Method and system for providing a honeypot mode for an electronic device

US 8,479,288 B2
Filed: 07/21/2006
Issued: 07/02/2013
Est. Priority Date: 07/21/2006
Status: Active Grant

First Claim

Patent Images

1. A method for surreptitiously tracking usage of a mobile communication electronic device, the electronic device being capable of communicating with at least one external system, the method comprising:

providing the electronic device with a software environment having a normal mode of operation and a honeypot mode of operation and with a predetermined condition, wherein, in said normal mode of operation, said software environment provides a plurality of user-invokable operations, and wherein, in said honeypot mode of operation, said software environment provides at least one of said user-invokable operations;

detecting, at the electronic device, the predetermined condition, wherein the predetermined condition includes receipt, from an external device, of a message including a honeypot-triggering command;

authenticating the message to verify that the message is a legitimate honeypot-triggering command sent by an authorized sender;

in response to the authentication of the message, switching the software environment to said honeypot mode of operation; and

,when in said honeypot mode of operation the electronic device is enabled to automatically and surreptitiously send a usage report regarding an unauthorized usage of said at least one of said user-invokable operations to a predetermined external system.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system are described of providing an electronic device with a software environment having a honeypot mode of operation to which the device is capable of switching upon recognition of a message from an external device or of a pre-determined internal state. Switching to the honeypot mode of operation may include instituting an automatic sending of reports based on usage of the electronic device to an external device, modifying the non-user-observable behavior of certain user-invokable operations, and manipulating data stored on the electronic device.

43 Citations

View as Search Results

35 Claims

1. A method for surreptitiously tracking usage of a mobile communication electronic device, the electronic device being capable of communicating with at least one external system, the method comprising:
- providing the electronic device with a software environment having a normal mode of operation and a honeypot mode of operation and with a predetermined condition, wherein, in said normal mode of operation, said software environment provides a plurality of user-invokable operations, and wherein, in said honeypot mode of operation, said software environment provides at least one of said user-invokable operations;
  
  detecting, at the electronic device, the predetermined condition, wherein the predetermined condition includes receipt, from an external device, of a message including a honeypot-triggering command;
  
  authenticating the message to verify that the message is a legitimate honeypot-triggering command sent by an authorized sender;
  
  in response to the authentication of the message, switching the software environment to said honeypot mode of operation; and
  
  ,when in said honeypot mode of operation the electronic device is enabled to automatically and surreptitiously send a usage report regarding an unauthorized usage of said at least one of said user-invokable operations to a predetermined external system.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 17, 18)
- - 2. The method of claim 1, wherein the step of providing includes providing the electronic device with the software environment through at least one connection from the following group:
    - a direct, wired connection;
      
      a direct, wireless connection;
      
      a private network connection; and
      
      a virtual private network connection.
  - 3. The method of claim 1, wherein said step of providing includes receiving at the electronic device a communication provisioning the software environment from an external source, authenticating the communication as authorized, and installing the software environment on the electronic device.
  - 4. The method of claim 3, wherein said communication comprises a software update.
  - 5. The method of claim 1, wherein said step of detecting the predetermined condition includes determining that a predetermined state of the electronic device exists.
  - 6. The method of claim 5, wherein said step of determining includes determining that a predefined maximum number of failed password attempts have been made.
  - 7. The method of claim 1, wherein said step of receiving includes authenticating said message.
  - 8. The method of claim 1, wherein said step of switching includes modifying a behaviour of said at least one of said user-invokable operations.
  - 9. The method of claim 1, wherein said step of providing includes providing said at least one user-invokable operation with a normal function and a modified function, and wherein said modified function includes performing a given operation, and wherein the step of switching includes causing said at least one user-invokable operation to switch from said normal function to said modified function.
  - 10. The method of claim 9, wherein said given operation includes generating said report.
  - 11. The method of claim 9, wherein the electronic device is capable of voice communication and said user-invokable operation comprises initiating a voice call, and wherein said modified function comprises at least one of the following:
    - simulating placing said call;
      
      placing said call both to an intended party and to a predetermined party; and
      
      automatically sending said report, wherein said report includes information regarding said placing said call.
  - 12. The method of claim 9, wherein the electronic device is capable of sending electronic messages and said user-invokable operation comprises initiating a send message operation, and wherein said modified function comprises at least one of the following:
    - simulating sending a message;
      
      sending the message to an intended recipient and sending a doubly blind carbon copy of the message to a predetermined recipient, with the predetermined recipient excluded from all fields of both the message received by the intended recipient and the sent copy stored on the electronic device;
      
      sending the message only to a predetermined recipient, with the sent copy stored on the electronic device indicating it was sent to the intended recipient rather than the predetermined recipient; and
      
      sending said report regarding said attempt to said predetermined external system.
  - 13. The method of claim 1, wherein said step of switching includes manipulating at least a portion of the stored data, said step of manipulating including at least one of the following steps:
    - encrypting stored data, deleting stored data, sending stored data to a predetermined external device, moving stored data within the memory, storing in the memory data received from a predetermined external device, and changing access permissions associated with stored data.
  - 14. The method of claim 13, wherein said step of encrypting stored data includes use of at least one of the following encryption methods:
    - the Advance Encryption Standard (AES), and the Triple Data Encryption Algorithm (TDEA).
  - 17. The method of claim 1, wherein the electronic device has a user-invokable wipe operation for re-initializing the state of the electronic device, and wherein said step of switching includes storing information regarding said honeypot mode in a persistent portion of stored memory such that said software environment remains in said honeypot mode of operation following invocation of said wipe operation.
  - 18. The method of claim 1, further including detecting usage of said at least one of said user-invokable operations and automatically sending said report regarding said usage.

15. A method for surreptitiously tracking usage of a mobile communication electronic device, the electronic device being capable of communicating with at least one external system, the method comprising:
- providing the electronic device with a software environment having a normal mode of operation and a honeypot mode of operation and with a predetermined condition, wherein, in said normal mode of operation, said software environment provides a plurality of user-invokable operations, and wherein, in said honeypot mode of operation, said software environment provides at least one of said user-invokable operations;
  
  detecting, at the electronic device, the predetermined condition, wherein the predetermined condition includes receipt, from an external device, of a message including a honeypot-triggering command;
  
  authenticating the message to verify that the message is a legitimate honeypot-triggering command sent by an authorized sender;
  
  in response to the authentication of the message, switching the software environment to said honeypot mode of operation, wherein said step of switching includes moving data to a portion of memory that is inaccessible to all user-invokable operations while the electronic device is operating in said honeypot mode; and
  
  ,when in said honeypot mode of operation the electronic device is enabled to automatically and surreptitiously send a usage report regarding an unauthorized usage of said at least one of said user-invokable operations to a predetermined external system.
- View Dependent Claims (16)
- - 16. The method of claim 15, wherein the moving of stored data within the memory has a steganographic effect.

19. A mobile communication electronic device, configured to enable surreptitious tracking of usage of the electronic device, the electronic device comprising:
- a communication subsystem for enabling communications with at least one external system;
  
  memory storing a software environment having a normal mode of operation and a honeypot mode of operation and storing a predetermined condition, wherein, in said normal mode of operation, said software environment provides a plurality of user-invokable operations, and wherein, in said honeypot mode of operation, said software environment provides at least one of said user-invokable operations;
  
  a processor for executing said software environment; and
  
  a mode-switch module for detecting the predetermined condition, wherein the predetermined condition includes receipt, from an external device, of a message including a honeypot-triggering command, authenticating the message to verify that the message is a legitimate honeypot-triggering command sent by an authorized sender, and, in response to the authentication of the message, switching the software environment to said honeypot mode of operation;
  
  wherein, when in said honeypot mode of operation, said software environment is enabled to automatically send a usage report regarding an unauthorized usage of said at least one of said user-invokable operations to a predetermined external system.
- View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 34)
- - 20. The electronic device of claim 19, wherein the communication subsystem is adapted to receive a communication from an external source providing said software environment, and wherein the communication subsystem is adapted to establish at least one connection from the following group:
    - a direct, wired connection;
      
      a direct, wireless connection;
      
      a private network connection; and
      
      a virtual private network connection.
  - 21. The electronic device of claim 20, further including an authentication component for authenticating said communication.
  - 22. The electronic device of claim 21, wherein said communication comprises a software update.
  - 23. The electronic device of claim 19, wherein said predetermined condition comprises a device state, and wherein said mode-switch module is adapted to determine that said device state exists.
  - 24. The electronic device of claim 23, said device state includes a state in which a predefined maximum number of failed password attempts have been made.
  - 25. The electronic device of claim 19, wherein said mode-switch module is adapted to authenticate said message.
  - 26. The electronic device of claim 19, said mode-switch module is adapted to modify a behaviour of said at least one of said user-invokable operations.
  - 27. The electronic device of claim 19, wherein said at least one user-invokable operation is configured to have a normal function and a modified function, and wherein said modified function includes a given operation, and wherein said mode-switch module is adapted to cause said at least one user-invokable operation to switch from said normal function to said modified function.
  - 28. The electronic device of claim 27, wherein said given operation includes generating said report.
  - 29. The electronic device of claim 27, wherein the electronic device is capable of voice communication and said at least one user-invokable operation comprises initiating a voice call, and wherein said modified function comprises at least one of the following:
    - simulating placing said call;
      
      placing said call both to an intended party and to a predetermined party; and
      
      automatically sending said report, wherein said report includes information regarding said placing said call.
  - 30. The electronic device of claim 27, wherein the electronic device is capable of sending electronic messages and said at least one user-invokable operation comprises initiating a send-message operation, and wherein said modified function comprises at least one of the following:
    - simulating sending a message;
      
      sending the message to an intended recipient and sending a doubly blind carbon copy of the message to a predetermined recipient, with the predetermined recipient excluded from all fields of both the message received by the intended recipient and the sent copy stored on the electronic device;
      
      sending the message only to a predetermined recipient, with the sent copy stored on the electronic device indicating it was sent to the intended recipient rather than the predetermined recipient; and
      
      sending a report of said attempt to said predetermined external system.
  - 31. The electronic device of claim 19, wherein said mode-switch module includes a component for manipulating at least a portion of the stored data, wherein said component is adapted to perform at least one of the following operations:
    - encrypting stored data, deleting stored data, sending stored data to a predetermined external device, moving stored data within the memory, storing in the memory data received from a predetermined external device, and changing access permissions associated with stored data.
  - 34. The electronic device of claim 19, wherein the electronic device includes a user-invokable wipe operation for re-initializing the state of the electronic device, and wherein said mode-switch module stores information regarding said honeypot mode in a persistent portion of stored memory such that said software environment remains in said honeypot mode of operation following invocation of said wipe operation.

32. A mobile communication electronic device, configured to enable surreptitious tracking of usage of the electronic device, the electronic device comprising:
- a communication subsystem for enabling communications with at least one external system;
  
  memory storing a software environment having a normal mode of operation and a honeypot mode of operation and storing a predetermined condition, wherein, in said normal mode of operation, said software environment provides a plurality of user-invokable operations, and wherein, in said honeypot mode of operation, said software environment provides at least one of said user-invokable operations;
  
  a processor for executing said software environment; and
  
  a mode-switch module for detecting the predetermined condition, wherein the predetermined condition includes receipt, from an external device, of a message including a honeypot-triggering command, authenticating the message to verify that the message is a legitimate honeypot-triggering command sent by an authorized sender and, in response to the authentication of the message, switching the software environment to said honeypot mode of operation;
  
  wherein, when in said honeypot mode of operation, said software environment is enabled to automatically and surreptitiously send a usage report regarding an unauthorized usage of said at least one of said user-invokable operations to a predetermined external system;
  
  wherein said step of switching includes moving data to a portion of memory that is inaccessible to all user-invokable operations while the electronic device is operating in said honeypot mode;
  
  wherein the moving of data comprises moving data to a portion of memory that is inaccessible to all user-invokable operations while the electronic device is operating in said honeypot mode.
- View Dependent Claims (33)
- - 33. The electronic device of claim 32, wherein the moving of stored data within the memory has a steganographic effect.

35. A computer program product comprising a non-transitory computer-readable medium having encoded therein computer-executable instructions for surreptitiously tracking usage of a mobile communication electronic device, the electronic device being capable of communicating with at least one external system, the instructions comprising:
- instructions for providing the electronic device with a software environment having a normal mode of operation and a honeypot mode of operation and with a predetermined condition, wherein, in said normal mode of operation, said software environment provides a plurality of user-invokable operations, and wherein, in said honeypot mode of operation, said software environment provides at least one of said user-invokable operations;
  
  instructions for detecting, at the electronic device, the predetermined condition, wherein the predetermined condition includes receipt, from an external device, of a message including a honeypot-triggering command;
  
  instructions for authenticating the message to verify that the message is a legitimate honeypot-triggering command sent by an authorized sender;
  
  instructions for, in response to the authentication of the message, switching the software environment to said honeypot mode of operation; and
  
  instructions for, when in said honeypot mode of operation, automatically and surreptitiously sending a usage report regarding an unauthorized usage of said at least one of said user-invokable operations to a predetermined external system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Malikie Innovations Limited (Key Patent Innovations Limited)
Original Assignee
Blackberry Limited
Inventors
Martin, Daryl Joseph, Wilson, J. F. Sean, Hassan, Ahmed E.
Primary Examiner(s)
Barron, Jr., Gilberto
Assistant Examiner(s)
Nobahar, Abdulhakim

Application Number

US11/459,053
Publication Number

US 20080018927A1
Time in Patent Office

2,538 Days
Field of Search

726 2- 7, 726 11- 14, 726/22, 726/23, 726 26- 29, 713/187, 380/250, 358/1.13, 358/1.15
US Class Current

726/23
CPC Class Codes

G06F 21/74   operating in dual or compar...

H04L 63/1491   using deception as counterm...

H04W 12/126   Anti-theft arrangements, e....

Method and system for providing a honeypot mode for an electronic device

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

43 Citations

35 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for providing a honeypot mode for an electronic device

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

43 Citations

35 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links