Communication apparatus, first communication apparatus, method of communication apparatus, and method of first communication apparatus
US-2024406188-A1 · Dec 5, 2024 · US
Secure lock for mobile device
US9426661B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9426661-B2 |
| Application number | US-201514874023-A |
| Country | US |
| Kind code | B2 |
| Filing date | Oct 2, 2015 |
| Priority date | Apr 20, 2012 |
| Publication date | Aug 23, 2016 |
| Grant date | Aug 23, 2016 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A secure lock procedure for mobile devices is disclosed. The secure lock process generally includes detecting a device access attempt at a telecommunication device during a security-enabled boot sequence. The device access attempt may include a cryptographic key, which when detected, initiates a cryptographic authentication operation. The cryptographic authentication operation results in access to one or more resource of the telecommunication device being enabled, when the cryptographic key is determined to be valid, or denied, when the cryptographic key is determined to be invalid. The device access attempt may be associated with a root-level device access attempt or software flash attempt, and the secure lock procedure can be implemented in conjunction with a boot loader stored within a memory of the telecommunication device.
First claim
Opening claim text (preview).
What is claimed is: 1. A telecommunication device comprising: one or more processors; an access attempt counter; and a memory coupled to the one or more processors, and having at least a secure lock component and a device operating system (OS), wherein the secure lock component is operable by the one or more processors to: initialize the access attempt counter to a default value n; detect a device access attempt during a boot sequence of the telecommunication device, wherein each of multiple layers in a boot stack of the boot sequence employs a cryptographic lock that is configured to be unlocked with a first security key; initiate a cryptographic validation operation when a second security key is encountered as a part of the device access attempt; in response to utilizing the first security key to determine that the second security key is valid during the cryptographic validation operation, enable access to at least one resource of the telecommunication device; and in response to utilizing the first security key to determine that the second security key is not valid during the cryptographic validation operation, deny access to the at least one resource of the telecommunication device: increment the access attempt counter value n to a value i, where i=n+1; compare the incremented access attempt counter value i to an access attempt threshold value Th; determine whether a counter equation i≧Th is satisfied based at least in part on the comparison; and reboot the telecommunication device in response to determining that the incremented access attempt counter value i satisfies the counter equation. 2. The telecommunication device of claim 1 , wherein the secure lock component comprises a secure on chip (SoC) boot loader that is configured to control the boot sequence, and wherein the boot sequence includes at least one boot layer that is bootable by the SoC bootloader to initialize the device OS. 3. The telecommunication device of claim 1 , wherein the secure lock component is further operable by the one or more processors to reset the access attempt counter to the default value n, in response to determining that the incremented access attempt counter value i satisfies the counter equation. 4. The telecommunication device of claim 1 , wherein the secure lock component is further operable by the one or more processors to detect a plurality of unauthorized user access attempts at the telecommunication device, and wherein at least one of the plurality of unauthorized user access attempts is associated with an invalid unlock code that is received at an interface of the telecommunication device. 5. The telecommunication device of claim 1 , wherein the secure lock component is further operable by the one or more processors to: detect an unauthorized software image in, or being flashed to, the memory of the telecommunication device; and brick access to the telecommunication device in response to detecting the unauthorized software image. 6. A method comprising: initializing, by a telecommunication device, a device access attempt counter to a default value n; detecting a device access attempt during a boot sequence of the telecommunication device, wherein each of multiple layers in a boot stack of the boot sequence employs a cryptographic lock that is configured to be unlocked with a first security key; initiating a cryptographic validation operation when a second security key is encountered as a part of the device access attempt; and in response to utilizing the first security key to determine that the second security key is valid during the cryptographic validation operation, enabling access to at least one resource of the telecommunication device; or in response to utilizing the first security key to determine that the second security key is not valid during the cryptographic validation operation, denying access to the at least one resource of the telecommunication device; incrementing the device access attempt counter value n to a value i, where i=n+1; comparing the incremented device access attempt counter value i to an access attempt threshold value Th; determining whether a counter equation i≧Th is satisfied based at least in part on the comparison; and rebooting the telecommunication device in response to determining that the incremented device access attempt counter value i satisfies the counter equation. 7. The method of claim 6 , further comprising detecting a plurality of unauthorized access attempts at the telecommunication device, wherein at least one of the plurality of unauthorized access attempts is associated with receiving an invalid unlock code at an interface of the telecommunication device. 8. The method of claim 6 , further comprising resetting the device access attempt counter to the default value n, in response to determining that the incremented device access attempt counter value i satisfies the counter equation. 9. The method of claim 6 , further comprising generating a notification indicating a bricked or a locked status of the telecommunication device, wherein the notification includes an option for curing the bricked or locked status of the telecommunication device. 10. The telecommunication device of claim 1 , wherein the secure lock component is further operable by the one or more processors to generate a notification indicating a bricked or a locked status of the telecommunication device, wherein the notification includes an option for curing the bricked or locked status of the telecommunication device. 11. The method of claim 6 , further comprising: detect an unauthorized software image in, or being flashed to, memory of the telecommunication device; and brick access to the telecommunication device in response to detecting the unauthorized software image. 12. A non-transitory computer storage device with a stored computer-executable program, which, when executed by one or more processors of a telecommunication device, performs operations comprising: initializing a device access attempt counter to a default value n; detecting a device access attempt during a boot sequence of the telecommunication device, wherein each of multiple layers in a boot stack of the boot sequence employs a cryptographic lock that is configured to be unlocked with a first security key; initiating a cryptographic validation operation when a second security key is encountered as a part of the device access attempt; in response to utilizing the first security key to determine that the second security key is valid during the cryptographic validation operation, enabling access to at least one resource of the telecommunication device; and in response to utilizing the first security key to determine that the second security key is not valid during the cryptographic validation operation, denying access to the at least one resource of the telecommunication device; incrementing the device access attempt counter value n to a value i, where i=n+1; comparing the incremented device access attempt counter value i to an access attempt threshold value Th; determining whether a counter equation i≧Th is satisfied based at least in part on the comparison; and rebooting the telecommunication device in response to determining that the incremented device access attempt counter value i satisfies the counter equation. 13. The non-transitory computer storage device of claim 12 , wherein the operations further comprise detecting a plurality of unauthorized access attempts at the telecommunication device, wherein at least one of the plurality of unauthorized access attempts is associated with receiving an invalid unlock code at an interfa
Assignees
Inventors
Classifications
- H04W12/08Primary
Access security · CPC title
at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability · CPC title
Loading of operating system · CPC title
Program or device authentication · CPC title
Detection or prevention of fraud · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9426661B2 cover?
- A secure lock procedure for mobile devices is disclosed. The secure lock process generally includes detecting a device access attempt at a telecommunication device during a security-enabled boot sequence. The device access attempt may include a cryptographic key, which when detected, initiates a cryptographic authentication operation. The cryptographic authentication operation results in access…
- Who is the assignee on this patent?
- T Mobile Usa Inc
- What technology area does this patent fall under?
- Primary CPC classification H04W12/08. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Aug 23 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).