WO2013011512A1 - Système et procédé de commande fondée sur la position, d'éléments d'un dispositif de communication mobile - Google Patents

Système et procédé de commande fondée sur la position, d'éléments d'un dispositif de communication mobile Download PDF

Info

Publication number
WO2013011512A1
WO2013011512A1 PCT/IL2012/050257 IL2012050257W WO2013011512A1 WO 2013011512 A1 WO2013011512 A1 WO 2013011512A1 IL 2012050257 W IL2012050257 W IL 2012050257W WO 2013011512 A1 WO2013011512 A1 WO 2013011512A1
Authority
WO
WIPO (PCT)
Prior art keywords
mobile communication
communication device
security module
location
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/IL2012/050257
Other languages
English (en)
Inventor
Ram SARTANI
Anatoly SIMANOVSKY
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Israel Aerospace Industries Ltd
Original Assignee
Israel Aerospace Industries Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Israel Aerospace Industries Ltd filed Critical Israel Aerospace Industries Ltd
Publication of WO2013011512A1 publication Critical patent/WO2013011512A1/fr
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W48/00Access restriction; Network selection; Access point selection
    • H04W48/02Access restriction performed under specific conditions
    • H04W48/04Access restriction performed under specific conditions based on user or terminal location or mobility data, e.g. moving direction, speed
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/02Services making use of location information
    • H04W4/029Location-based management or tracking services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/107Network architectures or network communication protocols for network security for controlling access to devices or network resources wherein the security policies are location-dependent, e.g. entities privileges depend on current location or allowing specific operations only from locally connected terminals
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • H04W12/082Access security using revocation of authorisation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/02Services making use of location information

Definitions

  • This invention relates to the field of mobile communication device, and more specifically to the field of controlling various elements of a mobile communication device according to its location.
  • Mobile communication devices nowadays have a wide functionality. In some cases, there may be a need to restrict use of some of the functionalities in certain restricted locations. For example, a company may wish to prevent pictures or videos from being captured within its offices. There is thus a need in the art for a new method and system for location based control of elements of a mobile communication device.
  • Embodiments of the method may include establishing a connection with a camera- enabled portable device and transmitting to the portable device a request for permission to disable camera functionality. Embodiments of the method may also include receiving a response from the portable device relating to permission to disable camera functionality. Further embodiments of the method may include, in response to receiving permission to disable camera functionality, transmitting to the portable device a command to disable camera functionality or, in response to receiving an indication that the user refused permission, displaying a notification message.
  • the command to disable camera functionality may include a command to disable camera functionality for a prescribed period, while the portable device is located within a secure geographical location, partially or fully disable camera functionality, and/or other methodology.
  • US Patent No. 7,826,835 (Rothman et al.) issued November 2, 2010 discloses attempting to control and monitor a number of features associated with a mobile telephone and, more specifically, attempting to turn a specific feature, such as, for example, the ability to take pictures, on or off based upon a set policy scheme.
  • 2009 discloses an apparatus in one example has: a predetermined location having at least a wireless communication device, the wireless communication device having a predetermined coverage area; a mobile terminal that communicates with the wireless communication device when the mobile terminal is within the predetermined coverage area; the mobile terminal having a camera and a functionality that selectively disables and enables the camera; and the wireless communication device having a functionality that causes the mobile terminal to disable the camera when the mobile terminal is within the predetermined coverage area, and wherein the mobile terminal effects an enabling of the camera when the mobile terminal leaves the predetermined coverage area.
  • a mobile communication device comprising a security module wherein the security module is configured to: obtain data characterizing a location of the mobile communication device; check if the data characterizing the location indicates that the mobile communication device is located within a restricted location according to restricted locations data characterizing restricted locations; and enable control of operation of one or more elements of the mobile communication device if the mobile communication device is located within the restricted location, wherein the control is made in accordance with a security policy.
  • the security policy comprises data defining a required control type of the elements at the restricted location.
  • the security module is burned on the mobile communication device's Read Only Memory.
  • the restricted locations data is stored in a data repository.
  • the required control type is enabling or disabling the element and wherein the controlling is made in accordance with the required control type.
  • one of the elements is a camera and the disabling is made by activating the camera.
  • the restricted locations data is represented by one or more of: cell_IDs; global positioning system coordinates; wireless network identifiers; Radio Frequency Identification (RFID) tags identifiers; wireless access points identifiers; Bluetooth device identifiers.
  • RFID Radio Frequency Identification
  • the data characterizing the location is one or more of: a cell_ID; global positioning system coordinates; a wireless network identifier; a Radio Frequency Identification (RFID) tag identifier; a wireless access points identifier; a Bluetooth device identifier.
  • RFID Radio Frequency Identification
  • the elements are one of: a camera; a wireless communication facility; a software application; a receiver / transmitter.
  • the security module is further configured to enable control of operation of at least one element of the mobile communication device if the obtain data characterizing a location of the mobile communication device failed.
  • the security module is further configured to receive updates in respect of the restricted locations data and update the restricted locations data accordingly.
  • the security module further configured to retrieve updates to the restricted locations data from a central server and update the restricted locations data accordingly.
  • the security module is further configured to receive updates to the security module and install the updates on the mobile communication device.
  • the security module is further configured to retrieve updates to the security module from a central server and install the updates on the mobile communication device.
  • the updates are retrieved upon the mobile communication device activation.
  • At least one of the security module and the restricted locations data is inaccessible to users of the mobile communication device.
  • the security module is stored on a Read Only Memory (ROM) of the mobile communication device.
  • ROM Read Only Memory
  • the security policy is a user-based security policy.
  • the data characterizing the location is obtained using the most accurate location determination method available.
  • a method of operating a mobile communication device comprising: obtaining data characterizing a location of the mobile communication device; checking if the data characterizing the indicates that the mobile communication device is located within a restricted location according to restricted locations data characterizing restricted locations; and controlling operation of one or more elements of the mobile communication device if the mobile communication device is located within the restricted location, wherein the controlling is made in accordance with a security policy.
  • the security policy comprises data defining a required control type of the elements at the restricted location and wherein the controlling is made in accordance with the required control type
  • the restricted locations data is stored in a data repository.
  • the required control type is enabling or disabling the element.
  • one of the elements is a camera and wherein the disabling is made by activating the camera.
  • the restricted locations data is represented by one or more of: cell_IDs; global positioning system coordinates; wireless network identifiers; Radio Frequency Identification (RFID) tags identifiers; wireless access points identifiers; Bluetooth device identifiers.
  • RFID Radio Frequency Identification
  • the data characterizing a location is one of: a cell_ID; global positioning system coordinates; a wireless network identifier; a Radio Frequency Identification (RFID) tag identifier; a wireless access points identifier; a Bluetooth device identifier.
  • RFID Radio Frequency Identification
  • the elements are one or more of: a camera; a wireless communication facility; a software application; a receiver / transmitter.
  • the method further comprises enabling control of operation of at least one element of the mobile communication device if the obtaining data characterizing a location of the mobile communication device failed.
  • the method further comprises receiving updates in respect of the restricted locations data and updating the restricted locations data accordingly.
  • the method further comprises retrieving updates to the restricted locations data from a central server and enabling updating the restricted locations data accordingly.
  • the updates are retrieved upon the mobile communication device activation.
  • the security policy is a user-based security policy.
  • the data characterizing the location is obtained using the most accurate location determination method available
  • a security module operable in association with a mobile communication device, wherein the security module is configured to: obtain data characterizing a location of the mobile communication device; check if the data characterizing the location indicates that the mobile communication device is located within a restricted location according to restricted locations data characterizing restricted locations; and enable control of operation of one or more elements of the mobile communication device if the mobile communication device is located within the restricted location, wherein the control is made in accordance with a security policy.
  • the security policy comprises data defining a required control type of the elements at the restricted location.
  • the security module is operably connected to a data repository and wherein the restricted locations data is stored in the data repository.
  • control type is enabling or disabling the element.
  • one of the elements is a camera and wherein the disabling is made by activating the camera.
  • the restricted locations data is represented by one or more of: cell_IDs; global positioning system coordinates; wireless network identifiers; Radio Frequency Identification (RFID) tags identifiers; wireless access points identifiers; Bluetooth device identifiers.
  • RFID Radio Frequency Identification
  • the data characterizing a location is one or more of: a cell_ID; global positioning system coordinates; a wireless network identifier; a Radio Frequency Identification (RFID) tag identifier; a wireless access points identifier; a Bluetooth device identifier.
  • RFID Radio Frequency Identification
  • the elements are one or more of: a camera; a wireless communication facility; a software application; a receiver / transmitter.
  • the security module is further configured to enable control of operation of at least one element of the mobile communication device if the obtain data characterizing a location of the mobile communication device failed.
  • the security module is further configured to receive updates in respect of the restricted locations data and update the restricted locations data accordingly.
  • the security module is further configured to retrieve updates to the restricted locations data from a central server and update the restricted locations data accordingly. According to another embodiment of the presently disclosed subject matter, the security module is further configured to receive updates to the security module and install the updates on the mobile communication device.
  • the security module is further configured to retrieve updates to security module from a central server and install the updates on the mobile communication device.
  • the updates are retrieved upon the mobile communication device activation.
  • At least one of the security module and the restricted locations data is inaccessible to users of the mobile communication device.
  • the security policy is a user-based security policy.
  • the security module is stored on a Read Only Memory (ROM) of the mobile communication device.
  • ROM Read Only Memory
  • the data characterizing the location is obtained using the most accurate location determination method available.
  • FIG. 1 is a schematic illustration of a cellular network environment, in accordance with the presently disclosed subject matter
  • Fig. 2 is a block diagram schematically illustrating a mobile communication device, in accordance with the presently disclosed subject matter
  • FIG. 3 is a schematic illustration of an environment of a method and system for location based control of elements of a mobile communication device, in accordance with the presently disclosed subject matter;
  • Fig. 4 is a flowchart illustrating one example of a sequence of operations carried out for location based control of elements of a mobile communication device, in accordance with the presently disclosed subject matter
  • Fig. 5 is a flowchart illustrating one example of a sequence of operations carried out for checking security policy compliance, in accordance with the presently disclosed subject matter.
  • the phrase “for example,” “such as”, “for instance” and variants thereof describe non-limiting embodiments of the presently disclosed subject matter.
  • Reference in the specification to “one case”, “some cases”, “other cases” or variants thereof means that a particular feature, structure or characteristic described in connection with the embodiment(s) is included in at least one embodiment of the presently disclosed subject matter.
  • the appearance of the phrase “one case”, “some cases”, “other cases” or variants thereof does not necessarily refer to the same embodiment(s). It is appreciated that certain features of the presently disclosed subject matter, which are, for clarity, described in the context of separate embodiments, may also be provided in combination in a single embodiment. Conversely, various features of the presently disclosed subject matter, which are, for brevity, described in the context of a single embodiment, may also be provided separately or in any suitable sub-combination.
  • Figs. 1-3 illustrate a general schematic of the system architecture in accordance with an embodiment of the presently disclosed subject matter.
  • Each module in Figs. 2-3 can be made up of any combination of software, hardware and/or firmware that performs the functions as defined and explained herein.
  • the modules in Figs. 2-3 may be centralized in one location or dispersed over more than one location.
  • the system may comprise fewer, more, and/or different modules than those shown in Figs. 1-3.
  • FIG. 1 a schematic illustration of a cellular network environment, in accordance with the presently disclosed subject matter.
  • a cellular network comprises base stations (e.g. 101-1, 101-2, 101-3), partitioning a geographical area into a number of spatially distinct regions called cells. Each cell is assigned (by a cellular network operator) with a unique cell_ID that enables identification of the cell and its corresponding base station.
  • Each base station (e.g. 101-1, 101-2, 101-3) has a coverage area (e.g. 110-1, 110-2, 110-3) depending, inter alia, on its signal strength. It is to be noted that although coverage areas (e.g. 110-1, 110-2, and 110-3) in Fig. 1 are represented by circles, in practice each coverage area can have an irregular shape that can depend on the terrain and/or topography and/or other factors.
  • Mobile communication devices are capable of communicating (e.g. receiving and transmitting data) with base stations (e.g. 101-1, 101-2, and 101-3).
  • base stations e.g. 101-1, 101-2, and 101-3.
  • a mobile communication device e.g. 105-1, 105-2 and 105-3
  • a single base station that provides coverage for the area in which the mobile communication device (e.g. 105-1, 105-2 and 105-3) is located.
  • mobile communication device 105-1 can communicate with base station 101-1 whose coverage area 110-1 includes the location of mobile communication device 105- 1.
  • base stations coverage areas there can be an overlap between base stations coverage areas.
  • coverage area 110-2 covered by base station 101-2
  • coverage area 110-3 covered by base station 101- 3
  • mobile communication devices e.g. 105-1, 105-2 and 105-3
  • mobile communication device 105-4 that is located within the intersection of coverage areas 110-2 and 110-3).
  • a mobile communication device e.g. 105-1, 105-2 and 105-3 can communicate with a single base station that provides coverage for the area in which the mobile communication device (e.g. 105-1, 105-2 and 105-3) is located.
  • mobile communication device e.g. 105-1, 105-2 and 105-3
  • it can be configured to determine a base station for communicating with the mobile communication device (e.g. 105-1, 105-2 and 105-3), using methods and techniques known in the art.
  • Each mobile communication device (e.g. 105-1, 105-2 and 105-3) can store an indication of the current cell_ID identifying the cell in which it is currently located (e.g. the cell governed by the base station that it is communicating with).
  • cell_ID can contain an indication that no cell is available (for example, cell_ID can be empty, NULL, assigned with a pre-determined value indicating that no cell is available, etc.).
  • Mobile communication device 105 comprises a processor 205 which is configured to manage and control components and execute relevant mobile communication device 105 operations.
  • Mobile communication device 105 further comprises a memory 210, a Read Only Memory (ROM) 240, a receiver / transmitter 215, and a security module 235.
  • security module 235 can be part of processor 205. In other cases, security module 235 can be associated, additionally or alternatively, with a processor other than processor 205.
  • Mobile communication device 105 can further comprise (or otherwise be associated with) one or more of: a camera 200, Subscriber Information Module (SIM) card 220, a data repository 225 (it is to be noted that in some cases, data repository can be part of memory 210 and/or ROM 240), a wireless communication facility 230 (e.g. working in accordance with the WiFi standard), a Global Navigation Satellite System (e.g. Global Positioning System - GPS 245), or any other component.
  • SIM Subscriber Information Module
  • data repository can be part of memory 210 and/or ROM 240
  • wireless communication facility 230 e.g. working in accordance with the WiFi standard
  • GPS 245 Global Navigation Satellite System
  • Security module 235 can be configured to control (exemplary control types are enable, disable, etc.) various elements of mobile communication device 105 (hereinafter: "element control").
  • elements include for example, hardware and/or software components of mobile communication device 105, such as, camera 200, wireless communication facility 230, receiver / transmitter 215, e-mail software/applications, and other hardware and/or software components.
  • the element control can be based on the location of mobile communication device 105 and on a pre- defined location based security policy, as further detailed with respect to Fig. 4 and Fig. 5.
  • security module 235 can be stored on ROM 240 (which requires it to be burned on ROM 240) thus preventing unauthorized removal, bypass, alteration or deactivation thereof. Additionally or alternatively, security module 235 can be stored in mobile communication device 105 (e.g. on memory 210, etc.) such that it is inaccessible to a user (one example of such section is the application library, that exists for example on Samsung GalaxyTM mobile communication devices, operated by Linux Operating System). It is to be noted that other methods of preventing users from removing, bypassing, disabling or altering security module 235 can be additionally or alternatively utilized.
  • security module 235 In some cases unauthorized removal, bypass, alteration or deactivation of security module 235 cannot be a-priori prevented (e.g. when storing security module on ROM 240 is impossible from some reason and no other method of preventing users from removing, bypassing, disabling or altering security module 235 can be utilized). In such cases, certain control mechanism can be utilized in order to make sure that the user operating the mobile communication device 105 does not tamper with the security module 235 and/or with the security policy data. One exemplary control mechanism can require that mobile communication device 105 having security module 235 installed thereon will be required to periodically (e.g.
  • the remote server can be configured to notify (e.g. by sending a text message, by displaying a notification on an operator's display, or by any other way) a security officer (or any other person that needs to be notified) about a breach of the security policy, thus enabling a security officer to check the reason and/or take any other required action.
  • the control mechanism described hereinabove can be triggered when the mobile communication device 105 is located within a cell having a cell_ID that indicates that the cell is a restricted location as further detailed herein below.
  • Such security policy can comprise data indicative of various locations in which one or more elements of mobile communication device 105 are to be enabled or disabled (hereinafter: "restricted locations data").
  • restricted locations data can be represented, for example, by GPS coordinates defining a certain geographic area (e.g. two GPS coordinates can be used to define a rectangle, more than two points defining a certain polygon, etc.), cell_IDs defining cells, wireless network identifiers identifying a wireless network, wireless access points identifiers, Bluetooth device identifiers, Radio Frequency Identification (RFID) tags (e.g.
  • RFID Radio Frequency Identification
  • the security policy data can further define the elements that are to be enabled and/or disabled within restricted locations.
  • the security policy is adapted to enable user-defined security management.
  • the security policy is user-defined, indicating the elements that are to be enabled and/or disabled within restricted locations for each user. It is to be noted that in such cases, some users may be allowed to enter restricted locations with certain elements enabled or disabled whereas other users may not be allowed to enter the same restricted location with the same respective elements enabled or disabled.
  • security module 235 is configured to determine whether mobile communication device 105 is located within a restricted location (for example according to the current cell_ID), and disable and/or enable one or more elements of mobile communication device 105 based on the security policy, as further detailed with respect to Fig. 4.
  • the restricted locations data can be defined by GPS/network location provider coordinates (as indicated above), enabling a more accurate element control by security module 235.
  • the restricted locations data can be defined by GPS/network location provider coordinates defining the geographic area of the cell's sub-area.
  • the restricted locations data can be defined by accessibility of one or more devices such as a wireless access point - WAP, a Bluetooth device, an RFID tag (e.g. passive/active/semi-active RFID tags), or any other device that can be accessible within a certain range therefrom.
  • a wireless access point - WAP e.g. a Bluetooth device
  • an RFID tag e.g. passive/active/semi-active RFID tags
  • security policy data can be stored, for example, in data repository 225, in memory 210, in ROM 240, or in any other location accessible by security module 235.
  • security policy data is stored on board mobile communication device 105 thus enabling independent control of its elements, without a need for any external utility such as a remote data repository, etc.
  • all or part of the security policy data can be additionally or alternatively stored on a remote location accessible by mobile communication device 105 via any wired or wireless communication facility.
  • Fig. 3 is a schematic illustration of an environment of a method and system for location based control of elements of a mobile communication device, in accordance with the presently disclosed subject matter.
  • Mobile communication device 105 can be configured to utilize transmitter / receiver 215 for transmitting and receiving data to and from base station 101 that provides service for the cell in which mobile communication device 105 is located.
  • base station 101 can be configured to provide mobile communication device 105 with data indicative of its cell_ID.
  • Mobile communication device 105 can be further configured to communicate with security server 300.
  • security server 300 can comprise server data repository 305.
  • Server data repository 305 can contain updated security policy data (for example automatically updated and/or manually updated by an administrator, etc.).
  • security server 300 can comprise updates of security module 235 that can be, for example, downloaded by mobile communication device 105 for installation thereon.
  • mobile communication device 105 can be configured to request updates to the security policy and/or to security module 235 from security server 300.
  • the updates can comprise security policy updates (including, for example, restricted locations data updates) and/or software updates for security module 235.
  • Mobile communication device 105 can be configured to request such updates periodically and/or according to a user request and/or upon activation of mobile communication device 105, etc. additionally or alternatively, security server 300 can be configured to push such updates to mobile communication device 105, for example periodically and/or according to an administrator command, etc.
  • Security module 235 can be configured to initiate a check of compliance with the security policy (block 410), as further detailed with respect to Fig. 5.
  • Such security policy compliance check can be performed constantly (e.g.
  • Security module 235 can be further configured to check if the security policy requires a certain restriction for mobile communication device 105 (block 420). If the security policy requires a certain restriction (e.g. that one or more elements are enabled and/or disabled), security module 235 can be configured to disable and/or enable certain elements (for example elements that were enabled or disabled upon entering a restricted location not in compliance with the security policy) (block 430), in accordance with the security policy. If security policy does not require a restriction, security module 235 can be configured to enable and/or disable elements that may have been previously controlled by security module 235 in accordance with the security policy (block 440). It is to be noted that various methods and techniques can be used for controlling elements of mobile communication device 105, including methods and techniques known in the art.
  • security module 235 can be configured to control (e.g. enable, disable, etc.) is camera 200 (in case mobile communication device 105 comprises camera 200).
  • camera 200 in case mobile communication device 105 comprises camera 200.
  • the security policy data can, for example, define the locations in which camera 200 should be disabled.
  • security module 235 can be configured to disable camera 200.
  • Various methods and techniques can be used for disabling the camera, including methods and techniques known in the art.
  • security module 235 is configured to render camera 200 inaccessible by activating it.
  • camera 200 When activated, camera 200 is associated with security module 235 and it is therefore busy and inaccessible to any application and or component in mobile communication device 105, thus preventing utilization thereof.
  • This method for disabling camera 200 can be implemented for example in Samsung GalaxyTM mobile communication devices, and/or on other mobile communication devices.
  • camera 200 can be already active when it is accessed by security module 235.
  • security module 235 can be configured to deactivate camera 200 prior to its activation by security module 235 as indicated above. Such deactivation can be performed in some cases by simulating a press on the home button of mobile communication device 105, or in any other method or technique.
  • Fig. 5 is a flowchart illustrating one example of a sequence of operations carried out for checking security policy compliance, in accordance with the presently disclosed subject matter.
  • security module 235 can be configured to obtain data characterizing a location of mobile communication device 105 (step 505).
  • the location can be determined using various methods and techniques. For example, the location can be determined according to the cell_ID of the cell that mobile communication device 105 is located in (hereinafter: "cell_ID technique" resulting in identification of the cell in which the mobile communication device is located).
  • cell_ID technique resulting in identification of the cell in which the mobile communication device is located.
  • GPS 245 can be utilized for determining the location of mobile communication device 105.
  • the location can be obtained using the network location provider (that also has worse accuracy than GPS however still enhanced accuracy than cell_ID).
  • the location can be determined by using a triangulation technique that depends on receipt of a radio signal from at least three difference base stations - thus enabling determination of the mobile communication device 105 location.
  • the location can be determined according to a wireless network (e.g. WiFi) and/or a Bluetooth device and/or an RFID tag available for mobile communication device 105.
  • a wireless network e.g. WiFi
  • Bluetooth device e.g. Bluetooth
  • RFID tag available for mobile communication device 105.
  • Each wireless network, Blue tooth device and RFID tag has an identifier that is available for mobile communication device 105 when in range of the wireless network Bluetooth device or RFID tag respectively.
  • mobile communication device 105 in case mobile communication device 105 receives an indication (according to a wireless network identifier), that a certain wireless network or Bluetooth device or RFID tag is available to it (meaning that mobile communication device 105 is in its range), it can enable determining the location of mobile communication device 105. It can be appreciated that when using RFID tags and/or Bluetooth devices and/or wireless networks, appropriate hardware is required (e.g. a wireless communication facility 230, an RFID tag reader, a Bluetooth reader, etc.) It can be further appreciated that other location determination methods and techniques can be utilized as well.
  • the determined location is not an accurate location, however for the purpose of the currently disclosed subject matter, such rough location can be sufficient.
  • security module 235 can be configured to perform the location determination while utilizing the most accurate location determination method and technique available to it at the time of location determination.
  • security module 235 can utilize priority data (that can be stored for example on data repository 225 or on memory 210, or on any other location that is accessible to the security module 235) defining the priority of the various location determination methods and techniques.
  • such data can define that location determination techniques based on Radio Frequency Identification (RFID) tags or on Bluetooth devices or on wireless networks is more accurate than location determination techniques based on GPS and that location determination techniques based on GPS are more accurate than location determination techniques based on network location provider and that location determination techniques based on network location provider are more accurate than location determination techniques based on cell_IDs, etc.
  • RFID Radio Frequency Identification
  • this priority data is a mere non-limiting example and additional and/or different priorities can be defined in the priority data as well.
  • the obtained data, characterizing a mobile communication device 105 location is determined by using cell_ID technique.
  • more than one cellular network operator can assign identical cell_IDs to its cells. Therefore, in some cases, a cell covering a certain geographic area can be assigned with a specific cell_ID by a specific cellular network operator whereas another cellular network operator can assign the same cell_ID to a cell covering a different geographical area. In such cases, it can be appreciated that a preliminary check is required to check which cellular network operator is providing services to mobile communication device 105.
  • Knowledge of the cellular network operator can enable determination of the relevant cell_IDs that should be utilized for location determination when location determination is done by using cell_ID technique. It is to be noted that there are known methods and 5 techniques for determining the cellular network operator providing services to mobile communication device 105.
  • Security module 235 can be further configured to check if obtaining data characterizing a location was successful (step 510). In case obtained data characterizing a location failed (e.g. cell_ID cannot be determined since there is no service in the
  • a restriction notification can be issued (step 540).
  • mobile communication device 105 may be within a restricted location.
  • security module 235 can be configured to validate that mobile communication device 105 complies with the security policy (step 520).
  • the security policy can, for example, require certain elements of mobile communication device 105 to be controlled (e.g. disabled, enabled, etc.) within certain restricted locations.
  • security policy data can define that when mobile
  • 25 communication device 105 is located in a certain cell, camera 200 is to be disabled. If mobile communication device 105 is located within the cell in which camera 200 is to be disabled, security module 235 can check if camera 200 is disabled and thus the security policy is met or if camera 200 is enabled and thus the security policy is not met.
  • a non-restriction notification can be issued (step 530). It can be appreciated that, pending the type of notification issued (restriction or non restriction notification), it may be desirable to control (e.g. enable, disable, etc.) one or more elements of mobile communication device 105, accordingly. It is to be understood that the presently disclosed subject matter is not limited in its application to the details set forth in the description contained herein or illustrated in the drawings. The presently disclosed subject matter is capable of other embodiments and of being practiced and carried out in various ways. Hence, it is to be understood that the phraseology and terminology employed herein are for the purpose of description and should not be regarded as limiting. As such, those skilled in the art will appreciate that the conception upon which this disclosure is based may readily be utilized as a basis for designing other structures, methods, and systems for carrying out the several purposes of the present presently disclosed subject matter.
  • system may be a suitably programmed computer.
  • the presently disclosed subject matter contemplates a computer program being readable by a computer for executing the method of the presently disclosed subject matter.
  • the presently disclosed subject matter further contemplates a machine -readable memory tangibly embodying a program of instructions executable by the machine for executing the method of the presently disclosed subject matter.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Telephone Function (AREA)

Abstract

La présente invention concerne un dispositif de communication mobile.
PCT/IL2012/050257 2011-07-20 2012-07-19 Système et procédé de commande fondée sur la position, d'éléments d'un dispositif de communication mobile Ceased WO2013011512A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
IL214209 2011-07-20
IL214209A IL214209A0 (en) 2011-07-20 2011-07-20 System and method for location based control of elements of a mobile communication device

Publications (1)

Publication Number Publication Date
WO2013011512A1 true WO2013011512A1 (fr) 2013-01-24

Family

ID=45768455

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IL2012/050257 Ceased WO2013011512A1 (fr) 2011-07-20 2012-07-19 Système et procédé de commande fondée sur la position, d'éléments d'un dispositif de communication mobile

Country Status (2)

Country Link
IL (1) IL214209A0 (fr)
WO (1) WO2013011512A1 (fr)

Cited By (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2014179152A1 (fr) * 2013-05-03 2014-11-06 Qualcomm Incorporated Application géo-dépendante de politique mobile
WO2014179750A1 (fr) * 2013-05-02 2014-11-06 Sky Socket, Llc Basculement de profil de configuration géodépendant
WO2014179743A1 (fr) * 2013-05-02 2014-11-06 Sky Socket, Llc Basculement de politique de configuration en fonction du temps
US9609022B2 (en) * 2014-12-10 2017-03-28 Sybase, Inc. Context based dynamically switching device configuration
EP3193539A1 (fr) * 2016-01-14 2017-07-19 Telia Company AB Solution permettant de commander un mode de fonctionnement d'un terminal mobile
JP2017534958A (ja) * 2014-09-18 2017-11-24 ブーズ−アレン アンド ハミルトン 位置ベースのセキュリティのためのシステム及び方法
US10061933B1 (en) 2018-01-09 2018-08-28 Booz Allen Hamilton Inc. System and method for controlling the power states of a mobile computing device
US10795981B2 (en) 2014-11-05 2020-10-06 Elta Systems Ltd. Add-on modem for wireless devices and methods useful in conjunction therewith
US10951541B2 (en) 2012-02-14 2021-03-16 Airwatch, Llc Controlling distribution of resources on a network
US11082355B2 (en) 2012-02-14 2021-08-03 Airwatch, Llc Controllng distribution of resources in a network
US11354426B2 (en) 2017-11-15 2022-06-07 High Sec Labs Ltd. Cellular phone security pack method and apparatus
US11824644B2 (en) 2013-03-14 2023-11-21 Airwatch, Llc Controlling electronically communicated resources
US12231899B2 (en) * 2022-02-28 2025-02-18 Saverone 2014 Ltd. System and method for managing access to software applications on a mobile communication device via a phone location unit

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100159985A1 (en) * 2006-09-01 2010-06-24 Ladouceur Norman M Disabling operation of a camera on a handheld mobile communication device based upon enabling or disabling devices
US7769394B1 (en) * 2006-10-06 2010-08-03 Sprint Communications Company L.P. System and method for location-based device control
US20100325194A1 (en) * 2009-06-17 2010-12-23 Apple Inc. Push-based location update

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100159985A1 (en) * 2006-09-01 2010-06-24 Ladouceur Norman M Disabling operation of a camera on a handheld mobile communication device based upon enabling or disabling devices
US7769394B1 (en) * 2006-10-06 2010-08-03 Sprint Communications Company L.P. System and method for location-based device control
US20100325194A1 (en) * 2009-06-17 2010-12-23 Apple Inc. Push-based location update

Cited By (26)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10951541B2 (en) 2012-02-14 2021-03-16 Airwatch, Llc Controlling distribution of resources on a network
US11082355B2 (en) 2012-02-14 2021-08-03 Airwatch, Llc Controllng distribution of resources in a network
US11483252B2 (en) 2012-02-14 2022-10-25 Airwatch, Llc Controlling distribution of resources on a network
US12081452B2 (en) 2012-02-14 2024-09-03 Airwatch Llc Controlling distribution of resources in a network
US11824644B2 (en) 2013-03-14 2023-11-21 Airwatch, Llc Controlling electronically communicated resources
US9426162B2 (en) 2013-05-02 2016-08-23 Airwatch Llc Location-based configuration policy toggling
US9219741B2 (en) 2013-05-02 2015-12-22 Airwatch, Llc Time-based configuration policy toggling
WO2014179743A1 (fr) * 2013-05-02 2014-11-06 Sky Socket, Llc Basculement de politique de configuration en fonction du temps
US11204993B2 (en) 2013-05-02 2021-12-21 Airwatch, Llc Location-based configuration profile toggling
WO2014179750A1 (fr) * 2013-05-02 2014-11-06 Sky Socket, Llc Basculement de profil de configuration géodépendant
US10303872B2 (en) 2013-05-02 2019-05-28 Airwatch, Llc Location based configuration profile toggling
CN105165044A (zh) * 2013-05-03 2015-12-16 高通股份有限公司 移动策略的基于位置的强制执行
US9185135B2 (en) 2013-05-03 2015-11-10 Qualcomm Incorporated Location based enforcement of mobile policy
WO2014179152A1 (fr) * 2013-05-03 2014-11-06 Qualcomm Incorporated Application géo-dépendante de politique mobile
US10244347B2 (en) 2014-09-18 2019-03-26 Booz Allen Hamilton Inc. System and method for location-based security
AU2015317482B2 (en) * 2014-09-18 2021-04-01 Booz Allen Hamilton Inc System and method for location-based security
EP3195180A4 (fr) * 2014-09-18 2018-04-18 Booz, Allen & Hamilton Système et procédé pour une sécurité basée sur un emplacement
JP2017534958A (ja) * 2014-09-18 2017-11-24 ブーズ−アレン アンド ハミルトン 位置ベースのセキュリティのためのシステム及び方法
US10795981B2 (en) 2014-11-05 2020-10-06 Elta Systems Ltd. Add-on modem for wireless devices and methods useful in conjunction therewith
US9609022B2 (en) * 2014-12-10 2017-03-28 Sybase, Inc. Context based dynamically switching device configuration
US10715652B2 (en) 2016-01-14 2020-07-14 Telia Company Ab Solution for controlling an operating mode of a mobile terminal
EP3193539A1 (fr) * 2016-01-14 2017-07-19 Telia Company AB Solution permettant de commander un mode de fonctionnement d'un terminal mobile
US11354426B2 (en) 2017-11-15 2022-06-07 High Sec Labs Ltd. Cellular phone security pack method and apparatus
US10372923B2 (en) 2018-01-09 2019-08-06 Booz Allen Hamilton Inc. System and method for controlling the power states of a mobile computing device
US10061933B1 (en) 2018-01-09 2018-08-28 Booz Allen Hamilton Inc. System and method for controlling the power states of a mobile computing device
US12231899B2 (en) * 2022-02-28 2025-02-18 Saverone 2014 Ltd. System and method for managing access to software applications on a mobile communication device via a phone location unit

Also Published As

Publication number Publication date
IL214209A0 (en) 2012-01-31

Similar Documents

Publication Publication Date Title
WO2013011512A1 (fr) Système et procédé de commande fondée sur la position, d'éléments d'un dispositif de communication mobile
US12141337B2 (en) Theft detector
AU2018337982B2 (en) Contraband detection through smart power components
CN107079525B (zh) 跟踪移动设备
US9723487B2 (en) Mobile device security system
EP2196045B1 (fr) Système et procédé pour la protection de données dans des dispositifs sans fil
US8639290B2 (en) UICC control over devices used to obtain service
US9889820B2 (en) Car theft tracking system and method
CN111475835A (zh) 一种终端工作模式的切换方法、装置、终端、系统及可读存储介质
CN111147527A (zh) 一种物联网系统及其设备认证方法、装置、设备及介质
CN107636675A (zh) 用于控制设备的可用性的模块
US20100309895A1 (en) Data transmission from a vehicle and network regulation
KR101272136B1 (ko) 이동성이 강한 이동 단말기에서의 위치 기반 보안 구현 방법
US20170200025A1 (en) Securing electronic property from unauthorized use
KR101800000B1 (ko) 물품 분실 방지 및 관리 시스템 및 방법
US9584474B2 (en) SIM card activation
JP2010072715A (ja) 携帯型装置、データ管理方法、データ配信管理方法、およびコンピュータプログラム
JP6336793B2 (ja) 無線通信システム、及び、無線通信方法
US10120696B2 (en) Method and device for controlling usability of a communication device
CN103918294B (zh) 防止安全模块的欺诈使用的方法
JP4712448B2 (ja) 配信サーバ及び配信方法
CN111767971A (zh) 基于电子标签的终端管控方法、装置、终端以及可读存储介质
CN111356086B (zh) 一种防盗定位方法及装置
CN107590582B (zh) 一种基于物联网的枪械管理方法、及服务器
JP2018157459A (ja) 情報処理システム、情報処理方法および携帯端末

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 12815456

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 12815456

Country of ref document: EP

Kind code of ref document: A1