Description of Invention

THE PRESENT application relates to a telecommunication device or mobile device management system. The mobile device management system manages the use of resources such as functionality and applications on a mobile device. The mobile device has an operating system and a number of applications which run on the device. The device also has functionality which may be provided in the form of specific applications or less formally as functionality.

The mobile device may be configured with resources: a general set of applications and functionality, examples of which comprise: a telephone application, GPS receiver functionality, a messaging application; an email client application; a web browser application; and a calendar application.

Typically, the applications or functionality are shown as respective tiles or icons on the screen of the mobile device.

In normal use of the mobile device, for example as a mobile telephone, the device is operated by a user in accordance with the settings or options applied to the device. When a user selects a new application for launching (or switching back to a launched application), then the application is launched within the mobile device environment or the application is already running so the mobile device interface simply switches to display the selected running application. The mobile device user can save telephone numbers in their address book or contact list, receive incoming calls, consult their calendar (another app), review their address book (another app), review images held in a media rendering application or media gallery application (another app), and manipulate data between the relevant apps (functionality).

Mobile telephones may or may not operate with a SIM card but network access is restricted by the absence of a SIM card . Even so, users are permitted to make emergency calls to emergency numbers. Because a mobile device without a SIM card is not authorised to make calls, access to the network is prohibited by the network operators.

The use of mobile devices, such as mobile telephones, tablets and the like is not authorised or tolerated in certain environments. For example, in hospitals, the use of electronic equipment such as mobile devices is discouraged . Accommodation providers such as hotels sometimes use mobile telephone jammers to effectively disable the use of mobile devices within their confines. These solutions to preventing use of mobile telephone equipment are heavy- handed and lack refinement. There is a need for a mechanism for managing mobile telephone use, the use of mobile devices and the use of applications on those devices. Preferably, the technical solution for managing such mobile devices should take a granular approach rather than a heavy-handed, all-or- nothing approach. Mobile devices are not managed effectively. In the corporate or fleet environment, business-only phones are being used outside core business hours for non-business related purposes, paid for by the business owners. In the educational environment, parents provide their ch ildren with mobile devices to maintain contact and make arrangements. However the mobile devices can be used in school hours. School children with mobile devices are able to be distracted from their studies by incoming calls or text messaging one another. Schools waste vast amounts of time and effort attempting to kerb mobile phone use in school hours or on school premises.

The present invention seeks to provide a solution to the above issues.

Accordingly, one aspect of the present invention provides a mobile device management system for managing the functionality of a mobile device comprising a managed mobile device and a mobile device management source, wherein the mobile device comprises: a plurality of resources resident on the mobile device; an operating system resident on the mobile device controlling the functionality, settings and options of the mobile device and operation of the resources of the mobile device; and an access and control module resident on the mobile device and operable to instruct the operating system to manage the functionality of the mobile device in response to settings provided by a configuration update received from a remote source, a specified resource of the mobile device being controlled in a mode dictated by the configuration update, wherein the mobile device management remote source comprises: a configurator operable to create the configuration update, wherein the configuration update defines 1 ) a restriction and 2) an action comprising the application of that restriction to one or more specified resources resident on the mobile device being managed.

So that the invention may be more clearly understood, embodiments thereof will now be described, by way of example only and with reference to the accompanying figures, in which:

Figure 1 is a schematic overview of a system embodying the present invention; Figure 2 is a schematic representation of a management server embodying the present invention; Figure 3 is a schematic representation of a mobile device embodying the present invention; Figure 4 is a schematic view of a Bluetooth proximity-based restriction gateway for use with embodiments of the present invention; and

Figure 5 is a schematic representation of a map of a school area with two users of mobile devices 4' and 4" embodying the present invention.

FIGURE 1 is a schematic over-view of an infrastructure for enabling a mobile device management system embodying the present invention depicting a mobile device management remote source comprising a management server 1 . A user computer 2 and user mobile device 3, and a plurality of managed mobile devices 4, 4' and 4" and a plurality of mobile devices 5, 5' and 5" which may or may not be the same as mobile devices 3, 4, 4' and 4" are connected to the server 1 .

The server 1 comprises a user interface for communicating with external devices such as user computers 2, user mobile devices 3 and managed entity device 4 , 4' and 4". Preferably, the server communicates with the user computer 2 over the internet and communicates with mobile devices over the public switched telephone network which can be a wired network, a wireless network, a bespoke network or any combination of the above operated by a wireless network operator or a wired network operator or any combination thereof.

The server 1 further comprises a database containing various user account details, one for each user but containing details of one or more mobile devices 4, 4' and 4" which are to be managed by the system. In figure 2, the server 1 further comprises a calendar or timetable module on wh ich various restrictions can be entered for potential appl ication to the managed devices 4. The restrictions are provided to the mobile device in the form of a configuration update, discussed below. This example is concerned with timetable-based restrictions. Other restrictions based on other conditions are disclosed later. Time-based periods can be set on the calendar each with a start time and an end time. When a period is entered on the calendar a restriction flag is applied for the entered period. Details of the restrictions are held in the calendar associated with each managed device or entity.

The server 1 further comprises an action module which lists resources which may be available on the managed devices. Access to the resources can be selectively denied or allowed, prohibited or permitted . The action is to be applied during the period of the restriction flag. The deny list also comprises an allow list for mobile device resources which are allowed during a time period with a restriction flag.

Together, the mechanism on the server 1 for setting up restrictions, actions and the resources to which they apply comprises a configurator.

An action is determined by an allow/deny/exception resource allocator which appl ies the action from the configuration update to one or more of the resources resident on the mobile device being managed. The allocation of an "allow" action to a resource permits access by the managed mobile device to the resource save for one or more predetermined exceptions. The allocation of a "deny" action to a resource prohibits access by the managed mobile device to the resource save for one or more predetermined exceptions. An example of a resource of one of the managed devices, access to which is to be controlled is an application or a functional element or functionality of the mobile device. Applications can be the mobile telephone, the address book, the calculator, messaging functionality, email, web browser or any other application. The "options" or "settings" on a mobile device can be considered as a user interface or setting the parameters of operation of the operating system of the mobile device. The "options" functionality of any mobile device is on the deny list held in the server so as to prevent a managed entity from changing the options or settings and thereby by altering the parameters of the operating system. Parameters within an application can also be controlled via the deny/allow list. For example, certain telephone numbers can be called from a managed mobile device 4 if those telephone numbers are exceptions to the deny list. The telephone number can be regarded as a parameter of the mobile telephone application - a subset or sub-module of the mobile telephone application. In this way not only is access to the top level of a resource controlled but also granularity is provided allowing control of sub-sets of functionality of the application.

The server 1 also carries a program installer which can deliver a preferably headless application to a mobile device 4 to be managed for deployment on that mobile device and installation as a background application. The headless application is an access and control module.

A new user of the system needs to sign up and provide their email address and a telephone number in order to receive communications on both those media so that the user identity can be correctly verified. Accordingly, the user account information in the data base will include at least user email and user telephone number as well as other user/related details. A new user is sent a link to an IP address of the server 1 via email from the server 1 , and in particular, the user interface, and separately and independently an SMS security code to a mobile telephone device of the user. The mobile telephone device 2 of the user may be a smart phone having both email functionality and telephone functionality/SMS functionality, in which case the same device can be used to receive both initial sign-up communications from the server 1 .

The new user enters the security code delivered by SMS when prompted by the linked web page and this verifies the identity of the new user. The new user is then presented with various options including a request to provide identification information of the mobile device 4 to be managed . Mobile devices al l carry a un iq ue IM E I n u mber ( I nternational Mobile Equipment Identity) and if the mobile device is network-enabled, there will be a SIM card or other subscriber identifier and an associated mobile telephone number. The user enters the IMEI number and the telephone number of the mobile device 4 to be managed into the user computer 2 which transmits this managed device information to the server 1 . The managed device information is stored against a record for that managed device within the new user's account which is held on the same data base.

The user also selects and enters an override pass code into the computer 2 and th is information is also sent to the server 1 to be stored against a managed device record in the user account data base. The server 1 accesses the calendar functional ity and restriction flag functionality and renders the calendar for a particular managed device on the user computer 2 and allows for manipulation of restrictions on the calendar. Start and end periods within each day are set and wherever a restriction is set, a restriction flag is attached to that time period. Restrictions can also be set which are not time-based but which are location-based, expenditure-based, call-log-based or other user-based requests. Examples of restrictions are time-based restrictions; timetable-based restriction s ; geo-location-based restrictions; proximity-based restrictions; usage-based restrictions; tariff-based restrictions; battery condition restrictions; data storage capacity restrictions; weather-based restrictions; and mobile-device-sensed-conditions restrictions. Restriction examples can also be expressed as : a predetermined temporal schedule; a detected location of the mobile device; a proximity of the mobile device to an electronic device; a request for installation of a functional sub- module; a request for removal of a functional sub-module; a remote user triggering a predetermined condition; a keyword identified in content received by the mobile device; a keyword identified in one of the functional sub-modules of the mobile device; and a keycode entered into one of the functional sub- modules of the mobile device.

This particular example uses a calendar to attach restriction flags to timetable periods. Other examples can use a map and attach restrictions to certain geographic locations such as, for example, within the grounds of a school or hospital, restriction flags can also be expenditure-based so that when expenditure exceeds a designated threshold, then a restriction flag is applied. Similarly, a restriction flag can be applied when the call-log for a specific telephone number has exceeded a designated duration threshold. For example, person A has spoken for 1 hour to person B and anything over 1 hour exceeds the threshold and attached a restriction flag. Restriction flags can be applied based on combinations of these criteria. Examples of resources are as follows: a telephone application; an address book application; a calculator application; a calendar application; a camera application; a browser application; a document creation application; an email application; a messaging application; an installer application; a trash or recycle bin function; a media gallery application; a media player application; location- based services application; GPS functionality activation; airplane mode activation; and wireless connectivity, including Bluetooth or any other form of proprietary wireless communication, near-field/far-field RF contactless communication; and any proprietary applications operable on the mobile device. Geo-location can be effected by using GPS data derived from the mobile device itself (for GPS-enabled devices) or it can be provided by marker data so when a managed devices goes into proximity to a particular Bluetooth signature this indicates that the managed device is at a known location and the restriction flag can be applied. All the entrances to a hospital or school could be provided with "Bluetooth gateways" which do not log the presence of the mobile device but the mobile device logs the proximity of the Bluetooth gateway and reports this proximity to the server 1 or to the management programme running on the mobile device. Figure 5 shows managed entity A carrying managed device 4 outside the Geo- location of a building. The device 4 is not within a prescribed area so no action will be taken. Managed entity B is within the grounds of restricted area, such as a school or hospital building as determined by the GPS location of the mobile device 4'. Device 4' consults its known location against its restriction flags and identifies a Geo-restriction flag causing access to be denied to selected resources indicated on the managed entity record.

Returning to the technical features required behind the set-up process, the user account and more particularly the managed entity record is populated with the restriction flags determined by the user for the managed device 4', 4".

The restriction flags and associated actions for the respective resources can be altered at a later time as can the other details associated with the managed entity. A significant technical advantage is that when a managed entity changes their mobile device having lost their previous device or upgraded to another device, all that needs to be done is to update the IMEI number and all the restriction flags and settings relevant to that managed entity are behind the replacement mobile device.

The server 1 holds restriction data specifying that a restriction applies in a certain time period or at a certain location or when a certain amount of expenditure has been exceeded or when call duration/usage has been exceeded. The server 1 also holds action data for respective resources, the deny/allow/exception data identifying which resources of the mobile device 4 access is to be managed by being denied or allowed and the relevant exceptions. The deny/allow data also includes exceptions to the deny/allow items. For example, in a restricted time period outgoing telephone calls are denied but incoming telephone calls are allowed. In the same restricted time period, outgoing calls to the user/identified accepted numbers may be allowed, for example to the user themselves or to other "safe" numbers.

In this case, the resource which is restricted is the mobile telephone application or functionality and the deny/allow list denies or allows use of the mobile telephone application during the restriction flag period and allows exceptions to the ru les so that predeterm ined n u mbers (appl ication parameters) can be used by the resource, the mobile telephone application. Content management can also be achieved in the same way where the resource of the mobile device comprises the web browser and the parameters of that resource comprise the web pages or domains to which the managed device is allowed access during a restricted period . Specific websites or domains used by the web browser application are sub-modules which can be individually controlled. Likewise, the messenger application on a device can be denied totally during a restricted period or an exception can be incorporated allowing the mobile device to message the school, for example. The managed devices 4, 4', 4" preferably comprise mobile telephone devices or tablet devices which are web-enabled and which can provide voice-over IP (VOIP) for video conferencing facilities.

The management program is an access and control module resident on the mobile device which is provided as an application on the mobile device and comprises preferably a headless application meaning that its tile or icon does not appear on any of the device screens and the program is configured as an always on/always running application which always loads on the start-up of the mobile device. The management program sits on the mobile device and identifies what mobile device resources are being utilised or are being requested and upon any request for a new resource or to use a running resource, the management programme identifies if there are any restriction flags in place during the current operating conditions, (time-based, location- based, expenditure-based, call-log-duration-based) and applies any actions (deny/allow/exception criteria) to the resource - if there is a restriction flag.

The mobile device carries within the programme or accessible by the programme a secure data base or look-up table on the mobile device. The management programme consults with the stored restriction and deny/allow/exception criteria and determines whether the requested resource is the subject of a restriction and permits or denies that resource to the user in accordance with the deny/allow criteria. The mobile device may not store any configuration update data and may interrogate periodically a remote source for the current set of restrictions and actions. Alternatively, the mobile device can store just the restrictions and if a restriction applies (i.e. the conditions of the restriction are met by the mobile device at that time), then the device can interrogate a remote source for the corresponding action from the configuration update. Alternatively, both elements of the configuration update are stored on the mobile device for application to resources on the mobile devices. This is the most preferred scenario since the mobile device does not need to poll for configuration updates but can operate in a stand-alone fashion without need for a communication connection.

The restriction flags and deny/allow/exclusion lists are maintained on the mobile device and are periodically refreshed by referencing the restriction and deny/allow/exclusion criteria set on the managed devices record in the user account data base held on the server 1 - i.e. the configuration update is refreshed. Any edits of the restriction flags and their associated actions made on the server 1 by the user are transmitted to the mobile device and enabled on the mobile device and stored on the mobile device for access by the management program. The refresh period can be every 15 minutes, half-an- hour, hourly, daily, weekly or on demand. The restriction flag and action (deny/allow/exclusion) data can be "pushed" to the mobile device for subsequent use on the mobile device. In a case where particular resources are restricted or denied to a user of the mobile device 4 during a certain time period or when in a designated location or having exceeded a call-log duration threshold or an expenditure threshold, then the management program is operable to hide any icon or tile relating to that denied resource from the display of the mobile device during the period whilst the restriction is active. Thus, during a restriction period, apps or other resources which a mobile device is denied use are not available for selection by the user. This approach removes the need for a check to be carried out by the mobile device to determine whether or not there is a restricted period in progress. If there is a restricted period in progress and it is applicable to certain resources, then those resources will not be visible to the user. If there is not a restriction period in progress, then the available resources to the user will be displayed on the mobile device display for the user's selection.

An embodiment of the invention provides a mobile device management system for managing the functionality of a mobile device comprising a managed mobile device and a mobile device management source, wherein the mobile device comprises: a plurality of resources resident on the mobile device; an operating system resident on the mobile device controlling the functionality, settings and options of the mobile device and operation of the resources of the mobile device; and an access and control module resident on the mobile device and operable to instruct the operating system to manage the functionality of the mobile device in response to settings provided by a configuration update received from a remote source, a specified resource of the mobile device being controlled in a mode dictated by the configuration update, wherein the mobile device management remote source comprises: a configurator operable to create the configuration update, wherein the configuration update defines 1 ) a restriction and 2) an action comprising the application of that restriction to one or more specified resources resident on the mobile device being managed.

In embodiments, the remote source further comprises a user interface operable to transmit the configuration update to the managed mobile device.

In embodiments, 1 ) a restriction is selected from one or more of the following restrictions: time-based restrictions; timetable-based restrictions; geo-location- based restrictions; proximity-based restrictions; usage-based restrictions; tariff- based restrictions; battery condition restrictions; data storage capacity restrictions; weather-based restrictions; and mobile-device-sensed-conditions restrictions. In embodiments, 2) an action si determined by an allow/deny/exception resource allocation applies the action from the configuration update to one or more of the resources resident on the mobile device being managed, wherein: allocation of an "allow" action to a resource permits access by the managed mobile device to the resource save for one or more predetermined exceptions; and allocation of a "deny" action to a resource prohibits access by the managed mobile device to the resource save for one or more predetermined exceptions. In embodiments, the resource of the mobile device is controlled in a mode dictated by the configuration update comprises at least one application or function of the mobile device selected from the following resources: a telephone application, a cellular telephone connection; a microphone and/or speaker functionality; an address book application; a calculator application; a calendar application; a camera application; a browser application, cellular data connection; a document creation application; an email application; a messaging application; an installer application; a trash or recycle bin function; a media gallery application; a media player application; a location-based services application; GPS functionality activation, determining a location of the mobile device; airplane mode activation; wireless connectivity, including Bluetooth or any other form of proprietary wireless communication, near- field/far-field RF contactless communication; and any proprietary applications operable on the mobile device. In embodiments, the operating system controls launching and/or allowing user interface with resources of the mobile device.

In embodiments, access to at least one of content and connectivity on the mobile device is not available to at least one resource of the mobile device in a partially restricted mode dictated by a configuration update. In embodiments, access to at least one of content and connectivity on the mobile device is not available to all resources of the mobile device in a restricted mode dictated by a configuration update save for one or more predetermined exceptions.

In embodiments, the access and control module has a partial override facility to instruct the operating system to deny or allow access to resources of the mobile device, with one or more predetermined exceptions. In embodiments, the access and control module has a general override facility to instruct the operating system to deny or allow access to resources without predetermined exceptions.

In embodiments, the override facility is enabled by user input of an override code on a user interface of the managed mobile device.

In embodiments, the the user input override code comprises one or more of: user entry of a passcode; user gesture input; voice recognition input; and biometric data input.

In embodiments, the the configuration update is operable to carry the user input override code.

In embodiments, the resource resident on the managed mobile device has a functional sub-module and the configuration update defines 1 ) a restriction and 2) an action comprising the application of that restriction to the sub-module.

In embodiments, the access and control module on the mobile device disables access to and/or prohibits changing of at least one of the operating system, the functionality, the settings and/or the options of the mobile device. In embodiments, the remote source comprises a remote control and access management system in communication with the mobile device, the remote control and access management system being operable by a user to manage the configurator.

In embodiments, the remote source includes the configurator.

In embodiments, the remote source is remotely located from the mobile device being managed and from the configurator.

In embodiments, the configurator is a web-based portal operable to access the remote source. In embodiments, the configurator is an application operable to provide the configuration update to the remote source. In embodiments, the configuration update is pushed to the access and control module on the mobile device and applied by the access and control module.

In embodiments, the remote source is operable to transmit an override configuration update to the managed mobile device to deny or allow access to resources of the mobile device, with no, one or more predetermined exceptions.

In embodiments, the access and control module is resident on the mobile device and is provided as a headless application configured as an always on/always running application which loads on start-up of the mobile device.

In embodiments, in any of the mobile device modes, access to at least emergency services is available. In embodiments, the at least one of emergency connectivity and content comprises at least one of: connectivity to an emergency contact number and connectivity or content for a predetermined whitelist of predetermined exceptions.

In embodiments, the access and control module resident on the mobile device stores at least the restriction from the configuration update and checks if a condition imposed by the restriction is true or not and, if true, applies the action to one or more of the resources resident on the mobile device being managed.

In embodiments, the access and control module resident on the mobile device stores the action from the configuration update and, if the condition of the restriction is true, applies the action to one or more of the resources resident on the mobile device being managed.

In embodiments, the access and control module resident on the mobile device does not store the action: if the condition of the restriction is true, then the access and control module interrogates a remote source to determine the action of the configuration update and applies the action to one or more of the resources resident on the mobile device being managed. In embodiments, the location of the mobile device is determined by at least one of: cell tower triangulation, proximity to a wireless network router or access point of known IP address and hence location, proximity to an identified wireless device of known location; and using GPS receiver functionality on the mobile device to provide proximity- or location-based information to compare with restrictions on the mobile device.

In embodiments, the remote source comprises a user interface for displaying an interface of the mobile device as viewed by a user of the mobile device. Another aspect of the device provides a mobile device managed by a mobile device management remote source, wherein the mobile device comprises: a plurality of resources resident on the mobile device; an operating system resident on the mobile device controlling the functionality, settings and options of the mobile device and operation of the resources of the mobile device; and an access and control module resident on the mobile device and operable to instruct the operating system to manage the functionality of the mobile device in response to settings provided by a configuration update received from a remote source, a specified resource of the mobile device being controlled in a mode dictated by the configuration update. A further aspect of the present invention provides a mobile device management remote source comprising: a configurator operable to create a configuration update, wherein the configuration update defines 1 ) a restriction and 2) an action comprising the application of that restriction to one or more specified resources resident on a mobile device to be managed.

In embodiments, the mobile device is a mobile telephone, a laptop, a netbook, a tablet or a mobile computer.

A further aspect of the present invention provides a method for managing the functionality of a mobile device from a mobile device management remote source, wherein the mobile device comprises: a plurality of resources resident on the mobile device; an operating system resident on the mobile device; and an access and control module resident on the mobile device, the mobile device management remote source comprising: a configurator operable to create a configuration update, the method comprising: creating a configuration update defining 1 ) a restriction and 2) an action comprising the application of that restriction to one or more specified resources resident on the mobile device; receiving the configuration update at the mobile device, the operating system of the mobile device controlling the functionality, settings and options of the mobile device and operation of the resources of the mobile device; the access and control module instructing the operating system to manage the functionality of the mobile device in response to settings defined in the configuration update; and controlling a specified resource of the mobile device in a mode dictated by the configuration update. In embodiments, the method pushes the settings defined in the configuration update to the access and control module on the mobile device; and applies the settings for the access and control module.

One embodiment provides a system for controlling access to at least one of content and connectivity by a mobile device, the mobile device comprising: an access and control module; an operating system module; and at least one functional submodule, the device being operable in one of a number of device modes: an unrestricted mode, a partially restricted mode and a restricted mode, wherein: access to content and connectivity is available to the operating system module and all functional sub-modules of the mobile device in the unrestricted mode; access to at least one of content and connectivity is not available to the operating system module and/or at least one functional sub- module of the mobile device in the partially restricted mode; and access to content and connectivity is not available to all functional submodules of the mobile device in the restricted mode; wherein the device mode is switchable between at least two of the device modes based on settings for the access and control module.

In embodiments, a functional sub-module comprises an application module.

Embodiments further comprise a remote control and access management system in communication with the mobile device, the remote control and access management system being operable by a user to manage the settings for the access control module of the mobile device. In embodiments, the settings managed in the remote control and access management system are pushed to the access and control module on the mobile device and applied to the settings for the access and control module. In embodiments, the settings for the access and control module cause the device mode to switch between at least two of the unrestricted mode, the partially restricted mode and the restricted mode in response to at least one of the following triggers: a predetermined temporal schedule; a detected location of the mobile device; a proximity of the mobile device to an electronic device; a request for installation of a functional sub-module; a request for removal of a functional sub-module; a remote user triggering a predetermined condition; a keyword identified in content received by the mobile device; a keyword identified in one of the functional sub-modules of the mobile device; and a keycode entered into one of the functional sub-modules of the mobile device.

In embodiments, access to content and connectivity remains available to the operating system module in the restricted mode. In embodiments, the functional sub-modules comprise at least one of the following: an address book; a calculator; telephone calls; a calendar; a camera; a browser; a document client; an email client; a messaging client; a media player; location services; Bluetooth connectivity; wireless connectivity; and any proprietary applications operable on the mobile device.

In embodiments, connectivity comprises at least one of the following: a cellular data connection; a cellular telephone connection; determining a location of the mobile device; a wireless connection; optically derived data; and audibly derived data. In embodiments, in any of the device modes, access to at least one of:

dedicated emergency connectivity; and content is available.

In embodiments, the at least one of emergency connectivity and content comprises at least one of: connectivity to an emergency contact number and connectivity or content for a predetermined whitelist of functional sub-modules.

In embodiments, the location of the mobile device is determined by at least one of: cell tower triangulation, proximity to WiFi networks and using a GPS sensor.

In embodiments, the mobile device is operable to send notification data to a user by at least one of: a text message, an email, an RSS feed and a social network feed; wherein the notification data comprises at least one of: data identifying a trigger causing the device mode to switch between at least two of the unrestricted mode, the partially restricted mode and the restricted mode; the settings applied to the access and control module; and data identifying the time and date of a trigger. Embodiments further comprise the mobile device. In embodiments, the mobile device is at least one of a mobile telephone and a mobile computer.

In embodiments, the remote control and access management system comprises a user interface for displaying an interface of the mobile device as viewed by a user of the mobile device.

Embodiments comprise a method for controlling access to at least one of content and connectivity by a mobile device, the mobile device comprising: an access and control module; an operating system module; and at least one functional submodule, the device being operable in one of a number of device modes: an unrestricted mode, a partially restricted mode and a restricted mode, wherein: access to content and connectivity is available to the operating system module and all functional sub-modules of the mobile device in the unrestricted mode; access to at least one of content and connectivity is not available to the operating system module and/or at least one functional sub- module of the mobile device in the partially restricted mode; and access to content and connectivity is not available to all functional submodules of the mobile device in the restricted mode; the method comprising: switching between at least two of the device modes based on settings for the access and control module.

In embodiments, a functional sub-module comprises an application module.

In embodiments, the settings for the access and control module are managed in a remote control and access management system and the method further comprises: pushing the settings managed in the remote control and access management system to the access and control module on the mobile device; and applying the settings for the access and control module.

In embodiments, the settings for the access and control module cause the device mode to switch between at least two of the unrestricted mode, the partially restricted mode and the restricted mode in response to at least one of the following triggers: a predetermined temporal schedule; a detected location of the mobile device; a proximity of the mobile device to an electronic device; a request for installation of a functional sub-module; a request for removal of a functional sub-module; a remote user triggering a predetermined condition; a keyword identified in content received by the mobile device; a keyword identified in one of the functional sub-modules of the mobile device; and a keycode entered into one of the functional sub-modules of the mobile device. In embodiments, the method further comprises: sending notification data to a remote user by at least one of: a text message, an email, an RSS feed and a social network feed; wherein the notification data comprises at least one of: data identifying a trigger causing the device mode to switch between at least two of the unrestricted mode, the partially restricted mode and the restricted mode; the settings applied to the access and control module; and data identifying the time and date of a trigger.

Preferred features of embodiments include:

• Disable/enable/trigger specific aspects of mobile device functionality

when conditions are met

o Example conditions: hours of the day, days of the week

o Example functionality: accessibility/use of

applications/functionality/sensors (e.g. calls, SMS, internet, cameras to take snapshots, Bluetooth, WiFi, GPS)

· White and black-lists of apps on the mobile device:

o blacklists list applications that may not be used when certain conditions are met

o whitelists include applications that may be used

• Notification system for the remote user(s), notifications may include:

o New applications installed

o New contacts

o New websites

o New SMS and/or call data

o Location information (e.g. via GPS, cell triangulation, WiFi access points)

• A management portal for one or multiple devices which can be

monitored remotely and can be used to review all of the above

information and has additional functionality such as:

o remote installation and/or removal of applications

o a mirrored view of the phone content/applications

o read/write data from/to sensors on the phone (e.g. camera, WiFi, GPS, Bluetooth),

o Remote lockdown

o Management portal may have multiple users and users may include temporary users (e.g. child minder) that has only

temporary or limited access

o All actions and activity on the mobile device may be logged

• Proximity/location functionality including lock-down (e.g. by GPS

location, presence of Bluetooth devices, WiFi networks, etc).

• Emergency features such as panic alarms and emergency numbers that can be used in both lock-down and unlocked modes.

• Reporting any of the above information periodically or as it changes to a user, for example by email, RSS, SMS, social networking or any

other means. Mobile Application Implementation Overview

What is Concentr8te?

Concentr8te is a multi-platform mobile phone application that restricts the use of a mobile phone by blocking certain parts of its functionality, such as incoming and outgoing calls, SMS, BBM, email, internet etc... times and dates are easily configured through the phone or through our web site.

Why use Concentr8te?

Mobile phones in today's society are fast becoming a major distraction for employees and pupils in schools and at home. Our studies show that many pupils in secondary education admit to using their phones whilst in class. In England alone if Concentr8te saved one minute a day with every child owning a phone from being distracted in class, this has a saving in lost education to the Government amounting to £44,397,937.09 per annum, not to mention the educational benefits! Who would use Concentr8te?

Concentr8te can be used for both personal and business purposes, anyone that uses a mobile phone and is easily distracted from what they are doing will benefit by using Concentr8te, from school children, parents, drivers, machine operators etc...

How does Concentr8te work?

Concentr8te can be downloaded onto your mobile phone as an Application through BlackBerry App World. Once Concentr8te is installed onto your mobile phone, you will then be able to set times and dates when you wish to block functions in your phone. For example, you drive to and from work every day and know that your mobile distracts you. You would then set your normal travel time within the application to block out calls and texts or you may be a University Student that keeps being distracted by your phone when studying. Concentr8te can also be configured by a third party such as parents, from our web site, this is to stop school children or employees having access to the application and gives the parents or employer full control of Concentr8te.

Concentr8te cannot be deleted from the phone outside the application, this is secured through a personal security PIN or through the web site. Concentr8te allows for up to 5 emergency overriding numbers (999 as default) to be pre-set within the application for emergency communication.

Working example of Concentr8te

Secondary School pupil's routine configured in Concetr8te

06:55 Phone unlocks for:

a, Wake up alarm at 07:00

b, Travel to school

08:30 Phone locks for start of school registration

12:00 Phone unlocks for lunchtime

13:00 Phone locks for class time

15:00 Phone unlocks for travel home 17:00 Phone locks for homework

18:00 Phone unlocks

21 :00 Phone locks for bedtime

Total Available Market (TAM)

The total available market for Concentr8te is too large to comprehend, especially when you consider that Concentr8te is a GLOBAL solution to every, secondary school pupil, driver, University Student or any other applicable user that owns a mobile phone.

Revenues Streams (Brief)

There are multiple revenue streams from the application:

1 . Initial cost of the application (£x+ extra bolt on solution subscriptions)

2. Re-occurring annual charge (£y)

3. Advertising

4. Manufacturer exclusivity



When used in th is specification and claims, the terms "comprises" and "comprising" and variations thereof mean that the specified features, steps or integers are included . The terms are not to be interpreted to exclude the presence of other features, steps or components.

The features disclosed in the foregoing description, or the following claims, or the accompanying drawings, expressed in their specific forms or in terms of a means for performing the disclosed function, or a method or process for attaining the disclosed result, as appropriate, may, separately, or in any combination of such features, be utilised for realising the invention in diverse forms thereof.