System and method to force a mobile device into a secure state

US 8,042,189 B2
Filed: 12/21/2006
Issued: 10/18/2011
Est. Priority Date: 03/20/2002
Status: Active Grant

First Claim

Patent Images

1. A method of forcing a mobile device into a secure state, comprising:

receiving at least one request from at least one software application operating on the mobile device to obtain at least one content protection ticket;

issuing at least one content protection ticket by an operating system of the mobile device in response to the at least one request if the mobile device is unlocked, and deferring issuance of the at least one content protection ticket if the mobile device is locked;

waiting for a trigger, wherein the trigger is to be used as an indication to force the mobile device into a secure state;

determining that the trigger has occurred;

in response to determining that the trigger has occurred, revoking all content protection tickets previously obtained from the operating system of the mobile device by the at least one software application operating on the mobile device and immediately unreferencing sensitive objects referenced by the at least one software application, wherein revoking a content protection ticket for a software application prevents the software application from accessing sensitive data associated with the sensitive objects;

in response to revoking all content protection tickets for the at least one software application, performing secure garbage collection upon the sensitive objects, wherein the secure garbage collection obliterates the sensitive data associated with the sensitive objects by wiping the sensitive data associated with the sensitive objects from memory to render the sensitive data unreadable; and

causing the mobile device to enter the secure state, in which the mobile device cannot be accessed without authorization.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments relate to systems and methods for implementation on a mobile device to force the mobile device into a secure state upon detection or determination of a triggering event. Once it is determined that a triggering event has occurred, each application operating on the mobile device is caused to immediately unreference sensitive objects and a secure garbage collection operation is performed upon the unreferenced sensitive objects to render data associated therewith unreadable. The mobile device is then caused to enter a secure state, in which the mobile device cannot be accessed without authorization. A microprocessor within the mobile device is configured to determine the existence of the triggering event according to a configuration data structure and to perform the secure garbage collection.

60 Citations

View as Search Results

35 Claims

1. A method of forcing a mobile device into a secure state, comprising:
- receiving at least one request from at least one software application operating on the mobile device to obtain at least one content protection ticket;
  
  issuing at least one content protection ticket by an operating system of the mobile device in response to the at least one request if the mobile device is unlocked, and deferring issuance of the at least one content protection ticket if the mobile device is locked;
  
  waiting for a trigger, wherein the trigger is to be used as an indication to force the mobile device into a secure state;
  
  determining that the trigger has occurred;
  
  in response to determining that the trigger has occurred, revoking all content protection tickets previously obtained from the operating system of the mobile device by the at least one software application operating on the mobile device and immediately unreferencing sensitive objects referenced by the at least one software application, wherein revoking a content protection ticket for a software application prevents the software application from accessing sensitive data associated with the sensitive objects;
  
  in response to revoking all content protection tickets for the at least one software application, performing secure garbage collection upon the sensitive objects, wherein the secure garbage collection obliterates the sensitive data associated with the sensitive objects by wiping the sensitive data associated with the sensitive objects from memory to render the sensitive data unreadable; and
  
  causing the mobile device to enter the secure state, in which the mobile device cannot be accessed without authorization.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, wherein the trigger is determined in response to user selection of a menu option.
  - 3. The method of claim 1, wherein the trigger is determined in response to user activation or actuation of one or more user input components on the mobile device.
  - 4. The method of claim 1, wherein the trigger is determined in response to a determined security threat.
  - 5. The method of claim 4, wherein the security threat is determined when a predetermined number of unsuccessful authorization attempts is made.
  - 6. The method of claim 4, wherein the security threat is determined when a software application attempts to access a function or data for which the software application is not authorized.
  - 7. The method of claim 1, wherein the secure garbage collection comprises calling a wipe function in relation to the sensitive objects.
  - 8. The method of claim 7, wherein the secure garbage collection further comprises clearing a system clipboard of the mobile device.
  - 9. The method of claim 7, wherein the wipe function is a native wipe function that sets object data of the sensitive objects to one of ones, zeroes and random data.
  - 10. The method of claim 9, wherein the wipe function over-writes the object data multiple times by setting the object data to one of ones, zeroes and random data each time.
  - 11. The method of claim 1, wherein the secure garbage collection is performed upon all sensitive objects that were referenced by the at least one software application.

12. A system for operation on a mobile device, wherein the mobile device includes memory for storing at least one object used by a software application operating on the mobile device to access sensitive data stored on the mobile device, the system comprising:
- a computer-readable storage medium for storing a configuration data structure to store information about a triggering event, wherein the triggering event is used as an indication to force the mobile device into a secure state;
  
  a garbage collection module for execution on the mobile device having a data access pathway to the configuration data structure and the memory; and
  
  a processor executing the garbage collection module and having access to the memory, the processor being configured to receive at least one request from at least one software application operating on the mobile device to obtain at least one content protection ticket, and issue at least one content protection ticket by an operating system of the mobile device in response to the at least one request if the mobile device is unlocked, and deferring issuance of the at least one content protection ticket if the mobile device is locked;
  
  the processor being further configured to revoke all content protection tickets previously obtained from the operating system of the mobile device by the at least one software application operating on the mobile device and immediately unreference sensitive objects referenced by the at least one software application in response to a determination that the triggering event has occurred based on the information stored in the configuration data structure, wherein revoking a content protection ticket for a software application prevents the software application from accessing sensitive data associated with the sensitive objects, the processor being further configured to perform a secure garbage collection with respect to the sensitive objects in response to revoking all content protection tickets for the at least one software application, wherein the secure garbage collection obliterates the sensitive data associated with the sensitive objects by wiping the sensitive data associated with the sensitive objects from memory to render the sensitive data unreadable, and to cause the mobile device to enter the secure state in which the mobile device cannot be accessed without authorization.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
- - 13. The system of claim 12, wherein the processor is configured to perform the secure garbage collection by calling a wipe function immediately in response to unreferencing of the sensitive objects.
  - 14. The system of claim 13, wherein the processor is configured to cause the mobile device to enter the secure state immediately in response to completion of the wipe function.
  - 15. The system of claim 13, wherein the secure garbage collection further comprises clearing a system clipboard of the mobile device.
  - 16. The system of claim 13, wherein the wipe function is a native wipe function that sets object data of the sensitive objects to one of ones, zeroes and random data.
  - 17. The system of claim 16, wherein the wipe function over-writes the object data multiple times by setting the object data to one of ones, zeroes and random data each time.
  - 18. The system of claim 12, wherein the processor is configured to cause all software applications operating on the mobile device to immediately unreference sensitive objects referenced by the respective software applications in response to the triggering event.
  - 19. The system of claim 12, wherein the triggering event comprises user selection of a menu option.
  - 20. The system of claim 12, wherein the triggering event comprises user activation or actuation of one or more input components on the mobile device.
  - 21. The system of claim 12, wherein the triggering event comprises a determined security threat.
  - 22. The system of claim 21, wherein the security threat is determined when a predetermined number of unsuccessful authorization attempts is made.
  - 23. The system of claim 21, wherein the security threat is determined when a software application attempts to access a function or data for which the software application is not authorized.

24. A mobile device comprising:
- a microprocessor configured to execute a software application that handles sensitive data and to access a configuration data structure storing information about a triggering event, wherein the triggering event is used as an indication to force the mobile device into a secure state;
  
  heap memory for storing at least one object used by the software application to access the sensitive data; and
  
  a garbage collection module executable by the microprocessor and having a data access pathway to the heap memory;
  
  wherein the microprocessor is configured to receive at least one request from at least one software application operating on the mobile device to obtain at least one content protection ticket, and issue at least one content protection ticket by an operating system of the mobile device in response to the at least one request if the mobile device is unlocked, and defer issuance of the at least one content protection ticket if the mobile device is locked;
  
  wherein the microprocessor is configured to revoke all content protection tickets previously obtained from the operating system of the mobile device by the at least one software application operating on the mobile device and immediately unreference sensitive objects in response to a determination by the microprocessor that the triggering event has occurred, wherein revoking a content protection ticket for a software application prevents the software application from accessing sensitive data associated with the sensitive objects, and wherein the microprocessor is further configured to cause the garbage collection module to perform a secure garbage collection in respect of the sensitive objects in response to revoking all content protection tickets for the at least one software application, wherein the secure garbage collection obliterates the sensitive data associated with the sensitive objects by wiping the sensitive data associated with the sensitive objects from memory to render the sensitive data unreadable, and wherein the microprocessor is further configured to cause the mobile device to enter the secure state following performance of the secure garbage collection.
- View Dependent Claims (25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35)
- - 25. The device of claim 24, wherein the processor is configured to cause the garbage collection module to perform the secure garbage collection by calling a wipe function immediately in response to unreferencing of the sensitive objects.
  - 26. The device of claim 25, wherein the processor is configured to cause the mobile device to enter the secure state immediately in response to completion of the wipe function.
  - 27. The device of claim 25, wherein the secure garbage collection further comprises clearing a system clipboard of the mobile device.
  - 28. The device of claim 25, wherein the wipe function is a native wipe function that sets object data of the sensitive objects to one of ones, zeroes and random data.
  - 29. The device of claim 28, wherein the wipe function over-writes the object data multiple times by setting the object data to one of ones, zeroes and random data each time.
  - 30. The device of claim 24, wherein the secure garbage collection is performed upon all sensitive objects referenced by the at least one software application.
  - 31. The device of claim 24, wherein the triggering event comprises user selection of a menu option.
  - 32. The device of claim 24, wherein the triggering event comprises user activation or actuation of one or more input components on the mobile device.
  - 33. The device of claim 24, wherein the triggering event comprises a determined security threat.
  - 34. The device of claim 33, wherein the security threat is determined when a predetermined number of unsuccessful authorization attempts is made.
  - 35. The device of claim 33, wherein the security threat is determined when software application attempts to access a function or data for which the software application is not authorized.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cloud Software Group Switzerland GmbH
Original Assignee
Blackberry Limited
Inventors
Adams, Neil P., Brown, Michael S., Brown, Michael K., Little, Herbert A.
Primary Examiner(s)
Vu; Kim
Assistant Examiner(s)
BEHESHTI SHIRAZI, SAYED ARESH

Application Number

US11/614,561
Publication Number

US 20070180540A1
Time in Patent Office

1,762 Days
Field of Search

726/26, 370/351, 370/428, 370/349, 370/345, 370/310, 370/401, 370/400, 370/389, 370/429, 365/244, 365/51, 365/52, 365/63, 709/217, 709/219, 709/202, 709/203, 709/201, 710/1, 710/22, 710/27, 710/7, 710/6, 710/23, 710/240, 710/45, 710/40, 710/36, 340/7.21, 340/7.22, 340/7.23, 340/7.2, 340/7.57, 342/357.12, 342/352, 342/250, 380/270, 380/255, 455/414.1, 455/517, 455/39, 455/500, 455/507, 711/133, 707781-786
US Class Current

726/26
CPC Class Codes

G06F 12/0253   Garbage collection, i.e. re...

G06F 12/0261   using reference counting

G06F 21/62   Protecting access to data v...

G06F 2212/1052   Security improvement

G06F 2221/2143   Clearing memory, e.g. to pr...

System and method to force a mobile device into a secure state

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

60 Citations

35 Claims

Specification

Solutions

Use Cases

Quick Links

System and method to force a mobile device into a secure state

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

60 Citations

35 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links