US20100317324A1 - Automatic security action invocation for mobile communications device - Google Patents
Automatic security action invocation for mobile communications deviceDownload PDFInfo
- Publication number
- US20100317324A1 US20100317324A1US12/862,228US86222810AUS2010317324A1US 20100317324 A1US20100317324 A1US 20100317324A1US 86222810 AUS86222810 AUS 86222810AUS 2010317324 A1US2010317324 A1US 2010317324A1
- Authority
- US
- United States
- Prior art keywords
- mobile communications
- communications device
- locked state
- predetermined duration
- data protection
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
Images
Classifications
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/305—Authentication, i.e. establishing the identity or authorisation of security principals by remotely controlling device operation
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/02—Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/88—Detecting or preventing theft or loss
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/102—Entity profiles
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
- H04W12/082—Access security using revocation of authorisation
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/12—Detection or prevention of fraud
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W8/00—Network data management
- H04W8/02—Processing of mobility data, e.g. registration information at HLR [Home Location Register] or VLR [Visitor Location Register]; Transfer of mobility data, e.g. between HLR, VLR or external networks
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2143—Clearing memory, e.g. to prevent the data from being stolen
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/80—Wireless
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/60—Context-dependent security
- H04W12/61—Time-dependent
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W8/00—Network data management
- H04W8/22—Processing or transfer of terminal data, e.g. status or physical capabilities
- H04W8/24—Transfer of terminal data
- H04W8/245—Transfer of terminal data from a network towards a terminal
Definitions
- the present applicationrelates to security for mobile communications devices.
- the loss of the information stored on a missing deviceis of greater concern than the loss of the device itself.
- the devicemay have sensitive and/or confidential information stored on it that could cause harm if acquired by others.
- sensitive informationcould include, among other things, stored messages of a confidential nature, and stored communications information that would allow a third party to masquerade electronically as the person to whom the mobile device rightfully belongs.
- a usercan contact the network operator or the system administrator for his or her organization and request that a “kill packet” be sent to the missing mobile device instructing the device to wipe sensitive information from its memory.
- a “kill packet”be sent to the missing mobile device instructing the device to wipe sensitive information from its memory.
- the userrealize that the mobile device is missing, and that the mobile device be in communication with the network. If the user relies on the device for communication, they may be unable to report it missing or stolen in a timely manner.
- FIG. 1is a block diagram showing a communications system including a mobile communications device to which embodiments described herein may be applied;
- FIG. 2is a flow diagram of a security process according to a first example embodiment
- FIG. 3is a flow diagram showing a security sub-process that can work in conjunction with the security process of FIG. 2 ;
- FIG. 4is a flow diagram showing a yet further security sub-process that can work in conjunction with the security process of FIG. 2 ;
- FIG. 5is a flow diagram showing another example embodiment of a security process that can be applied to the device of FIG. 1 ;
- FIG. 6is a flow diagram showing yet another example embodiment of a security process that can be applied to the device of FIG. 1 ;
- FIG. 7is a flow diagram showing another security sub-process that can work in conjunction with other security processes described herein;
- FIG. 8is a block diagram showing a mobile device server to which embodiments described herein may be applied.
- a mobile communications devicecomprising: a processor; a communications subsystem connected to the processor operable to exchange signals with a wireless network and with the processor; a storage element connected to the processor and having a plurality of application modules and data stored thereon, the data comprising at least user application data associated with the application modules and service data including data for establishing communications with the wireless network; and a security module operable to detect a locked state of the mobile communications device and initiate a lockout data protection timer for a predetermined duration upon detection of the locked state; and wherein the security module is operable to, after the lockout data protection timer has been initiated, detect if a password shared by the user and the mobile communications device is entered through a user input device within the predetermined duration of the lockout data protection timer; wherein the security module is operable to terminate the lockout data protection timer if entry of the password is detected within the predetermined duration; and wherein the security module is operable to perform a security action comprising eras
- a method for providing security on a mobile communications devicecomprising the acts of: monitoring to detect for the locked state of the mobile communications device and initiating a lockout data protection timer for a predetermined duration upon detection of the locked state; and monitoring, after the lockout data protection timer has been initiated, to detect if a password shared by the user and the mobile communications device is entered through the user input device within the predetermined duration of the lockout data protection timer; if entry of the password is detected within the predetermined duration, terminating the lockout data protection timer; and if entry of the password is not detected within the predetermined duration, performing a security action comprising erasing or encrypting at least some of the data on the storage element.
- a computer program productcomprising a machine-readable medium tangibly embodying instructions executable on a mobile communications device for providing security on the mobile communications device, the machine-readable instructions comprising: code for monitoring to detect for the locked state of the mobile communications device and initiating a lockout data protection timer for a predetermined duration upon detection of the locked state; code for monitoring, after the lockout data protection timer has been initiated, to detect if a password shared by the user and the mobile communications device is entered through the user input device within the predetermined duration of the lockout data protection timer; code for terminating the lockout data protection timer if entry of the password is detected within the predetermined duration; and code for performing a security action comprising erasing or encrypting at least some of the data on the storage element if entry of the password is not detected within the predetermined duration.
- FIG. 1is a block diagram of a mobile communication device 10 to which example embodiments described herein can be applied.
- the mobile communication device 10is a two-way communication device having at least data and possibly also voice communication capabilities and the capability to communicate with other computer systems on the Internet.
- the devicemay be a data communication device, a multiple-mode communication device configured for both data and voice communication, a mobile telephone, a PDA (personal digital assistant) enabled for wireless communication, or a computer system with a wireless modem, among other things.
- the mobile device 10includes a wireless communication subsystem 11 for exchanging radio frequency signals with a wireless network 50 .
- the communication subsystem 11includes a receiver, a transmitter, and associated components, such as one or more antenna elements, local oscillators (LOs), and digital signal processor (DSP).
- LOslocal oscillators
- DSPdigital signal processor
- the mobile device 10may send and receive communication signals over the wireless network 50 after the required network registration or activation procedures have been completed.
- Signals received by the antenna through the wireless network 50are input to the receiver, which may perform such common receiver functions as signal amplification, frequency down conversion, filtering, channel selection, and the like, and analog-to-digital (A/D) conversion.
- A/D conversion of a received signalallows more complex communication functions such as demodulation and decoding to be performed in the DSP.
- signals to be transmittedare processed, including modulation and encoding, for example, by DSP.
- DSP-processed signalsare input to the transmitter for digital-to-analog (D/A) conversion, frequency up conversion, filtering, amplification and transmission over the wireless network 50 via the antenna.
- D/Adigital-to-analog
- the DSPnot only processes communication signals, but also provides for receiver and transmitter control. For example, the gains applied to communication signals in the receiver and the transmitter may be adaptively controlled through automatic gain control algorithms implemented in the DSP.
- the mobile device 10includes a controller in the form of at least one microprocessor 38 that controls the overall operation of the mobile device 10 .
- the microprocessor 38interacts with communications subsystem 11 and also interacts with further device subsystems such as the display 22 , flash memory 24 , random access memory (RAM) 26 , auxiliary input/output (I/O) subsystems 28 , serial port 30 , keyboard or keypad 32 , speaker 34 , microphone 36 , a short-range communications subsystem 40 , a clickable thumbwheel (trackwheel) or trackball (not shown), and any other device subsystems generally designated as 42 .
- Some of the subsystems shown in FIG. 1perform communication-related functions, whereas other subsystems may provide “resident” or on-device functions.
- some subsystemssuch as keyboard 32 and display 22 for example, may be used for both communication-related functions, such as entering a text message for transmission over a communication network, and device-resident functions such as a calculator or task list.
- Operating system software 54 and various software applications 58 used by the microprocessor 38are, in one example embodiment, stored in a persistent store such as flash memory 24 or similar storage element. Those skilled in the art will appreciate that the operating system 54 , specific device applications 58 , or parts thereof, may be temporarily loaded into a volatile store such as RAM 26 . It is contemplated that received communication signals may also be stored to RAM 26 .
- the microprocessor 38in addition to its operating system functions, enables execution of software applications 58 on the device.
- a predetermined set of applications 58which control basic device operations, including at least data and voice communication applications for example, will normally be installed on the mobile device 10 during manufacture. Further applications may also be loaded onto the mobile device 10 through the network 50 , an auxiliary I/O subsystem 28 , serial port 30 , short-range communications subsystem 40 or any other suitable subsystem 42 , and installed by a user in the RAM 26 or a non-volatile store for execution by the microprocessor 38 .
- Such flexibility in application installationincreases the functionality of the device and may provide enhanced on-device functions, communication-related functions, or both.
- secure communication applicationsmay enable electronic commerce functions and other such financial transactions to be performed using the mobile device 10 .
- a received signalsuch as a text message or web page download will be processed by the communication subsystem 11 and input to the microprocessor 38 , which will further process the received signal for output to the display 22 , or alternatively to an auxiliary I/O device 28 .
- a user of mobile device 10may also compose data items such as email messages for example, using the keyboard 32 in conjunction with the display 22 and possibly an auxiliary I/O device 28 . Such composed items may then be transmitted over a communication network through the communication subsystem 11 .
- the serial port 30(which may for example be a Universal Serial Bus (USB) port) in FIG. 1 would normally be implemented in a personal digital assistant (PDA)-type communication device for which synchronization with a user's desktop computer (not shown) may be desirable, but is an optional device component.
- PDApersonal digital assistant
- Such a port 30would enable a user to set preferences through an external device or software application and would extend the capabilities of the device by providing for information or software downloads to the mobile device 10 other than through a wireless communication network.
- a short-range communications subsystem 40is a further component which may provide for communication between the mobile device 10 and different systems or devices, which need not necessarily be similar devices.
- the subsystem 40may include an infrared device and associated circuits and components or a BluetoothTM communication module to provide for communication with similarly enabled systems and devices.
- the mobile device 10may be a handheld device.
- the mobile device 10includes a battery 12 as a power source, which will typically be a rechargeable battery that may be charged, for example, through charging circuitry coupled to the USB port 30
- Wireless communication network 50is, in an example embodiment, a wireless wide area packet data network, which provides radio coverage to mobile devices 10 .
- Wireless communication network 50may also be a voice and data network such as GSM (Global System for Mobile Communication) and GPRS (General Packet Radio System), CDMA (Code Division Multiple Access), or various other third generation networks such as EDGE (Enhanced Data rates for GSM Evolution) or UMTS (Universal Mobile Telecommunications Systems).
- network 50is a wireless local area network (WLAN), such as for example a network compliant with one or more of the IEEE 802.11 family of standards.
- the mobile device 10is configured to communicate in both data and voice modes over both wireless WAN and WLAN networks and to roam between such networks.
- wireless gateway 62is adapted to route data packets received from a mobile communication device 10 over wireless mobile network 50 to destination electronic mail messaging or Internet access server 68 through a mobile device server 66 , and to route data packets received from the server 68 through the mobile device server 66 over the wireless mobile network 50 to a destination mobile communications device.
- Wireless gateway 62forms a connection or bridge between the servers and wireless networks associated with wireless e-mail communication and/or Internet access.
- wireless gateway 62is coupled between wireless network 50 and a hardwired data network (for example an enterprise network 70 that is located behind a firewall) that includes mobile device server 66 and electronic mail server 68 .
- the wireless gateway 62stores system configuration information, system state data, and tables that store mobile device 10 information.
- the mobile device server 66in example embodiments, is a server located in an enterprise network 70 behind a firewall and connected to the wireless gateway 62 through the Internet or another connection. Mobile device server 66 is configured as an enterprise's interface between the enterprise network 70 and the wireless network 50 . Typically, a plurality of mobile devices 10 will be associated with a mobile device server 66 that is part of the enterprise network 70 managed by an organization that the users of such mobile devices 10 are part of.
- Mail server 68is coupled to mobile device server 66 and, in one embodiment, is a conventional electronic mail server. In another embodiment, the mobile device server 66 is a component of the mail server 68 . In some embodiments, the mobile device server 66 may be operated by a wireless carrier that operates wireless network 50 .
- the mobile device 10stores data 60 in an erasable persistent memory, which in one example embodiment is flash memory 24 .
- the data 60includes service data 61 comprising information required by the mobile device 10 to establish and maintain communications with the wireless communications network 50 (wireless network service data) and the wireless gateway 62 (gateway service data).
- the data 60may also include other data 64 , user application data 63 such as email messages, address book and contact information, calendar and schedule information, notepad documents, image files, and other commonly stored user information stored on the mobile device 10 by its user.
- the data 60may also include data required for the communications layers managed by the mobile device server 66 and servers 68 .
- the data 60often includes critical data that the user of mobile device 10 (or others) does not want to be accessed by an unauthorized party.
- flash memory 24may include both a memory component that is permanently part of the mobile device 10 , as well a removable memory including for example memory on a Subscriber Identity Module (SIM) card. Some of the data 60 may be stored on the SIM card, and some stored on permanent flash memory.
- SIMSubscriber Identity Module
- mobile device server 66is configured to periodically transmit IT (Information Technology) data protection policy messages 72 (sometimes referred to as merely policy messages 72 ) through the wireless gateway 62 and wireless network 50 to its associated mobile devices 10 .
- ITInformation Technology
- mobiles devices 10will have a number of settings, including security settings that are governed by a data protection policy.
- the periodic transmission of data protection policy messages from the mobile device server 66 to addressed mobile device 10 that are associated with the mobile device server 66assists in ensuring, among other things, that each of the mobile devices 10 is kept up to date with the latest data protection policy.
- the content and frequency of policy messages 72can be set by an authorized IT administrator of enterprise network 70 .
- the mobile device 10includes a security module 56 , which in one example embodiment is implemented by a software component that is part of the operating system 54 .
- the security module 56is, or is part of, a specialized software application 58 separate from the operating system 54 .
- the security module 56includes instructions for configuring the microprocessor 38 to cause the mobile device 10 to carry out at least parts of the security processes that are described below.
- the process 200 shown in FIG. 2is intended to address a security situation in which a user's mobile device 10 has been lost or stolen and is no longer able to receive messages from the mobile device server 66 and hence cannot receive a “Kill Packet” or “Device Wipe” command.
- a data protection security actionfor example, a device wipe
- a data protection security actionis taken on the mobile device 10 if a specified amount of time passes without the mobile device 10 receiving a policy message 72 from its associated mobile device server 66 .
- the mobile device 10is out of radio coverage for too long a time period, it will be wiped.
- the mobile device 10will be wiped—for example, if the mobile device 10 moves out of coverage its “home” wireless network 50 into an area of alternative network coverage where the operator of the “home” wireless network 50 does have appropriate coverage agreements in place, then the mobile device 10 will be wiped after a predetermined duration. Additionally, as will be explained in greater detail below, in some embodiments, the mobile device 10 will be wiped if it is turned off for too long and thus does not receive an updated policy message 72 due to being in the “off” state. Alternatively, in other embodiments rather than wiping the device (i.e., erasing data from the mobile device 10 ) data 60 on the mobile device 10 may be encrypted.
- an IT manager or administratormakes a decision to enable auto-wipe security for at least some of the mobile devices 10 that are associated with the mobile device server 66 , and uses an IT data protection policy editor that is coupled to the mobile device server 66 to set a data protection policy for the affected mobile devices 10 to automatically wipe the mobile device 10 when the data protection policy is out of date.
- the IT administratorcan set both the frequency at which policy messages 72 are sent, and the duration of time that an auto-wipe should occur after if an updated policy message 72 is not received at a mobile device 10 (i.e., the duration of a timer(s), as described in more detail below).
- these valuesmay be set at the same time or at different times (for example, via separate user interface dialogues or menus). This allows the frequency at which policy messages 72 are sent and the duration of timers to be configured independently.
- the duration of the timermay be configured to be same as the frequency at which policy messages 72 are sent, or may be configured to be different.
- Setting the frequency of policy messages 72 to be the same as the duration of the timerprovides a configuration in which the mobile device 10 cannot miss a single policy message 72 without performing a data protection security action (e.g., a device wipe).
- This configurationmay not be advantageous for users that may be out of coverage periodically, depending on the specific timer duration/frequency of policy messages 72 .
- specifying a timer duration which is greater than the frequency of policy messages 72may allow one or more policy messages 72 to be missed without performing a data protection security action (depending on the specific values assigned to the frequency of the policy messages 72 and the timer duration), if this capability is desired.
- the auto-wipe countdown timer starting time durationcould be 24 hours, with the standard duration between policy messages 72 being set at 8 hours, with the result that missing 3 consecutive policy messages 72 will result in a device wipe.
- the IT administratorhas the option of setting the data protection policy globally for all mobile devices 10 associated with the mobile device server 66 , or for groups or classes of mobile devices 10 associated with the mobile device server 66 , or for one or more individual mobile devices 10 associated with the mobile device server 66 .
- the mobile device server 66may be a computer implementing a server application(s) configured for performing the security processes and functions described herein.
- the mobile device server 66in this example embodiment comprises a processor 802 (i.e., microprocessor) for controlling its operation, a communications subsystem 804 connected to the processor 802 for communicating with the wireless network 50 via the wireless gateway 62 and with the processor 802 , a display 805 such as a monitor, one or more user input devices 806 such as a keyboard and mouse connected to the processor 802 for sending user input signals to the processor 802 in response to user inputs, and a memory or storage element 808 such as a hard disk drive (HDD), RAM, ROM and/or other suitable memory connected to the processor 802 , and other suitable input and output devices (not shown) as desired or required.
- a processor 802i.e., microprocessor
- a communications subsystem 804connected to the processor 802 for communicating with the wireless network 50 via the wireless gateway 62 and with the processor 802
- Operating system software 810software applications 812 , and data 814 used by the processor 802 are stored in the memory 808 .
- the applications 812 and data 814configure the operation of the mobile device server 66 .
- Other features of the mobile device server 66 for implementing the security processes and functions described hereinwill be appreciated by persons ordinarily skilled in the art.
- the mobile device server 66also includes a security module 818 which, in this example embodiment, is implemented by one or more software components or modules stored in memory 808 .
- the security module 818configures the processor 802 to carry out at least parts of the security processes of the mobile device server 66 that are described herein.
- the security module 818is configured for sending policy messages 72 to one or more of the mobile devices 10 in the plurality of mobile communications devices 10 associated with the mobile device server 66 at predetermined intervals in accordance with a predetermined frequency, the policy messages including instructions for execution by the one or more of the mobile devices 10 to enforce (i.e., initiate, modify, maintain) or terminate a data protection policy, as explained in more detail herein.
- a corresponding policy message 72 specifying the auto-wipe policyis pushed through wireless gateway 62 and wireless network 50 to the affected mobile devices 10 .
- the policy message 72 containing an auto-wipe policyis sent immediately upon the policy being changed.
- the revised data protection policyis sent at the next regularly scheduled interval via a policy message 72 .
- each of the policy messages 72 that are sent to the affected mobile device 10will include confirmation that the auto-wipe policy is in effect.
- the next policy message 72 that is sent out from the mobile device server 66will omit the auto-wipe policy confirmation.
- the mobile device 10is configured to detect if and when a policy message 72 that specifies an auto-wipe policy is received by the mobile device 10 .
- the mobile device 10sets an internal auto-wipe timer to a predetermined time duration, and starts counting down from the predetermined time duration.
- the predetermined time duration to be used for the auto-wipe countdown timeris set in the received policy message 72 (and thus set by the IT administrator through mobile device server 66 , as indicated above).
- the countdown auto-wipe timer durationcan be set directly at the mobile device 10 by a user thereof (although caution may need to be exercised as user's often won't have an in depth knowledge of how often policy messages 72 are actually sent).
- the countdown auto-wipe timertracks absolute time relative to when the policy message 72 is received such that any attempt by a user of the device to alter the time by re-setting the clock time and date on the device (either in a conscious attempt to thwart the pending device wipe, or in an innocent attempt to adjust to a different time zone) does not affect the total duration of time allocated to the auto-wipe countdown timer.
- the mobile device 10monitors for the earliest of the following two events to occur: (a) for a new policy message 72 to be received (step 206 ); or (b) for the auto-wipe timer to time out (step 208 ).
- a device wipeis automatically performed (step 212 ) (described in greater detail below).
- the timer countdownends (step 207 ), and a check is done to see if the newly received policy message 72 also specifies an auto-wipe policy (step 202 ). If so, the auto-wipe timer is reset to the time specified in the newly received policy message 72 , and the countdown process begins again.
- a device wipeincludes permanently erasing of all user data 60 stored on the permanent storage (for example flash memory 24 ) and transient storage (for example RAM 26 ) of the mobile device 10 .
- erasing the dataincludes ensuring that at least the relevant memory locations are overwritten with meaningless bits (for example all zeros or all ones).
- meaningless bitsfor example all zeros or all ones.
- a device wipecan include erasing only selected classes of data 60 (for example erasing of all service data 61 , but not user application data 63 , or alternatively, erasing all user application data 63 but not service data 61 ).
- the security module 56is also configured to wipe the mobile device 10 when it is turned off and missing data protection policy messages 72 .
- the mobile devicewhen the mobile device is in an off state its draw on battery 12 is greatly reduced and substantially all of the device's functions are suspended (for example, its display 22 and wireless communications subsystem 11 are shut down).
- Some limited device functionscontinue even when the mobile device 10 is powered off, for example, in an off device, an internal clock continues to run and the device monitors for activation of an “ON” button (so long as the battery has sufficient power).
- the mobile device 10is powered off, it does not have the ability to receive messages (including policy messages 72 ) through the wireless communications subsystem 11 .
- the mobile device 10is configured so that turning the device off will not thwart an impending device wipe.
- the security module 56detects if shutdown of the mobile device is initiated (for example, through user selection of a “Turn Power Off” option) while the auto-wipe countdown timer from process 200 is running (step 250 ). If the device power off is initiated while the auto-wipe timer is running, then an auto-on time is set corresponding to the time remaining on the auto-wipe countdown timer (step 252 ). If the device is still turned off when the auto-on time is reached, the device automatically powers on and performs the device wipe (step 254 ).
- sub-process 245can be enabled and disabled through policy messages 72 .
- the security process of FIG. 2is based on an underlying assumption that if a mobile device 10 cannot receive a policy message 72 , it cannot receive a kill packet, and accordingly data on the device is potentially at risk. This risk is mitigated by wiping the data automatically after a specified amount of time passes without the mobile device receiving a policy message 72 .
- the mobile device 10will execute the device wipe even if it is turned off prior to the expiry of the specified time duration.
- a sub-process 265can be performed as part of process 200 wherein while the auto-wipe countdown timer of process 200 is running, the security module 200 monitors to determine if the battery power 12 falls below a particular threshold (step 270 ), and if the battery power does fall below the predetermined threshold, then a device wipe is performed immediately (step 272 ).
- the critical low battery thresholdis the level at which the mobile device will automatically turn off its RF radio (namely when the mobile device 10 will turn off the transmitter and receiver circuitry of the wireless communications system 11 )—the turning off of the radio is a relevant event as the mobile device 10 can no longer receive a kill packet when its radio is off.
- the critical low battery thresholdis a predetermined (or dynamically determined) level at which the mobile device 10 has just enough battery power remaining to execute the wipe process.
- the sub-process 265 in combination with process 200provides a security environment in which a mobile device that is configured to automatically perform a device wipe if a new policy message is not received within a predetermined time duration will perform a pre-emptive device wipe prior to waiting for the entirety of the predetermined time duration if in the meantime battery power goes too low.
- a mobile devicethat is configured to automatically perform a device wipe if a new policy message is not received within a predetermined time duration will perform a pre-emptive device wipe prior to waiting for the entirety of the predetermined time duration if in the meantime battery power goes too low.
- sub-process 265can be enabled and disabled through policy messages 72 .
- the sub-process 265may be implemented independently of the process 200 .
- a separate IT data protection policy rulemay be implemented indicating that the device should wipe itself when the battery level falls below a predetermined threshold regardless of whether an auto-wipe countdown timer is running.
- the security process 500 of FIG. 5permits a user's device to be wiped when it has been lost or stolen but has not been reported as such. In such a situation, the IT administrator will not know that a kill packet should be sent, and furthermore, the device may still be receiving policy messages 72 and accordingly a device wipe through the process 200 will not necessarily be triggered.
- the security module 56 of mobile device 10is configured to place the mobile device 10 into standby locked state upon the occurrence of certain events.
- the userIn order to get the mobile device out of its locked state, the user must enter a password or other shared secret (for example through a keyboard of the device).
- the events that trigger placing the mobile device 10 into a locked statemay include, for example, user selection of a device lock option; user inactivity for a predetermined duration; lack of wireless network coverage or activity for a predetermined duration or holstering or closing of the mobile device 10 .
- the trigger condition for initiating a locked state of the mobile device 10may be one of: user input instructing the mobile communications device 10 to initiate the locked state; the occurrence of a periodic interval or the expiry of a predetermined duration (for example, a long-term timeout may be implemented by the IT administrator which causes the mobile communications device 10 to lock periodically after a predetermined duration from a trigger condition (such as the unlocking of the device from a previous locked state) regardless of the user activity or network coverage at the time); user inactivity for a predetermined duration (for example, as measured by a lack of user input via the user input devices 28 , 32 ); loss of communication with the wireless network 50 ; and holstering of the mobile communications device 10 if the device is a holsterable device or closing of the mobile communications device 10 if the device is a flip-style device.
- the trigger conditionmay also include a variance from a predetermined threshold in a communications characteristic (such as a messaging traffic pattern between the mobile communications device 10 and the wireless network 50 ) between the mobile communications device 10 and the wireless network 50 , a lack of communication by the mobile communications device 10 with the wireless network 50 for a predetermined duration of time, and a variance in the use of the input devices 28 , 32 from a predetermined threshold.
- a communications characteristicsuch as a messaging traffic pattern between the mobile communications device 10 and the wireless network 50
- the data protection policy applied mobile device 10has been configured to specify that a device wipe automatically be performed if the mobile device 10 remains in a locked state for more than a predetermined time duration.
- the data protection policy specifying such an auto-wipe security modecan be set at the enterprise network 70 by an IT administrator and provided to the mobile device 10 through a policy message 72 sent by the mobile device server 66 through the wireless network 50 .
- the auto-wipe security process 500can be disabled by an IT administrator at the enterprise network 70 .
- an auto-wipe countdown timeris set to a specified time (which could be for example be specified in a message previously received from mobile device server 66 ) as soon as the mobile device 10 is placed into a locked state (step 504 ). Similar to the countdown timer used in security process 200 , the timer used in process 500 is also based on absolute time so that changes to the clock time or calendar date on the mobile device 10 do not affect the countdown timer. Once the countdown timer is running, the mobile device 10 monitors to determine if the user authentication occurs (step 506 ) prior to the expiry of the auto-wipe countdown timer (step 508 ).
- the countdown timeris stopped (step 512 ). However, if the countdown timer expires before user authentication occurs, then a device wipe occurs (step 510 ) to mitigate against unauthorized access to data on the device.
- a policy message 72 enabling the auto-wipe process of FIG. 5is received from the mobile device server 66 while the mobile device 10 is already in a locked state.
- the security module 56is configured in an example embodiment to immediately set the countdown timer to a value specified in the received policy message 72 and begin process 500 .
- a policy message 72may be received at the mobile device 10 disabling the auto-wipe process 500 of FIG. 5 while the device is locked and the countdown timer is running. In such a situation, the process 500 is terminated without requiring the user entry of the shared secret.
- the sub-process 245 discussed aboveauto-on and device wipe at expiry of timeout period
- the sub-process 265device-wipe when battery low and auto-wipe timer is running
- security process 500can be run in combination with security process 500 to further enhance security.
- the security processes 200 and 500can both be applied simultaneously to a mobile device 10 , with different countdown timers being used for each.
- the optional sub-process 265can be used to ensure that the mobile device 10 is wiped if the device battery is sufficiently discharged at the same time that an auto-wipe countdown timer is running.
- the security module 56can be configured to perform a device wipe any time that the battery charge level falls below a threshold, for example, the threshold at which the device radio (wireless communications subsystem 11 ) gets automatically turned off, regardless of whether any auto-wipe countdown timer is running or not.
- step 270would be modified so that the only relevant determination to be made is if the battery power is below the threshold, and if so, then a device wipe is automatically performed (step 272 ).
- the modified “wipe device when battery low” process 265can be enabled and disabled through policy messages 72 received at a mobile device 10 .
- one approach to mobile device securityis for the IT administrator to cause the mobile device server 66 to send a kill packet or device wipe command to a specific mobile device 10 that the IT administrator has reason to believe may be lost or stolen, perhaps due to a notification from the normal device user that he or she is missing his or her mobile device 10 .
- the kill packetcauses a device wipe immediately upon being received by the mobile device 10 .
- a delayed-wipe processin which a delayed data protection initiate command sent (e.g., device wipe command) from the mobile device server 66 includes a specified delay time period (e.g., timer duration), and upon receiving the delayed data protection initiate command, the mobile device 10 starts delayed data protection timer (e.g., auto-wipe countdown timer) configuring the mobile device 10 to perform a security action such as a device wipe if one of the following events does not occur prior the expiry of the timer: (i) the device user does not unlock the device prior to expiry of the timer; (ii) the mobile device 10 does not receive a further message from the mobile device server 66 that either terminates/revokes the delayed data protection timer; or (iii) the mobile device 10 does not receive a further message from the mobile device server 66 that extends the duration of timer.
- delayed data protection initiate command sente.g., device wipe command
- the mobile device server 66includes a specified delay time period (e.g., time
- the process 600commences when an IT administrator causes a delayed device wipe command to be sent from the mobile device server 66 and the command is received at the device (step 602 ).
- a delayed device wipe commandis similar to a policy message 72 but rather than providing details of an IT data protection policy, the delayed device wipe command instructs the mobile device 10 to start a timer upon receipt of the command and provides information relevant to the timer such as its duration.
- the transport and authentication mechanisms for both policy messages 72 and commandsare the same, however different transport and authentication mechanism could be used if desired.
- the security module 56 of mobile device 10After receiving the delayed device wipe command, the security module 56 of mobile device 10 then sets an auto-wipe countdown timer to a time specified in the received device wipe command (step 604 ). Similar to processes 200 and 500 , the auto-wipe countdown timer of process 600 measures absolute time so that resetting of the device clock or date has no effect on it.
- the security module 56monitors for occurrence of any one of the following three events: (i) user authentication, which occurs when the user enters a password or shared secret to the mobile device 10 (step 606 ); (ii) receipt by the mobile device of a terminate auto-wipe command from the mobile device server 66 (step 608 ) (useful for example if the device user positively determines that they have left the device in a secure location, but they cannot access it to enter the password); and (iii) receipt by the mobile device of a delay auto-wipe command from the mobile device server 66 (step 612 ) (useful for example if the device user is reasonably certain, but not positive, that the device is in a secure location and wants more time to reach the device).
- Events (ii) and (iii)give the device user flexibility to contact the IT administrator and arrange for cancellation or variation of the delayed wipe command.
- the security process 600is terminated (step 610 ).
- the security process 600is terminated (step 610 ).
- the auto-wipe timeris reset to the new value that is specified in the received command (the auto-wipe timer can be shortened by a similar process, if desired, rather than extended).
- a device wipeis performed (steps 616 and 618 ) to erase data 60 and disable the mobile device 10 .
- the sub-process 245 discussed aboveauto-on and device wipe at expiry of timeout period
- the sub-process 265device wipe when battery low and auto-wipe timer is running
- security process 600can be run in combination with security process 600 to further enhance security.
- either or both of the security processes 200 and 500can be applied in conjunction with process 600 to a mobile device 10 , with different countdown timers being used for each.
- FIG. 7illustrates another security sub-process 700 that can be applied to the mobile device either on its own, or in combination with any or all of the processes 200 , 500 and 600 and other sub-processes described above.
- the security module 56forces the mobile device 10 to go into a locked state in the event that the mobile device 10 is out of radio coverage for a predetermined time period, regardless of any current user input activity.
- the security module 56is configured to monitor for a lack of radio coverage through communications subsystem 11 , and when the lack of coverage time period exceeds a set out-of-coverage time threshold, then the mobile device 10 is forced into a locked state (step 704 ) regardless of any user interaction with the device at the time.
- an authorized userwill have the ability to at least temporarily unlock the device upon entry of the correct password or shared secret; however, without the entry of the password or shared secret the device will remain locked.
- sub-process 700When sub-process 700 is enabled, even if the user successfully unlocks the device, it will again lock itself if it remains out of radio coverage for the predetermined out-of-coverage threshold. Security process 700 provides some assurances that when the mobile device 10 is out of radio coverage (and thus unable to receive a kill packet or device wipe command) that the device will be in a locked state if it is in unauthorized hands. When combined with security process 500 , the sub-process 700 can cause the device lock triggering event for starting the auto-wipe timer of process 500 . In some embodiments, the security module 56 may be configured to perform a long term timeout that will lock the device every N minutes regardless of what the user is doing or what the radio coverage for the mobile device 10 is.
- Sub-process 700can be used to effectively shorten the long term timeout period by applying a shorter timeout threshold when the device is out of radio coverage.
- the “lock device when out-of coverage” process 700can be enabled and disabled through policy messages 72 received at a mobile device 10 .
- a mobile communications device 10comprising: a processor for controlling the operation of the mobile communications device 10 ; a user input device 28 , 32 connected to the processor 38 for sending user input signals to the processor 38 in response to user inputs; a communications subsystem 11 connected to the processor 38 for exchanging signals with a wireless network 50 and with the processor 38 ; a security module 56 associated with the processor 38 for monitoring to detect for a lack of communication through the communications subsystem 11 , if the duration of the lack of communication through the communications subsystem 11 time period exceeds a predetermined duration, performing a security action comprising erasing or encrypting at least some of the data 60 on the storage element 24 , 26 .
- the security module 56may also initiate a locked state of the mobile communications device 10 if the duration of the lack of communication through the communications subsystem 11 time period exceeds a predetermined duration, and perform monitoring, after the locked state has been initiated, to detect if a password shared by the user and the mobile communications device 10 is entered through the user input device 28 , 32 , and if entry of the password is detected, terminate the locked state.
- the security module 56may be configured to only perform a security action if the duration of the lack of communication through the communications subsystem 11 time period exceeds a predetermined duration and the mobile communications device 10 remains in a locked state.
- the monitoring to detect for a lack of communication and/or monitoring to detect if a password shared by the user and the mobile communications device 10 is entered through the user input devicemay be enabled and disabled by respective policy messages 72 received on the mobile communications device 10 .
- a related method and server for sending policy messages 72 to the mobile communications device 10is also provided.
- the data protection security actionhas been described primarily as the erasure or “wiping” of data 60 , it will be appreciated that encryption may be used as an alternative to wiping data.
- the data 60 which is subject to the data protection security actionmay be user application data 63 (such as that associated with the application modules 58 ), service data 61 required to establish and maintain communications with the wireless network 50 , service data 61 required to establish and maintain communications with the wireless gateway 62 , or combinations thereof.
- the erasure or encryption of data 60may be performed on some or all of each of the above-described data types, or portions thereof.
- some of the data 60may be erased and some of the data 60 may be encrypted. The decision between the data 60 which is erased and the data 60 which is encrypted may be based on the type of data.
- the security module 56may be configurable by the user to erase or encrypt the data 60 on the storage element 24 , 26 .
- the data protection security actionmay further comprise overwriting (with meaningless data/bits, such as ones or zeroes) the portion of the storage element 24 , 26 where the erased data was data 60 was formerly stored.
- While the present applicationis primarily described as a method, a person of ordinary skill in the art will understand that the present application is also directed to a communications device (such as the mobile communications device described above), for carrying out the disclosed method and including components for performing each described method step, be it by way of hardware components, a computer programmed by appropriate software to enable the practice of the disclosed method, by any combination of the two, or in any other manner.
- a communications devicesuch as the mobile communications device described above
- an article of manufacture for use with the apparatussuch as a pre-recorded storage device or other similar computer readable medium including program instructions recorded thereon, or a computer data signal carrying computer readable program instructions may direct an apparatus to facilitate the practice of the disclosed method.
- a communications systemcomprising a mobile data server and a plurality of mobile communication devices connected via a wireless communication network, in which the mobile data server is configured to implement at least some of the security processes herein described, and in which one or more of the mobile communication devices are configured to implement at least some of the security processes herein described, also comes within the scope of the present application.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Software Systems (AREA)
- Databases & Information Systems (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computing Systems (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
Description
- The present application is a continuation of U.S. patent application Ser. No. 11/750,594 filed on May 18, 2007 and claiming priority from U.S. patent application No. 60/747,588, filed on May 18, 2006, both of which are herein incorporated by reference.
- The present application relates to security for mobile communications devices.
- As a result of their mobility, mobile communications devices are sometimes lost or stolen. Frequently, the loss of the information stored on a missing device is of greater concern than the loss of the device itself. For example, the device may have sensitive and/or confidential information stored on it that could cause harm if acquired by others. Such sensitive information could include, among other things, stored messages of a confidential nature, and stored communications information that would allow a third party to masquerade electronically as the person to whom the mobile device rightfully belongs.
- In some mobile communications networks, once a user discovers that his or her mobile device is missing, he or she can contact the network operator or the system administrator for his or her organization and request that a “kill packet” be sent to the missing mobile device instructing the device to wipe sensitive information from its memory. However, such a system requires that the user realize that the mobile device is missing, and that the mobile device be in communication with the network. If the user relies on the device for communication, they may be unable to report it missing or stolen in a timely manner.
- Thus, security for mobile communications devices remains a concern.
FIG. 1 is a block diagram showing a communications system including a mobile communications device to which embodiments described herein may be applied;FIG. 2 is a flow diagram of a security process according to a first example embodiment;FIG. 3 is a flow diagram showing a security sub-process that can work in conjunction with the security process ofFIG. 2 ;FIG. 4 is a flow diagram showing a yet further security sub-process that can work in conjunction with the security process ofFIG. 2 ;FIG. 5 is a flow diagram showing another example embodiment of a security process that can be applied to the device ofFIG. 1 ;FIG. 6 is a flow diagram showing yet another example embodiment of a security process that can be applied to the device ofFIG. 1 ;FIG. 7 is a flow diagram showing another security sub-process that can work in conjunction with other security processes described herein; andFIG. 8 is a block diagram showing a mobile device server to which embodiments described herein may be applied.- It will be noted that throughout the drawings similar features are identified by the same reference numerals.
- In accordance with one example embodiment of the present application, there is provided a mobile communications device, comprising: a processor; a communications subsystem connected to the processor operable to exchange signals with a wireless network and with the processor; a storage element connected to the processor and having a plurality of application modules and data stored thereon, the data comprising at least user application data associated with the application modules and service data including data for establishing communications with the wireless network; and a security module operable to detect a locked state of the mobile communications device and initiate a lockout data protection timer for a predetermined duration upon detection of the locked state; and wherein the security module is operable to, after the lockout data protection timer has been initiated, detect if a password shared by the user and the mobile communications device is entered through a user input device within the predetermined duration of the lockout data protection timer; wherein the security module is operable to terminate the lockout data protection timer if entry of the password is detected within the predetermined duration; and wherein the security module is operable to perform a security action comprising erasing or encrypting at least some of the data on the storage element if entry of the password is not detected within the predetermined duration.
- In accordance with another example embodiment of the present application, there is provided a method for providing security on a mobile communications device, the mobile communications device being configured to communicate with a wireless communications network and including a storage element having data stored thereon, the method comprising the acts of: monitoring to detect for the locked state of the mobile communications device and initiating a lockout data protection timer for a predetermined duration upon detection of the locked state; and monitoring, after the lockout data protection timer has been initiated, to detect if a password shared by the user and the mobile communications device is entered through the user input device within the predetermined duration of the lockout data protection timer; if entry of the password is detected within the predetermined duration, terminating the lockout data protection timer; and if entry of the password is not detected within the predetermined duration, performing a security action comprising erasing or encrypting at least some of the data on the storage element.
- In accordance with a further example embodiment of the present application, there is provided a computer program product comprising a machine-readable medium tangibly embodying instructions executable on a mobile communications device for providing security on the mobile communications device, the machine-readable instructions comprising: code for monitoring to detect for the locked state of the mobile communications device and initiating a lockout data protection timer for a predetermined duration upon detection of the locked state; code for monitoring, after the lockout data protection timer has been initiated, to detect if a password shared by the user and the mobile communications device is entered through the user input device within the predetermined duration of the lockout data protection timer; code for terminating the lockout data protection timer if entry of the password is detected within the predetermined duration; and code for performing a security action comprising erasing or encrypting at least some of the data on the storage element if entry of the password is not detected within the predetermined duration.
- Referring now to the drawings,
FIG. 1 is a block diagram of amobile communication device 10 to which example embodiments described herein can be applied. Themobile communication device 10 is a two-way communication device having at least data and possibly also voice communication capabilities and the capability to communicate with other computer systems on the Internet. Depending on the functionality provided by the device, in various embodiments the device may be a data communication device, a multiple-mode communication device configured for both data and voice communication, a mobile telephone, a PDA (personal digital assistant) enabled for wireless communication, or a computer system with a wireless modem, among other things. - The
mobile device 10 includes awireless communication subsystem 11 for exchanging radio frequency signals with awireless network 50. Thecommunication subsystem 11 includes a receiver, a transmitter, and associated components, such as one or more antenna elements, local oscillators (LOs), and digital signal processor (DSP). As will be apparent to those skilled in the field of communications, the particular design of thecommunication subsystem 11 depends on thewireless network 50 in whichmobile device 10 is intended to operate. - The
mobile device 10 may send and receive communication signals over thewireless network 50 after the required network registration or activation procedures have been completed. Signals received by the antenna through thewireless network 50 are input to the receiver, which may perform such common receiver functions as signal amplification, frequency down conversion, filtering, channel selection, and the like, and analog-to-digital (A/D) conversion. A/D conversion of a received signal allows more complex communication functions such as demodulation and decoding to be performed in the DSP. In a similar manner, signals to be transmitted are processed, including modulation and encoding, for example, by DSP. These DSP-processed signals are input to the transmitter for digital-to-analog (D/A) conversion, frequency up conversion, filtering, amplification and transmission over thewireless network 50 via the antenna. The DSP not only processes communication signals, but also provides for receiver and transmitter control. For example, the gains applied to communication signals in the receiver and the transmitter may be adaptively controlled through automatic gain control algorithms implemented in the DSP. - The
mobile device 10 includes a controller in the form of at least onemicroprocessor 38 that controls the overall operation of themobile device 10. Themicroprocessor 38 interacts withcommunications subsystem 11 and also interacts with further device subsystems such as thedisplay 22,flash memory 24, random access memory (RAM)26, auxiliary input/output (I/O)subsystems 28,serial port 30, keyboard orkeypad 32,speaker 34,microphone 36, a short-range communications subsystem 40, a clickable thumbwheel (trackwheel) or trackball (not shown), and any other device subsystems generally designated as42. - Some of the subsystems shown in
FIG. 1 perform communication-related functions, whereas other subsystems may provide “resident” or on-device functions. Notably, some subsystems, such askeyboard 32 and display22 for example, may be used for both communication-related functions, such as entering a text message for transmission over a communication network, and device-resident functions such as a calculator or task list. Operating system software 54 andvarious software applications 58 used by themicroprocessor 38 are, in one example embodiment, stored in a persistent store such asflash memory 24 or similar storage element. Those skilled in the art will appreciate that theoperating system 54,specific device applications 58, or parts thereof, may be temporarily loaded into a volatile store such asRAM 26. It is contemplated that received communication signals may also be stored toRAM 26.- The
microprocessor 38, in addition to its operating system functions, enables execution ofsoftware applications 58 on the device. A predetermined set ofapplications 58 which control basic device operations, including at least data and voice communication applications for example, will normally be installed on themobile device 10 during manufacture. Further applications may also be loaded onto themobile device 10 through thenetwork 50, an auxiliary I/O subsystem 28,serial port 30, short-range communications subsystem 40 or any othersuitable subsystem 42, and installed by a user in theRAM 26 or a non-volatile store for execution by themicroprocessor 38. Such flexibility in application installation increases the functionality of the device and may provide enhanced on-device functions, communication-related functions, or both. For example, secure communication applications may enable electronic commerce functions and other such financial transactions to be performed using themobile device 10. - In a data communication mode, a received signal such as a text message or web page download will be processed by the
communication subsystem 11 and input to themicroprocessor 38, which will further process the received signal for output to thedisplay 22, or alternatively to an auxiliary I/O device 28. A user ofmobile device 10 may also compose data items such as email messages for example, using thekeyboard 32 in conjunction with thedisplay 22 and possibly an auxiliary I/O device 28. Such composed items may then be transmitted over a communication network through thecommunication subsystem 11. - The serial port30 (which may for example be a Universal Serial Bus (USB) port) in
FIG. 1 would normally be implemented in a personal digital assistant (PDA)-type communication device for which synchronization with a user's desktop computer (not shown) may be desirable, but is an optional device component. Such aport 30 would enable a user to set preferences through an external device or software application and would extend the capabilities of the device by providing for information or software downloads to themobile device 10 other than through a wireless communication network. - A short-
range communications subsystem 40 is a further component which may provide for communication between themobile device 10 and different systems or devices, which need not necessarily be similar devices. For example, thesubsystem 40 may include an infrared device and associated circuits and components or a Bluetooth™ communication module to provide for communication with similarly enabled systems and devices. Themobile device 10 may be a handheld device. Themobile device 10 includes abattery 12 as a power source, which will typically be a rechargeable battery that may be charged, for example, through charging circuitry coupled to theUSB port 30 Wireless communication network 50 is, in an example embodiment, a wireless wide area packet data network, which provides radio coverage tomobile devices 10.Wireless communication network 50 may also be a voice and data network such as GSM (Global System for Mobile Communication) and GPRS (General Packet Radio System), CDMA (Code Division Multiple Access), or various other third generation networks such as EDGE (Enhanced Data rates for GSM Evolution) or UMTS (Universal Mobile Telecommunications Systems). In some example embodiments,network 50 is a wireless local area network (WLAN), such as for example a network compliant with one or more of the IEEE 802.11 family of standards. In some example embodiments, themobile device 10 is configured to communicate in both data and voice modes over both wireless WAN and WLAN networks and to roam between such networks.- In an example embodiment,
wireless gateway 62 is adapted to route data packets received from amobile communication device 10 over wirelessmobile network 50 to destination electronic mail messaging orInternet access server 68 through amobile device server 66, and to route data packets received from theserver 68 through themobile device server 66 over the wirelessmobile network 50 to a destination mobile communications device.Wireless gateway 62 forms a connection or bridge between the servers and wireless networks associated with wireless e-mail communication and/or Internet access. In an example embodiment,wireless gateway 62 is coupled betweenwireless network 50 and a hardwired data network (for example anenterprise network 70 that is located behind a firewall) that includesmobile device server 66 andelectronic mail server 68. Thewireless gateway 62, in example embodiments, stores system configuration information, system state data, and tables that storemobile device 10 information. Themobile device server 66, in example embodiments, is a server located in anenterprise network 70 behind a firewall and connected to thewireless gateway 62 through the Internet or another connection.Mobile device server 66 is configured as an enterprise's interface between theenterprise network 70 and thewireless network 50. Typically, a plurality ofmobile devices 10 will be associated with amobile device server 66 that is part of theenterprise network 70 managed by an organization that the users of suchmobile devices 10 are part of.Mail server 68 is coupled tomobile device server 66 and, in one embodiment, is a conventional electronic mail server. In another embodiment, themobile device server 66 is a component of themail server 68. In some embodiments, themobile device server 66 may be operated by a wireless carrier that operateswireless network 50. - The
mobile device 10stores data 60 in an erasable persistent memory, which in one example embodiment isflash memory 24. In various embodiments, thedata 60 includesservice data 61 comprising information required by themobile device 10 to establish and maintain communications with the wireless communications network50 (wireless network service data) and the wireless gateway62 (gateway service data). Thedata 60 may also includeother data 64,user application data 63 such as email messages, address book and contact information, calendar and schedule information, notepad documents, image files, and other commonly stored user information stored on themobile device 10 by its user. Thedata 60 may also include data required for the communications layers managed by themobile device server 66 andservers 68. Thedata 60 often includes critical data that the user of mobile device10 (or others) does not want to be accessed by an unauthorized party. - In some examples,
flash memory 24 may include both a memory component that is permanently part of themobile device 10, as well a removable memory including for example memory on a Subscriber Identity Module (SIM) card. Some of thedata 60 may be stored on the SIM card, and some stored on permanent flash memory. - In an example embodiment,
mobile device server 66 is configured to periodically transmit IT (Information Technology) data protection policy messages72 (sometimes referred to as merely policy messages72) through thewireless gateway 62 andwireless network 50 to its associatedmobile devices 10. Typically,mobiles devices 10 will have a number of settings, including security settings that are governed by a data protection policy. The periodic transmission of data protection policy messages from themobile device server 66 to addressedmobile device 10 that are associated with themobile device server 66 assists in ensuring, among other things, that each of themobile devices 10 is kept up to date with the latest data protection policy. The content and frequency ofpolicy messages 72 can be set by an authorized IT administrator ofenterprise network 70. - In order to provide security for a lost or stolen
mobile device 10, themobile device 10 includes asecurity module 56, which in one example embodiment is implemented by a software component that is part of theoperating system 54. In other embodiments, thesecurity module 56 is, or is part of, aspecialized software application 58 separate from theoperating system 54. Thesecurity module 56 includes instructions for configuring themicroprocessor 38 to cause themobile device 10 to carry out at least parts of the security processes that are described below. Theprocess 200 shown inFIG. 2 is intended to address a security situation in which a user'smobile device 10 has been lost or stolen and is no longer able to receive messages from themobile device server 66 and hence cannot receive a “Kill Packet” or “Device Wipe” command. Generally, in thesecurity process 200, a data protection security action (for example, a device wipe) is taken on themobile device 10 if a specified amount of time passes without themobile device 10 receiving apolicy message 72 from its associatedmobile device server 66. Thus, if themobile device 10 is out of radio coverage for too long a time period, it will be wiped. Also, even if the device is in radio coverage of a wireless network, but that particular network is not a network through which themobile device 10 can receive data protection policy packets from themobile device server 66, then themobile device 10 will be wiped—for example, if themobile device 10 moves out of coverage its “home”wireless network 50 into an area of alternative network coverage where the operator of the “home”wireless network 50 does have appropriate coverage agreements in place, then themobile device 10 will be wiped after a predetermined duration. Additionally, as will be explained in greater detail below, in some embodiments, themobile device 10 will be wiped if it is turned off for too long and thus does not receive an updatedpolicy message 72 due to being in the “off” state. Alternatively, in other embodiments rather than wiping the device (i.e., erasing data from the mobile device10)data 60 on themobile device 10 may be encrypted. - Prior to explaining the operation of a particular
mobile device 10 in greater detail in the context ofFIG. 2 , the configuration of themobile device server 66 will first be discussed. In an example embodiment, an IT manager or administrator makes a decision to enable auto-wipe security for at least some of themobile devices 10 that are associated with themobile device server 66, and uses an IT data protection policy editor that is coupled to themobile device server 66 to set a data protection policy for the affectedmobile devices 10 to automatically wipe themobile device 10 when the data protection policy is out of date. As part of selecting the auto-wipe policy, the IT administrator can set both the frequency at whichpolicy messages 72 are sent, and the duration of time that an auto-wipe should occur after if an updatedpolicy message 72 is not received at a mobile device10 (i.e., the duration of a timer(s), as described in more detail below). In some embodiments, these values may be set at the same time or at different times (for example, via separate user interface dialogues or menus). This allows the frequency at whichpolicy messages 72 are sent and the duration of timers to be configured independently. In some embodiments, the duration of the timer may be configured to be same as the frequency at whichpolicy messages 72 are sent, or may be configured to be different. Setting the frequency ofpolicy messages 72 to be the same as the duration of the timer (for example, setting thepolicy messages 72 to be sent every 5 minutes and setting the timer duration to 5 minutes) provides a configuration in which themobile device 10 cannot miss asingle policy message 72 without performing a data protection security action (e.g., a device wipe). This configuration may not be advantageous for users that may be out of coverage periodically, depending on the specific timer duration/frequency ofpolicy messages 72. For such users, specifying a timer duration which is greater than the frequency ofpolicy messages 72 may allow one ormore policy messages 72 to be missed without performing a data protection security action (depending on the specific values assigned to the frequency of thepolicy messages 72 and the timer duration), if this capability is desired. By way of illustrative example only, the auto-wipe countdown timer starting time duration could be 24 hours, with the standard duration betweenpolicy messages 72 being set at 8 hours, with the result that missing 3consecutive policy messages 72 will result in a device wipe. - In some embodiments, the IT administrator has the option of setting the data protection policy globally for all
mobile devices 10 associated with themobile device server 66, or for groups or classes ofmobile devices 10 associated with themobile device server 66, or for one or more individualmobile devices 10 associated with themobile device server 66. - Referring now to
FIG. 8 , an example embodiment of themobile device server 66 will be briefly described. Themobile device server 66 may be a computer implementing a server application(s) configured for performing the security processes and functions described herein. Themobile device server 66 in this example embodiment comprises a processor802 (i.e., microprocessor) for controlling its operation, acommunications subsystem 804 connected to theprocessor 802 for communicating with thewireless network 50 via thewireless gateway 62 and with theprocessor 802, adisplay 805 such as a monitor, one or moreuser input devices 806 such as a keyboard and mouse connected to theprocessor 802 for sending user input signals to theprocessor 802 in response to user inputs, and a memory orstorage element 808 such as a hard disk drive (HDD), RAM, ROM and/or other suitable memory connected to theprocessor 802, and other suitable input and output devices (not shown) as desired or required.Operating system software 810,software applications 812, anddata 814 used by theprocessor 802 are stored in thememory 808. Theapplications 812 anddata 814 configure the operation of themobile device server 66. Other features of themobile device server 66 for implementing the security processes and functions described herein will be appreciated by persons ordinarily skilled in the art. - The
mobile device server 66 also includes asecurity module 818 which, in this example embodiment, is implemented by one or more software components or modules stored inmemory 808. Thesecurity module 818 configures theprocessor 802 to carry out at least parts of the security processes of themobile device server 66 that are described herein. In one example embodiment, thesecurity module 818 is configured for sendingpolicy messages 72 to one or more of themobile devices 10 in the plurality ofmobile communications devices 10 associated with themobile device server 66 at predetermined intervals in accordance with a predetermined frequency, the policy messages including instructions for execution by the one or more of themobile devices 10 to enforce (i.e., initiate, modify, maintain) or terminate a data protection policy, as explained in more detail herein. - Once the data protection policy associated with one or more
mobile devices 10 is set to specify an auto-wipe policy, a correspondingpolicy message 72 specifying the auto-wipe policy is pushed throughwireless gateway 62 andwireless network 50 to the affectedmobile devices 10. In some embodiments, thepolicy message 72 containing an auto-wipe policy is sent immediately upon the policy being changed. In other embodiments, the revised data protection policy is sent at the next regularly scheduled interval via apolicy message 72. In an example embodiment, so long as the auto-wipe policy is in effect, each of thepolicy messages 72 that are sent to the affectedmobile device 10 will include confirmation that the auto-wipe policy is in effect. In the event that the administrator chooses to rescind the auto-wipe policy, thenext policy message 72 that is sent out from themobile device server 66 will omit the auto-wipe policy confirmation. - Turning again to
FIG. 2 , as indicated instep 202, themobile device 10 is configured to detect if and when apolicy message 72 that specifies an auto-wipe policy is received by themobile device 10. Next instep 204, if apolicy message 72 specifying an auto-wipe policy is received, themobile device 10 sets an internal auto-wipe timer to a predetermined time duration, and starts counting down from the predetermined time duration. In an example embodiment, the predetermined time duration to be used for the auto-wipe countdown timer is set in the received policy message72 (and thus set by the IT administrator throughmobile device server 66, as indicated above). In other example embodiments, the countdown auto-wipe timer duration can be set directly at themobile device 10 by a user thereof (although caution may need to be exercised as user's often won't have an in depth knowledge of how oftenpolicy messages 72 are actually sent). In an example embodiment, the countdown auto-wipe timer tracks absolute time relative to when thepolicy message 72 is received such that any attempt by a user of the device to alter the time by re-setting the clock time and date on the device (either in a conscious attempt to thwart the pending device wipe, or in an innocent attempt to adjust to a different time zone) does not affect the total duration of time allocated to the auto-wipe countdown timer. - As indicated in
steps mobile device 10 monitors for the earliest of the following two events to occur: (a) for anew policy message 72 to be received (step206); or (b) for the auto-wipe timer to time out (step208). In the event that the auto-wipe countdown timer times out before a new dataprotection policy message 72 is received by themobile device 10, then a device wipe is automatically performed (step212) (described in greater detail below). In the event that a new dataprotection policy message 72 is received before time out of the auto-wipe timer, then the timer countdown ends (step207), and a check is done to see if the newly receivedpolicy message 72 also specifies an auto-wipe policy (step202). If so, the auto-wipe timer is reset to the time specified in the newly receivedpolicy message 72, and the countdown process begins again. - Turing again to step212 of
FIG. 2 , a device wipe includes permanently erasing of alluser data 60 stored on the permanent storage (for example flash memory24) and transient storage (for example RAM26) of themobile device 10. In at least some embodiments, erasing the data includes ensuring that at least the relevant memory locations are overwritten with meaningless bits (for example all zeros or all ones). Thus, in a device wipe, in various embodiments, information required by themobile device 10 to function as a communications device is deleted (thereby disabling themobile device 10 as a communications device—as a possible exception, the ability of themobile device 10 to be used for emergency calls such as 911 calls may be maintained), and any information such as stored email and other messages, address book lists, task items, etc. that may be confidential to the user is deleted. In some example embodiments, a device wipe can include erasing only selected classes of data60 (for example erasing of allservice data 61, but notuser application data 63, or alternatively, erasing alluser application data 63 but not service data61). - With reference to
FIG. 3 , in at least one example embodiment, thesecurity module 56 is also configured to wipe themobile device 10 when it is turned off and missing dataprotection policy messages 72. Typically, when the mobile device is in an off state its draw onbattery 12 is greatly reduced and substantially all of the device's functions are suspended (for example, itsdisplay 22 andwireless communications subsystem 11 are shut down). Some limited device functions continue even when themobile device 10 is powered off, for example, in an off device, an internal clock continues to run and the device monitors for activation of an “ON” button (so long as the battery has sufficient power). When themobile device 10 is powered off, it does not have the ability to receive messages (including policy messages72) through thewireless communications subsystem 11. In one example embodiment, themobile device 10 is configured so that turning the device off will not thwart an impending device wipe. As indicated inprocess 245 ofFIG. 3 , thesecurity module 56 detects if shutdown of the mobile device is initiated (for example, through user selection of a “Turn Power Off” option) while the auto-wipe countdown timer fromprocess 200 is running (step250). If the device power off is initiated while the auto-wipe timer is running, then an auto-on time is set corresponding to the time remaining on the auto-wipe countdown timer (step252). If the device is still turned off when the auto-on time is reached, the device automatically powers on and performs the device wipe (step254). In example embodiments, sub-process245 can be enabled and disabled throughpolicy messages 72. - Thus it will be appreciated that the security process of
FIG. 2 is based on an underlying assumption that if amobile device 10 cannot receive apolicy message 72, it cannot receive a kill packet, and accordingly data on the device is potentially at risk. This risk is mitigated by wiping the data automatically after a specified amount of time passes without the mobile device receiving apolicy message 72. In at least some example embodiments, as indicated inFIG. 3 , themobile device 10 will execute the device wipe even if it is turned off prior to the expiry of the specified time duration. - The security process of
FIG. 2 (either on its own or as combined with the process ofFIG. 3 ) can be varied in example embodiments to reduce the possibility that a device wipe that should otherwise have occurred will not occur due to themobile device 10 turning off due to a dischargedbattery 12. In this regard, with reference toFIG. 4 , a sub-process265 can be performed as part ofprocess 200 wherein while the auto-wipe countdown timer ofprocess 200 is running, thesecurity module 200 monitors to determine if thebattery power 12 falls below a particular threshold (step270), and if the battery power does fall below the predetermined threshold, then a device wipe is performed immediately (step272). In at least one example embodiment, the critical low battery threshold is the level at which the mobile device will automatically turn off its RF radio (namely when themobile device 10 will turn off the transmitter and receiver circuitry of the wireless communications system11)—the turning off of the radio is a relevant event as themobile device 10 can no longer receive a kill packet when its radio is off. In an alternate embodiment, the critical low battery threshold is a predetermined (or dynamically determined) level at which themobile device 10 has just enough battery power remaining to execute the wipe process. Thus, the sub-process265 in combination withprocess 200 provides a security environment in which a mobile device that is configured to automatically perform a device wipe if a new policy message is not received within a predetermined time duration will perform a pre-emptive device wipe prior to waiting for the entirety of the predetermined time duration if in the meantime battery power goes too low. Such a configuration recognizes that attempting to wait the entire duration of the countdown auto-wipe timer will be ineffective if the battery will not contain enough power to facilitate the wipe at the future time. In example embodiments, sub-process265 can be enabled and disabled throughpolicy messages 72. - In some embodiments, the sub-process265 may be implemented independently of the
process 200. In such embodiments, a separate IT data protection policy rule may be implemented indicating that the device should wipe itself when the battery level falls below a predetermined threshold regardless of whether an auto-wipe countdown timer is running. - Another example of a security process that can be applied to
mobile device 10 according to a further embodiment will now be described with reference toFIG. 5 . Thesecurity process 500 ofFIG. 5 permits a user's device to be wiped when it has been lost or stolen but has not been reported as such. In such a situation, the IT administrator will not know that a kill packet should be sent, and furthermore, the device may still be receivingpolicy messages 72 and accordingly a device wipe through theprocess 200 will not necessarily be triggered. In an example embodiment, thesecurity module 56 ofmobile device 10 is configured to place themobile device 10 into standby locked state upon the occurrence of certain events. While themobile device 10 is in a locked mode, the device user is prevented from using substantially all of the functionality of the device, including accessing any data stored on themobile device 10. In order to get the mobile device out of its locked state, the user must enter a password or other shared secret (for example through a keyboard of the device). The events that trigger placing themobile device 10 into a locked state may include, for example, user selection of a device lock option; user inactivity for a predetermined duration; lack of wireless network coverage or activity for a predetermined duration or holstering or closing of themobile device 10. - It will be appreciated that the trigger condition for initiating a locked state of the
mobile device 10 may be one of: user input instructing themobile communications device 10 to initiate the locked state; the occurrence of a periodic interval or the expiry of a predetermined duration (for example, a long-term timeout may be implemented by the IT administrator which causes themobile communications device 10 to lock periodically after a predetermined duration from a trigger condition (such as the unlocking of the device from a previous locked state) regardless of the user activity or network coverage at the time); user inactivity for a predetermined duration (for example, as measured by a lack of user input via theuser input devices 28,32); loss of communication with thewireless network 50; and holstering of themobile communications device 10 if the device is a holsterable device or closing of themobile communications device 10 if the device is a flip-style device. - The trigger condition may also include a variance from a predetermined threshold in a communications characteristic (such as a messaging traffic pattern between the
mobile communications device 10 and the wireless network50) between themobile communications device 10 and thewireless network 50, a lack of communication by themobile communications device 10 with thewireless network 50 for a predetermined duration of time, and a variance in the use of theinput devices - In the
security process 500 ofFIG. 5 , the data protection policy appliedmobile device 10 has been configured to specify that a device wipe automatically be performed if themobile device 10 remains in a locked state for more than a predetermined time duration. In one embodiment, the data protection policy specifying such an auto-wipe security mode can be set at theenterprise network 70 by an IT administrator and provided to themobile device 10 through apolicy message 72 sent by themobile device server 66 through thewireless network 50. In a similar manner, the auto-wipesecurity process 500 can be disabled by an IT administrator at theenterprise network 70. - In the case where the
security process 500 is enabled by the data protection policy applied to themobile device 10, then an auto-wipe countdown timer is set to a specified time (which could be for example be specified in a message previously received from mobile device server66) as soon as themobile device 10 is placed into a locked state (step504). Similar to the countdown timer used insecurity process 200, the timer used inprocess 500 is also based on absolute time so that changes to the clock time or calendar date on themobile device 10 do not affect the countdown timer. Once the countdown timer is running, themobile device 10 monitors to determine if the user authentication occurs (step506) prior to the expiry of the auto-wipe countdown timer (step508). If the user authenticates within the requisite time period (user authentication including entry of a password or shared secret to unlock the mobile device10), then the countdown timer is stopped (step512). However, if the countdown timer expires before user authentication occurs, then a device wipe occurs (step510) to mitigate against unauthorized access to data on the device. - It will be appreciated that the situation could arise where a
policy message 72 enabling the auto-wipe process ofFIG. 5 is received from themobile device server 66 while themobile device 10 is already in a locked state. In such a situation, thesecurity module 56 is configured in an example embodiment to immediately set the countdown timer to a value specified in the receivedpolicy message 72 and beginprocess 500. Similarly, apolicy message 72 may be received at themobile device 10 disabling the auto-wipeprocess 500 ofFIG. 5 while the device is locked and the countdown timer is running. In such a situation, theprocess 500 is terminated without requiring the user entry of the shared secret. - The sub-process245 discussed above (auto-on and device wipe at expiry of timeout period) and the sub-process265 (device-wipe when battery low and auto-wipe timer is running) can be run in combination with
security process 500 to further enhance security. Additionally, the security processes200 and500 can both be applied simultaneously to amobile device 10, with different countdown timers being used for each. - As previously noted, in the example security processes200 and500 described above, the
optional sub-process 265 can be used to ensure that themobile device 10 is wiped if the device battery is sufficiently discharged at the same time that an auto-wipe countdown timer is running. In at least some example embodiments, thesecurity module 56 can be configured to perform a device wipe any time that the battery charge level falls below a threshold, for example, the threshold at which the device radio (wireless communications subsystem11) gets automatically turned off, regardless of whether any auto-wipe countdown timer is running or not. Thus referring toFIG. 4 , step270 would be modified so that the only relevant determination to be made is if the battery power is below the threshold, and if so, then a device wipe is automatically performed (step272). In example embodiments, the modified “wipe device when battery low”process 265 can be enabled and disabled throughpolicy messages 72 received at amobile device 10. - Another example embodiment will now be described. As noted above, one approach to mobile device security is for the IT administrator to cause the
mobile device server 66 to send a kill packet or device wipe command to a specificmobile device 10 that the IT administrator has reason to believe may be lost or stolen, perhaps due to a notification from the normal device user that he or she is missing his or hermobile device 10. In such situations, the kill packet causes a device wipe immediately upon being received by themobile device 10. However, there may be circumstances where a device user has misplaced his or her device, but thinks that there is a chance that they may recover it, and so the device user does not want the device immediately wiped upon advising the IT administrator of the missing device. In this regard,security process 600 ofFIG. 6 provides a “delayed-wipe process” in which a delayed data protection initiate command sent (e.g., device wipe command) from themobile device server 66 includes a specified delay time period (e.g., timer duration), and upon receiving the delayed data protection initiate command, themobile device 10 starts delayed data protection timer (e.g., auto-wipe countdown timer) configuring themobile device 10 to perform a security action such as a device wipe if one of the following events does not occur prior the expiry of the timer: (i) the device user does not unlock the device prior to expiry of the timer; (ii) themobile device 10 does not receive a further message from themobile device server 66 that either terminates/revokes the delayed data protection timer; or (iii) themobile device 10 does not receive a further message from themobile device server 66 that extends the duration of timer. - The illustrated embodiment of
FIG. 6 in which the security action to be performed is a device wipe will now be described in more detail. Theprocess 600 commences when an IT administrator causes a delayed device wipe command to be sent from themobile device server 66 and the command is received at the device (step602). A delayed device wipe command is similar to apolicy message 72 but rather than providing details of an IT data protection policy, the delayed device wipe command instructs themobile device 10 to start a timer upon receipt of the command and provides information relevant to the timer such as its duration. Typically, the transport and authentication mechanisms for bothpolicy messages 72 and commands are the same, however different transport and authentication mechanism could be used if desired. After receiving the delayed device wipe command, thesecurity module 56 ofmobile device 10 then sets an auto-wipe countdown timer to a time specified in the received device wipe command (step604). Similar toprocesses process 600 measures absolute time so that resetting of the device clock or date has no effect on it. While the auto-wipe countdown timer is running, thesecurity module 56 monitors for occurrence of any one of the following three events: (i) user authentication, which occurs when the user enters a password or shared secret to the mobile device10 (step606); (ii) receipt by the mobile device of a terminate auto-wipe command from the mobile device server66 (step608) (useful for example if the device user positively determines that they have left the device in a secure location, but they cannot access it to enter the password); and (iii) receipt by the mobile device of a delay auto-wipe command from the mobile device server66 (step612) (useful for example if the device user is reasonably certain, but not positive, that the device is in a secure location and wants more time to reach the device). Events (ii) and (iii) give the device user flexibility to contact the IT administrator and arrange for cancellation or variation of the delayed wipe command. In the event that user authentication (step606) or receipt of a terminate auto-wipe message (step608) occurs before expiry of the auto-wipe timer, than thesecurity process 600 is terminated (step610). In the event of receipt by the mobile device of a delay auto-wipe command from the mobile device server66 (step612) prior to expiry of the auto-wipe countdown timer than the auto-wipe timer is reset to the new value that is specified in the received command (the auto-wipe timer can be shortened by a similar process, if desired, rather than extended). In the event that auto-wipe timer expires prior to the occurrence of one of the above events, then a device wipe is performed (steps 616 and618) to erasedata 60 and disable themobile device 10. - The sub-process245 discussed above (auto-on and device wipe at expiry of timeout period) and the sub-process265 (device wipe when battery low and auto-wipe timer is running) can be run in combination with
security process 600 to further enhance security. Additionally, either or both of the security processes200 and500 can be applied in conjunction withprocess 600 to amobile device 10, with different countdown timers being used for each. FIG. 7 illustrates anothersecurity sub-process 700 that can be applied to the mobile device either on its own, or in combination with any or all of theprocesses sub-process 700, thesecurity module 56 forces themobile device 10 to go into a locked state in the event that themobile device 10 is out of radio coverage for a predetermined time period, regardless of any current user input activity. As indicated instep 702, thesecurity module 56 is configured to monitor for a lack of radio coverage throughcommunications subsystem 11, and when the lack of coverage time period exceeds a set out-of-coverage time threshold, then themobile device 10 is forced into a locked state (step704) regardless of any user interaction with the device at the time. After the device enters the locked state, an authorized user will have the ability to at least temporarily unlock the device upon entry of the correct password or shared secret; however, without the entry of the password or shared secret the device will remain locked.- When sub-process700 is enabled, even if the user successfully unlocks the device, it will again lock itself if it remains out of radio coverage for the predetermined out-of-coverage threshold.
Security process 700 provides some assurances that when themobile device 10 is out of radio coverage (and thus unable to receive a kill packet or device wipe command) that the device will be in a locked state if it is in unauthorized hands. When combined withsecurity process 500, the sub-process700 can cause the device lock triggering event for starting the auto-wipe timer ofprocess 500. In some embodiments, thesecurity module 56 may be configured to perform a long term timeout that will lock the device every N minutes regardless of what the user is doing or what the radio coverage for themobile device 10 is. Sub-process700 can be used to effectively shorten the long term timeout period by applying a shorter timeout threshold when the device is out of radio coverage. In example embodiments, the “lock device when out-of coverage”process 700 can be enabled and disabled throughpolicy messages 72 received at amobile device 10. - In accordance with another example embodiment, there is provided a
mobile communications device 10, comprising: a processor for controlling the operation of themobile communications device 10; auser input device processor 38 for sending user input signals to theprocessor 38 in response to user inputs; acommunications subsystem 11 connected to theprocessor 38 for exchanging signals with awireless network 50 and with theprocessor 38; asecurity module 56 associated with theprocessor 38 for monitoring to detect for a lack of communication through thecommunications subsystem 11, if the duration of the lack of communication through thecommunications subsystem 11 time period exceeds a predetermined duration, performing a security action comprising erasing or encrypting at least some of thedata 60 on thestorage element security module 56 may also initiate a locked state of themobile communications device 10 if the duration of the lack of communication through thecommunications subsystem 11 time period exceeds a predetermined duration, and perform monitoring, after the locked state has been initiated, to detect if a password shared by the user and themobile communications device 10 is entered through theuser input device security module 56 may be configured to only perform a security action if the duration of the lack of communication through thecommunications subsystem 11 time period exceeds a predetermined duration and themobile communications device 10 remains in a locked state. The monitoring to detect for a lack of communication and/or monitoring to detect if a password shared by the user and themobile communications device 10 is entered through the user input device may be enabled and disabled byrespective policy messages 72 received on themobile communications device 10. A related method and server for sendingpolicy messages 72 to themobile communications device 10 is also provided. - It will be appreciated to persons skilled in the art that various alterations, modifications and variations to the particular embodiments described herein are possible. For example, although the data protection security action has been described primarily as the erasure or “wiping” of
data 60, it will be appreciated that encryption may be used as an alternative to wiping data. In addition, thedata 60 which is subject to the data protection security action may be user application data63 (such as that associated with the application modules58),service data 61 required to establish and maintain communications with thewireless network 50,service data 61 required to establish and maintain communications with thewireless gateway 62, or combinations thereof. The erasure or encryption ofdata 60 may be performed on some or all of each of the above-described data types, or portions thereof. In addition, in some embodiment some of thedata 60 may be erased and some of thedata 60 may be encrypted. The decision between thedata 60 which is erased and thedata 60 which is encrypted may be based on the type of data. In addition, thesecurity module 56 may be configurable by the user to erase or encrypt thedata 60 on thestorage element data 60 is erased the data protection security action may further comprise overwriting (with meaningless data/bits, such as ones or zeroes) the portion of thestorage element data 60 was formerly stored. - While the present application is primarily described as a method, a person of ordinary skill in the art will understand that the present application is also directed to a communications device (such as the mobile communications device described above), for carrying out the disclosed method and including components for performing each described method step, be it by way of hardware components, a computer programmed by appropriate software to enable the practice of the disclosed method, by any combination of the two, or in any other manner. Moreover, an article of manufacture for use with the apparatus, such as a pre-recorded storage device or other similar computer readable medium including program instructions recorded thereon, or a computer data signal carrying computer readable program instructions may direct an apparatus to facilitate the practice of the disclosed method. It is understood that such apparatus (i.e., a communications device such as the mobile communications device described above), articles of manufacture, and computer data signals also come within the scope of the present application. In addition, a communications system comprising a mobile data server and a plurality of mobile communication devices connected via a wireless communication network, in which the mobile data server is configured to implement at least some of the security processes herein described, and in which one or more of the mobile communication devices are configured to implement at least some of the security processes herein described, also comes within the scope of the present application.
- The embodiments of the present application described above are intended to be examples only. Those of skill in the art may effect alterations, modifications and variations to the particular embodiments without departing from the intended scope of the present application. In particular, features from one or more of the above-described embodiments may be selected to create alternate embodiments comprised of a subcombination of features which may not be explicitly described above. In addition, features from one or more of the above-described embodiments may be selected and combined to create alternate embodiments comprised of a combination of features which may not be explicitly described above. Features suitable for such combinations and subcombinations would be readily apparent to persons skilled in the art upon review of the present application as a whole. The subject matter described herein and in the recited claims intends to cover and embrace all suitable changes in technology.
Claims (18)
1. A mobile communications device, comprising: a processor; a communications subsystem connected to the processor operable to exchange signals with a wireless network and with the processor; a storage element connected to the processor and having a plurality of application modules and data stored thereon, the data comprising at least user application data associated with the application modules and service data including data for establishing communications with the wireless network; and a security module operable to detect a locked state of the mobile communications device and initiate a lockout data protection timer for a predetermined duration upon detection of the locked state; and wherein the security module is operable to, after the lockout data protection timer has been initiated, detect if a password shared by the user and the mobile communications device is entered through a user input device within the predetermined duration of the lockout data protection timer; wherein the security module is operable to terminate the lockout data protection timer if entry of the password is detected within the predetermined duration; and wherein the security module is operable to perform a security action comprising erasing or encrypting at least some of the data on the storage element if entry of the password is not detected within the predetermined duration.
2. The mobile communications device ofclaim 1 , wherein the security module is operable to initiate the locked state of the mobile communications device upon detection of a trigger condition.
3. The mobile communications device ofclaim 1 , wherein the security module is operable to terminate the locked state of the mobile communications device if entry of the password is detected within the predetermined duration.
4. The mobile communications device ofclaim 1 , wherein the trigger condition is one of: user input instructing the mobile communications device to initiate the locked state; the occurrence of a periodic interval; user inactivity for a predetermined duration of inactivity; loss of communication with the wireless network; holstering of the mobile communications device if the device is a holsterable device; and closing of the mobile communications device if the device is a flip-style device.
5. The mobile communications device ofclaim 1 , wherein the predetermined duration of the lockout data protection timer is an absolute time duration relative to a time when the locked state is initiated.
6. The mobile communications device ofclaim 1 , wherein the security module is operable to enable or disable, upon receipt of a policy message comprising a respective enable or disable instruction, the operability to detect the locked state of the mobile communications device and to detect entry of the password shared by the user and the mobile communications device to terminate the lockout data protection timer.
7. The mobile communications device ofclaim 6 , wherein the predetermined duration of the lockout data protection timer is provided in the policy message enabling the detection of the locked state.
8. The mobile communications device ofclaim 6 , wherein the security module is operable to automatically initiate the lockout data protection timer if the locked state has already been initiated, upon receiving the policy message enabling the detection of the locked state, the lockout data protection timer being set to a predetermined duration provided in the policy message enabling the detection of the locked state.
9. The mobile communications device ofclaim 6 , wherein the security module is operable to automatically terminate the lockout data protection timer if the locked state has already been initiated, upon receiving a policy message disabling the detection of the locked state.
10. The mobile communications device ofclaim 1 , wherein, in the locked state substantially all of the functionality of the mobile communications device is restricted, user input accepted during the locked state being substantially limited to entry of the password shared by the user and the mobile communications device through the user input device.
11. The mobile communications device ofclaim 1 , wherein the security module is operable to detect a lack of communication through the communications subsystem; and wherein the security module is operable to initiate the locked state of the mobile communications device if the duration of the lack of communication through the communications subsystem exceeds a predetermined duration.
12. A method for providing security on a mobile communications device, the mobile communications device being configured to communicate with a wireless communications network and including a storage element having data stored thereon, the method comprising the acts of: monitoring to detect for the locked state of the mobile communications device and initiating a lockout data protection timer for a predetermined duration upon detection of the locked state; and monitoring, after the lockout data protection timer has been initiated, to detect if a password shared by the user and the mobile communications device is entered through the user input device within the predetermined duration of the lockout data protection timer; if entry of the password is detected within the predetermined duration, terminating the lockout data protection timer; and if entry of the password is not detected within the predetermined duration, performing a security action comprising erasing or encrypting at least some of the data on the storage element.
13. The method ofclaim 12 , further comprising: monitoring for a trigger condition for initiating the locked state of the mobile communications device and initiating the locked state of the mobile communications device upon detection of the trigger condition.
14. The method ofclaim 12 , further comprising: if entry of the password is detected within the predetermined duration, terminating the locked state of the mobile communications device.
15. The method ofclaim 13 , wherein the trigger condition is one of: user input instructing the mobile communications device to initiate the locked state; the occurrence of a periodic interval; user inactivity for a predetermined duration of inactivity; loss of communication with the wireless network; holstering of the mobile communications device if the device is a holsterable device; and closing of the mobile communications device if the device is a flip-style device.
16. The method ofclaim 12 , wherein the predetermined duration of the lockout data protection timer is an absolute time duration relative to a time when the locked state is initiated.
17. The method ofclaim 12 , wherein the monitoring to detect for the locked state of the mobile communications device and monitoring to detect for entry of the password shared by the user and the mobile communications device is entered is enabled and disabled by respective policy messages received on the mobile communications device.
18. A computer program product comprising a tangible machine-readable medium embodying instructions executable on a mobile communications device for providing security on the mobile communications device, the machine-readable instructions comprising: code for monitoring to detect for the locked state of the mobile communications device and initiating a lockout data protection timer for a predetermined duration upon detection of the locked state; code for monitoring, after the lockout data protection timer has been initiated, to detect if a password shared by the user and the mobile communications device is entered through the user input device within the predetermined duration of the lockout data protection timer; code for terminating the lockout data protection timer if entry of the password is detected within the predetermined duration; and code for performing a security action comprising erasing or encrypting at least some of the data on the storage element if entry of the password is not detected within the predetermined duration.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US12/862,228US20100317324A1 (en) | 2006-05-18 | 2010-08-24 | Automatic security action invocation for mobile communications device |
Applications Claiming Priority (3)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US74758806P | 2006-05-18 | 2006-05-18 | |
| US11/750,594US7809353B2 (en) | 2006-05-18 | 2007-05-18 | Automatic security action invocation for mobile communications device |
| US12/862,228US20100317324A1 (en) | 2006-05-18 | 2010-08-24 | Automatic security action invocation for mobile communications device |
Related Parent Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| US11/750,594ContinuationUS7809353B2 (en) | 2006-05-18 | 2007-05-18 | Automatic security action invocation for mobile communications device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| US20100317324A1true US20100317324A1 (en) | 2010-12-16 |
Family
ID=38722907
Family Applications (6)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| US11/750,594Active2029-03-10US7809353B2 (en) | 2006-05-18 | 2007-05-18 | Automatic security action invocation for mobile communications device |
| US11/750,789Active2030-10-24US8140863B2 (en) | 2006-05-18 | 2007-05-18 | Automatic security action invocation for mobile communications device |
| US11/750,568Active2031-11-10US9077485B2 (en) | 2006-05-18 | 2007-05-18 | Automatic security action invocation for mobile communications device |
| US12/862,228AbandonedUS20100317324A1 (en) | 2006-05-18 | 2010-08-24 | Automatic security action invocation for mobile communications device |
| US13/406,765ActiveUS8667306B2 (en) | 2006-05-18 | 2012-02-28 | Automatic security action invocation for mobile communications device |
| US14/791,901ActiveUS9603010B2 (en) | 2006-05-18 | 2015-07-06 | Automatic security action invocation for mobile communications device |
Family Applications Before (3)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| US11/750,594Active2029-03-10US7809353B2 (en) | 2006-05-18 | 2007-05-18 | Automatic security action invocation for mobile communications device |
| US11/750,789Active2030-10-24US8140863B2 (en) | 2006-05-18 | 2007-05-18 | Automatic security action invocation for mobile communications device |
| US11/750,568Active2031-11-10US9077485B2 (en) | 2006-05-18 | 2007-05-18 | Automatic security action invocation for mobile communications device |
Family Applications After (2)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| US13/406,765ActiveUS8667306B2 (en) | 2006-05-18 | 2012-02-28 | Automatic security action invocation for mobile communications device |
| US14/791,901ActiveUS9603010B2 (en) | 2006-05-18 | 2015-07-06 | Automatic security action invocation for mobile communications device |
Country Status (4)
| Country | Link |
|---|---|
| US (6) | US7809353B2 (en) |
| EP (2) | EP2455881B1 (en) |
| CA (1) | CA2652438C (en) |
| WO (1) | WO2007134448A1 (en) |
Cited By (38)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080178300A1 (en)* | 2007-01-19 | 2008-07-24 | Research In Motion Limited | Selectively wiping a remote device |
| US20120269346A1 (en)* | 2011-04-19 | 2012-10-25 | Apriva, Llc | Device and system for facilitating communication and networking within a secure mobile environment |
| US20120306655A1 (en)* | 2011-06-06 | 2012-12-06 | Apple Inc. | Adaptive low-battery warnings for battery-powered electronic devices |
| US20130104250A1 (en)* | 2011-10-19 | 2013-04-25 | Chih-Fu Chuang | Electronic device for protecting data |
| WO2013040496A3 (en)* | 2011-09-15 | 2013-05-10 | Mcafee, Inc. | System and method for real-time customized threat protection |
| WO2013130338A1 (en)* | 2012-03-02 | 2013-09-06 | Lookout, Inc. | System and method for remotely-initiated audio communication |
| US8533844B2 (en) | 2008-10-21 | 2013-09-10 | Lookout, Inc. | System and method for security data collection and analysis |
| US8538815B2 (en) | 2009-02-17 | 2013-09-17 | Lookout, Inc. | System and method for mobile device replacement |
| US8561144B2 (en) | 2008-10-21 | 2013-10-15 | Lookout, Inc. | Enforcing security based on a security state assessment of a mobile device |
| US8655307B1 (en) | 2012-10-26 | 2014-02-18 | Lookout, Inc. | System and method for developing, updating, and using user device behavioral context models to modify user, device, and application state, settings and behavior for enhanced user security |
| US8683593B2 (en) | 2008-10-21 | 2014-03-25 | Lookout, Inc. | Server-assisted analysis of data for a mobile device |
| US8682400B2 (en) | 2009-02-17 | 2014-03-25 | Lookout, Inc. | Systems and methods for device broadcast of location information when battery is low |
| US8745739B2 (en) | 2008-10-21 | 2014-06-03 | Lookout, Inc. | System and method for server-coupled application re-analysis to obtain characterization assessment |
| US8826441B2 (en) | 2008-10-21 | 2014-09-02 | Lookout, Inc. | Event-based security state assessment and display for mobile devices |
| US8855599B2 (en) | 2012-12-31 | 2014-10-07 | Lookout, Inc. | Method and apparatus for auxiliary communications with mobile communications device |
| US8855601B2 (en) | 2009-02-17 | 2014-10-07 | Lookout, Inc. | System and method for remotely-initiated audio communication |
| US8903362B2 (en)* | 2012-12-04 | 2014-12-02 | At&T Intellectual Property I, L.P. | Rule-based device timeout and security access |
| US8984628B2 (en) | 2008-10-21 | 2015-03-17 | Lookout, Inc. | System and method for adverse mobile application identification |
| US9043919B2 (en) | 2008-10-21 | 2015-05-26 | Lookout, Inc. | Crawling multiple markets and correlating |
| US9042876B2 (en) | 2009-02-17 | 2015-05-26 | Lookout, Inc. | System and method for uploading location information based on device movement |
| US9065846B2 (en) | 2008-10-21 | 2015-06-23 | Lookout, Inc. | Analyzing data gathered through different protocols |
| US9208215B2 (en) | 2012-12-27 | 2015-12-08 | Lookout, Inc. | User classification based on data gathered from a computing device |
| US20150358455A1 (en)* | 2014-06-04 | 2015-12-10 | T-Mobile Usa, Inc. | Telecommunication Device Utilization Based on Heartbeat Communication |
| US9215074B2 (en) | 2012-06-05 | 2015-12-15 | Lookout, Inc. | Expressing intent to control behavior of application components |
| EP2863331A4 (en)* | 2012-06-18 | 2015-12-23 | Nec Corp | Portable terminal, program, and control method |
| US9235704B2 (en) | 2008-10-21 | 2016-01-12 | Lookout, Inc. | System and method for a scanning API |
| US9367680B2 (en) | 2008-10-21 | 2016-06-14 | Lookout, Inc. | System and method for mobile communication device application advisement |
| US9374369B2 (en) | 2012-12-28 | 2016-06-21 | Lookout, Inc. | Multi-factor authentication and comprehensive login system for client-server networks |
| US9424409B2 (en) | 2013-01-10 | 2016-08-23 | Lookout, Inc. | Method and system for protecting privacy and enhancing security on an electronic device |
| US9589129B2 (en) | 2012-06-05 | 2017-03-07 | Lookout, Inc. | Determining source of side-loaded software |
| US9603010B2 (en) | 2006-05-18 | 2017-03-21 | Blackberry Limited | Automatic security action invocation for mobile communications device |
| US9642008B2 (en) | 2013-10-25 | 2017-05-02 | Lookout, Inc. | System and method for creating and assigning a policy for a mobile communications device based on personal data |
| US9753796B2 (en) | 2013-12-06 | 2017-09-05 | Lookout, Inc. | Distributed monitoring, evaluation, and response for multiple devices |
| US9779253B2 (en) | 2008-10-21 | 2017-10-03 | Lookout, Inc. | Methods and systems for sharing risk responses to improve the functioning of mobile communications devices |
| US9955352B2 (en) | 2009-02-17 | 2018-04-24 | Lookout, Inc. | Methods and systems for addressing mobile communications devices that are lost or stolen but not yet reported as such |
| US10122747B2 (en) | 2013-12-06 | 2018-11-06 | Lookout, Inc. | Response generation after distributed monitoring and evaluation of multiple devices |
| US10218697B2 (en) | 2017-06-09 | 2019-02-26 | Lookout, Inc. | Use of device risk evaluation to manage access to services |
| US10540494B2 (en) | 2015-05-01 | 2020-01-21 | Lookout, Inc. | Determining source of side-loaded software using an administrator server |
Families Citing this family (148)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7720461B2 (en)* | 2004-02-26 | 2010-05-18 | Research In Motion Limited | Mobile communications device with security features |
| US7400878B2 (en) | 2004-02-26 | 2008-07-15 | Research In Motion Limited | Computing device with environment aware features |
| US8321953B2 (en)* | 2005-07-14 | 2012-11-27 | Imation Corp. | Secure storage device with offline code entry |
| US8335920B2 (en)* | 2005-07-14 | 2012-12-18 | Imation Corp. | Recovery of data access for a locked secure storage device |
| US8015606B1 (en) | 2005-07-14 | 2011-09-06 | Ironkey, Inc. | Storage device with website trust indication |
| US8438647B2 (en)* | 2005-07-14 | 2013-05-07 | Imation Corp. | Recovery of encrypted data from a secure storage device |
| KR100974679B1 (en)* | 2005-07-25 | 2010-08-06 | 도요 잉키 세이조 가부시끼가이샤 | Active energy ray curable ink for inkjet |
| US20070067620A1 (en)* | 2005-09-06 | 2007-03-22 | Ironkey, Inc. | Systems and methods for third-party authentication |
| US8539590B2 (en)* | 2005-12-20 | 2013-09-17 | Apple Inc. | Protecting electronic devices from extended unauthorized use |
| US8639873B1 (en) | 2005-12-22 | 2014-01-28 | Imation Corp. | Detachable storage device with RAM cache |
| US8266378B1 (en) | 2005-12-22 | 2012-09-11 | Imation Corp. | Storage device with accessible partitions |
| US8352323B2 (en)* | 2007-11-30 | 2013-01-08 | Blaze Mobile, Inc. | Conducting an online payment transaction using an NFC enabled mobile communication device |
| JP4127842B2 (en)* | 2006-06-05 | 2008-07-30 | 株式会社東芝 | Information processing device |
| US20070300031A1 (en)* | 2006-06-22 | 2007-12-27 | Ironkey, Inc. | Memory data shredder |
| US8295371B2 (en)* | 2006-07-14 | 2012-10-23 | Qualcomm Incorporated | Multi-carrier receiver for wireless communication |
| US10547687B2 (en)* | 2007-01-17 | 2020-01-28 | Eagency, Inc. | Mobile communication device monitoring systems and methods |
| US9191822B2 (en)* | 2007-03-09 | 2015-11-17 | Sony Corporation | Device-initiated security policy |
| ITMI20070997A1 (en)* | 2007-05-17 | 2008-11-18 | Incard Sa | IC CARD WITH LOW PRECISION CLOCK |
| US8218734B2 (en)* | 2007-06-12 | 2012-07-10 | Microsoft Corporation | Messaging with a locked communication device |
| US8977294B2 (en) | 2007-10-10 | 2015-03-10 | Apple Inc. | Securely locating a device |
| US8214120B2 (en)* | 2007-11-04 | 2012-07-03 | GM Global Technology Operations LLC | Method to manage a high voltage system in a hybrid powertrain system |
| US20090150970A1 (en)* | 2007-12-05 | 2009-06-11 | Sybase, Inc. | Data Fading to Secure Data on Mobile Client Devices |
| WO2009137371A2 (en)* | 2008-05-02 | 2009-11-12 | Ironkey, Inc. | Enterprise device recovery |
| US8635335B2 (en) | 2009-01-28 | 2014-01-21 | Headwater Partners I Llc | System and method for wireless network offloading |
| US8340634B2 (en) | 2009-01-28 | 2012-12-25 | Headwater Partners I, Llc | Enhanced roaming services and converged carrier networks with device assisted services and a proxy |
| US8589541B2 (en) | 2009-01-28 | 2013-11-19 | Headwater Partners I Llc | Device-assisted services for protecting network capacity |
| US8250207B2 (en) | 2009-01-28 | 2012-08-21 | Headwater Partners I, Llc | Network based ambient services |
| US8346225B2 (en)* | 2009-01-28 | 2013-01-01 | Headwater Partners I, Llc | Quality of service for device assisted services |
| US8924469B2 (en) | 2008-06-05 | 2014-12-30 | Headwater Partners I Llc | Enterprise access control and accounting allocation for access networks |
| US8626115B2 (en) | 2009-01-28 | 2014-01-07 | Headwater Partners I Llc | Wireless network service interfaces |
| US8725123B2 (en) | 2008-06-05 | 2014-05-13 | Headwater Partners I Llc | Communications device with secure data path processing agents |
| US8548428B2 (en) | 2009-01-28 | 2013-10-01 | Headwater Partners I Llc | Device group partitions and settlement platform |
| US8898293B2 (en) | 2009-01-28 | 2014-11-25 | Headwater Partners I Llc | Service offer set publishing to device agent with on-device service selection |
| US8402111B2 (en) | 2009-01-28 | 2013-03-19 | Headwater Partners I, Llc | Device assisted services install |
| US8406748B2 (en) | 2009-01-28 | 2013-03-26 | Headwater Partners I Llc | Adaptive ambient services |
| US8275830B2 (en) | 2009-01-28 | 2012-09-25 | Headwater Partners I Llc | Device assisted CDR creation, aggregation, mediation and billing |
| US8391834B2 (en)* | 2009-01-28 | 2013-03-05 | Headwater Partners I Llc | Security techniques for device assisted services |
| US8924543B2 (en) | 2009-01-28 | 2014-12-30 | Headwater Partners I Llc | Service design center for device assisted services |
| US8832777B2 (en) | 2009-03-02 | 2014-09-09 | Headwater Partners I Llc | Adapting network policies based on device service processor configuration |
| US8640226B2 (en) | 2008-06-27 | 2014-01-28 | Novell, Inc. | Mechanisms to secure data on hard reset of device |
| US8566961B2 (en) | 2008-08-08 | 2013-10-22 | Absolute Software Corporation | Approaches for a location aware client |
| AU2009279431B2 (en)* | 2008-08-08 | 2014-04-10 | Absolute Software Corporation | Secure computing environment using a client heartbeat to address theft and unauthorized access |
| US8556991B2 (en)* | 2008-08-08 | 2013-10-15 | Absolute Software Corporation | Approaches for ensuring data security |
| US8789136B2 (en) | 2008-09-02 | 2014-07-22 | Avaya Inc. | Securing a device based on atypical user behavior |
| US8099472B2 (en) | 2008-10-21 | 2012-01-17 | Lookout, Inc. | System and method for a mobile cross-platform software system |
| US10715342B2 (en) | 2009-01-28 | 2020-07-14 | Headwater Research Llc | Managing service user discovery and service launch object placement on a device |
| US9351193B2 (en) | 2009-01-28 | 2016-05-24 | Headwater Partners I Llc | Intermediate networking devices |
| US9706061B2 (en) | 2009-01-28 | 2017-07-11 | Headwater Partners I Llc | Service design center for device assisted services |
| US9955332B2 (en) | 2009-01-28 | 2018-04-24 | Headwater Research Llc | Method for child wireless device activation to subscriber account of a master wireless device |
| US10783581B2 (en) | 2009-01-28 | 2020-09-22 | Headwater Research Llc | Wireless end-user device providing ambient or sponsored services |
| US10326800B2 (en) | 2009-01-28 | 2019-06-18 | Headwater Research Llc | Wireless network service interfaces |
| US12166596B2 (en) | 2009-01-28 | 2024-12-10 | Disney Enterprises, Inc. | Device-assisted services for protecting network capacity |
| US10057775B2 (en) | 2009-01-28 | 2018-08-21 | Headwater Research Llc | Virtualized policy and charging system |
| US11218854B2 (en) | 2009-01-28 | 2022-01-04 | Headwater Research Llc | Service plan design, user interfaces, application programming interfaces, and device management |
| US9253663B2 (en) | 2009-01-28 | 2016-02-02 | Headwater Partners I Llc | Controlling mobile device communications on a roaming network based on device state |
| US9578182B2 (en) | 2009-01-28 | 2017-02-21 | Headwater Partners I Llc | Mobile device and service management |
| US8793758B2 (en) | 2009-01-28 | 2014-07-29 | Headwater Partners I Llc | Security, fraud detection, and fraud mitigation in device-assisted services systems |
| US10798252B2 (en) | 2009-01-28 | 2020-10-06 | Headwater Research Llc | System and method for providing user notifications |
| US11973804B2 (en) | 2009-01-28 | 2024-04-30 | Headwater Research Llc | Network service plan design |
| US10248996B2 (en) | 2009-01-28 | 2019-04-02 | Headwater Research Llc | Method for operating a wireless end-user device mobile payment agent |
| US9392462B2 (en) | 2009-01-28 | 2016-07-12 | Headwater Partners I Llc | Mobile end-user device with agent limiting wireless data communication for specified background applications based on a stored policy |
| US10492102B2 (en) | 2009-01-28 | 2019-11-26 | Headwater Research Llc | Intermediate networking devices |
| US8606911B2 (en) | 2009-03-02 | 2013-12-10 | Headwater Partners I Llc | Flow tagging for service policy implementation |
| US9755842B2 (en) | 2009-01-28 | 2017-09-05 | Headwater Research Llc | Managing service user discovery and service launch object placement on a device |
| US10779177B2 (en) | 2009-01-28 | 2020-09-15 | Headwater Research Llc | Device group partitions and settlement platform |
| US9565707B2 (en) | 2009-01-28 | 2017-02-07 | Headwater Partners I Llc | Wireless end-user device with wireless data attribution to multiple personas |
| US8351898B2 (en) | 2009-01-28 | 2013-01-08 | Headwater Partners I Llc | Verifiable device assisted service usage billing with integrated accounting, mediation accounting, and multi-account |
| US10841839B2 (en) | 2009-01-28 | 2020-11-17 | Headwater Research Llc | Security, fraud detection, and fraud mitigation in device-assisted services systems |
| US12432130B2 (en) | 2009-01-28 | 2025-09-30 | Headwater Research Llc | Flow tagging for service policy implementation |
| US9980146B2 (en) | 2009-01-28 | 2018-05-22 | Headwater Research Llc | Communications device with secure data path processing agents |
| US8893009B2 (en) | 2009-01-28 | 2014-11-18 | Headwater Partners I Llc | End user device that secures an association of application to service policy with an application certificate check |
| US10200541B2 (en) | 2009-01-28 | 2019-02-05 | Headwater Research Llc | Wireless end-user device with divided user space/kernel space traffic policy system |
| WO2010087501A1 (en)* | 2009-01-28 | 2010-08-05 | 日本電気株式会社 | Thin client-server system, thin client terminal, data management method, and computer readable recording medium |
| US9647918B2 (en) | 2009-01-28 | 2017-05-09 | Headwater Research Llc | Mobile device and method attributing media services network usage to requesting application |
| US10264138B2 (en) | 2009-01-28 | 2019-04-16 | Headwater Research Llc | Mobile device and service management |
| US9270559B2 (en) | 2009-01-28 | 2016-02-23 | Headwater Partners I Llc | Service policy implementation for an end-user device having a control application or a proxy agent for routing an application traffic flow |
| US10484858B2 (en) | 2009-01-28 | 2019-11-19 | Headwater Research Llc | Enhanced roaming services and converged carrier networks with device assisted services and a proxy |
| US10064055B2 (en) | 2009-01-28 | 2018-08-28 | Headwater Research Llc | Security, fraud detection, and fraud mitigation in device-assisted services systems |
| US9557889B2 (en) | 2009-01-28 | 2017-01-31 | Headwater Partners I Llc | Service plan design, user interfaces, application programming interfaces, and device management |
| US9954975B2 (en) | 2009-01-28 | 2018-04-24 | Headwater Research Llc | Enhanced curfew and protection associated with a device group |
| US12389218B2 (en) | 2009-01-28 | 2025-08-12 | Headwater Research Llc | Service selection set publishing to device agent with on-device service selection |
| US9858559B2 (en) | 2009-01-28 | 2018-01-02 | Headwater Research Llc | Network service plan design |
| US9572019B2 (en) | 2009-01-28 | 2017-02-14 | Headwater Partners LLC | Service selection set published to device agent with on-device service selection |
| US9609510B2 (en) | 2009-01-28 | 2017-03-28 | Headwater Research Llc | Automated credential porting for mobile devices |
| US11985155B2 (en) | 2009-01-28 | 2024-05-14 | Headwater Research Llc | Communications device with secure data path processing agents |
| US10237757B2 (en) | 2009-01-28 | 2019-03-19 | Headwater Research Llc | System and method for wireless network offloading |
| US12388810B2 (en) | 2009-01-28 | 2025-08-12 | Headwater Research Llc | End user device that secures an association of application to service policy with an application certificate check |
| US8745191B2 (en) | 2009-01-28 | 2014-06-03 | Headwater Partners I Llc | System and method for providing user notifications |
| JP5310056B2 (en)* | 2009-02-12 | 2013-10-09 | ブラザー工業株式会社 | Information management system, information processing apparatus, and information processing apparatus program |
| US8750863B2 (en)* | 2009-02-13 | 2014-06-10 | T-Mobile Usa, Inc. | Selection of roaming gateway |
| US9036541B2 (en)* | 2009-02-17 | 2015-05-19 | T-Mobile Usa, Inc. | Location-based IMS server selection |
| US20100228906A1 (en)* | 2009-03-06 | 2010-09-09 | Arunprasad Ramiya Mothilal | Managing Data in a Non-Volatile Memory System |
| US20100234005A1 (en)* | 2009-03-10 | 2010-09-16 | Scott Bloomquist | System for Selectively Limiting the Function of a Communication Device |
| US8788635B2 (en)* | 2009-03-20 | 2014-07-22 | Microsoft Corporation | Mitigations for potentially compromised electronic devices |
| US20100299152A1 (en)* | 2009-05-20 | 2010-11-25 | Mobile Iron, Inc. | Selective Management of Mobile Devices in an Enterprise Environment |
| US8683088B2 (en) | 2009-08-06 | 2014-03-25 | Imation Corp. | Peripheral device data integrity |
| US8745365B2 (en)* | 2009-08-06 | 2014-06-03 | Imation Corp. | Method and system for secure booting a computer by booting a first operating system from a secure peripheral device and launching a second operating system stored a secure area in the secure peripheral device on the first operating system |
| US8693977B2 (en)* | 2009-08-13 | 2014-04-08 | Novell, Inc. | Techniques for personal security via mobile devices |
| US8397301B2 (en) | 2009-11-18 | 2013-03-12 | Lookout, Inc. | System and method for identifying and assessing vulnerabilities on a mobile communication device |
| US8359660B2 (en)* | 2009-11-30 | 2013-01-22 | Lps2 | Method and apparatus of securing data in a portable flash memory |
| US9258715B2 (en) | 2009-12-14 | 2016-02-09 | Apple Inc. | Proactive security for mobile devices |
| US8923309B2 (en) | 2010-04-29 | 2014-12-30 | T-Mobile Usa, Inc. | Managing access gateways |
| US8538405B2 (en) | 2010-04-29 | 2013-09-17 | T-Mobile Usa, Inc. | Communication protocol preferences |
| US20120198046A1 (en)* | 2010-04-29 | 2012-08-02 | Mehul Jayant Shah | Mobile device bandwidth throttling |
| TWI424329B (en)* | 2010-05-26 | 2014-01-21 | Prime View Int Co Ltd | Electronic reading apparatus and the data protection method thereof |
| EP2619703B1 (en)* | 2010-09-24 | 2019-02-27 | BlackBerry Limited | Method and apparatus for differentiated access control |
| US9378394B2 (en) | 2010-09-24 | 2016-06-28 | Blackberry Limited | Method and apparatus for differentiated access control |
| US8869307B2 (en)* | 2010-11-19 | 2014-10-21 | Mobile Iron, Inc. | Mobile posture-based policy, remediation and access control for enterprise resources |
| US9087213B2 (en)* | 2011-02-22 | 2015-07-21 | Fedex Corporate Services, Inc. | Systems and methods for rule-driven management of sensor data across geographic areas and derived actions |
| US9154826B2 (en) | 2011-04-06 | 2015-10-06 | Headwater Partners Ii Llc | Distributing content and service launch objects to mobile devices |
| US8971924B2 (en) | 2011-05-23 | 2015-03-03 | Apple Inc. | Identifying and locating users on a mobile network |
| US10715380B2 (en) | 2011-05-23 | 2020-07-14 | Apple Inc. | Setting a reminder that is triggered by a target user device |
| US8738765B2 (en) | 2011-06-14 | 2014-05-27 | Lookout, Inc. | Mobile device DNS optimization |
| US9392092B2 (en) | 2011-07-14 | 2016-07-12 | Qualcomm Incorporated | Method and apparatus for detecting and dealing with a lost electronics device |
| US8788881B2 (en) | 2011-08-17 | 2014-07-22 | Lookout, Inc. | System and method for mobile device push communications |
| US9143910B2 (en)* | 2011-09-30 | 2015-09-22 | Blackberry Limited | Method and system for remote wipe through voice mail |
| US20130090110A1 (en)* | 2011-10-11 | 2013-04-11 | Thomas Cloonan | Managing battery power usage of a lost mobile device to extend search time for the lost mobile device |
| US10291658B2 (en) | 2011-11-09 | 2019-05-14 | Microsoft Technology Licensing, Llc | Techniques to apply and share remote policies on mobile devices |
| US8893261B2 (en)* | 2011-11-22 | 2014-11-18 | Vmware, Inc. | Method and system for VPN isolation using network namespaces |
| US20130171966A1 (en)* | 2012-01-03 | 2013-07-04 | Sony Ericsson Mobile Communications Ab | Method and Apparatus for Facilitating Communication Between a Finder of a Misplaced Wireless Terminal and an Authorized User |
| US9104896B2 (en) | 2012-06-04 | 2015-08-11 | Apple Inc. | System and method for remotely initiating lost mode on a computing device |
| US8886166B2 (en) | 2012-06-04 | 2014-11-11 | Avago Technologies General Ip (Singapore) Pte. Ltd. | System to identify whether a text message is from a trusted source |
| US8972762B2 (en) | 2012-07-11 | 2015-03-03 | Blackberry Limited | Computing devices and methods for resetting inactivity timers on computing devices |
| US9462061B2 (en)* | 2012-09-14 | 2016-10-04 | Tencent Technology (Shenzhen) Company Limited | Method, device, server, and system for managing devices |
| US20140101582A1 (en)* | 2012-10-05 | 2014-04-10 | Htc Corporation | Mobile communications device, non-transitory computer-readable medium and method of configuring home screen of mobile communications device |
| US9131381B1 (en)* | 2012-10-26 | 2015-09-08 | Facebook, Inc. | Mobile device auto wipe |
| US9112844B2 (en)* | 2012-12-06 | 2015-08-18 | Audible, Inc. | Device credentialing for network access |
| US9351163B2 (en)* | 2012-12-26 | 2016-05-24 | Mcafee, Inc. | Automatic sanitization of data on a mobile device in a network environment |
| WO2014142880A1 (en)* | 2013-03-14 | 2014-09-18 | Intel Corporation | Dynamically implementing an image protection policy |
| WO2014182313A1 (en)* | 2013-05-10 | 2014-11-13 | Empire Technology Development Llc | Estimation of missed information |
| WO2015020658A1 (en) | 2013-08-08 | 2015-02-12 | Empire Technology Development Llc | Automatic log-in function control |
| US9730163B2 (en)* | 2013-08-27 | 2017-08-08 | Life360, Inc. | Apparatus and method for conservation of battery power of mobile devices within a location-based group |
| US9104865B2 (en) | 2013-08-29 | 2015-08-11 | International Business Machines Corporation | Threat condition management |
| US9497194B2 (en)* | 2013-09-06 | 2016-11-15 | Oracle International Corporation | Protection of resources downloaded to portable devices from enterprise systems |
| US9465957B2 (en)* | 2013-11-07 | 2016-10-11 | Lenovo Enterprise Solutions (Singapore) Pte. Ltd. | Preventing predetermined type of configuration changes to computing devices in a computing system servicing a critical job |
| JP2015141603A (en)* | 2014-01-29 | 2015-08-03 | キヤノン株式会社 | Image processor and control method thereof, and program |
| US9672368B2 (en)* | 2014-04-30 | 2017-06-06 | Visteon Global Technologies, Inc. | Providing selective control of information shared from a first device to a second device |
| FR3028124A1 (en)* | 2014-11-05 | 2016-05-06 | Orange | METHOD FOR CONTROLLING TRAFFIC POLICIES FROM A SECURITY MODULE IN A MOBILE TERMINAL |
| FR3028335B1 (en)* | 2014-11-12 | 2018-01-19 | Charles Shahrokh Ghavamian | DATA STORAGE DEVICE WITH SECURE ACCESS MANAGEMENT AND ACCESS MANAGEMENT METHOD THEREFOR |
| DE102015103740A1 (en)* | 2015-03-13 | 2016-09-15 | Phoenix Contact Gmbh & Co. Kg | Method and device for processing and transmitting data within a functionally safe electrical, electronic or programmable electronic system |
| US9762548B2 (en)* | 2015-03-13 | 2017-09-12 | Western Digital Technologies, Inc. | Controlling encrypted data stored on a remote storage device |
| WO2017095380A1 (en)* | 2015-11-30 | 2017-06-08 | Hewlett-Packard Development Company, L.P | Security mitigation action selection based on device usage |
| JP6919212B2 (en)* | 2017-02-08 | 2021-08-18 | 日本電気株式会社 | Controls, control methods, and systems |
| US10740494B2 (en)* | 2017-09-06 | 2020-08-11 | Google Llc | Central and delegate security processors for a computing device |
| US12052286B2 (en)* | 2019-02-05 | 2024-07-30 | Sennco Solutions, Inc. | Integrated security monitoring via watchdog trigger locking |
| US11509642B2 (en)* | 2019-08-21 | 2022-11-22 | Truist Bank | Location-based mobile device authentication |
| US11568095B2 (en)* | 2020-05-11 | 2023-01-31 | Micron Technology, Inc. | Device deactivation based on behavior patterns |
| US12301630B2 (en)* | 2022-04-20 | 2025-05-13 | Bank Of America Corporation | System for securing electronic devices and electronic data using automated dynamic control modifications |
Citations (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5131040A (en)* | 1991-02-28 | 1992-07-14 | Motorola, Inc. | Method for backing up and erasing encryption keys |
| US6370402B1 (en)* | 1999-02-19 | 2002-04-09 | Nec Corporation | Portable radio terminal |
| US6504460B2 (en)* | 2001-04-17 | 2003-01-07 | Eaton Corporation | Actuator mechanism for an external circuit breaker operating device |
| US20040097271A1 (en)* | 2002-11-15 | 2004-05-20 | Naveen Aerrabotu | Service lock release for a wireless communication device |
| US20040123153A1 (en)* | 2002-12-18 | 2004-06-24 | Michael Wright | Administration of protection of data accessible by a mobile device |
| US20050021468A1 (en)* | 2003-07-21 | 2005-01-27 | Stockton Marcia L. | Methods, systems and computer program products for managing a computer mass storage system that hosts multiple users |
| US20050020315A1 (en)* | 2003-07-22 | 2005-01-27 | Robertson Ian M. | Security for mobile communications device |
| US20050039004A1 (en)* | 2003-08-12 | 2005-02-17 | Adams Neil P. | System and method of indicating the strength of encryption |
| US20050044404A1 (en)* | 2003-08-23 | 2005-02-24 | Bhansali Apurva Mahendrakumar | Electronic device security and tracking system and method |
| US20050044433A1 (en)* | 2003-08-19 | 2005-02-24 | Dunstan Robert A. | Storing encrypted and/or compressed system context information when entering a low-power state |
| US20050046580A1 (en)* | 2003-08-28 | 2005-03-03 | Miranda-Knapp Carlos A. | Method and apparatus for detecting loss and location of a portable communications device |
| US20050070339A1 (en)* | 2003-09-30 | 2005-03-31 | Samsung Electronics Co., Ltd. | Apparatus and method for performing power saving control of mobile terminal |
| US20050097596A1 (en)* | 2003-10-31 | 2005-05-05 | Pedlow Leo M.Jr. | Re-encrypted delivery of video-on-demand content |
| US20050114389A1 (en)* | 2003-11-25 | 2005-05-26 | Nec Corporation | Application data management method for mobile terminal and mobile terminal used therein |
| US20050136979A1 (en)* | 2003-12-18 | 2005-06-23 | Josef Dietl | Storing and synchronizing data on a removable storage medium |
| US20070100978A1 (en)* | 2005-11-03 | 2007-05-03 | Emblaze Ltd. | Method and system for an uncompromising connection from a computing device having information storage like email server to a wireless mobile device |
| US20080009264A1 (en)* | 2006-05-18 | 2008-01-10 | Research In Motion Limited | Automatic security action invocation for mobile communications device |
Family Cites Families (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP3134802B2 (en) | 1997-03-24 | 2001-02-13 | 日本電気株式会社 | Mobile communication apparatus, power supply apparatus and power supply method for mobile communication apparatus, and data terminal connection modem card connectable to mobile communication apparatus |
| US6145083A (en)* | 1998-04-23 | 2000-11-07 | Siemens Information And Communication Networks, Inc. | Methods and system for providing data and telephony security |
| US6651173B1 (en)* | 1999-06-30 | 2003-11-18 | International Business Machines Corporation | Calendar-induced desktop security |
| US6662023B1 (en) | 2000-07-06 | 2003-12-09 | Nokia Mobile Phones Ltd. | Method and apparatus for controlling and securing mobile phones that are lost, stolen or misused |
| US6504480B1 (en) | 2001-08-09 | 2003-01-07 | Hewlett-Packard Company | Electronic device security |
| US7159120B2 (en)* | 2001-11-19 | 2007-01-02 | Good Technology, Inc. | Method and system for protecting data within portable electronic devices |
| EP2262292B1 (en) | 2004-02-26 | 2016-08-17 | BlackBerry Limited | Mobile communications device with security features |
| US7720461B2 (en)* | 2004-02-26 | 2010-05-18 | Research In Motion Limited | Mobile communications device with security features |
| US7400878B2 (en)* | 2004-02-26 | 2008-07-15 | Research In Motion Limited | Computing device with environment aware features |
| EP1779248A4 (en) | 2004-07-30 | 2008-02-27 | Research In Motion Ltd | Method and system for coordinating client and host security modules |
| KR101359324B1 (en)* | 2006-03-27 | 2014-02-24 | 텔레콤 이탈리아 소시에떼 퍼 아찌오니 | System for enforcing security policies on mobile communications devices |
- 2007
- 2007-05-18EPEP11193107.7Apatent/EP2455881B1/enactiveActive
- 2007-05-18EPEP07719821Apatent/EP2021968B1/enactiveActive
- 2007-05-18USUS11/750,594patent/US7809353B2/enactiveActive
- 2007-05-18USUS11/750,789patent/US8140863B2/enactiveActive
- 2007-05-18USUS11/750,568patent/US9077485B2/enactiveActive
- 2007-05-18CACA2652438Apatent/CA2652438C/enactiveActive
- 2007-05-18WOPCT/CA2007/000899patent/WO2007134448A1/enactiveApplication Filing
- 2010
- 2010-08-24USUS12/862,228patent/US20100317324A1/ennot_activeAbandoned
- 2012
- 2012-02-28USUS13/406,765patent/US8667306B2/enactiveActive
- 2015
- 2015-07-06USUS14/791,901patent/US9603010B2/enactiveActive
Patent Citations (21)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5131040A (en)* | 1991-02-28 | 1992-07-14 | Motorola, Inc. | Method for backing up and erasing encryption keys |
| US6370402B1 (en)* | 1999-02-19 | 2002-04-09 | Nec Corporation | Portable radio terminal |
| US6504460B2 (en)* | 2001-04-17 | 2003-01-07 | Eaton Corporation | Actuator mechanism for an external circuit breaker operating device |
| US20040097271A1 (en)* | 2002-11-15 | 2004-05-20 | Naveen Aerrabotu | Service lock release for a wireless communication device |
| US20040123153A1 (en)* | 2002-12-18 | 2004-06-24 | Michael Wright | Administration of protection of data accessible by a mobile device |
| US20050021468A1 (en)* | 2003-07-21 | 2005-01-27 | Stockton Marcia L. | Methods, systems and computer program products for managing a computer mass storage system that hosts multiple users |
| US20050020315A1 (en)* | 2003-07-22 | 2005-01-27 | Robertson Ian M. | Security for mobile communications device |
| US20050039004A1 (en)* | 2003-08-12 | 2005-02-17 | Adams Neil P. | System and method of indicating the strength of encryption |
| US20050044433A1 (en)* | 2003-08-19 | 2005-02-24 | Dunstan Robert A. | Storing encrypted and/or compressed system context information when entering a low-power state |
| US20050044404A1 (en)* | 2003-08-23 | 2005-02-24 | Bhansali Apurva Mahendrakumar | Electronic device security and tracking system and method |
| US20050046580A1 (en)* | 2003-08-28 | 2005-03-03 | Miranda-Knapp Carlos A. | Method and apparatus for detecting loss and location of a portable communications device |
| US6940407B2 (en)* | 2003-08-28 | 2005-09-06 | Motorola, Inc. | Method and apparatus for detecting loss and location of a portable communications device |
| US20050070339A1 (en)* | 2003-09-30 | 2005-03-31 | Samsung Electronics Co., Ltd. | Apparatus and method for performing power saving control of mobile terminal |
| US20050097596A1 (en)* | 2003-10-31 | 2005-05-05 | Pedlow Leo M.Jr. | Re-encrypted delivery of video-on-demand content |
| US20050114389A1 (en)* | 2003-11-25 | 2005-05-26 | Nec Corporation | Application data management method for mobile terminal and mobile terminal used therein |
| US20050136979A1 (en)* | 2003-12-18 | 2005-06-23 | Josef Dietl | Storing and synchronizing data on a removable storage medium |
| US20070100978A1 (en)* | 2005-11-03 | 2007-05-03 | Emblaze Ltd. | Method and system for an uncompromising connection from a computing device having information storage like email server to a wireless mobile device |
| US20080009264A1 (en)* | 2006-05-18 | 2008-01-10 | Research In Motion Limited | Automatic security action invocation for mobile communications device |
| US7809353B2 (en)* | 2006-05-18 | 2010-10-05 | Research In Motion Limited | Automatic security action invocation for mobile communications device |
| US8140863B2 (en)* | 2006-05-18 | 2012-03-20 | Research In Motion Limited | Automatic security action invocation for mobile communications device |
| US20120210389A1 (en)* | 2006-05-18 | 2012-08-16 | Research In Motion Limited | Automatic security action invocation for mobile communications device |
Cited By (97)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9603010B2 (en) | 2006-05-18 | 2017-03-21 | Blackberry Limited | Automatic security action invocation for mobile communications device |
| US10540520B2 (en) | 2007-01-19 | 2020-01-21 | Blackberry Limited | Selectively wiping a remote device |
| US8056143B2 (en)* | 2007-01-19 | 2011-11-08 | Research In Motion Limited | Selectively wiping a remote device |
| US20120079603A1 (en)* | 2007-01-19 | 2012-03-29 | Research In Motion Limited | Selectively wiping a remote device |
| US9106670B2 (en) | 2007-01-19 | 2015-08-11 | Blackberry Limited | Selectively wiping a remote device |
| US9100413B2 (en)* | 2007-01-19 | 2015-08-04 | Blackberry Limited | Selectively wiping a remote device |
| US20080178300A1 (en)* | 2007-01-19 | 2008-07-24 | Research In Motion Limited | Selectively wiping a remote device |
| US11030338B2 (en) | 2007-01-19 | 2021-06-08 | Blackberry Limited | Selectively wiping a remote device |
| US9043919B2 (en) | 2008-10-21 | 2015-05-26 | Lookout, Inc. | Crawling multiple markets and correlating |
| US9245119B2 (en) | 2008-10-21 | 2016-01-26 | Lookout, Inc. | Security status assessment using mobile device security information database |
| US8561144B2 (en) | 2008-10-21 | 2013-10-15 | Lookout, Inc. | Enforcing security based on a security state assessment of a mobile device |
| US9563749B2 (en) | 2008-10-21 | 2017-02-07 | Lookout, Inc. | Comparing applications and assessing differences |
| US9740852B2 (en) | 2008-10-21 | 2017-08-22 | Lookout, Inc. | System and method for assessing an application to be installed on a mobile communications device |
| US8683593B2 (en) | 2008-10-21 | 2014-03-25 | Lookout, Inc. | Server-assisted analysis of data for a mobile device |
| US9779253B2 (en) | 2008-10-21 | 2017-10-03 | Lookout, Inc. | Methods and systems for sharing risk responses to improve the functioning of mobile communications devices |
| US8745739B2 (en) | 2008-10-21 | 2014-06-03 | Lookout, Inc. | System and method for server-coupled application re-analysis to obtain characterization assessment |
| US8752176B2 (en) | 2008-10-21 | 2014-06-10 | Lookout, Inc. | System and method for server-coupled application re-analysis to obtain trust, distribution and ratings assessment |
| US9407640B2 (en) | 2008-10-21 | 2016-08-02 | Lookout, Inc. | Assessing a security state of a mobile communications device to determine access to specific tasks |
| US9781148B2 (en) | 2008-10-21 | 2017-10-03 | Lookout, Inc. | Methods and systems for sharing risk responses between collections of mobile communications devices |
| US8826441B2 (en) | 2008-10-21 | 2014-09-02 | Lookout, Inc. | Event-based security state assessment and display for mobile devices |
| US9860263B2 (en) | 2008-10-21 | 2018-01-02 | Lookout, Inc. | System and method for assessing data objects on mobile communications devices |
| US8533844B2 (en) | 2008-10-21 | 2013-09-10 | Lookout, Inc. | System and method for security data collection and analysis |
| US9367680B2 (en) | 2008-10-21 | 2016-06-14 | Lookout, Inc. | System and method for mobile communication device application advisement |
| US8881292B2 (en) | 2008-10-21 | 2014-11-04 | Lookout, Inc. | Evaluating whether data is safe or malicious |
| US10509911B2 (en) | 2008-10-21 | 2019-12-17 | Lookout, Inc. | Methods and systems for conditionally granting access to services based on the security state of the device requesting access |
| US9344431B2 (en) | 2008-10-21 | 2016-05-17 | Lookout, Inc. | System and method for assessing an application based on data from multiple devices |
| US9294500B2 (en) | 2008-10-21 | 2016-03-22 | Lookout, Inc. | System and method for creating and applying categorization-based policy to secure a mobile communications device from access to certain data objects |
| US9235704B2 (en) | 2008-10-21 | 2016-01-12 | Lookout, Inc. | System and method for a scanning API |
| US8984628B2 (en) | 2008-10-21 | 2015-03-17 | Lookout, Inc. | System and method for adverse mobile application identification |
| US8997181B2 (en) | 2008-10-21 | 2015-03-31 | Lookout, Inc. | Assessing the security state of a mobile communications device |
| US11080407B2 (en) | 2008-10-21 | 2021-08-03 | Lookout, Inc. | Methods and systems for analyzing data after initial analyses by known good and known bad security components |
| US9223973B2 (en) | 2008-10-21 | 2015-12-29 | Lookout, Inc. | System and method for attack and malware prevention |
| US9065846B2 (en) | 2008-10-21 | 2015-06-23 | Lookout, Inc. | Analyzing data gathered through different protocols |
| US9996697B2 (en) | 2008-10-21 | 2018-06-12 | Lookout, Inc. | Methods and systems for blocking the installation of an application to improve the functioning of a mobile communications device |
| US9100389B2 (en) | 2008-10-21 | 2015-08-04 | Lookout, Inc. | Assessing an application based on application data associated with the application |
| US10417432B2 (en) | 2008-10-21 | 2019-09-17 | Lookout, Inc. | Methods and systems for blocking potentially harmful communications to improve the functioning of an electronic device |
| US10509910B2 (en) | 2008-10-21 | 2019-12-17 | Lookout, Inc. | Methods and systems for granting access to services based on a security state that varies with the severity of security events |
| US10623960B2 (en) | 2009-02-17 | 2020-04-14 | Lookout, Inc. | Methods and systems for enhancing electronic device security by causing the device to go into a mode for lost or stolen devices |
| US8538815B2 (en) | 2009-02-17 | 2013-09-17 | Lookout, Inc. | System and method for mobile device replacement |
| US9569643B2 (en) | 2009-02-17 | 2017-02-14 | Lookout, Inc. | Method for detecting a security event on a portable electronic device and establishing audio transmission with a client computer |
| US10419936B2 (en) | 2009-02-17 | 2019-09-17 | Lookout, Inc. | Methods and systems for causing mobile communications devices to emit sounds with encoded information |
| US9100925B2 (en) | 2009-02-17 | 2015-08-04 | Lookout, Inc. | Systems and methods for displaying location information of a device |
| US8635109B2 (en) | 2009-02-17 | 2014-01-21 | Lookout, Inc. | System and method for providing offers for mobile devices |
| US9179434B2 (en) | 2009-02-17 | 2015-11-03 | Lookout, Inc. | Systems and methods for locking and disabling a device in response to a request |
| US9042876B2 (en) | 2009-02-17 | 2015-05-26 | Lookout, Inc. | System and method for uploading location information based on device movement |
| US8774788B2 (en) | 2009-02-17 | 2014-07-08 | Lookout, Inc. | Systems and methods for transmitting a communication based on a device leaving or entering an area |
| US9232491B2 (en) | 2009-02-17 | 2016-01-05 | Lookout, Inc. | Mobile device geolocation |
| US9167550B2 (en) | 2009-02-17 | 2015-10-20 | Lookout, Inc. | Systems and methods for applying a security policy to a device based on location |
| US8929874B2 (en) | 2009-02-17 | 2015-01-06 | Lookout, Inc. | Systems and methods for remotely controlling a lost mobile communications device |
| US8682400B2 (en) | 2009-02-17 | 2014-03-25 | Lookout, Inc. | Systems and methods for device broadcast of location information when battery is low |
| US9955352B2 (en) | 2009-02-17 | 2018-04-24 | Lookout, Inc. | Methods and systems for addressing mobile communications devices that are lost or stolen but not yet reported as such |
| US8855601B2 (en) | 2009-02-17 | 2014-10-07 | Lookout, Inc. | System and method for remotely-initiated audio communication |
| US8825007B2 (en) | 2009-02-17 | 2014-09-02 | Lookout, Inc. | Systems and methods for applying a security policy to a device based on a comparison of locations |
| US9253167B2 (en)* | 2011-04-19 | 2016-02-02 | Apriva, Llc | Device and system for facilitating communication and networking within a secure mobile environment |
| US20120269346A1 (en)* | 2011-04-19 | 2012-10-25 | Apriva, Llc | Device and system for facilitating communication and networking within a secure mobile environment |
| US8816868B2 (en)* | 2011-06-06 | 2014-08-26 | Apple Inc. | Adaptive low-battery warnings for battery-powered electronic devices |
| US20150042480A1 (en)* | 2011-06-06 | 2015-02-12 | Apple Inc. | Adaptive low-battery warnings for battery-powered electronic devices |
| US9709607B2 (en)* | 2011-06-06 | 2017-07-18 | Apple Inc. | Adaptive low-battery warnings for battery-powered electronic devices |
| US20120306655A1 (en)* | 2011-06-06 | 2012-12-06 | Apple Inc. | Adaptive low-battery warnings for battery-powered electronic devices |
| WO2013040496A3 (en)* | 2011-09-15 | 2013-05-10 | Mcafee, Inc. | System and method for real-time customized threat protection |
| US8914907B2 (en)* | 2011-10-19 | 2014-12-16 | Hon Hai Precision Industry Co., Ltd. | Electronic device for protecting data |
| US20130104250A1 (en)* | 2011-10-19 | 2013-04-25 | Chih-Fu Chuang | Electronic device for protecting data |
| WO2013130338A1 (en)* | 2012-03-02 | 2013-09-06 | Lookout, Inc. | System and method for remotely-initiated audio communication |
| US9992025B2 (en) | 2012-06-05 | 2018-06-05 | Lookout, Inc. | Monitoring installed applications on user devices |
| US10256979B2 (en) | 2012-06-05 | 2019-04-09 | Lookout, Inc. | Assessing application authenticity and performing an action in response to an evaluation result |
| US11336458B2 (en) | 2012-06-05 | 2022-05-17 | Lookout, Inc. | Evaluating authenticity of applications based on assessing user device context for increased security |
| US9407443B2 (en) | 2012-06-05 | 2016-08-02 | Lookout, Inc. | Component analysis of software applications on computing devices |
| US10419222B2 (en) | 2012-06-05 | 2019-09-17 | Lookout, Inc. | Monitoring for fraudulent or harmful behavior in applications being installed on user devices |
| US9589129B2 (en) | 2012-06-05 | 2017-03-07 | Lookout, Inc. | Determining source of side-loaded software |
| US9940454B2 (en) | 2012-06-05 | 2018-04-10 | Lookout, Inc. | Determining source of side-loaded software using signature of authorship |
| US9215074B2 (en) | 2012-06-05 | 2015-12-15 | Lookout, Inc. | Expressing intent to control behavior of application components |
| US9450965B2 (en) | 2012-06-18 | 2016-09-20 | Nec Corporation | Mobile device, program, and control method |
| EP2863331A4 (en)* | 2012-06-18 | 2015-12-23 | Nec Corp | Portable terminal, program, and control method |
| US9769749B2 (en) | 2012-10-26 | 2017-09-19 | Lookout, Inc. | Modifying mobile device settings for resource conservation |
| US9408143B2 (en) | 2012-10-26 | 2016-08-02 | Lookout, Inc. | System and method for using context models to control operation of a mobile communications device |
| US8655307B1 (en) | 2012-10-26 | 2014-02-18 | Lookout, Inc. | System and method for developing, updating, and using user device behavioral context models to modify user, device, and application state, settings and behavior for enhanced user security |
| US9357491B2 (en) | 2012-12-04 | 2016-05-31 | At&T Intellectual Property I, L.P. | Rule-based timeout and security access |
| US8903362B2 (en)* | 2012-12-04 | 2014-12-02 | At&T Intellectual Property I, L.P. | Rule-based device timeout and security access |
| US9860846B2 (en) | 2012-12-04 | 2018-01-02 | At&T Intellectual Property I, L.P. | Rule-based device timeout and security access |
| US9208215B2 (en) | 2012-12-27 | 2015-12-08 | Lookout, Inc. | User classification based on data gathered from a computing device |
| US9374369B2 (en) | 2012-12-28 | 2016-06-21 | Lookout, Inc. | Multi-factor authentication and comprehensive login system for client-server networks |
| US8855599B2 (en) | 2012-12-31 | 2014-10-07 | Lookout, Inc. | Method and apparatus for auxiliary communications with mobile communications device |
| US9424409B2 (en) | 2013-01-10 | 2016-08-23 | Lookout, Inc. | Method and system for protecting privacy and enhancing security on an electronic device |
| US10452862B2 (en) | 2013-10-25 | 2019-10-22 | Lookout, Inc. | System and method for creating a policy for managing personal data on a mobile communications device |
| US10990696B2 (en) | 2013-10-25 | 2021-04-27 | Lookout, Inc. | Methods and systems for detecting attempts to access personal information on mobile communications devices |
| US9642008B2 (en) | 2013-10-25 | 2017-05-02 | Lookout, Inc. | System and method for creating and assigning a policy for a mobile communications device based on personal data |
| US10742676B2 (en) | 2013-12-06 | 2020-08-11 | Lookout, Inc. | Distributed monitoring and evaluation of multiple devices |
| US10122747B2 (en) | 2013-12-06 | 2018-11-06 | Lookout, Inc. | Response generation after distributed monitoring and evaluation of multiple devices |
| US9753796B2 (en) | 2013-12-06 | 2017-09-05 | Lookout, Inc. | Distributed monitoring, evaluation, and response for multiple devices |
| US10601978B2 (en)* | 2014-06-04 | 2020-03-24 | T-Mobile Usa, Inc. | Telecommunication device utilization based on heartbeat communication |
| US20150358455A1 (en)* | 2014-06-04 | 2015-12-10 | T-Mobile Usa, Inc. | Telecommunication Device Utilization Based on Heartbeat Communication |
| US10540494B2 (en) | 2015-05-01 | 2020-01-21 | Lookout, Inc. | Determining source of side-loaded software using an administrator server |
| US11259183B2 (en) | 2015-05-01 | 2022-02-22 | Lookout, Inc. | Determining a security state designation for a computing device based on a source of software |
| US12120519B2 (en) | 2015-05-01 | 2024-10-15 | Lookout, Inc. | Determining a security state based on communication with an authenticity server |
| US10218697B2 (en) | 2017-06-09 | 2019-02-26 | Lookout, Inc. | Use of device risk evaluation to manage access to services |
| US11038876B2 (en) | 2017-06-09 | 2021-06-15 | Lookout, Inc. | Managing access to services based on fingerprint matching |
| US12081540B2 (en) | 2017-06-09 | 2024-09-03 | Lookout, Inc. | Configuring access to a network service based on a security state of a mobile device |
Also Published As
| Publication number | Publication date |
|---|---|
| US9603010B2 (en) | 2017-03-21 |
| CA2652438C (en) | 2018-06-12 |
| EP2021968B1 (en) | 2012-11-14 |
| US20120210389A1 (en) | 2012-08-16 |
| US20150312754A1 (en) | 2015-10-29 |
| US20070298767A1 (en) | 2007-12-27 |
| US8140863B2 (en) | 2012-03-20 |
| EP2021968A1 (en) | 2009-02-11 |
| CA2652438A1 (en) | 2007-11-29 |
| WO2007134448A1 (en) | 2007-11-29 |
| US20080005561A1 (en) | 2008-01-03 |
| EP2455881A1 (en) | 2012-05-23 |
| US7809353B2 (en) | 2010-10-05 |
| US8667306B2 (en) | 2014-03-04 |
| EP2455881B1 (en) | 2018-01-17 |
| US9077485B2 (en) | 2015-07-07 |
| EP2021968A4 (en) | 2009-06-24 |
| US20080009264A1 (en) | 2008-01-10 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9603010B2 (en) | Automatic security action invocation for mobile communications device | |
| EP1501330B1 (en) | Security for a mobile communications device | |
| EP1933249B1 (en) | System and method for wiping and disabling a removed device | |
| US9053330B2 (en) | Method and devices for providing secure data backup from a mobile communication device to an external computing device | |
| US8494485B1 (en) | Management of certificates for mobile devices | |
| EP2448303B1 (en) | Method and system for securing data of a mobile communications device | |
| CA2634576C (en) | A method and devices for providing secure data backup from a mobile communication device to an external computing device | |
| US20080148350A1 (en) | System and method for implementing security features and policies between paired computing devices | |
| US20070277230A1 (en) | System and method for providing secured access to mobile devices | |
| US20110113242A1 (en) | Protecting mobile devices using data and device control | |
| WO2008092336A1 (en) | System and method for realizing remote control to terminal data | |
| US8931045B2 (en) | Method and apparatus for management of multiple grouped resources on device | |
| US20100023523A1 (en) | Method and apparatus for managing data having access restriction information | |
| JP5255995B2 (en) | Log information management apparatus and log information management method | |
| KR20250082999A (en) | The Smart Phone Protection System And Method Using MDM when detecting Ransomware |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| AS | Assignment | Owner name:RESEARCH IN MOTION LIMITED, ONTARIO Free format text:ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:BROWN, MICHAEL S.;ADAMS, NEIL;FYKE, STEVEN;AND OTHERS;REEL/FRAME:024878/0541 Effective date:20070709 | |
| STCB | Information on status: application discontinuation | Free format text:ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION | |
| AS | Assignment | Owner name:BLACKBERRY LIMITED, ONTARIO Free format text:CHANGE OF NAME;ASSIGNOR:RESEARCH IN MOTION LIMITED;REEL/FRAME:034150/0483 Effective date:20130709 |