METHOD FOR MITIGATING THE UNAUTHORIZED USE OF A DEVICE

US 20090253408A1
Filed: 04/02/2008
Published: 10/08/2009
Est. Priority Date: 04/02/2008
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

providing, by a mobile device, instructions regarding how to return the mobile device to an authorized user;

detecting, by the mobile device, that a security compromise event has occurred; and

altering the function of the mobile device in response to said security compromise event to mitigate loss of control by the authorized user.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The invention is directed to systems and methods for detecting the loss, theft or unauthorized use of a device and/or altering the functionality of the device in response. In one embodiment, a device monitors its use, its local environment, and/or its operating context to determine that the device is no longer within the control of an authorized user. The device may receive communications or generate an internal signal altering its functionality, such as instructing the device to enter a restricted use mode, a surveillance mode, to provide instructions to return the device and/or to prevent unauthorized use or unauthorized access to data. Additional embodiments also address methods and systems for gathering forensic data regarding an unauthorized user to assist in locating the unauthorized user and/or the device.

183 Citations

83 Claims

1. A method comprising:
- providing, by a mobile device, instructions regarding how to return the mobile device to an authorized user;
  
  detecting, by the mobile device, that a security compromise event has occurred; and
  
  altering the function of the mobile device in response to said security compromise event to mitigate loss of control by the authorized user.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82)
- - 2. The method as disclosed in claim 1, wherein the mobile device is selected from a group consisting of:
    - a laptop computer;
      
      a desktop computer;
      
      a mobile subscriber communication device;
      
      a mobile phone;
      
      a personal digital assistant (PDA);
      
      a data tablet;
      
      a digital camera;
      
      a video camera;
      
      a video game console;
      
      a media player;
      
      a USB key;
      
      a global positioning system (GPS); and
      
      combinations thereof.
  - 3. The method as disclosed in claim 1, wherein the security compromise event is selected from the group consisting of:
    - loss of control of the mobile device by the authorized user;
      
      theft of the mobile device;
      
      loss of knowledge as to the whereabouts of the mobile device;
      
      intrusion of an electronic threat including at least one of an electronic virus, an electronic worm, an electronic trojan horse;
      
      unauthorized access to private information in the mobile device; and
      
      use of the mobile device in a manner not authorized by a wireless service provider.
  - 4. The method as disclosed in claim 1, wherein altering the function of the mobile device further comprises presenting, by the mobile device, an automated message to a current user of the mobile device, wherein the automated message comprises at least one of a notification:
    - that the mobile device has been lost or stolen;
      
      that the user may press any button to initiate contact with a security authority;
      
      that a reward is offered for the prompt return of the mobile device; and
      
      providing instructions for return of the mobile device.
  - 5. The method as disclosed in claim 4, wherein the message includes at least one of an audio message, a textual message, and a video message.
  - 6. The method as disclosed in claim 4, wherein the message is presented while the current user is utilizing the mobile device to place a telephone call.
  - 7. The method as disclosed in claim 1, wherein altering the function of the mobile device further comprises playing a sequence of DTMF tones on the mobile device while the current user is using the mobile device to place a telephone call.
  - 8. The method as disclosed in claim 1, wherein altering the function of the mobile device further comprises altering display illumination on the mobile device to draw attention to the mobile device.
  - 9. The method as disclosed in claim 1, wherein altering the function of the mobile device further comprises playing over a loudspeaker in the mobile device a unpleasant sound.
  - 10. The method as disclosed in claim 1, wherein altering the function of the mobile device further comprises sending a message to the authorized user, the message comprising information selected from the group consisting of:
    - a phone number called by the mobile device;
      
      a current operational status of the mobile device;
      
      a location of the mobile device;
      
      a statement that the mobile device has been removed from a predetermined location;
      
      a statement that the mobile device is in motion;
      
      a date and time stamp indicating when the device was first used after occurrence of the security event; and
      
      instructions to call a security authority to initiate a recovery process.
  - 11. The method as disclosed in claim 1, further comprising:
    - obtaining a theft notification record for the authorized user; and
      
      contacting the authorized user by at least one of;
      
      a phone call placed to a phone number specified in the theft notification record, whereupon audio instructions are provided to the authorized user regarding how to contact the current user of the mobile device to recover the mobile device; and
      
      a text message sent electronically to an address specified in the theft notification record, whereupon textual instructions are provided to the authorized user regarding how to contact the current user of the mobile device to recover the mobile device; and
      
      a printed message sent by conventional mail to an address specified in the theft notification record, whereupon textual instructions are provided to the authorized user regarding how to contact the current user of the mobile device to recover the mobile device.
  - 12. The method as disclosed in claim 1, wherein altering the function of the mobile device further comprises:
    - obtaining a list of features to be restricted upon occurrence of the security event; and
      
      inhibiting the functionality of features on the list.
  - 13. The method as disclosed in claim 12, wherein obtaining a list of features to be restricted further comprises:
    - accessing, by the authorized user, a web interface presenting a list of features available for restriction upon a loss of control of the mobile device;
      
      accepting inputs from the authorized user regarding features available for restriction; and
      
      transferring the accepted inputs to the mobile device.
  - 14. The method as disclosed in claim 1, wherein altering the function of the mobile device further comprises at least one of:
    - preventing phone calls from being placed from the mobile device;
      
      restricting phone numbers that may be called from the mobile device to a predetermined list of numbers;
      
      requiring entry of a password before the mobile device may be used by a current user;
      
      presenting a message to return the device;
      
      shutting down the mobile device;
      
      commanding the mobile device to perform a destructive function that renders the mobile device at least partially inoperable;
      
      presenting frequent messages prompting a current user of the mobile device to contact a security authority to initiate return of the mobile device to the authorized user, the messages comprising at least one of a text message or an audio message;
      
      playing DTMF tones on a loudspeaker of the mobile device while the mobile device is in use; and
      
      allowing phone calls to be initiated only to one or more predetermined numbers within a contact list on the mobile device.
  - 15. The method as disclosed in claim 14, wherein requiring entry of a password further comprises:
    - detecting entry of an invalid password; and
      
      introducing a delay before entry of another password may be attempted by the current user.
  - 16. The method as disclosed in claim 14, wherein the security compromise event includes the mobile device being reported stolen or lost by the authorized user, and wherein the mobile device is insured against loss or theft.
  - 17. The method as disclosed in claim 1 further comprising:
    - providing a display prompting a user for entry of a user id and password; and
      
      providing a selectable indicia that provides the instructions regarding how to return the mobile device, the instructions being provided without a user needing to enter a valid user id and password.
  - 18. The method as disclosed in claim 17 further comprising:
    - prompting the current user to enter identification information;
      
      receiving and storing the identification information on the mobile device;
      
      searching for a communications connection to a security authority; and
      
      transferring the stored identification information to the security authority.
  - 19. The method as disclosed in claim 1 further comprising:
    - locking a subscriber identity module to prevent unfettered use of the mobile device; and
      
      prompting a current user for entry of a personal unblocking code.
  - 20. The method as disclosed in claim 19 further comprising forwarding, by a security authority, a personal unblocking code to a predetermined address specified by the authorized user.
  - 21. The method as disclosed in claim 1, further comprising:
    - receiving a phone number from a current user of the mobile device;
      
      intercepting a call placed by the current user to the mobile device; and
      
      routing the call to at least one of a security authority and the authorized user.
  - 22. The method as disclosed in claim 1, further comprising:
    - receiving indicia that the mobile device is engaging in a telephone call; and
      
      alerting at least one of the authorized user and a security authority that the mobile device is engaging in a telephone call.
  - 23. The method as disclosed in claim 22, further comprising:
    - receiving a request to access the telephone call; and
      
      establishing a conference connection to the telephone call with a third party, wherein;
      
      the third party includes one of the authorized user and a security authority; and
      
      the third party may actively participate in the conversation or listen to the conversation surreptitiously.
  - 24. The method as disclosed in claim 1, further comprising:
    - obtaining from the authorized user a list of data elements stored within the mobile device to be encrypted upon occurrence of the security compromise event; and
      
      upon occurrence of the security compromise event, encrypting the data elements with a password known by at least one of a security authority and the authorized user.
  - 25. The method as disclosed in claim 1, further comprising:
    - obtaining from the authorized user a list of data elements stored within the mobile device to be deleted upon occurrence of the security compromise event; and
      
      upon occurrence of the security compromise event, deleting the data elements.
  - 26. The method as disclosed in claim 25 further comprising overwriting the deleted data elements a predetermined number of times, the overwriting selected from the group consisting of:
    - random data;
      
      alternating data values;
      
      predetermined data patterns; and
      
      a combination thereof.
  - 27. The method as disclosed in claim 1, further comprising:
    - obtaining from the authorized user a list of data elements stored within the mobile device to be archived upon occurrence of the security compromise event;
      
      upon occurrence of the security compromise event, archiving the data elements; and
      
      wherein the data elements include at least one of;
      
      a software application;
      
      a data file;
      
      a media file; and
      
      a license.
  - 28. The method as disclosed in claim 27, wherein archiving the data elements further includes archiving licensing information for one or more of the data elements.
  - 29. The method as disclosed in claim 27, wherein the data is archived by transmitting the data to at least one of a security authority and a device accessible by the authorized user.
  - 30. The method as disclosed in claim 29, further comprising:
    - requesting, by the authorized user that an archived data element be retrieved from the archive;
      
      specifying, by the authorized user, a destination address to receive the archived data element; and
      
      transmitting the archived data element to the destination address.
  - 31. The method as disclosed in claim 1, further comprising:
    - establishing within the mobile device a specified location to store one or more sensitive data elements;
      
      upon occurrence of the security compromise event executing a function selected from the group consisting of;
      
      encrypting one or more of the sensitive data elements with a password known to at least one of the authorized user and a security authority;
      
      deleting one or more of the sensitive data elements;
      
      multiply overwriting one or more of the sensitive data elements; and
      
      transmitting one or more of the sensitive data elements to an address specified by the authorized user.
  - 32. The method as disclosed in claim 1, further comprising:
    - encrypting designated files that are not open for use by an operating system running on the mobile device;
      
      intercepting operating system calls to open a file, and thereupon;
      
      decrypting the file; and
      
      opening the file; and
      
      intercepting operating system calls to close a file, and thereupon;
      
      closing the file; and
      
      encrypting the file.
  - 33. The method as disclosed in claim 32, further comprising designating, by the authorized user, a list of file types that are to be encrypted.
  - 34. The method as disclosed in claim 1, further comprising:
    - sensing a network address assigned to the mobile device;
      
      storing the sensed network address; and
      
      transmitting the sensed network address to a security authority.
  - 35. The method as disclosed in claim 1, further comprising:
    - sensing at least one wireless network address from one or more signals received by the mobile device;
      
      storing the sensed network address; and
      
      transmitting the sensed network address to a security authority.
  - 36. The method as disclosed in claim 1, further comprising:
    - sensing one or more wireless access point identifiers from one or more signals received by the mobile device;
      
      storing the wireless access point identifiers; and
      
      transmitting the sensed wireless access point identifiers to a security authority.
  - 37. The method as disclosed in claim 36, further comprising determining, based on the transmitted wireless access point identifiers, a location of the mobile device.
  - 38. The method as disclosed in claim 1, further comprising:
    - receiving, by the mobile device, a signal comprising geolocation information;
      
      obtaining the geolocation information from the received signal;
      
      storing the geolocation information on the mobile device; and
      
      transmitting the stored geolocation information to a security authority.
  - 39. The method as disclosed in claim 1, further comprising:
    - retrieving location information from a security authority;
      
      presenting the location information on a display including a map, the map indicating movement of the mobile device over time.
  - 40. The method as disclosed in claim 39, further comprising displaying indicia of time and date where each location information was obtained.
  - 41. The method as disclosed in claim 1, further comprising storing in the mobile device phone numbers called by the mobile device after occurrence of the security compromise event.
  - 42. The method as disclosed in claim 41, further comprising transmitting the stored phone numbers to a security authority.
  - 43. The method as disclosed in claim 1, further comprising:
    - activating a camera in communication with the mobile device;
      
      capturing and storing an image from the camera in the mobile device; and
      
      transmitting the image to a security authority.
  - 44. The method as disclosed in claim 43, further comprising deactivating the camera to preserve battery life.
  - 45. The method as disclosed in claim 43, further comprising prompting a current user of the mobile device to undertake an activity that requires looking at the mobile device.
  - 46. The method as disclosed in claim 45, wherein the activity comprises at least one of:
    - prompting the user to enter a password on the mobile device;
      
      playing an audio sequence on the mobile device;
      
      strobing a light source on the audio device;
      
      annunciating that the current user has won a prize and please watch for prize redemption details; and
      
      displaying a video sequence.
  - 47. The method as disclosed in claim 1, further comprising:
    - activating a microphone in communication with the mobile device;
      
      capturing and storing an audio sample from the microphone; and
      
      transmitting the stored audio sample to a security authority.
  - 48. The method as disclosed in claim 47, further comprising deactivating the microphone to preserve battery life.
  - 49. The method as disclosed in claim 1, further comprising:
    - activating a microphone in communication with the mobile device;
      
      initiating a surreptitious communication session with a security authority; and
      
      relaying audio data captured by the microphone to the security authority.
  - 50. The method as disclosed in claim 1 further comprising:
    - activating a camera in communication with the mobile device;
      
      capturing a video segment;
      
      storing the video segment in the mobile device; and
      
      transmitting the video segment to a security authority.
  - 51. The method as disclosed in claim 50, further comprising deactivating the camera to preserve battery life.
  - 52. The method as disclosed in claim 50, further comprising prompting a current user of the mobile device to undertake an activity that requires looking at the mobile device.
  - 53. The method as disclosed in claim 1, further comprising:
    - activating a camera in communication with the mobile device;
      
      initiating a surreptitious communication session with a security authority; and
      
      relaying video data captured by the camera to the security authority.
  - 54. The method as disclosed in claim 1 further comprising:
    - obtaining, by the mobile device, a sample of a current user'"'"'s voice;
      
      storing the voice sample in the mobile device; and
      
      transmitting the stored voice sample to a security authority.
  - 55. The method as disclosed in claim 1 further comprising activating a key logger, wherein a record of each key depressed on the mobile device is stored on the mobile device.
  - 56. The method as disclosed in claim 55 further comprising transmitting the record to a security authority.
  - 57. The method as disclosed in claim 1 further comprising:
    - logging into a remote access service by at least one of a security authority and the authorized user, wherein the remote access service is configured to communicate with the mobile device;
      
      activating an application programming interface in the mobile device to forward to the remote access service at least one of;
      
      a current status of the mobile device;
      
      a current location of the mobile device;
      
      an image taken by a camera in communication with the mobile device;
      
      a real-time video captured by a camera in communication with the mobile device;
      
      a list of keys pressed on the mobile device; and
      
      a list of services currently running on the mobile device.
  - 58. The method as disclosed in claim 57 further comprising:
    - transmitting a command to the mobile device to initiate a chat session; and
      
      providing an interface on the mobile device for enabling text-based interaction between the current user and at least one of the authorized user and the security authority.
  - 59. The method as disclosed in claim 1 further comprising:
    - initiating a wireless connection between the mobile device and at least one wireless transceiver; and
      
      relaying, through the at least one wireless transceiver, information regarding the current location of the mobile device to a security authority.
  - 60. The method as disclosed in claim 1 further comprising:
    - initiating a wireless connection between the mobile device and at least one wireless transceiver; and
      
      transmitting to the wireless transceiver a message indicating that a lost or stolen device is present within a signal range accessible by the transceiver.
  - 61. The method as disclosed in claim 1 further comprising:
    - initiating a wireless connection between the mobile device and at least one wireless transceiver;
      
      determining a signal strength for the wireless connection between the mobile device and the least one wireless transceiver;
      
      obtaining identifying indicia for the at least one wireless transceiver; and
      
      transmitting to a second wireless transceiver a message including the identifying indicia for the at least one wireless transceiver and the signal strength for the wireless connection between the mobile device and the least one wireless transceiver.
  - 62. The method as disclosed in claim 61 further comprising:
    - transmitting to the second wireless transceiver a message indicating that a mobile device within communication range of the second wireless transceiver has been reported lost or stolen.
  - 63. The method as disclosed in claim 1 further comprising:
    - initiating a wireless connection between the mobile device and at least one wireless transceiver;
      
      transmitting a message to the at least one wireless transceiver, the message including identifying indicia of the mobile device, and wherein the message includes at least one of the following;
      
      a request for response that includes the physical location of the at least one wireless transceiver;
      
      a request that a person in communication with the at least one wireless transceiver report that a lost or stolen device is within its communication range;
      
      a phone number for the authorized user;
      
      a phone number for a security authority; and
      
      a request to place a call to a security authority.
  - 64. The method as disclosed in claim 1 further comprising:
    - initiating a wireless connection between the mobile device and at least one wireless transceiver;
      
      transmitting a message to the at least one wireless transceiver, wherein the message requests that a response be provided that includes the physical location of the at least one wireless transceiver.
  - 65. The method as disclosed in claim 1 further comprising:
    - formatting a message for transmission to the mobile device, wherein the message comprises a command to be decoded by the mobile device.
  - 66. The method as disclosed in claim 65 wherein the command comprises an instruction to disable at least one feature of the mobile device.
  - 67. The method as disclosed in claim 65 wherein the message is selected from the group consisting of an SMS Text message, an encoded graphic image, an audio file, a proprietary data file, a CAB file, a ZIP file, an encryption key, a file identifier, an alternate password, a file type, an applet, sections of executable code, interpretable scripts, software updates, and combinations thereof.
  - 68. The method as disclosed in claim 65 wherein the command comprises an instruction to display a notification using an application residing on the mobile device.
  - 69. The method as disclosed in claim 68 wherein the application comprises at least one of a web browser, a text editor, graphic image displayer, a message screen, or a bitmap displayer.
  - 70. The method as disclosed in claim 68 wherein the application resides on a SIM card in the mobile device.
  - 71. The method as disclosed in claim 68 wherein a link residing on the SIM card is used with a browser to reference the application from a remote server.
  - 72. The method as disclosed in claim 65 wherein the message is steganographically encoded in a file containing a digital image.
  - 73. The method as disclosed in claim 65 wherein the command comprises an instruction to initiate data gathering of forensic evidence regarding recovery of the mobile device.
  - 74. The method as disclosed in claim 73 wherein gathering forensic evidence further comprises at least one of:
    - capturing an image of at least one portion of the body of the current user;
      
      measuring a voice sample of the current user;
      
      tracking phone numbers dialed by the current user;
      
      tracking keys entered by the current user;
      
      logging websites visited by the current user; and
      
      recording email addresses of messages addressed by the current user.
  - 75. The method as disclosed in claim 74 wherein the gathered forensic information is transmitted to a security authority.
  - 76. The method as disclosed in claim 73 wherein the command executes in the mobile device without knowledge of the current user.
  - 77. The method as disclosed in claim 73 wherein the execution of the command by the mobile device causes a display to be presented to the current user, said display providing information regarding how to return the mobile device to at least one of the authorized user and a security authority.
  - 78. The method as disclosed in claim 1 wherein altering the function of the mobile device further comprises modifying a display on the mobile device, wherein the display includes only information regarding return of the mobile device to at least one of the authorized user and a security authority.
  - 79. The method as disclosed in claim 78 further comprising restricting the features of the mobile device to operate only to assist with return of the mobile device to at least one of a security authority and the authorized user.
  - 80. The method as disclosed in claim 1 further comprising:
    - determining that the mobile device was insured against loss or theft; and
      
      automatically altering the function of the mobile device when a security authority specifies the mobile device was lost or stolen.
  - 81. The method as disclosed in claim 1 wherein altering the function of the mobile device is based on a command received from a security authority.
  - 82. The method as disclosed in claim 80 wherein altering the function further comprises at least one of:
    - disabling use of the mobile device;
      
      detecting attempted use of the mobile device; and
      
      tracking the location of the mobile device.

83. A method comprising:
- providing, by a mobile device, a notification describing how to return the mobile device to an authorized user;
  
  detecting, by the mobile device, that a security compromise event has occurred;
  
  determining whether the function of the device should be altered in response to said security compromise event; and
  
  altering the function of the mobile device in response to said security compromise event to mitigate loss of control by the authorized user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Blancco Technology Group Ip Oy
Original Assignee
Inhance Technology
Inventors
Fitzgerald, William, Bermingham, Peter, Prendergast, Paul, Hannigan, Frank

Granted Patent

US 9,031,536 B2
Time in Patent Office

Days
Field of Search
US Class Current

455/411
CPC Class Codes

G06F 21/316   by observing the pattern of...

G06F 21/55   Detecting local intrusion o...

G06F 21/88   Detecting or preventing the...

G06F 2221/2101   Auditing as a secondary aspect

G06F 2221/2111   Location-sensitive, e.g. ge...

H04M 1/72454   according to context-relate...

H04M 1/72457   according to geographic loc...

H04M 1/72463   to restrict the functionali...

H04M 1/724631   by limiting the access to t...

H04M 2242/30   Determination of the locati...

H04M 3/42178   by downloading data to subs...

H04W 12/082   using revocation of authori...

H04W 12/12   Detection or prevention of ...

H04W 12/126   Anti-theft arrangements, e....

H04W 12/30   Security of mobile devices;...

H04W 12/63   Location-dependent; Proximi...

H04W 12/65   Environment-dependent, e.g....

H04W 88/02   Terminal devices

METHOD FOR MITIGATING THE UNAUTHORIZED USE OF A DEVICE

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

183 Citations

83 Claims

Specification

Use Cases

Quick Links

Others

METHOD FOR MITIGATING THE UNAUTHORIZED USE OF A DEVICE

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

183 Citations

83 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others