FORM -2
THE PATENTS ACT, 1970
(39 of 1970)
&
THE PATENTS RULES, 2003
PROVISIONAL
Specification
(Sec Section 10 and rule 13)

TATA CONSULTANCY SERVICES LTD.,
an Indian Company of Bombay House, 24; Sir Homi Mody Street, Mumbai 400 001
Maharashtra. India
THE FOLLOWING SPECIFICATION DESCRIBES THE INVENTION


Field of the Invention:
The invention relates to mobile devices.
Particularly, the invention relates to security of mobile phones and devices.
Still particularly, this invention relates to security and retrieval of the data in the mobile device by using pluggable cryptographic algorithms.
Also this invention relates to some methodologies which can increase the chances of retrieval of the handset or/and the data in case of theft or if it is misplaced.
Background of the Invention:
A mobile telephone or cellular telephone is a long-range, portable electronic device used for mobile communication. In addition to the standard voice function of a telephone, current mobile phones can support many additional services such as SMS for text messaging, email, packet switching for access to the Internet, and MMS for sending and receiving photos and video. Mobile phones are used ubiquitously by people nowadays. Most of them contain personal and confidential information.
A mobile phone is a valuable in terms of increased data storage and increased applications resident and usable on the phone. A misplaced/lost unsecured mobile phone in the wrong hands is an invitation to disaster and could possibly result in identity theft and losses both material and non-material. Mobile phones when misplaced are prone to misuse. They allow people to peruse personal SMS record on the handset, allow access to phone
2

book, allow access to application, access to make call, allow unrestricted access to images, videos and a variety of such data. The privacy of the user is compromised and there is a certain amount of risk to identify theft too. Also the critical data stored in the mobile phone is no longer present with the owner. So obtaining some or all of the data becomes crucial to the owner.
Cryptographic measures (using BREW features) is one of the mechanisms of securing such a device. Cryptography along with SMS based access control is one of the mechanisms to secure mobile devices in hostile environments. Although an unauthorized user is able to access the data, it will be of no meaning to him.
An SMS is a device independent communication mechanism. Hence, the intended device within a hostile environment can be secured from anywhere; typically from another mobile device, from a GSM device, from the internet, or any such gateway to a SMS service.
With the advance in technology, as and when new and complex cryptographic algorithms are devised, they can be incorporated to further enhance the security provided to the data. Changing the cryptography algorithm periodically helps prevent the data being recovered by malpractices (ike hacking , etc.
Prior Art:
1. US Patent-US6301484
This patent states that an SMS can be sent to a mobile phone to initiate an
application on that mobile phone.
3

2. INDIA Patent- 208DEL/2006A
This patent provides a mechanism to locate a mobile phone by sending an SMS to a mobile phone and also securing the data from an unauthorized user in case of a theft. Also retrieval of data can be done from a SIM (Subscriber Identification Module) card present in the handset. The other critical data like images, clips, notes, reminders are not secured.
3. INDIA Patent- 1307/CHE/2004A
This patent provides a method of tracking stolen mobile phone by reporting change of SIM by itself to the actual owner without network making queries.
Objects of the Invention:
One object of the invention is to provide a solution for securing a mobile device using SMS and pluggable cryptographic operations
Another object of this invention is to provide a mechanism and solution which requires no modifications to existing device operations.
Yet another object of this invention is to provide an efficient and easily maintainable approach to secure such mobile devices.
Still another object of this invention is to ensure minimum central processing unit usage to provide a security feature on a such mobile devices.
Still further, object of this invention is to provide the owner with information necessary to locate and recover the lost mobile device
4

This invention also helps the user to retrieve ceitain critical data in the mobile phone as back up.
An additional object of this invention is to provide a security feature on a mobile device without compromising on battery life.
Summary of the Invention:
This invention envisages a solution using cryptography along with SMS based access control as one of the mechanisms to secure mobile devices in hostile environments. The SMS message as referred herein relates to a message sent to a crypto token resident on the mobile device in accordance with this invention. It is distinct from the message sent to a SIM card of the mobile phone. Said crypto token is adapted to be powered on a minimalist power source. Also, even if the main battery which powers the mobile device is removed, the crypto token and its functionalities are persisted.
A system and apparatus in accordance with the invention is envisaged such that it addresses the need for securely accessing a mobile device. In accordance with this invention, it is ascertained that cryptographically strong tokens present a significantly high challenge in order to compromise its security and the use of application directed SMS can be established to further strengthen this cause.
According to one embodiment of this invention, there is provided a mechanism of locking a mobile device. This mechanism typically consists of a crypto token in conjunction with an encrypted key. Upon loss of mobile device, an SMS message containing the key is sent to a mobile device to
5

secure the device in order to render it inaccessible. On receipt of the SMS message, an application is launched. This application then cryptographically compares the sent key with the resident key and if they match, it starts monitoring the mobile device. In accordance with the monitoring process, the crypto token alongwith its host mobile device
1) Reports the precise current geographical location to the sender of the SMS message alongwith the details of the police station (postal address and the contact number) in that area.
2) Periodic sending of location information to trace any movement.
3) Displays a message on the screen in a language selected by owner of the mobile. Also a voice message will be played at periodic intervals. This message will convey that the phone is stolen or misplaced.
4) Encrypts the critical data on the mobile device.
5) Sends the data to the user via 'http'
6) Even Bluetooth / 1R / Wi-Fi broadcast can be used to transfer data like SMS, contacts etc
7) Further, it renders the features of the handset useless, typically the key press events, effectively rendering the device unusable.
In order to reactivate the device, the true user sends another SMS message containing a reactivate key. On receipt of the reactivate key, the application monitoring the mobile device does a cryptographic comparison with the resident crypto token and on a successful comparison stops the monitoring process on the device and restores access to all its features and key events.
According to another embodiment of this invention, there is provided a mechanism to send the 'longitude-latitude' of the location where the mobile
6

phone is present at the time of receipt of the 'lock sms'. This information is send to a secure mobile phone selected by the owner himself. This information can further be mapped to the name of the area. This information can be transmitted at fixed intervals to help trace the movement of the mobile device.
Still further, there is provided a mechanism to integrate with an already existing application 'GIS'[Please verify the application name](The application returns the postal address and the telephone number of a requested place) to retrieve details of a police station in the area the phone is present.(location details obtained by latitude-longitude as described earlier).
According to yet another embodiment of this invention, there is provided a
method to retrieve a backup of the contacts and critical data stored in the
mobile phone. This data will be sent via 'http' protocol.
Also, data like contacts, SMS can be transferred via Bluetooth / IR / Wi-Fi
broadcasts.
According to another embodiment of this invention, there is a mechanism by which a message will be displayed on the locked handset in a language selected by the owner of the handset.
The message will also be played as a voice clip (internally enabling the speaker) at periodic intervals. This message will convey that the handset is lost and help regain the handset if found in case of misplacement.
7

According to another embodiment of this invention, there is provided an easy user interface to secure the device from unwanted elements. It requires no modifications to the existing device operation.
Brief Description of Accompanying Drawings:
The invention will now be described in relation to the accompanying drawings in which:
Figure 1 illustrates an architectural overview for securing a BREW based mobile device via a SMS message.
Detailed Description of Accompanying Drawings:
Figure 1 illustrates an architectural overview for securing a BREW based mobile device via a SMS message in accordance with this invention. A BREW based mobile device (what is BREW D) is shown. A crypto token alongwith a user-defined key resides on the BREW device in accordance with this invention. The BREW device in accordance with this invention is adapted to receive Short Messaging Service messages (SMS) from a variety of applications, typically from a mobile device (MD), originating from a computer through the internet (I) and the like independent sources. According to one embodiment of this invention, there is provided a mechanism of locking a BREW based mobile device. This mechanism typically consists of a crypto token in conjunction with an encrypted key. This encrypted key is cryptographically entered on the mobile device after the crypto token resides on it. Upon loss of mobile phone, an SMS message (SMS) containing the key is sent to the mobile device to secure the device in order to render it inaccessible. On receipt of the SMS message (SMS), an application is launched. This application then cryptographically compares
8

the sent key with the resident key and if they match, it starts monitoring the mobile device. In accordance with the monitoring process, the crypto token alongwith its host mobile device reports the precise geographical location to the sender (MD. PC) of the SMS message (SMS). Further, it renders the features of the handset useless, typically the key press events, effectively rendering the device unusable. In order to reactivate the device, the true user sends another SMS message containing a reactivate key. On receipt of the reactivate key, the application monitoring the mobile device does a cryptographic comparison with the resident crypto token and on a successful comparison stops the monitoring process on the device and restores access to all its features and key events.
While considerable emphasis has been placed herein on the components and component parts of the preferred embodiments, it will be appreciated that many embodiments can be made and that many changes can be made in the preferred embodiments without departing from the principles of the invention. These and other changes in the preferred embodiment as well as other embodiments of the invention will be apparent to those skilled in the art from the disclosure herein, whereby it is to be distinctly understood that the foregoing descriptive matter is to be interpreted merely as illustrative of the invention and not as a limitation.

9