GB2450539A - Security method for a mobile computing device - Google Patents

Security method for a mobile computing device Download PDF

Info

Publication number
GB2450539A
GB2450539A GB0712650A GB0712650A GB2450539A GB 2450539 A GB2450539 A GB 2450539A GB 0712650 A GB0712650 A GB 0712650A GB 0712650 A GB0712650 A GB 0712650A GB 2450539 A GB2450539 A GB 2450539A
Authority
GB
United Kingdom
Prior art keywords
computing device
communication
input
information relating
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
GB0712650A
Other versions
GB0712650D0 (en
Inventor
Mel Pullen
Andrew Langstaff
Leon Bovett
Trevor Blight
David Roberts
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Symbian Software Ltd
Original Assignee
Symbian Software Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Symbian Software Ltd filed Critical Symbian Software Ltd
Priority to GB0712650A priority Critical patent/GB2450539A/en
Publication of GB0712650D0 publication Critical patent/GB0712650D0/en
Publication of GB2450539A publication Critical patent/GB2450539A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • H04W12/126Anti-theft arrangements, e.g. protection against subscriber identity module [SIM] cloning
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/30Security of mobile devices; Security of mobile applications
    • H04Q7/3294
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/63Location-dependent; Proximity-dependent
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/02Services making use of location information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/12Messaging; Mailboxes; Announcements

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Telephone Function (AREA)
  • Telephonic Communication Services (AREA)

Abstract

A computing device comprises a facility whereby, when an alternative password or PIN or other input sequence is input to unlock the device, the device sends a communication to an appropriate authority indicating that the device is being used without the authority of the owner. The communication may include additional information, such as the device current location, or data stored on the device since the input of the alternative pin or password.

Description

1 2450539 Computing Device and Method of Operation This invention
relates to a computing device, and in particular to a computing device with a capabi!ity to aid the recovery of the device in the event of theft, and also to a method of operation of such a device to assist recovery.
The term computing device as used herein is to be expansively construed to cover any form of electrical computing device and includes, data recording devices, computers of any type or form, including hand held and personal computers such as Personal Digital Assistants (PDAs), and communication devices of any form factor, including mobile phones, smart phones, communicators which combine communications, image recording and br playback, and computing functionality within a single device, and other forms of wireless and wired information devices, including digital cameras, MP3 and other music players, and digital radios.
There is increased convergence of mobile handheld computing devices. It is now possible to purchase a single device providing a high level of functionality for * telephony * Internet access * taking photographs * filming movies * playing music and other audio * playing games * storing personal contact and calendar information * dictating letters and voice memos * listeningtothe radio * watching television * GPS positioning where previously 10 separate handheld computing devices might have been needed. Those skilled in the art will no doubt appreciate other uses which in addition to those referred to above.
Unfortunately, many mobile handheld devices are highly desirable and relatively expensive consumer electronics items which are very common targets of criminals. Because they are often used conspicuously in public places, they are particularly vulnerable to on-street theft. The small size and handheld form factor for these devices makes this sort of crime especially difficult to foresee and prevent. Normally, a person threatened by a criminal seeking to steal their handheld mobile computing device will just hand over the device rather than run the risk of personal physical harm.
Because computing devices store sensitive personal information, they are often protected with some form of password or PIN code. This is primarily for reasons of user privacy rather than as an anti-theft measure, but it does make it substantially more difficult for thieves to be able to use the device if the device is stolen and the password or PIN code is not known. Because of this, if a thief notices than a device is protected in this way, they are often likely to ask their victim for the unlocking password or PIN at the time of theft. Once again, the victim is more likely than not to disclose this information rather than risk of physical harm.
Many users of portable and handheld computing devices do not worry about protecting their data with a password or PIN code, but do nevertheless retain the ability to lock their devices from use until the input of a particular data input sequence, such as a sequence of key presses on a keyboard or keypad.
In certain models of these devices, this lock facility is automatically enabled in use of the device unless it is specifically disabled by the user. This lock mode is usually enabled to avoid accidental activation when the device is in an on' state but kept in a location where it might be inadvertently activated', such as in a pocket or a bag.
This invention relates to a computing device equipped with a communication ability together with a capability of being locked until the input of a PIN or password or other input sequence can be enabled, and the PIN or password or other input sequence is detected by the device as being such that the device notifies appropriate authorities that the device has been stolen or used without the authorisation of the device owner or user.
According to a first aspect of the present invention there is provided a computing device having a. a capability to communicate with a further computing device; and b. an ability to inhibit use of the computing device until a specific first item of data is input; wherein the ability to inhibit use of the device has a capability to permit use in response to the input of a second item of data, and wherein the input of the second item of data to the device causes the device to communicate with the further computing device.
According to a second aspect of the present invention there is provided a method of operating a computing device having a. a capability to send messages to a further computing device; and b. an ability to prevent itself being used until a specific first item of data is input; and wherein the ability to inhibit use of the device has a capability to permit use in response to the input of a second item of data, the method comprising, when the second item of data is input to the computing device, causing the device to send one or more communications to the further computing device.
According to a third aspect of the present invention there is provided an operating system for causing a computing device according to the first aspect to operate in accordance with a method of the second aspect.
Embodiments of the present invention will now be described, by way of further example only, with reference to the accompanying drawings, in which:-Figure 1 shows schematically a computing device in accordance with the present invention; and Figure 2 shows a flow chart illustrating a method of operation of the device shown in figure 1.
The key components of an embodiment of a computing device according to the present invention are shown in Figure 1. The device 2 includes * a Central Processing Unit (CPU) 4 that controls the device * a readable memory 6, such as random access memory (RAM) that can be used to store computer instructions, such as application programmes, to be acted on by the CPU in order to control the device to perform certain operations as required by the user * a writable memory 8, such as non volatile memory, where data can be stored, including but not limited to, lock or unlock codes or input sequences, passwords and PINs or equivalents.
* a screen and keyboard or keypad or equivalent 10 for displaying prompts and inputting responses * some communication means 12 for communicating to another computing device over a communications network.
With this invention, the writable memory 8 is configured so that the device is provided with a capability to maintain an alternative PIN or password number or other input sequence, preferably to be programmed by the user, in addition to the normal PIN or password or other input sequence. Additionally, the memory 8 is configured so that, if the device is stolen by a criminal who demands the necessary unlocking data from their victim, and the alternative PIN or password or other input sequence is provided by the user instead of the normally used PIN or password or other input sequence, when that alternative PIN is used, the CPU 4 is controlled so that the device appears to operate in a way which appears conventional to the subsequent user, but also operates to perform certain functions which are not evident to that subsequent user.
Hence, once the alternative PIN or password or other input sequence is used to unlock the device, to the criminal the device behaves as if it had been unlocked with the normally user password; indeed, it is important to this invention that an unauthorised user of the device is unable to tell that the device has not been unlocked by the PIN or password usually used by the user to unlock the device. The key difference in the behaviour of the computing device when unlocked with the alternative PIN or password or other input sequence is that, without the unauthorised user becoming aware, at some time the device notifies the appropriate authorities that the phone has been stolen, and this notification is preferably sent together with information relating to its unauthorised use. This information can include but is not limited to, information that might identify the location of the computing device and/or the identity of the person or persons who have stolen it, or were now using it without the authority of the owner.
This operation will now be described with reference to Figure 2.
When the PIN or password is entered at step 14, the device determines at step 16 whether the entered data is the PIN or password as normally used by the device user. If the answer is YES, the device operates in the normal way for the device user. Hence, as an example, if the user makes a call, the communication channel to the call recipient is made in the usual way with no specific notification to a third party other than that that would be made in normal operation of the device, such as the communication made with the network operator to ensure that the user is charged for the call connection being provided.
However, if the answer is No; i.e. the device determines that the PIN or password being input is that stored in the device to indicate that the device has been stolen and is being used by an unauthorised user, the device does not operate in the conventional way. In this case, the device generates data which is queued for transmission at the time the PIN or password is input or, as shown in the example of figure 2, is queued for notification at the earliest opportunity that the device senses that it is able to send the notifying queued data to an appropriate authority. The queued data may comprise a straightforward SMS message, or as stated above, the device is configured so that additional information is included with the transmitted data, such as location data, phone numbers which have been input but not sent for some reason since the stolen' PIN or password was entered. Furthermore, the device can be configured so that the straightforward message is sent as a first notification that the device has been stolen, but data is also queued for subsequent transmission. This queued data may be stored and the activity on the device monitored so that a further message followed at some time by a message including additional information which might help to identify the fraudulent user, such as location data, photographs, dialled numbers, can be sent in order to enhance the chances of recovery of the device, or to improve the chances of the thief or unauthorised user being apprehended.
Many devices not protected by PINs or password, but where use is locked until a specific input sequence occurs, display the necessary input sequence on the screen as a prompt. An implementation of this invention on such devices may allow for the legitimate owner or user to define their own primary unlock sequence, but leave an illegitimate user to follow a sequence of screen prompts and unwittingly input an alternative sequence that informs the authorities of the device theft. Yet another implementation could remove the prompts altogether, forcing the illegitimate user to ask for the unlock method, whereupon they could be given the alternative sequence that informs the authorities of the theft.
In the case of a device capable of instant wireless communication, such as a mobile telephone, the device may also inform the appropriate authorities that the lawful owner or user of the device is currently under attack and is in imminent danger or is under threat.
Devices not capable of such instant communication, such as games machines that make use of 802.11 wireless internet communication method (commonly known as WiFi) would have to transmit this information next time they were in range of a wireless access point.
Devices that can only communicate when linked up to other computers, such as music players that rely on connection to a PC in order to download music from some music store or multimedia provider, would have to transmit this information via the music store or multimedia provider next time they connected; this might require further configuration of the device at the store or provider to ensure that the message is relayed appropriately.
The information that identifies the location of the device could be geographical coordinates in the case of a device with positioning capability, such as GPS receiver, or cell ID in the case of a cellular wireless telephone, or IP address in the case of a device with Internet connectivity.
The information that might identify the person or persons who were unauthorised users of the device can arise from a multiplicity of sources, including but not limited to: * details of the way the device has been used, such as telephone numbers either called or to which messages have been sent on a mobile telephone, tracks purchased on music players, and email addresses contacted on a message capable device. All or any of this information could service to identify the unauthorised user.
* photographs or movie clips either taken with the device (in the case of computing devices with a camera) or copied to the device (in the case of a computing device that was capable of displaying such multimedia content).
* recordings of voice input by someone using the device, obtained when any microphone incorporated in the device is used (mobile telephone and many digital cameras incorporate such microphones.
* information specifically triggered for silent capture by the input of the alternative PIN or password or other input sequence. An ideal example of such information would be for a device with a user-facing camera, as found on many mobile telephones, to silently take a photograph (with no audible focus motor movement, no focus assist flash, no exposure assist flash) immediately, and on each subsequent keypad unlocking operation, which could then be included as appropriate in a message to the appropriate authorities. Devices with a microphone could similarly be triggered to capture voiceprints of users of the device for inclusion in a message to the appropriate authorities.
The message used to convey the information could be an email, an instant message, an SMS or any other type of communication that could be sent transparently and silently without the thief knowing that it had been sent. In the case of a mobile telephone, it could also extend to an emergency call to 112 or any other emergency number, which would be made silently with the relevant information being contained in digitised speech or other suitable audible form.
The appropriate authorities who could receive the notification of theft could be any or all of the police, security companies, property tracking organisations, insurance companies, or any other body with an interest in locating stolen good and apprehending criminals.
If it proves impossible to recover the device, this invention permits the freezing of any accounts (such as mobile phone accounts or music store accounts) that may be associated with the device; however, it is preferable that this is not done immediately as it may prematurely alert the perpetrator that their crime has been detected and that they have a high risk of being apprehended.
Nothing in this invention should be implemented in any way that prevents the ability of a computing device able to use cellular telephone networks to make emergency calls using a 112 or other suitable emergency number.
Several advantages accrue through the use of this invention, including: * it can enable the recovery of stolen property * it can enable the apprehending of thieves and criminals * it can alert the authorities to a crime in progress (in the case. of device that can instantly communicate) * knowledge of its existence and of the certainly of being caught can act as a deterrent to anyone intending to steal a mobile telephone.
It should be noted that in the embodiment described above where the implementation relies on alternative unlock input sequences to that prompted (rather than on PINs or passwords) this deterrent effect extends, in essence, to devices that are not able to implement this invention directly, because it would not be possible to tell from the device whether the sequence described in the prompt was the primary safe sequence or the alternative one that informs the authorities of the theft. A thief would therefore be in the same position as those hunting the snark in Lewis Carroll's eponymous poem; they would not know whether they had stolen a snark or a boojum.
Although the present invention has been described with reference to specific embodiments, it should be appreciated that modifications may be effected whilst remaining within the scope of the appended claims.

Claims (23)

  1. Claims: 1. A computing device having a. a capability to communicate
    with a further computing device; and b. an ability to inhibit use of the computing device until a specific first item of data is input; wherein the ability to inhibit use of the device has a capability to permit use in response to the input of a second item of data, and wherein the input of the second item of data to the device causes the device to communicate with the further computing device.
  2. 2. A computing device according to claim I wherein the input of the second item of data causes the computing device to commence capture of information relating to its unauthorised use.
  3. 3. A computing device according to claim 1 or 2 wherein the communication includes information relating to the unauthorised use.
  4. 4. A computing device according to claim 3 wherein the communication includes information relating to the location of the device.
  5. 5. A computing device according to claim 4 wherein the information relating to device location is a geographical coordinate.
  6. 6. A computing device according to claim 4 wherein the device comprises a mobile phone and the information relating to device location is a cell identity.
  7. 7. A computing device according to claim 4 wherein the information relating to device location is an IP address
  8. 8. A computing device according to any one of the preceding claims wherein the communication is an email.
  9. 9. A computing device according to any of the previous claims wherein the communication is an SMS.
  10. 10. A computing device according to any of the previous claims wherein the communication is an instant message.
  11. 11. A computing device according to any of the previous claims wherein the communication is an internet communication.
  12. 12. A method of operating a computing device having a. a capability to send messages to a further computing device; and b. an ability to prevent itself being used until a specific first item of data is input; and wherein the ability to inhibit use of the device has a capability to permit use in response to the input of a second item of data, the method comprising, when the second item of data is input to the computing device, causing the device to send one or more communications to the further computing device.
  13. 13. A method according to claim 12 wherein the input of the said second item of data causes the computing device to begin to capture information relating to its unauthorised use.
  14. 14. A method according to claim 12 or 13 wherein the communication includes information relating to unauthorised use of the device.
  15. 15. A method accrding to any one of claims 12 to 14 wherein the communication includes information relating to the location of the device.
  16. 16. A method according to claim 15 wherein the information relating to the location of the device comprises a geographical coordinate.
  17. 17. A method according to claim 15 wherein the information relating to the location of the device comprises a cell identity.
  18. 18. A method according to claim 15 wherein the information relating to the location of the device comprises an lP address.
  19. 19. A method according to any one of claims 12 tol8 wherein the communication is an email.
  20. 20. A computing device according to any of the claims 12-18 wherein the said sent message is an SMS.
  21. 21. A method according to any one of claims 12 to 18 wherein the communication is an instant message.
  22. 22. A method according to any one of claims 12 tol8 wherein the communication is an internet communication.
  23. 23. An operating system for causing a computing device to operate in accordance with a method as claimed in any one of claims 12 to 22.
GB0712650A 2007-06-27 2007-06-27 Security method for a mobile computing device Withdrawn GB2450539A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
GB0712650A GB2450539A (en) 2007-06-27 2007-06-27 Security method for a mobile computing device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
GB0712650A GB2450539A (en) 2007-06-27 2007-06-27 Security method for a mobile computing device

Publications (2)

Publication Number Publication Date
GB0712650D0 GB0712650D0 (en) 2007-08-08
GB2450539A true GB2450539A (en) 2008-12-31

Family

ID=38420948

Family Applications (1)

Application Number Title Priority Date Filing Date
GB0712650A Withdrawn GB2450539A (en) 2007-06-27 2007-06-27 Security method for a mobile computing device

Country Status (1)

Country Link
GB (1) GB2450539A (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4843385A (en) * 1986-07-02 1989-06-27 Motorola, Inc. Electronic lock system for a two-way radio
GB2304001A (en) * 1995-07-29 1997-03-05 Samsung Electronics Co Ltd Portable telephone loss alarm
EP0776141A2 (en) * 1995-11-24 1997-05-28 Nokia Telecommunications Oy Checking the Personal Identification Number of a mobile subscriber
WO1997043866A2 (en) * 1996-05-13 1997-11-20 Telefonaktiebolaget Lm Ericsson (Publ) A method and a device for identifying a user of a mobile telephone
GB2318707A (en) * 1996-10-23 1998-04-29 Nec Corp Mobile Radio Device Protected against Misuse by a Thief
WO2002051106A1 (en) * 2000-12-18 2002-06-27 Robert, Patrick Method for protecting nomad devices against theft, corresponding device and installation

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4843385A (en) * 1986-07-02 1989-06-27 Motorola, Inc. Electronic lock system for a two-way radio
GB2304001A (en) * 1995-07-29 1997-03-05 Samsung Electronics Co Ltd Portable telephone loss alarm
EP0776141A2 (en) * 1995-11-24 1997-05-28 Nokia Telecommunications Oy Checking the Personal Identification Number of a mobile subscriber
WO1997043866A2 (en) * 1996-05-13 1997-11-20 Telefonaktiebolaget Lm Ericsson (Publ) A method and a device for identifying a user of a mobile telephone
GB2318707A (en) * 1996-10-23 1998-04-29 Nec Corp Mobile Radio Device Protected against Misuse by a Thief
WO2002051106A1 (en) * 2000-12-18 2002-06-27 Robert, Patrick Method for protecting nomad devices against theft, corresponding device and installation

Also Published As

Publication number Publication date
GB0712650D0 (en) 2007-08-08

Similar Documents

Publication Publication Date Title
US10681552B2 (en) Method for mitigating the unauthorized use of a device
US9916481B2 (en) Systems and methods for mitigating the unauthorized use of a device
US9031536B2 (en) Method for mitigating the unauthorized use of a device
US9881152B2 (en) System for monitoring the unauthorized use of a device
EP2266071B1 (en) System for mitigating the unauthorized use of a device
US8719909B2 (en) System for monitoring the unauthorized use of a device
US8932368B2 (en) Method for monitoring the unauthorized use of a device
EP2266070B1 (en) System for mitigating the unauthorized use of a device
JP5001380B2 (en) Apparatus and method for locating, tracking and / or recovering wireless communication devices
US20130137376A1 (en) Systems and methods for recovering low power devices
US20090249443A1 (en) Method for monitoring the unauthorized use of a device
EP2780900B1 (en) Systems and methods for recovering low power devices
GB2450539A (en) Security method for a mobile computing device
WO2014027242A1 (en) Systems and methods for mitigating the unauthorized use of a device

Legal Events

Date Code Title Description
WAP Application withdrawn, taken to be withdrawn or refused ** after publication under section 16(1)