Patent Application
20060281450
Embodiments of the invention relate generally to the field of data storage, and more specifically to methods and apparatuses employing telecommunications systems to remotely modify or erase stored data.
Conventional data storage devices provide mechanisms for securing stored data. Such mechanisms may include password protection or encryption of the stored data. These mechanisms provide a measure of security to a user, but are less effective and less reliable when the data storage device is susceptible to unauthorized accessed (e.g., when the device has been stolen).
Various techniques have been employed to provide to maintain the integrity of mobile communications devices, such as cell phones, that are capable of communication with a telecommunications network. For example, telecommunications networks may include user terminals, such as cell phones, which utilize a SMARTCARD which includes a SIM (subscriber identity module). The SIM's include a data storage device that contains data such as the identity of the card holder (i.e., the service subscriber), billing information, and home location. When a cell phone user places a call, the SIM communicates the unique SIM code to the network. The network checks to see if the SIM code owner is a current subscriber to the network service, often by matching the SIM code with a list of authorized SIM codes. This authentication, or matching of SIM codes generally precedes all other network communication with the cell phone.
SMARTCARDs were developed to allow cell phone activities other than simple telephone calls. The SMARTCARD can contain microprocessors for, e.g., transaction management, data encryption and user authentication. The SMARTCARD or the SIM may include subscriber entered telephone numbers and other valuable information. Theft of the phone places this valuable information in the hands of others. In fact, the loss of the phone is probably less important than the loss of the valuable information contained therein. This is especially true for the new cell phones which now access the Internet, and for cell phones coupled with handheld computing devices, which browse the Internet, store Power Point presentations, and do rudimentary word processing, as well as scheduling appointments and maintaining expense accounts.
U.S. Pat. No. 5,898,783 discloses a telecommunications network with disabling circuitry which can disable the SMARTARD of the cell phone of a particular subscriber. The disable command can permanently incapacitate the SMARTCARD by destroying the power connection for the logic circuitry, or temporarily incapacitate the logic circuitry by erasing the memory within the card. According to this patent, the numbers of stolen phones can be reported to the network and entered into a database which is searched when any cell phone requests service, and a disable command or signal returned to the cell phone if its number is in the disable database. U.S. Pat. No. 5,734,978 describes a telecommunications system having a manufacturer preset destruct code stored in each cell phone. When a subscriber reports a phone stolen, the network's base station controller initiates a destruct program, using the destruct code. The destruct code destroys the data necessary for performing the telephone functions, but not the private data.
U.S. Pat. No. 6,259,908 describes a cellular phone system in which a locking code on a particular cell phone may be erased by means of a message transmitted through the cell phone system, but may not be erased or changed using the keyboard features of that phone. This arrangement has particular usefulness in a designated cellular system with many units, such as a communications network for the fire department of a large city. To set up or reconfigure the network, the entire network must be activated and the individual units (cell phones) assigned a particular number. According to the patent, all phones on the system have a locking code to prevent theft communications on the network until all units are assigned.
These schemes are disadvantageous in that they do not effect the safeguarding of personal data stored on the communication devices, but only prevent theft of telecommunications services.
A method for safeguarding stored data is disclosed. For one embodiment of the invention a communication link between a digital processing system and a network operator digital processing system is established via a communications network. A status information pertaining to the digital processing system is then accessed. The status information is stored on the network operator digital processing system and indicates whether one or more applications should be executed. One or more applications is then executed as indicated by the status information.
Other features and advantages of embodiments of the present invention will be apparent from the accompanying drawings, and from the detailed description, that follows below.
The invention may be best understood by referring to the following description and accompanying drawings that are used to illustrate embodiments of the invention. In the drawings:
Methods and apparatuses are disclosed for safeguarding stored information from unauthorized access. In accordance with one embodiment of the invention when a DPS establishes communication with a communication system, the identification of the DPS is verified and access is provided to security status information pertaining to the DPS. Based upon the security status information, one or more programs are executed on the DPS.
It is an object of one embodiment of the invention to safeguard the private data stored on a data storage device, by permitting the user to erase or destroy that data using an on-air signal. According to one such embodiment of the invention, one or more memory devices of a digital processing system (DPS) may be provided with an erase means. For one embodiment of the invention the erase means comprises a fuse, switch, or similar device in a disable, or erase, circuit. For one embodiment of the invention, the erase means executes an erase command on receiving an on-air erase code which matches an erase code preset by the user. If the DPS is lost or stolen, the user need only establish a communications link with the DPS and enter the erase code to effect erasure (or modification) of specified stored data.
These objects are also achieved by the method of the present invention, for safeguarding data stored in a DPS capable of communication via a communications network. For one embodiment of the invention, the DPS receives a message via the communications network. The message contains an erase code that effects the erasure of data stored in a data storage device of the DPS.
In the following description, numerous specific details are set forth. However, it is understood that embodiments of the invention may be practiced without these specific details. In other instances, well-known circuits, structures and techniques have not been shown in detail in order not to obscure the understanding of this description.
Reference throughout the specification to “one embodiment” or “an embodiment” means that a particular feature, structure, or characteristic described in connection with the embodiment is included in at least one embodiment of the present invention. Thus, the appearance of the phrases “in one embodiment” or “in an embodiment” in various places throughout the specification are not necessarily all referring to the same embodiment. Furthermore, the particular features, strictures, or characteristics may be combined in any suitable manner in one or more embodiments.
Moreover, inventive aspects lie in less than all features of a single disclosed embodiment. Thus, the claims following the Detailed Description are hereby expressly incorporated into this Detailed Description, with each claim standing on its own as a separate embodiment of this invention.
The elements of the SMARTCARD, illustrated in
The card is provided with disabling circuitry, 22, which can e.g., permanently erase the memory of the card. The disabling circuitry may comprise either a fuse or a switch, which operates to e.g. decouple the electrical power from the memory in card. Other means of effectively erasing the memory are known to those in the art, as by providing an excessive voltage that causes the memory to malfunction, even if it is still receiving power, or permanently incapacitating the logic circuitry by cutting it off from its source of power.
A block diagram of the telecommunications network is illustrated in
The operation of the method and apparatus of the present invention will now be described. The user of SMARTCARD may use the alphanumeric keys, 12 to enter into, and store in the memory, an erase code to permit erasure of private data in the phone. According to a preferred embodiment of the present invention, the erase code for any selected cell phone may only be directly entered into the phone, using the keypad for that phone. The erase code may be stored in memory on the SMARTCARD, or may be transferred to, and stored on, the network. The erase code for a particular SMARTCARD or SIM may not be preset or changed by an on-air signal from a cell phone with a different SIM. The erase command may be included in the data communications circuitry of the card or on the network.
If the cell phone is stolen or lost, the user may, using another cell phone or a land line, call the telephone number of the stolen or lost cell phone, and enter the erase code. The data communications circuitry of the network and the lost phone “matches” the erase code of the on-air communication with the preset stored erase code. The “matching” may involve an exact matching of characters, or an exact mapping, requiring a specific relationship, between the preset erase code and the received erase code. If there is a match, an erase command is issued, and the private data in the stolen or lost cell phone is erased. The circuitry for executing the erase command is in the cell phone.
The present invention does not require a network database of erase codes, permitting great individual privacy. In addition, the user does not need to access disable commands on the network. No database of disabled numbers needs to be assembled and maintained by and at the network in order for the user to disable the memory for his private data. When the erase code is stored in the cell phone, it is instantly operable. In addition it may be instantly changed. The privacy of data entered into cell phones is of increasing importance. New phones incorporate Internet text messaging, e-mail, and web surfing and downloading. Elaborate negotiations may flow be conducted via a cell phone. In addition, cell phones are being combined with handheld computers and organizers, which contain word processing. Entire contracts may be recorded, transmitted, or received on a handheld apparatus including a cell phone on a telecommunications network.
Those skilled in the art should understand that while the present invention may be embodied in hardware that alternative embodiments may include software or firmware, or combinations thereof. Such embodiments may include implementations using conventional processing circuitry such as, without limitation, programmable array logic (“PAL”), digital signal processors (“DPSs”), field programmable gate array (“FPGA”), application specific integrated circuits (“ASICs”), large scale integrated circuits (“LSIs”). Moreover, the present embodiment is introduced for illustrative purposes only and other embodiments that provide a system for and method of disabling a SIM card are well within the broad scope of the present invention. Conventional computer, and processing, system architecture is more fully discussed in Computer Organization and Architecture, by William Stallings, MacMillan Publishing Co. (3rd ed. 1993). Conventional processing system network design is more fully discussed in Data Network Design, by Darren L. Spohn, McGraw-Hill, Inc. (1993). Conventional voice and data communications are more fully discussed in Data Communications Principles, by R. D. Gitlin, J. F. Hayes and S. B. Weinstein, Plenum Press (1992), The Irwin Handbook of Telecommunications, by James Harry Green, Irwin Professional Publishing (2nd ed. 1992) and Voice & Data Communications Handbook, by Regis J. Bates, Jr. and Donald Gregory, McGraw-Hill (1996). Conventional electronic circuit design is more fully discussed in The Art of Electronics, by Paul Horowitz and Winfield Hill, Cambridge University Press, (2nd ed. 1989). Conventional control systems and architectures are discussed in Modern Control Engineering by Katsuhiko Ogata, Prentice Hall 1990. Each of the foregoing publications is incorporated herein by reference.
As discussed above, embodiments of the invention are applicable in a variety of settings in which data is stored in a memory device of a DPS capable of communicating via a communications systems.
The DPSs 410A-410F contain identification functionality as well as disabling and/or data erasing functionality as discussed above, shown for example as identification functionality 411 and disable/erase functionality 412. The DPSs are capable of communicating with a wireless service provider's operator network DPS 440. For example, operator network DPS 440 is connected via Internet 430 to the DPSs 410A-410E and is connected via a cellular communication system to DPS 410F. The DPSs may communicate with operator network DPS 440 via communication links 402 which direct or indirect links, including but not limited to, broadcasted wireless signals, network communications or the like.
Operator network DPS 440 contains DPS identification verification functionality as well DPS security status information pertaining to DPSs 410A-410F.
For one embodiment of the invention, when one of the DPSs communicates via the communications network, the operator network verifies the identification of the DPS. After the identification of the DPS is verified, the DPS is allowed to access the corresponding security status information stored on the operator network. Based upon the security status information, the DPS executes predefined commands. For example, the user may update the security status information to reflect that the DPS has been lost or stolen. When the DPS accesses the security status information, the DPS may then execute an erase program for some or all of the data stored on the DPS. Alternatively, or additionally, the DPS may execute a disable program.
At operation 510 the DPS provides an identification that uniquely identifies the DPS which is verified by a operator network DPS of the communication system as discussed above.
At operation 515 the DPS is allowed to access status information pertaining to the DPS system that is stored on the operator network DPS. Such status information may indicate that the DPS has been lost or stolen or that its data integrity has in some way been compromised.
At operation 520, one or more programs (applications), stored on the DPS are executed based upon the status information. For one embodiment of the invention, the operator network DPS communicates a program execution signal to the DPS to effect execution of one or more programs. The program execution signal may be incorporated within the status information and accessing the storage information may cause the operator network DPS to communicate the program execution signal. For one embodiment of the invention, the programs are stored on the DPS and include a disable program to disable the DPS and a data erase program to erase specified data stored in one or more data storage devices of the DPS. For example, if the status information indicates that the DPS has been lost or stolen, the operator network DPS may signal execution of an erase program that erases some or all of the data stored on the DPS. Additionally or alternatively, a disable program may be executed that prevents the DPS from being used.
As discussed above, embodiments of the invention may employ DPSs or devices having digital processing capabilities.
The bus 615 further couples the processor 605 to a display controller 620, a mass memory 625 (e.g. a hard disk or other storage which stores all or part of the applications 445 and 446, or 411 and 412 or stored data, depending on the DPS). The network interface or modem 645, and an input/output (I/O) controller 630. The mass memory 625 may represent a magnetic, optical, magneto-optical, tape, and/or other type of machine-readable medium/device for storing information. For example, the mass memory 625 may represent a hard disk, a read-only or writeable optical CD, etc. The display controller 620 controls, in a conventional manner, a display 635, which may represent a cathode ray tube (CRT) display, a liquid crystal display (LCD), a plasma display, or other type of display device. The I/O controller 630 controls I/O device(s) 640, which may include one or more keyboards, mouse/track ball or other pointing devices, magnetic and/or optical disk drives, printers, scalers, digital cameras, microphones, etc.
The processing system 600 represents only one example of a system, which may have many different configurations and architectures and which may be employed in accordance with various embodiments of the invention. For example, various manufacturers provide systems having multiple busses, such as a peripheral bus, a dedicated cache bus, etc. Similarly, a portable communication and data processing system, which may employ a cellular telephone and/or paging capabilities, may be considered a processing system that may be used with an embodiment of the invention. However, such a system may not include one or more I/O devices, such as those described above with reference to I/O device 640.
In the system 600 shown in
General Matters
Embodiments of the invention include a system that provides the safeguarding of information stored on a DPS capable of communicating with a communications system.
In accordance with one embodiment of the invention when a DPS establishes communication with a communication system, the identification of the DPS is verified and access is provided to security status information pertaining to the DPS. Based upon the security status information, one or more programs are executed on the DPS.
It is an object of one embodiment of the invention to safeguard the private data stored on a data storage device, by permitting the user to erase or destroy that data using an on-air signal. According to one such embodiment of the invention, one or more memory devices of a digital processing system (DPS) may be provided with an erase means. For one embodiment of the invention the erase means comprises a fuse, switch, or similar device in a disable, or erase, circuit. For one embodiment of the invention, the erase means executes an erase command on receiving an on-air erase code which matches an erase code preset by the user. If the DPS is lost or stolen, the user need only establish a communications link with the DPS and enter the erase code to effect erasure (or modification) of specified stored data.
Embodiments of the invention have been described as including various operations. Many of the processes are described in their most basic form, but operations can be added to or deleted from any of the processes without departing from the scope of the invention. For example, for one embodiment of the invention, operation 520 may be extended to include executing a program that provides the operator of the DPS with information regarding the user (e.g., owner) of the DPS. For example, if the status information indicates that the DPS has been lost or stolen, such a user contact program will instruct the operator how to return the DPS to its rightful possessor may be executed prior to disabling the DPS.
Or for example, a program may be executed which downloads specific stored data from the DPS prior to executing an erase program. For example, a user may wish to have specific information retrieved from the DPS prior to the stored data on the DPS being erased. In such an embodiment, a data download program will download specified information, stored on the DPS, to the operator network DPS prior to effecting the erasure of the data stored on the DPS.
The operations of the invention may be performed by hardware components or may be embodied in machine-executable instructions, which may be used to cause a general-purpose or special-purpose processor or logic circuits programmed with the instructions to perform the operations. Alternatively, the steps may be performed by a combination of hardware and software. The invention may be provided as a computer program product that may include a machine-readable medium having stored thereon instructions, which may be used to program a computer (or other electronic devices) to perform a process according to the invention. The machine-readable medium may include, but is not limited to, floppy diskettes, optical disks, CD-ROMs, and magneto-optical disks, ROMs, RAMs, EPROMs, EEPROMs, magnet or optical cards, flash memory, or other type of media/machine-readable medium suitable for storing electronic instructions. Moreover, the invention may also be downloaded as a computer program product, wherein the program may be transferred from a remote computer to a requesting computer by way of data signals embodied in a carrier wave or other propagation medium via a communication cell (e.g., a modem or network connection).
While the invention has been described in terms of several embodiments, those skilled in the art will recognize that the invention is not limited to the embodiments described, but can be practiced with modification and alteration within the spirit and scope of the appended claims. The description is thus to be regarded as illustrative instead of limiting.
This application is a continuation-in-part application claiming priority to pending application Ser. No. 11/112,020, filed on Apr. 21, 2005, entitled “Safeguarding User Data Stored in Mobile Communications Devices,” which is a continuation application claiming priority to pending application Ser. No. 10/405,348, filed on Apr. 1, 2003, entitled “Safeguarding User Data Stored in Mobile Communications Devices,” both of which are herein incorporated by reference in their entirety.
| Number | Date | Country | |
|---|---|---|---|
| Parent | 10405348 | Apr 2003 | US |
| Child | 11112020 | Apr 2005 | US |
| Number | Date | Country | |
|---|---|---|---|
| Parent | 11112020 | Apr 2005 | US |
| Child | 11441618 | May 2006 | US |
