ON A MOBILE COMMUNICATION DEVICE VIA A PHONE LOCATION UNIT

FIELD OF THE INVENTION

The present invention relates generally to the field of managing access to software applications on a smartphone, and more particularly to managing such access for driver’s safety purposes.

BACKGROUND OF THE INVENTION

Automatically locating a mobile communication device within a defined volume is known in the art and has many applications. One known application refers to determining whether a mobile communication device is being used by a driver of a moving vehicle. Such a solution is described in U.S. Patent No. 10,075,581 which is incorporated herein by reference in its entirety. Further improvements to the localization of a mobile communication device within a defined volume have been described in U.S. Patent No. 10,557,917 which is also incorporated herein by reference in its entirety.

In some driver’s safety systems, access to software applications (“apps”) on the smartphone while driving may be restricted once the smartphone has been located to be within the driver’s canopy. However, while some software applications are regarded as entirely prohibited for use while driving (so-called “blacklisted software applications”) it is desirable that other software applications may be previously approved for use while driving (so-called “whitelisted software applications”).

In other use cases, the use of specific applications (blacklisted software applications) may be restricted to avoid the user to perform activities which may be forbidden in specific situations. Those blacklisted software applications may comprise video and audio recorders, video and audio players, gambling applications, messaging applications, and the like.

One method to restrict the use of blacklisted software applications is by allowing the whitelisted software applications to only be launched from a portal of the driver’s safety software application installed on the smartphone. The challenge is that once a whitelisted software application has been launched, the smartphone user may browse to other software applications which may be a blacklisted software application. This may be more challenging if the operating system does not provide an indication of which software application is currently running in the foreground of the smartphone or running in the background. SUMMARY OF THE INVENTION

In order to address the aforementioned challenge, it has been suggested by the inventors of the present invention, to use in some cases, a mechanism comprising a wireless communication channel between a phone location unit and the mobile communication device. This mechanism ensures that a whitelisted software application is repeatedly re-launched, thereby ensuring that a whitelisted software application is running in the foreground regardless of the application previously selected by the mobile communication device user.

According to some embodiments of the present invention, a method of restricting the access to at least one software application installed on at least one mobile communication device, in a defined volume, the method comprising: (a) determining the location of the at least one mobile communication device, relative to a frame of reference of the defined volume, by a phone location unit (PLU) enabled to locate mobile communication devices in the defined volume, wherein the location is based on at least one of: angle of arrival, time of flight, or received intensity of radio frequency (RF) signals transmitted by the at least one mobile communication device and received by the PLU, said PLU comprising a transceiver and antennas and further configured to communicate with the at least one mobile communication device over a wireless communication channel (e.g., Bluetooth/BLE, Wi-Fi, ZigBee, etc.); (b) receiving, by the phone location unit from the at least one mobile communication device, information related to active software applications installed on the at least one mobile communication device; (c) processing the received information and the location of the at least one mobile communication device; (d) making a decision to restrict access to at least one software application installed on the mobile communication device, said decision at least based on the received information and the at least one mobile communication device location, wherein said location is within a specific area within the defined volume; (e) communicating by the phone location unit with an access management software application installed on the at least one mobile communication device via the wireless communication channel; (f) instructing the access management software application in the at least one mobile communication device to activate a whitelisted software application; and repeating steps (a) to (c) and then repeating steps (d) to (f), wherein steps (d) to (f) are only repeated as long as the at least one mobile communication device is detected within the specific area and, based on the received information, the access to at least one software application installed on the at least one mobile communication, device needs to be restricted. BRIEF DESCRIPTION OF THE DRAWINGS

The subject matter regarded as the invention is particularly pointed out and distinctly claimed in the concluding portion of the specification. The invention, however, both as to organization and method of operation, together with objects, features, and advantages thereof, may best be understood by reference to the following detailed description when read with the accompanying drawings in which:

Figure 1 is a high-level block diagram illustrating a deployment of the system in accordance with embodiments of the present invention;

Figure 2A is a detailed block diagram illustrating an exemplary architecture of a mobile communication device in communication with a server in accordance with some embodiments of the present invention;

Figure 2B is a detailed block diagram illustrating an exemplary architecture of a phone location unit in accordance with some embodiments of the present invention; and

Figure 3 is a high-level flowchart illustrating a method for restricting access to software applications of a mobile communication device in accordance with embodiments of the present invention.

It will be appreciated that for simplicity and clarity of illustration, elements shown in the figures have not necessarily been drawn to scale. For example, the dimensions of some of the elements may be exaggerated relative to other elements for clarity. Further, where considered appropriate, reference numerals may be repeated among the figures to indicate corresponding or analogous elements.

DETAILED DESCRIPTION OF THE INVENTION

Prior to setting forth the detailed description of the invention, it may be helpful to provide herein definitions of certain terms that will be used hereinafter.

The terms “volume”, “defined volume” or “closed volume” as used herein are defined as any well- defined volume with boundaries that can be set or detected. The volume is typically a vehicle such as a car, bus, or truck, but can also be any other moving or fixed platform. The volume can also relate to a room such as a conference room, office, public area, high-security area, manufacturing plant, theater, a hospital, and the like. The volume can also relate to the volume surrounding the seats (e.g., a sphere of Im radius) of a motorcycle or a bicycle. The defined volume herein is in contrast with an open space or area whose boundaries cannot be easily defined.

The term “mobile communication device” as used herein is defined as any electronic device which is small enough to be carried by a person and further has radio frequency (RF) wireless communication capabilities. The mobile communication device is typically a phone such as a smartphone, a smartwatch, a laptop, a tablet, or a game console. The mobile communication device may support audio calls or transmitting and receiving data and may or not have a touchscreen.

The term “phone location unit” or PLU as used herein is defined as a hardware-based device typically including a set of RF receiving antennas placed in a known location within the defined volume, a receiver, and a computer processor. The PLU can locate a mobile communication device based on processing the RF signals received by its antennas.

The terms “memory” and “computer-readable storage medium” as used herein may refer to multiple structures, such as a plurality of memories or computer-readable storage mediums located within a mobile communication device or at a remote location. Additionally, one or more computer-readable storage mediums can be utilized in implementing a computer-implemented method. The term “computer-readable storage medium” should be understood to include tangible items and exclude carrier waves and transient signals.

The term “non-transitory computer-readable storage medium” as used herein, refers to any type of physical memory on which information or data readable by at least one processor can be stored. Examples include random access memory (RAM), read-only memory (ROM), volatile memory, nonvolatile memory, hard drives, CD ROMs, DVDs, flash drives, disks, any other optical data storage medium, a PROM, an EPROM, a FLASH-EPROM or any other flash memory, NVRAM, a cache, a register, any other memory chip or cartridge, and networked versions of the same. The term “processor” or “processing device” as used herein may include at least one processor configured to execute computer programs, applications, methods, processes, or other software to perform embodiments described in the present disclosure. For example, a processing device may include one or more integrated circuits, microchips, microcontrollers, microprocessors, all or part of a central processing unit (CPU), graphics processing unit (GPU), or other circuits suitable for executing instructions or performing logic operations. The processing device may include at least one processor configured to perform functions of the disclosed methods. The processing device may include a single-core or multiple-core processor executing parallel processes simultaneously. The processing device may be implemented using a virtual machine architecture or other methods that provide the ability to execute, control, run, manipulate, store, etc., multiple software processes, applications, programs, etc. In another example, the processing device may include a multiple-core processor architecture (e.g., dual, quad-core, etc.) configured to provide parallel processing functionalities to allow a device associated with the processing device to execute multiple processes simultaneously. It is appreciated that other types of processor architectures could be implemented to provide the capabilities disclosed herein.

In the following description, various aspects of the present invention will be described. For purposes of explanation, specific configurations, and details are set forth in order to provide a thorough understanding of the present invention. However, it will also be apparent to one skilled in the art that the present invention may be practiced without the specific details presented herein. Furthermore, well-known features may be omitted or simplified in order not to obscure the present invention.

Unless specifically stated otherwise, as apparent from the following discussions, it is appreciated that throughout the specification discussions utilizing terms such as “processing”, “computing”, “calculating”, “determining”, or the like, refer to the action and/or processes of a computer or computing system, or similar electronic computing device, that manipulates and/or transforms data represented as physical, such as electronic, quantities within the computing system's registers and/or memories into other data similarly represented as physical quantities within the computing system's memories, registers or other such information storage, transmission or display devices.

Figure 1 is a block diagram illustrating a system for restricting access to at least one software application, classified as a “blacklisted” software application, installed on communication device 20A-20C located within a defined or closed volume, such as a car 1, based on the communication devices 20A-20C location within the car 1. Referring to the depicted locations of the communication devices 20A-20C in the car 1, then the system may restrict access to at least one software application, classified as a “blacklisted” software application, to communication device 20A since it is located in the driver’s seat or canopy 50.

Alternatively, the system illustrated in Figure 1 may be used to allow access to software applications installed on communication device 20A-20C located within a defined or closed volume, provided that these software applications have been pre-approved for use by a driver while driving and are classified as “whitelisted software applications”.

According to some embodiments of the present invention, the localization of the mobile communication device 20A-20C by PLU 60 may be based on at least one of: angle of arrival (e.g., using directional antennas, monopulse antennas, antenna arrays, etc.), time of flight (e.g., using UWB round trip time measurements), or received intensity of radio frequency (RF) signals transmitted by the at least one mobile communication device 20A-20C and received by the PLU 60 which may include a transceiver (not shown) and a plurality of antennas 30A, 30B and further configured to wirelessly communicate with the at least one mobile communication device 20A- 20C.

According to some embodiments, the defined volume 1 is any type of vehicle such as a car, bus, or truck, but can also be any other moving or fixed platform. The volume can also relate to a room such as a conference room, office, public area, high-security area, manufacturing plant, theater, a hospital, and the like. The volume can also relate to the volume surrounding the seats (e.g., a sphere of Im radius) of a motorcycle or a bicycle.

According to some embodiments, restricting access to software applications installed on the mobile communication devices 20A-20C may depend on the motion status of the defined volume 1 (e.g., car, bus, or truck). For example, if the defined volume 1 is moving above a certain speed, access to some specific software applications may be restricted while when the defined volume 1 is stationary (e.g., the car 1 is parking), access to the same software applications may be allowed. According to some embodiments, the motion status of the defined volume 1, may be provided to the PLU 60 by one or more mobile communication devices 20A-20C, or estimated by the PLU 60 using its internal motion sensors (not shown) or, provided to the PLU 60 by the car 1 computer.

According to some embodiments, the location of the mobile communication devices 20A-20C by the PLU 60 is continuously performed, in order to detect changes in the location of the mobile communication devices 20A-20C in the defined volume (e.g., car) 1. For example, if the mobile communication device 20A located in the driver’s canopy 50, is moved to another part of the car (e.g., back seats), then restricting access to “blacklisted” software applications may now be allowed. On the contrary, mobile communication devices 20A-20C which may be moved to the driver’s canopy 50 will now be subject to access restrictions to “blacklisted” software applications. According to some embodiments, the number, type, and location of the PLU 60 antennas 30A-30B may depend on the location technology or technologies used by the PLU 60 to locate mobile communication devices 20A-20C inside the defined volume 1. For example, when using Angle- of-Arrival technology to locate the mobile units 20A-20C, the antenna 30A-30B may comprise two or more elements. Alternatively, if the location technology is based on received signal strength (RSSI), then single-element antennas may be installed in different parts of the car 1 (e.g., front dashboard and back seats).

Figure 2A shows an exemplary block diagram of the configuration of a mobile communication device 20 and a server 80.

With regard to the mobile communication device 20, and according to some embodiments, the mobile communication device 20, directly or indirectly, may access a bus 200 (or another data transfer mechanism) that interconnects subsystems and components for transferring information within the mobile communication device 20. For example, bus 200 may interconnect a processing device 202, a memory interface 204, and a peripherals interface 208 connected to an I/O system 210. A power source 209 provides the power to the mobile communication device and it may include a primary or a rechargeable battery (not shown), DC-DC converters (not shown) and other components required for the proper operation of the device 20.

In some embodiments, processing device 202 may use a memory interface 204 to access data and a software product stored on a memory device 234 or any type of a non-transitory computer- readable medium device.

According to some embodiments, the long-range wireless communication interface 270 and antenna 271 may provide two-way data communication to a wide-area network 274 (e.g., cellular network). According to some embodiments, the local-area wireless communication interface 272 and antenna 273 may provide two-way data communication to a wireless local-area network 275 (e.g., Wi-Fi, Bluetooth, BLE, ZigBee networks).

According to some embodiments, either one of the communication interfaces 270, 272 may provide access to the Internet. The specific design and implementation of the network interfaces 270, 272 may depend on the communications network(s) over which the mobile communication device 20 is intended to operate. In any such implementation, the long-range wireless communication interfaces 270, and the local-area wireless communication interface 272 may be configured to send and receive electrical, electromagnetic, or optical signals that carry digital data streams representing various types of information.

According to some embodiments, the antennas 271, 273 may comprise one or more elements and may be of any type appropriate to their respective communication interface 270, 272.

According to some embodiments, the peripherals interface 208 may also be connected to sensors, devices, and subsystems to facilitate multiple functionalities. In one embodiment, the peripherals interface 208 may be connected to an I/O system 210 configured to receive signals or input from devices and to provide signals or output to one or more devices that allow data to be received and/or transmitted by the mobile communication device 20. In one example, the I/O system 210 may include a touchscreen controller 212, audio controller 214, which may be connected to a microphone 220 and/or speaker/buzzer 222; and/or other types of input controller(s) 216 which may control other input control devices (e.g., switches and buttons) 224. The touchscreen controller 212 may be coupled to a touchscreen 218. The touchscreen 218 and the touchscreen controller 212 may, for example, detect contact, and movement, using any of a plurality of touch sensitivity technologies, including but not limited to capacitive, resistive, infrared, and surface acoustic wave technologies as well as other proximity sensor arrays or other elements for determining one or more points of contact with the touchscreen 218. The touchscreen 218 may also, for example, be used to implement virtual or soft buttons and/or a keyboard. While a touchscreen 218 is shown in Figure 2A, I/O system 210 may include a display screen (e.g., LCD or LED) in place of a touchscreen 218.

According to some embodiments, the peripherals interface 208 may also be connected to an image sensor 226, a motion sensor 228, a light sensor 230, and/or a proximity sensor 232 to facilitate image capturing, orientation, lighting, and proximity functions. In addition, a GPS receiver may also be integrated with, or connected to, the mobile communication device 20, such as GPS receivers typically integrated into mobile communications devices. Alternatively, GPS software may permit the mobile communication device 20 to access an external GPS receiver (e.g., connecting via a serial port or Bluetooth).

Consistent with the present disclosure, the mobile communication device 20 may use a memory interface 204 to access a memory device 234. The memory device 234 may store an operating system 236, such as Android, MS Windows, Linux, or any other embedded operating system. The operating system 236 may include instructions for handling basic system services and for performing hardware-dependent tasks. In some implementations, the operating system 236 may be a kernel (e.g., Linux kernel).

The memory device 234 may also store communication instructions 238 to facilitate communicating with one or more additional devices, one or more computers, and/or one or more servers. The memory device 234 may include: graphical user interface (GUI) instructions 240 to facilitate graphic user interface processing; sensor processing instructions 242 to facilitate sensor- related processing and functions; phone instructions 244 to facilitate phone-related processes and functions; electronic messaging instructions 246 to facilitate electronic-messaging -related processes and functions; web browsing instructions 248 to facilitate web browsing-related processes and functions; media processing instructions 250 to facilitate media processing -related processes and functions; GPS/navigation instructions 252 to facilitate GPS and navigation-related processes and instructions; capturing instructions 254 to facilitate processes and functions related to image sensor 226.

According to some embodiments of the present invention, an access management software application 258 may restrict access to one or more blacklisted software applications 261 and control the selective access to one or more whitelisted software applications 260 that are installed on memory device 234. Whitelisted software applications 260 are a subset of all the software applications (not shown here) that have been installed on memory device 234 and may have been approved for launching while driving.

Each of the above-identified instructions and applications may correspond to a set of instructions for performing one or more functions described above. These instructions do not necessarily need to be implemented as separate software programs, procedures, or modules. The memory device 234 may include additional instructions or fewer instructions. Furthermore, various functions of the mobile communication device 20 may be implemented in hardware and/or software, including in one or more signal processing and/or application-specific integrated circuits.

According to some embodiments, a PLU 60 may communicate with a mobile communication device 20 through a local-area communication interface 272 (e.g., BLE) and instruct the access management software application 258 to restrict access to a blacklisted software application 261. According to some embodiments, restricting access to a blacklisted software application 261 may be performed by instructing the access management software application 258 to activate a whitelisted software application 260. According to some embodiments, once the whitelisted software application 260 is activated by the access management software application 258, the whitelisted software application 260 may, after a short time (e.g., several seconds), return the mobile communication device 20 to its home screen. According to some embodiments, the classification of the mobile communication device software applications as whitelisted 260 or blacklisted 261 may be performed by a server 80.

According to some embodiments, the list of whitelisted 260 and/or blacklisted 261 software applications may be transferred from the server 80 to either the mobile communication device 20 or the phone location unit 60 or both.

According to some embodiments, at least one of the software applications in the list of whitelisted 260 and/or blacklisted 261 software applications may comprise attributes that provide an additional classification level that may be used to allow or restrict access to that at least one software application. According to some embodiments, those attributes may comprise:

• Motion status of the defined volume, including speed

• Time of day (e.g., day or night)

• Visibility conditions and weather

• Emergency situation (e.g., evacuation conditions)

• Geographical area (e.g., urban area or rural area)

• Defined volume characteristics (e.g., vehicle, security area, school)

• User’s profile (e.g., age, security person, etc.)

• Number of persons in a vehicle (e.g., bus) including profile (e.g., children)

As may be apparent to the skilled in the art, the applications classification and level of access restriction may be fully dynamic and continuously be adapted to the current situation in which the defined volume and the persons are. In addition, many other use cases and combinations of parameters may be used to classify software applications, all under the scope of the present invention. According to some embodiments, the whitelisted software application 260 classification may be limited by time.

Still referring to Figure 2A, and according to some embodiments of the present invention, a server 80 for managing the access to software applications installed on at least one mobile communication device 20 within a defined volume, based on the mobile communication device 20 locations, is illustrated herein. In one embodiment, server 80, directly or indirectly, may access a bus 280 (or another data transfer mechanism) that interconnects subsystems and components for transferring information within the server 80. For example, the bus 280 may interconnect a processing device 282, a memory interface 284, a network interface 286, and a peripherals interface 288 connected to an I/O system 210. Server 80 may comprise a power source (not shown).

According to some embodiments, the server 80 may be in communication 290 with the mobile communication device 20 through a wide-area network 274 (e.g., a cellular network) and/or a wireless local-area network 275 (e.g., a Wi-Fi network) and/or the phone location unit (PLU) 60.

According to some embodiments, the server 80 may classify software applications that may be installed on a mobile communication device 20 to whitelisted 260 or blacklisted 261. As previously described, the server 80 may also add attributes to one or more software applications that will be used to allow or restrict access to those applications.

In accordance with some embodiments of the present invention, the server 80 may include a network interface 286 configured to receive, from a PLU 60, a location of the at least one mobile communication device 20A-20C, relative to a frame of reference of the defined volume 1.

Server 80 may further include a processing device 282; and a memory interface 284 comprising a set of instructions that when executed on the processing device 282, causes the processing device 282 to send to the at least one mobile communication device 20 via a network interface, instructions to restrict access to at least one blacklisted software application 261 installed on the at least one mobile communication device 20, whenever the at least one mobile communication device is detected by the PLU 60 to be within a specific area 50 within the defined volume 1.

Processing device 282 may include at least one processor configured to execute computer programs, applications, methods, processes, or other software to perform embodiments described in the present disclosure.

In some embodiments, processing device 282 may use a memory interface 284 to access data and a software product stored on a memory device or a non-transitory computer-readable medium or to access a data structure 186.

According to some embodiments, the network interface 286 may provide two-way data communication to a network. In Figure 2A, the communication 290 between the mobile communication device 20 and server 80 is represented by a dashed arrow. In one embodiment, the network interface 286 may include an integrated services digital network (ISDN) card, cellular modem, satellite modem, or a modem to provide a data communication connection over the Internet. As another example, the network interface 286 may include a wireless local-area network (WLAN) card. In another embodiment, the network interface 286 may include an Ethernet port connected to radio frequency receivers and transmitters. The specific design and implementation of the network interface 286 may depend on the communications network(s) over which the mobile communication device 20 and the server 80 may communicate.

According to some embodiments, the server 80 may also include a peripherals interface 288 coupled to the bus 280. The peripherals interface 288 may also be connected to devices, and subsystems to facilitate multiple functionalities as performed by the server 80. In some embodiments, those devices and subsystems may comprise a display screen (e.g., CRT or LCD) a USB port, and the like.

The components and arrangements shown in Figure 2 A for both the server 80 and the mobile communication device 20 are not intended to limit the disclosed embodiments. As will be appreciated by a person skilled in the art having the benefit of this disclosure, numerous variations and/or modifications may be made to the depicted configuration of the server 80 and the mobile communication device 20. For example, not all the depicted components may be essential for the operation of server 80 or the mobile communication device 20 in all cases. Any component may be located in any appropriate part of the server 80, and the components may be rearranged into a variety of configurations while providing the functionality of the disclosed embodiments. For example, some types of mobile communication devices 20 may include only part of the depicted sensors and include sensors which are not depicted.

Referring now to Figure 2B, and according to some embodiments of the present invention, a phone location unit 60 for locating mobile communication devices 20A-20C within a defined volume 1 and for managing the access to software applications installed on at least one mobile communication device 20 within a defined volume 1, based on the mobile communication device 20 locations, is illustrated herein.

In one embodiment, Phone Location Unit 60 may comprise a processing unit 602 which may control the Phone Location Unit 60, at least one RF transceiver or receiver 603 coupled 609 to the processing unit 602 and coupled to a plurality of antennas 604A, 604B, 604C and 604D, an inertial measurement unit (IMU) 607 such as an accelerometer, magnetometer or, gyroscope, a buzzer 608 for providing audio notifications, and a DC/DC converter 606 that may provide the required power to each of the Phone Location Unit 60 functions. The coupling 609 between the at least one RF transceiver or receiver 603 and processing unit 602 may consist of a digital data bus, comprising sampled data from an Analog-to-Digital component (not shown) in the receiver 603. The A/D samples may be processed by the processing unit 602 to detect and locate the source of the received wireless signals 613.

According to some embodiments, the processing unit 602 may also interface with a memory device

610. The memory device 610 may include high-speed random-access memory and/or non-volatile memory such as one or more magnetic disk storage devices, one or more optical storage devices, and/or flash memory (e.g., NAND, NOR). The memory device 610 may store an operating system, such as Android, MS Windows, Linux, or any other embedded operating system. The operating system may include instructions for handling basic system services and for performing hardwaredependent tasks. In some implementations, the operating system may be a kernel (e.g., Linux kernel).

The memory device 610 may also store communication instructions to facilitate communicating with one or more additional devices, one or more computers, and/or one or more servers. The memory device 610 may include: graphical user interface instructions to facilitate graphic user interface processing; sensor processing instructions to facilitate sensor-related processing and functions; signal processing instructions to facilitate signal processing algorithms and functions; electronic messaging instructions to facilitate electronic-messaging related processes and functions; web browsing instructions to facilitate web browsing-related processes and functions; media processing instructions to facilitate media processing -related processes and functions; GPS/navigation instructions to facilitate GPS and navigation-related processes and instructions; and/or other software instructions to facilitate other processes and functions.

In some embodiments, the DC/DC converter may also be connected to an external power source

611. According to one embodiment, the external power source is a vehicle’s battery.

According to some embodiments, a mobile communication device 20 within a defined volume 1 (e.g., vehicle’s cabin) in which the antennas 604A, 604B, 604C, and 604D are deployed and operative to receive wireless signals 613 transmitted by the mobile communication device 20, may be located in a predetermined area 50 (e.g., driver’s seat area) inside the defined volume 1.

According to one embodiment, the antennas 604A, 604B, 604C, and 604D may be installed in different places in the volume in order to create space diversity for the received wireless signals 613 transmitted within the volume. The places in which those antennas 604A, 604B, 604C and 604D are installed may have a significant influence on the phone location unit 60 performance and its ability to locate a mobile communication device 20 in a predetermined area (e.g., driver’s seat area or passenger’s area). According to one embodiment, the placement of the antennas 604A, 604B, 604C and 604D may be optimized to locate mobile communication devices 60 in the driver’s seat area 50.

According to one embodiment, the Phone Location Unit 60 may further comprise an embedded short-range wireless communication transceiver (e.g., an IEEE802.Ha/b/g/n/ac/ad WLAN and/or BT/BLE transceiver) 630. The short-range wireless communication transceiver 630 may comprise an antenna 631 (internal or external) and may be connected 632 to the processing unit 602. In one embodiment, the short-range wireless communication transceiver 630 may communicate 633 with a mobile communication device 20 in the communication range. According to one embodiment, the short-range wireless communication 633 may be performed through an IEEE802.Ha/b/g/n/ac/ad Access Point, hub, gateway or the like (not shown).

In one embodiment, the at least one RF transceiver or receiver 603 may be programmed to receive signals in the frequency band of the wireless signals 613 transmitted by the mobile communication device 20. The architecture of the RF transceiver or receiver 603 may differ among different implementations of the Phone Location Unit 60. In one embodiment, it may comprise a low noise amplifier (LNA), bandpass filters, a synthesizer, a mixer, an IQ demodulator, low pass filters, and analog-to-digital converters. The sampled baseband signals may be transferred 609 to a processing unit 602 to be further processed.

The processing unit 602 may perform the samples collection process until enough signal samples from each of the antennas 604A, 604B, 604C, and 604D are collected in order to estimate the location of the mobile communication device 20 in the defined volume 1.

According to one embodiment of the present invention, the Phone Location Unit 60 may utilize one of the following methods, or any combination of them, to estimate the location of the mobile communication device 20 in a defined volume and/or detect its presence in a predetermined area:

• Received Signal Strength Indicator (RSSI)

• Channel fingerprinting: Estimating the mobile communication device location by correlating measured values of RF parameters at each antenna or combination of multiple antennas to fingerprint values in a radio map.

• Time Differential-Of- Arrival (TDOA): Estimating the location of the mobile communication device 20 by multilateration of hyperbolae.

• Round-Trip time (RTT): Estimating the location of the mobile communication device 20 by multilateration of circles. • Angle-Of-Arrival (AOA) / Direction-Of-Arrival (DOA) technology: Estimating the angle or direction of arrival at each of the antennas or relative phase shift of the received wireless signals 613 transmitted by the mobile communication device and then using this information to locate the device.

The above-described networks may be implemented in different wireless networks including radio access network (RAN), IEEE802.Ha/b/g/n/ac/ad network, IEEE802.15.4, IEEE802.16 network, general packet radio service (GPRS) network, HiperLAN), and/or other packet-based wireless networks, code-division multiple access (CDMA) network, time division multiple access (TDMA) network, global system for mobile communications (GSM) network, EDGE, and GPRS), 3G, LTE or 5G, 6G and/or other wireless networks.

In accordance with some embodiments of the present invention, the PLU 60 may determine the location of at least one mobile communication device 20, relative to a frame of reference of a defined volume 1, wherein the location is based on at least one of: angle of arrival, time of flight, or received intensity of radio frequency (RF) signals transmitted by the at least one mobile communication device 20 and received by the PLU 60, said PLU comprising one or more transceivers or receivers 603 and one or more antennas 604A, 604B, 604C and 604D and further configured to communicate with the at least one mobile communication device 20 over a wireless local-area network 275 (e.g., Bluetooth/BLE, Wi-Fi, ZigBee, etc.); may receive from the at least one mobile communication device 20 information related to active software applications installed on the at least one mobile communication device 20; and may process the received information and the location of the at least one mobile communication device 20; and then make a decision to restrict access to at least one software application installed on the mobile communication device 20, said decision at least based on the received information from the at least one mobile communication device 20 and the at least one mobile communication device 20 location, wherein said location is within a specific area within the defined volume 1, and communicate with an access management software application 258 installed on the at least one mobile communication device 20 via the wireless local-area network 275 (e.g., Bluetooth/BLE), and instruct the access management software application 258 in the at least one mobile communication device 20 to activate a whitelisted software application 260. According to some embodiments, the last three steps (i.e., making a decision, communicating with an access management software application 258, and instructing the access management software application 258 to restrict access to a software application), may be repeated as long as the at least one mobile communication device 20 is detected within the specific area and, based on the received information from the mobile communication device 20.

Figure 3 depicts a high-level flowchart illustrating a method 300 for restricting access to software applications installed on a mobile communication device 20, via a phone location unit (PLU) 60 in a defined volume 1.

Method 300 is started 310 in the Phone Location Unit 60 and may include the following subsequent steps: determining the location 320 of at least one mobile communication device, relative to a frame of reference of the defined volume, by a phone location unit (PLU) 60, receiving, by the phone location unit from the at least one mobile communication device 330, information related to active software applications installed on the at least one mobile communication device. Those two activities are independent and may be performed in parallel and asynchronously. Once the previous activities 320, 330 have been performed, the PLU 60 may start processing the received information and the location of the at least one mobile communication device 340. According to some embodiments, activities 320, 330, and 340 may be performed by one or multiple software threads. According to some embodiments, activity 340 may start processing any new input received (i.e., determining a new location 320 of the at least mobile communication device or receiving new information related to active software applications installed on the at least one mobile communication device 330).

Processing 340 the location determined in step 320 and the received information related to active software applications received in step 330 may be required to determine if the mobile communication device 20 is located within a specific area 50 and the access to at least one software application installed on at least one the mobile communication device 20 needs to be restricted 350. If the answer to the question in step 350 is negative 351 (i.e., no need to restrict access to a software application in the mobile communication device 20), then the process goes back to activities 320 and 330, waiting for new information (i.e., determining a new location 320 of the at least mobile communication device or receiving new information related to active software applications installed on the at least one mobile communication device 330).

Alternatively, if the answer to the question in step 350 is positive 352, method 300 may continue by starting the process to restrict access to at least one SW application installed on the mobile communication device.

The steps to restrict access to at least one SW application installed on the mobile communication device may start by communicating (by the PLU 60) with an access management software application installed on the at least one mobile communication device via a wireless communication channel 370. The wireless communication channel may be a short-range wireless communication channel (e.g., Bluetooth/BLE). Communicating with the access management software application installed on the at least one mobile communication device may require several retries in case the communication fails. Method 300 may continue by checking if the communication with the access management software application is successful 372. According to some embodiments, the PLU 60 may retry this operation up to three times and at intervals of a few seconds. In case all the communication attempts fail 375, then method 300 goes back to activities 320 and 330 waiting for new information (i.e., determining a new location 320 of the at least mobile communication device or receiving new information related to active software applications installed on the at least one mobile communication device 330). Alternatively, if at least one communication attempt is successful 373 and the communication with the access management software application installed on the at least one mobile communication device is established, method 300 may continue by instructing the access management software application in the at least one mobile communication device to activate a whitelisted software application 380. Instructing the access management software application 380 in the at least one mobile communication device may be performed using a local wireless communication channel.

After instructing the access management software application in the at least one mobile communication device to activate a whitelisted software application 380 the process in method 300 is restarted (step 381) to detect any new event related to the determined location 320 of the mobile communication device and/or the reception of information related to active software applications 330.

According to some embodiments, the process in method 300 may be performed continuously or following the occurrence of some events. For example, those events may comprise activating the ignition key in a vehicle, entering into a specific area, after a specific time in the day, etc.

According to some embodiments of the present invention, a method of restricting access to at least one software application installed on at least one mobile communication device, in a defined volume, the method comprising: a. determining the location of the at least one mobile communication device, relative to a frame of reference of the defined volume, by a phone location unit (PLU) enabled to locate mobile communication devices in the defined volume, wherein the location is based on at least one of: angle of arrival, time of flight, or received intensity of radio frequency (RF) signals transmitted by the at least one mobile communication device and received by the PLU, said PLU comprising a transceiver and antennas and further configured to communicate with the at least one mobile communication device over a wireless communication channel; b. receiving information related to active software applications installed on the at least one mobile communication device; c. processing the received information and the location of the at least one mobile communication device; d. making a decision to restrict access to at least one software application installed on the mobile communication device, said decision at least based on the received information and the at least one mobile communication device location, wherein said location is within a specific area within the defined volume; e. communicating by the phone location unit with an access management software application installed on the at least one mobile communication device via the wireless communication channel; f. instructing the access management software application in the at least one mobile communication device to activate a whitelisted software application; and g. repeatedly performing steps a-c and then steps d-f, wherein steps d-f are only performed as long as the at least one mobile communication device is detected within the specific area and, based on the received information, the access to at least one software application installed on the at least one mobile communication device, needs to be restricted.

According to some embodiments of the present invention, a method of restricting access to at least one software application installed on at least one mobile communication device, in a defined volume, the method comprising: a. determining the location of the at least one mobile communication device, relative to a frame of reference of the defined volume, by a phone location unit (PLU) enabled to locate mobile communication devices in the defined volume, wherein the location is based on at least one of: angle of arrival, time of flight, or received intensity of radio frequency (RF) signals transmitted by the at least one mobile communication device and received by the PLU, said PLU comprising a transceiver and antennas and further configured to communicate with the at least one mobile communication device over a wireless communication channel; b. reporting by the phone location unit to an access management software application in the at least one mobile communication device, information related to the mobile communication device location within the defined volume; c. obtaining information related to the active software applications installed on the at least one mobile communication device; d. processing by the at least mobile communication device the information related to the active software applications and the at least one mobile communication device location; e. making a decision to restrict access to at least one software application installed on the mobile communication device, said decision at least based on the information related to the active software applications and the at least one mobile communication device location, wherein said location is within a specific area within the defined volume; f. activating by the access management software application in the at least one mobile communication device a whitelisted software application; and g. repeatedly performing steps a-d and then steps e-f, wherein steps e-f are only performed as long as the at least one mobile communication device is detected within the specific area and, based on the information related to the active software applications, the access to at least one software application installed on the at least one mobile communication device, needs to be restricted.

According to some embodiments, the classification of the mobile communication device software applications as whitelisted or blacklisted is performed by a server. According to some embodiments, the server may be in communication (e.g., through the cellular network or a Wi-Fi network) with the mobile communication device and/or the phone location unit (PLU).

According to some embodiments, the list of whitelisted and/or blacklisted software applications is transferred from the server to either the mobile communication device or the phone location unit, or both.

According to some embodiments of the present invention, the method of restricting access to at least one software application installed on at least one mobile communication device makes use of a short-range wireless communication channel in accordance with Bluetooth short-range wireless technology standard.

According to some embodiments, if the short-range wireless communication channel is not available for communicating with the at least one mobile communication device, the phone location unit may use an alert mechanism to notify the user that a blacklisted software application may be in use. According to some embodiments, the alert mechanism may comprise the activation of a buzzer, voice messages over the vehicle’s multimedia, and the like.

According to some embodiments, the defined volume is one of a vehicle, a conference room, a school, a law court, a theater, a casino, a hospital, an industrial area, a risk area, and a security area. According to some embodiments, the defined volume is a vehicle and the specific area is a driver’s canopy within the vehicle.

According to some embodiments, processing the received information and the location may further include processing additional information at least comprising one of: motion status of the defined volume, user’s profile, a geographical area in which the defined volume is located, time of day, elapsed time since last activated access control restriction, emergency status, and any combination thereof.

According to some embodiments, the classification of software applications installed on the mobile communication device as whitelisted or blacklisted may depend on the speed of the defined volume (e.g., a vehicle). For example, when the vehicle is moving at a high speed more software applications may be classified as blacklisted. In other cases, and according to some embodiments, the combination of the vehicle’s speed and geographical area may be used for classification. According to some embodiments, in crowded areas and while driving, more software applications may be classified as blacklisted while in open areas, the level of restriction may be lower.

According to some embodiments, variable restriction criteria may be used at different times of the day (i.e., be more restrictive during the night when the visibility may be lower), or in difficult weather conditions.

As may be apparent to the skilled in the art, the applications classification and level of access restriction may be fully dynamic and continuously adapted to the current situation in which the defined volume and the persons are.

According to some embodiments, emergencies may influence on the level of restriction of some specific applications. For example, navigation applications may be classified as whitelisted to allow users to evacuate risk areas. As may be apparent to the skilled in the art, many other use cases and combinations of parameters may be used to classify applications, all under the scope of the present invention. According to some embodiments, said whitelisted software classification may be limited by time.

According to some embodiments, the decision to restrict access to at least one software application installed on the mobile communication device is related to at least one of: an application that requires observing a screen of the mobile communication device by a user, an application that requires typing on screen of the mobile communication device by the user, a video camera, an audio recording application, an audio reproduction application, cellular, BT/BLE or Wi-Fi communication, and any combination thereof. According to some embodiments of the present invention, a method of restricting access to at least one software application installed on at least one mobile communication device, in a defined volume, the method comprising: a. determining the location of the at least one mobile communication device, relative to a frame of reference of the defined volume, by a phone location unit (PLU) enabled to locate mobile communication devices in the defined volume, wherein the location is based on at least one of: angle of arrival, time of flight, or received intensity of radio frequency (RF) signals transmitted by the at least one mobile communication device and received by the PLU, said PLU comprising a transceiver and antennas and further configured to communicate with the at least one mobile communication device over a wireless communication channel; b. reporting by the phone location unit to a server in communication with the phone location unit, information related to the mobile communication device location within the defined volume; c. obtaining information related to the active software applications installed on the at least one mobile communication device; d. reporting to the server, wherein said server is further in communication with the at least one mobile communication device, information related to the active software applications installed on the at least one mobile communication device; e. processing by the server the information related to the active software applications and the at least one mobile communication device location; f. making a decision to restrict access to at least one software application installed on the mobile communication device, said decision at least based on the information related to the active software applications and the at least one mobile communication device location, wherein said location is within a specific area within the defined volume; g. communicating by the server with an access management software application in the at least one mobile communication device, wherein said communicating comprises instructions to activate a whitelisted software application in the at least one mobile communication device; h. activating by the access management software application in the at least one mobile communication device a whitelisted software application; and i. repeatedly performing steps a-e and then steps f-h, wherein steps f-h are only performed as long as the at least one mobile communication device is detected within the specific area and, based on the information related to the active software applications, the access to at least one software application installed on the at least one mobile communication device, needs to be restricted. According to some embodiments, only the mobile communication device may have communication with the server and the information related to the mobile communication device location within the defined volume may be transferred by the phone location unit to the mobile communication device which then may transfer it to the server.

As may be apparent to the skilled in the art, making the decision to restrict access to at least one software application installed on the mobile communication device may be performed on different platforms including the PLU, mobile communication device, vehicle’s computer, and server.

According to some embodiments of the present invention, a system for restricting the access to at least one software application installed on at least one mobile communication device, in a defined volume, the system comprising: a PLU configured to determine the location of the at least one mobile communication device, relative to a frame of reference of the defined volume, by a phone location unit (PLU) enabled to locate mobile communication devices in the defined volume, wherein the location is based on at least one of: angle of arrival, time of flight, or received intensity of radio frequency (RF) signals transmitted by the at least one mobile communication device and received by the PLU, said PLU comprising a transceiver and antennas and further configured to communicate with the at least one mobile communication device over a wireless communication channel; and wherein said phone location unit is operative to receive from the at least one mobile communication device, information related to active software applications installed on the at least one mobile communication device, and wherein said phone location unit comprises a memory comprising a set of instructions that when executed on at least one computer processor of the phone location unit causes the at least one computer phone location unit to: a. make a decision to restrict access to at least one software application installed on the mobile communication device, said decision at least based on processing the received information and the at least one mobile communication device location, wherein said location is within a specific area within the defined volume; b. communicate with an access management software application installed on the at least one mobile communication device via the wireless communication channel; c. instruct the access management software application in the at least one mobile communication device to activate a whitelisted software application; and d. repeatedly perform steps a-c as long as the at least one mobile communication device is detected within the specific area and, based on the received information, access to at least one software application installed on the mobile communication device, needs to be restricted.

According to some embodiments of the present invention, a non-transitory computer-readable medium in a phone location unit (PLU) for restricting access to software applications installed on at least one mobile communication device in a defined volume, the computer-readable medium comprising a set of instructions that when executed cause at least one computer processor in the phone location unit to: a. estimate by the PLU, a location of the at least one mobile communication device, relative to a frame of reference of the defined volume, based on at least one of: angle of arrival, time of flight, or received intensity of radio frequency (RF) signals transmitted by the at least one mobile communication device and received by the PLU located within the defined volume and comprising a transceiver and antennas and further configured to communicate with the at least one mobile communication device over a wireless communication channel; b. receive by the phone location unit from the at least one mobile communication device, information related to active software applications installed on the at least one mobile communication device; c. process the received information and the location of the at least one mobile communication device; d. make a decision to restrict access to at least one software application installed on the mobile communication device, said decision at least based on the received information and the at least one mobile communication device location, wherein said location is within a specific area within the defined volume; e. communicate with an access management software application installed on the at least one mobile communication device via the wireless communication channel; f. instruct the access management software application in the at least one mobile communication device to activate a whitelisted software application; and g. repeatedly perform steps a-c and then steps d-f, wherein steps d-f are only performed as long as the at least one mobile communication device is detected within the specific area and, based on the received information, the access to at least one software application installed on the at least one mobile communication device, needs to be restricted. According to some embodiments of the present invention, a non-transitory computer-readable medium in at least one mobile communication device in a defined volume, said non-transitory computer-readable medium comprising a set of instructions for restricting access to software applications installed on the at least one mobile communication device, the set of instructions that when executed cause at least one processor in the at least one mobile communication device to: a. receive, through a wireless communication channel from a phone location unit, information related to the location of the at least one mobile communication device relative to a frame of reference of the defined volume, wherein said location is based on at least one of: angle of arrival, time of flight, or received intensity of radio frequency (RF) signals transmitted by the at least one mobile communication device and received by the PLU located within the defined volume and comprising a transceiver and antennas and further configured to communicate with the at least one mobile communication device over a wireless communication channel; b. obtain information related to active software applications installed on the at least one mobile communication device; c. process the received information and the location of the at least one mobile communication device; d. make a decision to restrict access to at least one software application installed on the mobile communication device, said decision at least based on the received information and the at least one mobile communication device location, wherein said location is within a specific area within the defined volume; e. activate, by an access management software application installed on the at least one mobile communication device, a whitelisted software application; and f. repeatedly perform steps a-c and then steps d-e, wherein steps d-e are only performed as long as the at least one mobile communication device is detected within the specific area and, based on the received information, the access to at least one software application installed on the at least one mobile communication device, needs to be restricted.

It is further understood that some embodiments of the present invention may be embodied in the form of a system, a method, or a computer program product. Similarly, some embodiments may be embodied as hardware, software, or a combination of both. Some embodiments may be embodied as a computer program product saved on one or more non-transitory computer-readable medium (or mediums) in the form of computer-readable program code embodied thereon. Such non- transitory computer-readable medium may include instructions that when executed cause a processor to execute method steps in accordance with embodiments. In some embodiments, the instructions stored on the computer-readable medium may be in the form of an installed application and in the form of an installation package.

Such instructions may be, for example, loaded by one or more processors and get executed. For example, the computer-readable medium may be a non-transitory computer-readable storage medium. A non-transitory computer-readable storage medium may be, for example, an electronic, optical, magnetic, electromagnetic, infrared, or semiconductor system, apparatus, device, or any combination thereof.

Computer program code may be written in any suitable programming language. The program code may execute on a single computer system, or on a plurality of computer systems.

One skilled in the art will realize the invention may be embodied in other specific forms without departing from the spirit or essential characteristics thereof. The foregoing embodiments are therefore to be considered in all respects illustrative rather than limiting the invention described herein. The scope of the invention is thus indicated by the appended claims, rather than by the foregoing description, and all changes that come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein.

In the foregoing detailed description, numerous specific details are set forth in order to provide an understanding of the invention. However, it will be understood by those skilled in the art, that the invention can be practiced without these specific details. In other instances, well-known methods, procedures, and components, modules, units, and/or circuits have not been described in detail so as not to obscure the invention. Some features or elements described with respect to one embodiment can be combined with features or elements described with respect to other embodiments.