U.S. patent application number 14/203836 was filed with the patent office on 2014-07-10 for multi-persona devices and management.
This patent application is currently assigned to SkySocket, LLC. The applicant listed for this patent is SkySocket, LLC. Invention is credited to Jonathan Blake Brannon, William DeWeese, Erich Stuntebeck.
Application Number | 20140195927 14/203836 |
Document ID | / |
Family ID | 51061988 |
Filed Date | 2014-07-10 |
United States Patent
Application |
20140195927 |
Kind Code |
A1 |
DeWeese; William ; et
al. |
July 10, 2014 |
Multi-Persona Devices and Management
Abstract
Apparatuses and devices configured with multiple user personas
may be provided. For example, a device may comprise a housing
embedding a display, one or more processors, and one or more memory
storages. A first processor and/or memory storage may be dedicated
to a first unique user persona and a second processor and/or memory
storage may be dedicated to a second unique user persona.
Inventors: |
DeWeese; William; (Haltom
City, TX) ; Brannon; Jonathan Blake; (Mableton,
GA) ; Stuntebeck; Erich; (Marietta, GA) |
|
Applicant: |
Name |
City |
State |
Country |
Type |
SkySocket, LLC |
Atlanta |
GA |
US |
|
|
Assignee: |
SkySocket, LLC
Atlanta
GA
|
Family ID: |
51061988 |
Appl. No.: |
14/203836 |
Filed: |
March 11, 2014 |
Related U.S. Patent Documents
|
|
|
|
|
|
Application
Number |
Filing Date |
Patent Number |
|
|
61878521 |
Sep 16, 2013 |
|
|
|
Current U.S.
Class: |
715/750 ;
361/679.21 |
Current CPC
Class: |
H04L 63/083 20130101;
G06F 1/1647 20130101; G06F 9/4451 20130101; H04W 12/0027 20190101;
G06F 21/10 20130101; H04L 63/20 20130101; H04W 12/0806 20190101;
G06F 21/62 20130101; G06F 21/74 20130101; H04L 63/10 20130101 |
Class at
Publication: |
715/750 ;
361/679.21 |
International
Class: |
G06F 3/0482 20060101
G06F003/0482; G06F 1/16 20060101 G06F001/16 |
Claims
1. An apparatus comprising: a housing; a display visible on a
surface of the housing; a processor embedded within the housing;
and a plurality of memory storages embedded within the housing
coupled to the processor, wherein at least one first memory storage
is dedicated to a first unique user persona and at least one second
memory storage is dedicated to a second unique user persona.
2. The apparatus of claim 1, wherein the at least one first memory
storage comprises a non-volatile memory storage.
3. The apparatus of claim 1, wherein the first memory storage and
the second memory storage are each communicably coupled to a
wireless carrier network.
4. The apparatus of claim 1, wherein the processor is operative to
output a user interface associated with the first unique user
persona to the display.
5. The apparatus of claim 4, further comprising a second
display.
6. The apparatus of claim 5, wherein the processor is operative to
output a second user interface associated with the second unique
user persona to the second display.
7. The apparatus of claim 5, wherein the user interface and second
user interface are respectively located on opposing sides of the
mobile device housing.
8. The apparatus of claim 4, wherein the processor is operative to
toggle between output of the user interface associated with the
first unique user interface to the display and output of a second
user interface associated with the second unique user persona to
the display.
9. The apparatus of claim 8, wherein the processor is further
operative to output an on-screen identifier associated with a
respective unique user persona being accessed via the display.
10. An apparatus comprising: a wireless communication module; a
display; a memory storage, wherein the memory storage is segmented
into a plurality of virtual partitions each associated with a
unique user persona; and a processor coupled to the memory storage,
the processor configured to output a user interface associated with
at least one of the plurality of virtual partitions to the display,
wherein the user interface is configured to control a plurality of
functions associated with the wireless communication module.
11. The apparatus of claim 10, wherein the user interface comprises
a partitioned on-screen display, wherein each partition corresponds
to a respective unique user persona.
12. The apparatus of claim 10, wherein each of the plurality of
virtual partitions of the memory storage is associated with a
unique respective operating system.
13. The apparatus of claim 10, wherein each of the plurality of
virtual partitions of the memory storage is communicably coupled to
a unique respective wireless carrier network.
14. A mobile device comprising: a mobile device housing; at least
one wireless communication module embedded within the device
housing; a memory storage embedded within the device housing,
wherein the memory storage comprises data associated with a
plurality of unique user personas; and a processor embedded within
the mobile device housing configured to: provide a plurality of
user interfaces accessible by a user of the mobile device, wherein
each of the plurality of user interfaces is associated with a
respective one of the plurality of unique user personas, provide an
indication associated with each of the plurality of unique user
personas identifying the respective one of the plurality of unique
user personas currently being provided, and toggle between a first
user interface associated with a first respective unique user
persona and a second user interface associated with a second
respective unique user persona in response to a toggle
indication.
15. The mobile device of claim 14, wherein the toggle indication
comprises an interaction with the first user interface.
16. The mobile device of claim 14, wherein the toggle indication
comprises an operation of a physical toggle button retained in a
housing of the apparatus.
17. The mobile device of claim 14, wherein the toggle indication
comprises an instruction received via the wireless communication
module.
18. The mobile device of claim 14, wherein each of the plurality of
unique user personas is associated with a subscriber identity
module (SIM).
19. The mobile device of claim 18, wherein at least one first
subscriber identity module (SIM) comprises a physical SIM and at
least one second SIM comprises a virtual SIM.
20. The mobile device of claim 14, further comprising at least one
second processor, wherein each respective processor is operatively
dedicated to a respective unique user persona of the plurality of
unique user personas.
Description
CROSS REFERENCE TO RELATED APPLICATION
[0001] This application claims benefit under 35 U.S.C. .sctn.119(e)
of U.S. Provisional Patent Application No. 61/878,521, filed Sep.
16, 2013, and entitled "Multiple Persona Mobile Devices and Methods
for Managing Same", which is incorporated herein by reference as if
set forth herein in its entirety.
[0002] This application is related to co-pending U.S. patent
application Ser. No. 14/074,110, filed Nov. 7, 2013, and entitled
"Multi-Persona Management," which is incorporated herein by
reference as if set forth herein in its entirety.
BACKGROUND
[0003] Many individuals and employers utilize mobile devices, such
as personal digital assistants, smart phones, tablets, laptops,
etc., to conduct business and personal related endeavors. Today's
business obligations routinely require individuals to travel,
attend various meetings, and perform tasks that frequently require
individuals to be out of offices and away from their computers and
other devices. It is becoming increasingly important for working
individuals to have a means of connecting to various enterprise
resources (e.g., corporate email, Share Point sites, work
documents, etc.), regardless of the person's location. Corporations
want to maximize productivity while enabling workers to leave the
office during business hours and maintain their necessary
responsibilities. Accordingly, many companies implement solutions
(e.g., providing corporate user devices to their employees,
utilizing mobile device management (MDM) applications, and
incorporating Bring Your Own Device (BYOD) programs, etc.) that
enable employee access to corporate content on mobile user devices.
Further, the proliferation of mobile devices in every aspect of
life, including home and personal use, is ever present.
[0004] Companies that allow workers to access corporate networks
and resources need to ensure such access is secure and sensitive
material is protected from external intrusion. Providing corporate
mobile devices with secure access to enterprise servers creates an
efficient means of monitoring and regulating security, but this
option is typically more costly for the employer with regards to
wireless plans and employing sufficient IT personnel to monitor
devices and server access attained by user devices. Thus, device
management becomes a priority, responsibility, and obligation for
the corporation. For example, if a problem occurs with a device,
either hardware or software related, it is the duty of the employer
to rectify the employee's need, thereby creating additional
responsibilities for IT administrators and possibly a need for more
IT personnel.
[0005] BYOD programs allow employees to utilize personal mobile
user devices to access enterprise resources. As BYOD programs gain
momentum and popularity amongst employers and employees, the
concern and desire to ensure enterprise resources and personal
content are kept separate grows as well. Generally, an
organization's primary concerns relate to worker productivity,
specific duties, and availability, while maintaining a secure and
manageable user device environment. Employees appreciate the
availability and convenience associated with wirelessly accessing
enterprise resources and content, but desire assurance that the
privacy of their personal content is upheld, even with corporate
applications installed on their personal user devices.
[0006] Further, many households share personal user devices between
some or all of the members of a household. Different users within
the household may want personalized settings and attributes applied
to the device while that particular individual utilizes the
personal user device. Generally, with regards to most personal user
devices, the active settings, characterizations, and attributes
remain active on the personal user device until a user modifies
them. Furthermore, there does not exist a mechanism to separate and
containerize multiple individual internal compartments to serve as
a unique repository, each exclusively assigned to one user.
Therefore, in the scenario concerning multiple members of a family
utilizing the same device, each time a new user engages the device,
said user will be required to change the settings to their
preferred configuration. Often, such actions are highly undesirable
and time consuming, and leave individual users dissatisfied with
the operation or configuration of the shared personal user
device.
[0007] Due to the aforementioned concerns, many users retain
multiple devices to maintain a separation of entities. This
approach provides a complete separation of personal and enterprise
matters, ensuring a company cannot access personal content. The
multiple device methodology also presents a clear visual and
physical indication of separation. Additionally, many families own
multiple identical user devices offering the various members of the
household a unique user experience. While this presents a clear
separation of entities and promotes individualism, this also proves
to be more costly for the family. Other conventional approaches
address this problem by utilizing a containerized application on
personal user devices, wherein the enterprise or alternate
environment is only accessible via user initiation of the
application. This approach does not offer the user an autonomous
notification of incoming data in the alternate environment, nor
does it present an obvious physical and visual distinction of
separation.
[0008] Therefore, there is a long-felt but unresolved need to
create and implement a plurality of separate entities or personas
on an individual user device to preserve individualized attributes
and present a clear distinction between the multiple entities.
Likewise, multiple separate entities may be implemented on one
individual user device ensuring enterprise data is separately, yet
securely managed and preserving user's personal privacy.
SUMMARY
[0009] This Summary is provided to introduce a selection of
concepts in a simplified form that are further described below in
the Detailed Description. This Summary is not intended to identify
key features or essential features of the claimed subject matter.
Neither is this Summary intended to be used to limit the claimed
subject matter's scope.
[0010] Apparatuses and devices configured with multiple user
personas may be provided. For example, a device may comprise a
housing embedding a display, one or more processors, and one or
more memory storages. A first processor and/or memory storage may
be dedicated to a first unique user persona and a second processor
and/or memory storage may be dedicated to a second unique user
persona.
[0011] Briefly described, and according to some embodiments, the
present disclosure generally describes methods and systems for
isolating, implementing, and provisioning multiple entities or
personas on an individual user device, thus enabling multiple
individual end-user environments to remain quarantined while
simultaneously remaining active. As referred to herein, a "persona"
generally relates to various settings, policies, rules,
configurations or attributes associated with a particular end user
environment. Accordingly, groups of individual personas may be
categorized based on defined rules and policies applicable to said
group and managed simultaneously. Other embodiments enable remote
access to end user devices to deploy changes to current attributes
and/or configurations either by group definition or on an
individual basis.
[0012] According to one example embodiment, multiple personas may
be managed via a central server (e.g., a content server or
management module), which may serve as an intermediary between the
multiple personas. The central server receives data from the
device, identifies which persona initiated the data transfer, and
sends the data on behalf of the identified persona. Similarly, the
central server receives data from outside sources, identifies for
which persona the data is intended and pushes said data to the
appropriate persona. Further, one example embodiment virtually
separates one set of hardware components (e.g., a single processor,
memory, battery, etc.) into individual segments. Consequently, each
segment houses and embodies a separate and quarantined persona. Yet
other embodiments encompass multiple hardware sets (e.g., multiple
processers, multiple memories, multiple batteries, etc.)
independently coupled and dedicated for one or more respective
persona.
[0013] It is to be understood that both the foregoing general
description and the following detailed description are examples and
explanatory only, and should not be considered to restrict the
disclosure's scope, as described and claimed. Further, features
and/or variations may be provided in addition to those set forth
herein. For example, embodiments of the disclosure may be directed
to various feature combinations and sub-combinations described in
the detailed description.
BRIEF DESCRIPTION OF THE DRAWINGS
[0014] Many aspects of the present disclosure can be better
understood with reference to the following diagrams. The drawings
are not necessarily to scale. Instead, emphasis is placed upon
clearly illustrating certain features of the disclosure. Moreover,
in the drawings, like reference numerals designate corresponding
parts throughout the several views. In the drawings:
[0015] FIG. 1 is a block diagram illustrating an embodiment of an
example environment consisting of multiple personas individually
represented, yet simultaneously engaged via a network to a common
and unique system.
[0016] FIG. 2A is an example block diagram of a user device
according to one embodiment.
[0017] FIG. 2B illustrates an embodiment of a single device
comprising multiple personas, managed by a persona management
module.
[0018] FIG. 3 is an example block diagram illustrating one
embodiment entailing a unitary system comprising multiple personas
supervised by a persona management module contemporaneously
interacting with a mobile device management system and third party
content via a communicatively coupled network.
[0019] FIG. 4A illustrates an example embodiment of a single user
device with a screen attached to either side comprising a dual
screen user device.
[0020] FIG. 4B illustrates an embodiment representing one screen of
a dual screen device.
[0021] FIG. 4C is an illustration of another embodiment of another
screen encompassed in a dual screen device.
[0022] FIG. 4D shows an example embodiment exhibiting multiple
personas on a single screen of a user device.
[0023] FIG. 5 is a flow chart illustrating an example method of
multiple personas interfacing with a singular operating system, a
persona management module, hardware and the relationship
therein.
[0024] FIG. 6 is a flow chart illustrating an example method for
employing persona characteristics and settings on a user device via
a management console.
[0025] FIG. 7 is a flow chart illustrating a method of a user
device comprising multiple personas receiving and implementing
rules from a management console.
[0026] FIG. 8 is a flow chart illustrating a method for managing
data in connection with toggling personas on a user device in a
multiple person environment according to one embodiment of the
present disclosure.
DETAILED DESCRIPTION
[0027] The following detailed description refers to the
accompanying drawings. Wherever possible, the same reference
numbers are used in the drawings and the following description to
refer to the same or similar elements. While example embodiments of
the disclosure may be described, modifications, adaptations, and
other implementations are possible. For example, substitutions,
additions, or modifications may be made to the elements illustrated
in the drawings, and the methods described herein may be modified
by substituting, reordering, or adding stages to the disclosed
methods. Accordingly, the following detailed description does not
limit the disclosure. Instead, the proper scope of the disclosure
is defined by the appended claims.
Overview
[0028] The technical effects of some example embodiments of this
disclosure may include establishing control of access to networks
and resources when access lists may not be predefined, and reducing
and/or eliminating the burden of predefining access lists to
control access to networks and resources. Moreover, the technical
effects of some example embodiments may include enhancing network
access control by assigning specific access rights based on access
lists to client devices authorized to access associated network
beacons and resources.
[0029] Other technical effects of some example embodiments of this
disclosure may include offering group management solutions to
managing content access and distribution. For example, users of a
sales group may have read access to marketing documents and
presentations, while users in a marketing group may be able to edit
and/or annotate the market documents. Similarly, users in an
accounting or business services group may be the only ones with
access to enterprise financial documents. These access controls may
be provided by distributing authorization credentials to devices
associated with users of the respective group. Each user may then
authenticate to their device, such as by inputting a username,
password, authentication key, and/or biometric data, before the
device may access and/or retrieve the content authorized for
distribution to that device. These authentication types are
provided as examples only and are not intended to be limiting as
many other types of user authentication are in use and/or may be
contemplated in the future.
[0030] According to one example embodiment, aspects of the present
disclosure relate to mobile device hardware and/or software or
functionality for managing multiple personas on a given mobile
device. Multiple persona device management generally comprises
methods and systems for isolating, implementing, and provisioning
multiple entities or personas on a single user device. Thus,
enabling a persona to remain quarantined while simultaneously
remaining active on the back-end of the device. As referred to
herein, a "persona" generally comprises various settings, policies,
rules, configurations and/or attributes associated with a
particular end user environment. Accordingly, groups of individual
personas can be categorized based on defined rules and policies
applicable to those groups and managed simultaneously. Furthermore,
some embodiments enable remote access to the personal user device
to deploy changes of current attributes and configurations either
by group definition or on an individual basis.
[0031] According to one example embodiment, multiple personas may
be managed via a central server (e.g., a content server or
management module), which may serve as an intermediary between the
multiple personas. The central server receives data from the
device, identifies which persona initiated the data transfer, and
sends the data on behalf of the identified persona. Similarly, the
central server receives data from outside sources, identifies for
which persona the data is intended and pushes said data to the
appropriate persona. Further, one example embodiment virtually
separates one set of hardware components (e.g., a single processor,
memory, battery, etc.) into individual segments. Consequently, each
segment houses and embodies a separate and quarantined persona. Yet
other embodiments encompass multiple hardware sets (e.g., multiple
processers, multiple memories, multiple batteries, etc.)
independently coupled and dedicated for one or more respective
persona.
[0032] Content access may be further limited by policies that
enforce other compliance restrictions based on properties of the
device such as time, location, device security and/or integrity,
presence of another device, software versions, required software,
etc. For example, educational settings may designate student and
instructor groups. These groups may be further assigned to specific
classes such that only student group members associated with a
given class may access content associated with that class. Further,
edit access to the content for the class may be restricted to the
user(s) in the instructor group and/or student group members may be
permitted to add content that only the instructor may view (e.g.,
homework assignments). In some embodiments, the instructor group
user(s) may be able to push content to student group user(s) and/or
activate temporary control of the students' devices to prevent the
devices from accessing non-class related content during class
time.
[0033] To reduce the cost of ownership of user devices and cellular
and/or data service charges associated with use of such user
devices, an enterprise such as an educational institution and/or a
business may implement a "bring your own device" (BYOD) policy to
allow an employee to use his/her personal device to access
enterprise resources rather than provide the user with an
enterprise owned user device for such purpose. To support such a
BYOD policy, a user device administrator (i.e. IT administrator)
may manage a group of personally owned user devices, via a
management application executed by a management server in
communication with the user devices over a network, to provide the
user devices with secure access to enterprise resources.
[0034] The user device administrator may enroll user devices into
the management system to monitor the user devices for security
vulnerabilities and to configure the user devices for secure access
to enterprise resources. The user device administrator may create
and/or configure at least one configuration profile via a user
interface provided by the management system. A configuration
profile may comprise a set of instructions and/or settings that
configure the operations and/or functions of a user device, which
may ensure the security of the accessed resources. The user device
administrator may, for instance, configure an enterprise email
configuration profile by specifying the network address and access
credentials of an enterprise email account that the users of the
user devices are authorized to access. Other configuration policies
may include, but are not limited to, hardware, software,
application, function, cellular, text message, and data use
restrictions, which may be based at least in part on the current
time and/or location of the restricted user device. The user device
administrator may thereafter deploy the configuration profiles to
specific user devices, such as to groups of user devices of users
with similar roles, privileges and/or titles.
[0035] The user devices may also have access to personal
configuration profiles that may be created by the users of the user
devices. The user devices may, for instance, have access to a
personal email configuration profile that was created by a user of
the user device to provide access to her personal email account.
Thus, a user device enrolled in a BYOD management system may have
more than one configuration profile for a given use of the user
device, such as a personal email configuration profile and an
enterprise email configuration profile that are both used for
accessing email accounts on the user device.
[0036] The user devices may be instructed to enable and/or disable
certain configuration profiles according to authorization rights
specified by the user device administrator, such as location and/or
time-based authorization rights. For example, a BYOD policy may
specify that user devices enrolled in the BYOD management system
are authorized for personal use outside of the workday and are
authorized for business use during the workday. Similarly, a BYOD
device may be restricted to enterprise uses while in work locations
and/or prohibited from accessing enterprise resources while outside
of secure work locations. To implement such a policy, a user device
administrator may instruct the user devices to toggle between
personal configuration policies and enterprise configuration
policies based on factors such as the current time and/or location
associated with the user device.
[0037] The current time may be based on the current time at the
current location of the user device, which may be determined by
GPS, Wi-Fi, Cellular Triangulation, etc., or may be based on the
current time at a configured primary location associated with the
user device, which may be the primary office location of an
employee user of the user device. As an example, time-based
configuration profile toggling may be provided by instructing a
user device to enable business configuration profiles and disable
personal configuration profiles while the current time is between 9
AM and 5 PM at the current location of the user device, and to
disable business configuration profiles and enable personal
configuration profiles while the current time is between 5 PM and 9
AM at the current location of the user device.
[0038] According to one example embodiment, aspects of the present
disclosure relate to mobile device hardware and/or associated
software or functionality for managing multiple personas on a given
mobile device. Multiple persona device management generally
comprises methods and systems for isolating, implementing, and
provisioning multiple entities or personas on a single user device,
thus enabling a persona to remain quarantined while simultaneously
remaining active on the back-end of the device. As referred to
herein, a "persona" generally comprises various settings, policies,
rules, configurations or attributes associated with a particular
end user environment. Accordingly, groups of individual personas
can be categorized based on defined rules and policies applicable
to those groups and managed simultaneously. Furthermore, some
embodiments enable remote access to a personal user device to
deploy changes of current attributes and configurations either by
group definition or on an individual basis.
[0039] According to one example embodiment, multiple personas may
be managed via a central server (e.g., a content server or
management module), which may serve as an intermediary between the
multiple personas. The central server receives data from the
device, identifies which persona initiated the data transfer, and
sends the data on behalf of the identified persona. Similarly, the
central server receives data from outside sources, identifies for
which persona the data is intended and pushes said data to the
appropriate persona. Further, one example embodiment virtually
separates one set of hardware components (e.g., a single processor,
memory, battery, etc.) into individual segments. Consequently, each
segment houses and embodies a separate and quarantined persona. Yet
other embodiments encompass multiple hardware sets (e.g., multiple
processers, multiple memories, multiple batteries, etc.)
independently coupled and dedicated for one or more respective
persona.
[0040] Multiple persona device management generally relates to the
implementation and management of a plurality of personas on a
singular user device to segregate and quarantine a set of
attributes relating to a singular persona from other personas
accessible on the same user device. A persona may comprise a
collection or group of data sets, configurations (assignment of
resources, policies, rules, etc.), appearances, particular
functionality, branding, billing parameters, physical components,
and/or preferences with which a user device or a portion of a user
device is associated. There exists a plurality of embodiments
regarding multiple persona device management implementations, which
may be executed on an individual user device, offering different
mechanisms for a user possessing the desire to access divergent
sets of attributes while maintaining a separation of said
attributes. An example embodiment of multiple persona device
management involves the ability, at an end user's discretion, to
toggle between the various personas. Furthermore, the device may
autonomously toggle between personas or present the option to
toggle between personas based on predetermined triggering events
embedded within the multiple persona device management
technology.
[0041] One example of implemented multiple persona device
management comprises a family owning a single tablet device
consisting of exclusive personas representing each family member.
Thereby, each family member retains a unique set of applications,
settings, and customizations associated with his or her respective
persona. Another example entails a user device enrolled in a BYOD
program in a work setting in which a mobile device management
system merges multiple personas. The user device can separate an
enterprise persona for receiving, accessing, and distributing
corporate content and a personal persona for maintaining
interaction with personal matters as shown in FIG. 1.
Example Embodiments
[0042] Generally, multiple persona management on a mobile device,
according to aspects of the present disclosure, can be divided into
at least two broad categories: (1) physical persona separation via
either multiple physical components within a single mobile device,
and/or (2) virtual persona separation via virtual division of
components, data segregation, or the like. As described in greater
detail below, physical separation may include a device with
multiple screens, multiple processors, multiple memories, etc.
Generally, the virtual separation embodiments provide a virtual
separation of components (e.g., virtual processors), or a data
separation coupled with some visual or audible separation
designation, or the like. These aspects and others will be
described in greater detail below.
[0043] FIG. 1 illustrates an example environment 100 comprising a
single user device employing multiple personas (this example
exhibits dual personas, but as will be understood and appreciated
by one skilled in the art, one may elect to employ any number of
personas on a single user device), an end user, and two separate
hypothetical end user environments. Throughout this disclosure, an
example of "two persona" or "dual persona" device management will
be used for example purposes in connection with the presented
Figures, but as will be understood by one of ordinary skill in the
art, the example of dual persona device management is presented for
example purposes only and any number of personas may be implemented
on a user device 103. As shown, enterprise end user 109A is capable
of accessing and conducting enterprise matters, such as reading and
creating corporate email, viewing and editing documents, accessing
content via Share Point, and matters of the like, on a persona 2
118 segment of the individual user device 103. Persona 2 118
exemplifies the corporate partition of a dual persona device 103
with multiple persona device management applied to the user device
103. This may be the primary active persona during working hours or
while a GPS recognizes the end user's location to be in a corporate
building or office. In some embodiments, although the enterprise
workspace is the primary active persona, a personal persona 1 115
is still active on the back-end of the multiple persona device
management system (or on the device 103 itself) and is
simultaneously receiving and transmitting data intended for persona
1 115.
[0044] Alternatively, as seen in FIG. 1, the illustrated embodiment
represents the same user 109B utilizing the same user device 103 in
a personal environment (e.g., at home, in a restaurant, or other
location away from the office). Generally, a persona 1 115 relates
to the personal end user environment of the user 109B in which all
personal data (e.g., phone calls, text messages, non-enterprise
email, personal applications, personal web browsing data, etc.) is
distinctly routed and stored. The independent persona 1 115 allows
an end user 109B to maintain user device functionality in
accordance with personal settings, characteristics and attributes
separately from enterprise-related data and functionality.
[0045] In one embodiment shown in FIG. 1, a data network 154
enables operative connections between persona 2 118, persona 1 115,
third-party systems and products 124, and a mobile device
management system (MDMS) 121 for routing data amongst the involved
entities. A data network 154 may comprise a wireless IEEE 802.b,g,n
network, a cellular wireless network, Bluetooth technology, etc.
Although the aforementioned represent typical communication
systems, it will be understood by one of ordinary skill in the art
that other signal carrying data propagation mechanisms could be
utilized for communication between the different entities.
[0046] The described mobile device management system (MDMS) 121
empowers enterprises to securely monitor, manage, and support a
plurality of devices via wireless deployment of data
configurations, applications, settings, permissions, and policies.
Enterprises may deploy an MDMS 121 on a plurality of devices, such
as mobile phones, smart tablets, laptops, etc., to ensure secure
wireless access and distribution of corporate content. Further,
enterprises utilize the MDMS 121 for managing third-party content
accessibility on enterprise user devices. While these restrictions
on enterprise content would not be objectionable to most users,
some may object to applying the same restrictions to personal user
devices. Therefore, multiple persona device management as described
herein supports the notion of segregating managed, secure mobile
access to enterprise content to an enterprise persona while
personal matter immunity is maintained on personal personas.
[0047] Still referring to FIG. 1, the shown MDMS 121 comprises a
mobile device management (MDM) database 139 and a MDM central
module 122. The MDM database 139 generally contains attributes
typically monitored, modified, and manipulated by an administrator,
as well as information necessary for the use of the multiple
persona functionality. The MDM central module 122 comprises a
management module 127, content server 130, secure email gateway
133, and application catalog serving as separate entity portals for
pushing and deploying configured attributes to end user devices.
The individual modules within the MDM central module 122 are
communicatively coupled with the MDM database 139 and the user
device 103, thereby ensuring proper attributes defined by an
administrator are effectively enforced on applicable personas.
Further, the MDM database 139 and the MDM central module 122
generally represent the enterprise controlled server-side of the of
the multiple persona device management application.
[0048] In one example embodiment of the present system, the
management module 127 (also called the admin console) recognizes a
plurality of individually assigned personas associated with a
plurality of user devices. An administrator can aptly engage the
management module 127, select a persona on a user device or group
of personas on different user devices, and define rules and
characterizations for the selected user devices. Accordingly, the
management module 127 determines which policy is applicable to
particular personas and subsequently distributes said policy to the
appropriate personas on a given user device. In some embodiments,
the management module 127 recognizes and addresses different
operating systems embodied on user devices, thereby defining proper
enforcement of rules and access to non-native data. (Details
regarding the various processes carried out by the management
console will be described in greater detail in connection with FIG.
3.)
[0049] According to one embodiment illustrated in FIG. 1, a content
server 130 of the MDM central module 122 serves as an access portal
for various enterprise related subject matter parsed in separate
partitions for access and distribution by identified personas. The
content server 130 integrates and interacts with the management
module 127, which supports persona access, policies, and rules
regarding authorization to corporate (or other managed) content.
The content server 130 generally, but may not necessarily,
comprises one or more local servers, cloud servers, and/or offsite
servers. In the embodiment shown, persona 2 118 engages with
enterprise subject matter on the user device 103 in the enterprise
environment when operated by the end user 109A. Alternatively,
persona 1 115, exhibiting an unmanaged personal persona, may be
precluded from accessing to corporate content and subsequently
denied rights to the content server 130. Further, in some
embodiments, the MDMS 121 has no access to or control over persona
1 115.
[0050] It is well known and understood by those of ordinary skill
in the art that many corporate entities utilize enterprise
dedicated electronic mail systems whereby traffic is regulated
through a managed email portal (e.g., Microsoft Exchange).
Accordingly, the presently-described embodiment includes a secure
email gateway 133 that enables secure email access and distribution
through the data network 150 within a corporate email exchange. In
one example embodiment, the secure email gateway 133 behaves as a
proxy server linking the enterprise email server and the data
network. The coupled management module 127 has the ability to push
enterprise policies set by an administrator to the secure email
gateway 133 to enforce said enterprise policies.
[0051] Further, some embodiments of the MDM central module 122
comprise an application catalog 136 that is also integrated with
the management module 127. The application catalog 136 supports
access to applications both enterprise specific applications and
public applications. The enterprise persona 2 118 through the
encapsulated rules and policies as set forth by an administrator
sends requests to access and download applications to the
application catalog 136. To increase mobile productivity, the
application catalog 136 serves as a portal governed by enforced
policies to allow approved access to applications for a user's
benefit.
[0052] Generally, users 109 utilize a variety of third-party
systems, applications, and email platforms via their personal user
devices 103. Often access to third party content is not as secure
as most enterprise platforms and presents vulnerabilities
concerning a device that can also access enterprise content. As
illustrated in FIG. 1, third-party systems and products 124 grant
end-user access to third-party content through the data network
154. In some embodiments, the public application store 145 permits
users to access a plurality of third party applications. In some
examples, an enterprise may preclude the enterprise persona,
persona 2 118, from accessing all outside applications. In such a
scenario, an end user 109 still retains the ability to install and
utilize outside applications on the personal persona (persona 1
115). Third-party email servers 148 may provide persona 1 115
access to personal emails. Other third-party content is pulled
through the third-party content server 142. In another embodiment,
this content may be accessed by the enterprise persona 2 118 and
the personal persona 1 115 depending on the current configuration
the administrator has implemented on the user's device.
[0053] The discussions above in association with FIG. 1 are merely
intended to provide an overview of an embodiment of the present
system for multiple persona management on a mobile device utilizing
a separation of hardware and/or software. Accordingly, it will be
understood that the descriptions in this disclosure are not
intended to limit in any way the scope of the present disclosure.
Various embodiments regarding hardware and software implementations
of the present device will be described next in greater detail.
[0054] FIG. 2A is a block diagram of a user device 103 comprising a
processor 209 and a memory 218. The user device 103 shown in FIG.
2A is a representative "single component" device, i.e., the device
does not include multiple hardware components for each respective
persona. An example multiple-persona hardware device is shown in
FIG. 2B. Depending on the configuration and type of device, memory
218 may comprise, but is not limited to, volatile (e.g. random
access memory (RAM)), non-volatile (e.g. read-only memory (ROM)),
flash memory, or any combination. Memory 218 may store executable
programs and related data components of various applications and
modules for execution by user device 103. Memory 218 may be coupled
to processor 209 for storing configuration data and operational
parameters, such as commands that are recognized by processor
209.
[0055] Basic functionality of user device 103 may be provided by an
operating system 221 contained in memory 218. One or more
programmed software applications may be executed by utilizing the
computing resources in user device 103. Applications stored in
memory 218 may be executed by processor 209 (e.g., a central
processing unit or digital signal processor) under the auspices of
operating system 221. For example, processor 209 may be configured
to execute applications such as web browsing applications, email
applications, instant messaging applications, and/or other
applications capable of receiving and/or providing data.
[0056] Data provided as input to and generated as output from the
application(s) may be stored in memory 218 and read by processor
209 from memory 218 as needed during the course of application
program execution. Input data may be data stored in memory 218 by a
secondary application or other source, either internal or external
to user device 103, or possibly anticipated by the application and
thus created with the application program at the time it was
generated as a software application program. Data may be received
via any of a plurality of communication ports 215 of user device
103. Communication ports 215 may allow user device 103 to
communicate with other devices, and may comprise components such as
an Ethernet network adapter, a modem, and/or a wireless network
connectivity interface. For example, the wireless network
connectivity interface may comprise one and/or more of a PCI
(Peripheral Component Interconnect) card, USB (Universal Serial
Bus) interface, PCMCIA (Personal Computer Memory Card International
Association) card, SDIO (Secure Digital Input-Output) card,
NewCard, Cardbus, a modem, a wireless radio transceiver, and/or the
like.
[0057] User device 103 may also receive data as user input via an
input component 242, such as a keyboard, a mouse, a pen, a stylus,
a sound input device, a touch input device, a capture device, etc.
A capture device may be operative to record user(s) and capture
spoken words, motions and/or gestures, such as with a camera and/or
microphone. The capture device may comprise any speech and/or
motion detection device capable of detecting the speech and/or
actions of the user(s).
[0058] Data generated by applications may be stored in memory 218
by the processor 209 during the course of application program
execution. Data may be provided to the user during application
program execution by means of a display 206. Consistent with
embodiments of this disclosure, display 206 may comprise an
integrated display screen and/or an output port coupled to an
external display screen.
[0059] Memory 218 may also comprise a platform library 224.
Platform library 224 may comprise a collection of functionality
useful to multiple applications, such as may be provided by an
application programming interface (API) to a software development
kit (SDK). These utilities may be accessed by applications as
necessary so that each application does not have to contain these
utilities thus allowing for memory consumption savings and a
consistent user interface.
[0060] Furthermore, embodiments of this disclosure may be practiced
in conjunction with a graphics library, other operating systems, or
any other application program and is not limited to any particular
application or system. The devices described with respect to the
Figures may have additional features or functionality. For example,
user device 103 may also include additional data storage devices
(removable and/or non-removable) such as, for example, magnetic
disks, optical disks, or tape (not shown).
[0061] User device 103 may comprise a desktop computer, a laptop
computer, a personal digital assistant, a cellular telephone, a
smartphone, a set-top box, a music player, a web pad, a tablet
computer system, a game console, a mobile device, and/or any other
device with like capability.
[0062] User device 103 may store in a data store 227 a device
profile 230 and a plurality of user preferences 233. Device profile
230 may comprise an indication of the current position of user
device 103 and/or indications of the hardware, software, and
security attributes which describe user device 103. For instance,
device profile 230 may represent hardware specifications of user
device 103, version and configuration information of various
software program and hardware components installed on user device
103, data transmission protocols enabled on user device 103,
version and usage information of various resources stored on user
device 103, and/or any other attributes associated with the state
of user device 103. The device profile 230 may further comprise
data indicating a date of last virus scan of user device 103, a
date of last access by an IT representative, a date of last service
by the IT representative, and/or any other data indicating
maintenance and usage of user device 103. Furthermore, the device
profile 230 may comprise indications of the past behavior of
associated users, such as resources accessed, charges for resource
accesses, and the inventory accessed from such resources. User
preferences 233 may comprise a listing of factors that may affect
the experience of the user. In particular, user preferences 154 may
include indications of the user's age, gender, bodily traits,
preferred resource types, preferred venue resources, and
combinations thereof.
[0063] FIG. 2B is a block diagram of a user device 103 with
multiple personas. As shown, these personas may either be physical
(multiple hardware components) or virtual. In some embodiments, the
user device 103 is embedded with dual persona device management.
According to some embodiments illustrated in FIG. 2, there are two
processors 210A and 210B, two wireless modules 213A and 213B, two
communication ports 220A and 220B, two displays 207A and 207B, and
two memory components 222A and 222B. Again, these dual processors
can either be physical (e.g., two physical processors) or virtual
(e.g., a single processor that is virtually divided via management
software).
[0064] In some embodiments, a persona may comprise a "SIM persona"
that is managed on a back-end and is portable to other devices. A
"SIM persona" may comprise a physical SIM card, it may comprise a
virtual SIM card entity, or a virtual entity embedded on a user
device 103. In another embodiment, several SIM personas may be
implemented on a single device. A SIM card may possess one persona
or multiple personas wherein the card is virtually split into
separate representative entities containing the attributes and
characterizations of the given personas. For the example wherein a
SIM card contains one sole persona, an end user may carry multiple
SIM cards and exchange them within the user device 103 based on
location or time. In another embodiment, a user device 103 may have
the capability to support more than one SIM card simultaneously,
maintaining persona 1 115 on one SIM card and persona 2 118 on
another SIM card. In such an embodiment, as information travels
through the data network 154, the information subsequently
propagates to the appropriate SIM card inside the user device
103.
[0065] In some embodiments, an overarching process determines the
routing of incoming data to the user device 103. According to some
embodiments of dual persona device management, a persona management
module 245 is employed to decide to which persona content should be
delivered on the device. The persona management module 245
exercises back-end differentiations between shared and distinct
features and/or functionality among personas. In some embodiments,
an agent resides on the dual persona implemented user device 103
for management of resources in connection with different personas.
For example, a hypervisor may serve as a persona management module
245 and embody a centralized means to deliver data to the
appropriate persona. The user device 103 hence becomes a host
machine on which the hypervisor resides and controls the related
functionality in part or completely. The hypervisor creates "guest
machines" or virtual machines on the user device 103 enabling the
virtual machines to behave as their own separate operating system
comprising their own persona. The hypervisor can represent a
firmware, software, or hardware implementation wherein the input
data and output data is recognized, identified and pushed by the
hypervisor to its appropriate destination.
[0066] For example purposes and as illustrated in this disclosure,
persona 1 115 is as shown as personal persona and persona 2 118 is
shown as an enterprise persona. Thus, as a corporate email
transmits to the user device 103, the hypervisor recognizes the
data as enterprise communication (based on tags or identifiers in
the data), and subsequently routes the data to persona 2 118. In
some embodiments, policies implemented with multiple persona device
management are identified by an administrator and pushed to the
hypervisor, allowing the hypervisor to act as the decision-making
agent performing actions as the persona management module 245.
[0067] According to the embodiment illustrated in FIG. 2B, a device
103 may contain multiple hardware sets, each set corresponding to
one unique persona. In the example comprising dual persona device
management, the device 103 comprises two components of each
hardware portion (e.g., two physical processors 210A and 210B, two
physical memory sets 222A and 222B, two wireless modules 220A and
220B, etc.). Generally, persona 1 115 transmits its corresponding
data through a persona 1 wireless module 213A, thereby leaving the
interpretation and data storage respectively to the persona 1
processor 210A and the persona 1 memory 222A. Likewise, a similar
process transpires for persona 2 115 comprising its separate
processor 210B, memory 222B and wireless module 213B. In some
embodiments, a central process encapsulated in the persona
management module 245 governs and routes the data and information
transmitted to the user device 103 to the appropriate hardware set.
Some embodiments comprise a combination of dual components and
single components. For example, in some embodiments, a user device
comprises two processors 210A and 210B, two sets of memory 222A and
222B, one wireless module 220, and one communication port.
[0068] In some embodiments, the persona management module 245
integrates the policies and rules set by the administrator through
MDMS and precludes access and distribution of data for particular
personas. For example, if a policy is set which does not allow
third-party email exchange access by persona 2 118, when a request
for access has propagated to the persona management module 245, the
request may be denied and the proper executable steps are
initiated.
[0069] Further, as shown in FIG. 2B, one example embodiment of the
device 103 may be constructed such that all hardware sets are
entirely independent of each other with no overarching agent
software or firmware. In this embodiment, there may exist two
independent SIM cards, each associated individually with each
hardware set therefore containing the appropriate SIM card address
for each persona. The address of the SIM card is coupled with the
transmitted data; hence, the persona identified by the address
receives the appropriate information. According to one example
embodiment, different hardware sets may utilize different operating
systems. For example, the personal persona, persona 1 222A, may
utilize iOS for its operating system 225A and the enterprise
persona, persona 2 222B, due to a corporate or enterprise
preference, may utilize a version of Android as its operating
system 225B. In an application with dual, independent operating
systems, the persona management module 245 may contain an agent
application for communicating and pushing data to the Android
operating system 222B and a separate application programming
interface (API) corresponding with the iOS operating system.
Associated with the independent operating systems, an independent
device profile 231A and 231B may be associated with each respective
device, and may contain information such as operating system
versions, last update of said operating system, serial numbers
associated with an operating system, etc. Further, the independent
hardware sets may also comprise divergent network carriers
integrated on the same user device 203.
[0070] Also illustrated in FIG. 2B is an embodiment comprising
dedicated communication ports 220A and 220B for each persona. The
communication ports could consist of keyboard, mouse, power
adapter, Ethernet port, or the like. Alternatively, in some
embodiments, all components of hardware may be separate, but share
a power source or common battery.
[0071] In some embodiments of the present disclosure wherein
multiple hardware sets are implemented on the user device 103 and
as illustrated in FIG. 2B, respective compliance rules 240A and
240B serve as the local user device 103 containers for compliance
rules which have been pushed and implemented in connection with
individual personas. In some embodiments, policies and rules
incorporated in the enterprise compliance rules 240B engage with
the persona 2 210B processor, governing incoming data via the
persona 2 wireless module 213B, ensuring the policies and rules set
forth by the enterprise maintain consistency and integrity. Also,
within the quarantined memories of persona 1 222A and persona 2
222B, an embodiment of separated data stores 228A and 228B store
respective persona characterizations. For example, persona 2 118
may store in its data store 228B preferences, persona usage
details, enterprise branding information, configurations, and
assignments of resources accessible to an administrator using MDMS
121. The stored data within the data store 228B enables an
enterprise to access information to effectively monitor user device
operation within the enterprise space.
[0072] According to some embodiments, a user device 103 may
comprise various combinations of a plurality of components. For
example, in some embodiments the user device comprises dual screens
that are independently assigned to a persona. In some embodiments
of the present disclosure, the user device 103 may comprise
separate controls for each screen or each persona. Each independent
set of controls may be embedded and assigned to manipulate actions
within their designated persona. Another embodiment comprises a
user device housing or form that will fit additional add-on
components to expand or further facilitate the persona within the
user device. One example comprises a keyboard comprising a toggle
button that can engage the desired persona when the button is
depressed or moved to a designated position. Further, a user device
may comprise a combination of embodiments (e.g., common controls
that manipulate dual screens, dual controls dedicated to one
screen, etc.).
[0073] Referring now to FIG. 3, an example block diagram is shown
of a MDMS 121 architecture environment interacting with a data
network 154, third party systems and products 124, and a user
device 103 configured with dual persona device management. For
discussion purposes, it can be assumed that the illustrations in
FIG. 3 relate to a user device 103 involved in a Bring Your Own
Device (BYOD) program and coupled with a mobile device management
system (MDMS) 121. As will be generally understood and appreciated
by one of ordinary skill in the art, an enterprise BYOD program is
not necessarily the only application with the ability to benefit
from multiple persona device management, and the intention of the
following example is not intended to necessarily limit or restrict
the scope and spirit of the present disclosure in any way. As
previously described, the MDMS 121 enables an administrator to
create compliance rules and subsequently distribute those rules to
a plurality of user devices to which the rules pertain. Further,
the user devices may contain a personal persona, persona 1 115, and
an enterprise persona, persona 2 118, with (or without) a
centralized governing agent, the persona management module 245.
[0074] In some embodiments, the system illustrated in FIG. 3
promotes a back-end differentiation between shared and distinct
functionality amongst a plurality of personas. In connection with
the back-end differentiation, some embodiments include a resident
agent such as the persona management module 245 residing on the
multi-persona device 103. As previously described, the persona
management module 245 manages distinct and shared resources
associated with data entering or exiting the user device. For
example, as persona 1 115 requests access to the email store 348
within the third-party email gateway 348, the persona management
module 245 acknowledges persona 1 118 as the personal persona and
allows access to third-party content such as the third-party email
gateway 148.
[0075] In some embodiments, the management module 127 in the MDMS
121 may push policies to some or all personas, specifying shared
resources among personas and setting boundaries regarding the
permitted level of communication among the personas. Yet according
to another embodiment, the management module 127 may also push
personal policies, enterprise policies, and meta-policies between
the personas. Generally, meta-policies govern the shared resources,
communication, and device-level functionality among the personas.
The recently discussed embodiments exemplify different means of
creating a native experience for the end user, where data intended
for a specific persona is identified either before reaching the
user device or upon reaching the user device and transferred to the
appropriate persona within the user device.
[0076] In some embodiments illustrated in FIG. 3, the MDM central
module 122 includes the various modules an administrator utilizes
to set functionality, configurations, appearances, preferences and
various other attributes that are controlled and implemented with a
MDMS 121. According to an embodiment of the present disclosure, the
MDM database 139 houses the attributes utilized by the
administrator via the MDMS user interface. In other embodiments,
various modules within the MDM central module 122 engage with the
MDM database 139 to retrieve an appropriate attribute(s) selected
by the administrator and push said attribute(s) via a data network
154 to the persona management module 245. The persona management
module 245 recognizes the attribute(s) and the persona for which it
is intended, thereby pushing that attribute(s) to the appropriate
persona. In another embodiment, the MDM central module 122, through
the management module 127, pushes appropriate attributes to
dedicated SIM cards within a user device embodying multi-persona
device management.
[0077] Generally, in connection with the functionality of the
management module 127, operations may be broken into two different
spaces--a server side and a device side. As will be discussed later
in the present disclosure in connection with FIG. 6, the server
side of the management module 127 enables an administrator to log
into the console, select a device or group of devices, compile
rules for said device and push the policies and the rules to the
user device 103 to control subsequent functionality of those
devices. In another embodiment, the management module 127 may
authenticate data by verifying the credentials of the user device
103, interpret said data and push commands back to the user device
103 in response to the commands received from the user device. The
device side of the management module 127 enables a user device to
request enrollment into a mobile device management system, receive
compiled rules and policies, take actions in conjunction with
receiving data from the management module 127, and toggle among
active personas within the user device 103.
[0078] In some embodiments (not shown), the management module 127
also contains a self-service application that is available for
utilization by device users. In some embodiments, the self-service
application comprises a user interface that is a pared-down version
of the administrator management console interface. Users may log
into the self-service application and view specific information
about the enterprise persona, persona 2 118, of the device and/or
the personal persona, persona 1 115. In another embodiment, users
may only access the enterprise persona, while being unable to view
the content of the personal persona. In some embodiments, the
self-service application comprises a limited set of mobile device
management options available to the user. For example, users may
acquire the GPS location of the user device 103, lock the user
device 103, perform an enterprise wipe or wipe the entire user
device 103, send messages to said device, etc. In another
embodiment, the enterprise wipe may de-partition the user device
103 and leave the personal persona as the only remaining persona.
An enterprise wipe is a function wherein all enterprise data,
characterizations, enterprise attributes, preferences, and settings
are remotely erased from the enterprise persona. Likewise, an
entire device wipe remotely erases all data on both persona 1 115
and persona 2 118, reverting the device to its original OEM state.
In the self-service application of the management module 127, a
user does not have the ability to assign or change rules and
policies with respect to any managed persona. In some embodiments,
the self-service feature offers users the ability to track user
content or their user device and minimally manage the user
device.
[0079] Further, another embodiment of the self-service application
enables the management module 127 to configure a pre-defined
limited set of options relating to multiple virtual hardware sets.
In the instance where the management module 127 transmits commands
to the user device 103 to create multiple virtual hardware sets, an
end-user may log into the self-service section of the management
console and access the pre-defined functionalities related to the
multiple virtual hardware sets. As previously described, the
self-service component of the management module 127 enables users
to access an interface and view specific data concerning their user
device 103 and respective personas 115 and 118.
[0080] According to one embodiment shown in FIG. 3, the management
module 127 compiles rules and policies via the compliance rule
store 330 and pushes those rules and policies to a user device 103
to create a determined number of virtual hardware sets. In some
embodiments, there are two hardware sets corresponding to two
personas. In the example shown in FIG. 3, each hardware set
comprises separate displays 207A and 207B, separate processors 201A
and 201B, and separate memories 222A and 222B. In some embodiments,
each memory 222A and 222B comprises storage functionality that
contains data respective to the persona with which it belongs.
Generally, each display 207A and 207B is the respective user
interface that a user 109 would use to access and perform
operations pertaining to the respective persona. In some
embodiments, displays may be interchangeable and a user has the
ability to toggle between displays according to the persona the
user wishes to engage. For example, a user wishing to perform a
function regarding persona 1 115 would toggle to display 1 207A,
access contents in memory 1 222A through processor 1 210A and
execute some desired actions. After the desired actions are
complete, the end-user may keep persona 1 115 active or toggle to
another persona.
[0081] Still referring to FIG. 3, in some embodiments, the
management module 127 directs configuration policies and compliance
rules via the compliance rules store 330 to each of the represented
personas. The management module 127 queries virtual machine
characteristics and operating systems of each persona, compiles the
rules and policies, and pushes the compiled rules and policies to
the user devices based on the results of query. The policies and
rules are stored in their respective persona rules stores 305A and
305B. The persona rules stores 305A and 305B manage their
respective personas regarding implemented mobile device management
policies set to monitor and regulate the user device 103. In some
embodiments, a personal persona may not receive any compliance
rules, data, or the like if that given persona is not managed or
controlled by the MDMS 121 or MDM central module 122. Additionally,
with a lack of compliance rules and policies, persona 1 115
maintains the ability to access third-party data, uninhibited
usage, and freedom of functionality as desired by end users
enrolled in BYOD programs. In this way, true segregations between
personas can occur in a way not previously contemplated. Further,
persona 2 118 may store enterprise compliance policies in the
persona 2 rule store 305B, enforcing consistent enterprise persona
functionality and maintaining secure access and distribution of
enterprise content.
[0082] Also illustrated in FIG. 3, some embodiments of the
management module 127 send configuration policies and compliance
rules to an overarching agent, the persona management module 245,
which configures the virtual machines based on those rules and
policies. As previously discussed, one function of the persona
management module 245 is to delegate policies, rules, data access,
and persona functionality to the subordinate personas.
[0083] Still referring to FIG. 3, in some embodiments shown,
content assigned to personas is stored either in the personal
content repository 333 or in the enterprise content repository 336
and both may be accessed through the content server 130. In an
alternate embodiment, personal content on the user device 103 is
not accessible by the MDMS 121. According to another embodiment, an
administrator can distribute documents through the content server
130 coupled to the management module 127 to the content
repositories.
[0084] Rules and policies assigned to personas dictate persona
interaction with content repositories, including third-party
content repositories. In some embodiments, communication is
generally sent through the content server 130; hence, the content
server 130 verifies whether the communication transmitted to a
given persona is permissible. For example, if the content store 345
included an enterprise Share Point site, the enterprise persona may
possess policies granting access to the third-party content server
142 and the enterprise content 336 repository. Persona 2 (the
enterprise persona), may initially "shake hands" with the content
server 142 and the content server may authenticate the credentials
of persona 2 118. Consequently, persona 2 118 may fetch a document
from the content store 345, save said document in memory 2 222B,
and/or in the persona 2 content store 311B, modify said document,
and transfer it to the enterprise content 336 repository.
[0085] Still referring to FIG. 3, in some embodiments a secure
email gateway 133 may be incorporated in the MDM central module 122
and may comprise a proxy server between the enterprise email server
(e.g. Microsoft Exchange) and the data network. According to
compliance rules and policies, an enterprise persona may retrieve
email from the enterprise email through the secure email gateway
133. The secure email gateway 133 may be configured to perform
compliance checks against entities wishing to access enterprise
email. The management module 127 is also integrated with the secure
email gateway 133. An administrator through the management console
can push compliance rules to the secure email gateway 133 to change
authentication requirements; thereby, storing said compliance rules
in the compliance rule check 339. In another example embodiment,
the secure email gateway can determine whether a user device 103 is
"jail broken". An enterprise persona may retain appropriate
compliance rules permitting access to the enterprise email, but the
secure email gateway 133 will still restrict access to that persona
if the user device 103 is jail broken. Further, an enterprise may
allow access to predetermined third-party email gateways 148,
whereby the secure email gateway 133 will assess a persona's
compliance rules, allow secure access to a third-party email
gateway 148, and subsequently permit admittance to a third-party
email store 348.
[0086] Many companies enable employees to utilize productivity
applications (apps) to facilitate work demands. Some embodiments of
the MDM central module 122 include an application catalog 136 for
managing the applications of end users 109. In some embodiments, a
graphical user interface 342 enables interaction with the
application catalog 136 and provides an interface, such as a
website or the like, presenting users with a list of authorized
applications for chosen personas. In another embodiment, an
application portal resident on a user device 103 comprises a host
of authorized downloadable apps. In some embodiments, the
application catalog 136 receives compliance rules and policies set
by an administrator via the management module 127. The application
catalog 136 may provide access to public application stores 145
such as Google Play or the Apple Store. In some embodiments, the
application catalog 136 may contain links to public apps
recommended for employee productivity. Alternatively, the
enterprise persona may have policies permitting retention of all
public apps or retention of specifically designated public
applications.
[0087] In some embodiments, the application catalog 136 may
comprise enterprise applications developed specifically for a
company and may preclude access to such enterprise applications by
a personal persona 115. In some embodiments, the application
catalog authenticates a persona's credentials before permitting a
download of enterprise apps. In another embodiment, a user can pull
enterprise content 336 through the content server 130 and modify it
using annotation features within a secure content application. In
some embodiments, the persona app stores 309A and 309B comprise
applications downloaded from the application store 351 for their
respective personas.
[0088] Furthermore, one example embodiment of the present device
may provide a lost device persona. A user device 103 may switch to
a lost persona if the device moves outside of a recognized pattern
as determined by GPS, or the user device 103 recognizes a period of
inactivity, or exhibits some other atypical behavior. In some
embodiments, the GPS system will actively track and keep a dynamic
record of each user's travel routine and, in the event of an
identified deviation, automatically toggle to the lost persona. The
lost persona may, for example, comprise settings and/or
configuration information that may facilitate locating the device.
For example, toggling the lost persona may cause one or more
location services on the user device 103 to be engaged, such as a
GPS coordinate transmission mode or the like. In some embodiments,
if the user device 103 is in the lost device persona,
authentication may be required to toggle back to a managed user
persona. For example, authentication may occur by inputting
biometric metadata, a PIN or password, a programmable swipe
gesture, or any similar authentication means. In another
embodiment, the device may also toggle to the lost device persona
if initiated by the user or an administrator via the self-service
application of the management module 127 (i.e., the user identifies
the device as lost and sends instructions to the device indicating
the same). The self-service application of the management module
127 may contain a map add-on or a map software application in which
the user and/or the administrator may utilize to find lost user
devices. The lost device persona offers additional security for
enterprises and users who wish to keep access, devices, and content
secure.
[0089] As described previously, in one example embodiment, the user
device 103 may contain multiple physical hardware sets within the
user device. Each hardware set generally represents a separate and
independent persona. The embodiment comprising multiple physical
hardware sets within a single user device 103 generally functions
in a similar manner as embodiments of the device embedded with
virtual machines. Further descriptions regarding functionality of
both embodiments will be described in connection with FIGS. 6, 7,
and 8.
[0090] Referring to FIGS. 4A, 4B, and 4C an embodiment of a dual
persona device 103 having two screens 118 and 115 is shown. In one
embodiment shown, a different display/screen is assigned to each
persona and generally comprises the active display while a user
interacts with the corresponding persona. For example, when using
enterprise persona 118, the enterprise screen 118 will be
illuminated and active while the personal persona 115 will be dim
and visibly inactive. In some embodiments, a user device 103 may
comprise two separate screens 118, 115 on one user device 103;
hence, the given screen a user is utilizing dictates the presently
active persona. In an example illustrated in FIGS. 4A and 4B, an
enterprise persona 118 is active on one screen 409A, and is
presented on one side of user device 103. Likewise illustrated in
FIGS. 4A and 4C, a personal persona 115 is presented on the
opposing side of the user device 103. A user, depending on which
persona he or she wishes to engage, utilizes the side and screen
409B of the user device 103 embodying the desired persona.
[0091] In some embodiments, the dual displays may optionally
comprise dual cameras on the user device 103 and may be used to
present an augmented reality experience. Using the dual cameras on
either side of the device, one screen may display what the camera
on the opposing side views. For example, the screen may show the
inside of the user's hand or images of the environment he/she is
in, lending the impression there is no user device or the user
device 103 is see-through. Further, the camera may incorporate
technology that will automatically dim or turn off the backlight of
the persona not in use based on identifiable features, such as the
palm of a user's hand or recognizing a face in front of the camera.
The cameras may recognize the lack of light and dim the screens
such as when the user device 103 is in a pocket or handbag.
[0092] FIG. 4D illustrates another embodiment of the present dual
persona device 103. The embodiment shown includes one display
possessing the ability to express one persona at a time or multiple
personas simultaneously. As shown, a single display may be divided
into halves representing a different persona on either side. In
another embodiment, a border of the screen may be an alternative
color representing a second screen, which may change and become
active when the personas toggle. The device may indicate the active
persona by displaying a persona identifier in small font at the top
of the screen. In another embodiment, if the inactive persona
receives a call, the screen may divide in half as shown in FIG. 4D,
indicating a trigger event. The personas may be exchanged by
touching or acknowledging the portion of the screen that represents
the incoming persona.
[0093] In various embodiments, personas may be identified and/or
delineated in a variety of ways. For example, according to some
embodiments of the present disclosure, each persona may have a
distinct and distinguishable ringtone. Persona display backgrounds
may also change when toggling personas. For example, an enterprise
persona may display a company logo as a background, while a
personal persona may display a personal picture of the user. Within
multiple persona device management, all of the disclosed
embodiments may be incorporated on the user device 103 or some
combination of embodiments thereof. Further, the described examples
are not intended to limit the spirit or scope of the present
disclosure. As will be understood and appreciated by one of
ordinary skill in the art, other embodiments may be implemented to
distinguish between multiple personas on a single user device
103.
[0094] As previously described, a persona generally relates to a
collection of settings implemented in software and/or hardware that
can be switched in and/or on a user device 103 based on a trigger
event. As shown in FIG. 5, a plurality of personas interact with a
persona management module 245 and various incorporated hardware
components, either via the operating system (or excluding the
operating system) to communicate and execute commands.
[0095] The central module (management module) 122 enables personas
to be selected, communication rules and policies to be assigned to
the personas within the user device 103, and personas to interact
within the limits of the selected rules and policies. In some
embodiments, the personas are able to interact with each other
(e.g. share data, share contacts, etc.). Conversely, in another
embodiment, the personas remain segregated with no communication
between the two (or multiple). While personas may incorporate
individual contact lists, in some embodiments, it may possible for
a communal contact list accessible to any persona embedded on the
user device 103.
[0096] In some embodiments, toggling between personas may be
executed via physical gestures that are recognized by the
assimilated hardware and software in the user device 103. In some
embodiments, flipping the user device 103 over creates an identical
replica of the user device 103 with a second display on the other
side. In another embodiment, consecutive flipping of the user
device 103 may cycle through embedded personas. An accelerometer or
some other user device position detecting mechanism integrated in
the hardware may be used to sense the rotation of the user device
103. The hardware communicating via the operating system to a
persona management module 245 expresses that the user has initiated
a change in persona and the persona management module will activate
another persona. Likewise, initiating a change in persona may be
executed by flipping or rotating the user device 103 a set number
of multiple rotations for each toggle. In another embodiment, a
user with persona 1 501 active may shake the user device 103 a
preset number of times. The shakes are recognized by the hardware
and the hardware communicates with the persona management module
245 thereby switching the active persona to persona 2 503 (or some
other persona).
[0097] According to various other embodiments, a plurality of
gestures or actions may toggle between multiple personas. Toggling
of personas may occur by holding down a button one the user device
103 for a set period of time, or depressing said button a number of
times. The device may have a specifically designated button that
may be used exclusively for the purpose of toggling personas.
Another example embodiment utilizes swiping gestures at the top or
bottom of the screen on the user device 103 to toggle through
personas.
[0098] As generally understood by one of ordinary skill in the art,
many user devices 103 feature embedded GPS components in the device
hardware that are used to identify the position of a user device
103 whenever the device is powered on. According to some
embodiments, persona 1 501 may be geolocation-based, such that
persona 1 501 is active when a user device 103 is within a given
distance of a designated location. In one aspect, a user device 103
switches virtual or physical SIMs assigned to different personas.
Further, when the user is traveling abroad, a user device 103 may
switch to a SIM appropriate for the visiting region, thereby
receiving cheaper rates based on local service.
[0099] In another embodiment, persona 2 may be active during an
established window of time on given days. For example, persona 2
502 (an enterprise persona) may be active Monday through Friday
during normal business hours and persona 1 501 (a personal persona)
maybe the active persona otherwise. User selection is also an
option for selecting a persona, wherein the user device 103 prompts
a user 109 to specify which persona is requested, followed by a PIN
or password input into the device and processed by the persona
management module 245 to access the requested persona. In another
embodiment, the persona management module 245 may require biometric
data such as a fingerprint or a user's voice to toggle personas, or
may use an electronic fob or watch (e.g., electronic timepiece)
having near field communication (NFC) capability or other similar
communication capability to toggle personas.
[0100] According to another aspect in this regard, the persona
management module 245 may utilize signals from a fingerprint reader
such as that provided in the Apple.RTM. iPhone 5S, or other similar
biometric device, to toggle personas. For example, different
fingers may be used to toggle to, or switch between, different
personas. A right thumbprint may correspond to a trigger actuation
of a work persona, while a left thumbprint may correspond to and
trigger actuation of a personal persona. Likewise, a work-related
electronic fob may correspond to and trigger actuation of a work
persona, and a digital watch may correspond to and trigger
actuation of a personal persona, for example upon removal of the
work-related fob from proximity of the device, such that the
personal persona triggering device remains within the operative
proximity.
[0101] Still referring to FIG. 5 and according to some embodiments,
a trigger or triggering event may cause a switch or toggle through
represented personas. In some embodiments, a trigger forces or
prompts a user to choose an active persona (e.g., an incoming phone
call designated for an inactive persona wherein a user can choose
to ignore or accept the call). In some embodiments, a default
persona may be set to receive all phone calls. However, a user may
also be prompted to select which persona will be used to accept an
incoming call. In another embodiment, personas may be associated
with different phone numbers recognized by the persona management
module 245, which directs incoming calls to the appropriate persona
either persona based on the recognized number. In yet another
embodiment, an administrator may decide and implement via the MDMS
121 the most secure persona to accept an incoming call.
[0102] FIG. 6 is a flow chart setting forth the general steps
involved in a policy creation and deployment method 600 consistent
with embodiments of this disclosure for providing assignment of
compliance rules and policies to a user device and/or persona(s) by
an administrator. As will be understood and appreciated, method 600
may be implemented using a MDMS 121, the management module 127
within a MDM central module 122, a data network 154, persona rules
stores 305A and 305B, and a user device 103, and various other
components and modules as described above. Ways to implement the
steps of method 600 will be described in greater detail below.
According to some embodiments, method 600 may begin at block 605,
where an administrator logs into the MDMS 121 console and accesses
the compliance rules store 330 through the management module 127,
and queries or selects group of personas to which the given rules
or policies will apply. The persona or groups of personas queried
may be selected according to different roles and responsibilities
or due to enrolling a new employee into the BYOD program etc. In
some embodiments, an administrator may query personas implemented
on virtual machines, hardware sets, or operating systems. After the
desired persona(s) are found, method 600 moves to step 607, at
which point the desired persona(s) are selected.
[0103] According to some embodiments, at step 609, the
administrator defines the rules to be implemented for the selected
personas. For example, rules might include access to secure email
gateways 133, content servers 130, application catalogs 136, etc.
In other embodiments, default rules will apply. Once rules and
policies have been designated, the administrator initiates the
process of deploying the rules to the respective personas.
[0104] At step 611 of process 600, rules defined by the
administrator are compiled within the management module 127 based
on operating systems of given personas. In some embodiments, the
management module 127 interacts with the MDM database 139 to
assemble definitions representing the administrator defined rules
and policies. After compiling the rules, the compiled rules and
policies are deployed to the selected personas (step 613). In some
embodiments, data is received from the user device at step 615.
This data may include authentication checks, acknowledgement of
enrollment, a server ping, etc. In certain embodiments, the
management module 127 may receive data from the user device
comprising acknowledgment of deployed rules and policies, a request
for further instructions, etc. In some embodiments, method 600
moves to the next step 617 and pushes commands back to the user
devices and personas based on the received data and/or rules.
[0105] FIG. 7 is a flow chart setting forth the general steps
involved in a persona initiation process 700 from a user device 103
perspective. Generally, method 700 follows the steps of process
600, but from a persona perspective on a user device 103. In some
embodiments, method 700 may be implemented using a persona
management module 245, a data network 154, a mobile device
management system 121, a MDM database 139, a MDM central module, a
compliance rules store 330 embedded in a management module 127, and
other systems described herein. Ways to implement method 700 will
be described in greater detail below. In some embodiments, method
700 may begin at step 705, wherein a user requests enrollment into
a mobile device management system. The enrollment request generally
leaves the user device 103 and the request is sent over the data
network 154 and is received and accepted by the management module
127.
[0106] According to some embodiments, the management module 127
deploys the already compiled rules via the data network 154 to the
user device 103. Successively, the compiled rules and policies are
received at the user device 103. Method 700 progresses to the next
step 709, where the compiled rules and policies are implemented on
the user device 103 in association with the appropriate persona. In
some embodiments, various rules are associated with respective
personas.
[0107] At step 711, after the given rules and policies have been
implemented on each respective persona, the user device 103
containing multiple embedded personas is able to toggle between
personas. As data is received at the given device 103 during
operation, the device identifies and acknowledges data based on the
compiled rules and policies designated for the individual persona
(step 715). In some embodiments at step 715, the persona/device can
utilize one or both of two different paths; it can relay necessary
data back to the console (step 713) or take some action based on
the rules and/or data (step 717). This data could be an
acknowledgement of receipt sent over the data network 154 back to
the management module 127 and thereby ending the process. As
described, the persona can take a specific action based on the
rules or data applied to the persona (step 717).
[0108] FIG. 8 is a flow chart setting forth the general steps
involved in a method 800 consistent with embodiments of this
disclosure of toggling personas by either user initiation or an
event trigger. In some embodiments, method 800 may be implemented
utilizing a user device 103, a persona management module 245, a
data network 154, one or more processors one a device, one or more
displays on a device, and other components as described above. Ways
to implement the steps of method 800 will be described in greater
detail below. According to some embodiments, method 800 begins at a
state in which the user device is in a steady state within a given
persona. At step 805, a user desires to access a persona or an
event trigger occurs to access a given persona. Moving to step 807,
an overarching entity such as embedded software, firmware, or a
persona management module 245 performs an initial compliance check
regarding the forthcoming persona, ensuring the persona is a
managed persona. In some embodiments, the persona is not a managed
persona, and the user device 103 stays in its initial state. In
another embodiment, the device is in a managed persona and method
800 progresses to step 809.
[0109] Step 809 optionally requires user device 103 authentication
to proceed to the next stage. According to various embodiments,
authentication can be performed utilizing a plurality of processes
such as a fingerprint scan, entering a PIN or password, swiping a
specific pattern on the screen, a biometric access functionality,
or the device may be configured for an automatic authorization
without user input. If the authentication fails, method 800
propagates to step 810, wherein a deny access or error message is
displayed and the user device returns to the start state. If user
authentication is successful, method 800 proceeds to step 811 and
allows access to the managed and requested persona.
[0110] According to some embodiments at stage 813, the newly
activated persona may require actions to be taken based on
predetermined rules or receiving a set of data. For example, email
communications may need to be sent to the persona at issue from the
MDMS 121. If so, then an indicator or identifier may be associated
at the MDM database 139 with the data to be sent to the mobile
device persona, and subsequently the data will be sent to the
device. At step 817, the persona waits for a trigger event to
change personas. If a trigger event does not occur, the device will
return to step 813 and repeat steps 813-817 as necessary. If a
trigger is received, the device will propagate to step 819, which
is analogous to step 807.
[0111] In some embodiments at step 819, the device checks if the
trigger is from a managed persona. If the trigger is from a managed
persona, method 800 advances to step 809. In another embodiment, if
the trigger is not from another managed persona, the device will
move to step 821, may cease monitoring the managed persona, and may
disable communication, ending method 800.
[0112] As has been described, and according to some embodiments,
the present disclosure generally describes methods and systems for
isolating, implementing, and provisioning multiple entities or
personas on an individual user device, thus enabling multiple
individual end-user environments to remain quarantined while
simultaneously remaining active. As will be generally understood, a
persona encompasses various settings, policies, rules,
configurations or attributes associated with a particular end user
environment. Accordingly, groups of individual personas may be
categorized based on defined rules and policies applicable to said
group and managed simultaneously. Other embodiments enable remote
access to deploy changes to current attributes and configurations
either by group definition or on an individual basis.
[0113] According to one example embodiment, multiple personas may
be managed via a central server (e.g., a content server or
management module), which may serve as an intermediary between the
multiple personas. The central server receives data from the
device, identifies which persona initiated the data transfer, and
sends the data on behalf of the identified persona. Similarly, the
central server receives data from outside sources, identifies for
which persona the data is intended and pushes said data to the
appropriate persona. Further, one example embodiment virtually
separates one set of hardware components (e.g., a single processor,
memory, battery, etc.) into individual segments. Consequently, each
segment houses and embodies a separate and quarantined persona. Yet
other embodiments encompass multiple hardware sets (e.g., multiple
processers, multiple memories, multiple batteries, etc.)
independently coupled and dedicated for one or more respective
persona.
[0114] It is to be understood that both the foregoing general
description and the following detailed description are examples and
explanatory only, and should not be considered to restrict the
disclosure's scope, as described and claimed. Further, features
and/or variations may be provided in addition to those set forth
herein. For example, embodiments of the disclosure may be directed
to various feature combinations and sub-combinations described in
the detailed description.
[0115] The embodiments and functionalities described herein may
operate via a multitude of computing systems, including wired and
wireless computing systems, mobile computing systems (e.g., mobile
telephones, tablet or slate type computers, laptop computers,
etc.). In addition, the embodiments and functionalities described
herein may operate over distributed systems, where application
functionality, memory, data storage and retrieval and various
processing functions may be operated remotely from each other over
a distributed computing network, such as the Internet or an
intranet. User interfaces and information of various types may be
displayed via on-board computing device displays or via remote
display units associated with one or more computing devices. For
example, user interfaces and information of various types may be
displayed and interacted with on a wall surface onto which user
interfaces and information of various types are projected.
Interaction with the multitude of computing systems with which
embodiments of this disclosure may be practiced include, keystroke
entry, touch screen entry, voice or other audio entry, gesture
entry where an associated computing device is equipped with
detection (e.g., camera) functionality for capturing and
interpreting user gestures for controlling the functionality of the
computing device, and the like. The Figures above and their
associated descriptions provide a discussion of a variety of
operating environments in which embodiments of this disclosure may
be practiced. However, the devices and systems illustrated and
discussed with respect to the Figures are for purposes of example
and illustration and are not limiting of a vast number of computing
device configurations that may be utilized for practicing
embodiments of this disclosure as described herein.
[0116] The term computer readable media as used herein may include
computer storage media. Computer storage media may include volatile
and nonvolatile, removable and non-removable media implemented in
any method or technology for storage of information, such as
computer readable instructions, data structures, program modules,
or other data. System memory, removable storage, and non-removable
storage are all computer storage media examples (i.e., memory
storage.) Computer storage media may include, but is not limited
to, RAM, ROM, electrically erasable read-only memory (EEPROM),
flash memory or other memory technology, CD-ROM, digital versatile
disks (DVD) or other optical storage, magnetic cassettes, magnetic
tape, magnetic disk storage or other magnetic storage devices, or
any other medium, which can be used to store.
[0117] The term computer readable media as used herein may also
include communication media. Communication media may be embodied by
computer readable instructions, data structures, program modules,
non-transitory media, and/or other data in a modulated data signal,
such as a carrier wave or other transport mechanism, and includes
any information delivery media. The term "modulated data signal"
may describe a signal that has one or more characteristics set or
changed in such a manner as to encode information in the signal. By
way of example, and not limitation, communication media may include
wired media such as a wired network or direct-wired connection, and
wireless media such as acoustic, radio frequency (RF), infrared,
and other wireless media.
[0118] A number of applications and data files may be used to
perform processes and/or methods as described above. The
aforementioned processes are examples, and a processing unit may
perform other processes. Other programming modules that may be used
in accordance with embodiments of this disclosure may include
electronic mail, calendar, and contacts applications, data
processing applications, word processing applications, spreadsheet
applications, database applications, slide presentation
applications, drawing or computer-aided application programs,
etc.
[0119] Generally, consistent with embodiments of this disclosure,
program modules may include routines, programs, components, data
structures, and other types of structures that may perform
particular tasks or that may implement particular abstract data
types. Moreover, embodiments of the disclosure may be practiced
with other computer system configurations, including hand-held
devices, multiprocessor systems, microprocessor-based or
programmable consumer electronics, minicomputers, mainframe
computers, and the like. Embodiments of this disclosure may also be
practiced in distributed computing environments where tasks are
performed by remote processing devices that are linked through a
communications network. In a distributed computing environment,
program modules may be located in both local and remote memory
storage devices.
[0120] Furthermore, embodiments of this disclosure may be practiced
in an electrical circuit comprising discrete electronic elements,
packaged or integrated electronic chips containing logic gates, a
circuit utilizing a microprocessor, or on a single chip containing
electronic elements or microprocessors. Embodiments of this
disclosure may also be practiced using other technologies capable
of performing logical operations such as, for example, AND, OR, and
NOT, including but not limited to mechanical, optical, fluidic, and
quantum technologies. In addition, embodiments of the disclosure
may be practiced within a general-purpose computer or in any other
circuits or systems.
[0121] Embodiments of this disclosure may, for example, be
implemented as a computer process and/or method, a computing
system, an apparatus, device, or appliance, and/or as an article of
manufacture, such as a computer program product or computer
readable media. The computer program product may be a computer
storage media readable by a computer system and encoding a computer
program of instructions for executing a computer process. The
computer program product may also be a propagated signal on a
carrier readable by a computing system and encoding a computer
program of instructions for executing a computer process.
Accordingly, the present disclosure may be embodied in hardware
and/or in software (including firmware, resident software,
micro-code, etc.). In other words, embodiments of the present
disclosure may take the form of a computer program product on a
computer-usable or computer-readable storage medium having
computer-usable or computer-readable program code embodied in the
medium for use by or in connection with an instruction execution
system. A computer-usable or computer-readable medium may be any
medium that can contain, store, communicate, propagate, or
transport the program for use by or in connection with the
instruction execution system, apparatus, or device.
[0122] The computer-usable or computer-readable medium may be, for
example but not limited to, an electronic, magnetic, optical,
electromagnetic, infrared, or semiconductor system, apparatus,
device, or propagation medium. More specific computer-readable
medium examples (a non-exhaustive list), the computer-readable
medium may include the following: an electrical connection having
one or more wires, a portable computer diskette, a random access
memory (RAM), a read-only memory (ROM), an erasable programmable
read-only memory (EPROM or Flash memory), an optical fiber, and a
portable compact disc read-only memory (CD-ROM). Note that the
computer-usable or computer-readable medium could even be paper or
another suitable medium upon which the program is printed, as the
program can be electronically captured, via, for instance, optical
scanning of the paper or other medium, then compiled, interpreted,
or otherwise processed in a suitable manner, if necessary, and then
stored in a computer memory.
[0123] Embodiments of this disclosure may be practiced via a
system-on-a-chip (SOC) where each and/or many of the elements
described above may be integrated onto a single integrated circuit.
Such an SOC device may include one or more processing units,
graphics units, communications units, system virtualization units
and various application functionalities, all of which may be
integrated (or "burned") onto the chip substrate as a single
integrated circuit. When operating via an SOC, the functionality,
described herein, with respect to training and/or interacting with
any element may operate via application-specific logic integrated
with other components of the computing device/system on the single
integrated circuit (chip).
[0124] Embodiments of this disclosure are described above with
reference to block diagrams and/or operational illustrations of
methods, systems, and computer program products according to
embodiments of the disclosure. The functions/acts noted in the
blocks may occur out of the order as shown in any flowchart. For
example, two blocks shown in succession may in fact be executed
substantially concurrently or the blocks may sometimes be executed
in the reverse order, depending upon the functionality/acts
involved.
[0125] While certain embodiments have been described, other
embodiments may exist. Furthermore, although embodiments of the
present disclosure have been described as being associated with
data stored in memory and other storage mediums, data can also be
stored on or read from other types of computer-readable media, such
as secondary storage devices, like hard disks, floppy disks, or a
CD-ROM, a carrier wave from the Internet, or other forms of RAM or
ROM. Further, the disclosed methods' stages may be modified in any
manner, including by reordering stages and/or inserting or deleting
stages, without departing from the disclosure.
[0126] Embodiments of the present disclosure, for example, are
described above with reference to block diagrams and/or operational
illustrations of methods, systems, and computer program products
according to embodiments of the disclosure. The functions/acts
noted in the blocks may occur out of the order as shown in any
flowchart. For example, two blocks shown in succession may in fact
be executed substantially concurrently or the blocks may sometimes
be executed in the reverse order, depending upon the
functionality/acts involved.
[0127] While certain embodiments of the disclosure have been
described, other embodiments may exist. Furthermore, although
embodiments of the present disclosure have been described as being
associated with data stored in memory and other storage mediums,
data can also be stored on or read from other types of
computer-readable media, such as secondary storage devices, like
hard disks, floppy disks, or a CD-ROM, a carrier wave from the
Internet, or other forms of RAM or ROM. Further, the disclosed
methods' stages may be modified in any manner, including by
reordering stages and/or inserting or deleting stages, without
departing from the disclosure.
[0128] All rights including copyrights in the code included herein
are vested in and the property of the Assignee. The Assignee
retains and reserves all rights in the code included herein, and
grants permission to reproduce the material only in connection with
reproduction of the granted patent and for no other purpose.
[0129] While the specification includes examples, the disclosure's
scope is indicated by the following claims. Furthermore, while the
specification has been described in language specific to structural
features and/or methodological acts, the claims are not limited to
the features or acts described above. Rather, the specific features
and acts described above are disclosed as example for embodiments
of the disclosure.
* * * * *