobile device.
- therules are defined at the presence system of the service provider (e.g. in the checking data andspecial areas module) and the related data for each special area is stored in one or more memories of the service provider (e.g. into the presence services database)and is sent to the mobile device to allow the mobile device to determine, together with the usage of the checking data, whether it is present or not into one or more special areas.
- step (2) The user downloads in step (2) a presence-related mobile device application from the corresponding applications store (7000) to the mobile device (6000).
- a presence-related mobile device application from the corresponding applications store (7000) to the mobile device (6000).
- several of the special areas defined by the service provider are personalized into the mobile device application in the context of the registration process.
- the mobile device application sends to the presence system of the service provider a first identifier (e.g. the smartphone IMEI) related to the mobile device, which is then linked to the checking data and the associated special area rules in the one or more memories of the service provider;
- a first identifier e.g. the smartphone IMEI
- OTP Time Password
- the user selects a PIN (e.g. by keying the PIN into the mobile device) during the registration process, and the PIN is sent to the presence system and stored in the one or more memories of the service provider.
- the PIN is linked to the checking data, the special area rules, the OTP keys and parameters and the first identifier related to the mobile device.
- the checking data, the associated special area rules and the OTP keys and parameters are sent to the mobile device application in step (3), and are stored into a memory of the mobile device that relates to the mobile device application, the mobile device application being the one determining the presence status of the mobile device into the one or more personalized special areas.
- So data capable of linking the mobile device to at least one special area is electronically stored in one or more memories of the service provider, the data including checking data of the radio communication defining devices defining the at least one special area, and a first identifier related to the mobile device; and there is a transmission via a mobile telephone network to the mobile device of at least a portion of the checking data.
- step (4) the mobile device receives radio defining signals and/or radio distinctive defining signalsfrom radio communication defining devices (4000) and is able to determine in step (5), using the checking data, the mobile device application and the special areas presence determination rules, whether it is present or not in at least one special area.
- the mobile device sends a presence updating signal from the mobile device application to the presence system of the service provider, via the mobile telephone network, the updating signal including a second identifier related to the mobile device.
- the second identifier related to the mobile device has the purpose to match each updating signal with a first mobile device identifier that is stored in the one or more memories of the corresponding service provider.
- the mobile device identifiers are the same.
- the updating signal is sent to the presence system of the service provider at least one of: periodically; when the mobile device enters into, remains into, exits out or remains out of at least one special area.
- the mobile device sends periodically (for example every 30 seconds) an updating signal about its presence into a special area, such updating signal comprising the result of the last determination performed by the mobile device about its presence into the special area.
- An updating signal may be sent through a diversity of channels provided by the mobile telephone network (2G/3G/4G data connections, USSD, SMSs, etc.).
- the data comprised into the updating signal will typically be coded by the mobile device and decoded by the one or more processing devices of the service provider.
- the presence system of the service provider receives the updating signal and in step (7) derives from the updating signal by one or more processing devices having access to at least a portion of the data (e.g. data stored in the presence services database) whether or not the mobile device is present in at least one special area.
- the presence updating signal comprises a One-Time-Password (OTP) result.
- the OTP result is calculated in the mobile devicebased on information that is included in at least one of the distinctive defining signals that define the at least one special area.
- the OTP result is calculated by the mobile device using as input data a predefined value for that scenario, stored (e.g. obfuscated) in the mobile device application database.
- step (8) the OTP is verified by the security & OTP module of the presence service provider system.
- step (9) the presence services module enables or disables the provision of at least one presence related service depending on the presence of the mobile device in one or more special areas; and also depending on successful validation by the security & OTP module of the referred OTP.
- the presence system of the service provider enables or disables by use of the one or more processing devices at least one presence related service based upon the mobile device ' s presence or non-presence in one or more special areas; wherein according to some implementations,when the updating signal indicates that the mobile device is present in the at least one special area, enabling the at least one presence related service associated to the mobile device ' s presence in one or more special areas also depends on successful validation by use of the one or more processing devices of at least one One-Time-Password (OTP) that is sent from the mobile device and that is univocally correlated to the updating signal, where at least one of those OTPs is calculated based on information that is included in at least one of the distinctive defining signals that define the at least one special area.
- OTP One-Time-Password
- Figure 8 shows another implementationassociated with one or more providers of presence related services in connection with the use of a mobile device and at least a radio communication defining device that transmits a distinctive defining signal, the distinctive defining signal at least partly defines one or more special areas by its coverage. The following is described in detail in connection to the presence system of service provider 1 .
- Figure 8 also shows other service providers of presence related services wherein each of service provider 2 and service provider 6 owns and operates its own presence system; service provider 3 owns and operates its own presence system, but also operates at least part of the presence system of service provider 4 and service provider 5; so the presence system of service provider 4 is partly operated by service provider 3 (on behalf of service provider 4); and the presence system of service provider 5 is also partly operated by service provider 3 (on behalf of service provider 5).
- the presence system that is enabling/disabling presence related services associated to a set of users and users ' mobile devices is owned and operated by a set of different service providers of presence related services (each one owning/operating a part of it) and the one or more memories and processors of the presence system are spread in several servers, or computers.
- Figure 8 also illustrates, in detail, an exemplary process to securely personalize one or more special areas into a mobile device application installed in a mobile device, to enable presence services provision.
- step (1 ) the process to personalize or register one or more special areas in the mobile device application is described in detail in connection to one service provider (service provider 1 ), However, an equivalent registration and updating process may be used to make the mobile device or mobile device application(s) being personalized with many different presence related special areas defined by a multiplicity of service providers.
- step (1 ) the user downloads a mobile device application from an applications store into his mobile device, and the application is then installed.
- more than one mobile device application may be downloaded an installed for presence services enablement/disablement, each application being personalized for one or more special areas defined by one or more presence service providers.
- step (2) a user inputs data (checking data) related to owned or associated radio communication defining devices into the presence system of the service provider 1 , via the web distribution channel of the service provider, and the data is stored in one or more memories of the presence system of the service provider (this storage is represented as "RCDD(CD)" in Figure 8).
- the mobile device application in the mobile device may obtain and store the checking data into the mobile device application database (selecting, for example, a name for the special area such as "smart TV", "plant” or “bottle of medicines”)when being in the proximity of one or more radio communication defining devices, sending (e.g.
- the mobile device application after acceptance by the user or operator via the mobile device keyboard) the data to the presence system of the service provider, via the mobile telephone network, for storage into one or more memories; also, the user (or an operator) may manually input checking data into the mobile device application, to be stored in the mobile device application database and tobe sent to the service provider system for storage into one or more memories.
- a secret code as the one selected in step (1 1 ) herein below in connection to Figure 8 in the case of the user; or a service provider operator code in the case of the operator.
- the checking data storage referred to in this paragraph is also represented as "RCDD(CD)" in Figure 8).
- the mobile device application shall receive from the presence system of the service provider a confirmation that the checking data and the definition rules of the given special area have been properly stored and registered into the presence system of the service provider to then make said special area becoming activated into the mobile device application.
- step (2) also in step (2) some checking data related to some owned radio communication defining devices into its own one or more memories.
- the checking data storage referred to in this paragraph is also represented as "RCDD(CD)" in Figure 8).
- the checking data contains at least part of at least one unique identifier of the corresponding radio communication defining device, or at least part of at least one identifier of a radio communication defining device category; and a radio communication defining device may be any wireless device with either long range or short range communications capabilities (Bluetooth, DECT, WIFI, BLE, NFC, Zig Bee, etc.), those devices being part of the Internet of Things ecosystem as a whole. Some of the radio communication defining devices may be endowed with special area location monitoring means as previously described.
- step (3) some presence special areas are defined for the user.
- the checking data and special areas module has defined some special areas using at least part of the checking data stored in step (2) and certain rules.
- the rules may be related to a special area being defined by distinctive defining signals from one or more radio communication defining devices, each one at least partly defining the special area by its coverage; if a special area relates to several radio communication defining devices it may be defined by the sum and/or the intersection of the coverage of one or more distinctive defining signals from the radio communication defining devices; and also, in some cases, a defining signal being distinctive depends on the radio communication defining device being located in the planned location, as controlled by radio communication defining device special area location monitoring means, and reported by the radio communication defining device to the mobile device.
- some special areas are defined just after the checking data are stored into the one or more memories of the service provider, after being received from user input, or from the mobile device application, or from the service provider itself, or from entities 1 ... N. According to some implementations some special areas are defined during the registration process of the mobile device applicationinto one or more special areas (or into the associated presence related services).
- the user defines the special areas related to his owned and/or controlled radio communication defining devices via a web interface of the service provider; each entity 1001 -100N defines the special areas related to its owned and/or controlledradio communication defining devices via an interface withthe presence services provider; and the service provider defines the special areas related to its owned and/or controlled radio communication defining devices.
- the service provider 3 defines special areas for users, on behalf of service provider 4 and service provider 5.
- the relationship between the user (that is a customer of service provider 1 ), the related radio communication defining devices checking data and the special area rules defined for each special area is stored in the presence services database.
- the database of service provider 1 may represent the storage and relationships as follows:
- Steps (4) to (14) show the registration process of a mobile deviceapplication(in a mobile device) into a first special area (SA1 ) for presence services provision.
- step (4) the user starts the process of registering at least one special area into the mobile device application by sending a request for registration via the web distribution channel of service provider 1 .
- the request requires a prior payment to be made by the user, e.g. via the web distribution channel of service provider 1 , to have access to the presence related services associated to said at least one special area.
- an activation code is generated for registering the mobile device application into each special area. So in step (5), and in connection to registering the mobile device application for the SA1 , theACs A iis generated by the security and OTP module, and it is stored, associated to SA1 ,into the presence services database of service provider 1 . According to some implementations a hash value of the ACSAI IS also calculated and stored; this hash value can be later used during this registration process, as detailed herein below. So, at this stage the data relationships into the presence services database of service provider 1 are the following:
- step (6) the activation code (ACSA-I) for registering the mobile deviceapplication into SAi is displayed to the user via the web distribution channel of service provider 1 .
- step (7) the user inserts the activation code (ACSA-I) for SA into the mobile device application and in step (8) the mobile deviceapplication in the mobile device sends to one or more processors of service provider 1 , e.g. via https, the hash(ACsA-i) and the Device ID (ciphered with hash(ACsA-i)-
- the Device ID may be a unique identifier of the mobile device, such as for example the IMEI.
- step (9) one or more processing devices of service provider 1 identifies the customer reference in connection to SA1 by using the received hash(ACs A i) value.
- the Device ID ciphered value is then deciphered and stored into the presence services database of service provider 1 , as shown in Figure 8.
- a new hash(Device ID &ACSAI) value is calculated by the one or more processing devices, and stored into the database, associated to theACs A i, and to the hash(ACsA-i) values; this hash(Device ID &ACSAI) value can be used later as described herein below. So, at this stage the data relationships into the presence services database of service provider 1 are the following:
- OTP keys and parameters are generated/defined in step (9) by the security and OTP module, and are stored into the presence services database of service provider 1 .
- the stored OTP keys and parameters are illustrated in Figure 8 as "OTP" in the database of service provider 1 . So at this stagethe data relationships into the presence services database of service provider 1 may be represented as:
- step (10) the mobile device application is pre-personalized to enable presence related services for SAi.
- Pre-personalization refers to a step previous to special areas final personalization and in this phase certain application data and configurations are sent to the mobile device application (e.g. OTPkeys and parameters for mobile device OTP related calculations; e.g. certain images, texts, graphics or icons related to presence services associated to SA1 ).
- OTP keys and parameters may be used to calculate OTP results that uses the PIN as input data, as well as OTP results that do not (e.g. OTP results calculated using information that is included in at least one of the distinctive defining signals that define an special area; examples will be provided herein below).
- step (10) the mobile device application in the mobile device ispre-registered for presence related services associated to SAi , but receiving checking data and SA1 presence related rules is still pendent.
- step (9) in case that in step (9) the one or more processing devices determines that the receivedhash(ACsAi) value either does not exists in the database of the presence service provider 1 or the relatedACs A ihas expired (e.g. because the pre-registration process did not finalize within a designated time period after the ACSAI was generated and stored into the database of presence related services), then the pre-registration process fails and the user may start it again from step (4).
- to makea special area of a provider of presence related services becoming at least partly registered in a mobile device requires the user inserting an activation code into the mobile device and a successful validation of said activation code by one or more processing devices.
- the ACSAI is validated by validating the relatedhash(ACsA-i) value.
- step (1 1 ) the user is prompted to select a Personal Identification Number (PIN) for presence related services associated to at least SA (as commented herein below, in some implementations the same PIN may be used to register into the mobile device more special areas related to service provider
- PIN Personal Identification Number
- the PIN value is not stored at the mobile device application but is securely sent in step (12), e.g. via https, to the presence system of service provider 1 , together with a One-Time-Password (OTP) that has been calculated using the PIN value and OTP keys and parameters stored in the mobile device applicationdatabase during the previously described pre-registration process; andthe hash(ACsAi) value is also sent, to be able to assign by the one or more processing devices the selected PIN and the OTP result to the right customer reference.
- OTP One-Time-Password
- step (13) the PIN is stored in the one or more memories of service provider 1 , in relationship with thepreviously stored keys and parameters for OTP calculations.
- This PIN storage into the database of service provider 1 is labelled in Figure 8database as "PIN" data.
- step (13) the one or more processing devices of service provider 1 calculates an OTP result using the stored user PIN and OTP keys and parameters, and compares the result with the one received from the mobile device application. If validation is successful thenSA-ican be personalized into the mobile device application database, and SA related checking data and rules can be sent to the mobile device application.
- the service provider sends special arearelated checking data and rules to the mobile device application in the mobile device after successful validation of a One Time Password (OTP) received from the mobile device application.
- OTP One Time Password
- step (14) SA related checking data and rules are sent from the service provider 1 to the mobile device application; the mobile deviceapplication in the user mobile device receives the data and stores the data for later determination about whether the mobile device is present or not into SA-i . So when step (14) ends SA related personalization has been completed.
- data capable of linking the mobile device to at least one special area is electronically stored in one or more memories of the service provider of presence related services, the data including checking data of the radio communication defining devices defining the at least one special area, and a first identifier related to the mobile device; and there is transmission via a mobile telephone network to the mobile device of at least a portion of the checking data.
- the pre-registration and the registration process into at least one special area shall be made in the context of the same https session, such that the PIN shall be selected in the same session where the activation code is entered.
- time period e.g. 2 minutes
- step (15) the mobile device receives radio defining signals and/or radio distinctive defining signalsfrom radio communication defining devices and in step (16) is able to determine, using the checking data, the mobile device application and the presence determination rules, whether it is present or not in at least one special area, for example in SA .
- step (17) the mobile device sends a presence updating signal (about its presence status in SA from the mobile device application to the presence system of service provider 1 , via the mobile telephone network.
- the presence updating signal is sent to the service provider at least one of: periodically; when the mobile device enters into, remains into, exits out or remains out of at least one special area.
- the presence updating signal also comprises a One-Time-Password (OTP) result.
- OTP One-Time-Password
- the OTP result is calculated based on information that is included in at least one of the distinctive defining signals that define SA1 (as illustrated in connection to step (17) of Figure 8).
- the OTP result is calculated by the mobile device application using as input data a predefined value for that scenario, stored (e.g. obfuscated) into the mobile device application database.
- the updating signal indicates that the mobile device is not present in a special area, then an OTP is not calculated by the mobile device.
- the updating signal also comprises the hash(Device ID&ACSAI), to be able to match at the presence system of service provider 1 the updating signal about the presence status of the mobile device into SA-i , with the right customer reference and with the rest of the related parameters into the database of service provider 1 ; and to validate the OTP result using the appropriate keys, parameters and input data.
- the presence system of the service provider receives the presence updating signal that identifies the mobile device ' s presence in SAi and in step (18) derives from the updating signal by one or more processing devices having access to at least a portion of the data (stored in the presence services database of Figure 8) whether or not the mobile device is present in SA-
- step (19) the OTP that was comprised into the presence updating signal is validated by the security & OTP module of the presence service provider 1 .
- the presence services module of the service provider 1 enable or disable by use of one or more processing devices at least one presence related service based upon the mobile device ' s presence or non- presence into SAi ; and also depending on successful validation by the security & OTP module of the service provider 1 of the referred OTP that was comprised into the presence updating signal.
- the presence system of the service provider enables or disables by use of the one or more processing devices at least one presence related service based upon the mobile device ' s presence or non-presence in one or more special areas; wherein when the updating signal indicates that the mobile device is present in the at least one special area, enabling the at least one presence related service associated to the mobile device ' s presence in one or more special areas also depends on a successful validation by use of the one or more processing devices of at least one One-Time-Password (OTP) that is sent from the mobile device and that is univocally correlated to the updating signal, where at least one OTP is calculated based on information that is included in at least one of the distinctive defining signals that define the at least one special area.
- OTP One-Time-Password
- Figure 9 shows another implementationassociated with several providers of presence related services in connection with the use of a mobile device and at least a radio communication defining device that transmits a distinctive defining signal, the distinctive defining signal at least partly defines one or more special areas by its coverage.
- the implementation of Figure 9 will be described in connection to a first provider of presence related services (service provider 1 in Figure 9), and a second provider of presence related services (service provider 2 in Figure 9). It is assumed thatthe registering of special areas has already occurred and that the mobile device application has been successfully registered for five specials areas defined by service provider 1 (SA-i, SA 2 , SA 3 , SA 4 and SA 5 ) and four special areas defined by service provider 2 (SAA, SAB, SAc and SA D ). [0261 ] So, at this stage the data relationships into the presence services database of service provider 1 may be represented as follows:
- An activation code has been generated for registering the mobile device application into each special area.
- the mobile device application has been personalized to enable presence related services forSAi , SA 2 , SA 3 , SA 4 and SA 5 .
- the same PIN has been used to register the five special areas (it was selected when registering the mobile device for the first special area and the same PIN was later also used in step (12) of Figure 8 to register the other four special areas). According to other implementations different PINs may be used to register the different sets of special areas.
- thesame PIN is used by the user in connection to the OTP(PIN) calculations associated to any of the five referred special areas.
- the OTP keys and parameters have beendefined per each special area, and are stored in the database of service provider 1 (as show in Figure 9); and have been sent and are stored in the database associated to the mobile device application.
- data capable of linking the mobile device to at least one special area is electronically stored in one or more memories of the service provider 1 , the data including checking data of the radio communication defining devices defining the at least one special area, and a first identifier related to the mobile device; and there is transmission via a mobile telephone network to the mobile device of at least a portion of the checking data.
- the mobile device receives radio defining signals and/or radio distinctive defining signals from radio communication defining devices and is able to determine, using the checking data, the mobile device application and the presence determination rules, whether it is present or not in at least one special area.
- a radio defining signal from a radio communication defining device may, for example, be transmitted on a continuous or periodical basis; and the mobile device observation about whether or not it is receiving any defining signal can also becontinuous or periodical.
- Figure 9 shows several examples of the mobile device sending a presence updating signalabout its presence status into any of the special areas SAi, SA 2 , SA 3 , SA 4 and SA 5 , from the mobile device application to the presence system of service provider 1 , via the mobile telephone network.
- example (1 ) illustrates the scenario of the updating signal SAi being sent when the mobile device is present into SAi(e.g. when enters into SA-i) and the OTP result being calculated based on information that is included in at least one of the distinctive defining signals that define SAi.
- the updating signal also comprises a reference to the checking data that has been used as input data to calculate the OTP result, such that one or more processing devices in the service provider 1 system will be able to make the relative OTP calculation and to proceed with the validation of the OTP received.
- the OTP result would be calculated by the mobile device application using as input data a predefined value for that scenario, known by the service provider 1 and stored into the server database in connection to the given customer reference and special area, and also stored (e.g. obfuscated) in the mobile device application database (this scenario is not illustrated in Figure 9).
- the updating signal indicates that the mobile device is not present in a special area, then an OTP is not calculated by the mobile device.
- the hash(Device ID & ACsAi) can be used to match at the presence system of service provider 1 the updating signal about the presence status of the mobile device in SA-i , with the right customer reference and with the rest of the related parameters in the database of service provider 1 ; and to validate the OTP result using the appropriate keys, parameters and input data.
- the presence system of service provider 1 receives the presence updating signal that identifies the mobile device ' s presence in SA andderives from the updating signal by one or more processing devices having access to at least a portion of the data (stored in the presence services database of Figure 9) whether or not the mobile device is present in SA-i .
- the presence services module of the service provider 1 enables or disables by use of one or more processing devices at least one presence related service based upon the mobile device ' s presence or non-presence in SA ⁇ and also depending on successful validation by the security & OTP module of the service provider 1 of the referred OTP that was comprised into the presence updating signal.
- the mobile device also sends an updating signal about its simultaneous presence in SA 3 and SA 4 .
- Example (2) illustrates the scenario of the updating signal SA 3 andSA 4 being sent when the mobile device is present in both special areas (e.g. when enters into SA 3 and remains into SA 4 ) and there is a first OTP result being calculated based on information that is included in at least one of the distinctive defining signals that define SA3 and a second OTP result being calculated based on information that is included in at least one of the distinctive defining signals that define SA4.
- the updating signal also comprises a reference to the checking data that has been used as input data to calculate the first OTP SA3 result and a reference to the checking data that has been used as input data to calculate the second OTPSA4 result, such that one or more processing devices in the service provider 1 system will be able to make the relative OTP calculations and to proceed with the validation of the OTPs received.
- the presence system of the service provider 1 receives the presence updating signal that identifies themobile device ' s presence in SA 3 and SA 4 and derives from the updating signal by one or more processing devices having access to at least a portion of the data (stored in the presence services database of Figure 9) whether or not the mobile device is present in SA 3 and SA 4 .
- the presence services module of the service provider 1 then enables or disables by use of one or more processing devices at least one presence related service based upon the mobile device ' s presence or non-presence into SA 3 , and also depending on successful validation by the security & OTP module of the service provider 1 of the referred OTP S A3 that was comprised into the presence updating signal.
- the updating signal processing determines that the mobile device was present inSA 3 and the validation of the OTPsA3result is positive (i.e. the received OTP is equal to the one calculated at the service provider 1 system) then the at least one presence related service is enabled and can be provided.
- Example (3) illustrates the scenario of the updating signal SA 5 being sent when the mobile device is present inSA 5 (e.g. when remains into SA 5 ) and there is an OTP result being calculated based on the user inputting the PIN in the mobile device application via the mobile device keyboard.
- the presence system of the service provider 1 receives the presence updating signal that identifies the mobile device ' s presence in SA 5 and derives from the updating signal by one or more processing devices having access to at least a portion of the data (stored in the presence services database of Figure 9) whether or not the mobile device is present in SA 5 .
- the presence services module of the service provider 1 then enables or disables by use of one or more processing devices at least one presence related service based upon the mobile device ' s presence or non-presence inSA 5 , and also depending on successful validation by the security & OTP module of the service provider 1 of the referred OTPSAS that was comprised into the presence updating signal.
- the updating signal processing determines that the mobile device was present inSA 5 and the validation of the OTPsAsresult is positive (i.e. the received OTP is equal to the one calculated at the service provider 1 system) then the at least one presence related service is enabled (or remains enabled) and can be provided.
- the definition ofone or more special areas may change: new checking data may be added; some checking data may be modified, or deleted; and the rules defining special areas may change. Those changes would be reflected into the one or more memories of the service provider (in the database of service provider 1 or the one of service provider 2, as applicable in the implementation of Figure 9).
- the old special area may become disabled in the database of the service provider, and a new definition is stored in the database.
- a new activation code to make the new special area definition being personalized into the database associated to the mobile device application.
- the updating can be made upon the user inserting the PIN in the context of a presence updating signal to the sent.
- the one or more processing devices of service provider 1 identify that there is a pending updating of SA 2 personalization into the mobile device application, and said updating is then made(upon a successful prior validation of the received OTP(PIN) value)in the context of the https session that is open in connection to the transmission of the updating signal SA 5 . So in this example, when the referred https connection is closed, the SA 2 personalizationhas been successfully updated into the database of the mobile device that is associated to the mobile device application.
- the presence services related to the special areas associated to a given PIN are blocked inthe presence system of service provider 1 after a number of wrong consecutive PIN entries (e.g. 3).
- a wrong PIN entry is accounted when the result of the OTP(PIN) verification, that uses the PIN stored into the database of service provider 1 , and OTP keys and parameters, to calculate an OTP result that is compared with the OTP result received from the mobile device application, determines that the entered PIN was not correct.
- a different PIN value may be associated to each special area; or to a group of special areas.
- Figure 9 shows, in connection to service provider 2, that a PIN B has been selected when registering the mobile device application to SA B and a PIN D has been selected when registering the mobile device application to SA D .
- An activation code has been generated for registering the mobile device application into each special area.
- the mobile device application has been personalized to enable presence related services for SA A , SA B , SA c and SA D .
- PIN B has been used to register the mobile device application to SA B and PIND has been used to register the mobile device application to SAD.
- PIN B is used by the user in connection to theOTP calculations associated to SA B that required the PIN as input data for the calculation
- PIND is used by the user in connection to those OTP calculations associated to SAD that required the PIN as input data for the calculation
- the OTP keys and parameters are common to the four special areas, and are stored into thedatabase of service provider 2 and have been sent and are stored in the database associated to the mobile device application.
- Data capable of linking the mobile device to at least one special area is electronically stored in one or more memories of the service provider 2.
- the data may include checking data of the radio communication defining devices defining the at least one special area, and a first identifier related to the mobile device; and there is transmission via a mobile telephone network to the mobile device of at least a portion of the checking data.
- Figure 9 shows several examples of the mobile device sending a presence updating signal about its presence status in any of the special areas SAA, SAB, SAcand SAD, from the mobile device application to the presence system of service provider 2, via the mobile telephone network.
- the mobile device sends an updating signal about its presence in SAD.
- Example (4) illustrates the scenario of the updating signal SA D being sent when the mobile device is present inSA D (e.g. when enters into SA D ) and there is an OTP result being calculated based on the user inputting the PIND in the mobile device application via the mobile device keyboard.
- the hash(Device ID & ACSAD) may be used to match at the presence system of service provider 2 the updating signal about the presence status of the mobile device in SA D , with the right customer reference and with the rest of the related parameters into the database of service provider 2; and to validate the OTP result using the appropriate keys, parameters and input data.
- the presence system of the service provider 2 receives the presence updating signal that identifies the mobile device ' s presence in SAD and derives from the updating signal by one or more processing devices having access to at least a portion of the data (stored in the presence services database of Figure 9) whether or not the mobile device is present in SAD.
- the presence services module of the service provider 2then enables or disables by use of one or more processing devices at least one presence related service based upon the mobile device ' s presence or non-presence inSA D , and also depending on successful validation by the security & OTP module of the service provider 2 of the referred OTP(PIND) that was comprised into the presence updating signal.
- the updating signal processing determines that the mobile device was present in to SA D and the validation of the OTP(PIN D )result is positive (i.e. the received OTP is equal to the one calculated at the service provider 2 system) then the at least one presence related service is enabled (or remains enabled) and can be provided.
- the mobile device also sends an updating signal about its presence in SAc.
- example (5) illustrates the scenario of the updating signal SAcbeing sent when the mobile device is present inSAc (e.g. when remains inSA c ) and the OTP result being calculated based on information that is included in at least one of the distinctive defining signals that define SA C .
- the updating signal also comprises a reference to the checking data that has been used as input data to calculate the OTP result, such that one or more processing devices in the service provider 2 system will be able to make the relative OTP calculation and to proceed with the validation of the OTP received.
- the updating signal SAc indicates that the mobile device is not present inSA c
- the OTP is calculated by the mobile device application using as input data a predefined value for that scenario, known by the service provider 2 and stored in the server database in connection to the given customer reference and special area, and also stored (e.g. obfuscated) in the mobile device application database (this scenario is not illustrated in Figure 9).
- the presence system of service provider 2 receives the presence updating signal that identifies the mobile device ' s presence in SA C and derives from the updating signal by one or more processing devices having access to at least a portion of the data (stored in the presence services database of Figure 9) whether or not the mobile device is present in SAc.
- the presence services module of the service provider 2 then enables or disables by use of one or more processing devices at least one presence related service based upon the mobile device ' s presence or non-presence in SAc; and also depending on successful validation by the security & OTP module of the service provider 2 of the referred OTP that was comprised into the presence updating signal.
- Example (6) illustrates the scenario of the updating signal SA B being sent when the mobile device is present in special area SA B (e.g. when enters into SA B ) and there is a first OTP result being calculated based on the user inputting the PIN B in the mobile device application via the mobile device keyboard and a second OTP result being calculated based on information that is included in at least one of the distinctive defining signals that define SA B .
- the updating signal also comprises a reference to the checking data that has been used as input data to calculate the second OTP(CDSAB) result, such that one or more processing devices in the service provider 2 system will be able to make the relative second OTP calculations and to also proceed with the validation of the second OTP received.
- a single OTP result would be calculated by the mobile device application using as input data a predefined value for that scenario, known by the service provider 2 and stored into the server database in connection to the given customer reference and special area, and also stored (e.g. obfuscated) into the mobile device application database (this scenario is not illustrated in Figure 9).
- the presence system of the service provider 2 receives the presence updating signal that identifies the mobile device ' s presence in SAB and derives from the updating signal by one or more processing devices having access to at least a portion of the data (stored in the presence services database of Figure 9) whether or not the mobile device is present in SA B .
- the presence services module of the service provider 2 then enables or disables by use of one or more processing devices at least one presence related service based upon the mobile device ' s presence or non-presence inSAe, and also depending on successful validation by the security & OTP module of the service provider 2 of the referred OTP/OTPs that was/were comprised in the presence updating signal.
- the definition of one or more special areas e.g. related to the service provider 2 may change: new checking data may be added; some checking data may be modified, or deleted; the rules defining special areas may change; some special area is disabled. Those changes would be reflected in the one or more memories of the service provider 2.
- the SA C and SA D special areas personalization has been successfully updated (e.g. SA c has been deactivated and SAcChecking data and rules has been modified) into the database of the mobile device that is associated to the mobile device application.
- Figure 10 representsan exemplary presence relateddatabaseof one service provider.
- the figure shows a parameters database like the one described in connection to service provider 1 of Figure 9, where the mobile device application has already become successfully registered for five specials areas defined by service provider 1 (SA-i , SA 2 , SA 3 , SA 4 and SA 5 ).
- the illustrated parameters database links the five special areas with three mobile devices identification codes MD(i-1 ), MD(i) and MD(I+1 ), each of which have an entry, (i-1 ), (i) and (i+1 ).
- the mobile device application of the three mobile devices has been personalized to enable presence related services for SAi, SA 2 , SA 3 , SA 4 and SA 5 .For simplicity, the examples provided herein below only refer to mobile device MD(i).
- An activation code (AC) has been generated for registering the mobile device application into each special area and this code is stored in column (c) in connection to each special area for mobile device MD(i).
- the same PIN has been used to registerMD(i) in the five special areas and its storage is illustrated in the last column of Figure 10, in connection to entry (i). Also the customer reference is illustrated in relationship to entry (i).
- the OTP keys and parameters have been defined per each special area, and are stored in column (f) in connection to each special area.
- the hash values calculated by one or more processing devices of service provider 1 during the pre-registration process of the mobile device application into each special area have been stored in columns (d) and (e) respectively, in connection to each special area associated to mobile deviceMD(i).
- one or more processing devices having access to at least a portion of the parameters/data adjust the value of at least one operating parameter of the parameters database linking the special areas and the mobile device.
- the value of the operating parameter(s) depends on the information contained in the updating signal about the presence of the mobile device into one or more special areas (and sometimes depends also on information that is correlated to the updating signal).
- operatingparameters related to some presence related services are enabled or remain enabled in the referred parameters database when the information contained in the updating signal indicates that the mobile device has recently entered or remains located in the corresponding special area; and also operating parameters related to some presence related services are enabled or remain enabled in the referred parameters databasewhen there is a successful validation by the security & OTP module of the service provider 1 of the at least one OTP that was comprised into the presence updating signal.
- operatingparameters related to some presence related services are disabled or remain disabled in the referred parameters database when the information contained in the updating signal indicates that the mobile device recently left or remains out of the special area; and also operating parameters related to some presence related services are disabled or remain disabled in the referred parameters databasewhen there is a negative validation by the security & OTP module of the service provider 1 of at least one OTP that was comprised into the presence updating signal.
- the first column of the database of Figure 10 comprises the mobile devices identification codes.
- a mobile device identification code refers to a unique codeof the mobile device such as, for example, the IMEI.
- the definition rules and the set of checking data formobile device MD(i) in connection to the special area SA 1 ; defined in column (a) of the entry (i) contains :
- a checking data 650 comprised in the distinctive defining signal of a first radio communication defining deviceRCDDI (e.g. the identification code of RCDD1 ), such distinctive defining signal defines the special area SA 1 ;
- a first radio communication defining deviceRCDDI e.g. the identification code of RCDD1
- - checking data 652 comprised in the distinctive defining signal of a second radio communication defining device RCDD2 (e.g. the identification code of RCDD2), such distinctive defining signal also defines the special area SA 1 ; and
- a checking data 654 comprised in the distinctive defining signal of a third radio communication defining device RCDD3 (e.g. the identification code of RCDD3), such distinctive defining signal also defines the special area
- the mobile device determines that it is located in the special area SA ⁇ when it receives at least one of the three identifiers 650, 652, 654 comprised in the distinctive defining signals coming from RCDD1 , RCDD2 and RCDD3, that is when it is located within the range of coverage of any of the three distinctive defining signals (according to one implementation, in the case of the defining signal of RCDD2, in order to consider that such defining signal is a distinctive defining signal, it will additionally be necessary that the reliable information comprised into the defining signal confirms that RCDD2 is effectively located in a predetermined environment).
- the value of column (b) for the mobile device MD(i) and for the special area SAi is enabled ('+') or disabled ('-') at a given time depending on whether or not the service provider receives a confirmation of new checking data from this mobile device confirming that all the checking data corresponding with the special area has been successfully stored into this mobile device (based on the same principle, it would also be possible to add another column in the parameters database to monitor the reception of confirmations of deactivation of checking data and another one to monitor the reception of confirmations of modification of checking data for a given special area).
- the value of column (b) for MD(i) is enabled (+) for the special area SA ⁇
- the value of column (b) for the mobile device MD(i) and for the special area SA1 contains a set of values enabled ('+') or disabled ('-'), one for each checking data.
- the column (g) corresponding to the operating parameter "Mobile Device Control Flag" is enabled ('+') or disabled ('-') at a given time for the mobile device MD(i) and for the special area SAi depending on the information comprised into the updating signals received about the presence of the mobile device into the special area SA .
- the mobile device MD(i) is supposed to be in SA1 as the operating parameter "Mobile Device Control Flag" (g) is enabled ('+').
- the column (h) corresponds to the result of the validation by the security & OTP module of the service provider 1 of the at least one OTP that was comprised in the presence updating signal.
- the validation has been positive (meaning that the received at least one OTP has been equal tothe at least one calculated by the security and OTP module) and the "OTP validation result" is enabled(V).
- the 'Service identifier' parameter is then set at ⁇ ' and in the column (I), the 'Service Flag' of said service ⁇ ' is enabled ('+').
- the 'Service identifier' parameter is set at 'ZZZ' and in the column (n), the 'Service Flag' of said service 'ZZZ' is disabled ('-') because service ZZZ is disabled at that time for the mobile device MD(i) and the special area SA1 .
- the set of columns (a), (b) and (g) to (n) provides the same kind of information for the special area SA 5 .
- the set of special area rules and checking data of mobile device MS(i) (column a) refers to radio communication defining device RCDD4 with the checking data 656, FtCDD5with the checking data 658 and RCDD6 with the checking data 660 for the special area SA 5 .
- the value of column (b) for MS(i) is disabled (-)
- the operating parameter "Mobile Station Control Flag" (column g) is disabled ('-')
- the operating parameter "OTP validation result" (column h) is disabled ('-').
- Service 'PPP' (column i) is enabled ('+' in column j)
- service 'QQQ' (column k) is enabled ('+' in column I)
- service 'RRR' (column m) is enabled ('+' in column n).
- the service PPP and the services QQQ and RRR are associated to mobile station MS(i) when it is in the special area SA 5 .
- the one or more memories and the one or more processing devices reside in one or more servers of one or more providers of presence related services.
- Figure 1 1 illustrates part of an implementationassociated withenabling or disabling by use of the one or more processing devices a presence related service based upon the mobile device ' s presence or non-presence in at least one special area.
- This implementation is associated with the use of a mobile device and at least one radio communication defining device that transmits a distinctive defining signal that at least partly defines a special area by its coverage, the distinctive defining signal including data.
- Figure 1 1 shows in step (1 ) the process of receiving and processing one or more defining signals from radio communication defining devices in the mobile device to determine in step (2), based on a previously obtained at least portion of the data, whether the one or more defining signals are one or more distinctive defining signals and to determine whether or not the mobile device is present in the at least one special area.
- step (3) the mobile device sends via a mobile telephone network an updating signal to one or more servers of a provider of presence related services about the mobile device ' s presence in the at least one special area, the updating signal being sent at least one of (i) periodically, (ii) at times recent to when the mobile device enters into or exists from the special area, (iii) when the mobile device remains in the special area and (iv) when the mobile device remains outside the special area.
- the mobile device also sends via a mobile telephone network to one or more servers of a provider of presence related services at least one One-Time-Password (OTP) that is univocally correlated to the updating signal.
- OTP One-Time-Password
- the mobile device sends the at least one OTP when the updating signal indicates that the mobile device is present in at least one special area and at least one OTP is calculated based on information that is included in at least one of the distinctive defining signals that define the at least one special area.
- at least one OTP is calculated using a user PIN as input data for the calculation.
- the at least one OTP is only sent, contextually to the sending of the presence updating signal, when the mobile device is present in at least one special area. In other implementations the at least one OTP is also sent when the mobile device is not present into any special area.
- FIG. 1 illustrates a set of mobile device applications (MDA) where:
- MDA1 relates to service provider 1 that is a smartphones vendor.
- - MDA2 relates to service provider 2 that is a provider of smart cities presence services.
- MDA3 relates to service provider 3, that is a provider of Internet of Things presence services; this service provider enable presence services for service providers type 3. a (car vendors), service providers type 3.b (merchants), service providers type 3.c (banks), service providers type 3.d (transportation entities), etc.
- MDA4 relates to a service provider 4, that is a contents provider.
- MDA5 relates to a service provider 5, that is a telecom operator.
- Figure 1 1 illustrates that SA ; SA 2 and SA 3 have been personalized in MDA1 ; SA 4 and SA 5 have been personalized in MDA2; SA 6 to SA 2 o have been personalized in MDA3; SA 2 i and SA22 have been personalized in MDA4; and SA23 and SA 24 have been personalized in MDA5.
- Figure 1 1 also illustrates several examplesrelated to information that may be sent either comprised in the presence updating signal or related to it (for simplicity the hash values have not been illustrated in the following examples. Previous examples have described how the hash values may be comprised into the updating signal.
- MDA1 determines that the mobile device is present inSA ⁇ nd sends a presence updating signal to the presence system of the service provider 1 .
- the updating signal SA-i is sent when the mobile device is present in SAi (e.g.
- the updating signal when enters into SA-i) and an OTP result comprised in the updating signal is calculated based on the user inputting the PIN via the mobile device keyboard and also based on information that is included in at least one of the distinctive defining signals that define SAi.
- the updating signal also comprises a reference to the checking data that has been used as input data to calculate the OTP result, such that one or more processing devices in the service provider 1 system will be able to make the relative OTP calculation and to proceed with the validation of the OTP received.
- the OTP comprised into the updating signal SA-i is calculated using the checking data of RCDDx and RCDDy, which at least partly defines SAi , and the PIN.
- MDA1 determines that the mobile device is present inSA 3 and sends a presence updating signal to the presence system of the service provider I .
- the updating signal SA 3 comprises a first OTP that is calculated based on information that is included in at least one of the distinctive defining signals that define SA 3 (in this example the updating signal also comprises a reference to the checking data that has been used as input data to calculate the OTP result); and a second OTP that is calculated based on the user inputting the PIN via the mobile device keyboard.
- the updating signal SA 3 is sent with a delay from the instant when the presence of the mobile device into SA 3 was determined. This delay may be due to lack of data connectivity when an attempt for sending it was made, or because the mobile device application is programed to send the updating signalsometime after it was prepared for sending.
- theupdating signal SA 3 comprises a first OTP(CD SA3 ), associated to the mobile device having been into SA 3 (defined byCDsA3) at the time of presence determination, and a second OTP(PIN), calculated at the time when theupdating signal SA 3 is really going to be sent after the user inserts the PIN.
- MDA2 determines that the mobile device is present inSA 5 and sends a presence updating signal to the presence system of the service provider 2.
- the updating signal SA 5 comprises an OTP, the reference to the checking data used for the calculation and a request to access to a service (together with the service related information).
- MDA3 determines that the mobile device is present inSAio and sends a presence updating signal to the presence system of the service provider 3.
- the updating signal SA 0 comprises an OTP, the reference to the checking data used for the calculation and a request to access to a multimedia content.
- MDA3 determines that the mobile device is present inSA and sends a presence updating signal to the presence system of the service provider 3.
- the updating signal SA 4 comprises an OTP and the reliable information received from one or more radio communication defining devices (which are endowed with special area location monitoring means of those referred to in connection with Figure 3) that at least partly defineSA .
- the reliable information is sent together with the associated checking data, such that one or more processing devices of service provider 3 will be able to identify the related RCDDs and its associated data and parameters.
- MDA3 determines that the mobile device is present in two special areas, SA19 andSA 2 o, and sends a presence updating signal to the presence system of the service provider 3.
- the updating signal SA 9 andSA 2 o comprises an OTP S AI 9 (and the reference to the checking data used for the calculation) and an OTP S A2o (and the reference to the checking data used for the calculation).
- MDA4 determines that the mobile device is present in special area SA22 and sends a presence updating signal to the presence system of the service provider 4.
- the updating signal SA22 comprises an OTPSA22 (and the reference to the checking data used for the calculation) and credential data calculated at the security & OTP module of service provider 4 and sent to the mobile device application as explained in step (14) of Figure 8. Verification of credential data is necessary to give access to a presence service related to the special area.
- credentials data is sent when SA22 personalization is made; and one of them is sent comprised in apresence updating signal as an additional presence signalauthentication token.
- Credentials may be renewed in the mobile device application database in the context of updating signals such as those referred to in (3) and (6) of Figure 9.
- the credentials are unstructured data and have been securely obfuscated via a PIN related calculation, before being sent for storage into the mobile device application database. So in this scenario a correct PIN entry into the mobile device would be necessary to send a properly non-obfuscated credential comprised into a presence updating signal.
- the credentials are payment credentials and at least one of them must be verified by, for example, a bank (an entity type 3.c in the context of Figure 1 1 ) as a precondition for the presence related service to be provided. So advantageously said presence service is only provided after an associated on-line payment has been made.
- the presence related service isthe on-line payment itself
- payment acceptance could depend on being present in the special area and also on the successful validation of the OTP.
- the above referred credential (unstructured data) is used to calculate an OTP(credential) result, that is sent comprised in a presence updating signal, the credential being de-obfuscated (by using the PIN entered by the user) before being used for the OTP calculation.
- the credentials are first parts of payment credentials, and a second part of one of those is calculated as an OTP value as a result of the user inserting a PIN (that may be different from the PIN related to presence services provision), and the two parts must be verified by, for example, a financial institution (such as, for example, an entity type 3.c in the context of Figure 1 1 ) as a precondition for the presence related service to be provided.
- a financial institution such as, for example, an entity type 3.c in the context of Figure 1 1
- the presence service may also only be provided after an associated on-line payment has been made.
- Presence related services associated to radio communication defining devices and defined special areas is unlimited, considered the huge potential of the coming Internet of Things ecosystem. Examples may cover a variety of user and service provider's related environments.
- Home presence related services may, for example, refer to new facilities a user may have at home to control how the devices operate and interact with the user, based on mobile-centric presence determination. Periodical data measures required by certain home devices (e.g. gas counter) may be automated based on presence determination. Home systems (e.g. video surveillance or pay per view systems) could also be programmed to operate differently depending on whether any family member is or not at home.
- Presence services in a merchant environment may be used to provide the user with a contextual and personalized procurement and products/services renewal experience, thus benefiting adopting merchants in terms of increasing sales and customer loyalty. Improved checking processes and contextual tracking information may also be offered to users based on presence determination.
- Zone pricing services and mobile bandwidth personalization may also be offered to end users. So IT resources and mobile pricing can be adapted to customer preferences and needs in selected environments.
- the user may also be interested to share certain personal mobile presence information with other users or self-configure via internet a set of personal zones (office, home, gym, car, etc.) for presence determination services.
- a user can benefit from ambient assisted living programs for dependent people and/or automatic stock renewal of food or medicines based on presence determination.
- Information from urban or rural radio communication devices may also be managed to provide a wide variety of rural or city-zone presence services, in areas such as wireless sensor network or smart cities.
- service providers should consider mobile-centric presence determination, based on mobile device applications personalization, and presence services enablement via the mobile device, as an essential piece of their Internet of Thing strategy.
- using methods and technologies that do not require using a third party owned secure element to enable or disable the referred presence related services gives to service providers the right agility and control of their loT business..
- the carrier may comprise a storage medium, such as a ROM, for example a CD ROM or a semiconductor ROM, or a magnetic recording medium, for example a floppy disc or hard disk.
- the carrier may be a transmissible carrier such as an electrical or optical signal which may be conveyed via electrical or optical cable or by radio or other means.
- the carrier may be constituted by such cable or other device or means.
- the carrier may be an integrated circuit in which the program is embedded, the integrated circuit being adapted for performing, or for use in the performance of, the relevant processes.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Telephonic Communication Services (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
Methods and apparatus for monitoring the presence of a mobile device in at least one special area, wherein a radio communication defining device transmits a radio distinctive defining signal that defines the special area by its coverage. 5 The mobile device processes signals received to determine whether or not the signals are a distinctive defining signal that at least partially defines the special area. Upon a determination that the mobile device is in a special area the mobile device sends an updating signal to a special operating means of a provider of presence related services via a mobile telephone network, the 10 special operating means adapts the value of one or more operating parameter in response to receiving the updating signal. The mobile device also generates a One-Time-Password (OTP) calculated based on information in the distinctive defining signal and sends the OTP to a server of the provider of presence related services.
Description
METHODS AND SYSTEMS TO ENABLE PRESENCE RELATED SERVICES
TECHNICAL FIELD [0001 ] The invention relates to methods and apparatusto enable presence related services.
BACKGROUND [0002] Microprocessor smart cards have been commonly used to protect keys and secret data of given applications from service providers. Being considered as a "anti-tamper" device, the smart cards have been used to protect payment applications from banks, ticketing applications from transportation authorities or personal data for access control purposes.
[0003] Nevertheless, the history of the microprocessor smart cards also teach about the difficulties of service providers and secure element owners to reach agreements to exploit a service in cooperation. In particular, and in spite of the huge potential of the secure elements in terms of secure storage capabilities, business model barriersand technical complexity have limited their possibilities to exploit in areas such as mobile contactless payments or mobile ticketing.
[0004] In the coming Internet of Things (loT) ecosystem a multiplicity of service providers will deploy new services related to the billions or even trillions of devices that belongs to end users, enterprises, service providers or to other entities. In such a context it is essential to set the grounds to avoid the success of certainloT applications (e.g. those managing very sensitive assets and/or handlingcritical authentication processes to access to services providers services)into mobile devices depending on the above referred agreements between the service providers and the secure elements owners.
[0005] In such a context it would be desirable to develop mobile device applications that would be tamper-resistant even if not partly stored in a tamper-
resistant device such as a SIM card or a micro-SD card (owned by a party that is typically different than the service provider).
[0006] Most of the applications (related to messaging, productivity, entertainment, music, health, social networks, news, sports, etc.) that a user may download from an application market (such an iTunes, Google Play or Blackberry World) cannot claim to be tamper-resistant, but it is maybe due to the fact that the assets they protect are considered as not being "so critical". [0007] It is nevertheless well understood that mobile payment applications or other type of applications giving access to services from services providers need to be tamper-resistant protected. In particular, in the context of this invention, it is considered that a mobile device application providing access to presence related services need to be anti-tamper, and this invention provides methods to achieve that target even if not using, for example, a microprocessor smart card to either perform part of the mobile device application processing or to store sensitive data of the service providers' mobile device applications.
SUMMARY OF THE DISCLOSURE
[0008] What is disclosed herein are new methods and apparatus for secure authentication of mobile device applications in an loT ecosystem. The methods and apparatus relate to the enabling and/or disabling of presence related services which is further discussed in U.S. Patent No. 8,738,040, issued on May 27, 2014, entitled, "Method and system for monitoring a mobile station presence in a special area", which is incorporated by reference herein in its entirety.
[0009] According to some implementations a mobile deviceapplication in a mobile device is personalized such that the mobile device is able to self- determine its presence status in at least one special areaassociated to the mobile device, each special area being defined by the combination of distinctive wireless signals from one or more radio communication devices; and the mobile devicesends an updating signal about its presence in one or more special areas
to the mobile telephone network, the signal being routed to special operating means of a service provider entity, that enable or disable presence related services depending on whether the updating signal indicates that the mobile device is present or not into one or more special areas. Presence updating signalsmay be used to enable or disable presence related services, and in certain contexts it is desirable to provide mechanisms to securely authenticate at least part of the presence updating signals.
[0010] According to some implementations client-server-based one-time- usecalculations are used to securely authenticate presence updating signals. According to some implementations the one-time-use calculations depend on input data associated to radio communication devices, but only those radio communication devices associated to special areas personalized into the mobile device application may produce a successful authentication in the referred special operating means of the service provider. So on top of having the right mobile device and mobile device application personalization, the user must be in the right environment for an updating signal being accepted as authentic by the special operating means. [001 1 ] According to some implementations a Personal Identification Number (PIN) is required as input for the referred one-time-use calculations, thus in such implementations the authentication methods are defined such that it is necessary that the user will enter a personal secret code as a precondition for an updating signal being later securely authenticated.
[0012] According to some implementations pre-calculated tokens and/or hardcoded keys/parameters are used to make the one-time-use calculations that securely authenticate presence updating signals. [0013] It must be consideredthat in some circumstances, or in the context of certain services, a fully automatic methodfor securely enabling/disabling presence related services by sending a presence updating signal and a onetime-use related calculation is desired; while in others it may be required that
the user will insert a PIN to make presence related services being enabled or disabled by the special operating means of the service provider.
[0014] According to some implementations, the fully automatic methods may be used to make one-time-use calculations associated to N updating signals sent from the mobile device about its presence in one or more special areas, but a PIN may be required as an input for a one-time-use calculation correlated to sending the N+1 updating signal about the mobile device presence in the one or more special areas. In this way, two-factor authentication may be used in correlation with at least part of the updating signals sent, so the user identity is verified on a periodic basis.
[0015] According to some implementationsservice providers are provided with amethod to securely enable (or disable) presence related services by using amobile device application, where said method can be mostly performed at the domain of the services providers, without restrictions from third party owners of secure elements.
[0016] According to some implementations this is achieved by providing a method associated with one or more providers of presence related services in connection with the use of a mobile device and at least a first radio communication defining device that transmits a first distinctive defining signal and a second radio communication defining device that transmits a second distinctive defining signal, the first distinctive defining signal at least partly defines a first special area by its coverage, the second distinctive defining signal at least partly defining a second special area by its coverage. The method may include (i) electronically storing in one or more memories data capable of linking the mobile device to the first and second special areas, the data including a first checking data of the first radio communication defining device, a second checking data of the second radio communication defining device, and a first identifier related to the mobile device, (ii)transmitting via a mobile telephone network to the mobile device at least a portion of the first checking data, and transmitting via the mobile telephone network to the mobile device at least a
portion of the second checking data, (iii)receiving from the mobile device via the mobile telephone network a first updating signal uncorrelated to any mobile device phone call establishment that identifies the mobile device's presence in at least the first special area, and receiving from the mobile device via the mobile telephone network a second updating signal uncorrelated to any mobile device phone call establishment that identifies the mobile device's presence in at least the second special area, the first updating signal including a second identifier related to the mobile device, the second updating signal including a third identifier related to the mobile device, (iv) deriving from the first updating signal by one or more processing devices having access to at least a portion of the data whether or not the mobile device is present in the first special area, and deriving from the second updating signal by the one or more processing devices whether or not the mobile device is present in the second special area; and (v) enabling or disabling by use of the one or more processing devices a presence related service based upon the mobile device's presence or non- presence in the first special area, and enabling or disabling by use of the one or more processing devices a presence related service based upon the mobile device's presence or non-presence in the second special area,wherein, when the first updating signal indicates that the mobile device is present in the first special area, enabling the presence related service associated to the mobile device's presence in the first special area also dependson a successful validation by use of the one or more processing devices of at least one One- Time-Password (OTP), the at least one OTP being sent from the mobile device and beingunivocally correlated to the first updating signal, whereat least one OTP is calculated based on information that is included in at least one of the distinctive defining signals that define the first special area, and, when the second updating signal indicates that the mobile device is present in the second special area,enabling the presence related service associated to the mobile device's presence in the second special area also depends on a successful validation by use of the one or more processing devices of at least one One- Time-Password (OTP), the at least one OTP being sent from the mobile device and being is univocally correlated to the second updating signal.
[0017] Advantageously, access to presence driven services relates to presence
of the mobile device into one or more special areas but, on top of that, additional OTP-based authentication may be performed by the one or more processing devices. Furthermore, at least one of the OTP calculations is performed when the mobile device is present into the first special area, based on information that is included in at least oneof the distinctive defining signals that define the first special area.
[0018] It must be noted that if the mobile device determines that it is not presentin a given special area, thendistinctive defining signals related to that special area are probably not being received by the mobile device at that time. It means that an OTP calculation correlated to an updating signal about the mobile device not being present into the special area should not be based on distinctive defining signals for that special area (that probably are not being received at that time), but on other input data. According to some implementations methods for calculating OTP results in said non-presence scenario, such that adequate authentication techniques may be in place also in that context, are also provided.
[0019] If the information received by the mobile device from the radio communication defining devices makes the mobile device determining that it is present into the first special area, then at least a portion of the checking data received into the distinctive defining signalsthat define the first special area will produce a successful OTP validation by the one or more processing devices, when used as input data to calculate said OTP.
[0020] This approach can provide a fully automatic OTP calculation, associated to the first updating signal, empowered by information related to the context of the mobile device being into the first special area. More than one OTP may be sent univocally associated to the first updating signal, and said other OTPs may also be calculated using data from the context of the mobile device being into the first special area as input data and/or a user's Personal Identification Number (PIN).
[0021 ] According to some implementations at least one of the OTPs that
aresent from the mobile device and that are univocally correlated to an updating signal is calculated by the mobile device by using a user's Personal Identification Number (PIN) as input data for the calculation. [0022] According to some implementations at least one of the OTPs that are sent from the mobile device and that are univocally correlated to an updating signal is calculated by the mobile device based on information that is included in at least one of the distinctive defining signals that define the special area and also using a user's Personal Identification Number (PIN) as input data for the OTP calculation.
[0023] According to some implementations pre-calculated tokens and/or hardcoded keys/parameters may also be used as input data in any of the above referred OTP calculations.
[0024] According to some implementations, as a result of the mobile device being in at least one special area, the user is prompted to enter a PIN as an input for the OTP calculation. In other implementations the user is prompted to enter the PIN before the presence updating signal is sent to the service provider, via the mobile telephone network.
[0025] Also, in connection to the second updating signal, each OTP may be calculated by the mobile device based on information that is included in at least one of the distinctive defining signals that define the second special area and/or using a user's Personal Identification Number (PIN) as input data for the OTP calculation and/or using hardcoded keys/parameters as input data for the OTP calculation and/or using pre-calculated tokens as input data for the OTP calculation. [0026] Different alternatives are possible in connection to the calculation of the OTPs, and in relation to perform the above referred univocal correlation between an updating signal and an OTP. Some of these alternatives are explained in detail below.
[0027] According to some implementations an OTP is calculated when the mobile device enters into or exists out of a special area, and the OTP is sent comprised into thepresence updating signal. In other implementationsthe OTP and the updating signal are sent in the context of the same https session, so they can be easily correlated.
[0028] According to some implementations the at least one OTP and the presence updating signal are sent via different channels (e.g. one is sent via an https data connection and the other one is sent via SMS) but both are transmitted with a common identifier, that can be used by the one or more processing devices to later match them.
[0029] According to some implementationsa first OTP is calculated when the mobile device enters into one special area, but the updating signal will be sent later. According to some implementations the updating signal will comprise the referred first OTP (e.g. calculated based on information that is included in at least one of the distinctive defining signals that define the special area) and a second OTP (calculated at the time of sending the presence updating signal, for example, after the user inserts a PIN that is used as an input to calculate the second OTP). So in this example the one or more processing devices will be able to authenticate both the context of the presence determination into the special area (validating the first OTP) and the content of the presence updating defined by the user inserting a PIN (validating the second OTP). [0030] According to some implementations a first OTP is calculated when the mobile device remains in a first special area, said first OTP being calculated based on checking data that is included in a received first distinctive defining signal that partly defines a first special area; the first OTP is sent comprised in a first updating signal; and a second OTP is calculated when the mobile device entersinto a second special area, the second OTP calculation requiring the user to insert a PIN; the second OTP is sent comprised into a second updating signal.
[0031 ] According to some implementations, if the communication channel to
send the presence updating signal is not available for the mobile device, the OTP is not calculated.
[0032] According to some implementations, the data stored in the one or more memories also includes the keys and parameters necessary to validate by the one or more processing devices the at least one OTP associated to a presence updating signal; and keys and parameters necessary for OTP calculations by the mobile device are transmitted via a mobile telephone network to the mobile device.
[0033] According to some implementationsat least one OTP calculation is triggered by the mobile device being in the first special area, and at least part of the first checking data is inputted to the calculation from the storage/memory of the mobile device. According to some implementations at least one OTP calculation is triggered by the mobile device being in the first special area, and at least part of the checking data that at least partly defines the first special area is inputted to the calculation from the storage/memory of the mobile device (so in this implementation the OTP may be calculated based on information (e.g. checking data) included in the first distinctive defining signal and/or based on information (e.g. checking data that also at least partially defines the first special area) included in other distinctive defining signals that may also partly define the first special area.According to some implementations at least part of the first checking datais inputted inat least one OTP calculation after being received(and perhaps decoded) from at least one of the distinctive defining signals that at least partially define the first special area (in these implementations at least part of other checking data that also partly define the first special area may also be inputted into the at least one OTP calculation from the storage/memory of the mobile device). [0034] According to some implementations the user is prompted to enter a PIN when the mobile device enters into/remains into/leaves out of an special area (such that a first OTP calculation is made), and to enter the PIN again before the presence updating signal is sent to the service provider system (and a second OTP calculation is made), the presence updating signal comprising the
first and the second OTP results. So in this last example the one or more processing devices will be able to authenticate both the context of the presence determination and the context where the presence updating signal is sent. This may be of interest, for example, when the presence determination information is not sent at the time of determination, but with a delay. So the second OTP ensures that the updating signal sending has also been validated by the user after, for example, inserting a secret code.
[0035] According to some implementations part of the information that is included in at least one of the distinctive defining signals that define the special area is used as challenge for an OTP calculation, and the PIN inserted by the user is used as part of the OTP key.
[0036] According to some implementations, to make a first special area and/or second special area of one or more providers of presence related services becoming at least partly registered for a mobile device requires the user inserting an activation code into the mobile device and a successful validation of said activation code by the one or more processing devices. [0037] According to some implementations there is a first set of checking data related to one or more radio communication defining devices, the first set ofchecking data defining (together with special area rules)one of more special areas related, for example, to home presence services; and a second set of checking data related to one or more other radio communication defining devices, the second set ofchecking data defining (together with special area rules) other one or more special areas related, for example, to smart city presence services. When the user inserts an activation code related to said home presence services special areas into the mobile device there is a secure registration process initiated from the mobile device, and if the activation code is successfully validated by the one or more processing devices then said one or more special areas for home presence services become preregistered for the mobile device. An equivalent process would be carried out in connection to the smart city activation code, such that if the activation code is successfully validated then the one or more special areas for smart city presence
servicesbecome preregistered for the mobile device.
[0038] According to some implementations, to make a first special area and/or second special area of one or more providers of presence related services becoming at least partly registered into a mobile device requires the user inserting an activation code into the mobile device and a successful validation of said activation code by the one or more processing devices, and also requires the user to select or insert a Personal Identification Number (PIN) in the context of said registration process. So advantageously the PIN is securely stored in one or more memories of the service provider and the user can later use the PIN as an input for OTP calculations.
[0039] According to some implementationsthe data stored in the one or more memories related to the first special area is stored in a first memory or set of memories of a first provider of presence related services and the data stored in the one or more memories related to the second special area is stored in a second memory or set of memories of a second provider of presence related services. [0040] According to some implementations the mobile telephone network transmits to the mobile device the at least portion of the first checking data and the at least portion of the second checking data at different times. In one example a first special area is defined by a service provider and the related checking data are transmitted to the mobile device; a second special area is defined later by the same service provider, and the checking data are afterwards transmitted to the same mobile device. In other examples several special areas are defined by different service providers, and the at least portion of the checking data related to the special areas of each service provider is transmitted to the mobile device independently of the transmission of the at least portion of the checking data related to the special areas of the other service providers.
[0041 ] According to some implementations the one or more processing devices has access to at least a portion of thedata (such as, for example an identifier
related to the mobile device) and updates at least one first operating parameter in a database of the one or more providers of presence related services depending on the presence of the mobile device in the first special area and/or second special area.
[0042] According to some implementations the one or more processing devices has access to at least a portion of thedata (such as, for example an identifier related to the mobile device and the checking data) and updates at least one second operating parameter in a database of the one or more providers of presence related servicesdepending on the result of the validation ofthe at least one OTP that is univocally correlated to the updating signal about the presence of the mobile device in the first special area and/or second special area.
[0043] As such, according to some implementationsthe updating of the at least two operating parameters depends on the result of a multi-level authentication, where the first level relates to the mobile device presence status in the special area, as provided by the updating signal, and the other levels relates to the validation result of the at least one OTP that is correlated to said presence updating signal.
[0044] According to some implementations the first operating parameter is a tariff flag or a service flag that enables or disables a special tariff or a service for the mobile device. [0045] According to some implementations the one or more processing devices include a first processing device associated with a first provider of presence related services and a second processing device associated with a second provider of presence related services. [0046] According to some implementationsthe first processing device has access to at least a portion of thedata (such as, for example an identifier related to the mobile device) and updates at least one first operating parameter in a database of the first provider of presence related services depending on the presence of the mobile device in the first special area, and the second
processing device has access to at least a portion of the data (such as, for example an identifier related to the mobile device) and updates at least one first operating parameter in a database of the second provider of presence related services depending on the presence of the mobile device in the second special area.
[0047] According to some implementations the first processing device has access to at least a portion of thedata (such as, for example an identifier related to the mobile device and the first checking data) and updates at least one second operating parameter in a database of the first provider of presence related services depending on the result of the validation of the at least one OTP that is univocally correlated to the updating signal about the presence of the mobile device in the first special area, and the second processing device has access to at least a portion of thedata (such as, for example an identifier related to the mobile device and the second checking data) and updates at least one second operating parameter in a database of the second provider of presence related services depending on the result of the validation of the at least one OTP that is univocally correlated to the updating signal about the presence of the mobile device in the second special area
[0048] According to some implementations the updating of the at least one first operating parameter in a database of the first service provider depends on the presence of the mobile device in the first special area; and the updating of the at least one second operating parameter in a database of the first provider of presence related servicesdepends on the result of the validation of a first OTP that has been calculated based on information that is included in at least one of the distinctive defining signals that define the first special area and on the result of the validation of a second OTP that has been calculated based on a PIN inserted by the user in the mobile device, both OTPs are univocally correlated to the first updating signal.
[0049] According to some implementations the first operating parameter is a tariff flag or a service flag that enables or disables a special tariff or a service for the mobile device.
[0050] According to some implementations the first, second and third identifiers related to the mobile device are the same. [0051 ] According to some implementations the enabling or disabling of the first and/or second presence related service includes transmitting via the mobile telephone network a signal to the mobile device that is capable of being used to enable or disable one or more related functions in the mobile device. According to some implementations the signal enables, when the mobile device is present, for example, in a home special area, software in the mobile device that records statistic data about mobile device usage in said home special area (e.g. type of applications used, used connections, periods of activity, etc.). The same applies to other types of special areas, such as, for example, mobile device usage in acompany special area.
[0052] According to some implementations the signal enables a mobile device payment capability when the mobile device is in a special area defined by, for example, certain NFC Point of Sale terminals at merchant locations; or into a special area defined by certain Bluetooth Low Energy devices. In another example the signal enables a mobile device ticketing capability (e.g. a mobile boarding card) when the mobile device is into a special area defined by certainBLEboarding-area-devices in an airport.
[0053] According to some implementations the one or more memories and the one or more processing devices reside in one or more servers of the one or more providers of presence related services.
[0054] According to some implementations the storing of the first and second checking data in the one or more memories comprises electronically receiving from the mobile device the first and second checking data.
[0055] According to some implementations the mobile telephone network is cellular.
[0056] According to some implementations at least one of the first and second updating signals comprises the result of a previous determination performed by the mobile device about the mobile device's presence in the first and second special areas, respectively.
[0057] According to some implementations data about wireless home appliances (e.g. maintenance information) is recorded at the mobile device, when the mobile device enters into the special area defined foreach oneof the appliances (e.g. a wireless TV, a wireless washing machine and a wireless iron). In this example, data about each electronic appliance is recorded at the mobile device, together with an OTP calculated using the corresponding home appliance checking data, but the mobile device only sends the information when a threshold in the amount of information to be sent has been exceeded or on a periodic basis (e.g. periods of 30 minutes) after entering in the first special area with data to be sent. In this case the presence status of the mobile device having entered into the different special areas, plus the associated information data, are comprised in a presence updating signal; the OTPs related to the presence of the mobile device into the special areas are also comprised into the updating signal. According to some implementations, when the conditions to send the updating signal are met, the user is prompted to insert a PIN, and a calculated OTP(PIN) is also send comprised into the updating signal.
[0058] According to some implementations at least one of the first and second updating signals is received via the mobile telephone network from the mobile device at least one of (i) periodically, (ii) at times recent to when the mobile device respectively enters into or exists from the first special area and/or second special area, (iii) when the mobile device respectively remains in the first special area and/or the second special area, and (iv) when the mobile device respectively remains outside the first special area and/or second special area.
[0059] According to some implementations at least one of the first and second updating signals comprises a request to access to a service and the one or more processing devices enable the provision of a presence related service
based upon the mobile device's presence in the first and second special area, respectively, and also depending on the result of the validation of the at least one OTP that is univocally correlated to the updating signal about the presence of the mobile device in the first special area and second special area, respectively.
[0060] According to one implementation the service is a request to repair an smart city radio communication defining device that measure the traffic flow in a given area, the radio device partly defines a special area personalized into the user's smartphone, and the service request includes the alarm related information and the radio communication device serial number. In this example an OTP is comprised into the presence updating signal, and said OTP has been calculated using part of the radio communication defining device serial number (i.e. part of the checking data in this example) as input data.
[0061 ] According to some implementations a method associated with the use of a mobile device and at least one radio communication defining device that transmits a distinctive defining signal that at least partly defines a special area by its coverage, the distinctive defining signal including data, the method including; (i) receiving and processing one or more defining signals in the mobile device to determine, based on a previously obtained at least portion of the data, whether the one or more defining signals are one or more distinctive defining signals and to determine whether or not the mobile device is present in the special area; (ii) sending from the mobile device via a mobile telephone network an updating signal to one or more servers of a provider of presence related services about the mobile device's presence in the special area, the sending of the updating signal being uncorrelated to any mobile device phone call establishment, the updating signal being sent at least one of (i) periodically, (ii) at times recent to when the mobile device enters into or exists from the special area, (iii) when the mobile device remains in the special area and (iv) when the mobile device remains outside the special area; and (iii) sending from the mobile device via a mobile telephone network to the one or more servers of the provider of presence related servicesat least one One-Time-Password (OTP) that is univocally correlated to the updating signal.
[0062] According to some implementations,when the updating signal indicates that the mobile device is present in the special area then at least one OTP is calculated based on information that is included in at least one of the distinctive defining signals that define the special area.
[0063] According to some implementations the updating signal comprises the result of a previous determination performed by the mobile device about the mobile device's presence in the special area.
[0064] According to some implementations the frequency of the updating signal is different from the frequency of the distinctive defining signal.
[0065] According to some implementations the mobile device enables or disables one or more functions related to a presence related service upon receiving enabling or disabling instructions from the provider of presence related services.
[0066] A non-transitory computer readable medium storing computer readable program code is provided for causing a processor of a mobile device to perform a method associated with the use of at least one radio communication defining device that transmits a distinctive defining signal that at least partly defines a special area by its coverage, the distinctive defining signal including data. According to some implementations the method includes: (i) receiving and processing one or more defining signals in the mobile device to determine, based on a previously obtained at least portion of the data, whether the one or more defining signals are one or more distinctive defining signals and to determine whether or not the mobile device is present in the special area; (ii) sending from the mobile device via a mobile telephone network an updating signal to one or more servers of a provider of presence related services about the mobile device's presence in the special area, the sending of the updating signal being uncorrelated to any mobile device phone call establishment, the updating signal being sent at least one of (i) periodically, (ii) at times recent to when the mobile device enters into or exists from the special area, (iii) when the
mobile device remains in the special area and (iv) when the mobile device remains outside the special area; and (iii) sending from the mobile device via a mobile telephone network to the one or more servers of a provider of presence related services at least one One-Time-Password (OTP) that is univocally correlated to the updating signal.
[0067] According to some implementations,when the updating signal indicates that the mobile device is present in the special area, the non-transitory computer readable medium storing computer readable program code further causes the processor to calculateat least one OTP based on information that is included in at least one of the distinctive defining signals that define the special area.
[0068] According to some implementations a non-transitory computer readable medium storing computer readable program code is provided that further causes the processor to send the updating signal with information related to the result of a previous determination performed by the mobile device about the mobile device's presence in the special area. [0069] According to some implementations a non-transitory computer readable medium storing computer readable program code is provided that further causes the processor to enable or disable one or more functions in the mobile device related to a presence related service upon the mobile device receiving enabling or disabling instructions from the provider of presence related services.
[0070] According to some implementations a mobile device is provided that is capable of receiving a distinctive defining signal from a radio communication defining device that at least partly defines a special area by its coverage, the distinctive defining signal including data, the mobile device comprising: (i) an electronic storage medium that stores at least a portion of the data; and (ii) a processor adapted to process one or more defining signals to determine, based on the at least portion of the data, whether the one or more defining signals are one or more distinctive defining signals and to determine whether or not the mobile device is present in the special area, the processor further adapted to
send from the mobile device via a mobile telephone network an updating signal to one or more servers of a provider of presence related services about the mobile device's presence in the special area, the sending of the updating signal being uncorrelated to any mobile device phone call establishment, the updating signal being sent at least one of (i) periodically, (ii) at times recent to when the mobile device enters into or exists from the special area, (iii) when the mobile device remains in the special area and (iv) when the mobile device remains outside the special area, the processor also adapted to send from the mobile device via a mobile telephone network to one or more servers of a provider of presence related services at least one One-Time-Password (OTP) that is univocally correlated to the updating signal.
[0071 ] According to some implementations, when the updating signal indicates that the mobile device is present in the special area, the processor is adapted to calculate at least one OTP based on information that is included in at least one of the distinctive defining signals that define the special area.
[0072] According to some implementations the processor is adapted to enable or disable one or more functions related to a presence related service upon the mobile device receiving enabling or disabling instructions from the provider of presence related services.
[0073] According to some implementations a mobile device receives first and second distinctive defining signals respectively from first and second radio communication defining devices, the first and second distinctive defining signals at least partly define first and second special areas, respectively, by their coverage, each of the first and second distinctive defining signals respectively including first and second data.Accordingly, a method is provided that includes: (i) receiving and processing one or more defining signals in the mobile device to determine, based on a previously obtained at least portion of the first data, whether the one or more defining signals are one or more first distinctive defining signals and to determine whether or not the mobile device is present in the first special area; (ii) receiving and processing one or more defining signals in the mobile device to determine, based on a previously obtained at least
portion of the second data, whether the one or more defining signals are one or more second distinctive defining signals and to determine whether or not the mobile device is present in the second special area; (iii) sending from the mobile device via a mobile telephone network, when the mobile device determination refers to the first special area, a first updating signal to one or more servers of a first provider of presence related services about the mobile device's presence in the first special area, the sending of the first updating signal being uncorrelated to any mobile device phone call establishment, the updating signal being sent at least one of periodically, at times recent to when the mobile device enters into or exists from the first special area, when the mobile device remains in the first special area and when the mobile device remains outside the first special area; (iv) sending from the mobile device via a mobile telephone network, when the mobile device determination refers to the second special area, a second updating signal to one or more servers of a second provider of presence related services about the mobile device's presence in the second special area, the sending of the updating signal being uncorrelated to any mobile device phone call establishment, the second updating signal being sent at least one of periodically, at times recent to when the mobile device enters into or exists from the second special area, when the mobile device remains in the second special area and when the mobile device remains outside the second special area; (v) sending, when the first updating signal indicates that the mobile device is present in the first special area, from the mobile device via a mobile telephone network to one or more servers of the first provider of presence related services at least one One-Time-Password (OTP) that is univocally correlated to the first updating signal, where at least one OTP is calculated based on information that is included in at least one of the distinctive defining signals that define the first special area; and (vi) sending, when the second updating signal indicates that the mobile device is present in the second special area, from the mobile device via a mobile telephone network to one or more servers of a second provider of presence related services at least one One-Time-Password (OTP) that is univocally correlated to the second updating signal.
[0074] According to some implementations the first updating signal is sent with
information related to the result of a previous determination performed by the mobile device about the mobile device's presence in the first special area.
[0075] According to some implementations the second updating signal is sent with information related to the result of a previous determination performed by the mobile deviceabout the mobile device's presence in the second special area.
[0076] According to some implementations there is a non-transitory computer readable medium storing computer readable program code for causing a processor of a mobile device to perform a method associated with the mobile device receiving first and second distinctive defining signals that at least partly define a first and second special areas, respectively, by their coverage, each of the first and second distinctive defining signal respectively including first and second data, the method comprising: (i) receiving and processing one or more defining signals in the mobile device to determine, based on a previously obtained at least portion of the first data, whether the one or more defining signals are one or more first distinctive defining signals and to determine whether or not the mobile device is present in the first special area; (ii) receiving and processing one or more defining signals in the mobile device to determine, based on a previously obtained at least portion of the second data, whether the one or more defining signals are one or more second distinctive defining signals and to determine whether or not the mobile device is present in the second special area,(iii) sending from the mobile device via a mobile telephone network, when the mobile device determination refers to the first special area, a first updating signal to one or more servers of a first provider of presence related services about the mobile device's presence in the first special area, the sending of the first updating signal being uncorrelated to any mobile device phone call establishment, the updating signal being sent at least one of periodically, at times recent to when the mobile device enters into or exists from the first special area, when the mobile device remains in the first special area and when the mobile device remains outside the first special area; (iv) sending from the mobile device via a mobile telephone network, when the mobile devicedetermination refers to the second special area, a second updating signal
to one or more servers of a second provider of presence related services about the mobile device's presence in the second special area, the sending of the updating signal being uncorrelated to any mobile device phone call establishment, the second updating signal being sent at least one of periodically, at times recent to when the mobile device enters into or exists from the second special area, when the mobile device remains in the second special area and when the mobile device remains outside the second special area;(v) sending, when the first updating signal indicates that the mobile device is present in the first special area, from the mobile device via a mobile telephone network to one or more servers of the first provider of presence related services at least one One-Time-Password (OTP) that is univocally correlated to the first updating signal, where at least one OTP is calculated based on information that is included in at least one of the distinctive defining signals that define the first special area; and(vi) sending, when the second updating signal indicates that the mobile device is present in the second special area, from the mobile device via a mobile telephone network to one or more servers of the second provider of presence related services at least one One-Time-Password (OTP) that is univocally correlated to the second updating signal. [0077] According to some implementations a non-transitory computer readable medium storing computer readable program code further causes the processor to send the first updating signal with information related to the result of a previous determination performed by the mobile device about the mobile device's presence in the first special area.
[0078] According to some implementations a non-transitory computer readable medium storing computer readable program code further causes the processor to send the second updating signal with information related to the result of a previous determination performed by the mobile device about the mobile device's presence in the second special area.
BRIEF DESCRIPTION OF THE DRAWINGS
[0079] Fig. 1 Aillustrates a mobile proxy application in the context of an
ecosystem of radio communication defining devices;
Fig. 1 .B shows different possible categories for radio communications defining devices.
[0080] Fig. 2 shows a mobile device capable of enabling presence related services in an ecosystem of radio communication defining devices;
[0081 ] Figs. 3A-3Fillustrate some possibilities to defining special areas associated to presence services provision;
[0082] Fig. 4 is a schematic diagram illustrating a system according to some implementations to enable presence related services; [0083] Fig. 5 shows some scenarios to enable services related to radio communication defining devices and it is used to analyse the benefits of utilizing mobile device centric presence determination capabilities.
[0084] Fig. 6also shows some scenarios to enable services related to radio communication defining devices and it is used to analyse how presence determination serves to provide spectral efficiency and adequate user control and privacy.
[0085] Fig. 7 is a schematic diagram that generally illustrates some functional blocks according to some implementations where mobile centric presence determination and authentication methods are used to securely enable presence related services.
[0086] Fig.8 is a schematic diagram illustrating methods and apparatusaccording to some implementations to enable presence related services by one or more service providers, where a more detailed description is provided in connection to the presence system of a service provider 1 .
[0087] Fig. 9 is a schematic diagram illustrating methods and
apparatusaccording to some implementations to enable presence related services by one or more service providers, where a detailed description is provided in connection to a first provider of presence related services (service provider 1 ) and to a second provider of presence related services (service provider 2).
[0088] Fig. 10is a schematic diagram illustrating methods and apparatusaccording to some implementations where a parameters database of one presence services provider is shown and parameters updating processes are described in the context of presence services provision.
[0089] Fig. 1 1 illustrates a set of mobile device applications related to a set of service providers where presence updating signals are sent from the mobile device to enable presence related services.
DETAILED DESCRIPTION
[0090] Figure 1 Aillustratesan exemplary ecosystem of devices with wireless communication capabilities. The wireless devices may be home appliances, smart city objects, hot spots, base stations, wireless sensors, NFC tags, contactless Point of Sale devices, contactless ATMs, PCT routers, wireless meters, merchants' short range communication devices, M2M devices, etc., as shown in the figure. Also barcodes and QR codesassociated to devices may be wirelessly read via optical means and converted to electrical signals.
[0091 ] The wireless devices are referred to herein as radio communication defining devices and the devices in Figure 1 A are merely illustrative as shall be understood that in an Internet of Things ecosystem any "thingVobjectVdevice" may become enabled with communication capabilities, so may be a radio communication defining device.
[0092] Figure I Bshows different possible categories for radio communication defining devices. While some of those devices may be interpreted as belonging to a smart home environment, some others may be associated to categories
such as smart cities, smart shops, Internet of Things in general, wireless sensors networks, active objects or other categories. These types of categories are well known and are only referenced in this description for illustration purposes.
[0093] In Figure 1 A a smartphone is shown with a proxy application that is able to receive input data from the radio communication defining devices, retransmitting it (or part of it) to a service provider. So in an example the smartphone is able to receive input signals from NFC, ZigBee, WiFi, Bluetooth, BLE, 2G/3G/4G devices or RFID tags, to process them via the proxy application, and to retransmit the information to the service provider. As will be commented later, an application operating as a mere proxy for information coming from radio communication defining devices will produce a set of problems, considering that in the future world there will be trillions of radio communication defining devices.
[0094] Figure 2 illustrates again the same ecosystem of radio communication defining devices (i.e. an ecosystem of devices with wireless communication capabilities via NFC, ZigBee, WiFi, Bluetooth, BLE, 2G/3G/4G, RFID, etc.).
[0095] In the context of Figure 2 it is considered that in the coming world an increasing number of elements of our surrounding environment will be more and more able to interact with us to participate in our day-to-day life and needs. [0096] It means that our washing machine, our TV, the wideband allocated to us, our way of working, our second home, our car, our medicines, the music we buy, the marketing we receive, the way we rent a vehicle, our social responsibility channel, etc., will relate to us differently, as far as those existing "objects" are able to go beyond their primary function, thanks to an extended set of capabilities addressed to make the objects closer to humans, able to connect with us.
[0097] A personalized and contextual value proposition may be associated to any object, such that an "Internet of Things" service is provided when certain conditions are met. [0098] Consistently with that view, according to some implementations the user is allowed to define himself (or a service provider to define for the user) the set of radio communication defining devices he would like to pair with, in order to receive presence-based services associated to any of them. [0099] When the mobile device is within the range of coverage of one or several of those selected radio communication defining devices, a presence related status is mobile-device-centric verified and sent to one or more service providers so that one or more defined presence-related services may be provided.
[0100] In particular, Figure 2 illustrates that some special areas have been personalized in the mobile device. Said personalization permits the mobile device to self-determine whether it is present or not into one or more special areas defined by the coverage or one or more radio communication defining devices.
[0101 ] When signals from the radio communication defining devices are received by the mobile device, it is able to determine whether it is present or not into one or more special areas. To make that determination the mobile device uses information that has been stored in its memory during the referred personalization process, and in particular it uses data referred to herein as "checking data".
[0102] The stored checking data are used by the mobile device to determine whether or not a defining signal received from a radio communication defining device is or not a distinctive defining signal, where a received signal being distinctive means that itat least partly defines a special area.
[0103] The mobile device is prepared to receive defining signals from radio communication defining devices, and has to determine whether a defining signal received is or not a distinctive one. In a particular example the mobile device is ready to receive NFC defining signals from contactless POSs, but only those defining signals from certain POS (e.g. those belonging to merchants associated to the service provider) are distinctive (according to the checking data personalization into the mobile device).
[0104] Figure 3 illustrates coverage areas defined by the combination of the coverage of one or more radio communication defining devices. These coverage areas may be associated to a user's mobile device and to a set of services, and are named as special areas in the context in the invention.
[0105] As already commented in connection to Figures 1 and 2, the radio communication defining devices may be any type of short range wireless communications devices such as Bluetooth, WIFI, Bluetooth Low Energy, Zig Bee or NFC devices; and also long range wireless communication devices such as Base Stations (BTS) or micro/pico/femto cells from mobile network operators.
[0106] The radio communication defining devices may be located in environments like airports, company's premises business centres, homes, train stations, the streets, areas outside a building, lights, bins, etc., and may be embedded in home appliances, vehicles, clothing, food packaging, meters, ATMs, etc.
[0107] Figure 3A shows an example of a special area defined by the sum of the coverage of three radio communication defining devices 1 (the figure illustrates three BTSs as an example). In this example the mobile device determines that it is present into the special area if it receives a distinctive defining signal from at least one of the three radio communication defining devices (the mobile device uses the appropriate checking data to perform said determination).
[0108] In particular, Figure 3A illustrates a scenario where a mobile device A
determines that it is present into the special area because it is receiving distinctive defining signals from two radio communication defining devices (mobile device A uses the stored checking data to perform said determination). Mobile device B has not been personalized for said special area, so in spite of it beingwithin the range of coverage of one of the radio communication defining devices, none of the received defining signals from said radio communication defining deviceis considered as being distinctive for mobile device B, and mobile device B is not present into the special area. [0109] Figure 3B shows an example of a special area defined by the coverage of one radio communication defining device 2a (for example a wireless enabled washing machine or a car with an embedded Bluetooth communications). In this example a mobile device determines that it is present into the special area if it receives a distinctive defining signal from the radio communication defining device (the mobile device uses the appropriate checking data to perform said determination).
[01 10] Figure 3C shows an example of a special area defined by the intersection of the coverage of two radio communication defining devices 2b and 2c. In this example the mobile device determines that it is present into the special area if it receives a distinctive defining signal from the two radio communication defining devices, each one defining the special area partly (the mobile device uses the appropriate checking data to perform said determination).
[01 1 1 ] Figure 3D shows an example of a special area defined by the sum of the coverage of N radio communication defining devices 2d-2g (the figure illustrates only four of them). In this example the mobile device determines that it is present into the special area if it receives a distinctive defining signal from at least one of the N radio communication defining devices (the mobile device uses the appropriate checking data to perform said determination).
[01 12] The N radio communication defining devices maybe, for example, all the wireless ATMs of a given bank; or all the BLE devices of a given merchant or
set of merchants; or a set of wireless enabled home appliances that belongs to the user of the mobile device.
[01 13] Figure 3D also illustrates a scenario where a mobile device A determines that it is present in the special area because it is receiving a distinctive defining signal from one radio communication defining device 2d (mobile device A uses the stored checking data to perform said determination). Mobile device B has not been personalized for said special area, so in spite it is within the range of coverage of one of the radio communication defining devices 2e, none of the received defining signals from said radio communication defining device is considered as being distinctive for mobile device B, and mobile device B is not present into the special area.
[01 14] Figure 3E shows an example of a special area defined by the coverage of one radio communication defining device 2h (for example a Pay per View wireless decoder). In this example a mobile device determines that it is present into the special area if it receives a distinctive defining signal from the radio communication defining device (the mobile device uses the appropriate checking data to perform said determination).
[01 15] Figure 3F shows an example of a special area defined by the coverage of one radio communication defining device 2i (for example an ADSL WiFi router). In this example a mobile device determines that it is present into the special area if it receives a distinctive defining signal from the radio communication defining device (the mobile device uses the appropriate checking data to perform said determination).
[01 16] In the examples of Figures 3E and 3F the distinctive defining signal may contain radio communication defining device identification data and reliable information confirming that the radio communication defining device is effectively located into a predetermined environment. The service provider advantageously avoids fraud linked to a possible shifting of the (portable) radio communication defining device. The checking data stored into the mobile device and associated to the radio communication defining device includes said radio
communication defining device identification data.
[01 17] Figure 3F also illustrates a scenario where a mobile device A determines that it is present into the special area because it is receiving a distinctive defining signal from the radio communication defining device (mobile device A uses the stored checking data to perform said determination; and it is required for the received defining signal to be considered as distinctive that the reliable information received will confirm that the radio communication defining device will indicate that it is located into a predetermined environment). Mobile device B is not within the range of coverage of the radio communication defining device, so it is not receiving the related distinctive defining signal, and it is not present into the special area.
[01 18] So a special area associated to a mobile device can be defined by one or more distinctive defining signals. Therefore the checking data may preferably contain information included in every distinctive defining signal defining completely a special area (each one defines it partially) and the mobile device tries to find any of this information in any defining signal received by use of comparison means. The mobile device may receive defining signals that do not define any special area for it. In the case where the special area is defined by two or more distinctive defining signals, this special area may be the intersection of all or part of them or the global coverage of the defining signals.
[01 19] The distinctive defining signals may be coded and the mobile device processing means include decoding means to decode the distinctive defining signals received.
[0120] A radio distinctive defining signal that at least partly defines a special area may be transmitted by a radio communication defining devices in the frequency range allocated to a mobile telephone network (in the case of certain devices, such as BTS, being part of the mobile telephone network of a given mobile telecom operator) or in a different frequency range (which would be the case for the large majority of radio communication defining devices in an loT ecosystem, transmitting information via NFC, BLE, Bluetooth, WiFi, ZigBee,
etc.).
[0121 ] According to some implementations the radio distinctive defining signal that at least party defines the special area contains radio communication device identification data and the checking data stored into the mobile device and associated to this special area includes this radio communication defining device identification data. This identification data may be a unique identifier of the radio communication defining device (e.g. a serial number for identifying a single manufactured unit; a BTS identification code; a MAC address; a UDID or new identifiers defining for Apple devices, etc.).
[0122] Processing means of the mobile device processes the defining signals received from radio communication defining devices and compare their radio communication device identification data with the checking data and determine whether one or more distinctive defining signals are received.
[0123] As an example, in Figure 3D mobile device A receives from a radio communication defining device 2d its identification data and determines, comparing those data with stored checking data, that it receiving a distinctive defining signal and that it is present into the special area.
[0124] According to some implementations only part of the radio communication defining device identification data is used for determining whether a received signal is distinctive or not and the checking data associated to the special area includes this at least part of the radio communication defining device identification data (e.g. using the generic part of the data that identify the bins in a city into the distinctive defining signal may be enough for the mobile device to determine it is present in the special area constituted by all the city bins and the mobile device may later send the related bin unique identifier data comprised into the updating signal, to request the city council service provider to empty the bin; e.g. receiving a special mobile telephone network identification code into a distinctive defining signal may be enough for the mobile device to determine it is present into a part of the mobile telephone network where the user has the right for special mobile telecommunication tariffs).
[0125] In connection to Figure 3E, the predetermined environmentmay be one or more specific geographical locations (for example several fixed points into a restaurant) or a physical environment that can be mobile (for example a car, a plane or a boat). In a particular example the predetermined environment is defined by the provider of presence related services.
[0126] According to some implementationsthe reliable information comprised into thedistinctive defining signal confirms that the radio communication defining device is effectively located in a predetermined geographical environment when it is physically connected to any one of a set of fixed network connection points 3 defined for the special area and it is also authenticated into the fixed network through any of the mentioned fixed network connection points. According to some implementations the radio communication defining device 2h also comprises means for communicatingwith the fixed network via any one of the set of fixed connection points 3.According to some implementations some parameters are stored into the radio communication defining device during its configuration stage and such parameters are used by the radio communication defining device to perform the authentication process into the fixed network.These connection points may be PSTN ('Public Switching Telephony Network') connectors for ADSL network services or electrical sockets for PLC ('Power Line Communication') home network services for example.
[0127] According to some implementations the reliable information comprised into thedistinctive defining signal confirms that the radio communication defining device is effectively located into a predetermined physical environment when:
- the radio communication defining device 2h is physically connected to a system 3 as illustrated in Figure 3E registered and authorised by the presence services provider for the purposes of the invention and
- the radio communication defining device is authenticated into the mentioned system.
[0128] According to some implementations parameters are stored in the radio communication defining device during its configuration stage and such
parameters are used by the radio communication defining device to perform the referred authentication process into the system. In an example the system may be an embedded computer in a car or a boat and the radio communication defining device is authenticated into the system.
[0129] So in Figure 3E the radio communication defining device is configured to be located either in a geographical environment, such as for example the user's home, or into a physical environment, which may be mobile, such as for example the user's car, such environments being typically defined by the presence services provider..
[0130] In connection to Figure 3F, reliable information may be comprised in the distinctive defining signal that confirms that the radio communication defining device is effectively located into a predetermined geographical environment when:
- the radio communication defining device is able to receive a RBU signal from at least one radio broadcasting unit (RBU),
- RBU identification data is comprised into the RBU signal,
- the radio communication defining device receives, through the RBU signal from the RBU, the RBU identification data that are included into a
RBU identification database of the radio communication defining device.
[0131 ] The storage of the RBU identification data into the radio communication defining device RBU identification data database may be done at the radio communication defining device configuration stage. In the example of Figure 3Fthe RBU is a base station 4and the RBU identification data is a base station identification code. The radio communication defining device is authenticated into the mobile telephone network comprising the base station and may receive the base station signal when it is located within the range of coverage of the base station.
[0132] In connection to Figures 3E and 3F, processing means comprised in the mobile device may compare any radio communication defining device identification data received with the checking data stored in its internal mobile
device database and determines that a radio defining signal received is a distinctive defining signal when:
- such radio defining signal is coded in a format predefined for a distinctive defining signal and
- the radio communicationdefining device identification data comprised into the defining signal is equal to at least one of the radio communication device identification data stored into the internal mobile device database for the special area and
- the reliable information comprised into the defining signal confirms that the radio communication device is effectively located into a predetermined environment.
Otherwise the mobile device determines that the defining signal received is not a distinctive defining signal. [0133] The examples above are described for illustration purposes to define special areas associated to mobile devices, but it shall be understood that any possible combination of radio communication defining devices to define special areas is feasible. A special area may be defined by just one radio communication defining device or by many; and defining a special area may be the result of using radio communication defining devices transmitting information via a set of communication technologies (for example a BLE iron and a ADSL WiFi router may be used to define the same special area). The special areas may be defined by the sum and/or the intersection of the coverage of a set of radio communication defining devices (e.g. an special area could be defined by the intersection of the coverage of a BTS and a WiFi router plus the sum of the coverage of all the hot spots from a given service provider in a city).
[0134] Many different special areas may be defined for a given mobile device, each one associated to the provision of one or more presence related services.
[0135] Figure 4 is a schematic diagram illustrating an exemplary mobile system wherein a mobile telephone network is used to perform certain processes.
[0136] A mobile telephone network typically includes a large number of base stations and all the data processing means required to provide the telecommunication service to each mobile device serviced by said mobile network.The mobile telephone network may be cellular or not.
[0137] In addition to the more traditional usage of GERAN and UTRAN as radio access networks for the mobile device to access (e.g. via BTSs) to the mobile telephone core network, other radio access networks e.g. as GAN (Generic Access Network) may be used to access themobile telephone core network through IP-Based access networks, using WLAN. So coming mobile networks will, more and more, use WLAN devices to deliver mobile telecommunication services. Those WLAN devices may also be used as radio communication defining devices. [0138] Figure 4 shows a system associated with one or more providers of presence related services in connection with the use of a mobile device and a set of radio communication defining devices that transmits radio distinctive defining signals where each distinctive defining signal at least partly defines a special area by its coverage.
[0139] According to some implementationsat least a first radio communication defining device transmits a first distinctive defining signal and a second radio communication defining device transmits a second distinctive defining signal, the first distinctive defining signal at least partly defines a first special area by its coverage, the second distinctive defining signal at least partly defining a second special area by its coverage.
[0140] Figure 4 illustrates an exemplary preparatory process of adding new checking data into one or more memories of two different service providers, SP1 and SP2, and later sending the checking data to the user mobile device for storage.
[0141 ] In step (1 .a) a user inputs checking data related to some owned radio communication defining devices into a web interface of SP1 , and the checking data is stored in one or more memories of SP1 ; and also inputs some other checking data related to other owned radio communication defining devices into a web interface of SP2, and the other checking data is stored into one or more memories of SP2.
[0142] Also in step (1 .a) several entities (e.g. a car manufacturer, an energy provider or a merchant) associated to a set of radio communication defining devices (e.g. wireless devices embedded into cars, PLC WiFi devices at users home location or iBeacon BLE devices at merchants locations) send checking data related to those devices to SP1 . SP1 stores the checking data in one or more memories, and other entities associated to another set of radio communication defining devices send other checking data related to those other devices toSP2, which also stores the other checking data in one or more memories.
[0143] Additionally, also in step (1 .a), SP1 stores some checking data related to some owned radio communication defining devices into one or more of its owned memories and SP2 also stores some checking data related to some owned radio communication defining devices into one or more of its owned memories.
[0144] In step (2. a) the user downloads a mobile device application to enable presence related services from the corresponding applications store to the mobile device. In a particular example the application store may be Google Play for Android devices, iTunes for Apple devices and Blackberry World for Blackberry devices. In other particular example the mobile device application is already available in the mobile device memory when the mobile device is initially delivered to the user.
[0145] In step (3. a) some special areas are defined by SP1 and some other special areas are defined by SP2. The definition of each special area relates to checking data associated to the one or more radio communication defining devices that defines it and, when a special area is defined by more than one radio communication defining device, to certain rules that also defines the special area (e.g. a special area may be defined by the sum and/or intersection of the coverage of a set of radio communication defining devices as previously discussed in conjunction with Figure 3. In the implementation of Figure 4, when process (3. a) ends the checking data related to the referred special areas and the rules that defines the special areas are stored into the one or more memories of SP1 and SP2 respectively.
[0146] In step (4. a) the stored checking data and associated special area rules are sent from SP1 to the mobile device that stores them in an internal memory of the mobile device; and the stored checking data and associated special area rules are also sent fromSP2 to the mobile device, which stores them in an internal memory of the mobile device.
[0147] According to some implementations the checking data and the associated special area rules related to special areas defined by SP1 are sent to the mobile device in the context of a registration process of the mobile device for those special areas. In the context of this registration process the checking data and the associated special area rules are linked in the one or more memories of SP1 to a first identifier related to the mobile device (e.g. the smartphone IMEI), the identifier being sent from the mobile device to the SP1 in the context of the referred registration process. In this example certain One Time Password (OTP) keys and parameters are sent from SP1 to the mobile device during the referred registration process, to be later used in the context of requesting presence related services from the mobile device to SP1 . According to some implementationsa PIN may also be selected by the user during the registration process, said PIN being later used to request certain presence related services from the mobile device; the same approach may apply in
connection to SP2 and the related special areas. Figure 8 describes this registration process in more detail.
[0148] According to some implementations the checking data,the associated special area rules and the OTP keys and parameters are stored into a memory of the mobile device that relates to a mobile device application, the mobile device application being the one determining the presence status of the mobile device into one or more special areas.
[0149] So in relation to the above example of at least a first radio communication defining device and a second radio communication defining device, whose distinctive defining signals at least partly defines a first and a second special area respectively,data capable of linking the mobile device to the first and second special areas is electronically stored in one or more memories, the data including a first checking data of the first radio communication defining device, a second checking data of the second radio communication defining device, and a first identifier related to the mobile device; and there is a transmission via a mobile telephone network to the mobile device of at least a portion of the first checking data, and a transmission via the mobile telephone network to the mobile device of at least a portion of the second checking data.
[0150] Once the mobile device has been personalized for special areas presence determination, it is capable to monitor the presence of the mobile device in one or more special areasassociated to the mobile device. With reference to Figure 4, according to some implementations the following steps are involved.
[0151 ] In step (1 .b) at least one radio communication defining device transmits repeatedly in at least a channel one radio distinctive defining signal that at least partly defines one of the special areas by its coverage.
[0152] In step (2.b) the mobile device observes the channel and processes any
signal received in order to determine whether or not it is receiving any defining signal;
[0153] In step (3.b) the mobile device processes any defining signal received in order to determine, using the above referred checking data and the associated special area rules, whether or not the defining signal received is a distinctive defining signal that at least partly defines one or more of the special areas, and determines whether or not it is present in one or more of the special areas;
[0154] In step (4.b) the mobile device sends an updating signal to a mobile telephone network comprising information about its presence in one or more of the special areas, where the updating signal sending is uncorrelated to any mobile device phone call establishment and comprises an identifier related to the mobile device;
[0155] In step (5.b) the mobile telephone network routes the updating signal to one or more processing devices of SP2 (in this example the updating signal refers to an special area defined by SP2) that adapt in step (6.b) the value of at least one operating parameter depending on the presence of the mobile device in each of the special areas, and depending on such a presence status and other possible defined rules and verifications a presence related service may be provided by SP2 in step (7.b).
[0156]Coming back to the above example of at least a first radio communication defining device and a second radio communication defining device, whose distinctive defining signals at least partly defines a first and a second special area respectively, the service provider (SP1 or SP2 depending on whether one or the other defined the first special area) receives (step 6.b) from the mobile device via the mobile telephone network a first updating signal uncorrelated to any mobile device phone call establishment that identifies the mobile device's presence in at least the first special area, and the service provider (SP1 or SP2 depending on whether one or the other defined the second special area) receives from the mobile device via the mobile telephone network a second
updating signal uncorrelated to any mobile device phone call establishment that identifies the mobile device's presence in at least the second special area, the first updating signal including a second identifier related to the mobile device, the second updating signal including a third identifier related to the mobile device,
[0157] This second and third referred identifiers related to the mobile device have the purpose to match each updating signal with a first mobile device identifier that is stored in the one or more memories of the corresponding service provider. According to some implementations the identifiers for a particular mobile device are the same.
[0158] In step (6.b) the service provider (SP1 or SP2) derives from the first updating signal by one or more processing devices having access to at least a portion of the data whether or not the mobile device is present in the first special area, and deriving from the second updating signal by the one or more processing devices whether or not the mobile device is present in the second special area. [0159] In step 7.b the service provider (SP1 or SP2) enables or disables by use of the one or more processing devices a presence related service based upon the mobile device's presence or non-presence in the first special area, and the service provider enables or disables by use of the one or more processing devices a presence related service based upon the mobile device's presence or non-presence in the second special area.
[0160] A presence related service may be granted depending on the presence of the mobile device in the special area, but also depending on other additional considerations from the service provider.
[0161 ] In an implementation that uses a secure element at the mobile device, to store e.g. the checking data, the presence determination information may be enough to enable the presence related services as the secure element itself has
the capability to securely store sensitive data and to establish a secure channel with the service provider system, via the mobile telephone network.
[0162] Nevertheless, if the mobile device application is to be entirely stored in the memory of the mobile device (it is the device memory where games, videos, productivity, music, health, messaging, applications from applications markets, and the like are stored), additional security measures and processes could be desirable to prevent certain type of attacks to gain unauthorized access to presence related services.
[0163] According to some implementationswhen the first updating signal indicates that the mobile device is present in the first special area, enabling the presence related service associated to the mobile device's presence in the first special area also depends on a successful validation by use of the one or more processing devices of the service provider of at least one One-Time-Password (OTP) that is sent from the mobile device and that is univocally correlated to the first updating signal, where at least one OTP is calculated based on information that is included in at least one of the distinctive defining signals that define the first special area, and enabling the presence related service associated to the mobile device's presence in the second special area also depends on successful validation by use of the one or more processing devices of the service provider of at least one One-Time-Password (OTP) that is sent from the mobile device and that is univocally correlated to the second updating signal.
[0164] So a method to further and securely authenticate the access to presence related services is provided, the method relaying on calculations that may be performed at the mobile device in the context where the presence into one or more special areas is determined at the mobile device and/or e.g. in the context where the presence updating signal is sent to network special operating means, those calculations to be authenticated by the one or more processing devices of the service provider before providing the related presence services.
[0165] Advantageously, access to presence driven services relates to presence
of the mobile device into one or more special areas but, on top of that, additional OTP-based authentication is performed by the one or more processing devices. [0166] According to some implementations at least one of the OTP calculations is performed when the mobile device is present in a first special area, based on information from the context. If the context information does not relate to the mobile device being present into the first special area, then the validation of said OTP by the one or more processing devices would not (typically) be successful.
[0167] If the information received by the mobile device from the radio communication defining devices makes the mobile device determining that the mobile device is present into the first special area, then at least a portion of the checking data received from the distinctive defining signals that define the first special area will produce a successful OTP validation by the one or more processing devices of the service provider, when used as input data to calculate said OTP. [0168] This approach sets the ground for a fully automatic OTP calculation, associated to the first updating signal, empowered by information related to the context of the mobile device being into the first special area. More than one OTP may be sent univocally associated to the first updating signal, and said other OTPs may be also calculated using data from the context of the mobile device being in the first special area as input data and/or e.g. a user's Personal Identification Number (PIN).
[0169] It shall be noted that the method could also be deployed in scenarios where a secure element into the mobile device stores part of the mobile device application sensitive data. However, it is preferred that the mobile device application is entirely stored in the referred mobile device memory, thus avoiding the aforementioned business model barriers and technical complexities for the service providers while simultaneously providing the
appropriate security.
[0170] Figure 5shows different scenarios to enable services related to radio communication defining devices.
[0171 ] In the coming future many "objects" from our surrounding environment will interact with us differently, beyond their primary functions. Determining the primary function of each one of the wireless "things" illustrated in Figures 1 A and 2 (referred to herein as radio communication defining devices - RCDDs) is simple (e.g. the primary function of a WiFi printer is to print documents) but no doubt that each one of them may have a number of new added value services.
[0172] When analyzing them in terms of the Internet of Things, it seems evident that endowing an "object" with communications may allow it to connect to the internet to deliver, for example, to a service provider information necessary to enable the referred object-related additional added value services.
[0173] Within this view, a "thing" representation into the internet is driven, at least partly, from information provided to the internet by the object itself (or by another element "on behalf" of the object). As an example, a city maintenance service can be managed more efficiently if each tree is equipped with a wireless sensor to be able to self-determine and inform to smart city services about when it requires special care, such that maintenance routes can be organized. [0174] System A in Figure 5 shows a traditional Machine-To-Machine (M2M) approach where the "things" (RCDDs) are equipped with a SIM card and a data subscription; nevertheless, from a smart sensing perspective, the loT "objects" should generally be equipped with cheap, consumption efficient, short range communications (as shown in connection to systems B and C in Figure 5).
[0175] U.S. Patent No. 8.577.392 issued to Apple Inc., refers to a set of devices (such as mobile, iPad, washing machine or a PC) that send one or several signals to a server, such signal sending requiring the user operating over at
least one of the devices (e.g. if a user uses his PC => the first signal sends the new inputted calendar arrangement). The info comprised into the first signal is a "location" info that allows the server to generate a second signal that make server prediction about where the user is going to be in the future (e.g. if the calendar arrangement indicated that the user will arrive tomorrow morning to the office, then the second signal indicates to the office thermostat that the heating shall start at 08h 00). In the '392 patent the devices all have long range communications, fixed or mobile, so in case of the devices having long range mobile communications it relates to a traditional M2M approach as the one illustrated in figure 5 (A)and the rationale included herein below would apply.
[0176] The most probable coming scenario is the one where millions of "things" will be equipped with a SIM card and long range communications, while billions/trillions of "objects" (RCDDs) will support efficient short range communications, as shown, for example in system B of Figure 5. One of the reasons supporting this rationale is that while the M2M approach causes strong dependencies of the service provider towards the mobile network operator, the referred smart sensing approach may be mobile network operator independent and cost/consumption efficient.
[0177] If the "objects" are to deliver information to the internet, they need a hub- device able to perform such task, the hub-device supporting proximity interactions with a multiplicity of "objects", and being endowed with long range communications to deliver the "objects" related information to the internet and to the service provider. The referred hub functions could be provided by dedicated devices (as illustrated for example, in system C of Figure 5), which the user would need to buy "in addition", or be provided by a user mobile device (as shown in system B of Figure 5). [0178] In a massive deployment scenario of billions of users and billions or trillions of wireless enabled things (RCDDs), the use of traditional hub-devices would be inefficient. A better approach is to use the smartphone or other portable device already in the hands of the user as a default hub.
[0179] System B of Figure 5 shows the user mobile device being used as the referred hub-device in the context of the potentially trillions of radio communication defining devices but furthermore also illustrates that in an efficient ecosystem, hub-related services shall be enabled by usingmobile centric presence determination methods.
[0180] In particular, in system B the mobile device is able to self-determine its presence status around certain personalized special areas, defined each by the coverage of one or more radio communication defining devices, such determination being used to trigger presence related services; if mobile centric presence determination methods would not be used in the referred context, a set of problems would appear, as already commented in connection to Figure 1 A and further elaborated now in connection to Figure 6. [0181 ] Figure 6 also shows different scenarios to enable services related to radio communication defining devices.
[0182] System A of Figure 6 shows a "hub" mobile device able to determine its proximity toradio communication defining devices ("objects") and, only as a result of that proximity, a connection to the internet is established to send objects related information to a service provider. Such approach would derive in systems being spectrally inefficient, chaotic and out of control, and to daily reduce the battery duration on the mobile device. [0183] In a smart city with many wireless objects (RCDDs), they may usehub services from mobile devices (e.g. smartphones, tablets, etc.), the wireless objects being endowed with at least one of BLE, NFC, Bluetooth, WiFi or ZigBee short range communications. In a "reference journey" of just one mobile device, it can move through the range of coverage of hundreds/thousands of those radio communication defining devices... every day.
[0184] If the mobile deviceis tomake an internet connection simply for being in the proximity of any of the objects, the mobile device would attempt a connection to the internet hundreds if not thousands of times per day, although
it is supposed that <1 % of those connections would relate to a service associated to a user-related "thing" (RCDD), the rest being "channel garbage".
[0185] Furthermore, hub mobile device of system A of Figure 6 would not be able to offer an appropriate solution in terms of safe guarding user privacy (as it would be transmitting RCDDs-related information without control). In a particular example a smartphone from a user would be sending to the internet information about the washing machine of his neighbor as a result of being in the proximity of that "object" (RCDD). In situations like this smartphone resources would be used without the owner's authorization to transmit information that is property of a third party. No doubt that a system based on such policies would systematically breach privacy rights of potentially billions of users, making it commercially infeasible. [0186] Wireless "things" (RCDDs) related services enabled via mobile devices cannot be massively deployed without adequate personalization and user control. System B of Figure 6 (B) provides this by using "checking data" and special areas personalization in the mobile device which is used to match user related objects with user special areas; by using the checking data and the associatedspecial areas rules, presence status of the mobile device into user personalized coverage areas is determined. So it is possible to configure the system such that mobile device connections associated to RCDDs will be associated to presence of the mobile device into special areas defined by the coverage of one or more radio communication defining devices, so control, spectral efficiency and privacy are properly guaranteed.
[0187] The approachillustrated in system B of Figure 6 (and also in Figure 2) from a high level perspective, provides a solution to enable the large majority of the new generation of loT services based on providing information from the objects (or on behalf of the objects) to the internet and to service providers.
[0189] Advantageously, system B of Figure 6 facilitates: - Usage of just-one technology for the entire ecosystem of "things" (RCDDs)
in terms of presence related services, thus avoiding market fragmentation;
- Providing the adequate privacy level, ensuring that only the user (or the ones authorized by the user) can access presence-services related to the user's things (RCDDs); - No additional hardware is required (e.g. separate dedicated hub-device), as the user's mobile device itself serves for presence determination;
- No extra data subscription is needed for any of the userrelated things (RCDDs), as the one from the user mobile device serves to enable (or disable) the provision of all presence related services.
[0190] As discussed above, client-server-based one-time-use calculations may be used to securely authenticate a presence updating signal. In some implementations the one-time-use calculations depend on input data associated to radio communication devices, but only those radio communication devices associated to special areas personalized into the mobile device application may produce a successful authentication by the service provider processing the signal. So in those scenarios, on top of having the right mobile device and mobile device application personalization, the user must be in the right environment for an updating signal being accepted as authentic by the service provider.
[0191 ] Figure 7 is a schematic diagram that generally illustrates some functional blocks according to an implementation. [0192] Figure 7 shows a legacy system 3000 of a service providerand a network presence system 5000 of the service provider.The network presence system elements may be located in one server, or spread in several servers, or computers. [0193] In step (1 ) a user 1000inputs data (checking data) related to ownedradio communication defining devicesinto the presence system of the service provider (e.g. via the web distribution channel 2000 of the service provider or via the
Mobile Network), and the data is stored in one or more memories in the presence system of the service provider (e.g. in the presence services database shown in Figure 7). Also in step (1 ), several entities (1001 .... 100N), associated to a set of radio communication defining devicessend checking data related to those radio devices to the presence systemof the service provider, that stores them in one or more memories. In the implementation of Figure 7the service provider also stores in step (1 )some checking data related to some owned wireless objects inits own one or more memories. [0194] According to some implementations the checking data contains at least part of at least one unique identifier of the corresponding radio communication defining device (e.g. at least part of the serial number of a WiFi router), or at least part of at least one identifier of a radio communication defining device category (e.g. the identifier of the wireless parking meters in an smart city); and part of the radio communication defining devices may be base stations of one or more mobile telephony networks, and other part may be wireless devices with short range communications capabilities such as Bluetooth, DECT, WIFI, Bluetooth Low Energy (BLE), Near Field Communications (NFC), Zig Bee, etc. [0195] Some of the radio communication defining devices are endowed with special area location monitoring means, as those described in connection to figures 3E and 3F, to ensure that they are located in a predetermined environment (e.g. a pay TV wireless decoder is endowed with special area location monitoring means to ensure that presence related pay TV services are not provided if the decoder is moved out of the authorized location).
[0196] Special areas may be defined by distinctive defining signals from one or more radio communication defining devices, each one at least party defining at least one special area by its coverage; if a special area relates to several radio communication defining devices it may be defined by the sum and/or the intersection of the coverage of one or more distinctive defining signals from the radio communication defining devices; and also, in some cases, a defining signal being distinctive depends on the radio communication defining device being located in the planned location, as controlled by radio communication
defining device special area location monitoring means, and reported by the radio communication defining device to the mobile device.
[0197] With continued reference to Figure 7, therules are defined at the presence system of the service provider (e.g. in the checking data andspecial areas module) and the related data for each special area is stored in one or more memories of the service provider (e.g. into the presence services database)and is sent to the mobile device to allow the mobile device to determine, together with the usage of the checking data, whether it is present or not into one or more special areas.
[0198] The user downloads in step (2) a presence-related mobile device application from the corresponding applications store (7000) to the mobile device (6000). According to such an implementation, after the user downloads the mobile device application into the mobile device, several of the special areas defined by the service provider are personalized into the mobile device application in the context of the registration process.
[0199] Within said registration process the mobile device application sends to the presence system of the service provider a first identifier (e.g. the smartphone IMEI) related to the mobile device, which is then linked to the checking data and the associated special area rules in the one or more memories of the service provider; One Time Password (OTP) keys and parameters are also defined in the presence system of the service provider (e.g. in the security& OTP module shown in Figure 7), and are also linked to the checking data, the special area rules and the first identifier related to the mobile device.
[0200] According to some implementations the user selects a PIN (e.g. by keying the PIN into the mobile device) during the registration process, and the PIN is sent to the presence system and stored in the one or more memories of the service provider. According to some implementations, as for example shown in Figure 10, the PIN is linked to the checking data, the special area
rules, the OTP keys and parameters and the first identifier related to the mobile device.
[0201 ] Finally the checking data, the associated special area rules and the OTP keys and parameters are sent to the mobile device application in step (3), and are stored into a memory of the mobile device that relates to the mobile device application, the mobile device application being the one determining the presence status of the mobile device into the one or more personalized special areas.
[0202] So data capable of linking the mobile device to at least one special area is electronically stored in one or more memories of the service provider, the data including checking data of the radio communication defining devices defining the at least one special area, and a first identifier related to the mobile device; and there is a transmission via a mobile telephone network to the mobile device of at least a portion of the checking data.
[0203] In step (4) the mobile device receives radio defining signals and/or radio distinctive defining signalsfrom radio communication defining devices (4000) and is able to determine in step (5), using the checking data, the mobile device application and the special areas presence determination rules, whether it is present or not in at least one special area.
[0204] In step (6), the mobile device sends a presence updating signal from the mobile device application to the presence system of the service provider, via the mobile telephone network, the updating signal including a second identifier related to the mobile device. The second identifier related to the mobile device has the purpose to match each updating signal with a first mobile device identifier that is stored in the one or more memories of the corresponding service provider.According to some implementations the mobile device identifiers are the same.
[0205] In a particular example the updating signal is sent to the presence system of the service provider at least one of: periodically; when the mobile device enters into, remains into, exits out or remains out of at least one special area.
[0206] In a particular implementation, the mobile device sends periodically (for example every 30 seconds) an updating signal about its presence into a special area, such updating signal comprising the result of the last determination performed by the mobile device about its presence into the special area.
[0207] An updating signal may be sent through a diversity of channels provided by the mobile telephone network (2G/3G/4G data connections, USSD, SMSs, etc.). The data comprised into the updating signal will typically be coded by the mobile device and decoded by the one or more processing devices of the service provider.
[0208] The presence system of the service provider receives the updating signal and in step (7) derives from the updating signal by one or more processing devices having access to at least a portion of the data (e.g. data stored in the presence services database) whether or not the mobile device is present in at least one special area. According to the implementation of Figure 7, the presence updating signal comprises a One-Time-Password (OTP) result.
[0209] According to some implementations, if the updating signal indicates that the mobile device is present in at least one special area, then the OTP result is calculated in the mobile devicebased on information that is included in at least one of the distinctive defining signals that define the at least one special area. In this example, if the updating signal indicates that the mobile device is not present inany special area, then the OTP result is calculated by the mobile device using as input data a predefined value for that scenario, stored (e.g. obfuscated) in the mobile device application database.
[0210] In step (8) the OTP is verified by the security & OTP module of the presence service provider system.
[021 1 ] In step (9) the presence services module enables or disables the provision of at least one presence related service depending on the presence of the mobile device in one or more special areas; and also depending on successful validation by the security & OTP module of the referred OTP.
[0212] So the presence system of the service provider enables or disables by use of the one or more processing devices at least one presence related service based upon the mobile device's presence or non-presence in one or more special areas; wherein according to some implementations,when the updating signal indicates that the mobile device is present in the at least one special area, enabling the at least one presence related service associated to the mobile device's presence in one or more special areas also depends on successful validation by use of the one or more processing devices of at least one One-Time-Password (OTP) that is sent from the mobile device and that is univocally correlated to the updating signal, where at least one of those OTPs is calculated based on information that is included in at least one of the distinctive defining signals that define the at least one special area. [0213] Millions of radio communication defining devices are currently located in a multiplicity of environments such as home location, airports, company's premises, business centres, merchants, banks, transport media; and billionsor trillions of radio communication defining devices will exist in the next coming years, related to smart cities, wireless sensor networks or the Internet of Things as a whole. According to some implementations using all of them is allowed in the context of personalized presence services provision, by utilizing mobile- centric presence determination and client-server real time calculations and authentication methods to securely enable the referred presence related services.
[0214] Figure 8shows another implementationassociated with one or more providers of presence related services in connection with the use of a mobile device and at least a radio communication defining device that transmits a distinctive defining signal, the distinctive defining signal at least partly defines
one or more special areas by its coverage. The following is described in detail in connection to the presence system of service provider 1 . Figure 8 also shows other service providers of presence related services wherein each of service provider 2 and service provider 6 owns and operates its own presence system; service provider 3 owns and operates its own presence system, but also operates at least part of the presence system of service provider 4 and service provider 5; so the presence system of service provider 4 is partly operated by service provider 3 (on behalf of service provider 4); and the presence system of service provider 5 is also partly operated by service provider 3 (on behalf of service provider 5). Therefore, in this implementation the presence system that is enabling/disabling presence related services associated to a set of users and users' mobile devices is owned and operated by a set of different service providers of presence related services (each one owning/operating a part of it) and the one or more memories and processors of the presence system are spread in several servers, or computers.
[0215] As commented above, and in connection to service provider 4 and service provider 5, at least part of the processes lying in the domain of those service providers are performed by a trusted third party, on behalf of the service provider. Advantageously, the service provider can avoid technical complexity by delegating part of the presence related processes to another entity (the service provider 3 in the example of Figure 8).
[0216] Figure 8 also illustrates, in detail, an exemplary process to securely personalize one or more special areas into a mobile device application installed in a mobile device, to enable presence services provision.
[0217] For simplicity, the process to personalize or register one or more special areas in the mobile device application is described in detail in connection to one service provider (service provider 1 ), However, an equivalent registration and updating process may be used to make the mobile device or mobile device application(s) being personalized with many different presence related special areas defined by a multiplicity of service providers.
[0218] In step (1 ) the user downloads a mobile device application from an applications store into his mobile device, and the application is then installed.
[0219] It shall be noted that in an embodiment more than one mobile device application may be downloaded an installed for presence services enablement/disablement, each application being personalized for one or more special areas defined by one or more presence service providers.
[0220] In step (2) a user inputs data (checking data) related to owned or associated radio communication defining devices into the presence system of the service provider 1 , via the web distribution channel of the service provider, and the data is stored in one or more memories of the presence system of the service provider (this storage is represented as "RCDD(CD)" in Figure 8). [0221 ] In some implementations related to the storing checking data, the mobile device application in the mobile device may obtain and store the checking data into the mobile device application database (selecting, for example, a name for the special area such as "smart TV", "plant" or "bottle of medicines")when being in the proximity of one or more radio communication defining devices, sending (e.g. after acceptance by the user or operator via the mobile device keyboard) the data to the presence system of the service provider, via the mobile telephone network, for storage into one or more memories; also, the user (or an operator) may manually input checking data into the mobile device application, to be stored in the mobile device application database and tobe sent to the service provider system for storage into one or more memories. To use any of these two lastmechanisms to store checking data it is recommended to use a secret code (as the one selected in step (1 1 ) herein below in connection to Figure 8 in the case of the user; or a service provider operator code in the case of the operator). The checking data storage referred to in this paragraph is also represented as "RCDD(CD)" in Figure 8). In these examples the mobile device application shall receive from the presence system of the service provider a confirmation that the checking data and the definition rules of the given special area have been properly stored and registered into the presence system of the service provider to then make said special area becoming activated into the
mobile device application.
[0222] Also in step (2), several entities (1001 .... 100N), associated to a set of radio communication defining devices, send checking data related to those radio devices to thepresence system of theservice provider 1 , that stores the data in one or more memories. In this implementation service provider 1 also stores in step (2) some checking data related to some owned radio communication defining devices into its own one or more memories. Again, the checking data storage referred to in this paragraph is also represented as "RCDD(CD)" in Figure 8).
[0223] According to some implementations the checking data contains at least part of at least one unique identifier of the corresponding radio communication defining device, or at least part of at least one identifier of a radio communication defining device category; and a radio communication defining device may be any wireless device with either long range or short range communications capabilities (Bluetooth, DECT, WIFI, BLE, NFC, Zig Bee, etc.), those devices being part of the Internet of Things ecosystem as a whole. Some of the radio communication defining devices may be endowed with special area location monitoring means as previously described.
[0224] In step (3) some presence special areas are defined for the user. In particular, the checking data and special areas module has defined some special areas using at least part of the checking data stored in step (2) and certain rules. The rules may be related to a special area being defined by distinctive defining signals from one or more radio communication defining devices, each one at least partly defining the special area by its coverage; if a special area relates to several radio communication defining devices it may be defined by the sum and/or the intersection of the coverage of one or more distinctive defining signals from the radio communication defining devices; and also, in some cases, a defining signal being distinctive depends on the radio communication defining device being located in the planned location, as controlled by radio communication defining device special area location
monitoring means, and reported by the radio communication defining device to the mobile device.
[0225] The data related to the definition rules foreach special area is stored in one or more memories in the presence system of the service provider. This storage is represented as "SAi, I = 1 ...n" into the database of Figure 8, representing the storage of "n" defined special areas.
[0226] According to some implementations some special areas are defined just after the checking data are stored into the one or more memories of the service provider, after being received from user input, or from the mobile device application, or from the service provider itself, or from entities 1 ... N. According to some implementations some special areas are defined during the registration process of the mobile device applicationinto one or more special areas (or into the associated presence related services).
[0227] According to some implementations the user defines the special areas related to his owned and/or controlled radio communication defining devices via a web interface of the service provider; each entity 1001 -100N defines the special areas related to its owned and/or controlledradio communication defining devices via an interface withthe presence services provider; and the service provider defines the special areas related to its owned and/or controlled radio communication defining devices. According to some implementations the service provider 3 defines special areas for users, on behalf of service provider 4 and service provider 5.
[0228] When some special areas have already being defined for a given user, the relationship between the user (that is a customer of service provider 1 ), the related radio communication defining devices checking data and the special area rules defined for each special area is stored in the presence services database. The database of service provider 1 may represent the storage and relationships as follows:
[Customer reference RCDDs(CD) SA,, i = 1 ...n].
[0229] According to some implementationsthe data is stored in a relational database. [0230] Steps (4) to (14)show the registration process of a mobile deviceapplication(in a mobile device) into a first special area (SA1 ) for presence services provision.
[0231 ] In step (4)the user starts the process of registering at least one special area into the mobile device application by sending a request for registration via the web distribution channel of service provider 1 . In some cases the request requires a prior payment to be made by the user, e.g. via the web distribution channel of service provider 1 , to have access to the presence related services associated to said at least one special area.
[0232] According to some implementations an activation code (AC) is generated for registering the mobile device application into each special area. So in step (5), and in connection to registering the mobile device application for the SA1 , theACsAiis generated by the security and OTP module, and it is stored, associated to SA1 ,into the presence services database of service provider 1 . According to some implementations a hash value of the ACSAI IS also calculated and stored; this hash value can be later used during this registration process, as detailed herein below. So, at this stage the data relationships into the presence services database of service provider 1 are the following:
ACSAI ^ hash(ACsAi)].
[0233] In step (6) the activation code (ACSA-I) for registering the mobile deviceapplication into SAi is displayed to the user via the web distribution channel of service provider 1 .
[0234] In step (7) the user inserts the activation code (ACSA-I) for SA into the mobile device application and in step (8) the mobile deviceapplication in the
mobile device sends to one or more processors of service provider 1 , e.g. via https, the hash(ACsA-i) and the Device ID (ciphered with hash(ACsA-i)- The Device ID may be a unique identifier of the mobile device, such as for example the IMEI.
[0235] In step (9) one or more processing devices of service provider 1 identifies the customer reference in connection to SA1 by using the received hash(ACsAi) value. The Device ID ciphered value is then deciphered and stored into the presence services database of service provider 1 , as shown in Figure 8. Also, a new hash(Device ID &ACSAI) value is calculated by the one or more processing devices, and stored into the database, associated to theACsAi, and to the hash(ACsA-i) values; this hash(Device ID &ACSAI) value can be used later as described herein below. So, at this stage the data relationships into the presence services database of service provider 1 are the following:
[Customer reference RCDDs(CD) SAj,i= 1 ...n (SA^
[0236] OTP keys and parameters are generated/defined in step (9) by the security and OTP module, and are stored into the presence services database of service provider 1 . The stored OTP keys and parameters are illustrated in Figure 8 as "OTP" in the database of service provider 1 . So at this stagethe data relationships into the presence services database of service provider 1 may be represented as:
[Customer reference RCDDs(CD) SAj,i= 1 ...n (SA1
ACSAI ^ hash(ACsAi) ^hash( Device ID&ACSAI)) ^ Device ID
OTP]. [0237] In step (10) the mobile device application is pre-personalized to enable presence related services for SAi. Pre-personalization refers to a step previous to special areas final personalization and in this phase certain application data and configurations are sent to the mobile device application (e.g. OTPkeys and parameters for mobile device OTP related calculations; e.g. certain images,
texts, graphics or icons related to presence services associated to SA1 ).
[0238] The OTP keys and parameters may be used to calculate OTP results that uses the PIN as input data, as well as OTP results that do not (e.g. OTP results calculated using information that is included in at least one of the distinctive defining signals that define an special area; examples will be provided herein below).
[0239] At the completion of step (10) the mobile device application in the mobile device ispre-registered for presence related services associated to SAi , but receiving checking data and SA1 presence related rules is still pendent.
[0240] In a particular example, in case that in step (9) the one or more processing devices determines that the receivedhash(ACsAi) value either does not exists in the database of the presence service provider 1 or the relatedACsAihas expired (e.g. because the pre-registration process did not finalize within a designated time period after the ACSAI was generated and stored into the database of presence related services), then the pre-registration process fails and the user may start it again from step (4).
[0241 ] According to some implementations, to makea special area of a provider of presence related services becoming at least partly registered in a mobile device requires the user inserting an activation code into the mobile device and a successful validation of said activation code by one or more processing devices. In this embodiment the ACSAI is validated by validating the relatedhash(ACsA-i) value.
[0242] In step (1 1 ) the user is prompted to select a Personal Identification Number (PIN) for presence related services associated to at least SA (as commented herein below, in some implementations the same PIN may be used to register into the mobile device more special areas related to service provider
1 )-
[0243] According to some implementations the PIN value is not stored at the
mobile device application but is securely sent in step (12), e.g. via https, to the presence system of service provider 1 , together with a One-Time-Password (OTP) that has been calculated using the PIN value and OTP keys and parameters stored in the mobile device applicationdatabase during the previously described pre-registration process; andthe hash(ACsAi) value is also sent, to be able to assign by the one or more processing devices the selected PIN and the OTP result to the right customer reference.
[0244] In step (13) the PIN is stored in the one or more memories of service provider 1 , in relationship with thepreviously stored keys and parameters for OTP calculations. This PIN storage into the database of service provider 1 is labelled in Figure 8database as "PIN" data.
[0245] So, at this stage the data relationships into the presence services database of service provider 1 may be represented as follows:
[Customer reference RCDDs(CD) SAj,i= 1 ...n (SA1
ACSAI ^ hash(ACsAi) «hash(Device ID&ACSAI)) ^ Device ID
OTP PIN].
[0246] In step (13), the one or more processing devices of service provider 1 calculates an OTP result using the stored user PIN and OTP keys and parameters, and compares the result with the one received from the mobile device application. If validation is successful thenSA-ican be personalized into the mobile device application database, and SA related checking data and rules can be sent to the mobile device application.
[0247] So, according to some implementations, the service provider sends special arearelated checking data and rules to the mobile device application in the mobile device after successful validation of a One Time Password (OTP) received from the mobile device application.
[0248] In step (14) SA related checking data and rules are sent from the service provider 1 to the mobile device application; the mobile deviceapplication
in the user mobile device receives the data and stores the data for later determination about whether the mobile device is present or not into SA-i . So when step (14) ends SA related personalization has been completed. [0249] According to some implementations data capable of linking the mobile device to at least one special area is electronically stored in one or more memories of the service provider of presence related services, the data including checking data of the radio communication defining devices defining the at least one special area, and a first identifier related to the mobile device; and there is transmission via a mobile telephone network to the mobile device of at least a portion of the checking data.
[0250] According to some implementations the pre-registration and the registration process into at least one special area (steps (8) to (14) above) shall be made in the context of the same https session, such that the PIN shall be selected in the same session where the activation code is entered. In a particular implementation there is limited time period (e.g. 2 minutes) to select the PIN after the pre-registration process has ended, such that if such a period is exceeded the registration process does not succeed.
[0251 ] In step (15) the mobile device receives radio defining signals and/or radio distinctive defining signalsfrom radio communication defining devices and in step (16) is able to determine, using the checking data, the mobile device application and the presence determination rules, whether it is present or not in at least one special area, for example in SA .
[0252] In step (17), the mobile device sends a presence updating signal (about its presence status in SA from the mobile device application to the presence system of service provider 1 , via the mobile telephone network.
[0253] According to some implementations the presence updating signal is sent to the service provider at least one of: periodically; when the mobile device enters into, remains into, exits out or remains out of at least one special area.
[0254] According to some implementations the presence updating signal also comprises a One-Time-Password (OTP) result. In particular, if the updating signal indicates that the mobile device is present in SA then the OTP result is calculated based on information that is included in at least one of the distinctive defining signals that define SA1 (as illustrated in connection to step (17) of Figure 8). According to some implementations, if the updating signal indicates that the mobile device is not present inSA-ι , then the OTP result is calculated by the mobile device application using as input data a predefined value for that scenario, stored (e.g. obfuscated) into the mobile device application database. According to other implementations if the updating signal indicates that the mobile device is not present in a special area, then an OTP is not calculated by the mobile device.
[0255] In step (17) the updating signal also comprises the hash(Device ID&ACSAI), to be able to match at the presence system of service provider 1 the updating signal about the presence status of the mobile device into SA-i , with the right customer reference and with the rest of the related parameters into the database of service provider 1 ; and to validate the OTP result using the appropriate keys, parameters and input data.
[0256] The presence system of the service provider receives the presence updating signal that identifies the mobile device's presence in SAi and in step (18) derives from the updating signal by one or more processing devices having access to at least a portion of the data (stored in the presence services database of Figure 8) whether or not the mobile device is present in SA-| .
[0257] In step (19) the OTP that was comprised into the presence updating signal is validated by the security & OTP module of the presence service provider 1 .
[0258] In step (20) the presence services module of the service provider 1 enable or disable by use of one or more processing devices at least one presence related service based upon the mobile device's presence or non- presence into SAi ; and also depending on successful validation by the security
& OTP module of the service provider 1 of the referred OTP that was comprised into the presence updating signal.
[0259] So the presence system of the service provider enables or disables by use of the one or more processing devices at least one presence related service based upon the mobile device's presence or non-presence in one or more special areas; wherein when the updating signal indicates that the mobile device is present in the at least one special area, enabling the at least one presence related service associated to the mobile device's presence in one or more special areas also depends on a successful validation by use of the one or more processing devices of at least one One-Time-Password (OTP) that is sent from the mobile device and that is univocally correlated to the updating signal, where at least one OTP is calculated based on information that is included in at least one of the distinctive defining signals that define the at least one special area.
[0260] Figure 9 shows another implementationassociated with several providers of presence related services in connection with the use of a mobile device and at least a radio communication defining device that transmits a distinctive defining signal, the distinctive defining signal at least partly defines one or more special areas by its coverage. The implementation of Figure 9 will be described in connection to a first provider of presence related services (service provider 1 in Figure 9), and a second provider of presence related services (service provider 2 in Figure 9). It is assumed thatthe registering of special areas has already occurred and that the mobile device application has been successfully registered for five specials areas defined by service provider 1 (SA-i, SA2, SA3, SA4 and SA5) and four special areas defined by service provider 2 (SAA, SAB, SAc and SAD). [0261 ] So, at this stage the data relationships into the presence services database of service provider 1 may be represented as follows:
Customer reference RCDDs(CD) SA,, i= 1 ...5
[SA3« ACSA3^ hash(ACsA3) ^ hash( Device ID& ACSAS)) ^OTPSAS] ^
[SA5 ACSAS^ hash(ACsA5) <^ hash( Device ID& ACSAS)) ^OTPSAS] <^ Device ID PIN.
[0262] An activation code (AC) has been generated for registering the mobile device application into each special area. The mobile device application has been personalized to enable presence related services forSAi , SA2, SA3, SA4 and SA5. The same PIN has been used to register the five special areas (it was selected when registering the mobile device for the first special area and the same PIN was later also used in step (12) of Figure 8 to register the other four special areas). According to other implementations different PINs may be used to register the different sets of special areas.
[0263] According to some implementations thesame PIN is used by the user in connection to the OTP(PIN) calculations associated to any of the five referred special areas. The OTP keys and parameters have beendefined per each special area, and are stored in the database of service provider 1 (as show in Figure 9); and have been sent and are stored in the database associated to the mobile device application. Thus, data capable of linking the mobile device to at least one special area is electronically stored in one or more memories of the service provider 1 , the data including checking data of the radio communication defining devices defining the at least one special area, and a first identifier related to the mobile device; and there is transmission via a mobile telephone network to the mobile device of at least a portion of the checking data.
[0264] As shown in Figure 9, the mobile device receives radio defining signals and/or radio distinctive defining signals from radio communication defining devices and is able to determine, using the checking data, the mobile device application and the presence determination rules, whether it is present or not in at least one special area.
[0265] A radio defining signal from a radio communication defining device may, for example, be transmitted on a continuous or periodical basis; and the mobile device observation about whether or not it is receiving any defining signal can also becontinuous or periodical.
[0266] When one or more defining signals are received, they are processed by the mobile device in order to compare the appropriate part of their content with any checking data stored in the internal mobile device database, to determine whether it is receiving one or more distinctive defining signals.
[0267] Figure 9 shows several examples of the mobile device sending a presence updating signalabout its presence status into any of the special areas SAi, SA2, SA3, SA4 and SA5, from the mobile device application to the presence system of service provider 1 , via the mobile telephone network.
[0268] In Figure 9 the mobile device sends an updating signal about its presence in SA-i. In particular, example (1 ) illustrates the scenario of the updating signal SAi being sent when the mobile device is present into SAi(e.g. when enters into SA-i) and the OTP result being calculated based on information that is included in at least one of the distinctive defining signals that define SAi. In this example the updating signal also comprises a reference to the checking data that has been used as input data to calculate the OTP result, such that one or more processing devices in the service provider 1 system will be able to make the relative OTP calculation and to proceed with the validation of the OTP received.
[0269] According to some implementations, if the updating signalSAi indicates that the mobile device is not present into SA-i , then the OTP result would be calculated by the mobile device application using as input data a predefined value for that scenario, known by the service provider 1 and stored into the server database in connection to the given customer reference and special area, and also stored (e.g. obfuscated) in the mobile device application database (this scenario is not illustrated in Figure 9). According to other implementations if the updating signal indicates that the mobile device is not
present in a special area, then an OTP is not calculated by the mobile device.
[0270] As already commented in connection to Figure 8, the hash(Device ID & ACsAi) can be used to match at the presence system of service provider 1 the updating signal about the presence status of the mobile device in SA-i , with the right customer reference and with the rest of the related parameters in the database of service provider 1 ; and to validate the OTP result using the appropriate keys, parameters and input data. [0271 ] The presence system of service provider 1 receives the presence updating signal that identifies the mobile device's presence in SA andderives from the updating signal by one or more processing devices having access to at least a portion of the data (stored in the presence services database of Figure 9) whether or not the mobile device is present in SA-i .
[0272] Then, the presence services module of the service provider 1 enables or disables by use of one or more processing devices at least one presence related service based upon the mobile device's presence or non-presence in SA^ and also depending on successful validation by the security & OTP module of the service provider 1 of the referred OTP that was comprised into the presence updating signal.
[0273] In the implementation of Figure 9 the mobile device also sends an updating signal about its simultaneous presence in SA3 and SA4. Example (2) illustrates the scenario of the updating signal SA3 andSA4 being sent when the mobile device is present in both special areas (e.g. when enters into SA3 and remains into SA4) and there is a first OTP result being calculated based on information that is included in at least one of the distinctive defining signals that define SA3 and a second OTP result being calculated based on information that is included in at least one of the distinctive defining signals that define SA4. In this example the updating signal also comprises a reference to the checking data that has been used as input data to calculate the first OTPSA3result and a reference to the checking data that has been used as input data to calculate the second OTPSA4 result, such that one or more processing devices in the service
provider 1 system will be able to make the relative OTP calculations and to proceed with the validation of the OTPs received.
[0274] The presence system of the service provider 1 receives the presence updating signal that identifies themobile device's presence in SA3 and SA4 and derives from the updating signal by one or more processing devices having access to at least a portion of the data (stored in the presence services database of Figure 9) whether or not the mobile device is present in SA3 and SA4.
[0275] The presence services module of the service provider 1 then enables or disables by use of one or more processing devices at least one presence related service based upon the mobile device's presence or non-presence into SA3, and also depending on successful validation by the security & OTP module of the service provider 1 of the referred OTPSA3 that was comprised into the presence updating signal. In this implementation, if the updating signal processing determines that the mobile device was present inSA3and the validation of the OTPsA3result is positive (i.e. the received OTP is equal to the one calculated at the service provider 1 system) then the at least one presence related service is enabled and can be provided.
[0276] In Figure 9 the mobile device also sends an updating signal about its presence in SA5. Example (3) illustrates the scenario of the updating signal SA5 being sent when the mobile device is present inSA5 (e.g. when remains into SA5) and there is an OTP result being calculated based on the user inputting the PIN in the mobile device application via the mobile device keyboard.
[0277] The presence system of the service provider 1 receives the presence updating signal that identifies the mobile device's presence in SA5 and derives from the updating signal by one or more processing devices having access to at least a portion of the data (stored in the presence services database of Figure 9) whether or not the mobile device is present in SA5.
[0278] The presence services module of the service provider 1 then enables or
disables by use of one or more processing devices at least one presence related service based upon the mobile device's presence or non-presence inSA5, and also depending on successful validation by the security & OTP module of the service provider 1 of the referred OTPSAS that was comprised into the presence updating signal. In this implementation, if the updating signal processing determines that the mobile device was present inSA5and the validation of the OTPsAsresult is positive (i.e. the received OTP is equal to the one calculated at the service provider 1 system) then the at least one presence related service is enabled (or remains enabled) and can be provided.
[0279] During the live cycle of the mobile device software application and the presence related services, the definition ofone or more special areasmay change: new checking data may be added; some checking data may be modified, or deleted; and the rules defining special areas may change. Those changes would be reflected into the one or more memories of the service provider (in the database of service provider 1 or the one of service provider 2, as applicable in the implementation of Figure 9).
[0280] If the definition of a special area changes in the presence service provider system, then the old special area may become disabled in the database of the service provider, and a new definition is stored in the database. In some cases it might be necessary to obtain a new activation code to make the new special area definition being personalized into the database associated to the mobile device application. In other cases the updating can be made upon the user inserting the PIN in the context of a presence updating signal to the sent.
[0281 ] In the example (3) of Figure 9, when the updating signal SA5 is received, the one or more processing devices of service provider 1 identify that there is a pending updating of SA2 personalization into the mobile device application, and said updating is then made(upon a successful prior validation of the received OTP(PIN) value)in the context of the https session that is open in connection to the transmission of the updating signal SA5. So in this example, when the referred https connection is closed, the SA2personalizationhas been successfully
updated into the database of the mobile device that is associated to the mobile device application.
[0282] According to some implementations the presence services related to the special areas associated to a given PIN are blocked inthe presence system of service provider 1 after a number of wrong consecutive PIN entries (e.g. 3). According to some implementations a wrong PIN entry is accounted when the result of the OTP(PIN) verification, that uses the PIN stored into the database of service provider 1 , and OTP keys and parameters, to calculate an OTP result that is compared with the OTP result received from the mobile device application, determines that the entered PIN was not correct.
[0283] A different PIN value may be associated to each special area; or to a group of special areas. Figure 9 shows, in connection to service provider 2, that a PINB has been selected when registering the mobile device application to SAB and a PIND has been selected when registering the mobile device application to SAD.
[0284] As commented above, in the context of Figure 9, the processes described in Figure 8 related to registering special areas for a mobile device application have already occurred, and the mobile device application has become successfully registered for four special areas defined by service provider 2 (SAA, SAB, SAC and SAD). [0285] So, at this stage the data relationships into the presence servicesdatabase of service provider 2 may be represented as:
Customer reference RCDDs(CD) SA,, i= A...D
[SAAo ACSAA^ hash(ACsAA) ^ hash( Device ID & ACSAA)]^
[SABo ACSAB^ hash(ACsAB) ^ hash( Device ID & ACSAB)^PINB]
[SAco ACSAC^ hash(ACsAc) ^ hash( Device ID & ACSAC)] ^
[SADo ACSAD^ hash(ACsAD) ^ hash( Device ID & ACSAD) «PIND]O
Device ID OTP].
[0286] An activation code (AC) has been generated for registering the mobile device application into each special area. The mobile device application has been personalized to enable presence related services for SAA, SAB, SAcand SAD. PINB has been used to register the mobile device application to SAB and PIND has been used to register the mobile device application to SAD.
[0287] So in this implementation PINB is used by the user in connection to theOTP calculations associated to SAB that required the PIN as input data for the calculation; and PIND is used by the user in connection to those OTP calculations associated to SAD that required the PIN as input data for the calculation
[0288] According to some implementationsthe OTP keys and parameters are common to the four special areas, and are stored into thedatabase of service provider 2 and have been sent and are stored in the database associated to the mobile device application.
[0289] Data capable of linking the mobile device to at least one special area is electronically stored in one or more memories of the service provider 2. The data may include checking data of the radio communication defining devices defining the at least one special area, and a first identifier related to the mobile device; and there is transmission via a mobile telephone network to the mobile device of at least a portion of the checking data. [0290] Figure 9 shows several examples of the mobile device sending a presence updating signal about its presence status in any of the special areas SAA, SAB, SAcand SAD, from the mobile device application to the presence system of service provider 2, via the mobile telephone network. [0291 ] In Figure 9 the mobile device sends an updating signal about its presence in SAD. Example (4) illustrates the scenario of the updating signal SADbeing sent when the mobile device is present inSAD (e.g. when enters into SAD) and there is an OTP result being calculated based on the user inputting the PIND in the mobile device application via the mobile device keyboard.
[0292] As already commented in several examples, the hash(Device ID & ACSAD) may be used to match at the presence system of service provider 2 the updating signal about the presence status of the mobile device in SAD, with the right customer reference and with the rest of the related parameters into the database of service provider 2; and to validate the OTP result using the appropriate keys, parameters and input data.
[0293] The presence system of the service provider 2 receives the presence updating signal that identifies the mobile device's presence in SAD and derives from the updating signal by one or more processing devices having access to at least a portion of the data (stored in the presence services database of Figure 9) whether or not the mobile device is present in SAD. The presence services module of the service provider 2then enables or disables by use of one or more processing devices at least one presence related service based upon the mobile device's presence or non-presence inSAD, and also depending on successful validation by the security & OTP module of the service provider 2 of the referred OTP(PIND) that was comprised into the presence updating signal. If the updating signal processing determines that the mobile device was present in to SADand the validation of the OTP(PIND)result is positive (i.e. the received OTP is equal to the one calculated at the service provider 2 system) then the at least one presence related service is enabled (or remains enabled) and can be provided. [0294] The mobile device also sends an updating signal about its presence in SAc. In particular, example (5) illustrates the scenario of the updating signal SAcbeing sent when the mobile device is present inSAc (e.g. when remains inSAc) and the OTP result being calculated based on information that is included in at least one of the distinctive defining signals that define SAC. According to some implementations the updating signal also comprises a reference to the checking data that has been used as input data to calculate the OTP result, such that one or more processing devices in the service provider 2 system will be able to make the relative OTP calculation and to proceed with the validation of the OTP received.
[0295] According to some implementations, if the updating signal SAc indicates that the mobile device is not present inSAc, then the OTP is calculated by the mobile device application using as input data a predefined value for that scenario, known by the service provider 2 and stored in the server database in connection to the given customer reference and special area, and also stored (e.g. obfuscated) in the mobile device application database (this scenario is not illustrated in Figure 9). [0296] The presence system of service provider 2 receives the presence updating signal that identifies the mobile device's presence in SAC and derives from the updating signal by one or more processing devices having access to at least a portion of the data (stored in the presence services database of Figure 9) whether or not the mobile device is present in SAc. The presence services module of the service provider 2 then enables or disables by use of one or more processing devices at least one presence related service based upon the mobile device's presence or non-presence in SAc; and also depending on successful validation by the security & OTP module of the service provider 2 of the referred OTP that was comprised into the presence updating signal.
[0297] Furthermore, the mobile device sends an updating signal about its presence in SAB. Example (6) illustrates the scenario of the updating signal SABbeing sent when the mobile device is present in special area SAB (e.g. when enters into SAB) and there is a first OTP result being calculated based on the user inputting the PINB in the mobile device application via the mobile device keyboard and a second OTP result being calculated based on information that is included in at least one of the distinctive defining signals that define SAB.ln this example the updating signal also comprises a reference to the checking data that has been used as input data to calculate the second OTP(CDSAB) result, such that one or more processing devices in the service provider 2 system will be able to make the relative second OTP calculations and to also proceed with the validation of the second OTP received.
[0298] According to some implementations, if the updating signal SAB indicates
that the mobile device is not present inSAe, then a single OTP result would be calculated by the mobile device application using as input data a predefined value for that scenario, known by the service provider 2 and stored into the server database in connection to the given customer reference and special area, and also stored (e.g. obfuscated) into the mobile device application database (this scenario is not illustrated in Figure 9).
[0299] The presence system of the service provider 2 receives the presence updating signal that identifies the mobile device's presence in SAB and derives from the updating signal by one or more processing devices having access to at least a portion of the data (stored in the presence services database of Figure 9) whether or not the mobile device is present in SAB.
[0300] The presence services module of the service provider 2 then enables or disables by use of one or more processing devices at least one presence related service based upon the mobile device's presence or non-presence inSAe, and also depending on successful validation by the security & OTP module of the service provider 2 of the referred OTP/OTPs that was/were comprised in the presence updating signal.
[0301 ] During the life cycle of the mobile device software application and the presence related services, the definition of one or more special areas e.g. related to the service provider 2 may change: new checking data may be added; some checking data may be modified, or deleted; the rules defining special areas may change; some special area is disabled. Those changes would be reflected in the one or more memories of the service provider 2.
[0302] If the definition of a special area changes in the presence service provider 2 system, then the old special area may become disabled in the database of service provider 2, and the new definition would be stored into the database.
[0303] In some cases it might be necessary to obtain a new activation code to make the new special area definition being personalized into the database
associated to the mobile device application. In other cases the updating can be made upon the user inserting the PIN in the context of a presence updating signal to the sent. [0304] In the example (6) of Figure 9, when the updating signal SAB is received, the one or more processing devices of service provider 2 identify that there is a pending updating of SAcand SAD personalization into the mobile device application, and said updating is then made (upon a successful prior validation of the received OTP values) in the context of the https session that is open in connection to the transmission of the updating signal SAB. So in this example, when the referred https connection is closed, the SAC and SADspecial areas personalization has been successfully updated (e.g. SAchas been deactivated and SAcChecking data and rules has been modified) into the database of the mobile device that is associated to the mobile device application.
[0305] Figure 10 representsan exemplary presence relateddatabaseof one service provider. In particular the figure shows a parameters database like the one described in connection to service provider 1 of Figure 9, where the mobile device application has already become successfully registered for five specials areas defined by service provider 1 (SA-i, SA2, SA3, SA4 and SA5).
[0306] The illustrated parameters database links the five special areas with three mobile devices identification codes MD(i-1 ), MD(i) and MD(I+1 ), each of which have an entry, (i-1 ), (i) and (i+1 ). The mobile device application of the three mobile devices has been personalized to enable presence related services for SAi, SA2, SA3, SA4 and SA5.For simplicity, the examples provided herein below only refer to mobile device MD(i).
[0307] An activation code (AC) has been generated for registering the mobile device application into each special area and this code is stored in column (c) in connection to each special area for mobile device MD(i).The same PIN has been used to registerMD(i) in the five special areas and its storage is illustrated in the last column of Figure 10, in connection to entry (i). Also the customer reference is illustrated in relationship to entry (i).
[0308] The OTP keys and parameters have been defined per each special area, and are stored in column (f) in connection to each special area. The hash values calculated by one or more processing devices of service provider 1 during the pre-registration process of the mobile device application into each special area have been stored in columns (d) and (e) respectively, in connection to each special area associated to mobile deviceMD(i).
[0309] When the presence system of service provider 1 receives an updating signal, one or more processing devices having access to at least a portion of the parameters/data adjust the value of at least one operating parameter of the parameters database linking the special areas and the mobile device. The value of the operating parameter(s) depends on the information contained in the updating signal about the presence of the mobile device into one or more special areas (and sometimes depends also on information that is correlated to the updating signal).
[0310] According to some implementations operatingparameters related to some presence related services are enabled or remain enabled in the referred parameters database when the information contained in the updating signal indicates that the mobile device has recently entered or remains located in the corresponding special area; and also operating parameters related to some presence related services are enabled or remain enabled in the referred parameters databasewhen there is a successful validation by the security & OTP module of the service provider 1 of the at least one OTP that was comprised into the presence updating signal.
[031 1 ] In the same example, operatingparameters related to some presence related services are disabled or remain disabled in the referred parameters database when the information contained in the updating signal indicates that the mobile device recently left or remains out of the special area; and also operating parameters related to some presence related services are disabled or remain disabled in the referred parameters databasewhen there is a negative validation by the security & OTP module of the service provider 1 of at least one OTP
that was comprised into the presence updating signal.
[0312] The first column of the database of Figure 10 comprises the mobile devices identification codes. A mobile device identification code refers to a unique codeof the mobile device such as, for example, the IMEI.
[0313] In this example,the definition rules and the set of checking data formobile device MD(i) in connection to the special area SA1 ; defined in column (a) of the entry (i) contains :
- Special area rules (not illustrated) defining the special area SAi as the sum of the coverage of three radio communication defining devices;
- a checking data 650 comprised in the distinctive defining signal of a first radio communication defining deviceRCDDI (e.g. the identification code of RCDD1 ), such distinctive defining signal defines the special area SA1 ;
- checking data 652 comprised in the distinctive defining signal of a second radio communication defining device RCDD2 (e.g. the identification code of RCDD2), such distinctive defining signal also defines the special area SA1 ; and
- a checking data 654 comprised in the distinctive defining signal of a third radio communication defining device RCDD3 (e.g. the identification code of RCDD3), such distinctive defining signal also defines the special area
[0314] The mobile device determines that it is located in the special area SA^ when it receives at least one of the three identifiers 650, 652, 654 comprised in the distinctive defining signals coming from RCDD1 , RCDD2 and RCDD3, that is when it is located within the range of coverage of any of the three distinctive defining signals (according to one implementation, in the case of the defining signal of RCDD2, in order to consider that such defining signal is a distinctive defining signal, it will additionally be necessary that the reliable information
comprised into the defining signal confirms that RCDD2 is effectively located in a predetermined environment).
[0315] In this example, the value of column (b) for the mobile device MD(i) and for the special area SAi is enabled ('+') or disabled ('-') at a given time depending on whether or not the service provider receives a confirmation of new checking data from this mobile device confirming that all the checking data corresponding with the special area has been successfully stored into this mobile device (based on the same principle, it would also be possible to add another column in the parameters database to monitor the reception of confirmations of deactivation of checking data and another one to monitor the reception of confirmations of modification of checking data for a given special area). [0316] In this example, the value of column (b) for MD(i) is enabled (+) for the special area SA^ In another example, the value of column (b) for the mobile device MD(i) and for the special area SA1 contains a set of values enabled ('+') or disabled ('-'), one for each checking data. [0317] The column (g) corresponding to the operating parameter "Mobile Device Control Flag" is enabled ('+') or disabled ('-') at a given time for the mobile device MD(i) and for the special area SAi depending on the information comprised into the updating signals received about the presence of the mobile device into the special area SA . In this example, at a given time, the mobile device MD(i) is supposed to be in SA1 as the operating parameter "Mobile Device Control Flag" (g) is enabled ('+').
[0318] The column (h) corresponds to the result of the validation by the security & OTP module of the service provider 1 of the at least one OTP that was comprised in the presence updating signal. In this example the validation has been positive (meaning that the received at least one OTP has been equal tothe at least one calculated by the security and OTP module) and the "OTP validation result" is enabled(V).
[0319] When the "Mobile Device Control Flag" is enabled (+) at a given time for the mobile device MD(i) and for the special area SA1 , and the related "OTP validation result" is also enabled ('+'), certain tariffs and/or services related to such special area may be available/provided in connection to the user of the mobile device depending on the value (+) or (-) of the corresponding tariff or service flagsfor such mobile device and special area into the operating parameters database. In this example, at a given time, in the column Tariff identifier' (i), the parameter is then set at 'XXX' and in the column (j), the Tariff Flag' is enabled (+). In the column (k), the 'Service identifier' parameter is then set at ΎΥΥ' and in the column (I), the 'Service Flag' of said service ΎΥΥ' is enabled ('+'). In the column (m), the 'Service identifier' parameter is set at 'ZZZ' and in the column (n), the 'Service Flag' of said service 'ZZZ' is disabled ('-') because service ZZZ is disabled at that time for the mobile device MD(i) and the special area SA1 .
[0320] The set of columns (a), (b) and (g) to (n) provides the same kind of information for the special area SA5. The set of special area rules and checking data of mobile device MS(i) (column a) refers to radio communication defining device RCDD4 with the checking data 656, FtCDD5with the checking data 658 and RCDD6 with the checking data 660 for the special area SA5. In this special area, at that time, the value of column (b) for MS(i) is disabled (-), the operating parameter "Mobile Station Control Flag" (column g) is disabled ('-') and the operating parameter "OTP validation result" (column h) is disabled ('-'). Service 'PPP' (column i) is enabled ('+' in column j), service 'QQQ' (column k) is enabled ('+' in column I) and service 'RRR' (column m) is enabled ('+' in column n). The service PPP and the services QQQ and RRR are associated to mobile station MS(i) when it is in the special area SA5.
[0321 ] In a particular embodiment, the one or more memories and the one or more processing devices reside in one or more servers of one or more providers of presence related services.
[0322] Figure 1 1 illustrates part of an implementationassociated withenabling or disabling by use of the one or more processing devices a presence related
service based upon the mobile device's presence or non-presence in at least one special area.This implementation is associated with the use of a mobile device and at least one radio communication defining device that transmits a distinctive defining signal that at least partly defines a special area by its coverage, the distinctive defining signal including data.
[0323] Figure 1 1 shows in step (1 ) the process of receiving and processing one or more defining signals from radio communication defining devices in the mobile device to determine in step (2), based on a previously obtained at least portion of the data, whether the one or more defining signals are one or more distinctive defining signals and to determine whether or not the mobile device is present in the at least one special area.
[0324] In step (3) the mobile device sends via a mobile telephone network an updating signal to one or more servers of a provider of presence related services about the mobile device's presence in the at least one special area, the updating signal being sent at least one of (i) periodically, (ii) at times recent to when the mobile device enters into or exists from the special area, (iii) when the mobile device remains in the special area and (iv) when the mobile device remains outside the special area.
[0325] In some circumstancesthe mobile device also sends via a mobile telephone network to one or more servers of a provider of presence related services at least one One-Time-Password (OTP) that is univocally correlated to the updating signal.
[0326] In a particular example the mobile device sends the at least one OTP when the updating signal indicates that the mobile device is present in at least one special area and at least one OTP is calculated based on information that is included in at least one of the distinctive defining signals that define the at least one special area.According to some implementations at least one OTP is calculated using a user PIN as input data for the calculation.
[0327] According to some implementations the at least one OTP is only sent,
contextually to the sending of the presence updating signal, when the mobile device is present in at least one special area. In other implementations the at least one OTP is also sent when the mobile device is not present into any special area.
[0328] Figure 1 1 illustrates a set of mobile device applications (MDA) where:
MDA1 relates to service provider 1 that is a smartphones vendor. - MDA2 relates to service provider 2 that is a provider of smart cities presence services.
MDA3 relates to service provider 3, that is a provider of Internet of Things presence services; this service provider enable presence services for service providers type 3. a (car vendors), service providers type 3.b (merchants), service providers type 3.c (banks), service providers type 3.d (transportation entities), etc.
MDA4 relates to a service provider 4, that is a contents provider.
MDA5 relates to a service provider 5, that is a telecom operator.
[0329] So in the context of MDA3, and in connection to the service providers type 3. a, 3.b, 3.c, 3.d, etc., at least part of the processes in the domain of the service provider are performed by a trusted third party on behalf of the service provider. These service providers may avoid technical complexity by delegating part of the presence related processes to another entity such as service provider 3 as depicted in Figure 1 1 . [0330] In the context of Figure 1 1 it is assumed that the checking data, the relatedspecial area rules, the OTP keys and parameters, the PIN, etc., are already stored in one or more memories of the corresponding service provider (as described in connection to, for example Figures 4, 7, 8, 9 or 10); and it is also assumed that all the MDAs are already personalized to enable presence
related services (as described in connection to, for example, Figures 4, 7, 8, 9 or 10).
[0331 ] Figure 1 1 illustrates that SA ; SA2 and SA3 have been personalized in MDA1 ; SA4 and SA5 have been personalized in MDA2; SA6 to SA2o have been personalized in MDA3; SA2i and SA22 have been personalized in MDA4; and SA23 and SA24 have been personalized in MDA5.
[0332] Figure 1 1 also illustrates several examplesrelated to information that may be sent either comprised in the presence updating signal or related to it (for simplicity the hash values have not been illustrated in the following examples. Previous examples have described how the hash values may be comprised into the updating signal. [0333] In a first example (a), MDA1 determines that the mobile device is present inSA^nd sends a presence updating signal to the presence system of the service provider 1 . In this examplethe updating signal SA-iis sent when the mobile device is present in SAi (e.g. when enters into SA-i) and an OTP result comprised in the updating signal is calculated based on the user inputting the PIN via the mobile device keyboard and also based on information that is included in at least one of the distinctive defining signals that define SAi. In this example the updating signal also comprises a reference to the checking data that has been used as input data to calculate the OTP result, such that one or more processing devices in the service provider 1 system will be able to make the relative OTP calculation and to proceed with the validation of the OTP received.
[0334] In the example (a) the OTP comprised into the updating signal SA-iis calculated using the checking data of RCDDx and RCDDy, which at least partly defines SAi , and the PIN.
[0335] In a second example (b), MDA1 determines that the mobile device is present inSA3 and sends a presence updating signal to the presence system of the service provider I .The updating signal SA3comprises a first OTP that is
calculated based on information that is included in at least one of the distinctive defining signals that define SA3 (in this example the updating signal also comprises a reference to the checking data that has been used as input data to calculate the OTP result); and a second OTP that is calculated based on the user inputting the PIN via the mobile device keyboard.
[0336] In this example the updating signal SA3is sent with a delay from the instant when the presence of the mobile device into SA3 was determined. This delay may be due to lack of data connectivity when an attempt for sending it was made, or because the mobile device application is programed to send the updating signalsometime after it was prepared for sending. In this particular example theupdating signal SA3comprises a first OTP(CDSA3), associated to the mobile device having been into SA3 (defined byCDsA3) at the time of presence determination, and a second OTP(PIN), calculated at the time when theupdating signal SA3is really going to be sent after the user inserts the PIN.
[0337] In a third example (c), MDA2 determines that the mobile device is present inSA5 and sends a presence updating signal to the presence system of the service provider 2. The updating signal SA5comprises an OTP, the reference to the checking data used for the calculation and a request to access to a service (together with the service related information).
[0338] In a fourth example (d), MDA3 determines that the mobile device is present inSAio and sends a presence updating signal to the presence system of the service provider 3. The updating signal SA 0comprises an OTP, the reference to the checking data used for the calculation and a request to access to a multimedia content.
[0339] In a fifth example (e), MDA3 determines that the mobile device is present inSA and sends a presence updating signal to the presence system of the service provider 3. The updating signal SA 4comprises an OTP and the reliable information received from one or more radio communication defining devices (which are endowed with special area location monitoring means of those
referred to in connection with Figure 3) that at least partly defineSA . The reliable information is sent together with the associated checking data, such that one or more processing devices of service provider 3 will be able to identify the related RCDDs and its associated data and parameters.
[0340] In a sixth example (f), MDA3 determines that the mobile device is present in two special areas, SA19 andSA2o, and sends a presence updating signal to the presence system of the service provider 3. The updating signal SA 9andSA2o comprises an OTPSAI 9 (and the reference to the checking data used for the calculation) and an OTPSA2o (and the reference to the checking data used for the calculation).
[0341 ] In a seventh example (g), MDA4 determines that the mobile device is present in special area SA22 and sends a presence updating signal to the presence system of the service provider 4. The updating signal SA22 comprises an OTPSA22 (and the reference to the checking data used for the calculation) and credential data calculated at the security & OTP module of service provider 4 and sent to the mobile device application as explained in step (14) of Figure 8. Verification of credential data is necessary to give access to a presence service related to the special area.
[0342] According to some implementations credentials data is sent when SA22 personalization is made; and one of them is sent comprised in apresence updating signal as an additional presence signalauthentication token. Credentials may be renewed in the mobile device application database in the context of updating signals such as those referred to in (3) and (6) of Figure 9.
[0343] According to some implementations the credentials are unstructured data and have been securely obfuscated via a PIN related calculation, before being sent for storage into the mobile device application database. So in this scenario a correct PIN entry into the mobile device would be necessary to send a properly non-obfuscated credential comprised into a presence updating signal.
[0344] According to some implementations the credentials are payment credentials and at least one of them must be verified by, for example, a bank (an entity type 3.c in the context of Figure 1 1 ) as a precondition for the presence related service to be provided. So advantageously said presence service is only provided after an associated on-line payment has been made.
[0345] According to some implementations, if the presence related service isthe on-line payment itself, payment acceptance could depend on being present in the special area and also on the successful validation of the OTP.
[0346] According to some implementations, the above referred credential (unstructured data) is used to calculate an OTP(credential) result, that is sent comprised in a presence updating signal, the credential being de-obfuscated (by using the PIN entered by the user) before being used for the OTP calculation.
[0347] In example (h) the credentials are first parts of payment credentials, and a second part of one of those is calculated as an OTP value as a result of the user inserting a PIN (that may be different from the PIN related to presence services provision), and the two parts must be verified by, for example,a financial institution (such as, for example, an entity type 3.c in the context of Figure 1 1 ) as a precondition for the presence related service to be provided. Advantageously the presence service may also only be provided after an associated on-line payment has been made.
[0348] As in the previous case, if the presence related service is the on-line payment itself, payment acceptance could also depend on being present into the special area (and also on the validation of additional OTP results). [0349] So this invention provides a huge number of methods and techniques to enable or disable by use of one or more processing devices presence related services, based upon the mobile device's presence or non-presence into one or more special areas.
[0350] Presence related services associated to radio communication defining devices and defined special areas is unlimited, considered the huge potential of the coming Internet of Things ecosystem. Examples may cover a variety of user and service provider's related environments.
[0351 ] Home presence related services may, for example, refer to new facilities a user may have at home to control how the devices operate and interact with the user, based on mobile-centric presence determination. Periodical data measures required by certain home devices (e.g. gas counter) may be automated based on presence determination. Home systems (e.g. video surveillance or pay per view systems) could also be programmed to operate differently depending on whether any family member is or not at home.
[0352] Presence services in a merchant environment may be used to provide the user with a contextual and personalized procurement and products/services renewal experience, thus benefiting adopting merchants in terms of increasing sales and customer loyalty. Improved checking processes and contextual tracking information may also be offered to users based on presence determination.
[0353] Zone pricing services and mobile bandwidth personalization, according to presence determination criteria, may also be offered to end users. So IT resources and mobile pricing can be adapted to customer preferences and needs in selected environments.
[0354] User objects such as electronic appliances, home consumer devices, vehicles, food packaging, etc., are becoming smarter, so they will be able to generate and transmit self-diagnosis informationand updating to service providers after presence determination.
[0355] The user may also be interested to share certain personal mobile presence information with other users or self-configure via internet a set of personal zones (office, home, gym, car, etc.) for presence determination services.
[0356] In other scenarios a user can benefit from ambient assisted living programs for dependent people and/or automatic stock renewal of food or medicines based on presence determination.
[0357] Information from urban or rural radio communication devices may also be managed to provide a wide variety of rural or city-zone presence services, in areas such as wireless sensor network or smart cities. [0358] So considering all those possibilities (and many others that are possible using the methods and systems described and contemplated herein) service providers should consider mobile-centric presence determination, based on mobile device applications personalization, and presence services enablement via the mobile device, as an essential piece of their Internet of Thing strategy. Furthermore, using methods and technologies that do not require using a third party owned secure element to enable or disable the referred presence related services gives to service providers the right agility and control of their loT business.. [0359] Although exemplary implementations have been described in detail for the purpose of illustration, it is understood that such detail is solely for that purpose, and variations can be made therein by those skilled in the art without departing from the scope of the invention. [0360] Further, although the implementations disclosed herein with reference to the drawings comprise computer apparatus and processes performed in computer apparatus, the invention also extends to computer programs, particularly computer programs on or in a carrier, adapted for putting the invention into practice. The program may be in the form of source code, object code, a code intermediate source and object code such as in partially compiled form, or in any other form suitable for use in the implementation of the processes according to the invention. The carrier may be any entity or device capable of carrying the program. For example, the carrier may comprise a storage medium, such as a ROM, for example a CD ROM or a semiconductor
ROM, or a magnetic recording medium, for example a floppy disc or hard disk. Further, the carrier may be a transmissible carrier such as an electrical or optical signal which may be conveyed via electrical or optical cable or by radio or other means. When the program is embodied in a signal which may be conveyed directly by a cable or other device or means, the carrier may be constituted by such cable or other device or means. Alternatively, the carrier may be an integrated circuit in which the program is embedded, the integrated circuit being adapted for performing, or for use in the performance of, the relevant processes.
Claims
IN THE CLAIMS
What is claimed is:
1 . A method associated with the use of a mobile device and at least one radio communication defining device that transmits a distinctive defining signal that at least partly defines a special area by its coverage, the distinctive defining signal including data, the method comprising: receiving and processing one or more defining signals in the mobile device to determine, based on a previously obtained at least portion of the data, whether the one or more defining signals are one or more distinctive defining signals and to determine whether or not the mobile device is present in the special area, upon determining in the mobile device that one of the defining signals is a distinctive defining signal and that the mobile device is present in the special area, generating in the mobile device one or more One-Time-Passwords with at least one of the one or more One-Time Passwords being calculated based on information in the distinctive defining signal, sending from the mobile device via a mobile telephone network an updating signal to one or more servers of a provider of presence related services about the mobile device's presence in the special area, the sending of the updating signal being uncorrelated to any mobile device phone call establishment, the updating signal being sent at least one of (i) periodically, (ii) at times recent to when the mobile device enters into or exists from the special area, (iii) when the mobile device remains in the special area and (iv) when the mobile device remains outside the special area; and sending from the mobile device via the mobile telephone network to the one or more servers of the provider of presence related services at least one of the one or more One-Time-Passwords. 2. A method according to claim 1 , wherein at least one of the one or more One- Time-Passwords is univocally correlated to the updating signal.
3. A method according to claim 1 , wherein at least one of the one or more One- Time-Passwords is sent to the one or more servers of the provider of presence related services comprised in the updating signal. 4. A method according to claim 1 , further comprising receiving in the mobile device a personal identification number, at least one of the one or more One- Time-Passwords being calculated using the personal identification number.
5. A method according to claim 4, wherein the personal identification number is stored in a memory of the mobile device and subsequently deleted from the memory after the conclusion of at least one of the one or more One-Time- Password calculations.
6. A method according to claim 1 , wherein at least one of the one or more One- Time Passwords is calculated using a token and/or hardcoded keys.
7. A method according to claim 1 , wherein the updating signal comprises the result of a previous determination performed by the mobile device about the mobile device's presence in the special area.
8. A method according to claim 1 , wherein the frequency of the updating signal is different from the frequency of the distinctive defining signal.
9. A method according to claim 1 , wherein the mobile device enables or disables one or more functions related to a presence related service upon receiving enabling or disabling instructions from the provider of presence related services.
10. A non-transitory computer readable medium storing computer readable program code for causing a processor of a mobile device to perform a method associated with the use of at least one radio communication defining device that
transmits a distinctive defining signal that at least partly defines a special area by its coverage, the distinctive defining signal including data, the method comprising: receiving and processing one or more defining signals in the mobile device to determine, based on a previously obtained at least portion of the data, whether the one or more defining signals are one or more distinctive defining signals and to determine whether or not the mobile device is present in the special area, upon determining in the mobile device that one of the defining signals is a distinctive defining signal and that the mobile device is present in the special area, generating in the mobile device one or more One-Time-Passwords with at least one of the one or more One-Time Passwords being calculated based on information in the distinctive defining signal, sending from the mobile device via a mobile telephone network an updating signal to one or more servers of a provider of presence related services about the mobile device's presence in the special area, the sending of the updating signal being uncorrelated to any mobile device phone call establishment, the updating signal being sent at least one of (i) periodically, (ii) at times recent to when the mobile device enters into or exists from the special area, (iii) when the mobile device remains in the special area and (iv) when the mobile device remains outside the special area; and sending from the mobile device via the mobile telephone network to the one or more servers of the provider of presence related services at least one of the one or more One-Time-Passwords.
1 1 . A non-transitory computer readable medium storing computer readable program code according to claim 10 that causes at least one of the one or more One-Time-Passwords to be univocally correlated to the updating signal. 12. A non-transitory computer readable medium storing computer readable program code according to claim 10 that causes at least one of the one or
moreOne-Time-Passwords to be sent to the one or more servers of the provider of presence related services comprised in the updating signal.
13. . A non-transitory computer readable medium storing computer readable program code according to claim 10 that further causes at least one of the one or more One-Time-Passwords to be calculated using a personal identification number that is stored in a memory of the mobile device.
14. A non-transitory computer readable medium storing computer readable program code according to claim 10 that further cause at least one of the one or more One-Time-Passwords to be calculated using a token and/or hardcoded keys.
15. A non-transitory computer readable medium storing computer readable program code according to claim 10 that further causes the processor to send the updating signal with information related to the result of a previous
determination performed by the mobile device about the mobile device's presence in the special area.
16. A non-transitory computer readable medium storing computer readable program code according to claim 10 that further causes the processor to enable or disable one or more functions in the mobile device related to a presence related service upon the mobile device receiving enabling or disabling
instructions from the provider of presence related services.
17. A mobile device capable of receiving a distinctive defining signal from a radio communication defining device that at least partly defines a special area by its coverage, the distinctive defining signal including data, the mobile device comprising: an electronic storage medium that stores at least a portion of the data; and
a processor adapted to: process one or more defining signals to determine, based on the at least portion of the data, whether the one or more defining signals are one or more distinctive defining signals and to determine whether or not the mobile device is present in the special area, upon determining in the mobile device that one of the defining signals is a distinctive defining signal and that the mobile device is present in the special area, generate in the mobile device one or more One-Time-Passwords with at least one of the one or more One-Time- Passwords being calculated based on information in the distinctive defining signal, to send from the mobile device via a mobile telephone network an updating signal to one or more servers of a provider of presence related services about the mobile device's presence in the special area, the sending of the updating signal being uncorrelated to any mobile device phone call establishment, the updating signal being sent at least one of (i) periodically, (ii) at times recent to when the mobile device enters into or exists from the special area, (iii) when the mobile device remains in the special area and (iv) when the mobile device remains outside the special area; and send from the mobile device via the mobile telephone network to the one or more servers of the provider of presence related services at least one of the one or more One-Time-Passwords.
18. A mobile device according to claim 17, wherein the processor is adapted to univocally correlateat least one of the one or more One-Time-Passwords to the updating signal.
19. A mobile device according to claim 17, wherein the processor is adapted to send at least one of the one or more One-Time-Passwords to the one or more servers of the provider of presence related services comprised in the updating
signal.
20. A mobile device according to claim 17, wherein a personal identification number is stored in a memory of the mobile device, the processor adapted to use the personal identification number to calculate at least one of the one or more One-Time-Passwords.
21 . A mobile device according to claim 17, wherein the processor is adapted to enable or disable one or more functions related to a presence related service upon the mobile device receiving enabling or disabling instructions from the provider of presence related services.
22. A method associated with a mobile device receiving first and second distinctive defining signals respectively from first and second radio
communication defining devices, the first and second distinctive defining signals at least partly define first and second special areas, respectively, by their coverage, each of the first and second distinctive defining signals respectively including first and second data, the method comprising: receiving and processing one or more defining signals in the mobile device to determine, based on a previously obtained at least portion of the first data, whether the one or more defining signals are one or more first distinctive defining signals and to determine whether or not the mobile device is present in the first special area, upon determining in the mobile device that one of the defining signals is a first distinctive defining signal and that the mobile device is present in the first special area, generating in the mobile device one or more first One-Time- Passwords with at least one of the one or more first One-Time-Passwords being calculated based on information in the first distinctive defining signal, receiving and processing one or more defining signals in the mobile device to determine, based on a previously obtained at least portion of the second data, whether the one or more defining signals are one or more second
distinctive defining signals and to determine whether or not the mobile device is present in the second special area, upon determining in the mobile device that one of the defining signals is a second distinctive defining signal and that the mobile device is present in the second special area, generating in the mobile device one or more second One- Time-Passwords, sending from the mobile device via a mobile telephone network, when the mobile device determination refers to the first special area, a first updating signal to one or more servers of a provider of presence related services about the mobile device's presence in the first special area, the sending of the first updating signal being uncorrelated to any mobile device phone call
establishment, the updating signal being sent at least one of (i) periodically, (ii) at times recent to when the mobile device enters into or exists from the first special area, (iii) when the mobile device remains in the first special area and (iv) when the mobile device remains outside the first special area, sending from the mobile device via the mobile telephone network to the one or more servers of the provider of presence related services at least one of the one or more first One-Time-Passwords, sending from the mobile device via a mobile telephone network, when the mobile device determination refers to the second special area, a second updating signal to one or more servers of a provider of presence related services about the mobile device's presence in the second special area, the sending of the updating signal being uncorrelated to any mobile device phone call establishment, the second updating signal being sent at least one of (i) periodically, (ii) at times recent to when the mobile device enters into or exists from the second special area, (iii) when the mobile device remains in the second special area and (iv) when the mobile device remains outside the second special area; and sending from the mobile device via the mobile telephone network to the one or more servers of the provider of presence related services at least one of the one or more second One-Time-Passwords.
23. A method according to claim 22, wherein at least one of the one or more first One-Time-Passwords is univocally correlated to the first updating signal. 24. A method according to claim 22, wherein at least one of the one or more second One-Time-Passwords is univocally correlated to the second updating signal.
25. A method according to claim 22, wherein at least one of the one or more first One-Time-Passwords is sent to the one or more servers of the provider of presence related services comprised in the first updating signal.
26. A method according to claim 22, wherein at least one of the one or more second One-Time-Passwords is sent to the one or more servers of the provider of presence related services comprised in the second updating signal.
27. A method according to claim 22, further comprising receiving in the mobile device a personal identification number, at least one of the one or more first One-Time-Passwords being calculated using the personal identification number.
28. A method according to claim 22, further comprising receiving in the mobile device a personal identification number, at least one of the one or more second One-Time-Passwords being calculated using the personal identification number. 29. A method according to claim 22, further comprising receiving in the mobile device a personal identification number, at least one of each of the one or more first and second One-Time-Passwords being calculated using the personal identification number. 30. A method according to claim 22, wherein at least one of the one or more first One-Time-Passwords is calculated using a token and/or hardcoded keys.
31 . A method according to claim 22, wherein at least one of the one or
moresecond One-Time-Passwords is calculated using a token and/or hardcoded keys.
32. A method according to claim 22, wherein the first updating signal is sent with information related to the result of a previous determination performed by the mobile device about the mobile device's presence in the first special area.
33. A method according to claim 22, wherein the second updating signal is sent with information related to the result of a previous determination performed by the mobile device about the mobile device's presence in the second special area.
34. A non-transitory computer readable medium storing computer readable program code for causing a processor of a mobile device to perform a method associated with the mobile device receiving first and second distinctive defining signals that at least partly define a first and second special areas, respectively, by their coverage, each of the first and second distinctive defining signal respectively including first and second data, the method comprising: receiving and processing one or more defining signals in the mobile device to determine, based on a previously obtained at least portion of the first data, whether the one or more defining signals are one or more first distinctive defining signals and to determine whether or not the mobile device is present in the first special area, upon determining in the mobile device that one of the defining signals is a first distinctive defining signal and that the mobile device is present in the first special area, generating in the mobile device one or more first One-Time- Passwords with at least one of the one or more first One-Time-Passwords being calculated based on information in the first distinctive defining signal, receiving and processing one or more defining signals in the mobile device to determine, based on a previously obtained at least portion of the second data, whether the one or more defining signals are one or more second distinctive defining signals and to determine whether or not the mobile device is present in the second special area,
upon determining in the mobile device that one of the defining signals is a second distinctive defining signal and that the mobile device is present in the second special area, generating in the mobile device one or more second One- Time-Passwords, sending from the mobile device via a mobile telephone network, when the mobile device determination refers to the first special area, a first updating signal to one or more servers of a provider of presence related services about the mobile device's presence in the first special area, the sending of the first updating signal being uncorrelated to any mobile device phone call
establishment, the updating signal being sent at least one of (i) periodically, (ii) at times recent to when the mobile device enters into or exists from the first special area, (iii) when the mobile device remains in the first special area and (iv) when the mobile device remains outside the first special area, sending from the mobile device via the mobile telephone network to the one or more servers of the provider of presence related services at least one of the one or more first One-Time-Passwords, sending from the mobile device via a mobile telephone network, when the mobile device determination refers to the second special area, a second updating signal to one or more servers of a provider of presence related services about the mobile device's presence in the second special area, the sending of the updating signal being uncorrelated to any mobile device phone call establishment, the second updating signal being sent at least one of (i) periodically, (ii) at times recent to when the mobile device enters into or exists from the second special area, (iii) when the mobile device remains in the second special area and (iv) when the mobile device remains outside the second special area; and sending from the mobile device via the mobile telephone network to the one or more servers of the provider of presence related services at least one of the one or more second One-Time-Passwords.
35. .A non-transitory computer readable medium storing computer readable
program code according to claim 34 that further causes at least one of the one or more first One-Time-Passwords to be univocally correlated to the first updating signal. 36. A non-transitory computer readable medium storing computer readable program code according to claim 34 that further causes at least one of the one or more second One-Time-Passwords to be univocally correlated to the second updating signal. 37. A non-transitory computer readable medium storing computer readable program code according to claim 34 that further causesat least one of the one or more first One-Time-Passwords to be sent to the one or more servers of the provider of presence related services comprised in the first updating signal. 38. A non-transitory computer readable medium storing computer readable program code according to claim 34 that further causesat least one of the one or more second One-Time-Passwords to be sent to the one or more servers of the provider of presence related services comprised in the second updating signal.
39. A non-transitory computer readable medium storing computer readable program code according to claim 34 that further causes at least one of the one or more first One-Time-Passwords to be calculated using a person identification number stored in a memory of the mobile device.
40. A non-transitory computer readable medium storing computer readable program code according to claim 34 that further causes at least one of the one or more second One-Time-Passwords to be calculated using a person identification number stored in a memory of the mobile device.
41 . A non-transitory computer readable medium storing computer readable program code according to claim 34 that further causes at least one of each of the one or more first and second One-Time-Passwords to be calculated using a person identification number stored in a memory of the mobile device.
42. A non-transitory computer readable medium storing computer readable program code according to claim 34 that further causes the processor to send the first updating signal with information related to the result of a previous determination performed by the mobile device about the mobile device's presence in the first special area.
43. A non-transitory computer readable medium storing computer readable program code according to claim 34 that further causes the processor to send the second updating signal with information related to the result of a previous determination performed by the mobile device about the mobile device's presence in the second special area.
44. A method associated with one or more providers of presence related services in connection with the use of a mobile device and at least a first radio communication defining device that transmits a first distinctive defining signal, the first distinctive defining signal at least partly defines a first special area by its coverage, the method comprising: electronically storing in one or more memories data capable of linking the mobile device to the first special area, the data including a first checking data of the first radio communication defining device, and a first identifier related to the mobile device, transmitting via a mobile telephone network to the mobile device at least a portion of the first checking data, receiving from the mobile device via the mobile telephone network a first updating signal uncorrelated to any mobile device phone call establishment that identifies the mobile device's presence in at least the first special area, the first updating signal including a second identifier related to the mobile device, receiving in the one or more processing devices from the mobile device via the mobile telephone network one or more One-Time-Passwords, at least one of the one or more One-Time-Passwords being calculated based on information in the first distinctive defining signal, deriving from the first updating signal by one or more processing devices
having access to at least a portion of the data whether or not the mobile device is present in the first special area, validating by use of the one or more processing devices at least one of the one or more One-Time-Passwords; and upon the first updating signal indicating that the mobile device is present in the first special area and the one or more processing devices successfully validating at least one of the one or more One-Time-Passwords, enabling by use of the one or more processing devices a presence related service.
45. A method according to claim 44, wherein at least one of the one or more One-Time-Passwords is univocally correlated to the first updating signal.
46. A method according to claim 44, wherein the first updating signal includes at least one of the one or more One-Time-Passwords.
47. A method according to claim 44, wherein the first and second identifiers related to the mobile device are the same.
48. A method according to claim 44, further comprising receiving in the one or more processing devices a personal identification number from the mobile device.
49. A method according to claim 48, wherein at least one of the one or more One-Time-Passwords is at least partially derived from the personal identification number.
50. A method according to claim 44, wherein the one or more processing devices has access to at least a portion of the data and updates at least one operating parameter in a database depending both on the presence of the mobile device in the first special area and a successful validation of at least one of the one or more One-Time-Passwords.
51 . A method according to claim 50, wherein the operating parameter is a tariff flag or a service flag that enables a special tariff or a service for the mobile device. 52. A method according to claim 44, wherein the enabling of the first presence related service includes transmitting via the mobile telephone network a signal to the mobile device that is capable of being used to enable one or more related functions in the mobile device. 54. A method according to claim 44, wherein the storing of the first checking data in the one or more memories comprises electronically receiving from the mobile device the first checking data.
54. A method according to claim 44, wherein the mobile telephone network is cellular.
55. A method according to claim 44, wherein the first updating signal comprises a result of a previous determination performed by the mobile device about the mobile device's presence in the first special area.
56. A method according to claim 44, wherein the first updating signal is received via the mobile telephone network from the mobile device at least one of (i) periodically, (ii) at times recent to when the mobile device respectively enters into or exists from the first special area, (iii) when the mobile device remains in the first special area, and (iv) when the mobile device remains outside the first special area.
57. A method according to claim 44, wherein the first updating signal comprises a request to access to a service or to a multimedia content and the one or more providers of presence related services enable the provision of the service or multimedia content depending on the presence of the mobile device in the first special area and also depending upon a successful validation of at least one of the one or more One-Time-Passwords.
58. A method according to claim 44, wherein the one or more memories and the one or more processing devices reside in one or more servers of the one or more providers of presence related services. 59. A method associated with one or more providers of presence related services in connection with the use of a mobile device and at least a first radio communication defining device that transmits a first distinctive defining signal and a second radio communication defining device that transmits a second distinctive defining signal, the first distinctive defining signal at least partly defines a first special area by its coverage, the second distinctive defining signal at least partly defining a second special area by its coverage, the method comprising: electronically storing in one or more memories data capable of linking the mobile device to the first and second special areas, the data including a first checking data of the first radio communication defining device, a second checking data of the second radio communication defining device, and a first identifier related to the mobile device, transmitting via a mobile telephone network to the mobile device at least a portion of the first checking data, and transmitting via the mobile telephone network to the mobile device at least a portion of the second checking data, receiving from the mobile device via the mobile telephone network a first updating signal uncorrelated to any mobile device phone call establishment that identifies the mobile device's presence in at least the first special area, and receiving from the mobile device via the mobile telephone network a second updating signal uncorrelated to any mobile device phone call establishment that identifies the mobile device's presence in at least the second special area, the first updating signal including a second identifier related to the mobile device, the second updating signal including a third identifier related to the mobile device, receiving in the one or more processing devices from the mobile device via the mobile telephone network one or more first One-Time-Passwords, at least one of the one or more first One-Time-Passwords calculated based on
information in the first distinctive defining signal, receiving in the one or more processing devices from the mobile device via the mobile telephone network one or more second One-Time-Passwords, deriving from the first updating signal by one or more processing devices having access to at least a portion of the data whether or not the mobile device is present in the first special area, and deriving from the second updating signal by the one or more processing devices whether or not the mobile device is present in the second special area; validating by use of the one or more processing devices at least one of the one or more first One-Time-Passwords and at least one of the one or more second One-Time-Passwords; and upon the first updating signal indicating that the mobile device is present in the first special area and the one or more processing devices successfully validating at least one of the one or more first One-Time-Passwords, enabling by use of the one or more processing devices a first presence related service, and upon the second updating signal indicating that the mobile device is present in the second special area and the one or more processing devices successfully validating at least one of the one or more second One-Time- Passwords enabling by use of the one or more processing devices a second presence related service.
60. A method according to claim 59, wherein at least one of the one or more first One-Time-Passwords is univocally correlated to the first updating signal.
61 . A method according to claim 59, wherein at least one of the one or more first One-Time-Passwords is univocally correlated to the first updating signal and at least one of the one or more second One-Time-Passwords is univocally correlated to the second updating signal.
62. A method according to claim 59, wherein the first updating signal includes at least one of the one or more first One-Time-Passwords.
63. A method according to claim 59, wherein the first updating signal includes at least one of the one or more first One-Time-Passwords and the second updating signal includes at least one of the one or more second One-Time- Passwords.
64. A method according to claim 59, wherein the first, second and third identifiers related to the mobile device are the same. 65. A method according to claim 59, wherein at least two of the first, second and third identifiers related to the mobile device are the same.
66. A method according to claim 59, further comprising receiving in the one or more processing devices a personal identification number from the mobile device.
67. A method according to claim 59, wherein at least one of the one or more first One-Time-Passwords is at least partially derived from the personal identification number.
68. A method according to claim 59, wherein the data stored in the one or more memories related to the first special area is stored in a first memory or set of memories of a first provider of presence related services and the data stored in the one or more memories related to the second special area is stored in a second memory or set of memories of a second provider of presence related services.
69. A method according to claim 59, wherein the at least portion of the first checking data and the at least portion of the second checking data is transmitted to the mobile device via the mobile telephone network at different times.
70. A method according to claim 59, wherein the one or more processing devices has access to at least a portion of the data and updates at least one operating parameter in a database of the one or more providers of presence related services depending both on the presence of the mobile device in the first special area and/or second special area and a successful validation of at least one of the one or more first One-Time-Passwords and/or at least one of the one or more second One-Time-Passwords, respectively.
71 . A method according to claim 70, wherein the operating parameter is a tariff flag or a service flag that enables a special tariff or a service for the mobile device.
72. A method according to claim 59, wherein the one or more processing devices include one or more first processing devices associated with a first provider of presence related services and one or more second processing devices associated with a second provider of presence related services.
73. A method according to claim 72, wherein at least one of the one or more first processing devices has access to at least a portion of the data and updates at least a first operating parameter in a database of the first provider of presence related services depending on the presence of the mobile device in the first special area.
74. A method according to claim 72, wherein at least one of the one or more second processing devices has access to at least a portion of the data and updates at least a first operating parameter in a database of the second provider of presence related services depending on the presence of the mobile device in the second special area. 75. A method according to claim 73, wherein at least one of the one or more first processing devices updates at least a second operating parameter in the database depending on the result of the validation of at least one of the one or more first One-Time-Passwords.
76. A method according to claim 74, wherein at least one of the one or more second processing devices updates at least a second operating parameter in the database depending on the result of the validation of at least one of the one or more second One-Time-Passwords.
77. A method according to claim 73, wherein the operating parameter is a tariff flag or a service flag that enables a special tariff or a service for the mobile device. 78. A method according to claim 74, wherein the operating parameter is a tariff flag or a service flag that enables a special tariff or a service for the mobile device.
79. A method according to claim 59, wherein the enabling of the first and/or second presence related service includes transmitting via the mobile telephone network a signal to the mobile device that is capable of being used to enable one or more related functions in the mobile device.
80. A method according to claim 59, wherein the one or more memories and the one or more processing devices reside in one or more servers of the one or more providers of presence related services and/or in one or more servers of the mobile telephone network.
81 . A method according to claim 59, wherein the storing of the first and second checking data in the one or more memories comprises electronically receiving from the mobile device the first and second checking data.
82. A method according to claim 59, wherein the mobile telephone network is cellular.
83. A method according to claim 59, wherein at least one of the first and second updating signals comprises the result of a previous determination performed by the mobile device about the mobile device's presence in the first and second special areas, respectively.
84. A method according to claim 59, wherein at least one of the first and second updating signals is received via the mobile telephone network from the mobile device at least one of (i) periodically, (ii) at times recent to when the mobile device respectively enters into or exists from the first special area and/or second special area, (iii) when the mobile device respectively remains in the first special area and/or the second special area, and (iv) when the mobile device respectively remains outside the first special area and/or second special area.
85. A method according to claim 59, wherein the first updating signal comprises a request to access to a service or to a multimedia content and the one or more providers of presence related services enable the provision of the service or multimedia content depending on the presence of the mobile device in the first special area and also depending upon a successful validation of at least one of the one or more first One-Time-Passwords.
86. A method according to claim 59, wherein the second updating signal comprises a request to access to a service or to a multimedia content and the one or more providers of presence related services enable the provision of the service or multimedia content depending on the presence of the mobile device in the second special area and also depending upon a successful validation of at least one of the one or more second One-Time-Passwords.
Applications Claiming Priority (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US14/456,789 US9253639B1 (en) | 2014-08-11 | 2014-08-11 | Methods and systems to enable presence related services |
US14/456,849 US9210167B1 (en) | 2014-08-11 | 2014-08-11 | Methods and systems to enable presence related services |
US14/456,849 | 2014-08-11 | ||
US14/456,789 | 2014-08-11 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2016024220A1 true WO2016024220A1 (en) | 2016-02-18 |
Family
ID=54011760
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/IB2015/056109 WO2016024220A1 (en) | 2014-08-11 | 2015-08-11 | Methods and systems to enable presence related services |
Country Status (1)
Country | Link |
---|---|
WO (1) | WO2016024220A1 (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20210203646A1 (en) * | 2018-08-30 | 2021-07-01 | Telefonaktiebolaget Lm Ericsson (Publ) | Method for restricting access to a management interface using standard management protocols and software |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8577392B1 (en) | 2012-06-13 | 2013-11-05 | Apple Inc. | System and method of determining location of wireless communication devices/persons for controlling/adjusting operation of devices based on the location |
US20140059347A1 (en) * | 2012-08-27 | 2014-02-27 | Optio Labs, LLC | Systems and methods for restricting access to network resources via in-location access point protocol |
US8738040B2 (en) | 2006-03-28 | 2014-05-27 | Afirma Consulting & Technologies, S.L. | Method and system for monitoring a mobile station presence in a special area |
-
2015
- 2015-08-11 WO PCT/IB2015/056109 patent/WO2016024220A1/en active Application Filing
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8738040B2 (en) | 2006-03-28 | 2014-05-27 | Afirma Consulting & Technologies, S.L. | Method and system for monitoring a mobile station presence in a special area |
US8577392B1 (en) | 2012-06-13 | 2013-11-05 | Apple Inc. | System and method of determining location of wireless communication devices/persons for controlling/adjusting operation of devices based on the location |
US20140059347A1 (en) * | 2012-08-27 | 2014-02-27 | Optio Labs, LLC | Systems and methods for restricting access to network resources via in-location access point protocol |
Non-Patent Citations (1)
Title |
---|
LICHUN BAO: "Location Authentication Methods for Wireless Network Access Control", PERFORMANCE, COMPUTING AND COMMUNICATIONS CONFERENCE, 2008. IPCCC 2008. IEEE INTERNATIONAL, IEEE, PISCATAWAY, NJ, USA, 7 December 2008 (2008-12-07), pages 160 - 167, XP031404355, ISBN: 978-1-4244-3368-1 * |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20210203646A1 (en) * | 2018-08-30 | 2021-07-01 | Telefonaktiebolaget Lm Ericsson (Publ) | Method for restricting access to a management interface using standard management protocols and software |
US11757853B2 (en) * | 2018-08-30 | 2023-09-12 | Telefonaktiebolaget Lm Ericsson (Publ) | Method for restricting access to a management interface using standard management protocols and software |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US9253639B1 (en) | Methods and systems to enable presence related services | |
US20220358484A1 (en) | System and Method for Dynamic Temporary Payment Authorization in a Portable Communication Device | |
AU2019226230B2 (en) | Method and apparatus for providing secure services using a mobile device | |
EP3557895B1 (en) | Method and apparatus for managing a profile of a terminal in a wireless communication system | |
CN101164086B (en) | Methods, system and mobile device capable of enabling credit card personalization using a wireless network | |
CN101809633B (en) | Wirelessly executing transactions with different enterprises | |
US10769625B2 (en) | Dynamic generation of quick response (QR) codes for secure communication from/to a mobile device | |
US10419907B2 (en) | Proximity application discovery and provisioning | |
US9898728B2 (en) | System and method for one-time payment authorization in a portable communication device | |
US9210167B1 (en) | Methods and systems to enable presence related services | |
CN108418837A (en) | Mobile data communication device and operating method, mobile communication system and storage medium | |
WO2014072725A1 (en) | Mobile tag reader security system | |
US10194005B2 (en) | Method to retrieve personal customer data of a customer for delivering online service to said customer | |
US10708742B2 (en) | Wireless service provider system for selling and/or activating wireless services for a wireless device | |
CN105991610B (en) | Log in the method and device of application server | |
EP2767944B1 (en) | Communications network, computer system, computer-implemented method, and computer program product for providing a femtocell-based infrastructure for mobile electronic payment | |
KR102495688B1 (en) | System and method for dynamic temporary payment authorization in a portable communication device | |
KR101301571B1 (en) | Method for 2-Channel Certificating | |
WO2016024220A1 (en) | Methods and systems to enable presence related services | |
KR20210072731A (en) | simple order payment system and method for simple omni channel shopping | |
KR20060102457A (en) | System and method for dual-authentication, server and recording medium | |
KR20170029856A (en) | User equipment, service providing device, payment system comprising the same, control method thereof and computer readable medium having computer program recorded thereon | |
KR101571199B1 (en) | Login processing system based on inputting telephone number and control method thereof | |
KR20120119210A (en) | Method for operating certificate | |
KR20120044325A (en) | Method for providing certification information |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 15756484 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 15756484 Country of ref document: EP Kind code of ref document: A1 |