WO2013011512A1 - System and method for location based control of elements of a mobile communication device - Google Patents

System and method for location based control of elements of a mobile communication device Download PDF

Info

Publication number
WO2013011512A1
WO2013011512A1 PCT/IL2012/050257 IL2012050257W WO2013011512A1 WO 2013011512 A1 WO2013011512 A1 WO 2013011512A1 IL 2012050257 W IL2012050257 W IL 2012050257W WO 2013011512 A1 WO2013011512 A1 WO 2013011512A1
Authority
WO
WIPO (PCT)
Prior art keywords
mobile communication
communication device
security module
location
data
Prior art date
Application number
PCT/IL2012/050257
Other languages
French (fr)
Inventor
Ram SARTANI
Anatoly SIMANOVSKY
Original Assignee
Israel Aerospace Industries Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Israel Aerospace Industries Ltd. filed Critical Israel Aerospace Industries Ltd.
Publication of WO2013011512A1 publication Critical patent/WO2013011512A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W48/00Access restriction; Network selection; Access point selection
    • H04W48/02Access restriction performed under specific conditions
    • H04W48/04Access restriction performed under specific conditions based on user or terminal location or mobility data, e.g. moving direction, speed
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/02Services making use of location information
    • H04W4/029Location-based management or tracking services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/107Network architectures or network communication protocols for network security for controlling access to devices or network resources wherein the security policies are location-dependent, e.g. entities privileges depend on current location or allowing specific operations only from locally connected terminals
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • H04W12/082Access security using revocation of authorisation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/02Services making use of location information

Definitions

  • This invention relates to the field of mobile communication device, and more specifically to the field of controlling various elements of a mobile communication device according to its location.
  • Mobile communication devices nowadays have a wide functionality. In some cases, there may be a need to restrict use of some of the functionalities in certain restricted locations. For example, a company may wish to prevent pictures or videos from being captured within its offices. There is thus a need in the art for a new method and system for location based control of elements of a mobile communication device.
  • Embodiments of the method may include establishing a connection with a camera- enabled portable device and transmitting to the portable device a request for permission to disable camera functionality. Embodiments of the method may also include receiving a response from the portable device relating to permission to disable camera functionality. Further embodiments of the method may include, in response to receiving permission to disable camera functionality, transmitting to the portable device a command to disable camera functionality or, in response to receiving an indication that the user refused permission, displaying a notification message.
  • the command to disable camera functionality may include a command to disable camera functionality for a prescribed period, while the portable device is located within a secure geographical location, partially or fully disable camera functionality, and/or other methodology.
  • US Patent No. 7,826,835 (Rothman et al.) issued November 2, 2010 discloses attempting to control and monitor a number of features associated with a mobile telephone and, more specifically, attempting to turn a specific feature, such as, for example, the ability to take pictures, on or off based upon a set policy scheme.
  • 2009 discloses an apparatus in one example has: a predetermined location having at least a wireless communication device, the wireless communication device having a predetermined coverage area; a mobile terminal that communicates with the wireless communication device when the mobile terminal is within the predetermined coverage area; the mobile terminal having a camera and a functionality that selectively disables and enables the camera; and the wireless communication device having a functionality that causes the mobile terminal to disable the camera when the mobile terminal is within the predetermined coverage area, and wherein the mobile terminal effects an enabling of the camera when the mobile terminal leaves the predetermined coverage area.
  • a mobile communication device comprising a security module wherein the security module is configured to: obtain data characterizing a location of the mobile communication device; check if the data characterizing the location indicates that the mobile communication device is located within a restricted location according to restricted locations data characterizing restricted locations; and enable control of operation of one or more elements of the mobile communication device if the mobile communication device is located within the restricted location, wherein the control is made in accordance with a security policy.
  • the security policy comprises data defining a required control type of the elements at the restricted location.
  • the security module is burned on the mobile communication device's Read Only Memory.
  • the restricted locations data is stored in a data repository.
  • the required control type is enabling or disabling the element and wherein the controlling is made in accordance with the required control type.
  • one of the elements is a camera and the disabling is made by activating the camera.
  • the restricted locations data is represented by one or more of: cell_IDs; global positioning system coordinates; wireless network identifiers; Radio Frequency Identification (RFID) tags identifiers; wireless access points identifiers; Bluetooth device identifiers.
  • RFID Radio Frequency Identification
  • the data characterizing the location is one or more of: a cell_ID; global positioning system coordinates; a wireless network identifier; a Radio Frequency Identification (RFID) tag identifier; a wireless access points identifier; a Bluetooth device identifier.
  • RFID Radio Frequency Identification
  • the elements are one of: a camera; a wireless communication facility; a software application; a receiver / transmitter.
  • the security module is further configured to enable control of operation of at least one element of the mobile communication device if the obtain data characterizing a location of the mobile communication device failed.
  • the security module is further configured to receive updates in respect of the restricted locations data and update the restricted locations data accordingly.
  • the security module further configured to retrieve updates to the restricted locations data from a central server and update the restricted locations data accordingly.
  • the security module is further configured to receive updates to the security module and install the updates on the mobile communication device.
  • the security module is further configured to retrieve updates to the security module from a central server and install the updates on the mobile communication device.
  • the updates are retrieved upon the mobile communication device activation.
  • At least one of the security module and the restricted locations data is inaccessible to users of the mobile communication device.
  • the security module is stored on a Read Only Memory (ROM) of the mobile communication device.
  • ROM Read Only Memory
  • the security policy is a user-based security policy.
  • the data characterizing the location is obtained using the most accurate location determination method available.
  • a method of operating a mobile communication device comprising: obtaining data characterizing a location of the mobile communication device; checking if the data characterizing the indicates that the mobile communication device is located within a restricted location according to restricted locations data characterizing restricted locations; and controlling operation of one or more elements of the mobile communication device if the mobile communication device is located within the restricted location, wherein the controlling is made in accordance with a security policy.
  • the security policy comprises data defining a required control type of the elements at the restricted location and wherein the controlling is made in accordance with the required control type
  • the restricted locations data is stored in a data repository.
  • the required control type is enabling or disabling the element.
  • one of the elements is a camera and wherein the disabling is made by activating the camera.
  • the restricted locations data is represented by one or more of: cell_IDs; global positioning system coordinates; wireless network identifiers; Radio Frequency Identification (RFID) tags identifiers; wireless access points identifiers; Bluetooth device identifiers.
  • RFID Radio Frequency Identification
  • the data characterizing a location is one of: a cell_ID; global positioning system coordinates; a wireless network identifier; a Radio Frequency Identification (RFID) tag identifier; a wireless access points identifier; a Bluetooth device identifier.
  • RFID Radio Frequency Identification
  • the elements are one or more of: a camera; a wireless communication facility; a software application; a receiver / transmitter.
  • the method further comprises enabling control of operation of at least one element of the mobile communication device if the obtaining data characterizing a location of the mobile communication device failed.
  • the method further comprises receiving updates in respect of the restricted locations data and updating the restricted locations data accordingly.
  • the method further comprises retrieving updates to the restricted locations data from a central server and enabling updating the restricted locations data accordingly.
  • the updates are retrieved upon the mobile communication device activation.
  • the security policy is a user-based security policy.
  • the data characterizing the location is obtained using the most accurate location determination method available
  • a security module operable in association with a mobile communication device, wherein the security module is configured to: obtain data characterizing a location of the mobile communication device; check if the data characterizing the location indicates that the mobile communication device is located within a restricted location according to restricted locations data characterizing restricted locations; and enable control of operation of one or more elements of the mobile communication device if the mobile communication device is located within the restricted location, wherein the control is made in accordance with a security policy.
  • the security policy comprises data defining a required control type of the elements at the restricted location.
  • the security module is operably connected to a data repository and wherein the restricted locations data is stored in the data repository.
  • control type is enabling or disabling the element.
  • one of the elements is a camera and wherein the disabling is made by activating the camera.
  • the restricted locations data is represented by one or more of: cell_IDs; global positioning system coordinates; wireless network identifiers; Radio Frequency Identification (RFID) tags identifiers; wireless access points identifiers; Bluetooth device identifiers.
  • RFID Radio Frequency Identification
  • the data characterizing a location is one or more of: a cell_ID; global positioning system coordinates; a wireless network identifier; a Radio Frequency Identification (RFID) tag identifier; a wireless access points identifier; a Bluetooth device identifier.
  • RFID Radio Frequency Identification
  • the elements are one or more of: a camera; a wireless communication facility; a software application; a receiver / transmitter.
  • the security module is further configured to enable control of operation of at least one element of the mobile communication device if the obtain data characterizing a location of the mobile communication device failed.
  • the security module is further configured to receive updates in respect of the restricted locations data and update the restricted locations data accordingly.
  • the security module is further configured to retrieve updates to the restricted locations data from a central server and update the restricted locations data accordingly. According to another embodiment of the presently disclosed subject matter, the security module is further configured to receive updates to the security module and install the updates on the mobile communication device.
  • the security module is further configured to retrieve updates to security module from a central server and install the updates on the mobile communication device.
  • the updates are retrieved upon the mobile communication device activation.
  • At least one of the security module and the restricted locations data is inaccessible to users of the mobile communication device.
  • the security policy is a user-based security policy.
  • the security module is stored on a Read Only Memory (ROM) of the mobile communication device.
  • ROM Read Only Memory
  • the data characterizing the location is obtained using the most accurate location determination method available.
  • FIG. 1 is a schematic illustration of a cellular network environment, in accordance with the presently disclosed subject matter
  • Fig. 2 is a block diagram schematically illustrating a mobile communication device, in accordance with the presently disclosed subject matter
  • FIG. 3 is a schematic illustration of an environment of a method and system for location based control of elements of a mobile communication device, in accordance with the presently disclosed subject matter;
  • Fig. 4 is a flowchart illustrating one example of a sequence of operations carried out for location based control of elements of a mobile communication device, in accordance with the presently disclosed subject matter
  • Fig. 5 is a flowchart illustrating one example of a sequence of operations carried out for checking security policy compliance, in accordance with the presently disclosed subject matter.
  • the phrase “for example,” “such as”, “for instance” and variants thereof describe non-limiting embodiments of the presently disclosed subject matter.
  • Reference in the specification to “one case”, “some cases”, “other cases” or variants thereof means that a particular feature, structure or characteristic described in connection with the embodiment(s) is included in at least one embodiment of the presently disclosed subject matter.
  • the appearance of the phrase “one case”, “some cases”, “other cases” or variants thereof does not necessarily refer to the same embodiment(s). It is appreciated that certain features of the presently disclosed subject matter, which are, for clarity, described in the context of separate embodiments, may also be provided in combination in a single embodiment. Conversely, various features of the presently disclosed subject matter, which are, for brevity, described in the context of a single embodiment, may also be provided separately or in any suitable sub-combination.
  • Figs. 1-3 illustrate a general schematic of the system architecture in accordance with an embodiment of the presently disclosed subject matter.
  • Each module in Figs. 2-3 can be made up of any combination of software, hardware and/or firmware that performs the functions as defined and explained herein.
  • the modules in Figs. 2-3 may be centralized in one location or dispersed over more than one location.
  • the system may comprise fewer, more, and/or different modules than those shown in Figs. 1-3.
  • FIG. 1 a schematic illustration of a cellular network environment, in accordance with the presently disclosed subject matter.
  • a cellular network comprises base stations (e.g. 101-1, 101-2, 101-3), partitioning a geographical area into a number of spatially distinct regions called cells. Each cell is assigned (by a cellular network operator) with a unique cell_ID that enables identification of the cell and its corresponding base station.
  • Each base station (e.g. 101-1, 101-2, 101-3) has a coverage area (e.g. 110-1, 110-2, 110-3) depending, inter alia, on its signal strength. It is to be noted that although coverage areas (e.g. 110-1, 110-2, and 110-3) in Fig. 1 are represented by circles, in practice each coverage area can have an irregular shape that can depend on the terrain and/or topography and/or other factors.
  • Mobile communication devices are capable of communicating (e.g. receiving and transmitting data) with base stations (e.g. 101-1, 101-2, and 101-3).
  • base stations e.g. 101-1, 101-2, and 101-3.
  • a mobile communication device e.g. 105-1, 105-2 and 105-3
  • a single base station that provides coverage for the area in which the mobile communication device (e.g. 105-1, 105-2 and 105-3) is located.
  • mobile communication device 105-1 can communicate with base station 101-1 whose coverage area 110-1 includes the location of mobile communication device 105- 1.
  • base stations coverage areas there can be an overlap between base stations coverage areas.
  • coverage area 110-2 covered by base station 101-2
  • coverage area 110-3 covered by base station 101- 3
  • mobile communication devices e.g. 105-1, 105-2 and 105-3
  • mobile communication device 105-4 that is located within the intersection of coverage areas 110-2 and 110-3).
  • a mobile communication device e.g. 105-1, 105-2 and 105-3 can communicate with a single base station that provides coverage for the area in which the mobile communication device (e.g. 105-1, 105-2 and 105-3) is located.
  • mobile communication device e.g. 105-1, 105-2 and 105-3
  • it can be configured to determine a base station for communicating with the mobile communication device (e.g. 105-1, 105-2 and 105-3), using methods and techniques known in the art.
  • Each mobile communication device (e.g. 105-1, 105-2 and 105-3) can store an indication of the current cell_ID identifying the cell in which it is currently located (e.g. the cell governed by the base station that it is communicating with).
  • cell_ID can contain an indication that no cell is available (for example, cell_ID can be empty, NULL, assigned with a pre-determined value indicating that no cell is available, etc.).
  • Mobile communication device 105 comprises a processor 205 which is configured to manage and control components and execute relevant mobile communication device 105 operations.
  • Mobile communication device 105 further comprises a memory 210, a Read Only Memory (ROM) 240, a receiver / transmitter 215, and a security module 235.
  • security module 235 can be part of processor 205. In other cases, security module 235 can be associated, additionally or alternatively, with a processor other than processor 205.
  • Mobile communication device 105 can further comprise (or otherwise be associated with) one or more of: a camera 200, Subscriber Information Module (SIM) card 220, a data repository 225 (it is to be noted that in some cases, data repository can be part of memory 210 and/or ROM 240), a wireless communication facility 230 (e.g. working in accordance with the WiFi standard), a Global Navigation Satellite System (e.g. Global Positioning System - GPS 245), or any other component.
  • SIM Subscriber Information Module
  • data repository can be part of memory 210 and/or ROM 240
  • wireless communication facility 230 e.g. working in accordance with the WiFi standard
  • GPS 245 Global Navigation Satellite System
  • Security module 235 can be configured to control (exemplary control types are enable, disable, etc.) various elements of mobile communication device 105 (hereinafter: "element control").
  • elements include for example, hardware and/or software components of mobile communication device 105, such as, camera 200, wireless communication facility 230, receiver / transmitter 215, e-mail software/applications, and other hardware and/or software components.
  • the element control can be based on the location of mobile communication device 105 and on a pre- defined location based security policy, as further detailed with respect to Fig. 4 and Fig. 5.
  • security module 235 can be stored on ROM 240 (which requires it to be burned on ROM 240) thus preventing unauthorized removal, bypass, alteration or deactivation thereof. Additionally or alternatively, security module 235 can be stored in mobile communication device 105 (e.g. on memory 210, etc.) such that it is inaccessible to a user (one example of such section is the application library, that exists for example on Samsung GalaxyTM mobile communication devices, operated by Linux Operating System). It is to be noted that other methods of preventing users from removing, bypassing, disabling or altering security module 235 can be additionally or alternatively utilized.
  • security module 235 In some cases unauthorized removal, bypass, alteration or deactivation of security module 235 cannot be a-priori prevented (e.g. when storing security module on ROM 240 is impossible from some reason and no other method of preventing users from removing, bypassing, disabling or altering security module 235 can be utilized). In such cases, certain control mechanism can be utilized in order to make sure that the user operating the mobile communication device 105 does not tamper with the security module 235 and/or with the security policy data. One exemplary control mechanism can require that mobile communication device 105 having security module 235 installed thereon will be required to periodically (e.g.
  • the remote server can be configured to notify (e.g. by sending a text message, by displaying a notification on an operator's display, or by any other way) a security officer (or any other person that needs to be notified) about a breach of the security policy, thus enabling a security officer to check the reason and/or take any other required action.
  • the control mechanism described hereinabove can be triggered when the mobile communication device 105 is located within a cell having a cell_ID that indicates that the cell is a restricted location as further detailed herein below.
  • Such security policy can comprise data indicative of various locations in which one or more elements of mobile communication device 105 are to be enabled or disabled (hereinafter: "restricted locations data").
  • restricted locations data can be represented, for example, by GPS coordinates defining a certain geographic area (e.g. two GPS coordinates can be used to define a rectangle, more than two points defining a certain polygon, etc.), cell_IDs defining cells, wireless network identifiers identifying a wireless network, wireless access points identifiers, Bluetooth device identifiers, Radio Frequency Identification (RFID) tags (e.g.
  • RFID Radio Frequency Identification
  • the security policy data can further define the elements that are to be enabled and/or disabled within restricted locations.
  • the security policy is adapted to enable user-defined security management.
  • the security policy is user-defined, indicating the elements that are to be enabled and/or disabled within restricted locations for each user. It is to be noted that in such cases, some users may be allowed to enter restricted locations with certain elements enabled or disabled whereas other users may not be allowed to enter the same restricted location with the same respective elements enabled or disabled.
  • security module 235 is configured to determine whether mobile communication device 105 is located within a restricted location (for example according to the current cell_ID), and disable and/or enable one or more elements of mobile communication device 105 based on the security policy, as further detailed with respect to Fig. 4.
  • the restricted locations data can be defined by GPS/network location provider coordinates (as indicated above), enabling a more accurate element control by security module 235.
  • the restricted locations data can be defined by GPS/network location provider coordinates defining the geographic area of the cell's sub-area.
  • the restricted locations data can be defined by accessibility of one or more devices such as a wireless access point - WAP, a Bluetooth device, an RFID tag (e.g. passive/active/semi-active RFID tags), or any other device that can be accessible within a certain range therefrom.
  • a wireless access point - WAP e.g. a Bluetooth device
  • an RFID tag e.g. passive/active/semi-active RFID tags
  • security policy data can be stored, for example, in data repository 225, in memory 210, in ROM 240, or in any other location accessible by security module 235.
  • security policy data is stored on board mobile communication device 105 thus enabling independent control of its elements, without a need for any external utility such as a remote data repository, etc.
  • all or part of the security policy data can be additionally or alternatively stored on a remote location accessible by mobile communication device 105 via any wired or wireless communication facility.
  • Fig. 3 is a schematic illustration of an environment of a method and system for location based control of elements of a mobile communication device, in accordance with the presently disclosed subject matter.
  • Mobile communication device 105 can be configured to utilize transmitter / receiver 215 for transmitting and receiving data to and from base station 101 that provides service for the cell in which mobile communication device 105 is located.
  • base station 101 can be configured to provide mobile communication device 105 with data indicative of its cell_ID.
  • Mobile communication device 105 can be further configured to communicate with security server 300.
  • security server 300 can comprise server data repository 305.
  • Server data repository 305 can contain updated security policy data (for example automatically updated and/or manually updated by an administrator, etc.).
  • security server 300 can comprise updates of security module 235 that can be, for example, downloaded by mobile communication device 105 for installation thereon.
  • mobile communication device 105 can be configured to request updates to the security policy and/or to security module 235 from security server 300.
  • the updates can comprise security policy updates (including, for example, restricted locations data updates) and/or software updates for security module 235.
  • Mobile communication device 105 can be configured to request such updates periodically and/or according to a user request and/or upon activation of mobile communication device 105, etc. additionally or alternatively, security server 300 can be configured to push such updates to mobile communication device 105, for example periodically and/or according to an administrator command, etc.
  • Security module 235 can be configured to initiate a check of compliance with the security policy (block 410), as further detailed with respect to Fig. 5.
  • Such security policy compliance check can be performed constantly (e.g.
  • Security module 235 can be further configured to check if the security policy requires a certain restriction for mobile communication device 105 (block 420). If the security policy requires a certain restriction (e.g. that one or more elements are enabled and/or disabled), security module 235 can be configured to disable and/or enable certain elements (for example elements that were enabled or disabled upon entering a restricted location not in compliance with the security policy) (block 430), in accordance with the security policy. If security policy does not require a restriction, security module 235 can be configured to enable and/or disable elements that may have been previously controlled by security module 235 in accordance with the security policy (block 440). It is to be noted that various methods and techniques can be used for controlling elements of mobile communication device 105, including methods and techniques known in the art.
  • security module 235 can be configured to control (e.g. enable, disable, etc.) is camera 200 (in case mobile communication device 105 comprises camera 200).
  • camera 200 in case mobile communication device 105 comprises camera 200.
  • the security policy data can, for example, define the locations in which camera 200 should be disabled.
  • security module 235 can be configured to disable camera 200.
  • Various methods and techniques can be used for disabling the camera, including methods and techniques known in the art.
  • security module 235 is configured to render camera 200 inaccessible by activating it.
  • camera 200 When activated, camera 200 is associated with security module 235 and it is therefore busy and inaccessible to any application and or component in mobile communication device 105, thus preventing utilization thereof.
  • This method for disabling camera 200 can be implemented for example in Samsung GalaxyTM mobile communication devices, and/or on other mobile communication devices.
  • camera 200 can be already active when it is accessed by security module 235.
  • security module 235 can be configured to deactivate camera 200 prior to its activation by security module 235 as indicated above. Such deactivation can be performed in some cases by simulating a press on the home button of mobile communication device 105, or in any other method or technique.
  • Fig. 5 is a flowchart illustrating one example of a sequence of operations carried out for checking security policy compliance, in accordance with the presently disclosed subject matter.
  • security module 235 can be configured to obtain data characterizing a location of mobile communication device 105 (step 505).
  • the location can be determined using various methods and techniques. For example, the location can be determined according to the cell_ID of the cell that mobile communication device 105 is located in (hereinafter: "cell_ID technique" resulting in identification of the cell in which the mobile communication device is located).
  • cell_ID technique resulting in identification of the cell in which the mobile communication device is located.
  • GPS 245 can be utilized for determining the location of mobile communication device 105.
  • the location can be obtained using the network location provider (that also has worse accuracy than GPS however still enhanced accuracy than cell_ID).
  • the location can be determined by using a triangulation technique that depends on receipt of a radio signal from at least three difference base stations - thus enabling determination of the mobile communication device 105 location.
  • the location can be determined according to a wireless network (e.g. WiFi) and/or a Bluetooth device and/or an RFID tag available for mobile communication device 105.
  • a wireless network e.g. WiFi
  • Bluetooth device e.g. Bluetooth
  • RFID tag available for mobile communication device 105.
  • Each wireless network, Blue tooth device and RFID tag has an identifier that is available for mobile communication device 105 when in range of the wireless network Bluetooth device or RFID tag respectively.
  • mobile communication device 105 in case mobile communication device 105 receives an indication (according to a wireless network identifier), that a certain wireless network or Bluetooth device or RFID tag is available to it (meaning that mobile communication device 105 is in its range), it can enable determining the location of mobile communication device 105. It can be appreciated that when using RFID tags and/or Bluetooth devices and/or wireless networks, appropriate hardware is required (e.g. a wireless communication facility 230, an RFID tag reader, a Bluetooth reader, etc.) It can be further appreciated that other location determination methods and techniques can be utilized as well.
  • the determined location is not an accurate location, however for the purpose of the currently disclosed subject matter, such rough location can be sufficient.
  • security module 235 can be configured to perform the location determination while utilizing the most accurate location determination method and technique available to it at the time of location determination.
  • security module 235 can utilize priority data (that can be stored for example on data repository 225 or on memory 210, or on any other location that is accessible to the security module 235) defining the priority of the various location determination methods and techniques.
  • such data can define that location determination techniques based on Radio Frequency Identification (RFID) tags or on Bluetooth devices or on wireless networks is more accurate than location determination techniques based on GPS and that location determination techniques based on GPS are more accurate than location determination techniques based on network location provider and that location determination techniques based on network location provider are more accurate than location determination techniques based on cell_IDs, etc.
  • RFID Radio Frequency Identification
  • this priority data is a mere non-limiting example and additional and/or different priorities can be defined in the priority data as well.
  • the obtained data, characterizing a mobile communication device 105 location is determined by using cell_ID technique.
  • more than one cellular network operator can assign identical cell_IDs to its cells. Therefore, in some cases, a cell covering a certain geographic area can be assigned with a specific cell_ID by a specific cellular network operator whereas another cellular network operator can assign the same cell_ID to a cell covering a different geographical area. In such cases, it can be appreciated that a preliminary check is required to check which cellular network operator is providing services to mobile communication device 105.
  • Knowledge of the cellular network operator can enable determination of the relevant cell_IDs that should be utilized for location determination when location determination is done by using cell_ID technique. It is to be noted that there are known methods and 5 techniques for determining the cellular network operator providing services to mobile communication device 105.
  • Security module 235 can be further configured to check if obtaining data characterizing a location was successful (step 510). In case obtained data characterizing a location failed (e.g. cell_ID cannot be determined since there is no service in the
  • a restriction notification can be issued (step 540).
  • mobile communication device 105 may be within a restricted location.
  • security module 235 can be configured to validate that mobile communication device 105 complies with the security policy (step 520).
  • the security policy can, for example, require certain elements of mobile communication device 105 to be controlled (e.g. disabled, enabled, etc.) within certain restricted locations.
  • security policy data can define that when mobile
  • 25 communication device 105 is located in a certain cell, camera 200 is to be disabled. If mobile communication device 105 is located within the cell in which camera 200 is to be disabled, security module 235 can check if camera 200 is disabled and thus the security policy is met or if camera 200 is enabled and thus the security policy is not met.
  • a non-restriction notification can be issued (step 530). It can be appreciated that, pending the type of notification issued (restriction or non restriction notification), it may be desirable to control (e.g. enable, disable, etc.) one or more elements of mobile communication device 105, accordingly. It is to be understood that the presently disclosed subject matter is not limited in its application to the details set forth in the description contained herein or illustrated in the drawings. The presently disclosed subject matter is capable of other embodiments and of being practiced and carried out in various ways. Hence, it is to be understood that the phraseology and terminology employed herein are for the purpose of description and should not be regarded as limiting. As such, those skilled in the art will appreciate that the conception upon which this disclosure is based may readily be utilized as a basis for designing other structures, methods, and systems for carrying out the several purposes of the present presently disclosed subject matter.
  • system may be a suitably programmed computer.
  • the presently disclosed subject matter contemplates a computer program being readable by a computer for executing the method of the presently disclosed subject matter.
  • the presently disclosed subject matter further contemplates a machine -readable memory tangibly embodying a program of instructions executable by the machine for executing the method of the presently disclosed subject matter.

Abstract

A mobile communication device

Description

SYSTEM AND METHOD FOR LOCATION BASED CONTROL OF ELEMENTS OF A MOBILE COMMUNICATION DEVICE
FIELD OF THE PRESENTLY DISCLOSED SUBJECT MATTER
This invention relates to the field of mobile communication device, and more specifically to the field of controlling various elements of a mobile communication device according to its location. BACKGROUND
Mobile communication devices nowadays have a wide functionality. In some cases, there may be a need to restrict use of some of the functionalities in certain restricted locations. For example, a company may wish to prevent pictures or videos from being captured within its offices. There is thus a need in the art for a new method and system for location based control of elements of a mobile communication device.
References considered to be relevant as background to the presently disclosed subject matter are listed below. Acknowledgement of the references herein is not to be inferred as meaning that these are in any way relevant to the patentability of the presently disclosed subject matter.
US Patent No. 7,414,529 (Boss et al.) issued August 19, 2002 discloses systems, methods, media, and apparatuses for disabling camera functionality in a portable device. Embodiments of the method may include establishing a connection with a camera- enabled portable device and transmitting to the portable device a request for permission to disable camera functionality. Embodiments of the method may also include receiving a response from the portable device relating to permission to disable camera functionality. Further embodiments of the method may include, in response to receiving permission to disable camera functionality, transmitting to the portable device a command to disable camera functionality or, in response to receiving an indication that the user refused permission, displaying a notification message. The command to disable camera functionality may include a command to disable camera functionality for a prescribed period, while the portable device is located within a secure geographical location, partially or fully disable camera functionality, and/or other methodology. US Patent No. 7,826,835 (Rothman et al.) issued November 2, 2010 discloses attempting to control and monitor a number of features associated with a mobile telephone and, more specifically, attempting to turn a specific feature, such as, for example, the ability to take pictures, on or off based upon a set policy scheme.
US Patent application No. 2009/0181716 (Benco et al.) published on July 16,
2009 discloses an apparatus in one example has: a predetermined location having at least a wireless communication device, the wireless communication device having a predetermined coverage area; a mobile terminal that communicates with the wireless communication device when the mobile terminal is within the predetermined coverage area; the mobile terminal having a camera and a functionality that selectively disables and enables the camera; and the wireless communication device having a functionality that causes the mobile terminal to disable the camera when the mobile terminal is within the predetermined coverage area, and wherein the mobile terminal effects an enabling of the camera when the mobile terminal leaves the predetermined coverage area. SUMMARY
According to a first aspect of the invention, there is provided a mobile communication device comprising a security module wherein the security module is configured to: obtain data characterizing a location of the mobile communication device; check if the data characterizing the location indicates that the mobile communication device is located within a restricted location according to restricted locations data characterizing restricted locations; and enable control of operation of one or more elements of the mobile communication device if the mobile communication device is located within the restricted location, wherein the control is made in accordance with a security policy.
According to an embodiment of the presently disclosed subject matter, the security policy comprises data defining a required control type of the elements at the restricted location.
According to another embodiment of the presently disclosed subject matter, the security module is burned on the mobile communication device's Read Only Memory.
According to another embodiment of the presently disclosed subject matter, the restricted locations data is stored in a data repository. According to another embodiment of the presently disclosed subject matter, the required control type is enabling or disabling the element and wherein the controlling is made in accordance with the required control type.
According to another embodiment of the presently disclosed subject matter, one of the elements is a camera and the disabling is made by activating the camera.
According to another embodiment of the presently disclosed subject matter, the restricted locations data is represented by one or more of: cell_IDs; global positioning system coordinates; wireless network identifiers; Radio Frequency Identification (RFID) tags identifiers; wireless access points identifiers; Bluetooth device identifiers.
According to another embodiment of the presently disclosed subject matter, the data characterizing the location is one or more of: a cell_ID; global positioning system coordinates; a wireless network identifier; a Radio Frequency Identification (RFID) tag identifier; a wireless access points identifier; a Bluetooth device identifier.
According to another embodiment of the presently disclosed subject matter, the elements are one of: a camera; a wireless communication facility; a software application; a receiver / transmitter.
According to another embodiment of the presently disclosed subject matter, the security module is further configured to enable control of operation of at least one element of the mobile communication device if the obtain data characterizing a location of the mobile communication device failed.
According to another embodiment of the presently disclosed subject matter, the security module is further configured to receive updates in respect of the restricted locations data and update the restricted locations data accordingly.
According to another embodiment of the presently disclosed subject matter, the security module further configured to retrieve updates to the restricted locations data from a central server and update the restricted locations data accordingly.
According to another embodiment of the presently disclosed subject matter, the security module is further configured to receive updates to the security module and install the updates on the mobile communication device.
According to another embodiment of the presently disclosed subject matter, the security module is further configured to retrieve updates to the security module from a central server and install the updates on the mobile communication device. According to another embodiment of the presently disclosed subject matter, the updates are retrieved upon the mobile communication device activation.
According to another embodiment of the presently disclosed subject matter, at least one of the security module and the restricted locations data is inaccessible to users of the mobile communication device.
According to another embodiment of the presently disclosed subject matter, the security module is stored on a Read Only Memory (ROM) of the mobile communication device.
According to another embodiment of the presently disclosed subject matter, the security policy is a user-based security policy.
According to another embodiment of the presently disclosed subject matter, the data characterizing the location is obtained using the most accurate location determination method available.
According to a second aspect of the invention, there is provided a method of operating a mobile communication device, the method comprising: obtaining data characterizing a location of the mobile communication device; checking if the data characterizing the indicates that the mobile communication device is located within a restricted location according to restricted locations data characterizing restricted locations; and controlling operation of one or more elements of the mobile communication device if the mobile communication device is located within the restricted location, wherein the controlling is made in accordance with a security policy.
According to an embodiment of the presently disclosed subject matter, the security policy comprises data defining a required control type of the elements at the restricted location and wherein the controlling is made in accordance with the required control type
According to an embodiment of the presently disclosed subject matter, the restricted locations data is stored in a data repository.
According to another embodiment of the presently disclosed subject matter, the required control type is enabling or disabling the element.
According to another embodiment of the presently disclosed subject matter, one of the elements is a camera and wherein the disabling is made by activating the camera.
According to another embodiment of the presently disclosed subject matter the restricted locations data is represented by one or more of: cell_IDs; global positioning system coordinates; wireless network identifiers; Radio Frequency Identification (RFID) tags identifiers; wireless access points identifiers; Bluetooth device identifiers.
According to another embodiment of the presently disclosed subject matter, the data characterizing a location is one of: a cell_ID; global positioning system coordinates; a wireless network identifier; a Radio Frequency Identification (RFID) tag identifier; a wireless access points identifier; a Bluetooth device identifier.
According to another embodiment of the presently disclosed subject matter, the elements are one or more of: a camera; a wireless communication facility; a software application; a receiver / transmitter.
According to another embodiment of the presently disclosed subject matter, the method further comprises enabling control of operation of at least one element of the mobile communication device if the obtaining data characterizing a location of the mobile communication device failed.
According to another embodiment of the presently disclosed subject matter, the method further comprises receiving updates in respect of the restricted locations data and updating the restricted locations data accordingly.
According to another embodiment of the presently disclosed subject matter, the method further comprises retrieving updates to the restricted locations data from a central server and enabling updating the restricted locations data accordingly.
According to another embodiment of the presently disclosed subject matter, the updates are retrieved upon the mobile communication device activation.
According to another embodiment of the presently disclosed subject matter, the security policy is a user-based security policy.
According to another embodiment of the presently disclosed subject matter, the data characterizing the location is obtained using the most accurate location determination method available
According to a third aspect of the invention, there is provided a security module operable in association with a mobile communication device, wherein the security module is configured to: obtain data characterizing a location of the mobile communication device; check if the data characterizing the location indicates that the mobile communication device is located within a restricted location according to restricted locations data characterizing restricted locations; and enable control of operation of one or more elements of the mobile communication device if the mobile communication device is located within the restricted location, wherein the control is made in accordance with a security policy.
According to an embodiment of the presently disclosed subject matter the, the security policy comprises data defining a required control type of the elements at the restricted location.
According to an embodiment of the presently disclosed subject matter the, the security module is operably connected to a data repository and wherein the restricted locations data is stored in the data repository.
According to another embodiment of the presently disclosed subject matter, the control type is enabling or disabling the element.
According to another embodiment of the presently disclosed subject matter, one of the elements is a camera and wherein the disabling is made by activating the camera.
According to another embodiment of the presently disclosed subject matter, the restricted locations data is represented by one or more of: cell_IDs; global positioning system coordinates; wireless network identifiers; Radio Frequency Identification (RFID) tags identifiers; wireless access points identifiers; Bluetooth device identifiers.
According to another embodiment of the presently disclosed subject matter, the data characterizing a location is one or more of: a cell_ID; global positioning system coordinates; a wireless network identifier; a Radio Frequency Identification (RFID) tag identifier; a wireless access points identifier; a Bluetooth device identifier.
According to another embodiment of the presently disclosed subject matter, the elements are one or more of: a camera; a wireless communication facility; a software application; a receiver / transmitter.
According to another embodiment of the presently disclosed subject matter, the security module is further configured to enable control of operation of at least one element of the mobile communication device if the obtain data characterizing a location of the mobile communication device failed.
According to another embodiment of the presently disclosed subject matter, the security module is further configured to receive updates in respect of the restricted locations data and update the restricted locations data accordingly.
According to another embodiment of the presently disclosed subject matter, the security module is further configured to retrieve updates to the restricted locations data from a central server and update the restricted locations data accordingly. According to another embodiment of the presently disclosed subject matter, the security module is further configured to receive updates to the security module and install the updates on the mobile communication device.
According to another embodiment of the presently disclosed subject matter, the security module is further configured to retrieve updates to security module from a central server and install the updates on the mobile communication device.
According to another embodiment of the presently disclosed subject matter, the updates are retrieved upon the mobile communication device activation.
According to another embodiment of the presently disclosed subject matter, at least one of the security module and the restricted locations data is inaccessible to users of the mobile communication device.
According to another embodiment of the presently disclosed subject matter, the security policy is a user-based security policy.
According to another embodiment of the presently disclosed subject matter, the security module is stored on a Read Only Memory (ROM) of the mobile communication device.
According to another embodiment of the presently disclosed subject matter, the data characterizing the location is obtained using the most accurate location determination method available.
BRIEF DESCRIPTION OF THE DRAWINGS
In order to understand the presently disclosed subject matter and to see how it may be carried out in practice, the subject matter will now be described, by way of non- limiting examples only, with reference to the accompanying drawings, in which:
Fig. 1 is a schematic illustration of a cellular network environment, in accordance with the presently disclosed subject matter;
Fig. 2 is a block diagram schematically illustrating a mobile communication device, in accordance with the presently disclosed subject matter;
Fig. 3 is a schematic illustration of an environment of a method and system for location based control of elements of a mobile communication device, in accordance with the presently disclosed subject matter;
Fig. 4 is a flowchart illustrating one example of a sequence of operations carried out for location based control of elements of a mobile communication device, in accordance with the presently disclosed subject matter; Fig. 5 is a flowchart illustrating one example of a sequence of operations carried out for checking security policy compliance, in accordance with the presently disclosed subject matter.
DETAILED DESCRIPTION
In the drawings and descriptions set forth, identical reference numerals indicate those components that are common to different embodiments or configurations.
Unless specifically stated otherwise, as apparent from the following discussions, it is appreciated that throughout the specification discussions utilizing terms such as "obtaining", "determining", "comparing", "controlling", "storing", "enabling", "disabling", "updating", "providing", "activating", "receiving", "retrieving" or the like, include action and/or processes of a computer that manipulate and/or transform data into other data, said data represented as physical quantities, e.g. such as electronic quantities, and/or said data representing the physical objects. The term "computer" should be expansively construed to cover any kind of electronic device with data processing capabilities, including, by way of non-limiting example, a personal computer, a server, a computing system, a communication device, a processor (e.g. digital signal processor (DSP), a microcontroller, a field programmable gate array (FPGA), an application specific integrated circuit (ASIC), etc.), any other electronic computing device, and or any combination thereof.
The operations in accordance with the teachings herein may be performed by a computer specially constructed for the desired purposes or by a general purpose computer specially configured for the desired purpose by a computer program stored in a computer readable storage medium.
As used herein, the phrase "for example," "such as", "for instance" and variants thereof describe non-limiting embodiments of the presently disclosed subject matter. Reference in the specification to "one case", "some cases", "other cases" or variants thereof means that a particular feature, structure or characteristic described in connection with the embodiment(s) is included in at least one embodiment of the presently disclosed subject matter. Thus the appearance of the phrase "one case", "some cases", "other cases" or variants thereof does not necessarily refer to the same embodiment(s). It is appreciated that certain features of the presently disclosed subject matter, which are, for clarity, described in the context of separate embodiments, may also be provided in combination in a single embodiment. Conversely, various features of the presently disclosed subject matter, which are, for brevity, described in the context of a single embodiment, may also be provided separately or in any suitable sub-combination.
In embodiments of the presently disclosed subject matter, fewer, more and/or different stages than those shown in Fig. 4-5 may be executed. In embodiments of the presently disclosed subject matter one or more stages illustrated in Figs. 4-5 may be executed in a different order and/or one or more groups of stages may be executed simultaneously. Figs. 1-3 illustrate a general schematic of the system architecture in accordance with an embodiment of the presently disclosed subject matter. Each module in Figs. 2-3 can be made up of any combination of software, hardware and/or firmware that performs the functions as defined and explained herein. The modules in Figs. 2-3 may be centralized in one location or dispersed over more than one location. In other embodiments of the presently disclosed subject matter, the system may comprise fewer, more, and/or different modules than those shown in Figs. 1-3.
Bearing this in mind, attention is drawn to Fig. 1, a schematic illustration of a cellular network environment, in accordance with the presently disclosed subject matter. A cellular network comprises base stations (e.g. 101-1, 101-2, 101-3), partitioning a geographical area into a number of spatially distinct regions called cells. Each cell is assigned (by a cellular network operator) with a unique cell_ID that enables identification of the cell and its corresponding base station.
Each base station (e.g. 101-1, 101-2, 101-3) has a coverage area (e.g. 110-1, 110-2, 110-3) depending, inter alia, on its signal strength. It is to be noted that although coverage areas (e.g. 110-1, 110-2, and 110-3) in Fig. 1 are represented by circles, in practice each coverage area can have an irregular shape that can depend on the terrain and/or topography and/or other factors.
Mobile communication devices (e.g. 105-1, 105-2, and 105-3) are capable of communicating (e.g. receiving and transmitting data) with base stations (e.g. 101-1, 101-2, and 101-3). At a given point in time, a mobile communication device (e.g. 105-1, 105-2 and 105-3), located in an area covered by at least one base station, can communicate with a single base station that provides coverage for the area in which the mobile communication device (e.g. 105-1, 105-2 and 105-3) is located. Thus, for example, mobile communication device 105-1 can communicate with base station 101-1 whose coverage area 110-1 includes the location of mobile communication device 105- 1.
In some cases there can be an overlap between base stations coverage areas. In the illustration provided in Fig. 1, there is an overlap between each couple of base stations coverage areas. For example, there is an overlap between coverage area 110-2 (covered by base station 101-2) and coverage area 110-3 (covered by base station 101- 3). In such cases, mobile communication devices (e.g. 105-1, 105-2 and 105-3) can be located in areas covered by more than one base station (e.g. mobile communication device 105-4 that is located within the intersection of coverage areas 110-2 and 110-3).
As indicated above, at a given point in time, a mobile communication device (e.g. 105-1, 105-2 and 105-3) can communicate with a single base station that provides coverage for the area in which the mobile communication device (e.g. 105-1, 105-2 and 105-3) is located. Thus, in cases mobile communication device (e.g. 105-1, 105-2 and 105-3) is located in an area covered by more than one base station, it can be configured to determine a base station for communicating with the mobile communication device (e.g. 105-1, 105-2 and 105-3), using methods and techniques known in the art.
Each mobile communication device (e.g. 105-1, 105-2 and 105-3) can store an indication of the current cell_ID identifying the cell in which it is currently located (e.g. the cell governed by the base station that it is communicating with). In some cases, when a mobile communication device (e.g. 105-1, 105-2 and 105-3) is located in an area where no base station provides coverage, or in case there are communication difficulties, cell_ID can contain an indication that no cell is available (for example, cell_ID can be empty, NULL, assigned with a pre-determined value indicating that no cell is available, etc.).
Turning to Fig. 2 there is shown a block diagram schematically illustrating a mobile communication device, in accordance with the presently disclosed subject matter. Mobile communication device 105 comprises a processor 205 which is configured to manage and control components and execute relevant mobile communication device 105 operations. Mobile communication device 105 further comprises a memory 210, a Read Only Memory (ROM) 240, a receiver / transmitter 215, and a security module 235. In some cases, security module 235 can be part of processor 205. In other cases, security module 235 can be associated, additionally or alternatively, with a processor other than processor 205. In some cases, Mobile communication device 105 can further comprise (or otherwise be associated with) one or more of: a camera 200, Subscriber Information Module (SIM) card 220, a data repository 225 (it is to be noted that in some cases, data repository can be part of memory 210 and/or ROM 240), a wireless communication facility 230 (e.g. working in accordance with the WiFi standard), a Global Navigation Satellite System (e.g. Global Positioning System - GPS 245), or any other component.
Security module 235 can be configured to control (exemplary control types are enable, disable, etc.) various elements of mobile communication device 105 (hereinafter: "element control"). Such elements include for example, hardware and/or software components of mobile communication device 105, such as, camera 200, wireless communication facility 230, receiver / transmitter 215, e-mail software/applications, and other hardware and/or software components. The element control can be based on the location of mobile communication device 105 and on a pre- defined location based security policy, as further detailed with respect to Fig. 4 and Fig. 5.
Optionally, security module 235 can be stored on ROM 240 (which requires it to be burned on ROM 240) thus preventing unauthorized removal, bypass, alteration or deactivation thereof. Additionally or alternatively, security module 235 can be stored in mobile communication device 105 (e.g. on memory 210, etc.) such that it is inaccessible to a user (one example of such section is the application library, that exists for example on Samsung Galaxy™ mobile communication devices, operated by Linux Operating System). It is to be noted that other methods of preventing users from removing, bypassing, disabling or altering security module 235 can be additionally or alternatively utilized.
In some cases unauthorized removal, bypass, alteration or deactivation of security module 235 cannot be a-priori prevented (e.g. when storing security module on ROM 240 is impossible from some reason and no other method of preventing users from removing, bypassing, disabling or altering security module 235 can be utilized). In such cases, certain control mechanism can be utilized in order to make sure that the user operating the mobile communication device 105 does not tamper with the security module 235 and/or with the security policy data. One exemplary control mechanism can require that mobile communication device 105 having security module 235 installed thereon will be required to periodically (e.g. every minute, every several seconds, or every other predetermined time) transmit a notification indicating that the security module 235 is still operating and still enforcing the required security policy (in accordance with the required security policy data) to a remote server. In some cases, once the remote server does not receive a notification that is expected to be received from the mobile communication device 105, it can be configured to notify (e.g. by sending a text message, by displaying a notification on an operator's display, or by any other way) a security officer (or any other person that needs to be notified) about a breach of the security policy, thus enabling a security officer to check the reason and/or take any other required action. It is to be noted that in some cases the control mechanism described hereinabove can be triggered when the mobile communication device 105 is located within a cell having a cell_ID that indicates that the cell is a restricted location as further detailed herein below.
As mentioned above, one of the parameters for controlling elements of mobile communication device 105 is a pre-defined location based security policy. Such security policy can comprise data indicative of various locations in which one or more elements of mobile communication device 105 are to be enabled or disabled (hereinafter: "restricted locations data"). Such restricted locations data can be represented, for example, by GPS coordinates defining a certain geographic area (e.g. two GPS coordinates can be used to define a rectangle, more than two points defining a certain polygon, etc.), cell_IDs defining cells, wireless network identifiers identifying a wireless network, wireless access points identifiers, Bluetooth device identifiers, Radio Frequency Identification (RFID) tags (e.g. passive/active/semi-active RFID tags) identifiers, etc. The security policy data can further define the elements that are to be enabled and/or disabled within restricted locations. In some cases, the security policy is adapted to enable user-defined security management. In such cases, the security policy is user-defined, indicating the elements that are to be enabled and/or disabled within restricted locations for each user. It is to be noted that in such cases, some users may be allowed to enter restricted locations with certain elements enabled or disabled whereas other users may not be allowed to enter the same restricted location with the same respective elements enabled or disabled.
Let's assume, for the sake of example, that within a certain cell according to the restricted location data, one or more elements of mobile communication device 105 are to be enabled and/or disabled. In such case, security module 235 is configured to determine whether mobile communication device 105 is located within a restricted location (for example according to the current cell_ID), and disable and/or enable one or more elements of mobile communication device 105 based on the security policy, as further detailed with respect to Fig. 4.
As each cell can cover a relatively large area, in some cases, better accuracy is desirable. Thus, for example, when the restricted location is within a portion of one or more cells (e.g. one or more sub-areas within the one or more cells), the restricted locations data can be defined by GPS/network location provider coordinates (as indicated above), enabling a more accurate element control by security module 235. For example, if it is desired that within a certain sub-area of a certain cell one or more elements of mobile communication device 105 are disabled or enabled, the restricted locations data can be defined by GPS/network location provider coordinates defining the geographic area of the cell's sub-area.
In further cases, even a better accuracy is desirable, e.g. specific rooms within buildings, specific floors within buildings, a certain vehicle (including an airplane, a boat, etc.), etc. In such cases, the restricted locations data can be defined by accessibility of one or more devices such as a wireless access point - WAP, a Bluetooth device, an RFID tag (e.g. passive/active/semi-active RFID tags), or any other device that can be accessible within a certain range therefrom. In such cases, whenever such device is accessible to the mobile communication device, it is an indication of it being located within a restricted location.
All or part of the security policy data can be stored, for example, in data repository 225, in memory 210, in ROM 240, or in any other location accessible by security module 235. Preferably security policy data is stored on board mobile communication device 105 thus enabling independent control of its elements, without a need for any external utility such as a remote data repository, etc. However, in some cases, all or part of the security policy data can be additionally or alternatively stored on a remote location accessible by mobile communication device 105 via any wired or wireless communication facility.
In some cases, the restricted locations data can be part of security module 235 software code. In such cases, security module 235 can be programmed to utilize such pre-determined restricted locations data during its operation. Fig. 3 is a schematic illustration of an environment of a method and system for location based control of elements of a mobile communication device, in accordance with the presently disclosed subject matter. Mobile communication device 105 can be configured to utilize transmitter / receiver 215 for transmitting and receiving data to and from base station 101 that provides service for the cell in which mobile communication device 105 is located. Inter alia, base station 101 can be configured to provide mobile communication device 105 with data indicative of its cell_ID.
Mobile communication device 105 can be further configured to communicate with security server 300. In some cases, security server 300 can comprise server data repository 305. Server data repository 305 can contain updated security policy data (for example automatically updated and/or manually updated by an administrator, etc.). In some cases, additionally or alternatively, security server 300 can comprise updates of security module 235 that can be, for example, downloaded by mobile communication device 105 for installation thereon.
In some cases, mobile communication device 105 can be configured to request updates to the security policy and/or to security module 235 from security server 300. The updates can comprise security policy updates (including, for example, restricted locations data updates) and/or software updates for security module 235. Mobile communication device 105 can be configured to request such updates periodically and/or according to a user request and/or upon activation of mobile communication device 105, etc. additionally or alternatively, security server 300 can be configured to push such updates to mobile communication device 105, for example periodically and/or according to an administrator command, etc.
Turning to Fig. 4 there is shown a flowchart illustrating one example of a sequence of operations carried out for location based control of elements of a mobile communication device, in accordance with the presently disclosed subject matter. Security module 235 can be configured to initiate a check of compliance with the security policy (block 410), as further detailed with respect to Fig. 5. Such security policy compliance check can be performed constantly (e.g. in a constantly repeating loop, etc.), and/or every predetermined time interval (for example every second, every minute, every 5 minutes, etc.), and/or upon activation of mobile communication device 105, and/or upon determining a change in the cell_ID that mobile communication device 105 is located in (according to the indication of the current cell_ID stored on mobile communication device 105), and/or upon determining a change in the GPS coordinates of mobile communication device 105, and/or upon switching mobile communication device 105 to airplane mode, and/or upon insertion of a SIM card, etc. It is to be noted that these are mere examples and other events can additionally or alternatively trigger the check.
Security module 235 can be further configured to check if the security policy requires a certain restriction for mobile communication device 105 (block 420). If the security policy requires a certain restriction (e.g. that one or more elements are enabled and/or disabled), security module 235 can be configured to disable and/or enable certain elements (for example elements that were enabled or disabled upon entering a restricted location not in compliance with the security policy) (block 430), in accordance with the security policy. If security policy does not require a restriction, security module 235 can be configured to enable and/or disable elements that may have been previously controlled by security module 235 in accordance with the security policy (block 440). It is to be noted that various methods and techniques can be used for controlling elements of mobile communication device 105, including methods and techniques known in the art.
As indicated above, one example of an element that security module 235 can be configured to control (e.g. enable, disable, etc.) is camera 200 (in case mobile communication device 105 comprises camera 200). In some cases it may be desirable to disable camera 200 according to a certain security policy (e.g. within a certain restricted location). In such cases, the security policy data can, for example, define the locations in which camera 200 should be disabled. Assuming that security module 235 determines that mobile communication device 105 enters such a restricted location, security module 235 can be configured to disable camera 200. Various methods and techniques can be used for disabling the camera, including methods and techniques known in the art. According to the presently disclosed subject matter, security module 235 is configured to render camera 200 inaccessible by activating it. When activated, camera 200 is associated with security module 235 and it is therefore busy and inaccessible to any application and or component in mobile communication device 105, thus preventing utilization thereof. This method for disabling camera 200 can be implemented for example in Samsung Galaxy™ mobile communication devices, and/or on other mobile communication devices. In some cases, camera 200 can be already active when it is accessed by security module 235. In such cases, security module 235 can be configured to deactivate camera 200 prior to its activation by security module 235 as indicated above. Such deactivation can be performed in some cases by simulating a press on the home button of mobile communication device 105, or in any other method or technique.
It is to be noted that other elements can be controlled additionally or alternatively. In such cases, such elements can be enabled or disabled mutatis mutandis, using known methods and techniques.
Fig. 5 is a flowchart illustrating one example of a sequence of operations carried out for checking security policy compliance, in accordance with the presently disclosed subject matter. In some cases, security module 235 can be configured to obtain data characterizing a location of mobile communication device 105 (step 505). The location can be determined using various methods and techniques. For example, the location can be determined according to the cell_ID of the cell that mobile communication device 105 is located in (hereinafter: "cell_ID technique" resulting in identification of the cell in which the mobile communication device is located). In case more accurate location determination is required, GPS 245 can be utilized for determining the location of mobile communication device 105. In some cases, for example when using mobile devices operating the Android operating system, the location can be obtained using the network location provider (that also has worse accuracy than GPS however still enhanced accuracy than cell_ID). In some cases, the location can be determined by using a triangulation technique that depends on receipt of a radio signal from at least three difference base stations - thus enabling determination of the mobile communication device 105 location. In some cases the location can be determined according to a wireless network (e.g. WiFi) and/or a Bluetooth device and/or an RFID tag available for mobile communication device 105. Each wireless network, Blue tooth device and RFID tag has an identifier that is available for mobile communication device 105 when in range of the wireless network Bluetooth device or RFID tag respectively. In such cases, in case mobile communication device 105 receives an indication (according to a wireless network identifier), that a certain wireless network or Bluetooth device or RFID tag is available to it (meaning that mobile communication device 105 is in its range), it can enable determining the location of mobile communication device 105. It can be appreciated that when using RFID tags and/or Bluetooth devices and/or wireless networks, appropriate hardware is required (e.g. a wireless communication facility 230, an RFID tag reader, a Bluetooth reader, etc.) It can be further appreciated that other location determination methods and techniques can be utilized as well.
It is to be noted that in some cases, the determined location is not an accurate location, however for the purpose of the currently disclosed subject matter, such rough location can be sufficient.
It is to be further noted that in some cases, some location determination methods and techniques can be unavailable at certain times. For example, in some places there can be GPS data can be unavailable and thus GPS cannot be used in order to determine the mobile communication device 105 location. Thus, in some cases, security module 235 can be configured to perform the location determination while utilizing the most accurate location determination method and technique available to it at the time of location determination. In order to determine which available location determination method and technique is the most accurate, security module 235 can utilize priority data (that can be stored for example on data repository 225 or on memory 210, or on any other location that is accessible to the security module 235) defining the priority of the various location determination methods and techniques. Thus, for example, such data can define that location determination techniques based on Radio Frequency Identification (RFID) tags or on Bluetooth devices or on wireless networks is more accurate than location determination techniques based on GPS and that location determination techniques based on GPS are more accurate than location determination techniques based on network location provider and that location determination techniques based on network location provider are more accurate than location determination techniques based on cell_IDs, etc. It is to be noted that this priority data is a mere non-limiting example and additional and/or different priorities can be defined in the priority data as well.
In some cases, there may be a need to perform some preliminary checks. One example is in case where the obtained data, characterizing a mobile communication device 105 location, is determined by using cell_ID technique. In some cases, more than one cellular network operator can assign identical cell_IDs to its cells. Therefore, in some cases, a cell covering a certain geographic area can be assigned with a specific cell_ID by a specific cellular network operator whereas another cellular network operator can assign the same cell_ID to a cell covering a different geographical area. In such cases, it can be appreciated that a preliminary check is required to check which cellular network operator is providing services to mobile communication device 105. Knowledge of the cellular network operator can enable determination of the relevant cell_IDs that should be utilized for location determination when location determination is done by using cell_ID technique. It is to be noted that there are known methods and 5 techniques for determining the cellular network operator providing services to mobile communication device 105.
Security module 235 can be further configured to check if obtaining data characterizing a location was successful (step 510). In case obtained data characterizing a location failed (e.g. cell_ID cannot be determined since there is no service in the
10 current location of mobile communication device 105 or mobile communication device 105 is in flight mode, etc.) a restriction notification can be issued (step 540). In such cases, it may be desirable to control (e.g. enable, disable, etc.) one or more elements of mobile communication device 105. For example, it may be desirable to disable mobile communication device 105 camera 200 if mobile communication device 105 location is
15 unknown, as mobile communication device 105 may be within a restricted location.
Thus, if using, for example, the cell_ID technique for location determination, in case mobile communication device 105 contains no indication of its current cell_ID, there may be a need to disable one or more mobile communication device 105 elements.
In case obtaining data characterizing mobile communication device 105 location
20 has been successful, security module 235 can be configured to validate that mobile communication device 105 complies with the security policy (step 520). As indicated above, the security policy can, for example, require certain elements of mobile communication device 105 to be controlled (e.g. disabled, enabled, etc.) within certain restricted locations. For example, security policy data can define that when mobile
25 communication device 105 is located in a certain cell, camera 200 is to be disabled. If mobile communication device 105 is located within the cell in which camera 200 is to be disabled, security module 235 can check if camera 200 is disabled and thus the security policy is met or if camera 200 is enabled and thus the security policy is not met.
In case security policy is not met, a restriction notification can be issued (step
30 540). If, however, security policy is met, a non-restriction notification can be issued (step 530). It can be appreciated that, pending the type of notification issued (restriction or non restriction notification), it may be desirable to control (e.g. enable, disable, etc.) one or more elements of mobile communication device 105, accordingly. It is to be understood that the presently disclosed subject matter is not limited in its application to the details set forth in the description contained herein or illustrated in the drawings. The presently disclosed subject matter is capable of other embodiments and of being practiced and carried out in various ways. Hence, it is to be understood that the phraseology and terminology employed herein are for the purpose of description and should not be regarded as limiting. As such, those skilled in the art will appreciate that the conception upon which this disclosure is based may readily be utilized as a basis for designing other structures, methods, and systems for carrying out the several purposes of the present presently disclosed subject matter.
It will also be understood that the system according to the presently disclosed subject matter may be a suitably programmed computer. Likewise, the presently disclosed subject matter contemplates a computer program being readable by a computer for executing the method of the presently disclosed subject matter. The presently disclosed subject matter further contemplates a machine -readable memory tangibly embodying a program of instructions executable by the machine for executing the method of the presently disclosed subject matter.

Claims

CLAIMS:
1. A mobile communication device comprising a security module wherein said security module is configured to:
obtain data characterizing a location of said mobile communication device; check if said data characterizing said location indicates that said mobile communication device is located within a restricted location according to restricted locations data characterizing restricted locations; and
enable control of operation of one or more elements of said mobile communication device if said mobile communication device is located within said restricted location, wherein said control is made in accordance with a security policy.
2. The mobile communication device of claim 1 wherein said security policy comprises data defining a required control type of said elements at said restricted location.
3. The mobile communication device of claim 1 wherein said security module is burned on said mobile communication device's Read Only Memory.
4. The mobile communication device of claim 1 wherein said restricted locations data is stored in a data repository.
5. The mobile communication device of claim 2 wherein said required control type is enabling or disabling said element and wherein said controlling is made in accordance with said required control type.
6. The mobile communication device of claim 5 wherein one of said elements is a camera and wherein said disabling is made by activating the camera.
7. The mobile communication device of claim 1 wherein said restricted locations data is represented by one or more of:
a. cell_IDs;
b. global positioning system coordinates;
c. wireless network identifiers;
d. Radio Frequency Identification (RFID) tags identifiers;
e. wireless access points identifiers;
f. Bluetooth device identifiers.
8. The mobile communication device of claim 1 wherein said data characterizing said location is one or more of: a. a cell_ID;
b. global positioning system coordinates;
c. a wireless network identifier;
d. an Radio Frequency Identification (RFID) tags identifier;
e. a wireless access points identifier;
f. a Bluetooth device identifier.
9. The mobile communication device of claim 1 wherein said elements are one or more of:
a. a camera;
b. a wireless communication facility;
c. a software application;
d. a receiver / transmitter.
10. The mobile communication device of claim 1 wherein said security module is further configured to enable control of operation of at least one element of said mobile communication device if said obtain data characterizing a location of said mobile communication device failed.
11. The mobile communication device of claim 1 wherein said security module is further configured to receive updates in respect of said restricted locations data and update said restricted locations data accordingly.
12. The mobile communication device of claim 1 wherein said security module is further configured to retrieve updates to said restricted locations data from a central server and update said restricted locations data accordingly.
13. The mobile communication device of claim 1 wherein said security module is further configured to receive updates to said security module and install said updates on said mobile communication device.
14. The mobile communication device of claim 1 wherein said security module is further configured to retrieve updates to said security module from a central server and install said updates on said mobile communication device.
15. The mobile communication device of claim 12 wherein said updates are retrieved upon said mobile communication device activation.
16. The mobile communication device of claim 1 wherein at least one of said security module and said restricted locations data is inaccessible to users of said mobile communication device.
17. The mobile communication device of claim 1 wherein said security module is stored on a Read Only Memory (ROM) of said mobile communication device.
18. The mobile communication device of claim 1 wherein said security policy is a user-based security policy.
19. The mobile communication device of claim 1 wherein said data characterizing said location is obtained using the most accurate location determination method available.
20. A method of operating a mobile communication device, the method comprising:
obtaining data characterizing a location of said mobile communication device; checking if said data characterizing said indicates that said mobile communication device is located within a restricted location according to restricted locations data characterizing restricted locations; and
controlling operation of one or more elements of said mobile communication device if said mobile communication device is located within said restricted location, wherein said controlling is made in accordance with a security policy.
21. The method of claim 20 wherein said security policy comprises data defining a required control type of said elements at said restricted location and wherein said controlling is made in accordance with said required control type.
22. The method of claim 20 wherein said restricted locations data is stored in a data repository.
23. The method of claim 21 wherein said required control type is enabling or disabling said element.
24. The method of claim 23 wherein one of said elements is a camera and wherein said disabling is made by activating the camera.
25. The method of claim 20 wherein said restricted locations data is represented by one or more of:
a. cell_IDs;
b. global positioning system coordinates;
c. wireless network identifiers;
d. Radio Frequency Identification (RFID) tags identifiers;
e. wireless access points identifiers; f. Bluetooth device identifiers.
26. The method of claim 20 wherein said data characterizing said location is one or more of:
a. a cell_ID;
b. global positioning system coordinates;
c. a wireless network identifier
d. a Radio Frequency Identification (RFID) tag identifier;
e. a wireless access points identifier;
f. a Bluetooth device identifier.
27. The method of claim 20 wherein said elements are one or more of:
a. a camera;
b. a wireless communication facility;
c. a software application;
d. a receiver / transmitter.
28. The method of claim 20 further comprising enabling control of operation of at least one element of said mobile communication device if said obtaining data characterizing a location of said mobile communication device failed.
29. The method of claim 20 further comprising receiving updates in respect of said restricted locations data and updating said restricted locations data accordingly.
30. The method of claim 20 further comprising retrieving updates to said restricted locations data from a central server and enabling updating said restricted locations data accordingly.
31. The method of claim 28 wherein said updates are retrieved upon said mobile communication device activation.
32. The method of claim 20 wherein said security policy is a user-based security policy.
33. The method of claim 20 wherein said data characterizing said location is obtained using the most accurate location determination method available.
34. A security module operable in association with a mobile communication device, wherein said security module is configured to:
obtain data characterizing a location of said mobile communication device; check if said data characterizing said location indicates that said mobile communication device is located within a restricted location according to restricted locations data characterizing restricted locations; and
enable control of operation of one or more elements of said mobile communication device if said mobile communication device is located within said restricted location, wherein said control is made in accordance with a security policy.
35. The security module of claim 34 wherein said security policy comprises data defining a required control type of said elements at said restricted location.
36. The security module of claim 34 wherein said security module is operably connected to a data repository and wherein said restricted locations data is stored in said data repository.
37. The security module of claim 35 wherein said control type is enabling or disabling said element.
38. The security module of claim 37 wherein one of said elements is a camera and wherein said disabling is made by activating the camera.
39. The security module of claim 34 wherein said restricted locations data is represented by one or more of:
a. cell_IDs;
b. global positioning system coordinates;
c. wireless network identifiers;
d. Radio Frequency Identification (RFID) tags identifiers;
e. wireless access points identifiers;
f. Bluetooth device identifiers.
40. The security module of claim 34 wherein said data characterizing said location is one or more of:
a. a cell_ID;
b. global positioning system coordinates;
c. a wireless network identifier;
d. a Radio Frequency Identification (RFID) tag identifier;
e. a wireless access points identifier;
f. a Bluetooth device identifier.
41. The security module of claim 34 wherein said elements are one or more of: a. a camera;
b. a wireless communication facility;
c. a software application;
d. a receiver / transmitter.
42. The security module of claim 34 wherein said security module is further configured to enable control of operation of at least one element of said mobile communication device if said obtain data characterizing a location of said mobile communication device failed.
43. The security module of claim 34 wherein said security module is further configured to receive updates in respect of said restricted locations data and update said restricted locations data accordingly.
44. The security module of claim 34 wherein said security module is further configured to retrieve updates to said restricted locations data from a central server and update said restricted locations data accordingly.
45. The security module of claim 34 wherein said security module is further configured to receive updates to said security module and install said updates on said mobile communication device.
46. The security module of claims 34 wherein said security module is further configured to retrieve updates to security module from a central server and install said updates on said mobile communication device.
47. The security module of claim 44 wherein said updates are retrieved upon said mobile communication device activation.
48. The security module of claim 34 wherein at least one of said security module and said restricted locations data is inaccessible to users of said mobile communication device.
49. The security module of claim 34 wherein said security policy is a user- based security policy.
50. The security module of claim 34 wherein said security module is stored on a Read Only Memory (ROM) of said mobile communication device.
51. The security module of claim 34 wherein said data characterizing said location is obtained using the most accurate location determination method available.
PCT/IL2012/050257 2011-07-20 2012-07-19 System and method for location based control of elements of a mobile communication device WO2013011512A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
IL214209 2011-07-20
IL214209A IL214209A0 (en) 2011-07-20 2011-07-20 System and method for location based control of elements of a mobile communication device

Publications (1)

Publication Number Publication Date
WO2013011512A1 true WO2013011512A1 (en) 2013-01-24

Family

ID=45768455

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IL2012/050257 WO2013011512A1 (en) 2011-07-20 2012-07-19 System and method for location based control of elements of a mobile communication device

Country Status (2)

Country Link
IL (1) IL214209A0 (en)
WO (1) WO2013011512A1 (en)

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2014179750A1 (en) * 2013-05-02 2014-11-06 Sky Socket, Llc Location-based configuration profile toggling
WO2014179743A1 (en) * 2013-05-02 2014-11-06 Sky Socket, Llc Time-based configuration policy toggling
WO2014179152A1 (en) * 2013-05-03 2014-11-06 Qualcomm Incorporated Location based enforcement of mobile policy
US9609022B2 (en) * 2014-12-10 2017-03-28 Sybase, Inc. Context based dynamically switching device configuration
EP3193539A1 (en) * 2016-01-14 2017-07-19 Telia Company AB A solution for controlling an operating mode of a mobile terminal
JP2017534958A (en) * 2014-09-18 2017-11-24 ブーズ−アレン アンド ハミルトン System and method for location-based security
US10061933B1 (en) 2018-01-09 2018-08-28 Booz Allen Hamilton Inc. System and method for controlling the power states of a mobile computing device
US10795981B2 (en) 2014-11-05 2020-10-06 Elta Systems Ltd. Add-on modem for wireless devices and methods useful in conjunction therewith
US10951541B2 (en) 2012-02-14 2021-03-16 Airwatch, Llc Controlling distribution of resources on a network
US11082355B2 (en) 2012-02-14 2021-08-03 Airwatch, Llc Controllng distribution of resources in a network
US11354426B2 (en) 2017-11-15 2022-06-07 High Sec Labs Ltd. Cellular phone security pack method and apparatus
US11824644B2 (en) 2013-03-14 2023-11-21 Airwatch, Llc Controlling electronically communicated resources

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100159985A1 (en) * 2006-09-01 2010-06-24 Ladouceur Norman M Disabling operation of a camera on a handheld mobile communication device based upon enabling or disabling devices
US7769394B1 (en) * 2006-10-06 2010-08-03 Sprint Communications Company L.P. System and method for location-based device control
US20100325194A1 (en) * 2009-06-17 2010-12-23 Apple Inc. Push-based location update

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100159985A1 (en) * 2006-09-01 2010-06-24 Ladouceur Norman M Disabling operation of a camera on a handheld mobile communication device based upon enabling or disabling devices
US7769394B1 (en) * 2006-10-06 2010-08-03 Sprint Communications Company L.P. System and method for location-based device control
US20100325194A1 (en) * 2009-06-17 2010-12-23 Apple Inc. Push-based location update

Cited By (24)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10951541B2 (en) 2012-02-14 2021-03-16 Airwatch, Llc Controlling distribution of resources on a network
US11082355B2 (en) 2012-02-14 2021-08-03 Airwatch, Llc Controllng distribution of resources in a network
US11483252B2 (en) 2012-02-14 2022-10-25 Airwatch, Llc Controlling distribution of resources on a network
US11824644B2 (en) 2013-03-14 2023-11-21 Airwatch, Llc Controlling electronically communicated resources
US11204993B2 (en) 2013-05-02 2021-12-21 Airwatch, Llc Location-based configuration profile toggling
US9219741B2 (en) 2013-05-02 2015-12-22 Airwatch, Llc Time-based configuration policy toggling
US9426162B2 (en) 2013-05-02 2016-08-23 Airwatch Llc Location-based configuration policy toggling
US10303872B2 (en) 2013-05-02 2019-05-28 Airwatch, Llc Location based configuration profile toggling
WO2014179743A1 (en) * 2013-05-02 2014-11-06 Sky Socket, Llc Time-based configuration policy toggling
WO2014179750A1 (en) * 2013-05-02 2014-11-06 Sky Socket, Llc Location-based configuration profile toggling
CN105165044A (en) * 2013-05-03 2015-12-16 高通股份有限公司 Location based enforcement of mobile policy
US9185135B2 (en) 2013-05-03 2015-11-10 Qualcomm Incorporated Location based enforcement of mobile policy
WO2014179152A1 (en) * 2013-05-03 2014-11-06 Qualcomm Incorporated Location based enforcement of mobile policy
US10244347B2 (en) 2014-09-18 2019-03-26 Booz Allen Hamilton Inc. System and method for location-based security
AU2015317482B2 (en) * 2014-09-18 2021-04-01 Booz Allen Hamilton Inc System and method for location-based security
EP3195180A4 (en) * 2014-09-18 2018-04-18 Booz, Allen & Hamilton System and method for location-based security
JP2017534958A (en) * 2014-09-18 2017-11-24 ブーズ−アレン アンド ハミルトン System and method for location-based security
US10795981B2 (en) 2014-11-05 2020-10-06 Elta Systems Ltd. Add-on modem for wireless devices and methods useful in conjunction therewith
US9609022B2 (en) * 2014-12-10 2017-03-28 Sybase, Inc. Context based dynamically switching device configuration
US10715652B2 (en) 2016-01-14 2020-07-14 Telia Company Ab Solution for controlling an operating mode of a mobile terminal
EP3193539A1 (en) * 2016-01-14 2017-07-19 Telia Company AB A solution for controlling an operating mode of a mobile terminal
US11354426B2 (en) 2017-11-15 2022-06-07 High Sec Labs Ltd. Cellular phone security pack method and apparatus
US10372923B2 (en) 2018-01-09 2019-08-06 Booz Allen Hamilton Inc. System and method for controlling the power states of a mobile computing device
US10061933B1 (en) 2018-01-09 2018-08-28 Booz Allen Hamilton Inc. System and method for controlling the power states of a mobile computing device

Also Published As

Publication number Publication date
IL214209A0 (en) 2012-01-31

Similar Documents

Publication Publication Date Title
WO2013011512A1 (en) System and method for location based control of elements of a mobile communication device
CN107079525B (en) Tracking mobile devices
CN102089764B (en) A security module having a secondary agent in coordination with a host agent
US9723487B2 (en) Mobile device security system
EP2196045B1 (en) System and method for protecting data in wireless devices
US11704446B2 (en) Theft detector
US8639290B2 (en) UICC control over devices used to obtain service
CN101187701B (en) Communication apparatus, communication apparatus protecting method
US9889820B2 (en) Car theft tracking system and method
AU2018337982B2 (en) Contraband detection through smart power components
CN111475835A (en) Method, device, terminal, system and readable storage medium for switching working modes of terminal
US20100309895A1 (en) Data transmission from a vehicle and network regulation
KR101272136B1 (en) Method on Postion Based Security of Mobile Device
US9584474B2 (en) SIM card activation
US10592700B2 (en) Securing electronic property from unauthorized use
KR101800000B1 (en) Loss prevention and management system and method thereof
US20160274920A1 (en) Method and device for integrated usability control
CN102104697A (en) Stealing processing method and device
JP6336793B2 (en) Wireless communication system and wireless communication method
CN111767971A (en) Terminal control method and device based on electronic tag, terminal and readable storage medium
JP2006338559A (en) Distribution server and distribution method
CN103918294A (en) Method of preventing fraudulent use of security module
CN113609473B (en) Wind control method for retrieving passwords, terminal equipment and server
JP2018157459A (en) Information processing system, information processing method and portable terminal
CN107277804B (en) Operation execution method and device and terminal

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 12815456

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 12815456

Country of ref document: EP

Kind code of ref document: A1