Correcting the device's security status using secure ranging.

Secure ranging between a trusted device and a target device enables secure, proximity-based biometric authentication, addressing the challenge of cumbersome credential entry on devices with restricted interfaces.

JP2026520476APending Publication Date: 2026-06-23APPLE INC

Patent Information

Authority / Receiving Office
JP · JP
Patent Type
Applications
Current Assignee / Owner
APPLE INC
Filing Date
2024-05-22
Publication Date
2026-06-23

Smart Images

  • Figure 2026520476000001_ABST
    Figure 2026520476000001_ABST
Patent Text Reader

Abstract

The present invention provides a framework for a trusted device to modify the security state of a target device based on a secure ranging operation (e.g., not to fully unlock the target device by activating biometric authentication on the target device). The present invention enables a trusted device to establish a secure, authenticated connection with a target device used to activate biometric authentication on the target device. Biometric authentication may fully unlock the target device. A trusted device may be able to activate biometric authentication on the target device when the trusted device is in an unlocked state, or even when the trusted device is in a locked state, as long as less than a threshold amount of time has elapsed since the trusted device was last unlocked.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This specification generally relates to modifying the security state of a device, including using secure ranging to modify the security state of the device.

Background Art

[0002] Devices with restricted input devices can present several challenges with respect to providing security credentials. Due to the small size of the input device and the limited user interface, it can be cumbersome for a user to enter security credentials or use other forms of authentication that require significant input.

Brief Description of the Drawings

[0003] The novel and specific features of the technology of this application are set forth in the appended claims. However, for purposes of illustration, several embodiments of the technology of this application are shown in the following figures.

[0004] [Figure 1] A perspective view of a user head-wearable device according to some embodiments of the present disclosure is shown.

[0005] [Figure 2] A rear view of a head-wearable device according to some embodiments of the present disclosure is shown.

[0006] [Figure 3] A process for a trusted device to modify the security state of a target device using secure ranging is conceptually shown.

[0007] [Figure 4] An example of using secure ranging between a target device and a trusted device to modify the security state of the target device is shown.

[0008] [Figure 5] This conceptually illustrates the process by which a target device uses secure ranging with a trusted device to correct the target device's security state.

[0009] [Figure 6] Here is another example of correcting the security state of a target device using secure ranging between the target device and a trusted device.

[0010] [Figure 7] This shows different sequence diagrams for providing secure ranging when correcting the security state of a target device from a trusted device. [Figure 8] This shows different sequence diagrams for providing secure ranging when correcting the security state of a target device from a trusted device. [Figure 9] This shows different sequence diagrams for providing secure ranging when correcting the security state of a target device from a trusted device.

[0011] [Figure 10] This figure conceptually illustrates an example of an electronic system in which some embodiments of the present invention are implemented. [Modes for carrying out the invention]

[0012] The detailed descriptions below are intended to describe various configurations of the present invention and are not intended to represent only one configuration in which the present invention can be practiced. The accompanying drawings are incorporated herein and constitute some of the embodiments for carrying out the invention. The embodiments for carrying out the invention include certain details to provide a complete understanding of the present invention. However, the present invention is not limited to the certain details shown herein and can be realized using one or more other implementations. In one or more implementations, the structure and components are shown in block diagram form to avoid obscuring the concepts of the present invention.

[0013] A physical environment refers to the physical world that people can perceive and / or interact with without the aid of electronic devices. A physical environment may include physical features such as physical surfaces or physical objects. For example, a physical environment corresponds to a physical park, which includes physical trees, physical buildings, and physical people. People can directly perceive and / or interact with the physical environment through their senses such as sight, touch, hearing, taste, and smell. In contrast, an extended reality (XR) environment refers to a fully or partially simulated environment that people perceive and / or interact with through electronic devices. For example, an XR environment may include augmented reality (AR) content, mixed reality (MR) content, and virtual reality (VR) content. In an XR system, a subset of a person's body movements or their representation is tracked, and in response, one or more properties of one or more virtual objects simulated within the XR environment are adjusted to behave according to at least one law of physics. As an example, an XR system can detect a person's head movements and, accordingly, adjust the graphic content and sound field presented to that person in a manner similar to how such views and sounds would change in the physical environment. As another example, an XR system can detect the movements of an electronic device presenting an XR environment (e.g., a mobile phone, tablet, laptop) and, in response, adjust the graphic content and sound field presented to that person in a manner similar to how such views and sounds would change in the physical environment. In some situations (e.g., for accessibility reasons), an XR system can adjust the characteristics of the graphic content within the XR environment in response to a representation of bodily movement (e.g., a voice command).

[0014] The existence of a wide variety of electronic systems enables people to perceive and / or interact with various XR environments. Examples include head-wearable systems, projection-based systems, heads-up displays (HUDs), vehicle windshields with integrated display capabilities, windows with integrated display capabilities, displays formed as lenses designed to be positioned over a person's eyes (similar to contact lenses), headphones / earphones, speaker arrays, input systems (e.g., wearable or handheld controllers with or without haptic feedback), smartphones, tablets, and desktop / laptop computers. A head-wearable system may have one or more speakers and an integrated opaque display. Alternatively, a head-wearable system may be configured to accept an external opaque display (e.g., a smartphone). A head-wearable system may incorporate one or more imaging sensors for capturing images or videos of the physical environment and / or one or more microphones for capturing audio of the physical environment. A head-wearable system may have a transparent or translucent display instead of an opaque display. A transparent or translucent display may have a medium through which light representing an image is directed to a person's eye. The display may utilize digital light projection, OLED, LED, uLED, liquid crystal on silicon, laser scanning light source, or any combination of these technologies. The medium may be an optical waveguide, a holographic medium, an optical coupler, an optical reflector, or any combination thereof. In some implementations, the transparent or translucent display may be configured to be selectively opaque. A projection-based system may employ retinal projection technology to project a graphical image onto a person's retina. The projection system may also be configured to project virtual objects into the physical environment, for example, as a hologram or onto a physical surface.

[0015] To provide a balance between security and convenience, a trusted device (e.g., a desktop device, mobile device, or wearable device) can be used to unlock (or correct the security state of) a target device. For example, a locked target device could be automatically unlocked in the presence of a trusted device, or a locked target device could unlock itself by accepting a command from a trusted device (e.g., via user input), allowing the user to avoid the need to manually interact with the target device to unlock it. However, once unlocked, an unauthenticated user could gain access to the target device and potentially access sensitive user data on it. It is desirable to provide a more secure method before allowing the target device to be unlocked.

[0016] Some embodiments of the present invention provide a method for modifying the security state of a target device using a trusted device (for example, preparing a target device to be unlocked without fully unlocking it). The target device is the device to be unlocked, and the trusted device is a device authorized to modify the security state of the target device. For example, the present invention provides that the trusted device modifies the security state of the target device based on a secure ranging operation.

[0017] The technology of this application enables a trusted device to establish a secure and authenticated connection with a target device, which is used to perform security operations on the target device, such as partially unlocking the target device. For example, if the target device can only be unlocked by biometric authentication after it has been previously unlocked via user input of security credentials (e.g., a password) (e.g., after the last power cycle), the security operation can function as an alternative to user input of a password, bringing the target device into a state where it can be unlocked by biometric authentication. Thus, the security operation on the target device may be referred to as "activating" or "arming" biometric authentication to unlock the target device. In one or more implementations, a trusted device may be able to activate biometric authentication on the target device even when the trusted device is locked, as long as less than a threshold amount of time has elapsed since the trusted device was last unlocked.

[0018] In some embodiments, part of the security protocol for determining whether to allow a trusted device to correct the security state of a target device is based on whether the trusted device is unlocked or whether less than a threshold amount of time has elapsed since the trusted device was unlocked. The method in some embodiments uses the unlocked state of the trusted device to determine whether the trusted device is active or recently active by receiving interaction from an authenticated user before authenticating that the trusted device correct the security state of the target device.

[0019] In some embodiments, other parts of the security protocol for determining whether a trusted device should be allowed to modify the security state of a target device are based on a set of ranging operations (e.g., determining distance, proximity, etc.). In some embodiments, the method uses ranging information (e.g., distance, proximity, etc.) to determine whether a trusted device and a target device are within a specified range of each other before allowing the trusted device to modify the security state of the target device. For example, in some embodiments, the target device and trusted device (e.g., a laptop computer, mobile phone, tablet, etc.) perform one or more ranging operations to calculate a sample distance measurement between the trusted device and the target device. Once the sample distance measurement is captured, the trusted device determines whether the sample distance measurement satisfies a specific set of criteria (e.g., whether the device satisfies proximity conditions), and if the calculated composite distance measurement satisfies proximity conditions, exchanges security information with the target device to modify the security state on the target device (e.g., arming biometric authentication). In some embodiments, modifying the security state includes switching between unlock steps in a two-step unlock procedure, or unlocking access to allow the target device to be unlocked by biometric authentication or a passcode. For example, a trusted device, such as a mobile device, can arm a target device, such as a head-wearable device, by not fully unlocking the head-wearable device, but allowing the head-wearable device to be unlocked only by biometric authentication or by providing a passcode.

[0020] In some embodiments, a trustworthy device is established as a trustworthy device through an authentication (or pairing) process with a target device. Through the authentication process, the user can grant the trustworthy device permission to arm (or modify the security state of) the target device. Some embodiments of trustworthy devices receive a security token or other shared secret during the authentication process that can be used to modify the security state of the target device in a future session. Once a trust relationship is established between the target device and the trustworthy device, the security state of the target device can be modified using the trustworthy device.

[0021] Referring to FIGS. 1-10, these and other embodiments are described below. However, those skilled in the art will readily understand that the forms for implementing the invention given in this specification with respect to these figures are for illustrative purposes only and should not be construed as limiting.

[0022] According to some embodiments, as shown, for example, in FIG. 1, a head-wearable device 100 includes a frame 110 that is worn on a user's head. The frame 110 can be positioned in front of the user's eyes to provide information within the user's field of view. The frame 110 can provide nose pads or other features for resting on the user's nose. The frame 110 can be supported on the user's head using a fixation element 120. The fixation element 120 can wrap around or extend along opposite sides of the user's head. The fixation element 120 can include earpieces that wrap around the user's ears, engage the user's ears in other ways, or rest on the user's ears. It will be understood that other configurations can be applied to fix the head-wearable device 100 to the user's head. For example, in addition to or instead of the illustrated components of the head-wearable device 100, one or more bands, straps, belts, caps, hats, or other components can be used. As a further example, the fixation element 120 can include multiple components that engage the user's head.

[0023] The frame 110 can provide a structure around its peripheral region to support any internal components of the frame 110 in their assembled positions. For example, the frame 110 can surround and support various internal components (including, for example, integrated circuit chips, processors, memory devices, and other circuits) to provide computing and functional operations to the head-wearable device 100, as further described herein. Any number of components can be included within and / or on the frame 110 and / or the fixation element 120.

[0024] The head-wearable device 100 may include a camera 130 for capturing a view of the environment outside the head-wearable device 100. The camera 130 may include optical sensors such as photodiodes or photodiode arrays. Additionally or alternatively, the camera 130 may include one or more of the various types of optical sensors arranged in various configurations to detect user input as described herein. The camera 130 may be configured to capture images of a scene or subject located within the field of view of the camera 130. The images may be stored in a digital file according to one of several digital formats. In some embodiments, the head-wearable device 100 includes a camera that includes an image sensor formed from a charge-coupled device (CCD) and / or complementary metal-oxide-semiconductor (CMOS) device, a photocell, a photoresist component, a laser scanner, etc. It will be recognized that the camera may include other motion-sensing devices.

[0025] Frame 110 may include and / or support one or more cameras 130. Cameras 130 may be positioned outside 122 of or near frame 110 to capture images of the external view of the head-wearable device 100. As used herein, the outside of a portion of the head-wearable device is the side away from the user and / or facing the external environment. Captured images may be used for display to the user or stored for any other purpose.

[0026] The head-wearable device 100 may include one or more other sensors. Such sensors can be configured to sense virtually any kind of property, including but not limited to images, pressure, light, touch, force, temperature, position, and motion. For example, sensors may be photodetectors, temperature sensors, light or optical sensors, barometric pressure sensors, humidity sensors, magnets, gyroscopes, accelerometers, chemical sensors, ozone sensors, particle count sensors, etc. As a further example, sensors may be biosensors for tracking biometric properties such as health and activity indicators. Other user sensors may perform facial feature detection, facial movement detection, facial recognition, eye tracking, user mood detection, user emotion detection, voice detection, etc.

[0027] Referring here to Figure 2, a head-wearable device may include optical modules that provide a visual output for the user wearing the head-wearable device to view. As shown in Figure 2, one or more optical modules 140 can be positioned inside 124 of the frame 110. As used herein, the inside of a portion of the head-wearable device is the side facing the user and / or away from the external environment. For example, a pair of optical modules 140 may be provided, each optical module 140 being movably positioned so as to be within the field of view of each of the user's two eyes. Each optical module 140 can be adjusted to align with the user's corresponding eye. For example, each optical module 140 may be moved along one or more axes until the center of each optical module 140 aligns with the center of the corresponding eye. Thus, the distance between the optical modules 140 can be set based on the user's interpupillary distance. For example, one or more module actuators can be provided to move the optical modules 140 relative to the frame 110 of the head-wearable device 100. Each optical module 140 may include a display element 170 for displaying user visual information.

[0028] The movement of each optical module can be matched to the movement of the corresponding camera module. For example, each optical module 140 can be supported on the inside 124 of the frame 110, and the camera 130 can be coupled to one of the corresponding optical modules 140 and move together with it. The optical modules 140 can be adjusted to align with the user's corresponding eye, and the camera 130 can be adjusted in correspondence so that the field of view provided by the optical modules 140 corresponds to the field of view captured by the camera 130. Thus, the optical modules 140 can accurately reproduce, simulate, or extend the view based on the view captured by the camera 130, with alignment that corresponds to the view the user would naturally have without the head-wearable device 100.

[0029] In some implementations, the optical module 140 may include a biosensor, such as an iris scanner, to perform a secure biometric authentication method by authenticating an individual's identity based on the unique pattern of their iris. The iris is the colored part of the eye surrounding the pupil and contains many intricate and complex patterns unique to each individual. The iris scanner may capture an image of an individual's iris and compare it to a previously stored template of the same individual's iris using one or more algorithms. If the patterns match, the individual is authenticated and granted access to the device or system they are attempting to access.

[0030] In some implementations, the iris scanner may be protected from unauthorized access through physical security. For example, the iris scanner may be located within a secure enclave 124 inside the frame 110, and as a result, the secure enclave may be unlocked based on user permission or other security settings. In one or more implementations, the secure enclave may refer to a protected and / or isolated area within the head-wearable device 100.

[0031] The optical module 140 can transmit light from the physical environment for the user to see (for example, so that it is captured by a camera module). Such an optical module 140 may include optical properties such as lenses for visual correction based on incident light from the physical environment. Additionally or alternatively, the optical module 140 can provide information as a display within the user's field of view. Such information may be provided so as to exclude the field of view of the physical environment, or in addition to (for example, superimposed on) the physical environment.

[0032] The physical environment refers to the physical world that people can perceive and / or interact with without the help of electronic systems. Examples of physical environments, such as a physical park, include physical objects such as physical trees, physical buildings, and physical people. People can directly perceive and / or interact with the physical environment through senses such as sight, touch, hearing, taste, and smell.

[0033] Head-worn devices also have security features to prevent unauthorized access to the device and the user's personal data. For example, a head-worn device may implement user authentication that requires the user to log in with a username and password before they can use the device. In another example, a head-worn device may implement physical security features such as biometric authentication, proximity sensors, or locking mechanisms to prevent theft or unauthorized access to the device.

[0034] Some embodiments allow a user to modify the security state of a target device (e.g., unlock it) based on its relationship with a trusted device (e.g., proximity). Figure 3 conceptually illustrates a process 300 for a trusted device to modify the security state of a target device using secure ranging. Process 300 is performed by a trusted device (e.g., a device authorized to modify the security state). An initiating device (e.g., a trusted device) initiates process 300 using a non-initiating device (e.g., the target device) to modify the security state of the target device. In one or more implementations, the target device may be the initiating device, and the trusted device may be the non-initiating device. In some examples, the trusted device may be a mobile device such as a phone, tablet, or laptop computer, a wearable device such as a wristwatch, or a stationary device such as a desktop computer.

[0035] In block 305, process 300 is initiated by a trusted device detecting, using a first radio protocol, that a target device is in proximity to the trusted device and available to perform security operations with the trusted device. In some embodiments, the trusted device may establish an initial connection between the trusted device and the target device. The initial connection may use a secure, standardized radio protocol (e.g., Bluetooth) as the first radio protocol for discovering other devices and establishing the initial connection. In some implementations, the trusted device may detect that the target device is available to perform security operations with the trusted device after the target device has transitioned from a powered-off state. For example, the target device may be powered off, then powered on, and begin a cold boot operation.

[0036] In block 310, it is determined whether the trusted device is in an unlocked state. If the trusted device is in an unlocked state, process 300 proceeds to block 320. Otherwise, process 300 proceeds to block 315 for further authentication status determination of the trusted device.

[0037] In block 315, it is determined whether the trusted device is in a locked state, not an unlocked state, and whether less than a threshold amount of time has elapsed since the trusted device was last unlocked. If less than a threshold amount of time has elapsed since the trusted device was last unlocked, process 300 proceeds to block 320.

[0038] If a trusted device is either unlocked or locked and less than a threshold amount of time has elapsed since the trusted device was last unlocked, block 320 determines that the trusted device is authorized to perform security operations with the target device. In some embodiments, security operations may include causing the target device to correct its security state.

[0039] In one or more implementations, both the trusted device and the target device may transmit Bluetooth advertisements indicating their current state. For example, the trusted device may advertise that it is unlocked, locked, or locked but unlocked more than X minutes ago, and the target device may advertise that it is ready to be armed. Each device receives advertisements from other devices and can then determine whether ranging should be performed (for example, when the trusted device is unlocked or locked but unlocked more than a threshold amount of time ago, and when the target device is ready to be armed). If any of these conditions are not met, the device will not perform ranging (this is battery-intensive).

[0040] In some embodiments, a trusted device can establish a ranging connection between the trusted device and a target device. In some embodiments, the trusted device can use an initial connection to exchange ranging connection information with the target device and set up a ranging connection between the trusted device and the target device. In some embodiments, the ranging connection is a radio channel of a second radio protocol (e.g., Wi-Fi) used by the trusted device to exchange ranging information (e.g., through a series of ranging operations) to determine whether the distance between the target device and the trusted device satisfies proximity conditions or is within a specific range. The ranging connection may be encrypted and / or utilize encrypted ranging transmissions to protect the exchanged ranging information from potential attackers.

[0041] In block 325, the trusted device uses a second radio protocol to perform ranging calculations to determine the distance between the trusted device and the target device. In some embodiments, the trusted device may capture sample distance measurements between the trusted device and the target device.

[0042] In block 330, the trusted device determines that the measured distance between the trusted device and the target device satisfies the proximity condition, and then process 300 proceeds to block 335. If the measured distance does not satisfy the proximity condition, and therefore the trusted device and the target device are not within the desired range, process 300 terminates. In some embodiments, the proximity condition may correspond to a pre-configured threshold distance on the trusted device. In other embodiments, the proximity condition may include one or more acceptable distance ranges set by the user configuration.

[0043] If a trusted device determines that the trusted device and the target device are within a range that satisfies the proximity condition, in block 335, the trusted device transmits security information to the target device through a secure (e.g., encrypted) channel in order to transition the target device from a first security state to a second security state. The secure channel may encrypt communications using a secure encryption key to protect the security information. The security information (e.g., arming information, security key, etc.) is used to correct the security state on the target device. In some implementations, the secure channel is established via an initial connection established in block 305 to perform detection (e.g., using a first radio protocol). In other implementations, the secure channel is established via a separate, distinct connection.

[0044] In some implementations, security information transmitted to a target device by a trusted device causes the target device to modify its security state from a first security state to a second security state. In this regard, the initiation of the security state change is performed by the trusted device. In some implementations, the first security state of the target device may include a security state in which the target device can only be unlocked by providing a passcode on the target device. In some implementations, the second security state of the target device may include a security state in which the target device can only be unlocked by providing a passcode or by biometric authentication.

[0045] In some implementations, the initial connection used to advertise and discover device availability, the ranging connection used for ranging calculations, and the connection used to communicate authentication data are all different and distinct connections. For example, different connections may use different protocols or different communication methods (e.g., frequency spectrum bands, radio protocols, etc.). For example, data communicated over a particular connection may actually be transmitted over a different frequency spectrum band or network (e.g., the Internet). Different connections can offer different advantages. For example, the initial connection might use a first radio protocol to facilitate discovery and reduce power consumption, while the ranging connection might use a second radio protocol for radio frequency and higher security granularity.

[0046] Figure 4 illustrates an example of correcting the security state of a target device using secure ranging between a target device and a trusted device. The first stage 401 shows a trusted device 410 (e.g., a laptop computer, mobile phone, tablet, smartwatch, wireless headset, etc.) and a target device 420 (e.g., a head-worn device). The trusted device 410 may be a device authorized to make changes to the security state of the target device 420. In the first stage 401, the trusted device 410 detects, via a first wireless protocol, that the target device 420 is available to perform security operations with the trusted device 410. For example, the trusted device 410 detects that the target device 420 is in an armed state and initiates the process of correcting the security state of the target device 420.

[0047] In some embodiments, the first wireless protocol may be Bluetooth. In some implementations, the detection performed by the trusted device 410 in the first stage 401 may be initiated in response to sensing that the target device 420 has transitioned from a powered-off state to a powered-on state or to a first security state (for example, the target device may only be unlocked by entering security credentials such as a passcode).

[0048] The first stage 401 also indicates that when the trusted device 410 is in an unlocked state, or when the trusted device 410 is in a locked state and less than a threshold amount of time has elapsed since the trusted device 410 was last unlocked, it is determined that the trusted device 410 is authorized to perform security operations with the target device 420. As shown in Figure 4, for example, the trusted device 410 is in an unlocked state.

[0049] In the second stage 402, in response to the trusted device 410's determination that it is authorized to perform security operations with the target device 420, the trusted device 410 uses a second radio protocol to perform ranging calculations to determine the distance between the trusted device 410 and the target device 420. A ranging connection is established between the trusted device 410 and the target device 420 via the second radio protocol (shown by a dashed line). In some embodiments, the second radio protocol may be Wi-Fi. The second stage 402 also indicates that ranging information 430 may be exchanged between the trusted device and the target device via the ranging connection.

[0050] The ranging information 430 enables the trusted device 410 to calculate the distance between the two devices. For example, the third step 403 shows that the trusted device 410 uses a distance estimator 440 to analyze the ranging information 430. In some implementations, the trusted device 410 determines whether to continue the security state change operation by determining whether the calculated range satisfies the proximity condition.

[0051] The fourth stage 404 indicates that the trusted device 410, after determining that the device is within acceptable range by meeting proximity conditions, transmits security information 450 to the target device 420. The security information 450 may be used as an extended security feature for the target device 420 to unlock the target device 420 but not to fully unlock it, thereby arming the target device 420. While various examples in this application are described with reference to arming operations using security information, it should be understood by those skilled in the art that the novelty of the present technology is not limited to such arming operations. Arming operations can refer to any modification of the security state in the target device based on its relationship with the trusted device. In addition, the security information may include various different types of information, although it may also be referred to as a key. The security information may be a key used to unlock access to biometric authentication, allowing the target device 420 to be fully unlocked by biometric authentication, while in other implementations, the security information may be a key used to allow the target device 420 to be fully unlocked by providing a passcode on the target device 420. This allows the target device 420 to remain secure while in a pseudo-unlocked state when the trusted device 410 is within range.

[0052] Figure 5 conceptually illustrates the process by which a trusted device uses secure ranging to correct the security state of a target device. Process 500 is performed by the target device (e.g., the device whose security state is to be corrected). The initiating device (e.g., the target device) initiates process 500 using a non-initiating device (e.g., a trusted device) to correct the security state of the target device.

[0053] In block 505, process 500 begins with the target device detecting, using a first radio protocol, that a trusted device is in proximity to the target device and available to perform security operations with the target device. In some embodiments, one of the trusted devices or the target device may establish an initial connection between the trusted device and the target device. The initial connection may use a secure, standardized radio protocol (e.g., Bluetooth) as the first radio protocol for discovering other devices and establishing the initial connection. In some implementations, the target device may detect that a trusted device is available to perform security operations with the target device after the target device has transitioned from a powered-off state. For example, the target device may be powered off and then, after some time, powered on and begin a cold boot operation, and the detection operation performed by the target device may be part of the cold boot operation.

[0054] In block 510, the target device determines whether the trusted device is in an unlocked state. If the trusted device is in an unlocked state, process 500 proceeds to block 525. Otherwise, process 500 proceeds to block 515 for further authentication status determination of the trusted device. In some implementations, the trusted device may transmit state information indicating whether the trusted device is in an unlocked state and time information indicating when the trusted device last transitioned to an unlocked state via the initial connection with the target device.

[0055] In block 515, the trusted device is in a locked state, not an unlocked state, and the target device determines whether less than a threshold amount of time has elapsed since the trusted device was last unlocked. If less than a threshold amount of time has elapsed since the trusted device was last unlocked, process 500 proceeds to block 525. Otherwise, process 500 terminates.

[0056] In block 525, when the trusted device is unlocked, or when the trusted device is locked and the target device determines that less than a threshold time has elapsed since the trusted device was last unlocked, the trusted device performs ranging calculations using a second radio protocol to determine the distance between the trusted device and the target device. In some embodiments, the trusted device may capture sample distance measurements between the trusted device and the target device.

[0057] In some embodiments, one of the trusted devices or the target device may establish a ranging connection between the trusted device and the target device. In some embodiments, the target device may use an initial connection to exchange ranging connection information with the trusted device in order to set up a ranging connection between the trusted device and the target device. In some implementations, the ranging connection is a radio channel of a second radio protocol (e.g., Wi-Fi) used by the target device to exchange ranging information (e.g., through a series of ranging operations) to determine whether the distance between the target device and the trusted device satisfies proximity conditions or is within a specific range. The ranging connection may be encrypted to protect the exchanged ranging information from potential attackers.

[0058] In block 530, the target device determines that the measured distance between the trusted device and the target device satisfies the proximity condition, and then process 500 proceeds to block 535. If the measured distance does not satisfy the proximity condition, and therefore it is determined that the trusted device and the target device are not within the desired range, process 500 terminates. If the target device determines that the trusted device and the target device are within range, in block 535, the trusted device transitions from the first security state to the second security state.

[0059] Figure 6 shows another example of correcting the security state of a target device using secure ranching between a target device and a trusted device. The first stage 601 shows a trusted device 610 (e.g., a laptop computer, mobile phone, tablet, smartwatch, wireless headset, etc.) and a target device 620 (e.g., a head-worn device). In some embodiments, the trusted device 610 is a device authenticated to modify the security state of the target device 620. In the first stage 601, the target device 620 detects, via a first wireless protocol, that the trusted device 610 is available to perform security operations with the target device 620.

[0060] In some embodiments, the first wireless protocol may be Bluetooth. In some implementations, the detection performed by the target device 620 in the first stage 601 may be initiated in response to the target device 620 transitioning from a powered-off state to a powered-on state or to a first security state (for example, the target device 620 may only be unlocked by providing a passcode).

[0061] The first stage 601 also indicates that when the trusted device 610 is in an unlocked state, or when the trusted device 610 is in a locked state and less than a threshold amount of time has elapsed since the trusted device 610 was last unlocked, the target device 620 determines that the trusted device 610 is authorized to perform security operations with the target device 620. As shown in Figure 6, for example, the trusted device 610 is in an unlocked state. For example, the target device 620 detects the trusted device 610 which is in an unlocked state or has recently been in an unlocked state, and initiates a process to correct the security state of the target device 620.

[0062] In the second stage 602, in response to the target device 620's determination that the trusted device 610 is authorized to perform security operations with the target device 610, the target device 620 uses a second radio protocol to perform ranging calculations to determine the distance between the trusted device 610 and the target device 620. A ranging connection is established between the trusted device 610 and the target device 620 via the second radio protocol (shown by a dashed line). In some embodiments, the second radio protocol may be Wi-Fi. The second stage 602 also indicates that ranging information 630 may be exchanged between the trusted device 610 and the target device 620 via the ranging connection.

[0063] The ranging information 630 enables the target device 620 to calculate the distance between the two devices. For example, the third step 603 shows that the target device 620 uses the distance calculator 640 to analyze the ranging information 630. In some implementations, the target device 620 determines whether to continue the security state change operation by determining whether the calculated range satisfies the proximity condition.

[0064] The fourth stage 604 indicates that the target device 620 transitions from the first security state to the second security state after determining that the device is within acceptable range by satisfying proximity conditions. For example, the target device 620 may arm itself by not fully unlocking itself, as an extended security feature for the target device 620. By transitioning to the second security state, the target device 620 may unlock access to biometric authentication, thereby allowing the target device 620 to be fully unlocked via biometric authentication. In other implementations, the transition to the second security state allows the target device 620 to be fully unlocked by providing a passcode on the target device 620. This allows the target device 620 to remain secure while in a pseudo-unlocked state when a trusted device 610 is within range.

[0065] Figures 7 to 9 show different sequence diagrams for providing secure ranching when correcting the security state of a target device from a trusted device. In Figure 7, sequence diagram 700 shows a first example for providing secure ranching when correcting the security state of a target device from a trusted device. The first step 701 shows the target device 720 and trusted device 720 in Figure 4. In this example, the target device 720 is a head-worn device (e.g., head-worn device 100), and the trusted device 710 is a mobile device such as a mobile phone. In other embodiments, the trusted device 710 may be a tablet.

[0066] The first stage 701 also indicates that the trusted device 710 provides the user with the option to transition the trusted device 710 to an unlocked state. In this example, the first stage 701 indicates that the user initiates an unlock operation 730, transitioning the trusted device 710 from a locked state to an unlocked state. In one or more implementations, the trusted device 710 may transition back to a locked state after being in an unlocked state for a predetermined duration.

[0067] As part of the first stage 701, the trusted device 710 may determine that it is authorized to perform security operations with the target device 720 when the trusted device 710 is in an unlocked state, or when the trusted device 710 is in a locked state and less than a threshold amount of time has elapsed since the trusted device 710 was last unlocked. In some embodiments, as part of the first stage 701, the trusted device 710 may use a first radio protocol, such as Bluetooth, to detect that the target device 720 is available to perform security operations with the trusted device 710.

[0068] The second stage 702 indicates that a ranging connection has been established between the target device 710 and the trusted device 720 using a second wireless protocol, such as Wi-Fi. The second stage 702 also indicates that the trusted device 710 and the target device 720 exchange distance data as part of the secure ranging process. In the second stage 702, the trusted device 720 determines that the target device 720 is within a distance that satisfies the proximity condition. In some implementations, the target device and the trusted device use secure ranging calculations to determine whether the devices are within a desired range.

[0069] The third stage 703 indicates that the target device 720 transitions from a first security state to a second security state. In some implementations, the trusted device 710, upon determining that the proximity condition is met, transmits security information to the target device 720 using a first radio protocol to cause the target device 720 to transition to the second security state. In some embodiments, the first security state includes a security state in which the target device 720 is unlocked only by providing a passcode, and the second security state includes a security state in which the target device 720 is unlocked by providing a passcode or by biometric authentication. In this example, the third stage 703 indicates that since access to perform biometric authentication has been unlocked on the target device 720, the target device 720 can be fully unlocked by biometric authentication.

[0070] In Figure 8, sequence diagram 800 shows a second example for providing secure ranging when correcting the security state of a target device from a trusted device. For brevity and ease of explanation, only the differences will be explained by referring to Figure 7. The first stage 801 shows the target device 820 and trusted device 820 in Figure 4. In this example, the target device 820 is a head-worn device (e.g., head-worn device 100), and the trusted device 810 is a wearable device such as a smartwatch. The first stage 801 shows a user initiating an unlock operation 830, which transitions the trusted device 810 from a locked state to an unlocked state. As part of the first stage 801, the trusted device 810 may determine that it is authorized to perform security operations with the target device 820 when the trusted device 810 is in an unlocked state, or when the trusted device 810 is in a locked state and less than a threshold amount of time has elapsed since the trusted device 810 was last unlocked.

[0071] In the second stage 802, the trusted device 820 determines that the target device 820 is within a distance that satisfies the proximity condition. The third stage 803 indicates that the target device 820 transitions from the first security state to the second security state. In this example, the third stage 803 indicates that since access to perform biometric authentication has been unlocked on the target device 820, the target device 820 can be fully unlocked by biometric authentication.

[0072] In Figure 9, sequence diagram 900 shows a third example for providing secure ranging when correcting the security state of a target device from a trusted device. For brevity and ease of explanation, only the differences will be explained by referring to Figure 7. The first stage 901 shows the target device 920 and trusted device 920 in Figure 4. In this example, the target device 920 is a wearable device (e.g., head-wearable device 100), and the trusted device 910 is a stationary device such as a desktop computer. The first stage 901 shows a user initiating an unlock operation 930, which transitions the trusted device 910 from a locked state to an unlocked state. As part of the first stage 901, the trusted device 910 may determine that it is authorized to perform security operations with the target device 920 when the trusted device 910 is in an unlocked state, or when the trusted device 910 is in a locked state and less than a threshold amount of time has elapsed since the trusted device 910 was last unlocked.

[0073] In the second stage 902, the trusted device 920 determines that the target device 920 is within a distance that satisfies the proximity condition. The third stage 903 indicates that the target device 920 transitions from the first security state to the second security state. In this example, the third stage 903 indicates that the target device 920 can be fully unlocked by biometric authentication because access to perform biometric authentication has been unlocked on the target device 920.

[0074] As described above, one aspect of the technology is the collection and use of data available from specific legitimate sources to enable a trusted device to correct the security status of a target device. This disclosure assumes that, in some cases, such collected data may include personal data that uniquely identifies or can be used to identify a particular person. Such personal data may include voice data, demographic data, location-based data, online identifiers, telephone numbers, email addresses, home addresses, byte metric data or records relating to a user's health or fitness level (e.g., vital sign measurements, medication information, exercise information, movement information, heart rate information, training information), date of birth, or any other personal information.

[0075] This disclosure acknowledges that such use of personal data in this technology may be for the benefit of the user. For example, personal data may be used to enable a trusted device to correct the security status of a target device.

[0076] This disclosure assumes that entities responsible for collecting, analyzing, disclosing, transferring, storing, or otherwise using such personal data will adhere to well-established privacy policies and / or privacy practices. Specifically, such entities are expected to implement and consistently apply privacy practices that are generally recognized as meeting or exceeding industry or government requirements for maintaining user privacy. Such information regarding the use of personal data should be conspicuously and readily accessible to users and should be updated as data collection and / or use changes. Personal data from users should be collected only for legitimate use. Furthermore, such collection / sharing should be done after obtaining user consent or on other legitimate grounds specified in applicable law. In addition, such entities should consider taking all necessary steps to protect and secure access to such personal data and to ensure that others with access to personal data faithfully adhere to those privacy policies and procedures. Furthermore, such entities may undergo third-party evaluations to demonstrate their compliance with widely accepted privacy policies and practices. In addition, policies and practices should be adapted to the specific types of personal data collected and / or accessed, and should conform to applicable laws and standards, including jurisdiction-specific considerations that may play a role in imposing higher standards. For example, in the United States, the collection or access to certain health data may be subject to federal and / or state laws, such as the Health Insurance Portability and Accountability Act (HIPAA). Health data in other countries, on the other hand, may be subject to other regulations and policies and should be addressed accordingly.

[0077] Notwithstanding the foregoing, the Disclosure also envisions a manner in which a user can selectively prevent the use of or access to personal data. That is, the Disclosure intends that hardware and / or software elements may be provided to prevent or prevent access to such personal data. For example, in the example of generating physiological predictions, the Technology may be configured to allow a user to choose to “opt in” or “opt out” of participating in the collection and / or sharing of personal data during or at any time thereafter when registering for the Service. In addition to providing “opt-in” and “opt-out” options, the Disclosure intends to provide notices regarding access to or use of personal data. For example, a user may be notified when downloading an app that will access their personal data, and then reminded again immediately before the app accesses the personal data.

[0078] Furthermore, the intent of this disclosure is that personal data should be managed and handled in a manner that minimizes the risk of unintentional or unauthorized access or use. Risks can be minimized by limiting data collection and deleting data when it is no longer needed. In addition, where applicable in certain health-related applications, data anonymization can be used to protect user privacy. Anonymization may be facilitated, where appropriate, by removing identifiers, controlling the amount or specificity of data stored (e.g., collecting location data at the city level rather than at the address level or a scale insufficient for facial recognition), controlling how data is stored (e.g., aggregating data across users), and / or by other means such as differential privacy.

[0079] Therefore, while this disclosure broadly covers the use of personal data to implement one or more of the disclosed implementations, it is also conceivable that these implementations could be implemented without requiring access to such personal data. In other words, the various implementations of the technology would not be rendered inoperable by the absence of all or part of such personal data.

[0080] Figure 10 shows an electronic system 1000 capable of realizing one or more implementations of the technology of the present application. The electronic system 1000 may be and / or a part thereof the head-wearable device 100 shown in Figure 1, the trusted devices (410, 610, 710, 810, 910) shown in Figures 4, 6-9, and / or the target devices (420, 620, 720, 820, 920) shown in Figures 4, 6-9. The electronic system 1000 may include various types of computer-readable media and interfaces for various other types of computer-readable media. The electronic system 1000 may include a bus 1008, one or more processing units 1012, system memory 1004 (and / or buffers), ROM 1010, permanent storage device 1002, input device interface 1014, output device interface 1006, and one or more network interfaces 1016, or subsets and variations thereof.

[0081] Bus 1008 collectively represents all system, peripheral, and chipset buses that communicate with a number of internal devices of the electronic system 1000. In one or more implementations, bus 1008 communicates with one or more processing units 1012 to the ROM 1010, system memory 1004, and permanent storage device 1002. From these various memory units, one or more processing units 1012 retrieve instructions to execute and data to process in order to perform the processes disclosed herein. One or more processing units 1012 may be a single processor or a multi-core processor in different implementations.

[0082] The ROM 1010 stores static data and instructions required by one or more processing units 1012 and other modules of the electronic system 1000. On the other hand, the persistent storage device 1002 may be a read / write memory device. The persistent storage device 1002 may be a non-volatile memory unit that stores instructions and data even when the electronic system 1000 is off. In one or more implementations, a mass storage device (such as a magnetic or optical disk and its corresponding disk drive) may be used as the persistent storage device 1002.

[0083] In one or more implementations, a removable storage device (such as a flash drive and its corresponding solid-state drive) may be used as the persistent storage device 1002. Similar to the persistent storage device 1002, the system memory 1004 may be a read-write memory device. However, unlike the persistent storage device 1002, the system memory 1004 may be a volatile read-write memory, such as random-access memory. The system memory 1004 can store any of the instructions and data that one or more processing units 1012 may need at runtime. In one or more implementations, the process disclosed herein is stored in the system memory 1004, the persistent storage device 1002, and / or the ROM 1010. From these various memory units, one or more processing units 1012 retrieve the instructions to be executed and the data to be processed in order to execute the process in one or more implementations.

[0084] Bus 1008 also connects to an input device interface 1014 and an output device interface 1006. The input device interface 1014 allows the user to communicate information and select commands to the electronic system 1000. Input devices that may be used with the input device interface 1014 may include, for example, an alphanumeric keyboard and a pointing device (also referred to as a "cursor control device"). The output device interface 1006 may enable, for example, the display of images generated by the electronic system 1000. Output devices that may be used with the output device interface 1006 may include, for example, printers and display devices such as liquid crystal displays (LCDs), light-emitting diode (LED) displays, organic light-emitting diode (OLED) displays, flexible displays, flat panel displays, solid-state displays, projectors, or any other devices for outputting information. One or more implementations may include devices that function as both input and output devices, such as a touchscreen. In these implementations, the feedback provided to the user can be any form of sensory feedback, such as visual feedback, auditory feedback, or haptic feedback, and user input can be received in any form, including acoustic input, voice input, or haptic input.

[0085] Finally, as shown in Figure 10, the bus 1008 also connects the electronic system 1000 to one or more networks and / or one or more network nodes, such as the head-wearable device 100 shown in Figure 1, the trusted devices (410, 610, 710, 810, 910) shown in Figures 4, 6-9, and / or the target devices (420, 620, 720, 820, 920) shown in Figures 4, 6-9, via one or more network interfaces 1016. In this way, the electronic system 1000 can be part of a network in multiple networks, such as a computer network (LAN, wide area network ("WAN"), or intranet, or the Internet. Any or all components of the electronic system 1000 can be used in conjunction with the disclosures of this application.

[0086] Implementations within the scope of this disclosure can be partially or completely realized using tangible computer-readable storage media (or multiple tangible computer-readable storage media of one or more types) that encode one or more instructions. The tangible computer-readable storage media may also be, in fact, non-transient.

[0087] A computer-readable storage medium can be any storage medium that can be read, written to, or otherwise accessed by a general-purpose or dedicated computing device, including any processing electronic equipment and / or processing circuitry capable of executing instructions. For example, but not limited to, a computer-readable medium can include any volatile semiconductor memory such as RAM, DRAM, SRAM, T-RAM, Z-RAM, and TTRAM. A computer-readable medium can also include any non-volatile semiconductor memory such as ROM, PROM, EPROM, EEPROM, NVRAM, flash, nvSRAM, FeRAM, FeTRAM, MRAM, PRAM, CBRAM, SONOS, RRAM, NRAM, Racetrack memory, FJG, and Millipede memory.

[0088] Furthermore, the computer-readable storage medium may include any non-semiconductor memory, such as optical disk storage devices, magnetic disk storage devices, magnetic tapes, other magnetic storage devices, or any other medium capable of storing one or more instructions. In one or more implementations, the tangible computer-readable storage medium may be directly coupled to a computing device, while in other implementations, the tangible computer-readable storage medium may be indirectly coupled to a computing device, for example, via one or more wired connections, one or more wireless connections, or any combination thereof.

[0089] Instructions can be made directly executable or used to develop executable instructions. For example, instructions can be implemented as executable or non-executable machine code, or as instructions in a high-level language that can be compiled to produce executable or non-executable machine code. Furthermore, instructions can also be implemented as data or contain data. Computer executable instructions can also be structured in any format, including routines, subroutines, programs, data structures, objects, modules, applications, applets, functions, etc. As will be recognized by those skilled in the art, details including, but not limited to, the number, structure, order, and structuring of instructions can be changed considerably without altering the basic logic, function, processing, and output.

[0090] The above discussion primarily refers to microprocessors or multicore processors that run software, but one or more implementations are performed by one or more integrated circuits, such as ASICs or FPGAs. In one or more implementations, such integrated circuits execute instructions stored within the circuit itself.

[0091] Many of the functions and applications described above are implemented as software processes, specified as a set of instructions recorded on a computer-readable storage medium (also referred to as a computer-readable medium). When these instructions are executed by one or more computing units or processing units (e.g., one or more processors, processor cores, or other processing units), the instructions cause the processing units to perform the actions indicated by those instructions. In this specification, the term “software” includes firmware residing in read-only memory or applications stored in magnetic storage devices that can be loaded into memory for processing by a processor. In some embodiments, multiple software programs may also be implemented as subdivisions of a larger program while remaining separate software programs. In some embodiments, multiple software programs may also be implemented as separate programs. Finally, any combination of separate programs that collaboratively implement the software programs described herein falls within the scope of the present technology. In some embodiments, when a software program is installed to run on one or more electronic systems, it defines one or more specific machine implementations that perform and execute the operations of that software program.

[0092] Those skilled in the art will understand that the various exemplary blocks, modules, elements, components, methods, and algorithms described herein can be implemented as electronic hardware, computer software, or a combination of both. Above, to demonstrate this hardware-software compatibility, the various exemplary blocks, modules, elements, components, methods, and algorithms have been generally described in terms of their functionality. Whether such functionality is implemented in hardware or software depends on the design constraints imposed on the overall system and the specific application. Those skilled in the art will be able to perform the described functionality in various ways for each specific application. The various components and blocks may be arranged differently (for example, in a different order or divided in a different way) without departing entirely from the scope of the art of this application.

[0093] Any particular order or hierarchy of blocks in the disclosed process should be understood as an example of an exemplary approach. Based on design preferences, the order or hierarchy of blocks in the process may be rearranged, or all of the exemplary blocks may be executed. Any of the blocks may be executed simultaneously. Multitasking and parallel processing may be advantageous in one or more implementations. Furthermore, the separation of various system components in the implementations described above should not be understood as requiring such separation in all implementations. The described program components and systems may be integrated into a single software product or packaged into multiple software products.

[0094] As used in this specification and in the claims, the terms “reliable device,” “target device,” “computer,” “server,” “processor,” and “memory” all refer to electronic or other technical devices. These terms exclude persons or groups of persons. For the purposes of this specification, the terms “display” or “displaying” mean displaying on an electronic device.

[0095] When used herein, the phrase “at least one” preceding a set of items, along with the terms “and” or “or” separating any of the items, modifies the entire list, rather than each member of the list (i.e., each item). The phrase “at least one” does not require the selection of at least one of each listed item; rather, it allows for meanings including at least one of any one of the items, and / or at least one of any combination of the items, and / or at least one of each of the items. For example, the phrases “at least one of A, B, and C” or “at least one of A, B, or C” each refer to A only, B only, or C only, any combination of A, B, and C, and / or at least one of each of A, B, and C.

[0096] The predicates “configured to,” “operable to,” and “programmed to” are not intended to imply any specific tangible or intangible modification of the object, but rather to be interchangeable. In one or more implementations, a processor configured to monitor and control operations or components may also mean that the processor is programmed to monitor and control operations, or that the processor is operable to monitor and control operations. Similarly, a processor configured to execute code may be interpreted as a processor that is programmed to execute code, or operable to execute code.

[0097] The phrases "one aspect," "that aspect," "another aspect," "several aspects," "one or more aspects," "one implementation," "that implementation," "another implementation," "several implementations," "one or more implementations," "one embodiment," "that embodiment," "another embodiment," "several implementations," "one or more implementations," "one configuration," "that configuration," "another configuration," "several configurations," "one or more configurations," "the technology of the Application," "disclosure," "this disclosure," "other variations thereof," and similar phrases are for convenience only and do not imply that disclosures relating to such phrases (singular or plural) are essential to the technology of the Application or that such disclosures apply to all configurations of the technology of the Application. Disclosures relating to such phrases (singular or plural) may apply to all configurations or one or more configurations. Disclosures relating to such phrases (singular or plural) may provide one or more examples. Phrases such as "aspect" or "several aspects" may refer to one or more aspects, and vice versa, as with the other aforementioned phrases.

[0098] The word “exemplary” is used herein to mean “to serve as an example, case, or illustration.” Any embodiment described herein as “exemplary” or “example” should not necessarily be construed as being preferable or advantageous over other forms of implementation. Furthermore, to the extent that terms such as “include” and “have” are used in the specification or claims, such terms are intended to be comprehensive in the same manner as the term “comprise” is construed as when “comprise” is used as a substitute in the claims.

[0099]

[0100] All structural and functional equivalents of elements of various aspects described herein, whether known to those skilled in the art or to become known thereafter, are expressly incorporated herein by reference and are intended to be included in the claims. Furthermore, nothing disclosed herein is to be made public, whether such disclosure is expressly enumerated in the claims. No element of any claim should be construed under Section 112(f) of the United States Patent Act unless the element is expressly enumerated using the phrase “means for” or, in the case of a method claim, the element is enumerated using the phrase “step for”.

[0101] The foregoing description is provided to enable those skilled in the art to implement the various embodiments described herein. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the general principles defined herein can also be applied to other embodiments. Therefore, the claims are not intended to limit themselves to the embodiments shown herein, but rather to encompass the entire scope corresponding to the literal claims, and references to elements in the singular are not intended to mean "one and only one" unless otherwise noted, but rather "one or more." Unless otherwise noted, the term "some" refers to one or more things. Masculine pronouns (e.g., his) include feminine and neuter genders (e.g., her and her), and vice versa. Headings and subheadings, if any, are used for convenience only and do not limit the disclosure of this application.

Claims

1. It is a method, A first device using a first wireless protocol detects that a nearby second device is available to perform security operations with the first device, When the first device is in an unlocked state, or when the first device is in a locked state and less than a threshold time has elapsed since the first device was last unlocked, the first device determines that it is authenticated to perform the security operation with the second device. In response to the first device determining that it is authenticated to perform the security operation with the second device, the first device performs a ranging operation using a second wireless protocol, which is different from the first wireless protocol, in order to determine the distance between the first device and the second device. The first device determines whether the distance satisfies the proximity condition, A method comprising: determining that the distance satisfies the proximity condition, the first device transmitting security information to the second device using the first wireless protocol in order to transition the second device from a first security state to a second security state.

2. The method according to claim 1, wherein the first security state includes a security state in which the second device is unlocked only by providing a passcode, and the second security state includes a security state in which the second device is unlocked by providing the passcode or by biometric authentication.

3. The method according to claim 1, wherein the first wireless protocol includes Bluetooth and the second wireless protocol includes Wi-Fi.

4. The method according to claim 1, wherein the first device detects that the second device is available to perform the security operation with the first device after the second device has transitioned from a powered-off state.

5. The first device determines whether at least a predetermined duration has elapsed since the second device transitioned from the first security state to the second security state, The first device determines whether the first device is in the unlocked state, In response to a determination that the first device is in the unlocked state and that at least the predetermined duration has elapsed since the second device transitioned from the first security state to the second security state, the first device transmits the security information to the second device using the first wireless protocol in order to transition the second device back to the second security state. The method according to claim 1, further comprising:

6. It is a device, Memory and At least one processor, Determine whether the device is in an unlocked state, or whether it is in a locked state and less than a threshold time has elapsed since the device was last unlocked. In response to a determination that the device is in the unlocked state, or is in the locked state and less than a threshold time has elapsed since the device was last unlocked, a ranging operation is performed using a first wireless protocol to determine the distance between the device and the other device. Determine whether the aforementioned distance satisfies the proximity condition. A device comprising: at least one processor configured such that, in response to a determination that the distance satisfies the proximity condition, it transmits security information to the other device using a second wireless protocol in order to correct the security state of the other device, and the second wireless protocol is different from the first wireless protocol.

7. The device according to claim 6, wherein the security state of the other device is modified by transitioning the other device from a first security state to a second security state.

8. The aforementioned at least one processor is It is determined that at least a predetermined duration has elapsed since the other device transitioned from the first security state to the second security state, Determine whether the device is in the unlocked state, The device according to claim 7, further configured to transmit the security information to the other device using the first wireless protocol to cause the other device to transition to the second security state, in response to a determination that the device is in the unlocked state and that at least the predetermined duration has elapsed since the other device transitioned from the first security state to the second security state.

9. The device according to claim 7, wherein the first security state includes a security state in which the other device is unlocked only by providing a passcode, and the second security state includes a security state in which the other device is unlocked by providing a passcode or by biometric authentication.

10. The device according to claim 6, wherein the first wireless protocol includes Wi-Fi and the second wireless protocol includes Bluetooth.

11. The aforementioned at least one processor is Using the first wireless protocol, detect that the other device is available to perform security operations with the device, The system is further configured to determine whether the other device is authorized to perform the security operation with the device when the other device is in the unlocked state, or when the other device is in the locked state and less than a threshold amount of time has elapsed since the other device was last unlocked. The device according to claim 6, wherein the ranging calculation is further performed in response to a determination that the other device is authorized to perform the security operation with the device.

12. The device according to claim 11, wherein the at least one processor is further configured to detect that the other device is available to perform the security operation with the device after the other device has transitioned from a powered-off state.

13. It is a method, A first device using a first wireless protocol determines whether a second device adjacent to the first device is in an unlocked state, or is in a locked state and less than a threshold time has elapsed since the second device was last unlocked, In response to the first device determining whether the second device is in the unlocked state or in the locked state and less than a threshold time has elapsed since the second device was last unlocked, the first device performs a ranging calculation using a second wireless protocol, which is different from the first wireless protocol, to determine the distance between the first device and the second device. The first device determines whether the distance satisfies the proximity condition, A method comprising: modifying the security state of the first device in response to a determination that the distance satisfies the proximity condition.

14. The method according to claim 13, wherein the security state of the first device is modified by transitioning the first device from a first security state to a second security state.

15. The method according to claim 14, further comprising the first device receiving security information from the second device in order to transition the first device from a first security state to a second security state using the first wireless protocol, in response to a determination that the distance satisfies the proximity condition.

16. The method according to claim 14, wherein the first security state includes a security state in which the first device is unlocked only by providing a passcode, and the second security state includes a security state in which the first device is armed and access to unlock the second device is unlocked by biometric authentication or by providing a passcode.

17. The method according to claim 16, wherein the access for unlocking the second device by biometric authentication remains unlocked for a predetermined duration.

18. The method according to claim 16, wherein the access to unlock the first device is unlocked only by providing the passcode or by detecting that the second device is in the unlocked state if the access to unlock the first device is not authenticated after a predetermined duration has elapsed since the first device transitioned to the second security state.

19. The method according to claim 14, wherein the first device transitions from a power-off state to the first security state.

20. The first device uses the first wireless protocol to detect that the second device is available to perform security operations with the first device, The first device further includes determining whether the second device is authorized to perform the security operation with the first device when the second device is in the unlocked state, or when the second device is in the locked state and less than a threshold time has elapsed since the second device was last unlocked, The method according to claim 13, wherein the ranging calculation is further performed in response to a determination by the first device that the second device is authorized to perform the security operation with the first device.