Methods and systems for addressing mobile communications devices that are lost or stolen but not yet reported as such

US 9,955,352 B2
Filed: 11/10/2015
Issued: 04/24/2018
Est. Priority Date: 02/17/2009
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

by a security component on a first mobile communications device, causing the storage of a usage pattern associated with an authorized user of the first mobile communications device,the stored usage pattern created based only on usage information from use of a second mobile communications device by the authorized user of the first mobile communications device, the usage information from the second mobile communications device including two or more of;

network activity history, user activity history, call history, messaging history, movement history, and location history, andthe stored usage pattern modified, by a server, for use on the first mobile communications device based on differences between the first mobile communications device and the second mobile communications device;

detecting, by the security component on the first mobile communications device, a usage of the first mobile communications device;

comparing, by the security component, the detected usage to the stored usage pattern to determine if there is a difference between the detected usage and the stored usage pattern;

associating, by the security component, a measure with the stored usage pattern when there is a difference between the detected usage and the stored usage pattern;

determining, by the security component, that the detected usage was not caused by the authorized user of the first mobile communications device when the associated measure is beyond a threshold measure; and

in response to the determination, issuing a command by the security component, the command causing a restriction of an ability of the first mobile communications device to be used to access a resource.

View all claims

10 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method is provided for evaluating the usage of a mobile communications device that itself provides access to a resource. In the method, a detected usage of the mobile communications device is compared to a stored usage pattern of an authorized user. When a measure associated with the difference between the detected usage and the stored usage pattern exceeds a threshold, it is concluded that the mobile communications device is being used by an unauthorized user. In response to this conclusion, a restriction is placed on an ability of the mobile communications device to access the resource.

408 Citations

39 Claims

1. A method comprising:
- by a security component on a first mobile communications device, causing the storage of a usage pattern associated with an authorized user of the first mobile communications device,the stored usage pattern created based only on usage information from use of a second mobile communications device by the authorized user of the first mobile communications device, the usage information from the second mobile communications device including two or more of;
  
  network activity history, user activity history, call history, messaging history, movement history, and location history, andthe stored usage pattern modified, by a server, for use on the first mobile communications device based on differences between the first mobile communications device and the second mobile communications device;
  
  detecting, by the security component on the first mobile communications device, a usage of the first mobile communications device;
  
  comparing, by the security component, the detected usage to the stored usage pattern to determine if there is a difference between the detected usage and the stored usage pattern;
  
  associating, by the security component, a measure with the stored usage pattern when there is a difference between the detected usage and the stored usage pattern;
  
  determining, by the security component, that the detected usage was not caused by the authorized user of the first mobile communications device when the associated measure is beyond a threshold measure; and
  
  in response to the determination, issuing a command by the security component, the command causing a restriction of an ability of the first mobile communications device to be used to access a resource.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31)
- - 2. The method of claim 1, wherein the associated measure is a measure of a risk that the detected usage was not caused by the authorized user of the first mobile communications device.
  - 3. The method of claim 1, wherein the detected usage comprises a detected usage pattern and wherein the comparing includes comparing the detected usage pattern to the stored usage pattern.
  - 4. The method of claim 1, further including a group including a plurality of additional authorized users, each group member with a corresponding stored usage pattern, wherein the comparing further compares the detected usage to the stored usage pattern for each group member, wherein the associating further associates a measure with each additional authorized user'"'"'s stored usage pattern, and wherein the determining further determines that the detected usage was not caused by an additional authorized user when each additional authorized user'"'"'s associated measure is beyond the threshold measure, and wherein the resource includes a group resource.
  - 5. The method of claim 4, wherein no group member has reported that the first mobile communications device is missing or stolen.
  - 6. The method of claim 4, wherein the group includes at least one unauthorized user, the at least one unauthorized user not allowed to access the group resource.
  - 7. The method of claim 6, the method further comprising:
    - based on the comparison, determining by the security component, that the detected usage was caused by an unauthorized user included in the group;
      
      in response to the determination, issuing a notification by the security component, to a designated group member, the notification informing the designated group member of the detected usage.
  - 8. The method of claim 4, wherein the group comprises at least one of an enterprise, an organization, or a family.
  - 9. The method of claim 1, wherein the detected usage includes a use of the first mobile communications device by a user.
  - 10. The method of claim 1, wherein the detected usage is based on data from a sensor on the first mobile communications device.
  - 11. The method of claim 10, wherein the sensor provides one or both of location information or temperature information.
  - 12. The method of claim 11, wherein the detected usage includes one or both of a location of the first mobile communications device, or a movement of the first mobile communications device.
  - 13. The method of claim 1, wherein the command causing the restriction commands one or both of a revoking of an access permission to a network resource or a revoking of an access permission to a resource within the first mobile communications device.
  - 14. The method of claim 1, wherein the resource includes group data stored on the first mobile communications device, and wherein the command causing the restriction commands the deleting of the stored group data.
  - 15. The method of claim 1 further comprising:
    - causing, by the security component in response to the determination that the detected usage was not caused by the authorized user of the first mobile communications device, the gathering of information by the first mobile communications device and the reporting of the gathered information to an administrator, the gathered information including information about one or more of the use of the first mobile communications device, the location of the first mobile communications device, or the environment of the first mobile communications device.
  - 16. The method of claim 1, wherein the command causing the restriction is performed automatically by the security component in response to the determination that the usage was not caused by the authorized user of the first mobile communications device, the method further comprising:
    - providing, by the security component after issuing the command, one or both of the authorized user of the first mobile communications device or a second user with an opportunity to rescind the restriction.
  - 17. The method of claim 1, wherein the command causing the restriction is sent to at least one electronic device, the first mobile communications device being privileged to pair with the at least one electronic device, the command revoking the privilege to pair with the at least one electronic device.
  - 18. The method of claim 1 further comprising:
    - allowing, by the security component in response to the determination that the detected usage was not caused by the authorized user of the first mobile communications device, the re-authentication of the authorized user of the first mobile communications device to rescind the restriction.
  - 19. The method of claim 18, wherein the re-authentication is based on biometric information.
  - 20. The method of claim 19, wherein the biometric information includes one or more of a voice sample, a fingerprint, or a retinal scan.
  - 21. The method of claim 1 further comprising:
    - sending a message, by the security component in response to the determination that the detected usage was not caused by the authorized user of the first mobile communications device, to an electronic device used by the authorized user of the first mobile communications device, the message relating to the determination that the detected behavior was not caused by the authorized user of the first mobile communications device.
  - 22. The method of claim 21, wherein the message includes first information, the method further comprising rescinding the restriction in response to the first information being entered into the first mobile communications device.
  - 23. The method of claim 21 further comprising rescinding the restriction in response to the security component receiving a response to the message.
  - 24. The method of claim 21, wherein the message is sent before the issuing of the command causing a restriction, and wherein the command causing a restriction is issued when a response to the message is not received by the security component within a predetermined period.
  - 25. The method of claim 1, wherein the restriction is a suspending of a trust relationship between the first mobile communications device and a server.
  - 26. The method of claim 1 further comprising:
    - issuing a command by the security component in response to the determination that the detected usage was not caused by the authorized user of the first mobile communications device, the command causing the first mobile communications device to emit a sound encoded with information identifying the first mobile communications device, the encoded information decodable only by an electronic device.
  - 27. The method of claim 26, wherein the sound is also encoded with information identifying a location related to the first mobile communications device.
  - 28. The method of claim 27, wherein the information identifying a location related to the first mobile communications device relates to the identity of a Wi-Fi access point.
  - 29. The method of claim 26, the method further comprising:
    - causing, by the security component, an electronic device to detect and decode the emitted sound; and
      
      causing, by the security component, the electronic device to provide the identity of the first mobile communications device and a location related to the electronic device to the security component.
  - 30. The method of claim 1 further comprising:
    - issuing a command by the security component in response to the determination that the detected usage was not caused by the authorized user of the first mobile communications device, the command causing the migration of a functionality of the first mobile communications device to an electronic device.
  - 31. The method of claim 1 further comprising:
    - issuing a command by the security component in response to the determination that the detected usage was not caused by the authorized user of the first mobile communications device, the command causing a server to suspend delivery of a push notification to the first mobile communications device and causing the push notification to be directed to an electronic device.

32. A method comprising:
- by a security component on a first mobile communications device, causing the storage of a usage pattern associated with an authorized user of the first mobile communications device,the stored usage pattern created based only on usage information from use of a second mobile communications device by the authorized user of the first mobile communications device, the usage information from the second mobile communications device including two or more of;
  
  network activity history, user activity history, call history, messaging history, movement history, and location history, andthe stored usage pattern modified, by a server, for use on the first mobile communications device based on differences between the first mobile communications device and the second mobile communications device;
  
  detecting, by the security component on the first mobile communications device, an event related to the first mobile communications device;
  
  comparing, by the security component, the detected event to the stored usage pattern to determine if there is a difference between the detected event and the stored usage pattern;
  
  associating, by the security component, a measure with the stored usage pattern when there is a difference between the detected event and the stored usage pattern;
  
  determining, by the security component, that the detected event was not caused by the authorized user of the first mobile communications device when the associated measure is beyond a threshold measure; and
  
  in response to the determination, issuing a command by the security component, the command causing a restriction of an ability of the first mobile communications device to be used to access a resource.
- View Dependent Claims (33, 34, 35)
- - 33. The method of claim 32, wherein the detected event is detected based on data from a sensor on the first mobile communications device.
  - 34. The method of claim 33, wherein the sensor provides one or both of location information or temperature information.
  - 35. The method of claim 34, wherein the detected event includes one or both of an arrival at a location, a motion, a speed, or a temperature.

36. A method comprising:
- by a security component on a first mobile communications device, causing the storage of a usage pattern associated with an authorized user of the first mobile communications device,the stored usage pattern created based only on usage information from use of a second mobile communications device by the authorized user of the first mobile communications device, the usage information from the second mobile communications device including two or more of;
  
  network activity history, user activity history, call history, messaging history, movement history, and location history, andthe stored usage pattern modified, by a server, for use on the first mobile communications device based on differences between the first mobile communications device and the second mobile communications device;
  
  detecting, by the security component on the first mobile communications device, a usage of the first mobile communications device;
  
  comparing, by the security component, the detected usage to the stored usage pattern to determine if there is a difference between the detected usage and the stored usage pattern;
  
  associating, by the security component, a measure with the stored usage pattern when there is a difference between the detected usage and the stored usage pattern;
  
  determining, by the security component, that the detected usage was not caused by the authorized user of the first mobile communications device when the associated measure is beyond a threshold measure; and
  
  in response to the determination, issuing a command by the security component, the command causing the first mobile communications device to emit a sound encoded with information identifying the first mobile communications device, the encoded information decodable only by an electronic device.
- View Dependent Claims (37, 38, 39)
- - 37. The method of claim 36, wherein the sound is also encoded with information identifying a location related to the first mobile communications device.
  - 38. The method of claim 37, wherein the information identifying a location related to the first mobile communications device relates to the identity of a Wi-Fi access point.
  - 39. The method of claim 36 further comprising:
    - causing, by the security component, an electronic device to detect and decode the emitted sound; and
      
      causing, by the security component, the electronic device to provide the identity of the first mobile communications device and a location related to the electronic device to a server to the security component.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
F-Secure Corporation (F-Secure Oyj)
Original Assignee
Lookout Incorporated
Inventors
Hering, John G., Burgess, James David, Richardson, David Luke, Mahaffey, Kevin Patrick, Robinson, William, Grkov, Vance, Mandal, Ayan, Mangat, Cherry, Buck, Brian James
Primary Examiner(s)
Htun, San

Application Number

US14/937,781
Publication Number

US 20160066189A1
Time in Patent Office

896 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/316   by observing the pattern of...

G06F 21/88   Detecting or preventing the...

H04L 63/0861   using biometrical features,...

H04L 63/14   for detecting or protecting...

H04M 15/58   based on statistics of usag...

H04M 15/7652   shared by users

H04W 12/08   Access security

H04W 12/12   Detection or prevention of ...

H04W 12/126   Anti-theft arrangements, e....

H04W 12/30   Security of mobile devices;...

H04W 12/68   Gesture-dependent or behavi...

H04W 4/02   Services making use of loca...

H04W 4/021   Services related to particu...

H04W 4/025   using location based inform...

H04W 4/027   using movement velocity, ac...

H04W 4/029   Location-based management o...

H04W 4/90   Services for handling of em...

H04W 48/02   Access restriction performe...

H04W 8/245   from a network towards a te...

Methods and systems for addressing mobile communications devices that are lost or stolen but not yet reported as such

First Claim

10 Assignments

0 Petitions

Accused Products

Abstract

408 Citations

39 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and systems for addressing mobile communications devices that are lost or stolen but not yet reported as such

First Claim

10 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

408 Citations

39 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links