 
                 Patent Grant
 Patent Grant
                     8995668
 8995668
                    The present disclosure relates to the protection of user privacy while allowing electronic devices to be tracked.
Laptops, and increasingly other electronic devices such as cell phones, PDAs, smart phones (e.g. BlackBerry™, iPhone™), memory sticks, personal media devices (e.g. iPod™), gaming devices and personal computers, are being remotely tracked so that they can be recovered in the event of theft. Such tracking may be effected by sending location information to a remote storage site or an email server.
Proprietary information is routinely stored on electronic devices such as personal computers, laptop computers and personal digital assistants, and the need to protect such proprietary or sensitive data, and to recover such devices if they are lost or stolen, is self-evident. However, the privacy of the users of such devices needs to be taken into consideration when providing protection of such devices and/or data.
This summary is not an extensive overview intended to delineate the scope of the subject matter that is described and claimed herein. The summary presents aspects of the subject matter in a simplified form to provide a basic understanding thereof, as a prelude to the detailed description that is presented below.
In many cases, an employer will want to track all the laptops (or other electronic devices) that are issued to its employees. For privacy reasons, some employees may object to the laptop being tracked 24/7, as one's personal location and compilations of historical personal locations are considered private data. This is especially the case if an employer has given permission for an employee to use the laptop for personal use outside of working hours. The concern exists whether the employer does the monitoring, or whether an unrelated third party such as a security company does the monitoring.
The subject matter described herein provides a system and method for the conditional encryption of data transferred from a device that is being tracked to a computer at a remote location. Data transfer may be for tracking, for monitoring purposes, data backup or for recovery in the case of loss or theft.
There are several aspects to the encryption in one embodiment. In order to prevent unauthorized access, private data is encrypted before it is transferred to the remote location, and cannot be decrypted without a private key. Whether or not data is encrypted before transmitting to the remote location may depend on whether it is private or business data, the determination of which can be made dependent upon certain conditions. The conditions may be temporal, such that for data created during certain hours of the day (such as working hours), the data is considered to be business related and is not encrypted before transfer, or it is pre-encrypted and decryptable at the remote site using a business related decryption key. For data created at other times, such as outside working hours, the data may be considered private and encrypted before transfer. In a preferred embodiment, private data is decryptable only with consent of the user of the device, using a private decryption key.
The data that is transferred is typically location or location-related information, such as IP addresses, GPS coordinates, Wi-Fi signal strengths, cell tower signal strengths, times at these locations, time spent at these locations, and identification indicia for the device, but may also include websites visited, key strokes, email messages, software versions, software run, device specifications, mouse movements and files or details of files created, deleted, copied, transferred, opened, clicked, selected and/or amended. However, as will be readily understood by those of skill in the art, the disclosed subject matter can equally be employed to protect other private data created using a shared business and private use device, either together with location or location-related information, or alone. Other private data that can be protected includes, for example, usage data, websites visited, video and audio files played, downloads, keystrokes, screenshots, emails, files and any other private data.
For a fuller understanding of the nature and advantages of the disclosed subject matter, as well as the preferred mode of use thereof, reference should be made to the following detailed description, read in conjunction with the accompanying drawings. In the drawings, like reference numerals designate like or similar steps or parts.
    
    
    
    
    
A. Terminology
Agent—as used herein, is a software, hardware or firmware agent that is ideally persistent and stealthy, and that resides in a computer or other electronic device. The agent preferably provides servicing functions which require communication with a remote server. The agent is tamper resistant and may be enabled for supporting and/or providing various services such as data delete, firewall protection, data encryption, location tracking, message notification, and software deployment and updates. An illustrative embodiment of an agent is found in the commercially available product Computrace Agent™. The technology underlying the Computrace Agent™ has been disclosed and patented in the U.S. and other countries, which patents have been commonly assigned to Absolute Software Corporation. See, for example, U.S. Pat. Nos. 5,715,174; 5,764,892; 5,802,280; 6,244,758; 6,269,392; 6,300,863; and 6,507,914 and related foreign patents. Details of the persistent function of an agent are disclosed in U.S. Patent Application Publication Nos. US2005/0216757 and US2006/0272020. The technical disclosures of these documents are fully incorporated by reference as if fully set forth herein. It is feasible to use an equivalent agent to the Computrace Agent™, or less preferably an alternative agent with less functionality. For the purposes of the present disclosure, the minimal functional attribute of the agent is to facilitate communications between the electronic device and a monitoring center. Communications may be initiated by the agent, by the monitoring center or by both.
Host—This is the electronic device to be protected, that is typically intended for shared business and private use. Examples of a host include a laptop, a netbook, or a smart phone. The agent resides in the host.
Monitoring Center—This is a guardian server or other computer or server that the agent communicates with or sends a message to. It may be an email server or it may be a distribution of servers or other computers. For example, provided an internet connection is available to the host, an agent may call the monitoring center at some selected suitable interval to report the location of the host, download software upgrades if there are any and repair any security modules that are or should be installed on the host. In the embodiments disclosed herein, the agent would upload to remote storage located in the monitoring center location information and/or any other data desired to be transferred. Communication to the monitoring center may take place, for example, via a wired or wireless telephone network, WIFI, WIMAX, cable or satellite.
Encryption—It is generally assumed that any data that is transferred between remote devices, such as between a host and a monitoring center, is encrypted during transmission. However, in this document, unless the context requires otherwise, the term encryption generally refers to a conditional level of encryption, which may be private encryption or business encryption, rather than to the encryption typically employed during transmission. Furthermore, the term encryption applies predominantly herein to private data (including private location information and/or any other private data desired to be transferred) that is transferred and remains encrypted and unable to be decrypted at a remote storage center unless a private decryption key is provided. The term encryption also refers to the user of a host device, who is the owner of private data, being able to control whether his private data is encrypted when it is transferred or copied to a remote storage facility. Private data can also be referred to as personal data. Business data can also be referred to as corporate data, company data or non-personal data.
The detailed descriptions within are presented largely in terms of methods or processes, symbolic representations of operations, functionalities and features of the invention. These method descriptions and representations are the means used by those skilled in the art to most effectively convey the substance of their work to others skilled in the art. A software implemented method or process is here, and generally, conceived to be a self-consistent sequence of steps leading to a desired result. These steps involve physical manipulations of physical quantities. Often, but not necessarily, these quantities take the form of electrical or magnetic signals capable of being stored, transferred, combined, compared, and otherwise manipulated. It will be further appreciated that the line between hardware, software and firmware is not always sharp, it being understood by those skilled in the art that software implemented processes may be embodied in hardware, firmware, or software, in the form of coded instructions such as in microcode and/or in stored programming instructions. In general, unless otherwise indicated, singular elements may be in the plural and vice versa with no loss of generality. The use of the masculine can refer to masculine, feminine or both.
B. Exemplary Embodiment
A block diagram of a preferred embodiment is shown in 
The agent 2 is operably connected to an encryption engine 5 comprising computer readable instructions in the memory 6, which encrypts the company data 7 and/or private data 8 to be transferred, according to encryption rules 9, also stored in memory 6. One or more encryption keys, for example company key 10 and private key 11, may be stored in the memory 6 of the electronic device 1. The memory 6 may be divided into parts and/or different types of memory, such as, for example, to facilitate the separate storage of company data 7 and private data 8 in distinct data stores. In a typical application, a user of device 1 may create a private directory or folder in memory 6 into which any data that is identified as private data 8 may be segregated from company data 7.
Host device 1 also comprises a location device 15, such as a GPS or A-GPS receiver device, or some other device performing location determination. The location device 15 may be contained in the memory 6 of the electronic device 1, or it may be a component or module separate from the memory 6 as shown in 
The agent 2 sends data 7, 8, which may include location information, to a monitoring center 3 and/or remote storage device(s) 12 regularly, aperiodically, randomly, semi-randomly and/or according to triggers. This transmission of data between agent 2 and monitoring center 3 may occur transparently to the user. Before sending, private location data (i.e. location data logged or collected outside working hours) in private data store 8 may be encrypted and company location data in company data store 7 may be left unencrypted. Location data in data stores 7, 8 may be present only transiently in the electronic device 1.
At the monitoring center 3, the two types of data 7a, 8a may be stored together, or may be stored in separate databases after being sorted by a sorter module 25. For example, the company data 7 that is not encrypted can be marked as such in device 1, or can be identified as such at the monitoring center 3, and then stored in data store 7a. Private data 8 that is encrypted before sending can be marked as such in device 1, or can be identified as such at the monitoring center 3, and then stored in a data store 8a. The remote storage 12 may be at the premises of a company or business that owns the electronic device 1, or at the premises of a third party security company, or it may be in another computer or server, or distributed in multiple computers or servers. If the company data 7a that is stored is not encrypted (apart from temporarily during transmission), the company will have access to it, but will not be able to decipher private data 8a without being provided access to private decryption key 11a. It is possible that the encryption engine 5 encrypts both company data 7 and private data 8 before it is sent by the agent 2 to the remote storage 12, in which case an administrator at the company will need a company decryption key 10a to convert the data 7a to a meaningful (unencrypted) format. In either case, the private data 8 which is transferred or copied is encrypted using a private encryption key 11 or password that is known only to the user of the electronic device 1. The company does not have access to the private encryption key 11 and cannot interpret the data 8a that is private and stored at the monitoring center 3.
The monitoring center 3 may be a server which contains an interface 23 to the network 4, a bus 14 via which components internal to the server communicate and a processor 13 for processing computer readable instructions in remote storage 12. Examples of instructions may be those used to sort incoming data in the sorter module 25, a program allowing for input of decryption keys, a program for allowing access to data, etc. Also in remote storage 12, the encrypted private data 8a may be stored, as can be the company data 7a, which may or may not be encrypted. Links 20, 21 between the electronic device 1, the network 4 and the monitoring center 3 may be wired, wireless or cable.
If a user wants to access his private data 8a—for example after the theft of the electronic device 1, he can access the remote storage 12 using a terminal 30 via the internet 4. The data can be downloaded to terminal 30 and the user's private decryption key 11a can be used to decrypt the data 8a. A first password may be used for retrieving the private data 8a and a second password or decryption key 11a may be used for decrypting the private data 8a. Alternately, the decryption key 11a may be provided to the monitoring center 3 in order to decrypt the private data 8a.
In the case of theft or loss of the electronic device 1, 
In embodiments where the provision of a private key would reveal historical location data, or other private information, the use of a third party security company may be preferable for employees who never want any of their private information to become available to their employer.
There may be a set of rules by which the private data 8 is encrypted. 
Other time periods may be set as exceptions to a schedule such as described above, and allowances may be made for vacation time, for example. Rules, including rules relating to the time periods, may be amended or updated via the agent 2 during a communication with the monitoring center. For example, in the case of a theft, an amended rule to cease all private encryption may be communicated via the agent 2 to the encryption rules module 9. This embodiment may obviate the need for a user to supply a private decryption key 11a to recovery personnel.
Business or company data 7 may be encrypted with a key 10 known only to the business, company, owner or administrator of the electronic device 1. Alternately, there may a separate encryption process for storage of company data that occurs at the remote monitoring site 3. This way, a user will not have access to a company encryption key.
The application of the rules 9 may in some embodiments be dependent upon the user entering a password. As shown in 
In an alternate embodiment, the company data 7 and the private data 8 is by default not encrypted. The user has the option, when desiring to use the device 1 for private matters, of entering a password which will cause the data that is transferred to the remote storage 12 to be encrypted beforehand, but only for a set period of time. Referring to 
Example Rules
The following are examples of rules that can be used for the encryption using the user's private key:
Steps in the figures may be performed in a different order to that illustrated, or they may be combined where shown separately.
A signal (such as an audible signal or a visual pop-up message generated on the device) may be generated by the agent and given to the user that the period of private encryption is over, or is about to end. It may be a disguised signal that gives no clue to a thief that there is a form or tracking protection installed in the device.
A user password for encryption may be deleted by the agent from the device at the end of every encryption period. This would prevent a thief attempting to use it to encrypt location data in order to hide his whereabouts.
On provision of the user's private key to the security company, the system may be configured to only decrypt data going back for a certain period of time, such as two weeks. This could be arranged by regularly deleting old data from the remote storage device. Alternately, the private encryption key may evolve as a function of time, such that a given decryption key can only unlock current and future data but not historical data.
It is not necessary for the private and company data to be transferred as it is being created. It may be stored locally in the electronic device 1 in its respective data store 7, 8 until a connection between the device 1 and the monitoring center 3 is available, or until it is time for the agent to initiate communication to or respond to the monitoring center 3.
While an embodiment has been described in relation to protecting private location data, the disclosed subject matter can equally be employed to protect other private data created using a shared business and private use device. Other private data that can be protected includes usage data, websites visited, video and audio files played, downloads, keystrokes, screenshots, emails, files and any other private data.
The present description is of the best presently contemplated mode of carrying out the subject matter disclosed and claimed herein. The description is made for the purpose of illustrating the general principles of the subject matter and not be taken in a limiting sense. The subject matter can find utility in a variety of implementations without departing from the scope of the disclosure made, as will be apparent to those of skill in the art from an understanding of the principles that underlie the subject matter.
This application is a continuation of U.S. application Ser. No. 12/505,425, filed Jul. 17, 2009, which claims the benefit of U.S. Provisional Patent Appl. No. 61/082,130 filed Jul. 18, 2008, which is hereby fully incorporated by reference.
| Number | Name | Date | Kind | 
|---|---|---|---|
| 6700493 | Robinson | Mar 2004 | B1 | 
| 7023356 | Burkhardt et al. | Apr 2006 | B2 | 
| 7058814 | Zimmerman | Jun 2006 | B1 | 
| 7543317 | Kahn et al. | Jun 2009 | B2 | 
| 7916870 | Mergen | Mar 2011 | B2 | 
| 8213905 | Yang | Jul 2012 | B2 | 
| 8806602 | Radhakrishnan | Aug 2014 | B2 | 
| 20010050990 | Sudia | Dec 2001 | A1 | 
| 20020129238 | Toh et al. | Sep 2002 | A1 | 
| 20040087314 | Duncan | May 2004 | A1 | 
| 20040106415 | Maeda et al. | Jun 2004 | A1 | 
| 20040172550 | Sai | Sep 2004 | A1 | 
| 20060041903 | Kahn et al. | Feb 2006 | A1 | 
| 20060150252 | Okimoto et al. | Jul 2006 | A1 | 
| 20060233360 | Gammel et al. | Oct 2006 | A1 | 
| 20070006322 | Karimzadeh et al. | Jan 2007 | A1 | 
| 20070024500 | Glennon et al. | Feb 2007 | A1 | 
| 20070079117 | Bhogal et al. | Apr 2007 | A1 | 
| 20070136814 | Lee et al. | Jun 2007 | A1 | 
| 20070178909 | Doyle | Aug 2007 | A1 | 
| 20070229350 | Scalisi et al. | Oct 2007 | A1 | 
| 20070271348 | Yang | Nov 2007 | A1 | 
| 20080072284 | Horvitz et al. | Mar 2008 | A1 | 
| 20080162225 | Malcolm | Jul 2008 | A1 | 
| 20080177994 | Mayer | Jul 2008 | A1 | 
| 20080270789 | Bandini et al. | Oct 2008 | A1 | 
| 20080310633 | Brown et al. | Dec 2008 | A1 | 
| 20090117877 | Yang | May 2009 | A1 | 
| 20090132713 | Dutta et al. | May 2009 | A1 | 
| 20090254997 | Yassa | Oct 2009 | A1 | 
| 20090271617 | Song et al. | Oct 2009 | A1 | 
| 20100122326 | Bisbee et al. | May 2010 | A1 | 
| 20100313013 | Ginter et al. | Dec 2010 | A1 | 
| 20110231840 | Burch et al. | Sep 2011 | A1 | 
| 20110231914 | Hung | Sep 2011 | A1 | 
| 20120005474 | Bourret et al. | Jan 2012 | A1 | 
| 20130124233 | Walker et al. | May 2013 | A1 | 
| 20130144976 | Tedesco et al. | Jun 2013 | A1 | 
| 20130237142 | Brisebois et al. | Sep 2013 | A1 | 
| 20140143889 | Ginter et al. | May 2014 | A1 | 
| Entry | 
|---|
| PCT/CA2009/001028, PCT International Search Report, Sep. 22, 2009 (of-record in the parent application). | 
| PCT/CA2009/001028, PCT Written Opinion of the International Searching Authority, Sep. 22, 2009 (of-record in the parent application). | 
| Gruteser M., et al. “Protecting Privacy in Continuous Location-Tracking Applications,” IEEE Security and Privacy, vol. 2, No. 2, Mar. 1, 2004 (of-record in the parent application). | 
| Sun Y., et al. “An Architecture and Key Management Approach for Maintaining Privacy in Location Based Group Services,” International Conference on Collaborative Computing, Dec. 19, 2005 (of-record in the parent application). | 
| Supplementary European Search Report and Search Opinion, dated Jul. 6, 2011, in European Patent Appl. No. EP 09 79 7334 of Absolute Software Corporation (of-record in the parent application). | 
| Sun, et al., an architecture and key management approach for maintaining privacy in location based group services 2005, IEEE (of-record in the parent application). | 
| Number | Date | Country | |
|---|---|---|---|
| 20140164766 A1 | Jun 2014 | US | 
| Number | Date | Country | |
|---|---|---|---|
| 61082130 | Jul 2008 | US | 
| Number | Date | Country | |
|---|---|---|---|
| Parent | 12505425 | Jul 2009 | US | 
| Child | 14104227 | US |