METHODS AND SYSTEMS FOR ADDRESSING MOBILE COMMUNICATIONS DEVICES THAT ARE LOST OR STOLEN BUT NOT YET REPORTED AS SUCH

US 20160066189A1
Filed: 11/10/2015
Published: 03/03/2016
Est. Priority Date: 02/17/2009
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

detecting, by a security component on a mobile communications device, a usage of the mobile communications device;

comparing, by the security component, the detected usage to a stored usage pattern associated with an authorized user of the mobile communications device to determine if there is a difference between the detected usage and the stored usage pattern;

associating, by the security component, a measure with the stored usage pattern when there is a difference between the detected usage and the stored usage pattern;

determining, by the security component, that the detected usage was not caused by the authorized user when the associated measure is beyond a threshold measure; and

in response to the determination, issuing a command by the security component, the command causing a restriction of an ability of the mobile communications device to be used to access a resource.

View all claims

10 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method is provided for evaluating the usage of a mobile communications device that itself provides access to a resource. In the method, a detected usage of the mobile communications device is compared to a stored usage pattern of an authorized user. When a measure associated with the difference between the detected usage and the stored usage pattern exceeds a threshold, it is concluded that the mobile communications device is being used by an unauthorized user. In response to this conclusion, a restriction is placed on an ability of the mobile communications device to access the resource.

91 Citations

View as Search Results

46 Claims

1. A method comprising:
- detecting, by a security component on a mobile communications device, a usage of the mobile communications device;
  
  comparing, by the security component, the detected usage to a stored usage pattern associated with an authorized user of the mobile communications device to determine if there is a difference between the detected usage and the stored usage pattern;
  
  associating, by the security component, a measure with the stored usage pattern when there is a difference between the detected usage and the stored usage pattern;
  
  determining, by the security component, that the detected usage was not caused by the authorized user when the associated measure is beyond a threshold measure; and
  
  in response to the determination, issuing a command by the security component, the command causing a restriction of an ability of the mobile communications device to be used to access a resource.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38)
- - 2. The method of claim 1, wherein the associated measure is a measure of a risk that the detected usage was not caused by the authorized user.
  - 3. The method of claim 1, wherein the detected usage comprises a detected usage pattern and wherein the comparing includes comparing the detected usage pattern to the stored usage pattern.
  - 4. The method of claim 1, further including a group including a plurality of authorized users, each group member with a corresponding stored usage pattern, wherein the comparing compares the detected usage to the stored usage pattern for each group member, wherein the associating associates a measure with each stored usage pattern, wherein the determining determines that the detected usage was not caused by an authorized user of the mobile communications device when each associated measure is beyond the threshold measure, and wherein the resource includes a group resource.
  - 5. The method of claim 4, wherein no group member has reported that the mobile communications device is missing or stolen.
  - 6. The method of claim 4, wherein the group includes at least one unauthorized user, the at least one unauthorized user not allowed to access the group resource.
  - 7. The method of claim 6, the method further comprising:
    - based on the comparison, determining by the security component, that the detected usage was caused by an unauthorized user;
      
      in response to the determination, issuing a notification by the security component, to a designated group member, the notification informing the designated group member of the detected usage.
  - 8. The method of claim 4, wherein the group comprises at least one of an enterprise, an organization, or a family.
  - 9. The method of claim 1, further including a plurality of groups, each group including a plurality of authorized users, each group with a corresponding stored usage pattern, wherein the comparing compares the detected usage to the stored usage pattern for each group, wherein the associating associates a measure with each stored usage pattern, wherein the determining determines that the detected usage was not caused by an authorized user of the mobile communications device when each associated measure is beyond the threshold measure, and wherein the resource includes a group resource.
  - 10. The method of claim 9, wherein no group member has reported that the mobile communications device is missing or stolen.
  - 11. The method of claim 9, wherein the group includes at least one unauthorized user, the at least one unauthorized user not allowed to access the group resource.
  - 12. The method of claim 11, the method further comprising:
    - based on the comparison, determining by the security component, that the detected usage was caused by an unauthorized user;
      
      in response to the determination, issuing a notification by the security component, to a designated group member, the notification informing the designated group member of the detected usage and the identity of the unauthorized user.
  - 13. The method of claim 9, wherein the group comprises at least one of an enterprise, an organization, or a family.
  - 14. The method of claim 1, wherein the detected usage includes a use of the mobile communications device by a user.
  - 15. The method of claim 1, wherein the detected usage is based on data from a sensor on the mobile communications device.
  - 16. The method of claim 15, wherein the sensor provides one or both of location information or temperature information.
  - 17. The method of claim 16, wherein the detected usage includes one or both of a location of the mobile communications device, or a movement of the mobile communications device.
  - 18. The method of claim 1, wherein the mobile communications device comprises a first mobile communications device, and wherein each at least one stored usage pattern is based on one or both of a previous use of the first mobile communications device by an authorized user of the mobile communications device, or a previous use of a second mobile communications device by the authorized user.
  - 19. The method of claim 1, wherein the command causing the restriction commands one or both of a revoking of an access permission to a network resource or a revoking of an access permission to a resource within the mobile communications device.
  - 20. The method of claim 1, wherein the resource includes group data stored on the mobile communications device, and wherein the command causing the restriction commands the deleting of the stored group data.
  - 21. The method of claim 1, further comprising, in response to the determination, causing, by the security component, the gathering of information by the mobile communications device and the reporting of the gathered information to an administrator, the gathered information including information about one or more of the use of the mobile communications device, the location of the mobile communications device, or the environment of the mobile communications device.
  - 22. The method of claim 1, wherein the command causing the restriction is performed automatically by the security component in response to the determination that the usage was not caused by the authorized user, the method further comprising:
    - after the command, providing one or both of the authorized user or a second user with an opportunity to rescind the restriction.
  - 23. The method of claim 1, wherein the command causing the restriction is sent to at least one other device, the mobile communications device being privileged to pair with the at least one other device, the command revoking the privilege to pair with the at least one other device.
  - 24. The method of claim 1, the claim further comprising:
    - in response to the determination, allowing the re-authentication of the authorized user to rescind the restriction.
  - 25. The method of claim 24, wherein the re-authentication is based on biometric information.
  - 26. The method of claim 25, wherein the biometric information includes one or more of a voice sample, a fingerprint, or a retinal scan.
  - 27. The method of claim 1, the claim further comprising:
    - in response to the determination, sending a message to a second device used by the authorized user, the message relating to the determination that the detected behavior was not caused by the authorized user.
  - 28. The method of claim 27, wherein the message includes first information, the method further comprising rescinding the restriction in response to the first information being entered into the mobile communications device.
  - 29. The method of claim 27, the method further comprising rescinding the restriction in response to the security component receiving a response to the message.
  - 30. The method of claim 27, wherein the message is sent before the issuing of the command causing a restriction, and wherein the command causing a restriction is issued when a response to the message is not received by the security component within a predetermined period.
  - 31. The method of claim 1, wherein the restriction is a suspending of a trust relationship between the mobile communications device and a server.
  - 32. The method of claim 1, the method further comprising:
    - in response to the determination, issuing a command by the security component, the command causing the mobile communications device to emit a sound encoded with information identifying the mobile communications device.
  - 33. The method of claim 32, wherein the sound is also encoded with information identifying a location related to the mobile communications device.
  - 34. The method of claim 33, wherein the information identifying a location related to the mobile communications device relates to the identity of a Wi-Fi access point.
  - 35. The method of claim 33, the method further comprising:
    - causing, by the security component, a second device to attempt to detect and decode the emitted sound; and
      
      causing, by the security component, the second device to provide the identity of the mobile communications device and a location related to the second device.
  - 36. The method of claim 1, the method further comprising, in response to the determination, issuing a command by the security component, the command causing the migration of a functionality of the mobile communications device to a second device.
  - 37. The method of claim 1, the method further comprising, in response to the determination, issuing a command by the security component, the command causing a server to suspend delivery of a push notification to the mobile communications device and causing the push notification to be directed to a second device.
  - 38. The method of claim 1, wherein the stored usage pattern is based on one or both of use of the mobile communication device by the authorized user or physical activity of the authorized user.

39. A method comprising:
- detecting, by a security component on a mobile communications device, an event related to the mobile communications device;
  
  comparing, by the security component, the detected event to a stored usage pattern associated with an authorized user of the mobile communications device to determine if there is a difference between the detected event and the stored usage pattern;
  
  associating, by the security component, a measure with the stored usage pattern when there is a difference between the detected event and the stored usage pattern;
  
  determining, by the security component, that the detected event was not caused by the authorized user when the associated measure is beyond a threshold measure; and
  
  in response to the determination, issuing a command by the security component, the command causing a restriction of an ability of the mobile communications device to be used to access a resource.
- View Dependent Claims (40, 41, 42)
- - 40. The method of claim 39, wherein the detected event is detected based on data from a sensor on the mobile communications device.
  - 41. The method of claim 40, wherein the sensor provides one or both of location information or temperature information.
  - 42. The method of claim 41, wherein the detected event includes one or both of an arrival at a location, a motion, a speed, or a temperature.

43. A method comprising:
- detecting, by a security component on a mobile communications device, a usage of the mobile communications device;
  
  comparing, by the security component, the detected usage to a stored usage pattern associated with an authorized user of the mobile communications device to determine if there is a difference between the detected usage and the stored usage pattern;
  
  associating, by the security component, a measure with the stored usage pattern when there is a difference between the detected usage and the stored usage pattern;
  
  determining, by the security component, that the detected Usage was not caused by the authorized user when the associated measure is beyond a threshold measure; and
  
  in response to the determination, issuing a command by the security component, the command causing the mobile communications device to emit a sound encoded with information identifying the mobile communications device.
- View Dependent Claims (44, 45, 46)
- - 44. The method of claim 43, wherein the sound is also encoded with information identifying a location related to the mobile communications device.
  - 45. The method of claim 44, wherein the information identifying a location related to the mobile communications device relates to the identity of a Wi-Fi access point.
  - 46. The method of claim 44, the method further comprising:
    - causing, by the security component, a second device to detect and decode the emitted sound; and
      
      causing, by the security component, the second device to provide the identity of the mobile communications device and a location related to the second device to a server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
F-Secure Corporation (F-Secure Oyj)
Original Assignee
Lookout Incorporated
Inventors
Mahaffey, Kevin Patrick, Hering, John G., Burgess, James David, Grkov, Vance, Richardson, David Luke, Mandal, Ayan, Mangat, Cherry, Buck, Brian James, Robinson, William

Granted Patent

US 9,955,352 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/316   by observing the pattern of...

G06F 21/88   Detecting or preventing the...

H04L 63/0861   using biometrical features,...

H04L 63/14   for detecting or protecting...

H04M 15/58   based on statistics of usag...

H04M 15/7652   shared by users

H04W 12/08   Access security

H04W 12/12   Detection or prevention of ...

H04W 12/126   Anti-theft arrangements, e....

H04W 12/30   Security of mobile devices;...

H04W 12/68   Gesture-dependent or behavi...

H04W 4/02   Services making use of loca...

H04W 4/021   Services related to particu...

H04W 4/025   using location based inform...

H04W 4/027   using movement velocity, ac...

H04W 4/029   Location-based management o...

H04W 4/90   Services for handling of em...

H04W 48/02   Access restriction performe...

H04W 8/245   from a network towards a te...

METHODS AND SYSTEMS FOR ADDRESSING MOBILE COMMUNICATIONS DEVICES THAT ARE LOST OR STOLEN BUT NOT YET REPORTED AS SUCH

First Claim

10 Assignments

0 Petitions

Accused Products

Abstract

91 Citations

46 Claims

Specification

Solutions

Use Cases

Quick Links

METHODS AND SYSTEMS FOR ADDRESSING MOBILE COMMUNICATIONS DEVICES THAT ARE LOST OR STOLEN BUT NOT YET REPORTED AS SUCH

First Claim

10 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

91 Citations

46 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links