WO2010023508A1 - Method, apparatus and computer program product for providing device security - Google Patents

Method, apparatus and computer program product for providing device security Download PDF

Info

Publication number
WO2010023508A1
WO2010023508A1 PCT/IB2008/053523 IB2008053523W WO2010023508A1 WO 2010023508 A1 WO2010023508 A1 WO 2010023508A1 IB 2008053523 W IB2008053523 W IB 2008053523W WO 2010023508 A1 WO2010023508 A1 WO 2010023508A1
Authority
WO
WIPO (PCT)
Prior art keywords
security code
identifier
code
response
device identifier
Prior art date
Application number
PCT/IB2008/053523
Other languages
French (fr)
Inventor
Sergey Balandin
Original Assignee
Nokia Corporation
Nokia Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nokia Corporation, Nokia Inc. filed Critical Nokia Corporation
Priority to PCT/IB2008/053523 priority Critical patent/WO2010023508A1/en
Publication of WO2010023508A1 publication Critical patent/WO2010023508A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/88Detecting or preventing theft or loss
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • H04W12/126Anti-theft arrangements, e.g. protection against subscriber identity module [SIM] cloning

Definitions

  • Embodiments of the present invention relate generally to device security and, more particularly, relate to apparatuses, methods and computer program products for enabling the provision of an anti-theft mechanism for communication devices such as mobile terminals.
  • Communication devices are becoming increasingly ubiquitous in the modern world.
  • mobile communication devices seem to be popular with people of all ages, socio-economic backgrounds and sophistication levels. Accordingly, users of such devices are becoming increasingly attached to their respective mobile communication devices. Whether such devices are used for calling, emailing, sharing or consuming media content, gaming, navigation or various other activities, people are more connected to their devices and consequently more connected to each other and to the world at large.
  • a stolen phone may be added to a service provider blacklist so that the blacklisted phone will no longer be able to access the service provider's network.
  • the blacklist is typically based on the IMEI (International Mobile Equipment Identity) number of the phone, which is typically accessible on the phone or on the box (which has likely been thrown away).
  • IMEI International Mobile Equipment Identity
  • Another issue related to this solution is that many operators may be reluctant to use it, as it increases infrastructure maintenance costs.
  • Some software solutions have also been developed. However, these solutions have typically been easy to defeat since thieves have been able to access the software and delete it, or such solutions have been relatively easy to attack and/or hack.
  • a method, apparatus and computer program product are therefore provided that may enable the provision of an anti -theft mechanism for communication devices such as mobile terminals.
  • a mechanism may be provided for preventing completion of a boot process for a stolen device by employing a security code (e.g., a personal identification number (PIN) code) that is based on the identity of the device and the identity of the subscriber.
  • a security code e.g., a personal identification number (PIN) code
  • a method of providing an anti-theft mechanism for communication devices may include receiving a device identifier and a security code, the security code being provided by a user of the device during a boot up procedure of the device.
  • the method may also include comparing the security code to a reference security code stored in association with the device identifier and providing an indication to prevent access to user interface control of the device in response to the security code failing to match the reference security code.
  • the method may further include enabling access to the user interface control in response to completion of the boot up procedure and the security code matching the reference security code.
  • a computer program product for providing an anti-theft mechanism for communication devices is provided.
  • the computer program product may include at least one computer-readable storage medium having computer-executable program code portions stored therein.
  • the computer-executable program code portions may include a first program code instructions, second program code instructions, third program code instructions and fourth program code instructions.
  • the first program code instructions may be for receiving a device identifier and a security code, the security code being provided by a user of the device during a boot up procedure of the device.
  • the second program code instructions may be for comparing the security code to a reference security code stored in association with the device identifier.
  • the third program code instructions may be for providing an indication to prevent access to user interface control of the device in response to the security code failing to match the reference security code.
  • the fourth program code instructions may be for enabling access to the user interface control in response to completion of the boot up procedure and the security code matching the reference security code.
  • an apparatus for providing an anti -theft mechanism for communication devices may include a processor that may be configured to receive a device identifier and a security code, the security code being provided by a user of the device during a boot up procedure of the device, compare the security code to a reference security code stored in association with the device identifier, provide an indication to prevent access to user interface control of the device in response to the security code failing to match the reference security code.
  • the processor may be further configured to enable access to the user interface control in response to completion of the boot up procedure and the security code matching the reference security code.
  • a method for providing device security may include receiving an entered security code at a device in association with a boot up procedure of the device, comparing the entered security code to a stored security code, communicating the entered security code and a device identifier to a network device in response to the entered security code matching the stored security code, and enabling completion of the boot up procedure in response to receiving an indication that the entered security code matches a reference security code for the device identifier.
  • a computer program product for providing device security may include at least one computer-readable storage medium having computer-executable program code portions stored therein.
  • the computer-executable program code portions may include a first program code instructions, second program code instructions, third program code instructions and fourth program code instructions.
  • the first program code instructions may be for receiving an entered security code at a device in association with a boot up procedure of the device.
  • the second program code instructions may be for comparing the entered security code to a stored security code.
  • the third program code instructions may be for communicating the entered security code and a device identifier to a network device in response to the entered security code matching the stored security code.
  • the fourth program code instructions may be for enabling completion of the boot up procedure in response to receiving an indication that the entered security code matches a reference security code for the device identifier.
  • an apparatus for providing device security may comprise a processor.
  • the processor may be configured to receive an entered security code at a device in association with a boot up procedure of the device, compare the entered security code to a stored security code, communicate the entered security code and a device identifier to a network device in response to the entered security code matching the stored security code, and enable completion of the boot up procedure in response to receiving an indication that the entered security code matches a reference security code for the device identifier.
  • FIG. 1 is a schematic block diagram of a system according to an exemplary embodiment of the present invention
  • FIG. 2 is a schematic block diagram showing a network side apparatus for enabling the provision of an anti -theft mechanism for communication devices according to an exemplary embodiment of the present invention
  • FIG. 3 is a schematic block diagram of a client side apparatus for enabling the provision of an anti-theft mechanism for communication devices according to an exemplary embodiment of the present invention
  • FIG. 4 is a flowchart according to an exemplary method of providing a security code for device security according to an exemplary embodiment of the present invention.
  • FIG. 5 is a flowchart according to an exemplary method of providing device security according to an exemplary embodiment of the present invention.
  • a security code may be provided to a user of the device upon registration of the device to a service supporting the provision of security for the device.
  • a PIN code may be provided to the user to enable the user to enter the PIN code during device boot up. The PIN code may then be provided to the service to determine whether the device is stolen, or at least not in the possession of the registered owner. If the PIN code authenticates (e.g., is in possession of the registered owner or a designee that knows the PIN code), the device may continue to boot normally resulting in the provision of user interface control to the user. However, if the PIN code fails to authenticate in some regard, other action may be taken such as preventing the user from receiving user interface control.
  • anti-theft mechanism may be placed inside boot up procedure, so even a device re-flash will not help to hack it. It should be noted that although the term "anti-theft" is used to describe the embodiments below, these embodiments may function more generally to prevent any unauthorized use, even if the unauthorized use does not technically include theft.
  • FIG. l is a schematic block diagram of a system for providing device security according to an exemplary embodiment of the present invention.
  • FIG. 1 illustrates a general architecture of system including a mobile terminal 10 in communication with a network device (e.g., service platform 20) via a network 30.
  • a network device e.g., service platform 20
  • the network 30 may include a collection of various different nodes, devices or functions that may be in communication with each other via corresponding wired or wireless interfaces.
  • FIG. 1 should be understood to be exemplary of a broad view of certain elements of the system and not an all inclusive or detailed view of the system or the network 30.
  • One or more mobile terminals 10 may each include an antenna or antennas for transmitting signals to and for receiving signals from a base site, which could be, for example a base station that is a part of one or more cellular or mobile networks or an access point that may be coupled to a data network, such as a local area network (LAN), a metropolitan area network (MAN), and/or a wide area network (WAN), such as the Internet.
  • LAN local area network
  • MAN metropolitan area network
  • WAN wide area network
  • the mobile terminal 10 can be coupled to the mobile terminal 10 via the network 30.
  • the mobile terminal 10 may communicate with the other devices or other mobile terminals, for example, according to numerous communication protocols including Hypertext Transfer Protocol (HTTP) and/or the like, to thereby carry out various functions of the mobile terminal 10.
  • HTTP Hypertext Transfer Protocol
  • the network 30 may be capable of supporting communication in accordance with any one or more of a number of first-generation (IG), second-generation (2G), 2.5G, third-generation (3G), 3.5 G, 3.9G, fourth- generation (4G) mobile communication protocols or the like.
  • IG first-generation
  • 2G second-generation
  • 3G third-generation
  • 4G fourth- generation
  • the mobile terminal 10 may communicate in accordance with, for example, radio frequency (RF), Bluetooth (BT), Infrared (IR) or any of a number of different wireline or wireless communication techniques, including LAN, WLAN, Worldwide Interoperability for Microwave Access (WiMAX), WiFi, ultra-wide band (UWB) techniques and/or the like.
  • RF radio frequency
  • BT Bluetooth
  • IR Infrared
  • the service platform 20 may be a device or node such as a server or other processing element.
  • the service platform 20 may have any number of functions or associations with various services (e.g., a website, a blog, a web feed, a widget or WidSet, and/or the like).
  • the service platform 20 may be a platform such as a dedicated server (or server bank) associated with an anti -theft service, or the service platform 20 may be a backend server associated with one or more other functions or services (e.g., a WidSets server) having additional capability for supporting an anti-theft service as described herein.
  • the functionality of the service platform 20 may be provided by hardware and/or software components configured to operate in accordance with embodiments of the present invention.
  • An exemplary apparatus that could be embodied as either the mobile terminal 10 or the service platform 20 and configured in accordance with embodiments of the present invention will be explained below in reference to FIGS. 2 and 3.
  • FIGS. 2 and 3 illustrate exemplary apparatuses for enabling the provision of an anti-theft mechanism for communication devices according to one embodiment of the present invention.
  • apparatuses configured to operate in accordance with embodiments of the present invention may in some cases include or be embodied as a server or other communication device (e.g., the mobile terminal 10).
  • the apparatuses of FIGS. 2 and 3 may be configured to perform anti-theft mechanism functions, the apparatuses may also have numerous other functions.
  • a server side apparatus 66 configured to perform in accordance with embodiments of the present invention may include or otherwise be in communication with a processor 70, a user interface 72, a communication interface 74 and a memory device 76.
  • the memory device 76 may include, for example, volatile and/or non-volatile memory.
  • the memory device 76 may be configured to store information, data, applications, instructions or the like for enabling the apparatus to carry out various functions in accordance with exemplary embodiments of the present invention.
  • the memory device 76 could be configured to buffer input data for processing by the processor 70.
  • the memory device 76 could be configured to store instructions for execution by the processor 70.
  • the memory device 76 may be one of a plurality of databases that store information and/or media content.
  • the processor 70 may be embodied in a number of different ways.
  • the processor 70 may be embodied as various processing means such as a processing element, a coprocessor, a controller or various other processing devices including integrated circuits such as, for example, an ASIC (application specific integrated circuit), an FPGA (field programmable gate array), a hardware accelerator, and/or the like.
  • the processor 70 may be configured to execute instructions stored in the memory device 76 or otherwise accessible to the processor 70.
  • the communication interface 74 may be embodied as any device or means embodied in either hardware, software, or a combination of hardware and software that is configured to receive and/or transmit data from/to a network and/or any other device or module in communication with the apparatus.
  • the communication interface 74 may include, for example, an antenna and/or supporting hardware and/or software for enabling communications with a wired or wireless communication network. In fixed environments, the communication interface 74 may alternatively or also support wired communication. As such, the communication interface 74 may include a communication modem and/or other hardware/software for supporting communication via cable, fiber channels, digital subscriber line (DSL), universal serial bus (USB) or other mechanisms. Combinations of the above are also possible. In an exemplary embodiment, the communication interface 74 may be configured to enable communication with various other functions or devices including, for example, other servers, computers, mobile terminals, and/or the like.
  • the user interface 72 may be in communication with the processor 70 to receive an indication of a user input at the user interface 72 and/or to provide an audible, visual, mechanical or other output to the user.
  • the user interface 72 may include, for example, a keyboard, a mouse, a joystick, a touch screen, a display, a microphone, a speaker, or other input/output mechanisms.
  • the apparatus is embodied as a server or some other network devices, the user interface 72 may be limited, or eliminated.
  • the processor 70 may be embodied as, include or otherwise control a security code generator 80 and a security code manager 82.
  • the apparatus 66 may further include a portion or module for user services 81 for handling services provided to the user.
  • the security code generator 80 and the security code manager 82 may each be any means such as a device or circuitry embodied in hardware, software or a combination of hardware and software that is configured to perform the corresponding functions of the security code generator 80 and the security code manager 82, respectively, as described herein.
  • the functions of both the security code generator 80 and the security code manager 82 may be performed by a single entity configured to perform the corresponding functions of both the security code generator 80 and the security code manager 82.
  • the security code generator 80 may be configured to generate a security code (e.g., a PIN code) based on receipt of specific information.
  • the security code may be generated based on a device identifier (e.g., the device IMEI) and a subscriber identifier (e.g., IMSI (International Mobile Subscriber Identity)).
  • a subscriber identifier e.g., IMSI (International Mobile Subscriber Identity)
  • another value such as a random value, may also be used to generate the security code to further increase security.
  • some embodiments may employ an algorithm (fixed or dynamic) comprising a formula for mathematically generating the security code based on the device identifier and the subscriber identifier.
  • the algorithm may further utilize a random value (e.g., the local time of the server at the time of security code generation) for the generation of the security code.
  • the security code may be any suitable length and may include any combination of numbers, letters or other characters. Such characters may typically be selected from characters on a keypad although soft keys, a touch screen or a cursor may also be employed for selection of characters from a displayed listing of characters.
  • the length of the security code may be selected based on balancing factors such as increasing security (suggesting a longer code) and increasing suitability for user remembrance (suggesting a shorter code).
  • a security code of about eight characters may be employed although other values for the number of characters could also be selected.
  • the security code generator 80 may operate in response to a registration of a particular device to an anti-theft service associated with the service platform 20.
  • the user of a mobile terminal may provide the device identifier of the mobile terminal to be protected and the subscriber identifier (e.g., corresponding to the subscriber identity module (SIM) card, a universal SIM (USIM), a removable user identity module (RUIM), and/or the like used in the mobile terminal) to the apparatus 66 of FIG. 2 at the service platform 20 via the network 30.
  • the apparatus 66 of FIG. 2 may then (e.g., via the security code generator 80) generate the security code based on the information provided and return the security code to the mobile terminal being registered for display to the user so that the user can learn and/or record the security code.
  • the user may then enter the security code, which may be communicated to the security code manager 82 for processing as described below.
  • the information may be provided by a third party device such as a service kiosk.
  • the user may be registered for services in accordance with embodiments of the present invention either by a third party (e.g., via the service kiosk providing information about the mobile terminal 10 to be registered) or by the user (e.g., either during a registration process when the device is purchased, via an online registration using a separate device, or via an options or settings menu of the mobile terminal 10).
  • the security code generator 80 may store a record of the transaction and of the processed information (e.g., in the memory device 76) so that when security codes are entered in the future, such codes may be checked against the corresponding device identity and subscriber identity for authentication purposes (e.g., by the security code manager 82).
  • the security code manager 82 may be configured to communicate with client side devices (e.g., the mobile terminal 10) in order to practice embodiments of the present invention.
  • the security code manager 82 may be configured to communicate a generated security code to the mobile terminal 10 and conduct communications with the mobile terminal 10 during boot up sequences of the mobile terminal 10 to perform authentication services aimed at providing a security or anti-theft mechanism.
  • the mobile terminal 10 may provide the service platform 20 with the device identifier and the subscriber identifier for the device and SIM card, respectively, currently in use.
  • the user of the mobile terminal 10 may also provide a security code to the service platform 20.
  • At the service platform 20 an embodiment of the apparatus 66 of FIG.
  • the security code manager 82 may receive the security code, device identifier and subscriber identifier (e.g., via the security code manager 82) and determine (e.g., by comparison to stored information including the security code (e.g., a reference security code)) whether the provided security code matches the reference security code for the given device identifier and subscriber identifier. The determination may be made, for example, by conducting a search by device identifier (e.g., IMEI) and verify that the security code and subscriber identifier provided for the given device identifier correspond to the values previously provided/generated and stored as reference values. If the values match, the security code manager 82 may allow the boot up procedure to continue. In some cases, the security code manager 82 may allow the boot up procedure to continue by inaction, however, in alternative cases, the security code manager 82 may allow the boot up procedure to continue by providing an enabling signal or an indication that the security code passed authentication.
  • the security code manager 82 may allow the boot up procedure to continue by providing an enabling signal or
  • the security code manager 82 may be configured to take action to resolve the failure to match or to interrupt the boot up procedure.
  • any mismatch in information provided with respect to stored information may result in the issuance of a message to the mobile terminal 10 informing the user of the failure to properly authenticate due to the mismatch. Details regarding which value did not match may or may not be provided.
  • a message may be provided to the user to request a re-entry of the security code.
  • a limit may be provided with respect to how many times the user may be asked or enabled to attempt re-entry of the security code.
  • the mobile terminal 10 may be prevented from completing the boot up procedure and/or be blocked from accessing user interface control of the mobile terminal 10.
  • the service platform 20 e.g., via the security code manager 82
  • may communicate the failure to a third party e.g., a law enforcement agency or a network operator.
  • an identity of the device e.g., the device identifier
  • ID info about this device can be forwarded to network operator to add the device to a blacklist of devices for which service is not to be provided.
  • the device identifier and/or other information such as cell ID or device location may be provided to the law enforcement agency to enable location of the device (and/or the potential thief).
  • the security code manager 82 may be configured to request additional information from the device in response to the failure to match the security code and then pass the requested information on to the third party as appropriate.
  • the security code manager 82 may be configured to assume that the user has inserted a new SIM card into the device (e.g., into the mobile terminal 10). Accordingly, the user may be prompted to change the registration to include the new SIM card. The user may change the registration by responding to the request affirmatively and/or by providing the subscriber identifier of the new SIM card to the security code generator 80 to enable the generation of a new security code generated based in part also on the subscriber identifier of the new SIM card. Alternatively, the user may indicate that the new SIM card is merely a guest card. In some embodiments, the user may be requested to enter both a SIM card PIN and the security code.
  • FIG. 3 shows a client side apparatus 68 configured to perform in accordance with embodiments of the present invention.
  • the apparatus 68 may include or otherwise be in communication with processor 70, user interface 72, communication interface 74 and memory device 76, each of which may be similar to the corresponding device described above in reference to FIG. 2.
  • the processor 70 may be embodied as, include or otherwise control a security manager 84.
  • the apparatus 68 may further include or be in communication with a SIM 85, a USIM, a RUIM, and/or the like.
  • the security manager 84 may be any means such as a device or circuitry embodied in hardware, software or a combination of hardware and software that is configured to perform the corresponding functions of the security manager 84, respectively, as described herein.
  • the security manager 84 may be configured to communicate with the security code manager 82 at the server end in order to practice embodiments of the present invention.
  • the security manager 84 may be configured to direct interface operations with the user (e.g., via the user interface 72) to provide the security code to the user initially.
  • the security manager 84 may be invoked by selecting an option or setting related to registration of the mobile terminal 10 to an anti-theft service in which case the security manager 84 may collect information from the user for use in registering the user for the service.
  • the security manager 84 may also display the security code to enable the user to read the security code generated by the security code generator 80, as described above, from the display of the mobile terminal 10. The user may then memorize or record the security code for entry during subsequent boot up procedures of the mobile terminal 10.
  • the security manager 84 may request (e.g., by display of a character entry field and/or message) that the user enter the security code.
  • the security manager 84 may then provide the entered security code along with the device identifier and the subscriber identifier (e.g., of the SIM card currently in use) to the service platform 20.
  • the non-security related parts of the boot up procedure may continue to run while the service platform 20 checks the information provided for device authentication.
  • the security manager 84 may be configured to ensure that user interface control may not be released to the user until an indication is received from the security code manager 82 that the provided security code authenticates.
  • the security manager 84 may release the user interface control to the user upon completion of the boot up process.
  • the service platform 20 may store information regarding use of the device (e.g., with respect to whether guest SIMs or registered SIMs are used and with what frequency).
  • the service platform 20 may upload partial or full services and configuration settings to a new device based on stored information associated with activity on a prior device.
  • the association of the security code with both a device and a subscriber identity (e.g., associated with a SIM card) may enable associations between configurations desired by a particular user that may be updated to other equipment associated with the user.
  • the storage of information related to user transactions may assist in tracing activities associated with crimes involving the respective devices.
  • the service platform 20 may store device phone numbers or other indicia in association with security codes and/or device identifiers (e.g., IMEIs). Accordingly, if a user has his or her device or SIM stolen, the user may provide the phone number of the stolen SIM which may give a match to the subscriber identifier and security code for the device. The service platform 20 may then identify the corresponding device identifier to be added to the blacklists of network operators and a blacklist of the service platform 20. Accordingly, at the next attempted boot up, the corresponding device may be unable to complete the boot up procedure and possibly also be reported to operators or local authorities.
  • security codes and/or device identifiers e.g., IMEIs
  • the storage of such information may also enable second-hand device buyers to confirm whether a device being purchased is a stolen device (e.g., if the device is on a blacklist).
  • a visible indicia e.g., an "anti-theft" label
  • Such labeling may provide a deterrent to theft and a marketing advantage to sellers of such devices.
  • users may have an easier time remembering a code that they themselves create, rather than a code generated purely based on information they cannot control or a code that is at least somewhat random. Accordingly, a code translation bridge may be provided at either the apparatus 66 of FIG.
  • the code translation bridge may be a function of the processor 70.
  • the user generated code may be translated into the security code for provision to the security code manager 82 to enable the completion of the boot up process.
  • the embodiments described above relate to a security code generated remotely from the device being protected and provided thereto for the user to visually display and learn so that the security code can be provided back to a remote device in future boot up procedures
  • the security manager 84 may be configured to establish locally a code required for accessing device user interface control during the boot up procedure. Thus, the code may not need sending over an air interface.
  • radio operation may be enabled in response to provision of a separate security code, which may incorporate the device identifier, subscriber identifier and a security code generated based thereon as described above. Combinations of the above may also be employed.
  • FIGS. 4 and 5 are flowcharts of a system, method and program product according to exemplary embodiments of the invention. It will be understood that each block or step of the flowcharts, and combinations of blocks in the flowcharts, can be implemented by various means, such as hardware, firmware, and/or software including one or more computer program instructions. For example, one or more of the procedures described above may be embodied by computer program instructions. In this regard, the computer program instructions which embody the procedures described above may be stored by a memory device and executed by a processor (e.g., the processor 70).
  • any such computer program instructions may be loaded onto a computer or other programmable apparatus (i.e., hardware) to produce a machine, such that the instructions which execute on the computer or other programmable apparatus create means for implementing the functions specified in the flowcharts block(s) or step(s).
  • These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowcharts block(s) or step(s).
  • the computer program instructions may also be loaded onto a computer or other programmable apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer- implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowcharts block(s) or step(s).
  • blocks or steps of the flowcharts support combinations of means for performing the specified functions, combinations of steps for performing the specified functions and program instruction means for performing the specified functions. It will also be understood that one or more blocks or steps of the flowcharts, and combinations of blocks or steps in the flowcharts, can be implemented by special purpose hardware-based computer systems which perform the specified functions or steps, or combinations of special purpose hardware and computer instructions.
  • FIG. 4 shows a block diagram of security code generation according to an exemplary embodiment.
  • the operations of FIG. 4 may be performed at initial boot up or registration (e.g., only once) or in response to a properly identified change of SIM card (e.g., to provide a new or updated security code).
  • the mobile terminal 10 (or a third party device) may send a message to the service platform indicating the device identifier (e-g- 5 IMEI, ESN (electronic serial number), and/or the like) and subscriber identifier (e.g., IMSI, MIN (mobile identification number), and/or the like) associated with a particular device at operation 100.
  • the device identifier e-g- 5 IMEI, ESN (electronic serial number), and/or the like
  • subscriber identifier e.g., IMSI, MIN (mobile identification number), and/or the like
  • the service platform may receive the message and generate a security code (e.g., PIN code) based at least on the device identifier and the subscriber identifier (although a random value may also be used for the generation of the security code) at operation 102.
  • a security code e.g., PIN code
  • the registration may fail and the attempt to register a previously registered device may be reported as a theft of the corresponding device.
  • the service platform 20 may then store the security code, the device identifier and the subscriber identifier for comparison to information provided by the particular device during future boot up procedures at optional operation 104.
  • the security code and the subscriber identifier may be stored as a reference security code and a reference subscriber identifier, respectively.
  • the service platform 20 may provide the security code to the mobile terminal 10.
  • the security code may be used by the mobile terminal 10 to enable access to user interface control upon completion of a boot up procedure at the mobile terminal 10 and in response to provided information from the particular device matching the security code, the device identifier and the subscriber identifier.
  • the generated security code may then be displayed for the user to view and/or learn via the display of the mobile terminal 10 at operation 108.
  • the security code may also be stored at the mobile terminal 10. If registration fails, as described above, a message may be displayed at the mobile terminal 10 to indicate that the phone is stolen.
  • FIG. 5 shows a block diagram relating to usage of the security code with respect to providing device security in accordance with an exemplary embodiment.
  • a device boot up procedure may begin at a mobile terminal at operation 120.
  • a request may be provided for the user to enter (e.g., via the user interface 72) a security code at operation 122.
  • the user may then provide the security code (e.g., via the user interface 72) and the mobile terminal 10 may communicate the security code and the device identifier (e.g., IMEI) of the mobile terminal 10 along with the subscriber identifier (corresponding to the SIM card in use) to the service platform 20 at operation 124.
  • the device identifier e.g., IMEI
  • the entered security code may be checked at operation 123 against the security code provided to the mobile terminal 10 as a result of registration and stored therein. If the entered code matches the stored code, the process may proceed to operation 124. However, if the entered code does not match the stored code, a failure message may be provided to the user of the mobile terminal 10.
  • the service platform 20 may look up the device identifier provided and find the corresponding reference security code and reference subscriber identifier for the provided device identifier. A comparison may then be made (e.g., by the security code manager 82) to determine whether the security code provided matches the reference security code at operation 128. If the security code and reference security code do not match, a counter may increment for each failure to match at operation 130. Prior to reaching a threshold number of failures, the user may re-attempt to enter the security code. If the threshold number of failures is reached, the boot up process may be interrupted or completion of the boot process may otherwise be blocked in order to prevent user interface control from being granted to the user at operation 132.
  • a check may be made as to whether the provided subscriber identifier matches the reference subscriber identifier at operation 134 as part of a standard SIM PIN match procedure for second level verification. If the subscriber identifier provided and the reference subscriber identifier match, the boot process may proceed to completion normally and the user may be granted user interface control at operation 136. If the subscriber identifier provided and the reference subscriber identifier do not match, the boot process may still proceed to completion and user interface control may be provided to the user. However, the user may be asked whether to register the new subscriber identifier (e.g., by being forwarded to the operations shown in FIG. 4) or whether the subscriber identifier should be considered as a guest at operation 138.
  • the new subscriber identifier e.g., by being forwarded to the operations shown in FIG. 4
  • an apparatus for performing the method above may include a processor (e.g., the processor 70 or FIGS. 2 and 3) configured to perform each respective one of the operations described above.
  • the processor may, for example, be configured to perform the operations by executing stored instructions or an algorithm for performing each of the operations.
  • the apparatus may include means for performing each of the operations described above.
  • examples of means for performing operations 100 to 138 may include, for example, respective ones of the security code generator 80, the security code manager 82, the security manager 84, or the processor 70.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Telephonic Communication Services (AREA)

Abstract

An apparatus for providing device security may include a processor. The processor may be configured to receive a device identifier and a security code, the security code being provided by a user of the device during a boot up procedure of the device, compare the security code to a reference security code stored in association with the device identifier, provide an indication to prevent access to user interface control of the device in response to the security code failing to match the reference security code. The processor may be further configured to enable access to the user interface control in response to completion of the boot up procedure and the security code matching the reference security code. A method and computer program product for providing device security are also provided.

Description

METHOD, APPARATUS AND COMPUTER PROGRAM PRODUCT FOR PROVIDING DEVICE SECURITY
TECHNOLOGICAL FIELD
Embodiments of the present invention relate generally to device security and, more particularly, relate to apparatuses, methods and computer program products for enabling the provision of an anti-theft mechanism for communication devices such as mobile terminals.
BACKGROUND
Communication devices are becoming increasingly ubiquitous in the modern world. In particular, mobile communication devices seem to be popular with people of all ages, socio-economic backgrounds and sophistication levels. Accordingly, users of such devices are becoming increasingly attached to their respective mobile communication devices. Whether such devices are used for calling, emailing, sharing or consuming media content, gaming, navigation or various other activities, people are more connected to their devices and consequently more connected to each other and to the world at large.
Due to advances in processing power, memory management, application development, power management and other areas, communication devices, such as computers, mobile telephones, cameras, personal digital assistants (PDAs), media players and many others are becoming more capable. However, the popularity and utility of mobile communication devices has not only fueled sales and usage of such devices, but has also caused these devices to be increasingly more common targets for thieves. Moreover, even if a device is not stolen, it may be lost or forgotten somewhere and another individual may discover the lost item and desire to use it. Providing an increased level of security for mobile communication devices may reduce the motivation for stealing such devices and thereby free up law enforcement resources to focus on other crimes and also increase the feeling of safety and security among citizens. Accordingly, several approaches have been undertaken to improve device security. In one approach, a stolen phone may be added to a service provider blacklist so that the blacklisted phone will no longer be able to access the service provider's network. However, the blacklist is typically based on the IMEI (International Mobile Equipment Identity) number of the phone, which is typically accessible on the phone or on the box (which has likely been thrown away). Thus, since some users don't memorize the IMEI of their device, this is often not a viable solution. Another issue related to this solution is that many operators may be reluctant to use it, as it increases infrastructure maintenance costs. Some software solutions have also been developed. However, these solutions have typically been easy to defeat since thieves have been able to access the software and delete it, or such solutions have been relatively easy to attack and/or hack.
Accordingly, it may be desirable to develop an improved mechanism for providing device security.
BRIEF SUMMARY OF EXEMPLARY EMBODIMENTS
A method, apparatus and computer program product are therefore provided that may enable the provision of an anti -theft mechanism for communication devices such as mobile terminals. Thus, for example, a mechanism may be provided for preventing completion of a boot process for a stolen device by employing a security code (e.g., a personal identification number (PIN) code) that is based on the identity of the device and the identity of the subscriber.
In one exemplary embodiment, a method of providing an anti-theft mechanism for communication devices is provided. The method may include receiving a device identifier and a security code, the security code being provided by a user of the device during a boot up procedure of the device. The method may also include comparing the security code to a reference security code stored in association with the device identifier and providing an indication to prevent access to user interface control of the device in response to the security code failing to match the reference security code. The method may further include enabling access to the user interface control in response to completion of the boot up procedure and the security code matching the reference security code. In another exemplary embodiment, a computer program product for providing an anti-theft mechanism for communication devices is provided. The computer program product may include at least one computer-readable storage medium having computer-executable program code portions stored therein. The computer-executable program code portions may include a first program code instructions, second program code instructions, third program code instructions and fourth program code instructions. The first program code instructions may be for receiving a device identifier and a security code, the security code being provided by a user of the device during a boot up procedure of the device. The second program code instructions may be for comparing the security code to a reference security code stored in association with the device identifier. The third program code instructions may be for providing an indication to prevent access to user interface control of the device in response to the security code failing to match the reference security code. The fourth program code instructions may be for enabling access to the user interface control in response to completion of the boot up procedure and the security code matching the reference security code.
In another exemplary embodiment, an apparatus for providing an anti -theft mechanism for communication devices is provided. The apparatus may include a processor that may be configured to receive a device identifier and a security code, the security code being provided by a user of the device during a boot up procedure of the device, compare the security code to a reference security code stored in association with the device identifier, provide an indication to prevent access to user interface control of the device in response to the security code failing to match the reference security code. The processor may be further configured to enable access to the user interface control in response to completion of the boot up procedure and the security code matching the reference security code.
In still another embodiment, a method for providing device security may include receiving an entered security code at a device in association with a boot up procedure of the device, comparing the entered security code to a stored security code, communicating the entered security code and a device identifier to a network device in response to the entered security code matching the stored security code, and enabling completion of the boot up procedure in response to receiving an indication that the entered security code matches a reference security code for the device identifier.
In another exemplary embodiment, a computer program product for providing device security is provided. The computer program product may include at least one computer-readable storage medium having computer-executable program code portions stored therein. The computer-executable program code portions may include a first program code instructions, second program code instructions, third program code instructions and fourth program code instructions. The first program code instructions may be for receiving an entered security code at a device in association with a boot up procedure of the device. The second program code instructions may be for comparing the entered security code to a stored security code. The third program code instructions may be for communicating the entered security code and a device identifier to a network device in response to the entered security code matching the stored security code. The fourth program code instructions may be for enabling completion of the boot up procedure in response to receiving an indication that the entered security code matches a reference security code for the device identifier.
In another exemplary embodiment, an apparatus for providing device security may comprise a processor. The processor may be configured to receive an entered security code at a device in association with a boot up procedure of the device, compare the entered security code to a stored security code, communicate the entered security code and a device identifier to a network device in response to the entered security code matching the stored security code, and enable completion of the boot up procedure in response to receiving an indication that the entered security code matches a reference security code for the device identifier. BRIEF DESCRIPTION OF THE SEVERAL VIEWS OF THE DRAWING(S)
Having thus described the invention in general terms, reference will now be made to the accompanying drawings, which are not necessarily drawn to scale, and wherein: FIG. 1 is a schematic block diagram of a system according to an exemplary embodiment of the present invention;
FIG. 2 is a schematic block diagram showing a network side apparatus for enabling the provision of an anti -theft mechanism for communication devices according to an exemplary embodiment of the present invention; FIG. 3 is a schematic block diagram of a client side apparatus for enabling the provision of an anti-theft mechanism for communication devices according to an exemplary embodiment of the present invention;
FIG. 4 is a flowchart according to an exemplary method of providing a security code for device security according to an exemplary embodiment of the present invention; and
FIG. 5 is a flowchart according to an exemplary method of providing device security according to an exemplary embodiment of the present invention.
DETAILED DESCRIPTION Some embodiments of the present invention will now be described more fully hereinafter with reference to the accompanying drawings, in which some, but not all embodiments of the invention are shown. Indeed, various embodiments of the invention may be embodied in many different forms and should not be construed as limited to the embodiments set forth herein; rather, these embodiments are provided so that this disclosure will satisfy applicable legal requirements. Like reference numerals refer to like elements throughout. As used herein, the terms "data," "content," "information" and similar terms may be used interchangeably to refer to data capable of being transmitted, received and/or stored in accordance with embodiments of the present invention. Moreover, the term "exemplary", as used herein, is not provided to convey any qualitative assessment, but instead merely to convey an illustration of an example. Thus, use of any such terms should not be taken to limit the spirit and scope of embodiments of the present invention.
According to an exemplary embodiment, a security code may be provided to a user of the device upon registration of the device to a service supporting the provision of security for the device. As an example, a PIN code may be provided to the user to enable the user to enter the PIN code during device boot up. The PIN code may then be provided to the service to determine whether the device is stolen, or at least not in the possession of the registered owner. If the PIN code authenticates (e.g., is in possession of the registered owner or a designee that knows the PIN code), the device may continue to boot normally resulting in the provision of user interface control to the user. However, if the PIN code fails to authenticate in some regard, other action may be taken such as preventing the user from receiving user interface control. Thus, if authentication is unsuccessful, a thief or non-registered possessor of the device may not be able to have user interface control of the device and therefore cannot have an opportunity to disable or delete the protection mechanism provided by embodiments of the present invention. The anti-theft mechanism may be placed inside boot up procedure, so even a device re-flash will not help to hack it. It should be noted that although the term "anti-theft" is used to describe the embodiments below, these embodiments may function more generally to prevent any unauthorized use, even if the unauthorized use does not technically include theft.
An example of a simplified architecture of a system for supporting an exemplary embodiment of the present invention will now be described in reference to FIG. 1. FIG. l is a schematic block diagram of a system for providing device security according to an exemplary embodiment of the present invention. In this regard, FIG. 1 illustrates a general architecture of system including a mobile terminal 10 in communication with a network device (e.g., service platform 20) via a network 30.
The network 30 may include a collection of various different nodes, devices or functions that may be in communication with each other via corresponding wired or wireless interfaces. As such, the illustration of FIG. 1 should be understood to be exemplary of a broad view of certain elements of the system and not an all inclusive or detailed view of the system or the network 30. One or more mobile terminals 10 may each include an antenna or antennas for transmitting signals to and for receiving signals from a base site, which could be, for example a base station that is a part of one or more cellular or mobile networks or an access point that may be coupled to a data network, such as a local area network (LAN), a metropolitan area network (MAN), and/or a wide area network (WAN), such as the Internet. In turn, other devices such as processing elements (e.g., personal computers, server computers or the like) can be coupled to the mobile terminal 10 via the network 30. By directly or indirectly connecting mobile terminals 10 and other devices to the network 30, the mobile terminal 10 may communicate with the other devices or other mobile terminals, for example, according to numerous communication protocols including Hypertext Transfer Protocol (HTTP) and/or the like, to thereby carry out various functions of the mobile terminal 10. Although not necessary, in some embodiments, the network 30 may be capable of supporting communication in accordance with any one or more of a number of first-generation (IG), second-generation (2G), 2.5G, third-generation (3G), 3.5 G, 3.9G, fourth- generation (4G) mobile communication protocols or the like. Furthermore, although not shown in FIG. 1, the mobile terminal 10 may communicate in accordance with, for example, radio frequency (RF), Bluetooth (BT), Infrared (IR) or any of a number of different wireline or wireless communication techniques, including LAN, WLAN, Worldwide Interoperability for Microwave Access (WiMAX), WiFi, ultra-wide band (UWB) techniques and/or the like. In an exemplary embodiment, the service platform 20 may be a device or node such as a server or other processing element. The service platform 20 may have any number of functions or associations with various services (e.g., a website, a blog, a web feed, a widget or WidSet, and/or the like). As such, for example, the service platform 20 may be a platform such as a dedicated server (or server bank) associated with an anti -theft service, or the service platform 20 may be a backend server associated with one or more other functions or services (e.g., a WidSets server) having additional capability for supporting an anti-theft service as described herein. The functionality of the service platform 20 may be provided by hardware and/or software components configured to operate in accordance with embodiments of the present invention. An exemplary apparatus that could be embodied as either the mobile terminal 10 or the service platform 20 and configured in accordance with embodiments of the present invention will be explained below in reference to FIGS. 2 and 3.
FIGS. 2 and 3 illustrate exemplary apparatuses for enabling the provision of an anti-theft mechanism for communication devices according to one embodiment of the present invention. As indicated above, apparatuses configured to operate in accordance with embodiments of the present invention may in some cases include or be embodied as a server or other communication device (e.g., the mobile terminal 10). Moreover, as indicated above, although the apparatuses of FIGS. 2 and 3 may be configured to perform anti-theft mechanism functions, the apparatuses may also have numerous other functions. Referring now to FIG. 2, a server side apparatus 66 configured to perform in accordance with embodiments of the present invention may include or otherwise be in communication with a processor 70, a user interface 72, a communication interface 74 and a memory device 76. The memory device 76 may include, for example, volatile and/or non-volatile memory. The memory device 76 may be configured to store information, data, applications, instructions or the like for enabling the apparatus to carry out various functions in accordance with exemplary embodiments of the present invention. For example, the memory device 76 could be configured to buffer input data for processing by the processor 70. Additionally or alternatively, the memory device 76 could be configured to store instructions for execution by the processor 70. As yet another alternative, the memory device 76 may be one of a plurality of databases that store information and/or media content.
The processor 70 may be embodied in a number of different ways. For example, the processor 70 may be embodied as various processing means such as a processing element, a coprocessor, a controller or various other processing devices including integrated circuits such as, for example, an ASIC (application specific integrated circuit), an FPGA (field programmable gate array), a hardware accelerator, and/or the like. In an exemplary embodiment, the processor 70 may be configured to execute instructions stored in the memory device 76 or otherwise accessible to the processor 70. Meanwhile, the communication interface 74 may be embodied as any device or means embodied in either hardware, software, or a combination of hardware and software that is configured to receive and/or transmit data from/to a network and/or any other device or module in communication with the apparatus. In this regard, the communication interface 74 may include, for example, an antenna and/or supporting hardware and/or software for enabling communications with a wired or wireless communication network. In fixed environments, the communication interface 74 may alternatively or also support wired communication. As such, the communication interface 74 may include a communication modem and/or other hardware/software for supporting communication via cable, fiber channels, digital subscriber line (DSL), universal serial bus (USB) or other mechanisms. Combinations of the above are also possible. In an exemplary embodiment, the communication interface 74 may be configured to enable communication with various other functions or devices including, for example, other servers, computers, mobile terminals, and/or the like.
The user interface 72 may be in communication with the processor 70 to receive an indication of a user input at the user interface 72 and/or to provide an audible, visual, mechanical or other output to the user. As such, the user interface 72 may include, for example, a keyboard, a mouse, a joystick, a touch screen, a display, a microphone, a speaker, or other input/output mechanisms. In an exemplary embodiment in which the apparatus is embodied as a server or some other network devices, the user interface 72 may be limited, or eliminated.
In an exemplary embodiment in which the apparatus 66 is provided at the service platform 20 end, the processor 70 may be embodied as, include or otherwise control a security code generator 80 and a security code manager 82. In some embodiments, the apparatus 66 may further include a portion or module for user services 81 for handling services provided to the user. The security code generator 80 and the security code manager 82 may each be any means such as a device or circuitry embodied in hardware, software or a combination of hardware and software that is configured to perform the corresponding functions of the security code generator 80 and the security code manager 82, respectively, as described herein. However, in some embodiments, the functions of both the security code generator 80 and the security code manager 82 may be performed by a single entity configured to perform the corresponding functions of both the security code generator 80 and the security code manager 82. The security code generator 80 may be configured to generate a security code (e.g., a PIN code) based on receipt of specific information. In this regard, for example, the security code may be generated based on a device identifier (e.g., the device IMEI) and a subscriber identifier (e.g., IMSI (International Mobile Subscriber Identity)). In some cases another value, such as a random value, may also be used to generate the security code to further increase security. Thus, as an example, some embodiments may employ an algorithm (fixed or dynamic) comprising a formula for mathematically generating the security code based on the device identifier and the subscriber identifier. In some cases the algorithm may further utilize a random value (e.g., the local time of the server at the time of security code generation) for the generation of the security code. The security code may be any suitable length and may include any combination of numbers, letters or other characters. Such characters may typically be selected from characters on a keypad although soft keys, a touch screen or a cursor may also be employed for selection of characters from a displayed listing of characters. The length of the security code may be selected based on balancing factors such as increasing security (suggesting a longer code) and increasing suitability for user remembrance (suggesting a shorter code). In an exemplary embodiment, a security code of about eight characters may be employed although other values for the number of characters could also be selected. In an exemplary embodiment, the security code generator 80 may operate in response to a registration of a particular device to an anti-theft service associated with the service platform 20. Thus, for example, the user of a mobile terminal (e.g., mobile terminal 10) wishing to register the mobile terminal for anti-theft protection, may provide the device identifier of the mobile terminal to be protected and the subscriber identifier (e.g., corresponding to the subscriber identity module (SIM) card, a universal SIM (USIM), a removable user identity module (RUIM), and/or the like used in the mobile terminal) to the apparatus 66 of FIG. 2 at the service platform 20 via the network 30. The apparatus 66 of FIG. 2 may then (e.g., via the security code generator 80) generate the security code based on the information provided and return the security code to the mobile terminal being registered for display to the user so that the user can learn and/or record the security code. During boot up operations of the mobile terminal in the future, the user may then enter the security code, which may be communicated to the security code manager 82 for processing as described below.
In some exemplary embodiments, rather than initially receiving the information about the device and subscriber (e.g., the device identifier and the subscriber identifier) from the device to be protected (e.g., the mobile terminal 10), the information may be provided by a third party device such as a service kiosk. As such, the user may be registered for services in accordance with embodiments of the present invention either by a third party (e.g., via the service kiosk providing information about the mobile terminal 10 to be registered) or by the user (e.g., either during a registration process when the device is purchased, via an online registration using a separate device, or via an options or settings menu of the mobile terminal 10). In any case, once the user has been provided with the security code, the security code generator 80 may store a record of the transaction and of the processed information (e.g., in the memory device 76) so that when security codes are entered in the future, such codes may be checked against the corresponding device identity and subscriber identity for authentication purposes (e.g., by the security code manager 82).
The security code manager 82 may be configured to communicate with client side devices (e.g., the mobile terminal 10) in order to practice embodiments of the present invention. In this regard, for example, the security code manager 82 may be configured to communicate a generated security code to the mobile terminal 10 and conduct communications with the mobile terminal 10 during boot up sequences of the mobile terminal 10 to perform authentication services aimed at providing a security or anti-theft mechanism. As such, for example, when the mobile terminal 10 begins a boot up sequence, the mobile terminal 10 may provide the service platform 20 with the device identifier and the subscriber identifier for the device and SIM card, respectively, currently in use. The user of the mobile terminal 10 may also provide a security code to the service platform 20. At the service platform 20 an embodiment of the apparatus 66 of FIG. 2 may receive the security code, device identifier and subscriber identifier (e.g., via the security code manager 82) and determine (e.g., by comparison to stored information including the security code (e.g., a reference security code)) whether the provided security code matches the reference security code for the given device identifier and subscriber identifier. The determination may be made, for example, by conducting a search by device identifier (e.g., IMEI) and verify that the security code and subscriber identifier provided for the given device identifier correspond to the values previously provided/generated and stored as reference values. If the values match, the security code manager 82 may allow the boot up procedure to continue. In some cases, the security code manager 82 may allow the boot up procedure to continue by inaction, however, in alternative cases, the security code manager 82 may allow the boot up procedure to continue by providing an enabling signal or an indication that the security code passed authentication.
If the values do not match, the security code manager 82 may be configured to take action to resolve the failure to match or to interrupt the boot up procedure. In this regard, for example, any mismatch in information provided with respect to stored information may result in the issuance of a message to the mobile terminal 10 informing the user of the failure to properly authenticate due to the mismatch. Details regarding which value did not match may or may not be provided.
If the security code does not match, in some cases, a message may be provided to the user to request a re-entry of the security code. In some embodiments, a limit may be provided with respect to how many times the user may be asked or enabled to attempt re-entry of the security code. After a given number of failed attempts to provide an authentic security code, the mobile terminal 10 may be prevented from completing the boot up procedure and/or be blocked from accessing user interface control of the mobile terminal 10. In an exemplary embodiment, if the security code does not match, the service platform 20 (e.g., via the security code manager 82) may communicate the failure to a third party (e.g., a law enforcement agency or a network operator). Thus, for example, if the security code does not match, an identity of the device (e.g., the device identifier) may be provided to the anti-theft service blacklist, so that this device will be rendered useless unless the legal owner of the device submits a request to unlock the device via the operator, anti theft service authorities or police. In addition ID info about this device can be forwarded to network operator to add the device to a blacklist of devices for which service is not to be provided.
Alternatively or additionally, the device identifier and/or other information such as cell ID or device location may be provided to the law enforcement agency to enable location of the device (and/or the potential thief). The security code manager 82 may be configured to request additional information from the device in response to the failure to match the security code and then pass the requested information on to the third party as appropriate.
If the security code matches the device identifier, but the subscriber identity does not match, the security code manager 82 may be configured to assume that the user has inserted a new SIM card into the device (e.g., into the mobile terminal 10). Accordingly, the user may be prompted to change the registration to include the new SIM card. The user may change the registration by responding to the request affirmatively and/or by providing the subscriber identifier of the new SIM card to the security code generator 80 to enable the generation of a new security code generated based in part also on the subscriber identifier of the new SIM card. Alternatively, the user may indicate that the new SIM card is merely a guest card. In some embodiments, the user may be requested to enter both a SIM card PIN and the security code.
FIG. 3 shows a client side apparatus 68 configured to perform in accordance with embodiments of the present invention. Referring now to FIG. 3, the apparatus 68 may include or otherwise be in communication with processor 70, user interface 72, communication interface 74 and memory device 76, each of which may be similar to the corresponding device described above in reference to FIG. 2. In an exemplary embodiment in which the apparatus 68 is provided at the client end (e.g., at the mobile terminal 10), the processor 70 may be embodied as, include or otherwise control a security manager 84. In some cases the apparatus 68 may further include or be in communication with a SIM 85, a USIM, a RUIM, and/or the like. The security manager 84 may be any means such as a device or circuitry embodied in hardware, software or a combination of hardware and software that is configured to perform the corresponding functions of the security manager 84, respectively, as described herein. In this regard, for example, the security manager 84 may be configured to communicate with the security code manager 82 at the server end in order to practice embodiments of the present invention.
In an exemplary embodiment, the security manager 84 may be configured to direct interface operations with the user (e.g., via the user interface 72) to provide the security code to the user initially. As such, for example, the security manager 84 may be invoked by selecting an option or setting related to registration of the mobile terminal 10 to an anti-theft service in which case the security manager 84 may collect information from the user for use in registering the user for the service. The security manager 84 may also display the security code to enable the user to read the security code generated by the security code generator 80, as described above, from the display of the mobile terminal 10. The user may then memorize or record the security code for entry during subsequent boot up procedures of the mobile terminal 10.
After the mobile terminal 10 commences a subsequent boot up procedure, the security manager 84 may request (e.g., by display of a character entry field and/or message) that the user enter the security code. The security manager 84 may then provide the entered security code along with the device identifier and the subscriber identifier (e.g., of the SIM card currently in use) to the service platform 20. For example, in parallel the non-security related parts of the boot up procedure may continue to run while the service platform 20 checks the information provided for device authentication. However, in some embodiments, even if other aspects of the boot up procedure are completed, the security manager 84 may be configured to ensure that user interface control may not be released to the user until an indication is received from the security code manager 82 that the provided security code authenticates. Upon receipt of the indication from the security code manager 82, the security manager 84 may release the user interface control to the user upon completion of the boot up process. Embodiments of the present invention may also incorporate additional services beyond those described above. In this regard, for example, the service platform 20 may store information regarding use of the device (e.g., with respect to whether guest SIMs or registered SIMs are used and with what frequency). In some cases, the service platform 20 may upload partial or full services and configuration settings to a new device based on stored information associated with activity on a prior device. In other words, the association of the security code with both a device and a subscriber identity (e.g., associated with a SIM card) may enable associations between configurations desired by a particular user that may be updated to other equipment associated with the user. Moreover, the storage of information related to user transactions may assist in tracing activities associated with crimes involving the respective devices.
In some embodiments, the service platform 20 may store device phone numbers or other indicia in association with security codes and/or device identifiers (e.g., IMEIs). Accordingly, if a user has his or her device or SIM stolen, the user may provide the phone number of the stolen SIM which may give a match to the subscriber identifier and security code for the device. The service platform 20 may then identify the corresponding device identifier to be added to the blacklists of network operators and a blacklist of the service platform 20. Accordingly, at the next attempted boot up, the corresponding device may be unable to complete the boot up procedure and possibly also be reported to operators or local authorities. The storage of such information may also enable second-hand device buyers to confirm whether a device being purchased is a stolen device (e.g., if the device is on a blacklist). In an exemplary embodiment, not only may devices be protected by the mechanism described above, but such devices may have a visible indicia (e.g., an "anti-theft" label) designed and/or placed on the cover of the devices. Such labeling may provide a deterrent to theft and a marketing advantage to sellers of such devices. In some cases, users may have an easier time remembering a code that they themselves create, rather than a code generated purely based on information they cannot control or a code that is at least somewhat random. Accordingly, a code translation bridge may be provided at either the apparatus 66 of FIG. 2 or the apparatus 68 of FIG. 3 to enable a mapping of the security code generated by the security code generator 80 to a corresponding user generated code. In an exemplary embodiment, the code translation bridge may be a function of the processor 70. Thus, when the user enters the user generated code, the user generated code may be translated into the security code for provision to the security code manager 82 to enable the completion of the boot up process.
Although the embodiments described above relate to a security code generated remotely from the device being protected and provided thereto for the user to visually display and learn so that the security code can be provided back to a remote device in future boot up procedures, other alternative mechanisms may also be provided. For example, the security manager 84 may be configured to establish locally a code required for accessing device user interface control during the boot up procedure. Thus, the code may not need sending over an air interface. As an alternative or additional security measure, radio operation may be enabled in response to provision of a separate security code, which may incorporate the device identifier, subscriber identifier and a security code generated based thereon as described above. Combinations of the above may also be employed.
FIGS. 4 and 5 are flowcharts of a system, method and program product according to exemplary embodiments of the invention. It will be understood that each block or step of the flowcharts, and combinations of blocks in the flowcharts, can be implemented by various means, such as hardware, firmware, and/or software including one or more computer program instructions. For example, one or more of the procedures described above may be embodied by computer program instructions. In this regard, the computer program instructions which embody the procedures described above may be stored by a memory device and executed by a processor (e.g., the processor 70). As will be appreciated, any such computer program instructions may be loaded onto a computer or other programmable apparatus (i.e., hardware) to produce a machine, such that the instructions which execute on the computer or other programmable apparatus create means for implementing the functions specified in the flowcharts block(s) or step(s). These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowcharts block(s) or step(s). The computer program instructions may also be loaded onto a computer or other programmable apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer- implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowcharts block(s) or step(s).
Accordingly, blocks or steps of the flowcharts support combinations of means for performing the specified functions, combinations of steps for performing the specified functions and program instruction means for performing the specified functions. It will also be understood that one or more blocks or steps of the flowcharts, and combinations of blocks or steps in the flowcharts, can be implemented by special purpose hardware-based computer systems which perform the specified functions or steps, or combinations of special purpose hardware and computer instructions.
FIG. 4 shows a block diagram of security code generation according to an exemplary embodiment. In an exemplary embodiment, the operations of FIG. 4 may be performed at initial boot up or registration (e.g., only once) or in response to a properly identified change of SIM card (e.g., to provide a new or updated security code). As shown in FIG. 4, the mobile terminal 10 (or a third party device) may send a message to the service platform indicating the device identifier (e-g-5 IMEI, ESN (electronic serial number), and/or the like) and subscriber identifier (e.g., IMSI, MIN (mobile identification number), and/or the like) associated with a particular device at operation 100. The service platform may receive the message and generate a security code (e.g., PIN code) based at least on the device identifier and the subscriber identifier (although a random value may also be used for the generation of the security code) at operation 102. In some cases, if the device identifier provided corresponds to a previously registered device identifier, the registration may fail and the attempt to register a previously registered device may be reported as a theft of the corresponding device. In some embodiments, the service platform 20 may then store the security code, the device identifier and the subscriber identifier for comparison to information provided by the particular device during future boot up procedures at optional operation 104. The security code and the subscriber identifier may be stored as a reference security code and a reference subscriber identifier, respectively. At operation 106, the service platform 20 may provide the security code to the mobile terminal 10. In particular, in some embodiments, the security code may be used by the mobile terminal 10 to enable access to user interface control upon completion of a boot up procedure at the mobile terminal 10 and in response to provided information from the particular device matching the security code, the device identifier and the subscriber identifier. The generated security code may then be displayed for the user to view and/or learn via the display of the mobile terminal 10 at operation 108. In some instances, the security code may also be stored at the mobile terminal 10. If registration fails, as described above, a message may be displayed at the mobile terminal 10 to indicate that the phone is stolen.
FIG. 5 shows a block diagram relating to usage of the security code with respect to providing device security in accordance with an exemplary embodiment. As shown in FIG. 5, a device boot up procedure may begin at a mobile terminal at operation 120. A request may be provided for the user to enter (e.g., via the user interface 72) a security code at operation 122. The user may then provide the security code (e.g., via the user interface 72) and the mobile terminal 10 may communicate the security code and the device identifier (e.g., IMEI) of the mobile terminal 10 along with the subscriber identifier (corresponding to the SIM card in use) to the service platform 20 at operation 124. In some cases, the entered security code may be checked at operation 123 against the security code provided to the mobile terminal 10 as a result of registration and stored therein. If the entered code matches the stored code, the process may proceed to operation 124. However, if the entered code does not match the stored code, a failure message may be provided to the user of the mobile terminal 10.
At operation 126, the service platform 20 may look up the device identifier provided and find the corresponding reference security code and reference subscriber identifier for the provided device identifier. A comparison may then be made (e.g., by the security code manager 82) to determine whether the security code provided matches the reference security code at operation 128. If the security code and reference security code do not match, a counter may increment for each failure to match at operation 130. Prior to reaching a threshold number of failures, the user may re-attempt to enter the security code. If the threshold number of failures is reached, the boot up process may be interrupted or completion of the boot process may otherwise be blocked in order to prevent user interface control from being granted to the user at operation 132. If the security code and reference security code match, a check may be made as to whether the provided subscriber identifier matches the reference subscriber identifier at operation 134 as part of a standard SIM PIN match procedure for second level verification. If the subscriber identifier provided and the reference subscriber identifier match, the boot process may proceed to completion normally and the user may be granted user interface control at operation 136. If the subscriber identifier provided and the reference subscriber identifier do not match, the boot process may still proceed to completion and user interface control may be provided to the user. However, the user may be asked whether to register the new subscriber identifier (e.g., by being forwarded to the operations shown in FIG. 4) or whether the subscriber identifier should be considered as a guest at operation 138.
In an exemplary embodiment, an apparatus for performing the method above may include a processor (e.g., the processor 70 or FIGS. 2 and 3) configured to perform each respective one of the operations described above. The processor may, for example, be configured to perform the operations by executing stored instructions or an algorithm for performing each of the operations. Alternatively, the apparatus may include means for performing each of the operations described above. In this regard, according to an exemplary embodiment, examples of means for performing operations 100 to 138 may include, for example, respective ones of the security code generator 80, the security code manager 82, the security manager 84, or the processor 70.
Many modifications and other embodiments of the inventions set forth herein will come to mind to one skilled in the art to which these inventions pertain having the benefit of the teachings presented in the foregoing descriptions and the associated drawings. Therefore, it is to be understood that the inventions are not to be limited to the specific embodiments disclosed and that modifications and other embodiments are intended to be included within the scope of the appended claims. Moreover, although the foregoing descriptions and the associated drawings describe exemplary embodiments in the context of certain exemplary combinations of elements and/or functions, it should be appreciated that different combinations of elements and/or functions may be provided by alternative embodiments without departing from the scope of the appended claims. In this regard, for example, different combinations of elements and/or functions than those explicitly described above are also contemplated as may be set forth in some of the appended claims. Although specific terms are employed herein, they are used in a generic and descriptive sense only and not for purposes of limitation.

Claims

WHAT IS CLAIMED IS:
1. A method comprising: receiving an entered security code at a device in association with a boot up procedure of the device; comparing the entered security code to a stored security code; communicating the entered security code and a device identifier to a network device in response to the entered security code matching the stored security code; and enabling access to user interface control in response to receiving an indication that the entered security code matches a reference security code for the device identifier.
2. The method of claim 1, further comprising providing an indication at the device regarding failure of the entered security code to match the stored security code.
3. The method of claim 1, further comprising an initial operation of enabling generation of the reference security code during a registration process responsive to providing the device identifier and a subscriber identifier to the network device, the reference security code being based at least in part on the device identifier and the subscriber identifier.
4. The method of claim 3, further comprising receiving the generated reference security code and storing the reference security code as the stored security code at the device.
5. The method of claim 3, further comprising providing an indication at the device regarding failure of the entered security code to provide successful registration based on the device identifier corresponding to a previously established security code.
6. A computer program product comprising at least one computer- readable storage medium having computer-executable program code portions stored therein, the computer-executable program code instructions comprising: first program code instructions for receiving an entered security code at a device in association with a boot up procedure of the device; second program code instructions for comparing the entered security code to a stored security code; third program code instructions for communicating the entered security code and a device identifier to a network device in response to the entered security code matching the stored security code; and fourth program code instructions for enabling access to user interface control in response to receiving an indication that the entered security code matches a reference security code for the device identifier.
7. The computer program product of claim 6, further comprising fifth program code instructions for providing an indication at the device regarding failure of the entered security code to match the stored security code.
8. The computer program product of claim 6, further comprising fifth program code instructions for an initial operation of enabling generation of the reference security code during a registration process responsive to providing the device identifier and a subscriber identifier to the network device, the reference security code being based at least in part on the device identifier and the subscriber identifier.
9. The computer program product of claim 8, further comprising sixth program code instructions for receiving the generated reference security code and storing the reference security code as the stored security code at the device.
10. The computer program product of claim 8, further comprising sixth program code instructions for providing an indication at the device regarding failure of the entered security code to provide successful registration based on the device identifier corresponding to a previously established security code.
11. An apparatus comprising a processor configured to: receive an entered security code at a device in association with a boot up procedure of the device; compare the entered security code to a stored security code; communicate the entered security code and a device identifier to a network device in response to the entered security code matching the stored security code; and enable access to user interface control in response to receiving an indication that the entered security code matches a reference security code for the device identifier.
12. The apparatus of claim 11 , wherein the processor is further configured to provide an indication at the device regarding failure of the entered security code to match the stored security code.
13. The apparatus of claim 11, wherein the processor is further configured to perform an initial operation of enabling generation of the reference security code during a registration process responsive to providing the device identifier and a subscriber identifier to the network device, the reference security code being based at least in part on the device identifier and the subscriber identifier.
14. The apparatus of claim 13, wherein the processor is further configured to receive the generated reference security code and storing the reference security code as the stored security code at the device.
15. The apparatus of claim 13, wherein the processor is further configured to provide an indication at the device regarding failure of the entered security code to provide successful registration based on the device identifier corresponding to a previously established security code.
16. A method comprising: receiving a device identifier and a security code, the security code being provided by a user of the device during a boot up procedure of the device; comparing the security code to a reference security code stored in association with the device identifier; providing an indication to prevent access to user interface control of the device in response to the security code failing to match the reference security code; and enabling access to the user interface control in response to completion of the boot up procedure and the security code matching the reference security code.
17. The method of claim 16, further comprising an initial operation of registering the device by performing operations including: receiving a subscriber identifier and the device identifier in a registration request; determining whether the device identifier is associated with a prior registration; generating the reference security code based on the device identifier and the subscriber identifier in response to the device identifier not being associated with the prior registration; and providing the security code to the device.
18. The method of claim 17, further comprising providing an indication of a failed registration to at least one of the device and a third party in response to the device identifier being associated with a prior registration.
19. The method of claim 17, further comprising storing the reference security code, the device identifier and the subscriber identifier for comparison to information provided by the particular device during the boot up procedure.
20. The method of claim 17, wherein generating the reference security code further comprises basing the reference security code generated also on a random value.
21. The method of claim 16, further comprising: receiving a subscriber identifier in association with receiving the device identifier and the security code; determining whether the subscriber identifier matches a reference subscriber identifier; and enabling registration based on the subscriber identifier in response to the subscriber identifier not matching the reference subscriber identifier.
22. The method of claim 16, wherein providing the indication to prevent access to the user interface control comprises requesting resubmission of the security code in response to the reference security code failing to match the security code, and blocking access to the user interface control in response to a predetermined number of failures of resubmitted security codes to match the reference security code.
23. A computer program product comprising at least one computer- readable storage medium having computer-executable program code portions stored therein, the computer-executable program code instructions comprising: first program code instructions for receiving a device identifier and a security code, the security code being provided by a user of the device during a boot up procedure of the device; second program code instructions for comparing the security code to a reference security code stored in association with the device identifier; third program code instructions for providing an indication to prevent access to user interface control of the device in response to the security code failing to match the reference security code; and fourth program code instructions for enabling access to the user interface control in response to completion of the boot up procedure and the security code matching the reference security code.
24. The computer program product of claim 23, further comprising fifth program code instructions for an initial operation of registering the device by performing operations including: receiving a subscriber identifier and the device identifier in a registration request; determining whether the device identifier is associated with a prior registration; generating the reference security code based on the device identifier and the subscriber identifier in response to the device identifier not having a prior registration; and providing the security code to the device.
25. The computer program product of claim 24, further comprising sixth program code instructions for providing an indication of a failed registration to at least one of the device and a third party in response to the device identifier being associated with a prior registration.
26. The computer program product of claim 24, further comprising sixth program code instructions for storing the reference security code, the device identifier and the subscriber identifier for comparison to information provided by the particular device during the boot up procedure.
27. The computer program product of claim 23, further comprising program code instructions for: receiving a subscriber identifier in association with receiving the device identifier and the security code; determining whether the subscriber identifier matches a reference subscriber identifier; and enabling registration based on the subscriber identifier in response to the subscriber identifier not matching the reference subscriber identifier.
28. The computer program product of claim 23, wherein the third program code instructions include instructions for requesting resubmission of the security code in response to the reference security code failing to match the security code, and blocking access to the user interface control in response to a predetermined number of failures of resubmitted security codes to match the reference security code.
29. An apparatus comprising a processor configured to: receive a device identifier and a security code, the security code being provided by a user of the device during a boot up procedure of the device; compare the security code to a reference security code stored in association with the device identifier; provide an indication to prevent access to user interface control of the device in response to the security code failing to match the reference security code; and enable access to the user interface control in response to completion of the boot up procedure and the security code matching the reference security code.
30. The apparatus of claim 29, wherein the processor is configured to perform an initial operation of registering the device by performing operations including: receiving a subscriber identifier and the device identifier in a registration request; determining whether the device identifier is associated with a prior registration; generating the reference security code based on the device identifier and the subscriber identifier in response to the device identifier not being associated with the prior registration; and providing the security code to the device.
31. The apparatus of claim 30, wherein the processor is further configured to provide an indication of a failed registration to at least one of the device and a third party in response to the device identifier being associated with a prior registration.
32. The apparatus of claim 30, wherein the processor is further configured to store the reference security code, the device identifier and the subscriber identifier for comparison to information provided by the particular device during the boot up procedure.
33. The apparatus of claim 30, wherein the processor is further configured to generate the reference security code by basing the reference security code generated also on a random value.
34. The apparatus of claim 29, wherein the processor is further configured to: receive a subscriber identifier in association with receiving the device identifier and the security code; determine whether the subscriber identifier matches a reference subscriber identifier; and enable registration based on the subscriber identifier in response to the subscriber identifier not matching the reference subscriber identifier.
35. The apparatus of claim 29, wherein the processor is further configured to provide the indication to prevent access to the user interface control by requesting resubmission of the security code in response to the reference security code failing to match the security code, and blocking access to the user interface control in response to a predetermined number of failures of resubmitted security codes to match the reference security code.
PCT/IB2008/053523 2008-08-29 2008-08-29 Method, apparatus and computer program product for providing device security WO2010023508A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/IB2008/053523 WO2010023508A1 (en) 2008-08-29 2008-08-29 Method, apparatus and computer program product for providing device security

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/IB2008/053523 WO2010023508A1 (en) 2008-08-29 2008-08-29 Method, apparatus and computer program product for providing device security

Publications (1)

Publication Number Publication Date
WO2010023508A1 true WO2010023508A1 (en) 2010-03-04

Family

ID=40637032

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2008/053523 WO2010023508A1 (en) 2008-08-29 2008-08-29 Method, apparatus and computer program product for providing device security

Country Status (1)

Country Link
WO (1) WO2010023508A1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102611674A (en) * 2011-01-20 2012-07-25 优美通讯(深圳)有限公司 Collective communication engine work system and application method thereof
CN103347131A (en) * 2013-07-05 2013-10-09 张�林 Intelligent mobile phone anti-theft method and system
CN107729171A (en) * 2017-10-30 2018-02-23 努比亚技术有限公司 Adaptive Activiation method, device, terminal device and the storage medium of USB interface

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2001031840A1 (en) * 1999-10-29 2001-05-03 Nokia Corporation Method and arrangement for reliably identifying a user in a computer system
US20080120707A1 (en) * 2006-11-22 2008-05-22 Alexander Ramia Systems and methods for authenticating a device by a centralized data server

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2001031840A1 (en) * 1999-10-29 2001-05-03 Nokia Corporation Method and arrangement for reliably identifying a user in a computer system
US20080120707A1 (en) * 2006-11-22 2008-05-22 Alexander Ramia Systems and methods for authenticating a device by a centralized data server

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102611674A (en) * 2011-01-20 2012-07-25 优美通讯(深圳)有限公司 Collective communication engine work system and application method thereof
CN102611674B (en) * 2011-01-20 2015-01-07 深圳博菲科特科技有限公司 Application method of collective communication engine work system
CN103347131A (en) * 2013-07-05 2013-10-09 张�林 Intelligent mobile phone anti-theft method and system
CN103347131B (en) * 2013-07-05 2015-10-28 张�林 A kind of intelligent mobile phone anti-theft method and system
CN107729171A (en) * 2017-10-30 2018-02-23 努比亚技术有限公司 Adaptive Activiation method, device, terminal device and the storage medium of USB interface
CN107729171B (en) * 2017-10-30 2023-06-02 努比亚技术有限公司 Self-adaptive activation method and device of USB interface, terminal equipment and storage medium

Similar Documents

Publication Publication Date Title
CN109492378B (en) Identity verification method based on equipment identification code, server and medium
US11669338B2 (en) Device locator disable authentication
EP3534584B1 (en) Service implementation method and apparatus
US20160321745A1 (en) Account binding processing method, apparatus and system
US10147096B2 (en) Device diagnostic and data retrieval
US20180047232A1 (en) Lock control device, information processing method, program, and communication terminal
CN111092899B (en) Information acquisition method, device, equipment and medium
WO2015066236A1 (en) Authentication for application
AU2017285865B2 (en) Mobile authentication method and system therefor
US20150248543A1 (en) Information processing device, information processing method, program and storage medium
CN109617703B (en) Key management method and device, electronic equipment and storage medium
US20130102285A1 (en) Mobile communication terminal, startup method thereof, and network communication system
CN110691352B (en) SIM card access control method, device, medium and equipment
WO2010023508A1 (en) Method, apparatus and computer program product for providing device security
KR101742105B1 (en) Phone number security certification apparatus using qr code and system thereof and metrhod thereof
EP3926992B1 (en) Electronic device, and authentication method in electronic device
CN114528542A (en) Login management method and device, electronic equipment and storage medium
CN107426163A (en) A kind of method and device of encryption
KR101212510B1 (en) System and method for service security based on location
KR20110110964A (en) Method and server for locking service
WO2019179041A1 (en) Account login verification method and apparatus, and computer device and storage medium
CN106789839B (en) Method and device for secure payment of mobile terminal
KR102357149B1 (en) Security service system and method using password based on placement, authentication device applied thereto, and non-transitory computer readable medium having computer program recorded thereon
JP5502049B2 (en) Communication terminal and terminal control method
KR101595009B1 (en) Mobile cash refund system and method thereof

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 08789658

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 08789658

Country of ref document: EP

Kind code of ref document: A1