On July 3, 2014, the US Patent & Trademark Office published another security related patent application from Apple. Apple's first security invention published earlier today revealed a "Dual-Factor Authentication System for the iTunes Store." In this second security-centric patent application, Apple reveals advanced security based on location. Apple covers "fixed locations" like your home or Office and "mobile locations" like when you're shopping, at a coffee shop or inside your car (or other vehicles). The specific system designed for the car is obviously going to be a part of Apple's forthcoming CarPlay. Whether Apple will roll the fixed location interfaces into their forthcoming "Home" app is not known at this time. Intelligent location-based security will be able to change your security settings on the fly.
Apple's Patent Background
Mobile devices, such as smart phones, tablet computers, media players, and the like, have become ubiquitous. People are ever more reliant on mobile devices for their day-to-day activities. Often, sensitive or private information is accessible from mobile devices. Mobile devices can also be used to make purchases from online and brick-and-mortar merchants. Users may want to limit the use of their mobile devices by unauthorized individuals, such as children or other third parties. To prevent against unauthorized access, mobile devices often have security requirements for authentication.
One example of a security requirement is a password or passcode. For example, a passcode requirement can be enabled on an iPhone commercially available from Apple Inc. When enabled, a passcode may be required immediately upon the iPhone entering a lock-screen state or after a predetermined time of inactivity (e.g., 1 minute, 5 minutes, 15 minutes, 1 hour, etc.). Shorter times are typically more secure. There may be different types of passcodes. For example, the passcode can be a simple 4-digit numerical password or a longer alphanumeric password. Longer passcodes with a combination of characters and special characters are typically more secure. However, longer and more complex passcodes are more difficult for a user to enter. Frequent or unnecessary requests to the user for authentication can be burdensome and harm the user experience.
Apple Invents Intelligent Location-Based Security
Apple's invention generally relates to location services and in particular location-sensitive security levels and setting profiles based on detected location.
To provide a reliably pleasant and secure experience for a user operating a mobile device, it can be desirable to modify security settings or other device behavior based on a detected location. Mobile device users often frequent the same locations. Mobile devices can be configured to detect the current location. Based on the detected current location, the mobile device can modify settings and configurations. Security settings are one example of device behavior that can be modified in accordance with embodiments of the present invention.
Apple's patent FIG. 1A noted above is a diagram of a system 100 at a fixed location according to an embodiment of the present invention. Various electronic devices can be located in a structure 120, such as a house, building or a room. This would be considered a fixed location.
Mobile devices often have security requirements, such as passwords or passcodes. Security requirements help ensure that a mobile device is in the hands of the appropriate party. Often the security level remains the same regardless of the location of the mobile device. Because some locations may be inherently more secure, such as a user's home or office, these locations may be considered "safe" and require less stringent security.
It can be desirable to have decreased security requirements when the mobile device is at a secure location. Conversely, some locations may be considered higher risk or "unsecure." In these locations, it can be desirable to implement stronger security protections. When the mobile device is in an unsecure location (e.g., public location such as cafes or shopping centers), security requirements can be increased.
A mobile device can detect a current location and implement security settings that correspond to the detected location. The current location may be detected by analyzing location aspects, where a "location aspect" can include any parameter or attribute that assists in determining a location of a mobile device, including: geographic location coordinates; connected or visible networks and devices; characteristics of devices or networks that are visible to the mobile device; the presence of other devices nearby; physical connection to other devices; environmental characteristics of the location; or other features of the location.
The collection of location aspects that is present (or not present) at a particular location may be referred to as a "location context." That is, a location context can be the set of location aspects that is present (or not present) at a given location. For example, a location context associated with a user's home may include a first location aspect (being connected to "My Home Network") and a second location aspect ("My iMac" visible on that network). When the mobile device detects the first location aspect and the second location aspect, the mobile device has identified a location context location with a threshold confidence. Based on that identification, the mobile device can deter nine if a location (e.g., home) is associated with that location context and implement a modified security level.
Apple's patent FIGS. 5B and 5C noted below are simplified tables of location aspects at certain locations and information for correlating location contexts to security levels, respectively, in accordance an embodiment of the present invention.
Some embodiments determine a location based on combinations of location aspects, such as primary network and secondary network, primary network and GPS location, primary network and secondary network and GPS location, Bluetooth device and GPS location, Bluetooth device and primary network, or any other suitable combination. Using a combination of aspects can increase the confidence that the location is correctly identified. Distance between the mobile device and other devices can also be relied upon as a location aspect. For example, an area may be considered safe if within a predetermined distance (e.g., 100 m radius) of another device e.g., access point servicing a specific network).
According to some embodiments of the present invention, the security level required on a mobile device can vary based on information indicative of the mobile device's location (i.e., location aspects or a location context). In some embodiments, a mobile device can implement a baseline security level, which has a default security requirement.
The mobile device detects a "safe" or "unsecure" location for decreased or increased security by detecting whether various location aspects are available or unavailable and other information associated with particular aspects. Based on the detected location aspects, the mobile device can determine a first location context of the mobile device.
The first location context is associated with a first location for modified security, for example, by looking up the first location context in a file or table that contains corresponding locations for modified security. Based on the detected location, the mobile device implements a first security level based on the first location context. In some embodiments, the first security level can be an increased security level relative to the baseline level. In some embodiments, the first security level can be a decreased security level relative to the baseline level.
In some embodiments, location-based security is set up and initialized. A mobile device can receive an instruction to set up a modified security level associated with a first location. The instruction can be received via a user interface and can include a selection of the modified security level to be implemented. The first location can be the current location of the device at the time of setup. In response to the instruction, the mobile device can analyze the available location aspects at the first location and determine a location context. The mobile device can select one or more available aspects to associate with the first location. The mobile device can then assign the modified security level to the first location.
Set-Up User Interfaces for Location-Based Security
In Apple's patent figures 8ABC & 9ABC presented below we're able to see new basic and advanced location-based security settings user interfaces.
CarPlay: Mobile Location-Based Security
Apple notes that in some embodiments, the "location" of a mobile device need not refer to a fixed location (such as a home or office) but can also include a location that is mobile, such as when the mobile device is inside of a moving vehicle. In patent FIG. 2 noted above we're able to see a system according to an embodiment where the location is mobile, in this case the user's car 210.
Apple further notes that the system relating to a vehicle may include an iPhone and vehicle systems 250 – that is likely to be non-other than Apple's new CarPlay when in your car.
However, the mobile location-based security will be able to apply to other vehicles such as a bus, train, airplane, boat, or the like. The vehicle such as your car could include a wired or wireless network 215 and vehicle systems and subsystems 250. The Vehicle systems can include a navigation system 252, an audio system 254, a dashboard/engine system 256 and other future components.
Patent FIGS. 8C and 9A cover user interface for setting up location-based security for when you're in your car (or other vehicle) including using Siri for controlling your iPhone features and content.
Other Security Measures
In addtion to location-based security, Apple notes that added security measures can be based on some combination of what the user knows, what the user has, or what the user is.
For example, security measures based on what the user knows include passwords, passcodes, passphrases or other challenges (e.g., name of your first pet).
Security measures based on what the user has include physical objects that identify a user based on the user's demonstrated possession of an object (e.g., keyfobs, smartcards, etc.).
Security measures based on what the user is include DNA, fingerprints, retinal scans, voice identification, cadence of typing, walking, talking, and other biometric identification methods.
Apple credits Alexander Reitter, David Amm, Julian Missig and Raymond Walsh as the inventors of patent application 20140187200 which was originally filed in Q4 2012. Considering that this is a patent application, the timing of such a product to market is unknown at this time.
A Note for Tech Sites covering our Report: We ask tech sites covering our report to kindly limit the use of our graphics to one image. Thanking you in advance for your cooperation.
Patently Apple presents a detailed summary of patent applications with associated graphics for journalistic news purposes as each such patent application is revealed by the U.S. Patent & Trade Office. Readers are cautioned that the full text of any patent application should be read in its entirety for full and accurate details. About Making Comments on our Site: Patently Apple reserves the right to post, dismiss or edit any comments. Comments are reviewed daily from 4am to 8pm MST and sporadically over the weekend.