Device-initiated security policy

US 9,191,822 B2
Filed: 03/09/2007
Issued: 11/17/2015
Est. Priority Date: 03/09/2007
Status: Expired due to Fees

First Claim

Patent Images

1. A method for executing a security policy at a mobile terminal, the method comprising:

determining, by the mobile terminal, whether a predetermined event has occurred, wherein the predetermined event comprises either one of (i) a lapse of a predetermined time interval, or (ii) a predetermined number starts of the mobile device;

in response to determining the predetermined event occurred, contacting, by the mobile terminal, an authentication entity, based on the security policy, to determine whether a security status of the mobile terminal is one of lost or stolen;

receiving, by the mobile terminal, a response from the authentication entity indicative of the security status of the mobile terminal, in response to contacting the authentication entity, the response from the authentication entity indicating that the security status of the mobile terminal is one of lost or stolen, the response comprising security instructions defining a security action for execution on the mobile terminal, the security action comprising an authentication procedure, transmitting a location of the mobile terminal to the authentication entity, and, subsequent to transmitting the location rendering a portion of the mobile terminal inoperable for use;

upon determining the security status of the mobile terminal is one of lost or stolen, executing, by the mobile terminal, performance of the authentication procedure by a user as defined by the security action;

upon determining successful performance of the authentication procedure by the user of the mobile terminal;

preventing the execution of (a) transmitting the location of the mobile terminal to the authentication entity and (b) rendering the portion of the mobile terminal inoperable for use; and

setting the security status of the mobile terminal to secure; and

upon determining unsuccessful performance of the authentication procedure by the user of the mobile terminal;

transmitting, by the mobile terminal, a Short Message Service (SMS) message to the authentication entity that includes the location of the mobile terminal, wherein the message is transmitted transparently with respect to the user of the mobile communication device; and

subsequent to transmitting the SMS message, rendering the portion of the mobile terminal inoperable for use.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for executing a security policy at a mobile terminal is provided. The mobile terminal may contact an authentication entity based on the security policy. The mobile terminal may receive a response from the authentication entity indicative of a security status of the mobile terminal. The mobile terminal may execute a security action based on the received response.

29 Citations

View as Search Results

32 Claims

1. A method for executing a security policy at a mobile terminal, the method comprising:
- determining, by the mobile terminal, whether a predetermined event has occurred, wherein the predetermined event comprises either one of (i) a lapse of a predetermined time interval, or (ii) a predetermined number starts of the mobile device;
  
  in response to determining the predetermined event occurred, contacting, by the mobile terminal, an authentication entity, based on the security policy, to determine whether a security status of the mobile terminal is one of lost or stolen;
  
  receiving, by the mobile terminal, a response from the authentication entity indicative of the security status of the mobile terminal, in response to contacting the authentication entity, the response from the authentication entity indicating that the security status of the mobile terminal is one of lost or stolen, the response comprising security instructions defining a security action for execution on the mobile terminal, the security action comprising an authentication procedure, transmitting a location of the mobile terminal to the authentication entity, and, subsequent to transmitting the location rendering a portion of the mobile terminal inoperable for use;
  
  upon determining the security status of the mobile terminal is one of lost or stolen, executing, by the mobile terminal, performance of the authentication procedure by a user as defined by the security action;
  
  upon determining successful performance of the authentication procedure by the user of the mobile terminal;
  
  preventing the execution of (a) transmitting the location of the mobile terminal to the authentication entity and (b) rendering the portion of the mobile terminal inoperable for use; and
  
  setting the security status of the mobile terminal to secure; and
  
  upon determining unsuccessful performance of the authentication procedure by the user of the mobile terminal;
  
  transmitting, by the mobile terminal, a Short Message Service (SMS) message to the authentication entity that includes the location of the mobile terminal, wherein the message is transmitted transparently with respect to the user of the mobile communication device; and
  
  subsequent to transmitting the SMS message, rendering the portion of the mobile terminal inoperable for use.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. The method of claim 1, where contacting the authentication entity further comprises:
    - periodically contacting the authentication entity based on the lapse of the predetermined time interval.
  - 3. The method of claim 2, where the periodically contacting the authentication entity further comprises:
    - contacting the authentication entity following every lapse of the predetermined period of time.
  - 4. The method of claim 2, where the periodically contacting the authentication entity further comprises:
    - contacting the authentication entity following a predetermined number of events.
  - 5. The method of claim 1, where the predetermined event further comprises one or more of:
    - accessing a predetermined portion of a memory of the mobile terminal, detecting replacement removal of a subscriber identity module (SIM) card associated with the mobile terminal, or detecting an update of a firmware or software associated with the mobile terminal, the method further comprising;
      
      determining that the predetermined event has occurred when one of the access to the predetermined portion of a memory of the mobile terminal is detected, the replacement removal of the SIM card associated with the mobile terminal is detected, or the update of the firmware or the software associated with the mobile terminal is detected.
  - 6. The method of claim 1, where the predetermined event further comprises:
    - periodically prompting a user of the mobile terminal for a code;
      
      determining, in response to periodically prompting the user, whether the code has been received from the user; and
      
      determining that the predetermined event has occurred when the code has not been received from the user, andcontacting the authentication entity further comprises contacting the authentication entity, when the code has not been received from the user, to determine whether the security status of the mobile terminal is one of lost or stolen, andreceiving the response further comprises receiving the response, from the authentication entity, indicating that the security status of the mobile terminal is one of lost or stolen, in response to contacting the authentication entity when the code has not been received from the user.
  - 7. The method of claim 1, where the contacting comprises contacting via a wireless network.
  - 8. The method of claim 7, where the wireless network comprises one of:
    - an 802.11 wireless data network (WiFi), a wireless universal serial bus (USB) network, or a bluetooth network.
  - 9. The method of claim 1, where the contacting comprises manually contacting a call center associated with the authentication entity.
  - 10. The method of claim 1, where the authentication entity maintains a security status of the mobile terminal.
  - 11. The method of claim 1, where the security action further comprises locking the mobile terminal.
  - 12. The method of claim 1, where the security action further comprises at least one of:
    - locking the mobile terminal, deleting a predetermined folder, of a plurality of folders, on the mobile terminal, deleting predetermined files on the mobile terminal, deleting configuration settings on the mobile terminal, rendering the mobile terminal inoperable, or performing a reset of the mobile terminal.
  - 13. The method of claim 1, where the security action is defined by the security policy.
  - 14. The method of claim 1, further comprising:
    - configuring the security policy during manufacture of the mobile terminal.
  - 15. The method of claim 1, further comprising:
    - configuring the security policy by an owner of the mobile terminal.
  - 16. The method of claim 1, further comprising:
    - configuring the security policy by a user of the mobile terminal.

17. A mobile terminal comprising:
- a memory that stores a security policy;
  
  logic to determine whether a triggering criterion has occurred, where the triggering criterion comprises (i) a lapse of a predetermined time interval, and (ii) a predetermined number starts of the mobile device;
  
  a transmitter to contact an authentication entity, when the triggering criterion has occurred, to determine whether a security status of the mobile terminal is one of lost or stolen;
  
  logic to receive a response from the authentication entity indicating that the mobile terminal has been lost or stolen, in response to the transmitter contacting the authentication entity, the response comprising security instructions defining a command for execution on the mobile terminal, the command comprising an authentication procedure, transmitting a location of the mobile terminal to the authentication entity and subsequent to transmitting the location, rendering a portion of the mobile terminal inoperable;
  
  upon determining the security status of the mobile terminal is one of lost or stolen, logic to execute, by the mobile terminal, performance of the authentication procedure by a user as defined by the command;
  
  upon determining successful performance of the authentication procedure by the user of the mobile terminal;
  
  logic to prevent the execution of (a) transmitting the location of the mobile terminal to the authentication entity and (b) rendering the portion of the mobile terminal inoperable for use; and
  
  setting the security status of the mobile terminal to secure; and
  
  upon determining unsuccessful performance of the authentication procedure by the user of the mobile terminal;
  
  logic to transmit a Short Message Service (SMS) message to the authentication entity that includes the location of the mobile terminal, wherein the message is transmitted transparently with respect to the user of the mobile communication device and, subsequent to transmitting the message, render the portion of the mobile terminal inoperable.
- View Dependent Claims (18, 19, 20, 21, 22)
- - 18. The mobile terminal of claim 17, where the triggering criterion further includes one or more of includes a location of the terminal being outside a coverage area of the mobile terminal removal of a subscriber identity module (SIM) card associated with the mobile terminal, or updating a firmware or software associated with the mobile terminal.
  - 19. The mobile terminal of claim 17, where, when contacting the authentication entity, the transmitter is to contact the authentication entity via a wireless network.
  - 20. The mobile terminal of claim 17, where the authentication entity is associated with a carrier for the mobile terminal.
  - 21. The mobile terminal of claim 17, where the authentication entity is associated with an owner of the mobile terminal.
  - 22. The mobile terminal of claim 17, where the logic to execute a command further comprises:
    - logic to perform one of;
      
      delete predetermined files on the mobile terminal, delete a predetermined folder on the mobile terminal, delete configuration settings on the mobile terminal, delete a particular file, of a plurality of files, on the mobile terminal, render the mobile terminal inoperable, lock the mobile terminal, or perform a reset of the mobile terminal.

23. A method comprising:
- maintaining, by an authentication entity, a security status associated with each of a plurality of mobile terminals;
  
  receiving, by the authentication entity, notice that a mobile terminal, of the plurality of mobile terminals, has been lost or stolen;
  
  receiving, by the authentication entity, contact from the mobile terminal to inquire about the security status of the mobile terminal, wherein the contact is received from the mobile terminal in response to occurrence of a predetermined event, wherein the predetermined event includes either one of (i) a lapse of a predetermined time interval, or (ii) a predetermined number starts of the mobile device; and
  
  in response to receiving the contact from the mobile terminal and determining that the security status of the mobile terminal is lost or stolen, transmitting, by the authentication entity, a response to the mobile terminal indicating that the security status of the mobile terminal is lost or stolen, the response comprising security instructions defining a security action for execution on the mobile terminal, the security action comprising an authentication procedure, transmitting a location of the mobile terminal to the authentication entity and, subsequent to transmitting the location, rendering a portion of the mobile terminal inoperable,wherein the mobile terminal;
  
  upon receiving the security status of the mobile terminal indicated as being lost or stolen, executes, by the mobile terminal, performance of the authentication procedure by a user as defined by the security action, andupon determining successful performance of the authentication procedure by the user of the mobile terminal;
  
  preventing execution of the security action based on the security status of the mobile terminal indicated as being lost or stolen of (a) transmitting the location of the mobile terminal to the authentication entity and (b) rendering the portion of the mobile terminal inoperable for use; and
  
  setting the security status of the mobile terminal to secure; and
  
  upon determining unsuccessful performance of the authentication procedure by the user of the mobile terminal, executes the security action based on the security status of the mobile terminal indicated as being lost or stolen, wherein executing the security action comprises transmitting a Short Message Service (SMS) message to the authentication entity that includes the location of the mobile terminal, wherein the message is transmitted transparently with respect to the user of the mobile communication device, and, subsequent to transmitting the message, rendering the portion of the mobile terminal inoperable.
- View Dependent Claims (24, 25, 26)
- - 24. The method of claim 23, where the security action further comprises:
    - at least one of deleting a predetermined folder, of a plurality of folders, on the mobile terminal, deleting predetermined files on the mobile terminal, deleting configuration settings on the mobile terminal, locking the mobile terminal, rendering the mobile terminal inoperable, or performing a reset of the mobile terminal.
  - 25. The method of claim 23,where receiving the notice that the mobile terminal has been lost or stolen comprises:
    - receiving the notice, from an owner or a user of the mobile terminal and from a device that is different than the mobile terminal, that the mobile terminal has been lost or stolen, andwhere transmitting the response comprises;
      
      transmitting, based on the notice received from the owner or the user of the mobile terminal and to the mobile terminal, the response indicating that the security status of the mobile terminal is lost or stolen.
  - 26. The method of claim 23, where transmitting the response to the mobile terminal comprises:
    - retrieving the status of the mobile terminal from a plurality of statuses associated with a plurality of mobile terminals; and
      
      transmitting the retrieved status to the mobile terminal.

27. A security system comprising:
- an authentication entity comprising an application specific integrated circuit (ASIC) and configured to;
  
  maintain a security status for a mobile terminal connected to the authentication entity via a network,receive contact, from the mobile terminal, to inquire about the security status of the mobile terminal, wherein the contact is received from the mobile terminal in response to occurrence of a predetermined event, wherein the predetermined event includes either one of (i) a lapse of a predetermined time interval, or (ii) a predetermined number starts of the mobile device,determine whether the security status of the mobile terminal is lost or stolen, andin response to determining the security status of the mobile terminal is lost or stolen, transmit an indication of the security status as being lost or stolen to the mobile terminal, the indication comprising security instructions defining a security action for execution on the mobile terminal, the security action comprising an authentication procedure, transmitting a location of the mobile terminal to the authentication entity and, subsequent to transmitting the location, rendering a portion of the mobile terminal inoperable,wherein the mobile terminal;
  
  upon receiving the security status of the mobile terminal indicated as being lost or stolen, executes, by the mobile terminal, performance of the authentication procedure by a user as defined by the security action, andupon determining successful performance of the authentication procedure by the user of the mobile terminal;
  
  determines preventing execution of the security action based on the security status of the mobile terminal indicated as being lost or stolen of (a) transmitting the location of the mobile terminal to the authentication entity and (b) rendering the portion of the mobile terminal inoperable for use; and
  
  setting the security status of the mobile terminal to secure; and
  
  upon determining unsuccessful performance of the authentication procedure by the user of the mobile terminal, determines that the security action to be executed on the mobile terminal is transmitting the location of the mobile terminal to the authentication entity based on security status of the mobile terminal indicated as being lost or stolen and transmitting a Short Message Service (SMS) message to the authentication entity that includes the location of the mobile terminal, wherein the message is transmitted transparently with respect to the user of the mobile communication device and subsequent to transmitting the location, renders the portion of the mobile terminal inoperable.
- View Dependent Claims (28, 29, 30, 31, 32)
- - 28. The security system of claim 27, where the network is a cellular network.
  - 29. The security system of claim 27, where the network is a data network.
  - 30. The security system of claim 29, where the data network is one of:
    - a 802.11 wireless data network (WiFi), a Bluetooth network, or a wireless universal serial bus (USB) network.
  - 31. The security system of claim 27, where the authentication entity is further configured to:
    - maintain a plurality of security statuses of a plurality of mobile terminals, the plurality of mobile terminals including the mobile terminal,where, when determining whether the security status of the mobile terminal is lost or stolen, the authentication entity is to retrieve the security status of the mobile terminal from the plurality of security statuses.
  - 32. The security system of claim 31, where the plurality of security statuses are associated with a plurality of identification information of the plurality of mobile terminals,a particular security status, of the plurality of security statuses, being associated with a particular identification information, of the plurality of identification information, of a particular mobile terminal, of the plurality of mobile terminals,where, when determining whether the security status of the mobile terminal is lost or stolen, the authentication entity is to retrieve, based at least partially on identification information of the mobile terminal, the security status of the mobile terminal from the plurality of security statuses.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Sony Mobile Communications Incorporated (Sony Group Corp.)
Original Assignee
Sony Corporation (Sony Group Corp.), Sony Mobile Communications AB (Sony Group Corp.)
Inventors
Andersson, Stefan Mikael, Pettersson, Mats Gran
Primary Examiner(s)
SCHMIDT, KARI L

Application Number

US11/684,266
Publication Number

US 20080222692A1
Time in Patent Office

3,175 Days
Field of Search

726/1, 726/3, 726/7, 726/19, 726/27, 726/34, 726/35, 713/155, 713/183, 380/247, 455/410, 455/411
US Class Current

1/1
CPC Class Codes

G06F 21/33   using certificates

G06F 21/88   Detecting or preventing the...

H04L 63/102   Entity profiles

H04L 63/20   for managing network securi...

H04W 12/082   using revocation of authori...

H04W 12/12   Detection or prevention of ...

H04W 12/126   Anti-theft arrangements, e....

H04W 88/02   Terminal devices

Device-initiated security policy

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

29 Citations

32 Claims

Specification

Use Cases

Quick Links

Others

Device-initiated security policy

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

29 Citations

32 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others