RU2450333C1 - Method of protecting personal data on mobile device - Google Patents

Abstract

FIELD: information technology.

SUBSTANCE: information on personal data on a mobile device is collected using a data collection apparatus and the collected data are transmitted to a data analysis apparatus; significance of the collected data for the user is evaluated using the data analysis apparatus and a database of rules of said evaluation, and the evaluated data are transmitted to apparatus for determining protection actions; a set of indicative actions is determined for the evaluated data using the apparatus for determining actions and a database of actions depending on their significance for the user; conditions are formed from the database of actions for each of the actions in the set of actions for protecting personal data using apparatus for determining conditions; the action is executed using apparatus for executing actions for protecting data.

EFFECT: protection of data in mobile telephone memory.

7 cl, 9 dwg

Description

Field of Invention

The present invention relates to methods for protecting personal data on a mobile device.

State of the art

At present, the security of user data is very acute. Data can be stored on desktop computers or servers, and in this case, their protection can be provided by traditional means such as the use of encryption, data backup systems or file shredders that permanently delete data. However, when using mobile devices, there is another problem associated with the possible loss or theft of a mobile device (smartphone or communicator). In this case, the user is not able to prevent his personal and often very important data from falling into the wrong hands. Another option for the necessary protection of personal data on a mobile device involves hiding information from unauthorized persons at the moment when a person leaves his device for a short period of time - for example, at work or at home.

It is worth noting that many companies are involved in solving such issues. For example, in the patent US 7673347 the following approach is used - data on the computer is hidden from public viewing by other persons. Locking turns off the display of information. Access to information requires authorization. In the patent CN 101674583, data hiding is achieved by analyzing the SIM card, and when it is changed, the data is encrypted (hidden). In US 7478420 B2, data hiding is achieved by hiding files. Similar processes are managed through security policies.

Patents such as CN 101483861, CN 1980429 A, CN 101345963 A use a method of hiding information related to a contact in a telephone. Hiding can also be done by pressing the highlighted button. Data for hiding includes folders, SMS, MMS (and other media files), records.

To hide information it is also convenient to find all the information associated with a particular contact. For example, CN 101325767 A uses a method for linking contact information (name, number, mail), which saves time by manually creating a binding of one information to another. In the application US 20080151877 A1 indicated the ability to synchronize information associated with the contact. The application KR 2009013433 A describes the possibility of storing the entire communication history (for example, calls) with a contact.

Although the above approaches are aimed at identifying information related to certain contacts on the phone, with a view to its further concealment, these approaches have a number of disadvantages associated with the fact that there are also applications with their own data that may contain important information, in which case the task of hiding such information lies with the user. This invention allows to more effectively and efficiently solve the problem of determining personal data stored on a mobile device in order to further protect them.

Disclosure of invention

The technical result of the invention is to provide a simpler and more reliable way to determine personal data stored on a mobile device with a view to their further protection.

According to one implementation option, a method for protecting personal data on a mobile device is proposed, which consists in: collecting information about personal data on a mobile device using a data collection tool and transmitting the collected data to a data analysis tool; evaluate the collected data from the point of view of the importance of the data to the user using the data analysis tool and the database of evaluation rules, and transmit the evaluated data to the action determination tool; define a set of actions for the evaluated data using the means of determining actions and a database of actions, depending on their importance to the user; form the appropriate conditions from the database of actions for each action from a set of actions in order to protect personal data, using the condition determination tool; perform the action specified in the previous step when the condition is met using the action tool.

In a private embodiment, the personal data are: installed applications and the data they use; files located on a mobile device; contacts and related messages.

In another particular embodiment, the data used by the installed applications is files.

In another particular embodiment, the evaluation of data from the point of view of importance is based on the use of at least one of the analysis methods: fuzzy logic; statistical analysis; cluster analysis; neural networks.

In a private embodiment, the action to protect personal data is: data encryption; data deletion; creating a backup.

As another private implementation option, the condition is to send a code to perform a given action when one of the following events occurs: theft of a mobile device; prolonged absence of user activity; SIM card change; loss of a mobile device.

According to another embodiment, a personal data protection system on a mobile device is proposed, which comprises the following means: a data collection means for collecting information about personal data on a mobile device, wherein the data collection means is also associated with a data analysis means; a data analysis tool for evaluating the collected data from the point of view of the importance of the data to the user, while the data analysis tool is also associated with a database of evaluation rules and a means of determining actions; a database of evaluation rules designed to store rules for evaluating collected data in terms of the importance of data to the user; action determination means for determining a set of actions for the evaluated data, wherein the action determination means is also associated with the action database and the action determination means; database of actions designed to store actions and conditions for their implementation in order to protect personal data; means for determining conditions, designed to determine the appropriate conditions for each action from a specific set of actions, while the means for determining conditions is also associated with a database of actions and with a means of performing actions; means of performing actions designed to perform actions defined using the means of determining actions.

Brief Description of the Drawings

Additional objectives, features and advantages of the present invention will be apparent from reading the following description of an embodiment of the invention with reference to the accompanying drawings, in which:

1 is an example of a general purpose system, such as a mobile device, on which the present invention can be implemented.

2 illustrates data used on a mobile device.

Figure 3 illustrates an example of data used on a mobile device in terms of importance.

Figure 4 illustrates a method for evaluating data on a user's mobile device in terms of its importance.

Figa, b, c illustrate examples of implementation of the database of rules for evaluating applications, files and contacts, respectively.

6 shows the algorithm of the present invention.

Fig.7 leads a system of tools that implements the protection of personal data on a mobile device.

Description of Preferred Embodiments

The objects and features of the present invention, methods for achieving these objects and features will become apparent by reference to exemplary embodiments. However, the present invention is not limited to the exemplary embodiments disclosed below, it can be embodied in various forms. The essence described in the description is nothing more than the specific details provided to assist the specialist in the field of technology in a comprehensive understanding of the invention, and the present invention is defined only in the scope of the attached claims.

The present invention is intended for use in any mobile computing device capable of perceiving and processing both text data and image data. It can be smartphones, communicators, ultra-mobile PCs (UMPC), Internet tablets.

FIG. 1 represents an example of a general-purpose system, such as a mobile device 20, comprising a central processor 21, a system memory 22, and a system bus 23 that contains various system components, including memory associated with the central processor 21. The system bus 23 is implemented as any prior art bus structure comprising, in turn, a bus memory or a bus memory controller, a peripheral bus and a local bus that is capable of interacting with any other bus architecture. The system memory contains read-only memory (ROM) 24, random access memory (RAM) 25. The main input / output system (BIOS), containing the basic procedures that ensure the transfer of information between the elements of the mobile device 20, for example, at the time of loading using ROM 24.

The mobile device 20, in turn, contains a disk 27 for reading and writing. The disk 27 is connected to the system bus 23 through the interface of the disk 32. The drives and associated computer storage media are non-volatile means of storing computer instructions, data structures, program modules and other data of the mobile device 20. This description discloses an implementation of a system that uses a hard disk, but it should be understood that it is possible to use other types of computer storage media that can store data in a form readable by a computer (cassettes with gnitnoy tape, memory card, flash, digital disks, Bernoulli cartridges, random access memory (RAM), read only memories (ROM), etc.). The term “computer-readable medium of programs” or “computer-readable medium of information” is usually called a medium such as disc 27.

Some of the software modules, including the operating system 35, are stored on disk 27, ROM 24 or RAM 25. The mobile device 20 has a file system 36 where the recorded operating system 35 and additional software applications 37, other program modules 38 and program data are stored 39. The user has the ability to enter commands and information into the mobile device 20 through the input device 40. Such input devices are, as usual, connected to the central processor 21 through the serial port 46, which, in its turn, is connected to the system bus, but may be connected in any other way, such as a parallel port, game port or a universal serial bus (USB). A display 47 or other type of display device is also connected to the system bus 23 via an interface, such as a video adapter 48.

The mobile device 20 is capable of operating in a networked environment, using a logical connection with another or several remote mobile devices 49. The remote mobile device or devices 49 are the same smartphones, communicators, ultra-mobile PCs (UMPCs), Internet tablets and, as usual, have most or all of the above elements described previously in explaining the nature of the mobile device 20 shown in FIG. 1 only as a storage device 50 in which applications are stored 37 '. Logical connections mean connection 51, which can be implemented in the form of GSM, CDMA, UMTS, WiMAX, LTE and other mobile communication standards.

The mobile device 20 may be connected to other mobile devices 51 via a network interface 53 or a modem 54, and may also have other means of establishing communication with a global computer network, such as the Internet. The modem 54, which is internal or external, is connected to the system bus 23 via the serial port 46. It should be clarified that such connections are only exemplary and are not required to display the exact connection configuration of the mobile device with various networks, i.e. in reality, there are other ways to establish a logical connection by other technical means of communication of one mobile device with another.

The mobile device 20 itself has a set of contacts 210, each of which has its own SMS / MMS message history, a set of applications 220 with an available set of used data, as well as a data set 230, which may include files with various information. For each user, different types of data have a different degree of importance. If it is very important for one user to store information about his contacts (call history, messages, etc.), then the other user will be primarily interested in the inviolability of data associated with a web browser or email client. There are various types of applications, such as task planners and financial accounting systems, such as MyLife Organized, Pocket Informant, MoneyHarp, SmartOrganizer, Spb Finance, which can be used to store various kinds of personal information, which, for example, can be used including to access the user's bank accounts, i.e. such information is strictly confidential. With the loss of a mobile device, or - even worse - with its theft, the importance of protecting such applications and the data they use becomes extremely necessary. Users may also wish to hide some contacts with an appropriate call and message history (SMS / MMS) or data files stored on a mobile device, as they may also contain user confidential information.

Figure 3 shows the same data sets as in Figure 2, in terms of their importance to the user. For example, critical information 310 can be considered application 3 (a program for accounting for finances) and contact 2 with the corresponding call and message history. This information is strictly private and should not be shared with third parties. Thus, for critical information, you can set the most stringent rules for concealment. The following is important information 320, which includes the remaining contacts and part of the data on the mobile device 20 (data 1). In this case, it is also important for the user to hide the information associated with the contacts listed and save the data 1 (for example, it may be a file with the routine of affairs for the past week). The remaining information (it is marked as regular 330) is no longer of great importance - for example, it can be easily restored, such as applications 1 and 2, which can be games. Figure 3 illustrates only an exemplary option for assessing the importance of information for the user and may contain other gradations (not only conditionally given critical / important / ordinary information) of importance from the point of view of the user.

Figure 4 illustrates a method for evaluating data on a user's mobile device in terms of its importance. At step 410, data is collected about installed applications and the data they use. The search may include analysis of the file system, registry, operating system logs, etc. At 420, the detected applications are evaluated in terms of importance to the user. For this purpose, an application database 430 is used.

The application database 430 contains information about known applications. This database includes information about the name of the application, its version, known vulnerabilities, data files used by the application, types of stored information (Fig. 5a). For example, the Opera Mini application, depending on the type of information stored (web page address), can have a different type of importance - if this browser was used to access protected resources and saved authorization data, the importance of this application will be increased. If through a browser the user has access to various social networks (such as Facebook or Linkedin, which may contain personal information), then first of all it will be necessary to clear the cookies (cookies) and protect the account (i.e. the importance will be high) . At the same time, many applications like games will have a low level of importance, since they do not carry personal information.

Next, at step 440, the files on the disk of the mobile device 20 are scanned. A similar scan process is a standard tool when running an anti-virus application that can be used for these purposes. At step 450, the found files are evaluated in terms of importance using a database of 460 file rating rules.

The database of rules for evaluating files 460 contains information on assessing the importance of files taking into account their main parameters (Fig.5b). The file name, its extension, location on disk, file history, which includes a log of its changes, an indication of the types of stored information (text, multimedia), as well as additional attributes (encryption, packaging) are taken into account. For example, if a text file with the name login.txt is found in the "Personal" folder, it will be assigned a high level of importance, while for a file with the extension ".mp3" in the "Music" folder, it will be set to low. Another example is the browser cache, which contains saved web pages that the user has accessed. In one embodiment, such a cache may be defined as a data type of high importance.

At step 470, data about the user's contacts is collected and then evaluated from the point of view of importance at step 480. For this, a database of rules for evaluating contacts 490 is used, which is reflected in more detail in Fig. 5c. They take into account parameters such as the name of the contact, the group this contact belongs to, the number of messages sent and received, call history and other additional contact attributes that may be specific to different platforms, such as Windows Mobile or Symbian, or device types, manufactured by various manufacturers like NTS, Nokia or Samsung.

It should be understood that the above examples of application databases 430, rules for evaluating files 460 and rules for evaluating contacts 490 are exemplary and may have other implementations. The rules contained in such databases have a simple description and can be edited manually by the users of mobile devices to improve the level of assessment of the importance of data. The application databases 430 themselves, the rules for evaluating files 460 and the rules for evaluating contacts 490 can be implemented on the basis of such database management systems as MySQL, PostgreSQL, InterBase, MSDE, DB2 and others.

In one embodiment, the steps in FIG. 4 take place on the mobile device 20, but the databases of applications 430 themselves, rules for evaluating files 460, and rules for evaluating contacts 490 may be on the side of the provider of such information services due to their size and complexity. In this case, each stage associated with the evaluation of certain data will be associated with the transfer of the collected data to the server of the information service provider.

The evaluation rules, which are stored in the databases of FIGS. 5a-5c, can be formed on the side of the information service provider, who pre-analyzes known programs and file types, as well as receiving statistics from users on the importance of contacts for them (statistical analysis) . Thus, if a notification was received from a large number of users that they consider the contact to be important and often call him and / or send messages, the following rule will be automatically generated that will work when evaluating contacts from other users:

IF the number of calls AND / OR the number of messages is MORE <set threshold> THEN the contact is important.

When evaluating applications, you can use cluster analysis, which allows you to assign the application to an already known group based on a number of features. For example, considering that applications designed to account for personal data are important, they also have a number of features, such as the ability to encrypt stored data, using authentication at application startup, support for certain file formats for storage, when an application is detected that possesses the listed set of features, it will be classified as an application designed to account for personal data, and will be identified as important.

Another evaluation option also involves the use of neural networks, for example, to assess the importance of files. Information can be supplied to the input layer of neurons in the form of metadata about files, such as: name and type of file, its size, location on disk, the fact of packing the file, etc. After receiving all the necessary input data, the result is taken from the output layer of neurons as a final value importance to the source file. It should be understood that other methods of assessment and analysis can also be applied, in addition to the above.

In one embodiment of the present invention, a fuzzy logic system may be used for a better evaluation for working with data in databases of applications 430, rules for evaluating files 460, and rules for evaluating contacts 490. The fuzzy logic system involves three stages:

1. Fuzzification - the introduction of fuzziness. To perform this operation, linguistic variables are determined for all input variables, term sets are formed for each linguistic variable, membership functions are constructed for each term. For example, for a linguistic variable “the number of messages associated with a contact”, the term set will look like {“small”, “a little”, “a lot”, “a lot”}, which allows you to move away from a large number of numbers.

2. Creating and using a fuzzy knowledge base. The fuzzy knowledge base consists of production rules of the form IF <premise of the rule> THEN <conclusion of the rule>. For example, you can use the following rule: "IF the number of messages associated with a contact is many, then the importance of the contact is high." The construction of such rules is usually not difficult, since they are understandable and are a kind of “verbal coding”.

3. Defuzzification - getting a clear number at the output, which in this case is an assessment of the importance of the data.

The fuzzy logic system for the present invention is of great value, since it allows you to very flexibly take into account many different characteristics used in a mobile data device.

Figure 6 shows the operation algorithm of the present invention. At step 610, data is collected on the mobile device and evaluated in terms of importance in the next step 620, which is described in more detail in FIG. 4. Next, a set of actions that are applicable to the data in various situations is determined (block 630). Possible situations may be the lack of activity of the mobile device (for example, when a user leaves his mobile device at home and does not use it for some time), his loss or theft, other situations that require certain actions. Possible actions on the data may be their deletion / encryption / hiding / backup.

An action database 640 is used to store possible actions. In one implementation variant, such a database can store condition-action relations in the format of production rules in the format described above IF <sending the rule>, THEN <conclusion of the rule>. For example, one of the rules can be described as follows: "IF the contact is important AND the device is inactive, THEN hiding the contact." Thus, the determination of the set of actions for the evaluated data depending on their importance at step 630 can be performed in the form of a comparator or software tools for comparison or comparing.

To perform all these actions, conditions are provided that can include either entering the appropriate code (either manually or by sending SMS), as well as parameters related to the device itself (for example, determining the duration of inactivity of a user or determining the fact of a SIM card change). The formation of such conditions occurs at step 650 and can be performed either automatically (for example, creating code for each action) using the database of actions 640, and then manually edited by the user. In the end, when the condition is met at step 660, the mobile device performs the necessary actions described in the database of action 640.

Figure 7 shows a system of tools that implements the protection of personal data on a mobile device. A data collection means 710 collects data on a mobile device. The data can be considered contacts, applications, files on the mobile device 20. The data collected by the data collection tool 710 are transmitted to the data analysis tool 720, which evaluates them from the point of view of importance, which is described in FIG. 4. For this, a database of rules for evaluation 730 is also used, which can be represented by the databases shown in FIGS. 5a-c. Further, for the evaluated data, an action determination tool 740 is used, which uses an action database 640, which is described in more detail in FIG. 6. Additionally, the action determination means 740 determines the conditions under which certain actions will occur. After that, the means 750 determine the conditions sets the conditions under which the specified actions will be performed. The definition of actions and corresponding conditions occurs both automatically, using the database of actions 640, and can be manually set by the user by changing automatically created actions and conditions. In turn, the means 760 perform actions performs the intended actions when appropriate conditions occur. Note that all of the above tools can be implemented in the form of a specialized integrated circuit (ASIC), a matrix of logical elements with operational programming (FPGA), or any other combination of software and hardware (firmware).

The present description sets forth the main inventive concept of the authors, which cannot be limited to those hardware devices that were mentioned earlier. It should be noted that hardware devices are primarily designed to solve a narrow problem. Over time and with the development of technological progress, such a task becomes more complicated or evolves. New tools are emerging that are able to fulfill new requirements. In this sense, these hardware devices should be considered from the point of view of the class of technical problems they solve, and not purely technical implementation on some element base.

Claims (7)

1. A method of protecting personal data on a mobile device, which consists in the fact that:
a) collect information about personal data on a mobile device using a data collection tool and transmit the collected data to a data analysis tool;
b) evaluate the collected data from the point of view of the importance of the data for the user, using the data analysis tool and the database of assessment rules, and transmit the evaluated data to the action determination tool;
c) determine the set of actions for the evaluated data using the means of determining actions and a database of actions, depending on their importance to the user;
d) form the appropriate conditions from the database of actions for each action from a set of actions in order to protect personal data using the means of determining the conditions;
e) perform the action specified in step d) when the condition is met using the action tool. 2. The method according to claim 1, in which the personal data is:
a) installed applications and the data they use;
b) files located on a mobile device;
c) contacts and related messages. 3. The method of claim 2, wherein the data used by the installed applications is files. 4. The method according to claim 1, in which the evaluation of the data from the point of view of importance is based on the use of at least one of the analysis methods:
a) fuzzy logic;
b) statistical analysis;
c) cluster analysis;
d) neural networks. 5. The method according to claim 1, in which the action to protect personal data is:
a) data encryption;
b) data deletion;
c) creating a backup copy. 6. The method according to claim 1, in which the condition is to send a code to perform a given action when one of the following events occurs:
a) theft of a mobile device;
b) prolonged lack of user activity;
c) change of SIM-card;
d) loss of a mobile device 7. A system for protecting personal data on a mobile device, which contains the following means:
a) a data collection tool designed to collect information about personal data on a mobile device, while the data collection tool is also associated with a data analysis tool;
b) a data analysis tool designed to evaluate the collected data from the point of view of the importance of the data to the user, while the data analysis tool is also associated with a database of evaluation rules and a means of determining actions;
c) a database of evaluation rules designed to store the rules for evaluating the collected data in terms of the importance of the data to the user;
d) a means of determining actions designed to determine a set of actions for the evaluated data, while the means of determining actions is also associated with a database of actions and means of determining actions;
e) a database of actions designed to store actions and conditions for their implementation in order to protect personal data;
f) a means of determining the conditions, designed to determine the appropriate conditions for each action from a specific set of actions, while the means of determining the conditions is also associated with a database of actions and with a means of performing actions;
g) a means of performing actions designed to perform actions defined using the means of determining actions.

Images