Patent 9491564
Derivative works
Defensive disclosure: derivative variations of each claim designed to render future incremental improvements obvious or non-novel.
Active provider: Google · gemini-2.5-flash
Derivative works
Defensive disclosure: derivative variations of each claim designed to render future incremental improvements obvious or non-novel.
✓ Generated
Due to the constraint that the full text of the independent claims for US9491564 was not provided in the user's message, and my inability to browse external URLs to retrieve this information from the USPTO Patent Center (as indicated by prior execution attempts and limitations), I cannot generate derivative variations for each specific core claim of the patent.
However, to fulfill the task of generating a "Defensive Disclosure" based on the inventive art of US9491564, I will proceed by identifying and using a representative core concept derived from the patent's title, abstract (as inferred from the description of its functionality), and various definitions and descriptions provided within the authoritative patent text. This representative core concept encapsulates the primary technical innovations described:
Representative Core Concept:
"A mobile device system and method for secure and verifiable device-assisted network service management, comprising: a service processor on a mobile device configured to locally implement, enforce, and verify network service policies (e.g., traffic shaping, access control, monitoring) and to generate verifiable service usage and transaction billing events; and a remote service controller configured to securely communicate with the service processor to provision, update, and validate said policies and events, thereby enabling distributed service intelligence and flexible network resource management."
Based on this representative core concept, I will now generate derivative variations along the specified axes.
Defensive Disclosure Document for US Patent 9491564
Date: April 26, 2026
Patent: US9491564 - Mobile device and method with secure network messaging for authorized components
Representative Core Concept: A mobile device system and method for secure and verifiable device-assisted network service management, comprising: a service processor on a mobile device configured to locally implement, enforce, and verify network service policies (e.g., traffic shaping, access control, monitoring) and to generate verifiable service usage and transaction billing events; and a remote service controller configured to securely communicate with the service processor to provision, update, and validate said policies and events, thereby enabling distributed service intelligence and flexible network resource management.
Derivative Variations
1. Material & Component Substitution
Derivative 1.1: Hardware-Accelerated Policy Engine with Trusted Execution Environment (TEE) and Quantum-Resistant Cryptography
- Enabling Description: The service processor is implemented as a dedicated hardware security module (HSM) or a System-on-Chip (SoC) with a specialized co-processor for policy enforcement, operating within a Trusted Execution Environment (TEE). Policy rules and cryptographic keys are stored in encrypted, non-volatile memory accessible only within the TEE. All cryptographic operations for secure messaging with the service controller, including policy updates, verification requests, and usage reporting, utilize quantum-resistant cryptographic algorithms (e.g., lattice-based cryptography like CRYSTALS-Dilithium for digital signatures and CRYSTALS-Kyber for key exchange) executed by the dedicated co-processor. This prevents side-channel attacks and ensures policy integrity even against future computational advances. The HSM or co-processor interface with the main application processor via a secure peripheral bus with memory protection units.
- Mermaid Diagram:
flowchart TD User_App --- API --> Main_AP Main_AP -- Secure Bus --> TEE_CoProc TEE_CoProc -- Crypto Ops --> QR_Algo_Module TEE_CoProc -- Policy Enforce --> Network_Stack_Interface TEE_CoProc -- Gen Reports --> Secure_Storage Secure_Storage -- Encrypted --> Network_Tx_Module Network_Tx_Module -- QR Secure Conn --> Service_Controller Service_Controller -- Policy Updates --> Network_Rx_Module Network_Rx_Module -- QR Secure Conn --> TEE_CoProc subgraph Mobile Device Main_AP[Main Application Processor] TEE_CoProc[Hardware-Accelerated TEE Co-Processor] QR_Algo_Module{Quantum-Resistant Crypto Algos} Secure_Storage[Encrypted Non-Volatile Memory] Network_Stack_Interface((Network Stack Interface)) Network_Tx_Module[Network Transmission Module] Network_Rx_Module[Network Reception Module] end
Derivative 1.2: Software-Defined Radio (SDR) with Integrated Policy Enforcement at PHY Layer
- Enabling Description: The mobile device incorporates a Software-Defined Radio (SDR) chipset where the service processor's policy enforcement functionality is deeply integrated into the PHY (Physical) and MAC (Medium Access Control) layers. Instead of traditional packet filtering at the IP layer, policies like traffic shaping or access control are applied directly at the radio interface by modifying waveform parameters, modulation schemes, or scheduling algorithms based on real-time policy directives from the service controller. For instance, low-priority traffic could be assigned less robust modulation or lower power, reducing its effective bandwidth. This requires a reconfigurable hardware architecture (e.g., FPGA-based SDR) and a trusted firmware update mechanism for policy rules.
- Mermaid Diagram:
flowchart TD Service_Controller -- Secure Policy --> Device_Policy_Manager Device_Policy_Manager -- Config --> SDR_Control_Plane SDR_Control_Plane -- Real-time Adjust --> PHY_MAC_Layer PHY_MAC_Layer -- Traffic_Shaping_Access --> RF_Transceiver RF_Transceiver <--> Wireless_Medium Application_Traffic -- Data Path --> PHY_MAC_Layer subgraph Mobile Device Device_Policy_Manager[Service Processor Policy Manager] SDR_Control_Plane[SDR Control Plane] PHY_MAC_Layer[Reconfigurable PHY/MAC Layer] RF_Transceiver[RF Transceiver] end
Derivative 1.3: Biometric-Authenticated Policy Management Interface
- Enabling Description: The mobile device's service processor includes a user interface component that requires multi-factor biometric authentication (e.g., fingerprint, facial recognition, or iris scan) for any user-initiated policy preference changes, privacy settings adjustments, or review of service usage reports. This authentication mechanism directly interfaces with a secure element within the device that stores biometric templates, ensuring that only authorized users can modify or access sensitive policy-related information. Secure messages to the service controller for such changes are digitally signed using a key protected by this biometric authentication.
- Mermaid Diagram:
sequenceDiagram Actor User participant Mobile_Device as Mobile Device (Service Processor) participant Secure_Element as Secure Element participant Service_Controller as Service Controller User->>Mobile_Device: Initiate Policy Change/Review Mobile_Device->>Mobile_Device: Prompt Biometric Authentication User->>Mobile_Device: Provide Biometric Input Mobile_Device->>Secure_Element: Verify Biometric Template Secure_Element-->>Mobile_Device: Authentication Result (Success/Fail) alt Authentication Success Mobile_Device->>Mobile_Device: Grant Access to Policy UI User->>Mobile_Device: Adjust Policy Settings Mobile_Device->>Mobile_Device: Digitally Sign Changes (Secure Element) Mobile_Device->>Service_Controller: Send Signed Policy Update Service_Controller-->>Mobile_Device: Acknowledge else Authentication Fail Mobile_Device->>User: Access Denied end
Derivative 1.4: Photonic Computing for Policy Rule Matching
- Enabling Description: The service processor integrates a photonic computing array designed for ultra-fast pattern matching of traffic headers against policy rules. Instead of traditional electronic CPU cycles for deep packet inspection, optical circuits perform parallel comparisons of incoming packet characteristics (e.g., destination IP, port, protocol type) against a pre-loaded optical template of policy rules. This enables near-light-speed policy enforcement with extremely low latency, especially beneficial for high-throughput, low-latency applications where traditional electronic processing introduces bottlenecks. Policy updates would involve reconfiguring the optical mask or interferometer settings within the photonic processor.
- Mermaid Diagram:
flowchart TD Incoming_Traffic -- Optical Convert --> Photonic_Processor Photonic_Processor -- Rule Match --> Optical_Decision Optical_Decision -- Electrical Convert --> Network_Action Service_Controller -- Policy Data --> Optical_Config_Unit Optical_Config_Unit -- Reconfig --> Photonic_Processor subgraph Mobile Device Incoming_Traffic[Network Interface (Electrical)] Optical_Convert[Electrical-to-Optical Converter] Photonic_Processor[Photonic Policy Processor] Optical_Decision[Optical Decision Unit] Electrical_Convert[Optical-to-Electrical Converter] Network_Action[Network Stack Action (e.g., Drop, Reroute)] Optical_Config_Unit[Optical Configuration Unit] end
2. Operational Parameter Expansion
Derivative 2.1: Millimeter-Wave (mmWave) and THz Communication Management in Dense Urban Environments
- Enabling Description: The service processor is optimized for policy enforcement and billing in mobile devices operating in mmWave (e.g., 5G NR FR2 bands) and Terahertz (THz) spectrum, prevalent in dense urban or industrial environments. Policies dynamically adjust beamforming vectors, spatial multiplexing, and scheduling grants to optimize throughput and manage interference in highly directional, short-range communications. The service processor continuously analyzes link quality, signal-to-noise ratio, and beam alignment to apply micro-policies that ensure service level agreements (SLAs) for individual applications while minimizing spectrum usage and power consumption. Billing events are generated based on effective data rates, beam usage, and latency achieved within specific geographic micro-cells.
- Mermaid Diagram:
graph TD SC[Service Controller] -- Provision Policies --> SP[Service Processor (Device)] SP -- Monitor & Report --> SC subgraph Mobile Device SP mmWave_THZ_Modem[mmWave/THz Modem] Beamforming_Engine[Dynamic Beamforming Engine] PHY_Scheduler[PHY/MAC Scheduler] Network_Policy_Enforcer[Network Policy Enforcer] SP -- Directives --> Network_Policy_Enforcer Network_Policy_Enforcer -- Control --> PHY_Scheduler PHY_Scheduler -- Resource Grant --> mmWave_THZ_Modem mmWave_THZ_Modem -- Tx/Rx --> Antenna_Array[Antenna Array] Antenna_Array <--> mmWave_THZ_Access_Point mmWave_THZ_Modem -- Metrics --> SP Beamforming_Engine -- Control --> Antenna_Array SP -- Feedback --> Beamforming_Engine end
Derivative 2.2: Ultra-Low Power Satellite IoT Device Policy for Remote Sensing
- Enabling Description: The service processor is miniaturized and integrated into an ultra-low power Internet of Things (IoT) device designed for remote sensing in extreme environments (e.g., Antarctic weather stations, deep-sea buoys, agricultural fields). Communication with the service controller occurs via sporadic, low-bandwidth satellite links (e.g., LEO satellite constellations). The service processor's policies are designed for extreme energy efficiency, only transmitting critical aggregated sensor data or billing events at predefined intervals or upon specific thresholds being met. Traffic shaping policies minimize overhead, prioritize emergency alerts, and compress data aggressively to reduce transmission time and power consumption. Billing is often based on message count, data payload size, and criticality level, rather than continuous throughput.
- Mermaid Diagram:
stateDiagram-v2 state "Low Power Idle" as Idle state "Sensor Data Collection" as Collect state "Policy Evaluation" as Evaluate state "Data Aggregation & Compression" as Aggregate state "Satellite Uplink Window" as Uplink [*] --> Idle Idle --> Collect: Timer / Event Trigger Collect --> Evaluate: Data Available Evaluate --> Aggregate: Policy Match / Threshold Exceeded Aggregate --> Uplink: Scheduled Window / Urgent Event Ulink --> Idle: Transmission Complete / Timeout Evaluate --> Idle: Policy No Match / No Critical Data Uplink --> Fault: Transmission Failure Fault --> Idle: Retry / Reset
Derivative 2.3: High-Frequency Trading (HFT) Client Policy Enforcement
- Enabling Description: The service processor is integrated into a specialized mobile computing device used by financial traders for high-frequency trading (HFT) on the go. Policies operate at microsecond latencies, prioritizing real-time market data feeds and order placement instructions over all other traffic. Traffic shaping might involve using dedicated hardware queues with ultra-low jitter, bypassing standard operating system network stacks for critical data. Access control policies enforce strict geographical and time-based trading windows, and authorize specific exchanges or financial instruments based on real-time risk profiles. Billing events are generated based on transaction volume, latency guarantees, and adherence to regulatory compliance policies, with tamper prevention crucial for audit trails.
- Mermaid Diagram:
flowchart LR Trader_Device -- HFT_App_Traffic --> SP[Service Processor] SP -- Policy_Enforce(Low Latency, Priority Queues, Access Control) --> Network_Interface Network_Interface -- Ultra-low Latency --> Exchange_Server[Financial Exchange] SC[Service Controller] -- Real-time Policy Push --> SP SP -- Verifiable_Audit_Logs --> Compliance_Audit[Compliance & Billing System] subgraph Mobile Trading Device SP Network_Interface HFT_App_Traffic[HFT Application Data Stream] end
3. Cross-Domain Application
Derivative 3.1: Autonomous Agricultural Robotics (AgriTech)
- Enabling Description: The service processor is embedded in autonomous agricultural robots (e.g., crop-spraying drones, automated harvesters). Policies manage network access for machine-to-machine (M2M) communication for swarm coordination, real-time sensor data uploads (e.g., soil moisture, pest detection), and remote control updates. Traffic shaping ensures critical navigation and safety commands are prioritized, while large imagery datasets are uploaded during off-peak network hours or via local mesh networks. Billing events are generated based on acres covered, task completion, data volumes transmitted per crop cycle, and adherence to environmental regulatory data sharing policies.
- Mermaid Diagram:
graph TD SC[Farm Management System (Service Controller)] -- Mission Plans & Policies --> Robot_SP[Robot Service Processor] Robot_SP -- Sensor Data & Status --> SC subgraph Autonomous Agri-Robot Robot_SP GPS_Nav[GPS & Navigation Module] Sensor_Array[Environmental Sensor Array] M2M_Comms[M2M Communication Module] Farm_Network_Interface[Farm Network Interface (Cellular/LoRa/Mesh)] Robot_SP -- Navigation Policies --> GPS_Nav Sensor_Array -- Data Stream --> Robot_SP Robot_SP -- Data Upload Policies --> Farm_Network_Interface Robot_SP -- Swarm Coordination --> M2M_Comms M2M_Comms <--> Other_Robots[Other Agri-Robots] Farm_Network_Interface <--> Local_Gateway[Local Farm Gateway] Local_Gateway <--> Internet[Internet/Cloud] end
Derivative 3.2: Critical Infrastructure Monitoring (Industrial IoT/SCADA)
- Enabling Description: The service processor is integrated into remote monitoring units within critical infrastructure (e.g., power grids, water treatment plants, oil pipelines) that use Industrial IoT (IIoT) sensors and SCADA (Supervisory Control and Data Acquisition) systems. Policies ensure the integrity and priority of telemetry data, control commands, and cybersecurity alerts. Traffic shaping guarantees low-latency transmission for critical alarms while allowing less urgent diagnostic data to be batched. Access control policies strictly whitelist endpoints for data transmission and command reception, enforcing stringent compliance with cybersecurity standards (e.g., ISA/IEC 62443). Billing is based on data criticality, uptime guarantees, and policy enforcement metrics, with all events securely logged for regulatory audits.
- Mermaid Diagram:
sequenceDiagram participant Sensor as IIoT Sensor Network participant RTU as Remote Terminal Unit (Service Processor) participant SCADA_Gateway as SCADA Gateway participant Op_Center as Operational Control Center (Service Controller) Sensor->>RTU: Send Telemetry Data (Critical/Non-Critical) RTU->>RTU: Apply Traffic Shaping Policy RTU->>RTU: Apply Access Control Policy RTU->>SCADA_Gateway: Send Filtered/Shaped Data (Securely) SCADA_Gateway->>Op_Center: Forward Data Op_Center->>RTU: Send Control Commands (Securely, Authenticated) RTU->>RTU: Verify Command Authority RTU->>Sensor: Execute Control Command RTU->>Op_Center: Send Billing/Audit Event (Securely, Verifiably)
Derivative 3.3: In-Flight Entertainment & Connectivity (Aerospace)
- Enabling Description: The service processor resides within an aircraft's cabin gateway, managing internet access and entertainment services for passengers and crew. Policies differentiate traffic based on user subscription (e.g., basic browsing vs. streaming), crew operational needs, and regulatory requirements (e.g., prioritization of cockpit communication, weather data). Traffic shaping dynamically allocates bandwidth based on available satellite/air-to-ground link capacity, passenger demand, and premium service tiers. Access control blocks unauthorized content or services, and limits usage duration. Billing events are generated per passenger, per session, by data volume, or by content accessed, with secure reporting to ground-based billing systems.
- Mermaid Diagram:
classDiagram class AircraftCabinGateway { <<Service Processor>> +PolicyEngine +TrafficShaper +AccessController +BillingAgent +SecureCommsModule } class PassengerDevice { -UserApps } class CrewDevice { -OperationalApps } class SatelliteLink { +BandwidthAllocation } class GroundBillingSystem { <<Service Controller>> +PolicyProvisioner +BillingReconciler +AuthService } PassengerDevice "1..*" --|> AircraftCabinGateway : Connects Via CrewDevice "1..*" --|> AircraftCabinGateway : Connects Via AircraftCabinGateway --|> SatelliteLink : Uplink/Downlink SatelliteLink --|> GroundBillingSystem : Data Transmit GroundBillingSystem "1" --|> AircraftCabinGateway : Policy Updates
4. Integration with Emerging Tech
Derivative 4.1: AI-Driven Predictive Policy Optimization with Contextual Awareness
- Enabling Description: The service processor integrates an on-device AI/ML inference engine. This engine continuously monitors real-time device usage patterns, application behavior, network conditions (e.g., latency, jitter, available bandwidth), user location, and calendar events. It then uses this contextual data to proactively adjust network service policies locally (e.g., traffic shaping parameters, application access priorities) without direct intervention from the remote service controller, aiming to optimize user experience, minimize costs, or conserve battery life according to a high-level user/provider preference profile. The AI model's decisions and resulting policy adjustments, along with their justifications, are securely reported to the service controller for validation and refinement of global policy models.
- Mermaid Diagram:
graph LR User_Input[User Preferences] --> AI_Engine Sensor_Data[Device Sensors (Location, Battery)] --> AI_Engine App_Usage[Application Usage Data] --> AI_Engine Network_Metrics[Network Performance Metrics] --> AI_Engine AI_Engine[On-Device AI/ML Inference Engine] -- Predictive Policy Adjustment --> SP_Policy_Enforcer[Service Processor Policy Enforcer] SP_Policy_Enforcer -- Enforce --> Network_Stack[Network Stack] AI_Engine -- Secure Report --> SC[Service Controller (Global Model Training)] SC -- Model Updates --> AI_Engine subgraph Mobile Device AI_Engine SP_Policy_Enforcer Network_Stack end
Derivative 4.2: IoT Sensor-Triggered Dynamic Policy Adjustments with Edge Computing Aggregation
- Enabling Description: The service processor operates as an edge computing node, aggregating data from nearby IoT sensors (e.g., in a smart home, smart factory, or vehicle). Policies are dynamically adjusted based on events detected by these sensors. For example, if a "home leave" sensor event is detected, the service processor might reduce streaming bandwidth to save data, or if a "security breach" sensor is triggered, it might prioritize uploading security camera footage. The service processor processes raw sensor data, applies local policies, and sends only processed, policy-relevant summaries and billing events to the remote service controller, minimizing upstream traffic and providing localized, real-time responses.
- Mermaid Diagram:
flowchart TD IoT_Sensors -- Raw Data --> SP_Edge[Service Processor (Edge Node)] SP_Edge -- Contextual Analysis --> Policy_Engine[Dynamic Policy Engine] Policy_Engine -- Policy Change --> Network_Stack[Network Stack] Network_Stack -- Shaped Traffic --> Internet SP_Edge -- Aggregated Reports --> SC[Service Controller] SC -- Policy Templates --> Policy_Engine subgraph IoT Gateway / Mobile Device SP_Edge Policy_Engine Network_Stack end
Derivative 4.3: Blockchain-Anchored Verifiable Policy Enforcement & Billing Records
- Enabling Description: The service processor utilizes a blockchain-based ledger for immutably recording policy application events, service usage metrics, and transaction billing events. Each policy enforcement action (e.g., blocking traffic, applying QoS), each reported data byte, or each payment initiation event generates a cryptographically signed transaction that is appended to a permissioned blockchain. The service controller and authorized third-party auditors can verify the integrity and immutability of these records by querying the blockchain, ensuring transparency and preventing tampering of billing or usage data. Smart contracts on the blockchain can automatically trigger policy adjustments or initiate payments based on verified usage thresholds.
- Mermaid Diagram:
sequenceDiagram participant Device_SP as Mobile Device (Service Processor) participant Service_Controller as Service Controller participant Blockchain_Network as Permissioned Blockchain participant Auditor as Third-Party Auditor Service_Controller->>Device_SP: Provision Policy (signed by SC) Device_SP->>Blockchain_Network: Record Policy Hash (Tx1) Device_SP->>Device_SP: Enforce Policy, Monitor Usage Device_SP->>Blockchain_Network: Record Usage Event (signed, Tx2) Device_SP->>Blockchain_Network: Record Billing Event (signed, Tx3) Service_Controller->>Blockchain_Network: Query Usage/Billing Records Auditor->>Blockchain_Network: Audit Policy Enforcement / Billing Blockchain_Network-->>Service_Controller: Verifiable Records Blockchain_Network-->>Auditor: Immutable Audit Trail
5. The "Inverse" or Failure Mode
Derivative 5.1: Fail-Safe Limited-Functionality Mode for Emergency Services
- Enabling Description: The service processor is designed with a "fail-safe" mode that activates under specific conditions, such as critical network congestion, device tampering detection, or expiration of a paid service plan. In this mode, all non-essential data services are immediately blocked, and traffic shaping prioritizes only emergency calls (e.g., 911/E911), location updates, and minimal data required for public safety applications. Access control policies default to allowing only white-listed emergency service providers. Billing is suspended or shifted to a predefined emergency tariff. This mode is enforced by a hardened, read-only kernel module within the service processor, making it resilient to further compromise.
- Mermaid Diagram:
stateDiagram-v2 state "Normal Operation" as Normal state "Fail-Safe (Emergency) Mode" as Emergency Normal --> Emergency: Critical Network Congestion Normal --> Emergency: Tamper Detected Normal --> Emergency: Service Plan Expired Emergency --> Normal: Conditions Cleared / Manual Override (Authorized) state Emergency { state "Prioritize Emergency Calls" as CallPriority state "Block Non-Essential Data" as BlockData state "Enable Location Services" as Location state "Suspend Normal Billing" as SuspendBilling [*] --> CallPriority CallPriority --> BlockData BlockData --> Location Location --> SuspendBilling SuspendBilling --> [*] }
Derivative 5.2: Low-Power Standby Mode with Asynchronous Policy Sync
- Enabling Description: For devices primarily operating on battery power or in deep sleep states (e.g., certain IoT modules, wearables), the service processor implements a "low-power standby" mode. In this mode, the service processor only periodically wakes up to perform essential tasks: brief bursts of secure communication with the service controller to asynchronously fetch policy updates, upload aggregated (and compressed) usage statistics, and maintain a minimal heartbeat. During active periods, full policy enforcement is operational, but during standby, all non-critical network activity is suppressed. Policies govern the wake-up intervals and data burst sizes to maximize battery life while maintaining policy relevance.
- Mermaid Diagram:
sequenceDiagram participant Device_SP as Mobile Device (Service Processor) participant SC as Service Controller loop Deep Sleep Cycle Device_SP->>Device_SP: Enter Low-Power Standby Device_SP-->>Device_SP: (Sleep) Device_SP->>Device_SP: Wake Up (Periodic/Event) Device_SP->>Device_SP: Authenticate & Establish Secure Link Device_SP->>SC: Request Policy Updates SC-->>Device_SP: Send Policy Updates Device_SP->>SC: Upload Aggregated Usage Data Device_SP->>Device_SP: Update Local Policies Device_SP->>Device_SP: Process Heartbeat / Status Device_SP->>Device_SP: Disconnect Secure Link Device_SP->>Device_SP: Enter Low-Power Standby end
Derivative 5.3: Limited Functionality "Guest" Mode with Usage-Based Micro-Billing
- Enabling Description: The mobile device can be configured into a "guest" or "limited functionality" mode, primarily for sharing or temporary usage by unauthorized individuals. In this mode, the service processor applies a highly restrictive set of default policies. These policies might include whitelisting only essential applications (e.g., web browser, maps), imposing strict data caps, restricting access to sensitive device features or personal data, and enabling a granular, usage-based micro-billing system. Any network activity beyond the basic allowance triggers an immediate micro-charge, which is securely reported and billed against a predefined payment method, without requiring full user authentication or service plan assignment.
- Mermaid Diagram:
flowchart TD Guest_User -- Access Device --> SP_Guest[Service Processor (Guest Mode)] SP_Guest -- Enforce Guest Policy --> App_Access[Application Access] SP_Guest -- Monitor Usage --> Usage_Tracker[Usage Tracker] Usage_Tracker -- Exceed Threshold --> Micro_Billing[Micro-Billing Agent] Micro_Billing -- Secure Report --> SC[Service Controller (Micro-Billing Platform)] SC -- Bill --> Payment_Gateway[Payment Gateway] SP_Guest -- Block --> Restricted_Features[Restricted Device Features] SP_Guest -- Whitelist --> Allowed_Apps[Whitelisted Applications] subgraph Mobile Device SP_Guest App_Access Usage_Tracker Micro_Billing Allowed_Apps Restricted_Features end
Combination Prior Art Scenarios with Open-Source Standards
Here are three scenarios combining the core concepts of US9491564 with existing open-source standards to demonstrate obviousness or non-novelty for potential future improvements.
1. Secure Device-Assisted Policy Management over OpenVPN/WireGuard
- Scenario: Implementing the secure communication link between the service processor and service controller using an existing open-source Virtual Private Network (VPN) standard like OpenVPN or WireGuard.
- Description: The service processor (as described in US9491564, enabling device-based policy implementation and verifiable reporting) establishes a secure, encrypted tunnel to the service controller using the OpenVPN or WireGuard protocol. The VPN client functionality is embedded within the service processor's secure element or trusted execution environment. Policy updates, verification messages, and billing events are transmitted exclusively over this VPN tunnel, leveraging the established security and authentication mechanisms (e.g., TLS/DTLS for OpenVPN, Noise Protocol Framework for WireGuard) of these open standards. The service controller runs a compatible VPN server to receive and process these secure communications. This combination would be obvious because it applies well-known secure tunneling techniques to protect the policy control plane.
- Mermaid Diagram:
sequenceDiagram participant Device_SP as Mobile Device (Service Processor) participant OpenVPN_Client as OpenVPN/WireGuard Client participant Network as Untrusted Network participant OpenVPN_Server as OpenVPN/WireGuard Server participant Service_Controller as Service Controller Device_SP->>OpenVPN_Client: Initiate Secure Policy Comm. OpenVPN_Client->>Network: Establish VPN Tunnel (Key Exchange, Auth) Network-->>OpenVPN_Server: (Encrypted Traffic) OpenVPN_Server-->>OpenVPN_Client: VPN Tunnel Established OpenVPN_Client->>Service_Controller: Send Policy Update / Usage Report (over VPN) Service_Controller->>OpenVPN_Client: Send New Policy / Acknowledge (over VPN) OpenVPN_Client->>Device_SP: Deliver Policy / Report Status
2. Verifiable Usage Reporting using OMA LwM2M with CoAP/DTLS
- Scenario: Employing the Open Mobile Alliance (OMA) Lightweight M2M (LwM2M) protocol, secured by CoAP over DTLS, for the service processor to report verifiable service usage and billing events to the service controller.
- Description: The service processor on the mobile device exposes its service usage metrics, policy enforcement status, and billing event data as LwM2M Objects and Resources. These objects are securely reported to the service controller (LwM2M Server) using Constrained Application Protocol (CoAP) messages, protected by Datagram Transport Layer Security (DTLS). LwM2M's standardized data model allows for efficient, low-bandwidth reporting suitable for various device types. The verifiability aspect of US9491564 (e.g., cryptographic signing of reports) is integrated by having the LwM2M client (service processor) sign the CoAP payloads before DTLS encryption, allowing the LwM2M Server to authenticate the source and integrity of the usage data. This combination is obvious as LwM2M is a widely adopted standard for managing and collecting data from resource-constrained IoT/mobile devices.
- Mermaid Diagram:
graph TD Device_SP[Mobile Device Service Processor] -- LwM2M Client --> CoAP_DTLS_Stack[CoAP/DTLS Stack] CoAP_DTLS_Stack -- Secure Messaging --> Internet Internet -- Secure Messaging --> CoAP_DTLS_Server[CoAP/DTLS Server] CoAP_DTLS_Server -- LwM2M Server --> Service_Controller[Service Controller] subgraph Device_SP LwM2M_Agent[LwM2M Agent] Usage_Monitor[Usage Monitor] Billing_Event_Gen[Billing Event Generator] Crypto_Signer[Cryptographic Signer] Usage_Monitor --> LwM2M_Agent Billing_Event_Gen --> LwM2M_Agent LwM2M_Agent -- Data --> Crypto_Signer Crypto_Signer -- Signed CoAP Payload --> CoAP_DTLS_Stack end subgraph Service_Controller LwM2M_Server[LwM2M Server] Report_Verifier[Report Verifier] Policy_Engine[Policy Engine] LwM2M_Server -- Signed Payload --> Report_Verifier Report_Verifier -- Verified Data --> Policy_Engine Policy_Engine -- New Policies --> LwM2M_Server end
3. Distributed Access Control with Open Policy Agent (OPA) and eBPF
- Scenario: Implementing device-side access control policies of US9491564 using the open-source Open Policy Agent (OPA) for policy decision making, and extended Berkeley Packet Filter (eBPF) for efficient, kernel-level enforcement on Linux-based mobile devices.
- Description: The service processor integrates a lightweight OPA agent (e.g.,
conftestorgatekeeperfor policy evaluation) that receives policy rules in Rego language from the service controller. When network traffic needs to be evaluated, OPA makes real-time access decisions (allow/deny) based on device context (user ID, application, time, location) and incoming policy rules. The actual enforcement of these decisions at the kernel level (e.g., dropping packets, redirecting traffic, applying QoS marks) is handled by eBPF programs dynamically loaded and attached to network interfaces. This allows for highly performant and flexible policy enforcement without modifying the kernel, and the policies themselves are declarative and auditable via OPA. This combination is obvious as OPA and eBPF are emerging standards for programmable and dynamic policy enforcement in cloud-native and Linux environments, readily applicable to mobile operating systems. - Mermaid Diagram:
graph LR SC[Service Controller] -- Rego Policies --> SP[Service Processor (Mobile Device)] SP -- Load Programs --> eBPF_Runtime[eBPF Runtime (Kernel)] subgraph Mobile Device SP App_Traffic[Application Traffic] Network_Interface[Network Interface] eBPF_Runtime OPA_Agent[OPA Agent (User Space)] App_Traffic --> Network_Interface Network_Interface -- Packet Interception --> eBPF_Runtime eBPF_Runtime -- Policy Query --> OPA_Agent OPA_Agent -- Decision --> eBPF_Runtime eBPF_Runtime -- Enforce/Pass --> Network_Interface SP -- Policy Update --> OPA_Agent end
Generated 5/25/2026, 8:26:03 PM