Monday, January 12, 2009

Multi Tenant Portable Devices

By: Alon Cohen

Here is something I did not see at CES 2009, well, I should say did not see yet. As I was watching Star Trek over the years it became clear to me that those programs can provide a glimpse to the future if not even forge the future by igniting creativity among other creative people.


We know that scientists are working on teleportation, (“beam me up Scotty”) they even made progress in the past years and managed to show that it is theoretically possible. But why go that far, we all use cell phones, they started big, morphed to mimic the shape of Captain Kirk’s communicator (the flip phone) and they are now becoming smaller and smaller almost like those of Star trek voyager comm badges.


All we have to do to find new ideas is look closer and permutate some of the visuals and gadgets used at those shows. And there are plenty of them.


What caught my attention was how Star Trek people were using their “iPhones” (well not really iPhones more like their “iPod touch”. The key difference between what we have today as iPod iPhone, Android or Palm Pre and what they have used on the show is the fact that theirs was not really owned by anyone specific. They were tossing them around as if they were yellow pads.


This is how I came to the conclusion that given the correct method as depicted later in this post one can build what I call a Multi Tenant Portable Device. I started working on the concept way back, and finally decide to file it as a patent on December 4th 2008.


The Objective

The objective is to enable multiple users some temporary users to use any portable device nearby with full access to all personal data as if it was your own device, and without compromising your own privacy or the privacy of other users (I call tenants) on the device.


Imagine that you can get full access to all your personal data such as e-mail address book, phone numbers, calendar and messages using someone else’s phone or portable device when your own device is not nearby or not operational from some reason like luck of battery juice, reception or any other reason.


Imagine sitting in front of a TV and reading your e-mails, using your kid’s iPhone or even your smart universal TV remote.


As portable devices become pervasive they could be thrown in the house everywhere much like our old cordless phones. Today, as oppose, to my home cordless phone which is everywhere, when I hear my cell phone I need to find my own cell phone first in order to accept the call. With this invention you could be using any available cell phone around you to pick up your call.


Imagine a world or a corporate environment where people exchange PDA-like devices as if they were writing pads or a printed document, and then leave that device around for others to use, without losing any privacy of personal data.


Using this invention, all the above can become a reality. To say the truth it is not even complicated which in my mind makes it a perfect idea, simply simple and powerful.


Here is how

Today, cell phones have a SIM card that defines the phone personality, kind of a serial number that provides the network ID to which the network can assign your phone number and attach billing information. Today, it is not simple to replace the SIM card, and on iPhone almost impossible. The address book, email settings and other data objects are usually stored locally on the phone’s flash memory. As it stands the experience of using someone else’s phone or PDA is a not a pleasant thought and often feared by the phone owner from privacy reasons. It is sufficient to see my College kid objections to his teenage brother using his iPhone, to understand that privacy is a real issue on those portable devices.


Now what if we could make that SIM card or SIM card analogy well seamless? In much the same way that my mail is not on my PC but rather on a networked mail like g-mail, so can my address book be, my calendar be, my YouTube movies be, my browser preferences be and so on. All I need is to point the Phone (or the Device) to the correct well encrypted on-line setting storage, and the device is temporarily mine.


Some of the above settings’ data is already on-line or replicated for backup or as a synchronization point, but it is not made available on-line to any device I desire, it is for my own devices to use, my own Google account, own address book and so on.


In many cases local storage is not a dirty word, think of it as cash memory for personal data. The problem is that it is not segregated & encrypted per user. So a temporary user can easily get access to personal information stored on the device, while pretending to use that for something else.


Once I have my settings available on-line and from my segregated local storage I can see how iPhones or PDA or iPod Touch or Plam Pre or any iPhone-like smart devices would use a password, or a finger print reader, or even an RFID reader with a tag that a user would carry in his/her pocket to be able to re-define the phone current tenant and all of those tenants relevant settings.


To use such a device I would enter my ID, or place my finger on the device, or just touch it and retrieve all my settings (from the network or local storage on the device), and gain access to my address book, my preferences, My Music, My Movies, my phone calls and even my device desktop and wall paper. In fact as soon as I touch the phone or device I should not be able to distinguish between that phone or device and my own device or phone (operationally speaking, taken in consideration form factors and UI capabilities).


As soon as I “let go”, (if I am not on an active phone call), and the phone goes to sleep mode, the device, using some defined policy, revert back to its original “owner” (or default user) settings.


Different “let go” policies may be used like a tenant registering on another device, or a tenant proactively logging out from the device, or just not touching it, or simple timeout. When this happens the device can forget the tenant personal data, or store it encrypted in a local storage in case the same tenant needs it again quickly, all according to what the tenant defined in the tenant’s personal profile.


As a user of such device, I can now prepare a document on my way to work, assign it to the destination user, by say e-mailing it or potentially storing it locally encrypted for a specific user. As I come to work I just hand the device to the other user to read without risking unauthorized access to my personal data on the Device. All that the next user will see is his own data his own e-mails and nothing else. Could he use his own device to read it? Probably yes if I mailed it, but he just gave his own device to someone else. One can envision that there will be no more “owning” of devices, in much the same way that there is no owning of a document I just handed to you, it’s yours if you like it. Or owning will exist but sharing of and collaboration by using those multi tenant mobile devices will be more apparent.


For very sensitive data that should not hit the network, sharing specific data might be accomplished, as mentioned above, by storing the data locally with an access list for one or a plurality of users so that only the People named in the list can open the data when they have their identity entered to or identified by the phone. The data is stored locally encrypted to that trusted list of readers and does not have to leave the device.


My phone, my PDA device, even my universal remote control are now becoming a much more powerful collaboration devices, with much more diverse set of uses and applications almost like what we saw happening on Star Trek Voyager. It shortens the distance of the users not only from the device but also from their personal data and any other public digital content out there.


If you recall on the Star Trek series the com-badge was not part of the data infrastructure of the ship, it was very personal, like a personal SIM or ID card for a person. But on many occasions, you wished one person could use someone else’s com badge to get out of dire situations. If only they thought of applying the Multi Tenant methods to the communicators they could have probably save the jobs of few actors here and there.


As mentioned the device local storage can hold group access rights and personal settings for say an enterprise, so that local data on the device can not be used outside the list of trusted users without erasing all data that might be stored on the device. The local storage can also store an updated copy of all the local users’ settings for the occasions where the device is not connected to a network.


If the device shared is also a phone and the phone is now used by a temporary user, phone calls to the original device owner or other guests on the device might be accepted in one implementation as call waiting if the phone is used at that instance when another call is directed to the same phone, while the display can show the called person ID as well as the caller ID. When not on a call an incoming call can trigger a vocally “called person ID” so the correct person can know to pick up the phone to answer.


Looking at it from the network side, when a temporary user is logging into a shared device the calls for the temporary user or users will be directed to the shared device. If implemented efficiently this process can take place even when I hear my phone ring from a far and I want to instantly become a tenant on say my wife’s phone or any suitable device in my vicinity to pick that call.

The Personalization Process

Personalization methods are not limited to, but could use an apparatus such as a Finger Print reader, image recognition using a camera on the device, voice print identification, RFID tag or be as simple as a password on a phone that was setup to accept a specific guests, or as simple as a username and password the first time a new guest is introduced to the phone.


Basic Personalization and Personalization Persistence Process


The Personalization data has to be made to fit different devices. It means that the personalization data of a user or guest is stored in some tagged metadata format that can be interpreted and converted differently by every multi-tenant device to match that device’s specific setup and capabilities. If the device supports only e-mail and not phone calls than obviously the phone information and redirection process will not be used and the calls for the new guest tenant will not be directed to that phone. SMS or other push mode notifications for instance might be directed to that device via e-mail if the device supports push e-mail and not SMS and if the user chooses that type of behavior.


Persistence of one or more guests on a device must be handled as well. Persistence is a bit different than what is widely known as presence today. Presence is an indication that I am currently actively using a specific device or software and usually indicate a “non-present” status when the user has not touched the keyboard or has not responded to a call for action for some time. On a phone for instance, the user may not have used the phone functionality for a long period but he/she is still present to accept calls, SMS or/and voicemail indications even when he/she is not able to specifically answer a phone call at a given situation (like in a movie theater) or when he/she has not touched the keyboard for a long period. This means that the fact that a specific user is now guest or a tenant on a device must be persistent, even when normal presence may indicate otherwise.


As mentioned there may be few policies that could be implemented by the device owner or a guest regarding the persistence of a guest instance on a device. For instance a phone can be set to accept a guest phone call as long as the guest did not logout, or as long as the guest did not log in from another device. An automatic log-out can be implemented so the fact that the user is now a tenant on another phone can indicate to the network to automatically log that guest out from any previous devices the user was logged into as a guest.


For this system to work for example for normal calls and SMS, a forwarding action of SMS or calls must be accessible from any remote device even when the device is not on the same network and also from any internet connected device. In the existing cellular networks if you want to forward calls to another phone while traveling, you must remember to do that from your phone before you leave the country, or you will not be able to do that later. VoIP networks today enable that forwarding anytime from anywhere as long as you have an internet connection and a web browser.

A simple personalization process would look like this:


Note: this concept was filed as a patent, and the author is open to discuss licensing.