TECHNICAL FIELD

The embodiments herein relate to systems for management of access to services, such as content services, SaaS:s (Software-as-a-Service) or the like. In particular, a method and a mobile entity for enabling access to a service, e.g. providing content and/or a function, a method and a server for managing access to a service, e.g. providing content and/or a function, and a method and a system for providing a service, e.g. providing content and/or a function, to at least a first mobile entity and are disclosed herein.

BACKGROUND

On the Internet, using various network technologies, access to content is given based on which user attempts to access the content. For example, subscribers to a video streaming service are granted access to view the videos provided by the video streaming service.

In other cases, a particular Guick Response (OR) code, or Radio Frequency Identification (RFID) tag, can be read by a reading device, such as a smartphone or the like, which depending on the data stored, such as an Uniform Resource Locator (URL), invokes e.g. a webpage. In another examples, the URL may be transferred to the reading device via Bluetooth technology.

In prior art, the reading device can also write new information if the tag allows this, but the tag itself is passive and has no calculation means. Hence, it has no way to alter its own data.

With Bluetooth, communication over various distances, typically up to some tens of meters, can be achieved and data in both transmitter and receiver can be altered. Communication is negotiated securely and defines a master - slave relation between the devices involved. In special cases, so called Bluetooth broadcast may be used, which allows for one transmitter to send to many receivers.

Wthin a single device, access to content may be given if the correct key is provided. For example, encrypted content in a memory of e.g. a tablet-computer may only be assessed when the correct key, or password, has been entered. Similarly, for functions in a computer- program, e.g. installed on the tablet-computer, may only be accessed, or unlocked, when the user has entered an unlock password, which may have been bought from a company promoting, and selling, the installed computer-program.

Even if the abovementioned technologies have their own special benefits and use cases, there are situations in which increased flexibility and other functions and benefits are required. SUMMARY

An object of the embodiments herein may thus be to at least enable provision of increased flexibility and other benefits, such as being able to indicate a mobile entity’s group affiliation. Group affiliation may herein be understood as that the mobile entity has formed a group with at least one other mobile entity for the purpose of gaining access rights with respect to a service. This means that the access rights to the service is dependent on the forming of groups, such as the number of affiliates, or entities, in the group.

The service may provide content, e.g. provided by a content provider. Alternatively or additionally, the service may provide access to a function, e.g. performed by the mobile entity itself, optionally in cooperation with any affiliates in the same group as the mobile entity, and/or performed by a server, which then provides a result to the mobile entity.

According to an aspect, the object is achieved by a method, performed by a first mobile entity, for enabling access to content and/or a function, e.g. as authorized by a server.

The first mobile entity detects a second mobile entity.

The first mobile entity sends, to the second mobile entity, a first identity token indicating identity of the first mobile entity and a first indication relating to a first group affiliation associated with the first mobile entity. The first group affiliation indicates that the first mobile entity has detected at least one mobile entity and formed a first group with which the first mobile entity and said at least one mobile entity are affiliated.

The first mobile entity receives, from the second mobile entity, a second identity token indicating identity of the second mobile entity and a second indication relating to a second group affiliation associated with the second mobile entity. The second group affiliation indicates that the second mobile entity has detected at least one mobile entity and formed a second group with which the second mobile entity and said at least one mobile entity are affiliated.

The first mobile entity initiates generation, based on the first and second identity tokens and the first and second indications relating to the first and second group affiliations, respectively, of a group affiliation token. The group affiliation token indicates that the first mobile entity is affiliated with at least the second mobile entity due to detection thereof, and

The first mobile entity sets the first indication to indicate the generated group affiliation token, whereby the generated group affiliation token is transmittable, by the first mobile entity, together with the first identity token upon detection thereof or detection of one or more still further mobile entities.

Thanks to that the first mobile entity initiates generation, e.g. generates or instructs another entity to perform the generation, of the group affiliation token, said group affiliation token may be obtained by the first mobile entity after the generation thereof. When the first mobile entity sets the first indication to indicate the generated group affiliation token, the generated group affiliation token may be sent, by the first mobile entity, together with the first identity token upon detection thereof or detection of one or more still further mobile entities.

In this manner, the first mobile entity may indicate to further mobile entities and/or a server that the first mobile entity belongs to a group of mobile entities by means of the group affiliation token.

As a result, the first mobile entity may, e.g. based on the generated group affiliation token, be allowed to access content and/or functions, e.g. previously not accessible, wherein the content and/or functions may reside locally in the first mobile entity and/or elsewhere. In examples, where the content and/or function reside elsewhere, the first mobile entity may thus advantageously enable other devices, such as the server, to perform actions, such as granting access to content and/or a function, based on the group affiliation token.

According to another aspect, the object is achieved by a method, performed by a server, for managing access to content and/or a function.

The server receives, from a first mobile entity, a group affiliation token. The group affiliation token indicates that the first mobile entity is affiliated with at least a second mobile entity due to detection thereof.

The server determines the content and/or the function to be accessible based on the group affiliation token.

The server sends, to the first mobile entity, a message enabling the first mobile entity to consume the content and/or the function determined to be accessible.

Thanks to that the server receives the group affiliation token, it is made possible for the server to determine access to a service, e.g. providing the content and/or the function, based on the group affiliation token. As an example, it may be that the server only grants access to some specific content when the group affiliation token indicates that there are more than e.g. five mobile entities in the group to which the first mobile entity belongs. This means that the group affiliation token may be interpreted, or decoded, by the server in order to obtain the number of entities in the group of the first mobile entity.

As a result, the server may advantageously grant or deny access to the service based on the group affiliation token. Thus, increased flexibility with respect to conditions for allowing and/or denying access to the service is obtained.

According to further aspects, the object is achieved by a first mobile entity, a server and computer programs and computer program carriers corresponding to the aspects above. BRIEF DESCRIPTION OF THE DRAWINGS

The various aspects of embodiments disclosed herein, including particular features and advantages thereof, will be readily understood from the following detailed description and the accompanying drawings, which are briefly described in the following.

Figure 1 is a schematic overview of an exemplifying system according to the embodiments herein.

Figure 2 is a combined signalling and flowchart, illustrating an exemplifying method performed by the system of Figure 1.

Figure 3 is an overview, illustrating an example scenario.

Figure 4 is a flowchart, illustrating an exemplifying method in the first mobile entity.

Figure 5 is a block diagram, illustrating an exemplifying first mobile entity.

Figure 6 is a flowchart, illustrating an exemplifying method in the server.

Figure 7 is a block diagram, illustrating an exemplifying server.

DETAILED DESCRIPTION

Throughout the following description, similar reference numerals have been used to denote similar features, such as entities, servers, actions, modules, circuits, parts, items, elements, units or the like, when applicable. In the Figures, features that appear in some embodiments are indicated by dashed lines.

In order to better appreciate the embodiments disclosed herein, a description and analysis of prior art, as realized by the present inventors, is provided in the following.

In view of the foregoing description of background technology, the present inventors have realized that in some use cases it may be highly valuable, e.g. from a business perspective, to provide users with an incentive to form groups. The incentive for the users may be that of being granted access to a service, which otherwise would not be accessible by them. The service may be a streaming service, such as audio/video stream, a SaaS service, a key provision service or the like. The key provision service may provide keys to the users’ devices which unlocks the devices to allow the devices to cooperate, or collaborate, to achieve an altered, preferably more desirable, user experience in some way, e.g. improved sound/listening experience in case the cooperating devices include speaker units.

Figure 1 illustrates a system 100 configured for serving content to at least a first mobile entity 111, which may be comprised in the system 100.

The system 100 may further comprise a second mobile entity 112. As used herein, the term “mobile entity” may refer to a smartphone, a tablet PC, a laptop, a cellular phone, a speaker unit provided with wireless communication capabilities, such as radio communication capabilities, a display unit provided with wireless communication capabilities, such as radio communication capabilities, or the like. Moreover, the term “mobile entity” may even refer to a building block provided with suitable electronics for detection and communication as required to implement at least one embodiment herein.

In some examples, the system 100 may comprise a smartphone 113 as an example of a mobile entity.

Mobile entities of the system may be of the same type, e.g. all mobile entities may be smartphones, speaker units or the like. Sometimes, the system 100 may comprise a mixture of mobile entities of different types, e.g. the system 100 may comprise one smartphone and two speaker units as an example. Any other combination of two or more types of mobile entities with any number of mobile entities of each type is also conceivable.

Moreover, the system 100 comprises a server 120, such as a physical server, a virtual server, a function in a serverless cloud environment or the like. The server 120 is configured to realize the embodiments herein by means of software adapted to perform the steps performed by the server 120 as described herein. As an example, the server 120 is configured to manage authorization of the access to a service, e.g. providing content and/or a function.

The system 100 may further comprise a database 130, which may or may not be comprised in the server 120. The server 120, however, may grant or deny access to the database 130. In some examples, the database 130 may be replaced by a SaaS to which access is managed by the server 120.

Communication 141, 142, 143, 144, 145 between the participants of the system, such as the mobile entities 111, 112 and the server 120, may be performed directly or indirectly, i.e. via one or more further units (not shown). The communication may be performed using wireless communication technologies, such as radio communication, cellular telecommunication technologies, Bluetooth or the like. Communication may also be exemplified by detection 144, 145.

The following terms and expressions are used throughout the present disclosure.

As used herein, “service” may refer to a service providing content, such as video and audio content over the Internet, and/or a function service enabling invocation of a function in the mobile entity and/or a Software as a Service (SaaS)-function, as authorized by the server. The content served may be consumed by the entities as a group or separately. It is noted that the server 120 grants or denies access to the service, which may reside on the server or elsewhere.

Again, as used herein, “mobile entity” (ME) may refer to a smartphone, a PC, a tablet-PC, an accessory device, such as speaker, display/screen/LCD, loT-device, smartwatch, a building block, etc. The term “mobile” may refer to “portable”. However, in some examples, such as in the case of a building block (with suitable electronics), the term “mobile” refers to manurable or movable, either autonomously (by itself) or by an external mover, such as a person, a lifting/moving device, a crane, storage truck etc. The mobile entity may typically be capable of detecting nearby mobile entities, e.g. by means of Near Field Communication (NFC), Bluetooth, direct-WiFi or the like. Furthermore, the term “mobile entity” may refer to a user equipment (UE), a machine-to-machine (M2M) device, a mobile phone, a cellular phone, a Personal Digital Assistant (PDA) equipped with radio communication capabilities, a smartphone, a laptop or personal computer (PC) equipped with an internal or external mobile broadband modem, a tablet PC with radio communication capabilities, a portable electronic radio communication device, a sensor device equipped with radio communication capabilities or the like. The sensor device may detect any kind of metric, such as wind, temperature, air pressure, humidity, light, electricity, sound, images etc. The term “user” may indirectly refer to the wireless device. Sometimes, the term “user” may be used to refer to the user equipment or the like as above. It shall be understood that the user may not necessarily involve a human user. The term “user” may also refer to a machine, a software component or the like using certain functions, methods and similar.

As used herein, “identity token” may refer to an identity number of a mobile entity, wherein the identity number may be unique among the mobile entities implementing the embodiments herein. The identity token may sometimes comprise a serial number, a MAC- address or the like, possibly in combination with an eco-system identity for identification of the system. In this manner, management of access to different services may be provided based on the eco-system identity.

As used herein “key” may refer to a code for obtaining access to a service, be it data in a database, a function in the mobile entity, a function in the server or similar.

As used herein “group affiliation token” may refer to identification of a group of affiliated mobile entities.

As used herein, “group affiliation”, or collaboration capability, may indicate that the mobile entity has detected another mobile entity in its vicinity and formed a group including itself and the detected mobile entity. The group may simply just be formed for purposes of obtaining the group affiliation token, which may grant access to content otherwise not accessible. It may also be that the group is formed for purposes of collaboration within the group of devices, e.g. in case of speakers stereo/surround sound may be provided upon access to the content (which e.g. unlocks stereo/surround capabilities in the devices). Accordingly, group affiliation may refer to the formation of a group for the purpose of collaboration to achieve results not achievable as a single entity and/or for the purpose of indicating a common opinion among users allowing their mobile entities to detect/connect and/or for the purpose of indicating a colocation of the detected/connected mobile entities.

As a yet further example, “group affiliation” may refer to a group of mobile entities formed for the purpose of achieving a joint result, providing a greater user experience than a single result achievable by a single mobile entity or for the purpose of gaining access to content that is not available to a single mobile entity. At least one mobile entity of the group may typically be capable of communicating with the server 120, e.g. by being able to connect to the Internet, e.g. via WiFi, cellular data communication or the like.

The expression, “indication relating to a group affiliation token” may refer to a group affiliation token itself, which may have a value or be zero, or the expression may refer to that the indication may be achieved by a lack of, or absence of, information. Hence, should a mobile entity only receive an identity token, but no particular value to indicate the group affiliation token, that lack of the particular value may be an indication relating to the group affiliation token, which may be interpreted by the receiving mobile entity as that no group affiliation token has been set or a group affiliation token equal to zero has been set.

Generally, the embodiments herein present a decentralised system of local data exchange and data alteration. The data alteration is performed while using an algorithm that is known to each mobile entity, being a member of the system that either temporarily or permanently alters the data present in each mobile entity based on incoming data, such as an identity token, an indication of group affiliation token or the like, in an “any to an y” based data exchange. Each mobile entity may here refer to the first and second mobile entity and even the server if desired. Moreover, the data referred to above may in the following be referred to as group affiliation token and/or identity token.

Figure 2 is a combined signalling and flowchart, illustrating an exemplifying method, performed by the system 100 of Figure 1. In this example, the first mobile entity 111 performs a method for enabling access to content and/or a function, e.g. as authorized by a server 120, i.e. remote authorization, or as authorized by the first mobile entity 111, i.e. local authorization. The server 120 performs a method for managing access to the content and/or the function. As a further example, the first mobile entity 111 may be said to perform a method for managing at least one group affiliation token indicating the first mobile entity’s 111 group affiliation, wherein said at least one group affiliation token is usable by the first mobile device 111 to gain access to a service, e.g. through local and/or remote authorization. The server 120 may thus be said to be configured to manage authorization of the access to the service.

Along with the following description, some examples are provided.

In a first example, which relates to the provision of content via a Universal Resource Locator (URL), at least one of the first and second mobile entities 111, 112 are equipped with a display, such as a Liquid Crystal Display (LCD) or the like.

In a second example, which relates to the provision of a function jointly performed by the first and second mobile entities, the first and second mobile entities 111, 112 are equipped with at least one speaker each.

Action A010

The first mobile entity 111, 1 ^st ME, detects the second mobile entity 112, 2 ^nd ME. The detection of nearby mobile entities may be performed in various manners.

In an example, the detection may be performed by that the users of the first and second mobile entities 111, 112 activates Bluetooth and performs a so called pairing operation, which is well-known for Bluetooth devices. After the pairing operation has been performed, devices are allowed to discover and connect to each other without manual intervention, thereby allowing detection of each other. Furthermore, for Bluetooth various technologies, such as auto pairing, fast pairing or the like may be used.

In another example, the first and second mobile entities 111, 112 may use Radio Frequency Identification (RFID) technology to detect each other. The first and second mobile entities 111, 112 may thus comprise a respective RFID reading module and a respective RFID transmitting module, which responds with one or more tokens, when read by the RFID reading module of another device. The reading and response of token(s) is exemplified in one or more of actions A030 to A060.

In some examples, the first and second mobile entities 111, 112 may communicate directly or indirectly with the server 120.

Further, if the first and second mobile entities 111, 112 equipped with Global Positioning System (GPS) units or the like, the first and second mobile entities 111, 112 may send their positions to the sever 120, which may respond back with a message indicating a nearby mobile entity that is deemed to be detected.

With the embodiments herein, many different radio or wireless technologies may be used for the detection of nearby mobile entities. A maximum distance for when to consider mobile entities to be nearby, or in the vicinity of each other, may be set according to use case of the embodiments herein. The maximum distance may be expressed in terms of a distance in meters, or in terms of radio distance coverage or the like. According to the first example, the maximum distance may typically be e.g. up to 10 meters, 50 meters, 100 meters, 500 meters or the like.

According to the second example, the maximum distance may typically be e.g. up to 1, 2, 5, 10, 15 and 30 meters or the like.

Action A020

The second mobile entity 112 detects the first mobile entity 111 in the same or similar manner as the first mobile entity 111 detect the second mobile entity 112 according to action A010.

Action A030

The first mobile entity 111 sends, to the second mobile entity 112, a first identity token indicating identity of the first mobile entity 111 and a first indication relating to a first group affiliation associated with the first mobile entity 111, denoted ‘1 ^st tkn’ in the Figure. The first group affiliation indicates that the first mobile entity 111 has detected at least one mobile entity and formed a first group with which the first mobile entity 111 and said at least one mobile entity are affiliated.

According to the first example, the first identity token and the first indication relating to the first group affiliation may be send over a Bluetooth-connection established during the detection. Alternatively or additionally, a broadcast identity may be used for transmission of the first identity token and the first indication.

According to the second example, the first mobile entity 111 may send the first identity token and the first indication in response to that its RFID transmitting module, such as an RFID tag, is read by the second mobile entity 112.

Hence, in some examples, the first mobile entity 111 may be said to cause the sending of the first identity token and the first indication by storing the first identity token and the first indication in a memory of the RFID transmitting module.

Action A040

Subsequently to action A030, directly or indirectly, the second mobile entity 112 receives the first identity token and the first indication. Corresponding and/or similar details for the first and second examples as given in action A030 may apply.

Action A050

The second mobile entity 112 sends, to the first mobile entity 111 , a second identity token indicating identity of the second mobile entity 112 and a second indication relating to a second group affiliation associated with the second mobile entity 112, denoted ‘2 ^nd tkn’ in the Figure. The second group affiliation indicates that the second mobile entity 112 has detected at least one mobile entity and formed a second group with which the second mobile entity 112 and said at least one mobile entity are affiliated.

Again, corresponding and/or similar details for the first and second examples as given in action A030 may apply.

Action A055

The second mobile entity 112 may perform a duplicity check, wherein the duplicity check may mean that the second mobile entity 112 checks whether or not the second mobile entity 112 previously has detected the first mobile entity 111 by checking whether or not the first identity token of the first mobile entity 111 is present in a second list of detected mobile entities maintained by the second mobile entity 112. Previously may refer to never before or to within a past time period from the present detection of action A010.

The second mobile entity 112 may thus register the identity tokens of detected mobile entities in the second list, either directly upon reception of the identity tokens or after the identity token has been successfully used to generate a group affiliation token, e.g. as in action A070 below.

Action A060

The first mobile entity 111 receives, from the second mobile entity 112, a second identity token indicating identity of the second mobile entity 112 and a second indication relating to a second group affiliation associated with the second mobile entity 112. The second group affiliation indicates that the second mobile entity 112 has detected at least one mobile entity and formed a second group with which the second mobile entity 112 and said at least one mobile entity are affiliated.

Action A065

The first mobile entity 111 may also perform a duplicity check, wherein the duplicity check means that the first mobile entity 111 checks whether or not the first mobile entity 111 previously has detected the second mobile entity 112 by checking whether or not the second identity token of the second mobile entity 112 is present in a first list of detected mobile entities maintained by the first mobile entity 111.

The first mobile entity 111 thus registers the identity tokens of detected mobile entities in the first list, either directly upon reception of the identity tokens or after the identity token has been successfully used to generate a group affiliation token as in action A070 below. A purpose of the duplicity check may be to avoid that the first mobile entity 111 initiates generation as in action A070 below from the same identity token more than once. Should generation be initiated more than once, it may appear as if the first mobile entity 111 has detected several other entities, when the first mobile entity 111 in fact merely detects one and the same mobile entity several times.

In some examples, it may not be necessary to perform a duplicity check for the purpose of avoiding that the same entity causes generation of a new group affiliation token a second time. This may be the case if the detection, e.g. action A010 and/or A020, establishes a connection between the first and second mobile entities 111, 112. This may be applicable for a scenario using Bluetooth. In this scenario, it may not be possible for the first and second mobile entities 111, 112 to detect each other again, when there already is an established connection between them. Hence, the duplicity check may sometimes be omitted. Furthermore, in a scenario with an established connection, the first and second mobile entities 111, 112 may also monitor, or get notified, when the established connection is disconnected. Thus, e.g. the first mobile entity 111 may take appropriate actions concerning the first indication relating to the first group affiliation, e.g. re-generate the first indication based on those indication relating to group affiliations that are still valid, e.g. there is a corresponding established connection.

See also action A055 above.

Action A070

The first mobile entity 111 initiates generation, based on the first and second identity tokens and the first and second indications relating to the first and second group affiliations, respectively, of a group affiliation token, denoted ‘gr. aff. tkn’ in the Figure. The group affiliation token indicates that the first mobile entity 111 is affiliated with at least the second mobile entity 112 due to detection thereof. Typically, the first mobile entity 111 generates the group affiliation token. However, sometimes, initiation of the generation may mean that the first mobile entity 111 sends a request to the server 120, which instructs the server 120 to generate the group affiliation token to be sent back to the first mobile entity 111, see actions A071 to A073 below. The request, or message, may then comprise the first and second identity tokens and the first and second indications.

The generation of the group affiliation token uses the abovementioned algorithm that is known to each mobile entity 111, 112 of the system 100, and in some examples involving the server 120, the algorithm also known to the server 120. The algorithm may be predetermined, such as configured, hardcoded or the like, or the algorithm may be configured upon registration for becoming part of the system 100, i.e. the eco system implementing the embodiments herein. As an example, the group affiliation token is generated based on the identity tokens of at least two mobile entities that have detected/identified each other, see action A010 and A020. A mobile entity may store the received identity token(s) in order to keep track of re- detection/re-identification of mobile entities that the mobile entity previously has detected/identified. Consequently, enabling the duplicity check in action A055 and A065.

Also, storing of the group affiliation token can be advantageous in order to save computing resources when a mobile entity first has identified one other mobile entity and then a further mobile entity. This means that the mobile entity first collaborates with one other mobile entity and then upon identification of the further mobile entity, with two other mobile entities. If the group affiliation token(s) are stored, the mobile entity may revert to the group affiliation token (generated and stored upon identification with said one other mobile entity) when connection/detection/identification of the further device is lost without any need for recalculation of said group affiliation token. Similarly, if the group affiliation token, associated with these three mobile entities, is stored, such group affiliation token may easily be retrieved and set as an active group affiliation token, when the further mobile entity is detected again. This may mean that the first/second indication relating to group affiliation comprises, or is, the active group affiliation token “active” may here refer to that such active group affiliation token is to be sent in response to detection, e.g. as opposed to any group affiliation tokens stored for the purpose of re-use and/or reduction of calculations.

Action A071

When action A070 of the first mobile entity 111 means that the first mobile entity 111 sends the request to the server 120, the server 120 may receive the request. Again, the request may comprise the first and second identity tokens and the first and second indications.

Action A072

Subsequent to action A071 , the server 120 may generate, based on the first and second identity tokens and the first and second indications relating to the first and second group affiliations, respectively, a group affiliation token. Typically, either the first mobile entity 111 or the server 120 generates the group affiliation token. However, it may in some situations be beneficial to generate the group affiliation token in both the first mobile entity 111 and the server 120. In this manner, it may e.g. be possible to check the two generated group affiliation tokens against each other. If the group affiliation tokens are equal, it may be deduced that the first mobile entity 111 and the server 120 uses the same algorithm. Therefore, also being participants in the same system, or eco-system. Action A073

Next, the server 120 may send the generated group affiliation token to the first mobile entity 111, and optionally any further mobile entities.

Action A075

The first mobile entity 111 sets the first indication to indicate the generated group affiliation token, whereby the generated group affiliation token is transmittable, by the first mobile entity 111, together with the first identity token upon detection thereof or detection of one or more still further mobile entities 111-113.

Expressed differently, the generated group affiliation token may be set, by the first mobile entity 111 , as active group affiliation token, e.g. assigned to be the active group affiliation token. The active group affiliation token is thus to be sent by the first mobile entity 111 to another mobile entity when connecting, such as detecting/being detected, to form a group of affiliated mobile entities.

According to the first example, the first mobile entity 111 may store the generated group affiliation token. In this manner, the first mobile entity 111 may then retrieve the generated group affiliation token and send it over a Bluetooth-connection established during detection.

According to the second example, the first mobile entity 111 may write data to the RFID transmitting module, where the data may comprise the generated group affiliation token, typically in addition to the first identity token, e.g. already written thereto.

At this stage, the first mobile entity 112 is ready to detect any further mobile entities according action A010.

Action A080

Similarly to action A070, the second mobile entity 112 generates a further group affiliation token. In case, both the first and second mobile entities 111, 112 only has detected each other, i.e. no other mobile entities, the group affiliation token mentioned in action A070 is equal to the further group affiliation token. That is, the group affiliation token and the further group affiliation token have the same value.

Action A085

Similarly to action A075, the second mobile entity 112 sets the second indication to indicate the generated group affiliation token, whereby the generated group affiliation token is transmittable, by the second mobile entity 112, together with the second identity token upon detection thereof or detection of one or more still further mobile entities 111-113. At this stage, the second mobile entity 112 is ready to detect any further mobile entities according action A020.

Action A090

The first mobile entity 111 may send, to the server 120, the group affiliation token to gain access to the content and/or the function.

Action A090 may be performed after the generation A070 of the group affiliation token. Furthermore, action A090 may be performed after setting A075 of the first indication to indicate the group affiliation token.

Using well-known technologies, the group affiliation token may be encrypted before being sent to the server 120 in action A090. It may here be noted that various messages, tokens, indications etc. as disclosed herein may be encrypted before transmission depending on need for secure communication.

According to the first example, the first mobile entity 111 may thus send a request, comprising the group affiliation token, for a URL. However, in some examples, the first mobile entity 111 may itself determine the URL and directly connect to the URL.

According to the second example, the first mobile entity 111 may thus send a request, comprising the group affiliation token, for a key to be used by the first mobile entity 111 to unlock a function in the first mobile entity 111, such as being able to cooperate with the second mobile entity 112 in order to provide stereo sound.

As an alternative, e.g. as a replacement of that the first mobile entity 111, sends the group affiliation token to the server 120, the first mobile entity 111 may determine, i.e. without involvement of the server 120, that the generated group affiliation token allows the first mobile entity 111 to gain access to the content and/or the function, which may reside locally in the first mobile entity or on the Internet, e.g. the server 120 or another server providing the content and/or the function.

Action A100

Subsequently to action A090, directly or indirectly, the server 120 receives, from the first mobile entity 111, the group affiliation token. As mentioned, the group affiliation token indicates that the first mobile entity 111 is affiliated with at least a second mobile entity 112 due to detection thereof.

Action A120

The server 120 determines, e.g. by calculation or look-up, the content and/or the function to be accessible based on the group affiliation token. According to the first example, the server 120 looks-up a URL corresponding to the group affiliation token in the database 130. With this example, the database 130 may thus store a set of posts, which maps group affiliation tokens to URLs. There may be a respective URL for each group affiliation token or for respective ranges of group affiliation tokens.

According to the second example, the server 120 fetches the key that is capable of unlocking stereo functionality. Wth this example, the database 130 may thus store a set of posts, which maps group affiliation tokens to keys. There may be a respective key for each group affiliation token or for respective ranges of group affiliation tokens.

Action A140

The server 120 sends, to the first mobile entity 111 , a message enabling the first mobile entity 111 to consume the content and/or the function determined to be accessible. In this manner, the server 120 grants or denies access to the content and/or the function provided by the database 130. This is a way of granting access to the content and/or service.

According to the first example, the message comprises the URL.

According to the second example, the message comprises the key for unlocking of stereo functionality.

Action A150

The first mobile entity 111 may receive, from the server 120, the message enabling the first mobile entity 111 to consume the content and/or the function to which access was granted by the server 120.

For example, the first mobile entity 111 may receive a stream, keys for unlocking of functions in the mobile entity, such a stereo functionality, access keys for gaining access to functions in the server. Examples of functions in the server 120 may be to send a picture to the server 120 which performs image processing, such as inserts your face next to your favourite soccer player in a picture obtainable by the server- or inserts your favourite soccer player in the picture sent, etc.

In some examples, now from the perspective of the first mobile entity 111 and with reference to the second mobile entity 112 for ease of description, the first mobile entity 111 may, e.g. regularly or irregularly, check that the generated group affiliation token is valid. The generated group affiliation token may be said to be valid as long as the first and second mobile entities 111, 112 are capable of detecting each other, or during a certain period of time.

Therefore, the first mobile entity 111 may, as a so called heart-beat function, check that the second mobile entity 112 is detectable and/or that there is or can be established a communication link with the second mobile entity 112.

When the first mobile entity 111 finds that the generated group affiliation token no longer is valid, any previously granted access, be it by local or remote authorization, may be shut down or denied.

Figure 3 illustrates an example scenario. Each box with a letter represents a respective mobile entity. The word “any” represents any further mobile entity, which may or may not be of the same type as the mobile entities represented by boxes.

The “+”-sign indicates that the mobile entity detects another mobile entity. The arrow represents the generation of the group affiliation token based on the first and second identity tokens and the first and second indications of group affiliations as described herein. In the illustrated example, the group affiliation token represents the number of entities in the group. Hence, from above, initially the group affiliation token is equal to 2. Then, after detection of a further mobile entity B2, the group affiliation token is equal to 3. Next, after additional detection of mobile entity C3, the group affiliation token is re-generated and equal to 4. The procedure may continue like this for yet further detections of mobile entities.

In some examples, the group affiliation token may be a concatenation of the detected identity tokens. Then, a length, or a size, of the group affiliation token may indicate the number of mobile entities that have detected each other. Moreover, the list used for duplicity check purposes may be disposed off in these examples.

It is also conceivable that the group affiliation token, or interchangeably referred to as indication relation to group affiliation, may comprise a value representing the aforementioned number of entities in the group and the concatenation of the detected identity tokens.

When communication is established between at least two units, such as the first and second mobile entities 111, 112, the "token" in both units changes, e.g. is generated or re generated, and becomes an altered key that unlocks altered data and/or "new" functions/data in the server. The altered key is an example of the group affiliation token that is sent up on detection and/or to the server to seek access to a service.

The current "method/system" can be utilized in any embodiment where an action of collaboration results in a permanent or temporary change of the data present in each mobile entity, e.g. the generation of the group affiliation token.

To further describe this, in one example any target object defined as a device having the needed means of communication, memory and sufficient processing power, can be used for constituting a mobile entity that implements an embodiment disclosed herein. Numerous embodiments are therefore possible. In the case of permanent change of the indication relating to group affiliation, it is considered that one single detection is enough to permanently change the first indication. In this case, there will be no checking of the validity of the generated group affiliation token over time.

In case of a temporary change of the first indication, an embodiment relates to marketing and/or gaming, where several people, or rather mobile entities, get together and connect/link their devices to exchange identity tokens and alter the indication relating to group affiliation temporarily. By doing so they, or the mobile entities, gain access to content residing either in one or all of the devices, alternatively content residing on a server to be accessed through one of the devices or through a connected device such as for example a cellphone that may or may not be a device itself that delivers the result to the server side. The result is that content is unlocked that is targeted specifically for a specified audience where the number of devices may or may not be defined as a factor to gain access to different levels of content, no matter where said content resides.

Even existing mobile entities, such as mobile phones, may be implemented with the embodiments herein. Then, an embodiment herein may be embodied in the form of a software application comprising computer-readable instructions to implement the methods herein, designed for the targeted mobile platform in question. The hardware utilized is then the present hardware in such devices to perform the necessary storage, exchange and process of data and hence through the algorithm of the present invention added in the application software become a device under the present invention.

The communication with the server is either preformed with one single mobile entity that already has “collected” the result of the mobile entity that have formed a group with the said single mobile entity or alternatively by each mobile entity that has the ability to, by its own transmitting means, communicate with the server to gain access to the desired service.

In an embodiment where both the permanent and temporary alteration of data apply, is in the case that the mobile entity “remember” their history in order to create so-called “super devices” that offer a new level of access on the server side when combined with other lower, equal or higher number of devices in their remembered history defined by the number of devices the specific device has collaborated with over time. This can be applicable to marketing and games as well in particular festivals and/or events that already have a high degree of community and can enforce this basic behavior by this embodiment. In Figure 4, a schematic flowchart of exemplifying methods in the mobile entity 111 is shown. Again, the same reference numerals as above have been used to denote the same or similar features, in particular the same reference numerals have been used to denote the same or similar actions. Accordingly, the mobile entity 111 performs a method, such as a computer-implemented method, software-implemented method or the like, for enabling access to content and/or a function.

One or more of the following actions may be performed in any suitable order.

Action A010

The first mobile entity 111 detects a second mobile entity 112.

Action A030

The first mobile entity 111 sends, to the second mobile entity 112, a first identity token indicating identity of the first mobile entity 111 and a first indication relating to a first group affiliation associated with the first mobile entity 111. The first group affiliation indicates that the first mobile entity 111 has detected at least one mobile entity and formed a first group with which the first mobile entity 111 and said at least one mobile entity are affiliated.

Action A060

The first mobile entity 111 receives, from the second mobile entity 112, a second identity token indicating identity of the second mobile entity 112 and a second indication relating to a second group affiliation associated with the second mobile entity 112. The second group affiliation indicates that the second mobile entity 112 has detected at least one mobile entity and formed a second group with which the second mobile entity 112 and said at least one mobile entity are affiliated.

Action A070

The first mobile entity 111 initiates generation, based on the first and second identity tokens and the first and second indications relating to the first and second group affiliations, respectively, of a group affiliation token. The group affiliation token indicates that the first mobile entity 111 is affiliated with at least the second mobile entity 112 due to detection thereof.

Action A075 The first mobile entity 111 sets the first indication to indicate the generated group affiliation token, whereby the first mobile entity 111 enables sending, by the first mobile entity 111 , of the generated group affiliation token together with the first identity token upon detection thereof or detection of one or more further mobile entities 111-113.

Action A090

The first mobile entity 111 may send, to the server 120, the group affiliation token to gain access to the content and/or the function.

Action A090 may for example be performed after the generation A070 of the group affiliation token and/or the setting A075 of the group affiliation token.

Action A150

The first mobile entity 111 may receive, from the server 120, a message enabling the first mobile entity 111 to consume the content and/or the function to which access was granted by the server 120.

With reference to Figure 5, a schematic block diagram of embodiments of the mobile entity 111 of Figure 1 is shown.

The mobile entity 111 may comprise a processing module 501 , such as a means for performing the methods described herein. The means may be embodied in the form of one or more hardware modules and/or one or more software modules. The term “module” may thus refer to a circuit, a software block or the like according to various embodiments as described below.

The mobile entity 111 may further comprise a memory 502. The memory may comprise, such as contain or store, instructions, e.g. in the form of a computer program 503, which may comprise computer readable code units.

According to some embodiments herein, the mobile entity 111 and/or the processing module 501 comprises a processing circuit 504 as an exemplifying hardware module, which may comprise one or more processors. Accordingly, the processing module 501 may be embodied in the form of, or ‘realized by’, the processing circuit 504. The instructions may be executable by the processing circuit 504, whereby the mobile entity 111 is operative to perform the methods of Figure 2 and/or Figure 4. As another example, the instructions, when executed by the mobile entity 111 and/or the processing circuit 504, may cause the mobile entity 111 to perform the method according to Figure 2 and/or Figure 4.

In view of the above, in one example, there is provided a mobile entity 111 for enabling access to content and/or a function. Again, the memory 502 contains the instructions executable by said processing circuit 504 whereby the mobile entity 111 is operative for: detecting a second mobile entity 112, sending, to the second mobile entity 112, a first identity token indicating identity of the first mobile entity 111 and a first indication relating to a first group affiliation associated with the first mobile entity 111, wherein the first group affiliation indicates that the first mobile entity 111 has detected at least one mobile entity and formed a first group with which the first mobile entity 111 and said at least one mobile entity are affiliated, receiving, from the second mobile entity 112, a second identity token indicating identity of the second mobile entity 112 and a second indication relating to a second group affiliation associated with the second mobile entity 112, wherein the second group affiliation indicates that the second mobile entity 112 has detected at least one mobile entity and formed a second group with which the second mobile entity 112 and said at least one mobile entity are affiliated, initiating generation, based on the first and second identity tokens and the first and second indications relating to the first and second group affiliations, respectively, of a group affiliation token, wherein the group affiliation token indicates that the first mobile entity 111 is affiliated with at least the second mobile entity 112 due to detection thereof, and setting the first indication to indicate the generated group affiliation token, whereby the first mobile entity 111 enables sending, by the first mobile entity 111 , of the generated group affiliation token together with the first identity token upon detection thereof or detection of one or more further mobile entities 111-113.

Figure 5 further illustrates a carrier 505, or program carrier, which provides, such as comprises, mediates, supplies and the like, the computer program 503 as described directly above. The carrier 505 may be one of an electronic signal, an optical signal, a radio signal and a computer readable medium.

In some embodiments, the mobile entity 111 and/or the processing module 501 may comprise one or more of a detecting module 510, a sending module 520, a receiving module 530, a duplicity checking module 540, an initiating module 550 and a setting module 560 as exemplifying hardware modules. The term “module” may refer to a circuit when the term “module” refers to a hardware module. In other examples, one or more of the aforementioned exemplifying hardware modules may be implemented as one or more software modules. Moreover, the mobile entity 111 and/or the processing module 501 may comprise an Input/Output unit 506, which may be exemplified by the receiving module and/or the sending module when applicable.

Accordingly, the mobile entity 111 is configured for enabling access to content and/or a function.

Therefore, according to the various embodiments described above, the first mobile entity 111 and/or the processing module 501 and/or the detecting module 510 is configured for detecting a second mobile entity 112.

The first mobile entity 111 and/or the processing module 501 and/or the sending module 520 is configured for sending, to the second mobile entity 112, a first identity token indicating identity of the first mobile entity 111 and a first indication relating to a first group affiliation associated with the first mobile entity 111. The first group affiliation indicates that the first mobile entity 111 has detected at least one mobile entity and formed a first group with which the first mobile entity 111 and said at least one mobile entity are affiliated.

The first mobile entity 111 and/or the processing module 501 and/or the receiving module 530 is configured for receiving, from the second mobile entity 112, a second identity token indicating identity of the second mobile entity 112 and a second indication relating to a second group affiliation associated with the second mobile entity 112. The second group affiliation indicates that the second mobile entity 112 has detected at least one mobile entity and formed a second group with which the second mobile entity 112 and said at least one mobile entity are affiliated.

The first mobile entity 111 and/or the processing module 501 and/or the initiating module 550 is configured for initiating generation, based on the first and second identity tokens and the first and second indications relating to the first and second group affiliations, respectively, of a group affiliation token. The group affiliation token indicates that the first mobile entity 111 is affiliated with at least the second mobile entity 112 due to detection thereof.

The first mobile entity 111 and/or the processing module 501 and/or the setting module 560 is configured for setting the first indication to indicate the generated group affiliation token, whereby the first mobile entity 111 enables sending, by the first mobile entity 111 , of the generated group affiliation token together with the first identity token upon detection thereof or detection of one or more further mobile entities 111-113.

In some embodiments, the first mobile entity 111 and/or the processing module 501 and/or the sending module 520, or a further sending module (not shown), may be configured for sending, to the server 120, the group affiliation token to gain access to the content and/or the function.

The first mobile entity 111 and/or the processing module 501 and/or the receiving module 530, or a further receiving module (not shown), may be configured for receiving, from the server 120, a message enabling the first mobile entity 111 to consume the content and/or the function to which access was granted by the server 120.

In Figure 6, a schematic flowchart of exemplifying methods in the server 120 is shown. Again, the same reference numerals as above have been used to denote the same or similar features, in particular the same reference numerals have been used to denote the same or similar actions. Accordingly, the server 120 performs a method, such as a computer- implemented method, software-implemented method or the like, for managing access to content and/or a function.

One or more of the following actions may be performed in any suitable order.

Action A071

The server 120 may receive the request. Again, the request may comprise the first and second identity tokens and the first and second indications.

Action A072

Subsequent to action A071, the server 120 may generate, based on the first and second identity tokens and the first and second indications relating to the first and second group affiliations, respectively, a group affiliation token.

Action A073

Next, the server 120 may send the generated group affiliation token to the first mobile entity 111, and optionally any further mobile entities.

Action A100

The server 120 receives, from a first mobile entity 111 , a group affiliation token. The group affiliation token indicates that the first mobile entity 111 is affiliated with at least a second mobile entity 112 due to detection thereof.

Action A120

The server 120 determines, e.g. By calculation or look-up, the content and/or the function to be accessible based on the group affiliation token. Action A140

The server 120 sends, to the first mobile entity 111, a message enabling the first mobile entity 111 to consume the content and/or the function determined to be accessible.

With reference to Figure 7, a schematic block diagram of embodiments of the server 120 of Figure 1 is shown.

The server 120 may comprise a processing module 701, such as a means for performing the methods described herein. The means may be embodied in the form of one or more hardware modules and/or one or more software modules. The term “module” may thus refer to a circuit, a software block or the like according to various embodiments as described below.

The server 120 may further comprise a memory 702. The memory may comprise, such as contain or store, instructions, e.g. in the form of a computer program 703, which may comprise computer readable code units.

According to some embodiments herein, the server 120 and/or the processing module 701 comprises a processing circuit 704 as an exemplifying hardware module. Accordingly, the processing module 701 may be embodied in the form of, or ‘realized by’, the processing circuit 704. The instructions may be executable by the processing circuit 704, whereby the server 120 is operative to perform the methods of Figure 2 and/or Figure 6. As another example, the instructions, when executed by the server 120 and/or the processing circuit 704, may cause the server 120 to perform the method according to Figure 2 and/or Figure 6.

In view of the above, in one example, there is provided a server 120 for managing access to content and/or a function. Again, the memory 702 contains the instructions executable by said processing circuit 704 whereby the server 120 is operative for: receiving, from a first mobile entity 111 , a group affiliation token, wherein the group affiliation token indicates that the first mobile entity 111 is affiliated with at least a second mobile entity 112 due to detection thereof, determining the content and/or the function to be accessible based on the group affiliation token, and sending, to the first mobile entity 111 , a message enabling the first mobile entity 111 to consume the content and/or the function determined to be accessible..

Figure 7 further illustrates a carrier 705, or program carrier, which provides, such as comprises, mediates, supplies and the like, the computer program 703 as described directly above. The carrier 705 may be one of an electronic signal, an optical signal, a radio signal and a computer readable medium.

In further embodiments, the server 120 and/or the processing module 701 may comprise one or more of a receiving module 710, a determining module 720, a granting module 730 and a sending module 740 as exemplifying hardware modules. The term “module” may refer to a circuit when the term “module” refers to a hardware module. In other examples, one or more of the aforementioned exemplifying hardware modules may be implemented as one or more software modules.

Moreover, the server 120 and/or the processing module 701 may comprise an Input/Output unit 706, which may be exemplified by the receiving module and/or the sending module when applicable.

Accordingly, the server 120 is configured for managing access to content and/or a function.

Therefore, according to the various embodiments described above, the server 120 and/or the processing module 701 and/or the receiving module 710 is configured for receiving, from a first mobile entity 111 , a group affiliation token. The group affiliation token indicates that the first mobile entity 111 is affiliated with at least a second mobile entity 112 due to detection thereof.

The server 120 and/or the processing module 701 and/or the determining module 720 is configured for determining, e.g. by calculation or look-up, the content and/or the function to be accessible based on the group affiliation token.

The server 120 and/or the processing module 701 and/or the sending module 740 is configured for sending, to the first mobile entity 111 , a message enabling the first mobile entity 111 to consume the content and/or the function determined to be accessible.

As used herein, the term “computer program carrier”, “program carrier”, or “carrier”, may refer to one of an electronic signal, an optical signal, a radio signal, and a computer readable medium. In some examples, the computer program carrier may exclude transitory, propagating signals, such as the electronic, optical and/or radio signal. Thus, in these examples, the computer program carrier may be a non-transitory carrier, such as a non- transitory computer readable medium.

As used herein, the term “processing module” may include one or more hardware units, one or more software units or a combination thereof. Any such unit, be it a hardware, software or a combined hardware-software unit, may be a determining means, estimating means, capturing means, associating means, comparing means, identification means, selecting means, receiving means, sending means or the like as disclosed herein. As an example, the expression “means” may be a unit corresponding to the units listed above in conjunction with the Figures.

As used herein, the term “software module” may refer to a software application, a Dynamic Link Library (DLL), a software component, a software module, a software object, an object according to Component Object Model (COM), a software function, a software engine, an executable binary software file or the like.

The terms “processing unit” or “processing circuit” may herein encompass a processing unit, comprising e.g. one or more processors, an Application Specific Integrated Circuit (ASIC), a Field-Programmable Gate Array (FPGA) or the like. The processing circuit or the like may comprise one or more processor kernels.

As used herein, the expression “configured to/for” may mean that a processing circuit is configured to, such as adapted to or operative to, by means of software configuration and/or hardware configuration, perform one or more of the actions described herein.

As used herein, the term “action” may refer to an action, a step, an operation, a response, a reaction, an activity or the like. It shall be noted that an action herein may be split into two or more sub-actions as applicable. Moreover, also as applicable, it shall be noted that two or more of the actions described herein may be merged into a single action.

As used herein, the term “memory” may refer to a hard disk, a magnetic storage medium, a portable computer diskette or disc, flash memory, random access memory (RAM) or the like. Furthermore, the term “memory” may refer to an internal register memory of a processor or the like.

As used herein, the term “computer readable medium” may be a Universal Serial Bus (USB) memory, a Digital Versatile Disc (DVD), a Blu-ray disc, a software unit that is received as a stream of data, a Flash memory, a hard drive, a memory card, such as a MemoryStick, a Multimedia Card (MMC), Secure Digital (SD) card, etc. One or more of the aforementioned examples of computer readable medium may be provided as one or more computer program products. As used herein, the term “computer readable code units” may be text of a computer program, parts of or an entire binary file representing a computer program in a compiled format or anything there between.

As used herein, the expression “transmit” and “send” are considered to be interchangeable. These expressions include transmission by broadcasting, uni-casting, group-casting and the like. In this context, a transmission by broadcasting may be received and decoded by any authorized device within range. In case of uni-casting, one specifically addressed device may receive and decode the transmission. In case of group-casting, a group of specifically addressed devices may receive and decode the transmission.

As used herein, the terms “number” and/or “value” may be any kind of digit, such as binary, real, imaginary or rational number or the like. Moreover, “number” and/or “value” may be one or more characters, such as a letter or a string of letters. “Number” and/or “value” may also be represented by a string of bits, i.e. zeros and/or ones.

As used herein, the terms “first”, “second”, “third” etc. may have been used merely to distinguish features, apparatuses, elements, entities or the like from one another unless otherwise evident from the context.

As used herein, the term “subsequent action” may refer to that one action is performed after a preceding action, while additional actions may or may not be performed before said one action, but after the preceding action.

As used herein, the term “set of” may refer to one or more of something. E.g. a set of devices may refer to one or more devices, a set of parameters may refer to one or more parameters or the like according to the embodiments herein.

As used herein, the expression “in some embodiments” has been used to indicate that the features of the embodiment described may be combined with any other embodiment disclosed herein.

Each embodiment, example or feature disclosed herein may be combined with one or more other embodiments, examples or features disclosed herein.

Even though embodiments of the various aspects have been described above, many different alterations, modifications and the like thereof will become apparent for those skilled in the art. The described embodiments are therefore not intended to limit the scope of the present disclosure.