Patent Application
20080293397
The present invention relates to a method for remotely disabling at least one functionality of a mobile device. The invention also relates to a mobile device having communication capabilities and comprising at least one functionality, which may be disabled from a remote location.
Various types of mobile devices having communication capabilities, which may communicate with a communication network, are known, such as a portable mobile radio communication equipment, a mobile radio terminal, a mobile telephone, a pager, a communicator, an electronic organizer, and a smartphone. The communication network may e.g. be a mobile communication network, such as a GSM (Global System for Mobile communication) network, or a WCDMA (Wideband Code Division Multiple Access) network as specified e.g. by 3GPP (3rd Generation Partnership Project).
If a mobile device is stolen when it is switched on, the thief may use the mobile device provided that it is not locked by a security code. Not only is it a source of irritation that the mobile device is stolen, unauthorized use of the mobile device may also result in expensive invoices from the network operator. Also, information stored in the mobile device may be used unauthorized.
To prevent or limit unauthorized use of a stolen mobile device, it is known to remotely disable or lock it.
GB-A-2 380 356 discloses remote disabling or locking of a mobile communication apparatus having a subscriber identity module (SIM). A locking message is formed by a control center, which when received by the mobile telephone instructs it to disable or lock by simulating a switch off/on action, preventing further use of the SIM. Furthermore, a flag within a memory of the SIM is set. When the flag is set, access to functionality of the mobile telephone is prevented. It is a disadvantage with this solution that the mobile telephone may still be used if the disabled SIM is replaced by another SIM. Also, functionality provided without involvement of the SIM and content stored in a memory external to the SIM may be accessible even if the SIM is made useless. Thus, the mobile telephone is still of value to the thief. Furthermore, no acknowledgement of disabling of the mobile telephone may be provided to the control center.
It is an object of the invention to provide a method for improving the security of a mobile device having communication capabilities. It is also an object of the invention to improve the security of a mobile device having communication capabilities.
According to a first aspect, a method for disabling at least one functionality of a mobile device having communication capabilities and program instructions for said functionality, comprises receiving a message from a remote communication device by means of the mobile device. The message includes disabling data for disabling the at least one functionality. The method also comprises altering at least a portion of the program instructions for the at least one functionality based on the disabling data and thereby disabling the functionality. The disabling data includes data for altering the program instructions for the at least one functionality.
The method may also comprise receiving the message according to a protocol for updating program instructions.
The disabling data may be associated with at least a portion of the program instructions for the at least one functionality. Also, the method may comprise updating the portion with the disabling data.
The disabling data may comprise delete instructions for deleting at least a portion of the program instructions. The method may comprise deleting the portion in response to executing the delete instructions.
The disabling data may include program instructions for a functionality. The step of altering may comprise replacing at least a portion of the program instructions with the program instructions included in the disabling data.
The program instructions of the disabling data may be instructions for a tracking functionality. The method may comprise generating a geographical position of the mobile device and transmitting the geographical position to a remote device in response to running the program instructions for the tracking functionality.
The disabling data may comprise an identity tag. The method may comprise storing the identity tag in a memory. The identity tag may be read in response to an attempt to restore a previously disabled functionality.
According to a second aspect, a mobile device comprises a memory having program instructions for at least one functionality, a receiver for receiving a message from a remote communication device, and an updating unit for updating at least a portion of the program instructions based on the disabling data and thereby disabling said functionality. The message comprises disabling data for disabling the at least one functionality. The disabling data comprises data for altering the program instructions.
The receiver may comprise means for receiving, during operation, the message according to a protocol for updating program instructions.
The disabling data may be associated with at least a portion of the program instructions for the at least one functionality.
The disabling data may include instructions to delete at least a portion of the stored program instructions. Alternatively or additionally, the disabling data may include program instructions for a functionality. If so, the updating unit may be configured to replace at least a portion of the program instructions for the at least one functionality with the program instructions of the disabling data.
The program instructions of the disabling data may be program instructions for a tracking functionality. The mobile device may comprise a position determination unit for determining the geographical position of the mobile device.
The disabling data may include an identity tag. If so, the mobile device may comprise a processor for reading the identity tag in response to an attempt to restore a disabled functionality.
The mobile device may be a portable mobile radio communication equipment, a mobile radio terminal, a mobile telephone, a pager, a communicator, an electronic organizer, a smartphone, a vehicle, a rail vehicle, an aircraft or a boat.
According to third aspect, a method for remotely disabling at least one functionality of a mobile device having communication capabilities and program instructions for said functionality, comprises generating a message comprising disabling data for disabling at least one functionality of the mobile device; and transmitting the message to the mobile device from a control center. The disabling data comprises data for disabling at least a portion of the program instructions.
The method for remotely disabling at least one functionality may comprise transmitting the message according to a protocol for updating program instructions.
The method for remotely disabling at least one functionality may comprise incorporating disabling data including program instructions for deleting at least a portion of the program instructions into the message. Also, said method may comprise incorporating the disabling data including data for replacing at least a portion of the program instructions for said at least one functionality into the message.
The disabling data may include program instructions to replace at least a portion of the program instructions for said at least one functionality. Alternatively or additionally, the disabling data may include program instructions for a tracking functionality.
According to a fourth aspect, a control device for remotely disabling at least one functionality of a mobile device having communication capabilities and program instructions for said functionality, comprises a controller for generating a message including disabling data for disabling at least one functionality of the mobile device; and a communication unit for transmitting the message to the mobile device. The disabling data includes data for disabling at least a portion of the program instructions; and the controller comprises means for, during operation, incorporating the disabling data into the message.
The communication unit may be configured to transmit the message according to a protocol for updating program instructions.
The disabling data may include program instructions for deleting at least a portion of the program instructions for said at least one functionality.
The disabling data may include data for replacing at least a portion of the program instructions for the at least one functionality.
The disabling data may include program instructions to replace at least a portion of the program instructions for said at least one functionality. The disabling data may include program instructions for a tracking functionality.
According to a fifth aspect, a computer program product comprises computer program code means for executing the method for disabling at least one functionality of a mobile device, when the computer program code means are run by an electronic device having computer capabilities.
According to a sixth aspect, a computer program product comprises computer program code means for executing the method for remotely disabling at least one functionality, when said computer program code means are run by an electronic device having computer capabilities.
Further embodiments of the invention are defined in the dependent claims.
It is an advantage of the invention that at least one functionality of the mobile device having communication capabilities may be remotely disabled. Thus, unauthorized use of the mobile device may be prohibited.
It should be emphasized that the term “comprises/comprising” when used in this specification is taken to specify the presence of stated features, integers, steps or components but does not preclude the presence or addition of one or more other features, integers, steps, components or groups thereof.
Further objects, features, and advantages of the invention will appear from the following description of several embodiments of the invention, wherein various aspects of the invention will be described in more detail with reference to the accompanying drawings, in which:
The mobile device 1 may be a portable mobile radio communication equipment, a mobile radio terminal, a mobile telephone, a pager, a communicator, an electronic organizer, and a smartphone. The mobile device may also be a vehicle, a rail vehicle, an aircraft or a boat, which has communication capabilities, e.g. built-in radio communication equipment. In
The receiver/transmitter unit 100 may be a radio receiver/transmitter, which utilizes a TDMA (Time Division Multiple Access) access technique e.g. according to the GSM (Global System for Mobile communication) standard, a CDMA (Code Division Multiple Access), or a WCDMA (Wideband CDMA), such as according to the 3GPP (3rd Generation Partnership Project) standard.
The mobile device 1 may comprise various types of memories, such as a RAM (Random Access Memory), and a non-volatile memory, such as a ROM (Read Only Memory) or a SIM (Subscriber Identity Module), shown collectively by memory 130. The program data, such as firmware software, relating to the functionality of the mobile device may be stored in the ROM and/or the SIM.
The updating unit 120 may be implemented by means of a separate hardware component, such as a processor, an ASIC (Application Specific Integrated Circuit) or an FPGA (Field programmable Gate Array). Alternatively, the updating unit 120 is implemented as a software component, i.e. software program code means, which may be run by processor 110 or a separate processor. The program code means may e.g. be stored in memory 130. The updating unit 120 may also be implemented as a combination of a software and hardware component.
The position determination unit 140 may comprise a GPS (Global Positioning System) unit for determining the geographical position of the mobile device 1. Alternatively, the position determination unit 140 is adapted to obtain the geographical position based on data received from the communication network 10, such as time of arrival, angle of arrival and/or time difference of arrival for signals received from one or several base stations. Some networks also provide network assisted GPS, to which the position determination unit 140 may be configured.
The input/output interface 150 comprises connecting means for connecting the mobile device to an external electronic device, such as a computer. The connecting means may e.g. be an accessory connector, through which the mobile device 1 may be connected to the external electronic device by means of a cable. Alternatively, the connecting means comprises means for a wireless connection, such as an infrared transmitter/receiver, or a short link radio transmitter/receiver, such as a Bluetooth® radio.
A message transmitted by the control center 20 is received by means of the receiver/transmitter unit 100, and processed by means of the processor 110. If the message is an updating message for altering at least a portion of program instructions for a functionality of the mobile device 1 the processor 110 will forward the message, or the disabling data thereof, to the updating unit 120.
The updating unit 120 is configured to process the disabling. The disabling data is received in a message from the control center 20. A functionality of the mobile device 1 may be provided by program instructions or code means stored in the memory 130 and being executable by one or several processors. The functionality of the mobile device 1 may e.g. be a call setup functionality for establishing a call to another telephone, a messaging functionality for transmitting a data message, a data communication, a phone book, or a camera functionality.
In another embodiment, the functionality is a functionality of a vehicle, such as an electronic fuel injection system, an ignition system, or a drive by wire system, such as an electronic steering or an electronic accelerator pedal of the car.
The functionality of the mobile device 1 may be any kind of functionality, which is supported or implemented by program instructions to function properly.
According to one embodiment, at least one functionality of the mobile device is disabled if the updating unit 120 alters data bits of at least a portion of program instructions for the at least one functionality based on the disabling data.
The updating unit 120 may alter certain portions of the program instructions relating to the functionality with data bits of the disabling data, which e.g. may be a set of only zeros or only ones, or a combination thereof that does not provide anything useful, thereby disabling the functionality. Alternatively, the disabling data comprises program instructions for instruction the updating unit 120 to delete certain portions of the stored data bits of the program instructions relating to the functionality, thereby disabling it. Disabling the mobile device 1 has the advantage that an unauthorized user has no or at least limited use of the mobile device 1. Also, if all functionalities, which may incur costs to the owner of the mobile device 1, are disabled said costs may be avoided.
It is an advantage of the above described and other embodiments that the disabled functionalities are disabled independently of the SIM. Thus, replacing the SIM has no effect on the disabled functionality.
According to another embodiment, the disabling data comprises program instructions or software program code means for a functionality that is new for the mobile device 1. In this embodiment, the updating unit 120 replaces at least a portion of stored program instructions for at least one functionality with program instructions of the disabling data. When the stored program instructions are replaced, the functionality associated with them is disabled. The disabling data may e.g. comprise program instructions for a tracking functionality. The processor 110 may carry out the tracking functionality by running the program instructions relating thereto. Adding a functionality has the advantage that not only is a functionality disabled, another functionality is added, which may aid in getting the stolen mobile device 1 back.
The stored program instructions relating to all functionalities of the mobile device, or a subset thereof, such as all communication functionalities, may at least partially be altered based on the disabling data, whereby all or a subset of the functionalities are disabled. Furthermore, data, such as program data, stored in the memory 130 and being related to the disabled functionality may be deleted, wherein the data may not be patched so as to enable the disabled functionality.
If it is desired that an unauthorized user should not notice the disabling of a functionality, a functionality that probably not will be used by the unauthorized user may be disabled. For example, it may be more likely that a functionality that has not been used during a predetermined time interval will not be used in the near future. Then, such a functionality may be chosen to be disabled. The functionality to be disabled may be chosen by the updating unit 120, or set by data received in an initiation message or the message comprising the disabling data.
In one embodiment, the tracking functionality is initialized in response to use of another functionality, such as a communication functionality. Alternatively, the tracking functionality may be initialized once it is stored, or be run as a background functionality, which is not notified to the unauthorized user. This has the advantage that the mobile device 1 may be tracked without the knowledge of the unauthorized user.
The tracking functionality may comprise sending the geographical position of the mobile device 1 to the control center 20. Thus, the processor 110 may request that the position determination unit 140 should determine the geographical position of the portable communication 1, which is transmitted by means of the transmitter/receiver unit 100, e.g. in an SMS (Short Message Service) message, to the control center or another remote device. The address or number, to which the message with the geographical position should be sent, may be specified in a initiation message or the message comprising the disabling data.
In one embodiment, the geographical position is periodically generated and transmitted. The geographical position may e.g. be generated and transmitted once every 5 minutes. The geographical position may e.g. be generated by means of a GPS (Global Positioning System) unit. Alternatively, the geographical position is generated based on mobile assisted positioning, wherein any mobile centric positioning method, e.g. E-OTD (Enhanced Observed Time difference) or GPS, in which the mobile device 1 provides position measurements to the communication network 20 for computation of a location estimate by the communication network 10 or the control center 20. The communication network 10 or the control center 20 may alternatively or additionally provide assistance data to the mobile device 1 to enable position measurements. In one embodiment, the tracking functionality comprises rendering a signal in response to a request from the service center 20, or from another authorized control device. The signal may be of a certain type, such as an SMS, which is dedicated for stolen equipment. This is an advantage if the mobile device 1 has been tracked to a certain geographical area in which several persons or devices are located, whereby the mobile device 1 may be recognized if activation of the signal is requested. If the stolen equipment is a car, the horn may be activated in response to a signal activation request.
In another embodiment, the tracking functionality comprises enabling or switching on a camera, such as a photo or video camera of the mobile device 1. If a photo camera is switched on, photos may be generated and transmitted with predetermined intervals, such as every minute, every 5 minutes, etc. If a video camera is switched on, a streaming service may be initiated, wherein the recorded video is continuously transmitted to the control center 20 or another communication device. Additionally or alternatively, the tracking functionality may switch on the microphone of the mobile device 1, wherein audio data may be recorded and transmitted to the service center 20, e.g. by streaming or intermittently.
It is also possible to enable a functionality, such as the tracking functionality, without disabling any other functionality.
In one embodiment, the message comprising disabling data is received according to a protocol for updating or upgrading program instructions, e.g. firmware, of the mobile device 1. One such protocol is OMA (Open Mobile Alliance) SyncML Device Management. Using this protocol has the advantage that no special implementation for disabling the functionality is needed except from the firmware upgrade functionality itself. Also, this protocol provides two-way communication and authentication. The firmware upgrade functionality is often added to a mobile device 1, wherein adding the disabling function does not incur any additional cost.
In one embodiment, the message sent from the control center 20 comprises authentication data, such as a public key, with which the data of the message is encrypted. The public key of the control center 20 may be stored in the memory 130, e.g. when the mobile device 1 is manufactured. The message may comprise an identification tag indicating that it is a message for disabling a functionality of the mobile device. When the mobile device 1 receives the message it may verify that the message comprises disabling data. Also, the message comprises one or several certificates. Thus, the mobile device 1 may verify that it is authorized to connect to a certain server, which is authorized to disable a certain functionality and/or that the message is received from a remote device that is authorized to disable at least one functionality. In another embodiment, the authentication data of the message is a code. One or several codes for one or several control centers that are authorized to disable at least one functionality may be stored in the memory 130, e.g. during manufacturing or by remote updating of the memory 130.
In one embodiment, the disabling data may be verified with one or several certificates, such as directly after downloading the updating data and/or prior to and in connection with using the updating data.
One or several initialization messages may be transmitted from the control center 20 to the mobile device 1 before the message comprising the disabling data is transmitted. Any of the initialization messages may comprise the authentication data rather than the message comprising the disabling data. Consequently, the authentication data and the disabling data need not be transmitted in the same message.
In one embodiment, an acknowledge message for confirming disabling of the at least one functionality may be transmitted to a remote device, such as the control center 20, another mobile telephone, or a host computer of an e-mail box, in response to disabling at least one functionality.
The disabling data may comprise an identity tag, such as a name or number, e.g. IMEI (International Mobile Equipment Identifier) or IMSI (International Mobile Station Identity) of the mobile device 1 to disable, which may be written to and stored in memory 130.
If the mobile device 1 is returned to its owner, the disabled functionality may be restored. A computer may be connected to the input/output interface 150. Program instructions for the disabled functionality may be transferred from the computer to the memory 130. However, to prevent unauthorized enabling of the disabled functionality, the processor 110 may read the identity tag in response to the attempt to enable the functionality. The computer can prove that it is authorized e.g. if it has the identity tag, or an access code, associated with the disabling data. When the mobile device 1 has authorized the computer it can start updating the program instructions for the disabled functionality. The computer may e.g. be provided at a service point.
In an alternative embodiment, the disabled functionality may be restored by transmitting enabling data from the control center 20 to the mobile device 1. This may be done in the same manner as transmitting the disabling data as described above, albeit with enabling data rather than disabling data. The enabling data comprises data for restoring the disabled functionality and may be accompanied by an identity tag, such as the IMEI or IMSI, wherein unauthorized enabling is prevented.
The communication unit 160 comprises communication means for communication with the mobile device 1, such as a cable and/or a radio receiver/transmitter for establishing a connection to the communication network 10. Memory 170 may comprise a RAM and/or a ROM memory. The controller 180 may be a CPU and be configured to generate the message comprising the disabling data to be sent to the mobile device 1. The disabling data may be generated based on device information received from the mobile device 1. The disabling data may at least partly be stored in memory 170.
In
In step 201, the mobile device 1 receives the push initiation message. In step 202, the mobile device 1 authenticates the push initiation message to verify whether the control center 20 is authorized to disable any of its functionality. If the answer in step 202 is no, the procedure is ended, e.g. by not responding to the push initiation message. If the answer in step 201 is yes, the procedure proceeds to step 203, wherein device information is transmitted to the control center 20. The device information may comprise information of the manufacturer of the mobile device, type, serial number, capabilities, and/or type or version of firmware etc. Together with the device information may also client credentials be transmitted. The device information and the client credentials may be transmitted in a packet set up according to the SyncML DM protocol. The device information may any information according to the SyncML DM specification.
The device information is received by the control center 20 in step 204, which in response thereto generates a message comprising data for disabling at least one functionality of the mobile device 1. The disabling data may be generated in dependence of the device information received. For example, depending on the type or version of the firmware, the disabling message could specify that certain portions of program instructions of a particular firmware should be deleted, or replaced by only zeros or ones. Then, in step 205 the message comprising the disabling data is transmitted to the mobile device 1.
In step 206, the mobile device 1 receives the message comprising the disabling data. In response to receiving the disabling data, the updating unit 120 alters at least a portion of program instructions for at least one functionality of the mobile device 1, such as described above, whereby said functionality is disabled. When the functionality has been disabled, the mobile device 1 generates and transmits an acknowledge message to the control center 20 in step 208. However, if all communication functionalities of the mobile device 1 are disabled, no acknowledge message can be transmitted.
The acknowledge message is received by the control center in step 209, wherein the procedure is ended.
All steps carried out in the method according to
The present invention has been described above with reference to specific embodiments. However, other embodiments than the above described are possible within the scope of the invention. Different method steps than those described above, performing the method by hardware or software, may be provided within the scope of the invention. The different features and steps of the invention may be combined in other combinations than those described. The scope of the invention is only limited by the appended patent claims.
| Number | Date | Country | Kind |
|---|---|---|---|
| 05104060.8 | May 2005 | EP | regional |
| Filing Document | Filing Date | Country | Kind | 371c Date |
|---|---|---|---|---|
| PCT/EP06/04428 | 5/11/2006 | WO | 00 | 5/7/2008 |
| Number | Date | Country | |
|---|---|---|---|
| 60685748 | May 2005 | US |
