Method and system for rendering a stolen mobile communications device inoperative
First Claim
Patent Images
1. A method comprising:
- determining, by an autonomous security component preloaded on a system partition of an internal memory of a mobile communications device where an operating system is stored, the autonomous security component configured to persist after a factory reset of the mobile communications device and the autonomous security component being separate from the operating system, that the mobile communications device is in a first state, the first state being an indication that the mobile communications device is not in possession of an authorized user;
in response to the determination that the mobile communications device is in the first state, initiating and causing, by the autonomous security component, a destruction of a cryptographic key of a bootloader from a key store on the mobile communications device;
upon initiating and causing the destruction of the cryptographic key of the bootloader, initiating, by the autonomous security component, a boot sequence at the mobile communications device; and
during the boot sequence at the mobile communications device after the destruction of the cryptographic key, booting the mobile communications device into a kernel that restricts operation of the mobile communications device so that the mobile communications device can only communicate with a single server (i) to report at least one selected from the group of;
a mobile communications device location, and mobile communications device contextual information, and (ii) to receive a re-enablement cryptographic key from the single server.
9 Assignments
0 Petitions
Accused Products
Abstract
A method and system for rendering a stolen mobile communications device inoperative is presented. A determination that the mobile communications device is in a first state is made at a security component on the mobile communications device. A removal of a cryptographic key is affected at the security component on the mobile communications device.
-
Citations
16 Claims
-
1. A method comprising:
-
determining, by an autonomous security component preloaded on a system partition of an internal memory of a mobile communications device where an operating system is stored, the autonomous security component configured to persist after a factory reset of the mobile communications device and the autonomous security component being separate from the operating system, that the mobile communications device is in a first state, the first state being an indication that the mobile communications device is not in possession of an authorized user; in response to the determination that the mobile communications device is in the first state, initiating and causing, by the autonomous security component, a destruction of a cryptographic key of a bootloader from a key store on the mobile communications device; upon initiating and causing the destruction of the cryptographic key of the bootloader, initiating, by the autonomous security component, a boot sequence at the mobile communications device; and during the boot sequence at the mobile communications device after the destruction of the cryptographic key, booting the mobile communications device into a kernel that restricts operation of the mobile communications device so that the mobile communications device can only communicate with a single server (i) to report at least one selected from the group of;
a mobile communications device location, and mobile communications device contextual information, and (ii) to receive a re-enablement cryptographic key from the single server. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method comprising:
-
determining, by an autonomous security component preloaded on a system partition of an internal memory of a mobile communications device where an operating system is stored, the autonomous security component configured to persist after a factory reset of the mobile communications device and the autonomous security component being separate from the operating system, that the mobile communications device is not in possession of an authorized user; when the determination is that the mobile communications device is not in possession of an authorized user, receiving, from a single server and at the autonomous security component, a first cryptographic key; encrypting, at the autonomous security component, device storage contents with the first cryptographic key; after encrypting the device storage contents, initiating and causing, by the autonomous security component, a destruction of a second cryptographic key from a key store on the mobile communications device, the second cryptographic key being a cryptographic key of a bootloader; upon initiating and causing the destruction of the second cryptographic key, initiating, by the autonomous security component, a boot sequence at the mobile communications device; and during the boot sequence at the mobile communications device after the destruction of the second cryptographic key, booting the mobile communications device into a kernel that restricts operation of the mobile communications device so that the mobile communications device can only communicate with the single server (i) to report at least one selected from the group of;
a mobile communications device location, and mobile communications device contextual information, and (ii) to receive a re-enablement second cryptographic key from the single server. - View Dependent Claims (11, 12)
-
-
13. A non-transitory computer-readable medium encoded with a plurality of instructions which, when executed by a processor, cause the processor to perform a method comprising:
-
receiving, at a server, an indication that a mobile communications device is not in possession of an authorized user; sending, from the server, a first command for a security component preloaded on a system partition of an internal memory of the mobile communications device where an operating system is stored, the security component configured to persist after a factory reset and the security component being separate from the operating system, the first command directing the security component to encrypt data stored on the mobile communications device using a first cryptographic key from the server; upon receiving from the security component of the mobile communications device confirmation that the data stored has been encrypted, sending, from the server, a second command for the security component of the mobile communications device to cause a destruction of a second cryptographic key from a key store on the mobile communications device, the second cryptographic key being a cryptographic key of a bootloader, wherein, upon causing the destruction of the second cryptographic key of the bootloader, the security component autonomously initiates a boot sequence at the mobile communications device; and during the boot sequence at the mobile communications device after the destruction of the second cryptographic key, booting the mobile communications device into a kernel that restricts operation of the mobile communications device so that the mobile communications device can only communicate with the server (i) to report at least one selected from the group of;
a mobile communications device location, and mobile communications device contextual information, and (ii) to receive a re-enablement second cryptographic key from the server. - View Dependent Claims (14, 15, 16)
-
Specification