Mobile devices are assuming many roles. As the processing power and memory of mobile devices have increased, they have been able to handle more challenging applications. In addition, due to the high adoption rate and portability of mobile devices, they are becoming the one common element for people, who carry these devices with them everywhere. Such mobile devices are replacing the functionality of landline telephones, address books, personal organizers, personal computers, photo cameras, radios, etc. In some cases, such mobile devices are even replacing much of the functionality of wallets, and are being used as a means for carrying out banking.
For purposes of the discussion hereinbelow, mobile devices include mobile telephones, personal digital assistants, and other portable computing devices that have a network communications interface, and allow the execution of agents in the background or wake up agents/applications upon an event, such as receiving a message. Mobile devices include subscriber identity modules and other modules that can be plugged into them.
The expansion of the functionality of mobile devices into these new areas has placed new requirements on them. More information and, correspondingly, more sensitive information is being stored by such devices. An example of an application that places new demands on the mobile device is an electronic wallet (“e-wallet”). An e-wallet is a software application that, like a real wallet, stores credit card information, banking information, etc. together with shipping and other personal details. In addition, e-wallets can store credentials and other security elements for purposes of authenticating the user and/or service provider. E-wallets can act as plug-ins to browsers, making it possible for a credit card holder to conduct online banking and retail transactions, manage payment receipts and store digital certificates. In addition, e-wallets can also store personal data (such as health care and banking data), corporate data (such as client contact information, correspondence, etc.), and various security elements for accessing personal and corporate networks and other resources or services.
Given the sensitivity of the data and the security elements being stored on such mobile devices, it is highly desirable to maintain the security of such information on an ongoing basis. Access to certain functionality on the mobile devices can be password-protected. etc. to prevent casual access or hacking attempts where the mobile devices arc not in the possession of their owners. As such casual hackers only have a limited period of time and means to attempt to access the information housed on a mobile device, such attacks generally do not pose strong security threats.
The loss or theft of a mobile device presents a different and significantly greater threat. Given permanent possession of a mobile device and the freedom to physically disassemble the device, a wide variety of stronger techniques can be used to hack the device to obtain access to the data and security elements stored thereon. As a result, this scenario poses a greater threat to the security of the data and security elements. Further, as the mobile device is not physically accessible to the owner, he cannot carry out actions that would otherwise remove or make inaccessible the data and/or security elements from the memory of the mobile device.
Systems exist whereby the data and/or security elements on a mobile device can be erased or otherwise made inaccessible after a pre-set number of unsuccessful login attempts have been made. Such security mechanisms, however, rely on the integrity of the application and its normal mode of use on the mobile device. Given sufficient time, it may be possible to disable the security mechanisms of an application and/or the operating system upon which it executes. In a more direct approach, the physical memory of the mobile device may be accessed through unconventional methods or even removed and hacked, such as with brute-force attacks.
It is an object of this invention to provide a novel method and system for delivering a command to a mobile device.