WO2007055558A1

WO2007055558A1 - Integrated security mobile engines for mobile devices and resident data security

Info

Publication number: WO2007055558A1
Application number: PCT/MY2006/000026
Authority: WO
Inventors: Vetha S. A Manickam; Navin Nishat Anthony; Joseph Rajesh
Original assignee: Nss Msc Sdn Bhd
Priority date: 2005-11-11
Filing date: 2006-11-10
Publication date: 2007-05-18
Also published as: MY148813A

Abstract

The invention relates to applications for providing security measures to data resident on a mobile device and the mobile devices itself. An application that protects the resident data on the mobile handset is invented for securing files, personal data, personal messages, video clips, and all other configured files in the mobile handset. In addition, the application also has a mechanism by which one can back-up the data and import back to the mobile handset with prior authorized password. Another embodiment of the application that can wipe out the resident data on the mobile handset by sending a wiping out instruction with a pass code from any mobile, is also invented in the event of the loss of the mobile handset, provided the SIM card is not removed from the handset. If the mobile device is lost and SIM card is replaced with new card, the application can detect the change of unauthorized new SIM card from the owner of the mobile handset is also invented. Upon detecting the change, the application sends silent tracking messages to another mobile device for recovering the lost mobile device. Finally, another embodiment of the application can silently drop the mobile message considered to be a spam, configured by the user of the device, is also invented for anti-spam purpose. These mobile device and resident data security measures can be provided by the same application or different embodiments of the applications.

Description

Integrated Security Mobile Engines for Mobile Devices and Resident Data Security

Field of Invention

The invention relates to applications for providing security measures to data resident on a mobile device and the mobile devices itself.

Background of Invention

A mobile device, such as a mobile phone, smartphone, or a personal digital assistant (PDA), that is capable of receiving and transmitting mobile messages normally has a few applications running on board to provide different functions on the mobile device. These functions such as telephony, mobile messaging such as short message service (SMS) or multimedia messaging service (MMS), or email are provided by different application on the mobile devices. It is more common during these days to extend functionalities of a mobile device by building new applications to be operated on the mobile device.

One of the ways to customize such new application is by using Message Type Module (MTM) architecture of the Symbian mobile operating system. A designer can use this architecture to build new application for use with new specified message type. This means that the newly built application can work on new format of messages that is also being transmitted over telecommunication network. However, it is noted that the use of new message types (i.e., mobile messages that are handled according to different protocols like SMS, MMS, and email) requires an introduction of new protocol and new standard used on existing telecommunication network.

A new approach taught by Symbian MTM architecture is to have a new message type for use with a new application and yet can be sent through existing telecommunication network. Such a new message type that can ride on conventional messaging protocols would not need modification of existing telecommunication networks and the introduction of new communication protocol. It would only be sufficient to introduce protocol for the new message type to be used with the new application and yet the new message must be able to travel through existing telecommunication networks through existing communication protocol. The implication of having such a new message type is various new applications, which may be invoked by the using the conventional messaging communication protocol.

One of the purposes of developing new applications with its protocol for the new message type is to secure mobile devices, its resident data, and its data communications with other devices against modern threats. It is always been a fact that messaging applications such Short Message Service (SMS), Multimedia Messaging Service (MMS), or mobile-based emails are not secure. Due to the limited resources of an embedded device currently and nonexistence of secure applications, they cannot be encrypted by the sender, rendering the sent message as a clear text so that anybody can see the confidential and private messages. In the same way, due to the limited resources of an embedded device currently, they cannot be signed by a sender, rendering sent messages cannot be authenticated and integrity of message content cannot be guaranteed. As such the sender can deny the messages are sent by him or repudiate his authorship of the messages. These handicap and drawbacks have limited the utility of messaging services and prevents it from being utilized in situation that warrants data confidentiality, access controls, authentication, integrity, and non-repudiation. Furthermore, such messages also reside on mobile devices which can be easily stolen or lost.

Therefore, it is desirable that any security means, which is used to protect these messages during transmission, can also be used to protect the messages when they are resident on the mobile devices. With the new approach suggested earlier, it is quite apparent to create new message type that can ride on existing mobile messaging network, new protocols for use with the new message type, and new applications for handling the new message type as the security means for protecting mobile messages when in it is over the air (OTA). It is also desirable that the created new applications which is part of the security means to protect the OTA messages can also be used to protect data resident on the mobile devices. This is to ensure data security and prevent secured data from falling into the hands of unintended parties when devices are lost. It is also desirable to use the means for protection for aiding and enhancing the chances of recovering lost mobile device. As part of a messaging application, it is also desirable to enhance the created application to delete unsolicited spam messages from the mobile device. It is envisioned that the same applications can execute these features as a standalone or incorporated into and used with other applications besides a secure mobile messaging application.

By using such an approach, it is estimated, albeit reservedly that the introduction of such a system for mobile messages confidentiality, access controls, authenticity, integrity, non-repudiation, and device security will bring in considerable changes to the way various transactions are being done. Introduction of Internet and subsequent improvements in its security throughout the years have opened up new possibilities and new ways for occupational, financial, commerce, business, and daily activities to be carried out differently. The invented secured and trusted messaging system will also influence daily life and its activities as the system and the secured and trusted messages are compatible with existing telecommunication networks, established mobile messaging protocols and currently available smart mobile devices. Technically, this means the invention is easily adaptable in the current situation.

Summary of Invention

It is the broad objective of the invention to applications installed in mobile communication enabled devices for resident data and mobile devices security.

The object of the invention includes providing encryption to resident data on mobile devices when they are not in used. The object of the invention includes hindering unauthenticated individuals from using the resident data on mobile devices.

The object of the invention includes providing a means for remotely deleting selected or predetermined resident data, encrypted or unencrypted, when mobile devices installed with the applications or engines providing resident data and mobile device security are used by unauthorized persons.

The object of the invention includes providing a means for remotely deleting selected or predetermined resident data, encrypted or unencrypted, when mobile devices installed with the applications or engines providing resident data and mobile device security are lost or stolen.

The object of the invention includes deleting any unsolicited mobile messages arriving at the mobile device, whether the mobile messages are harmful or otherwise.

These objects of the present invention are accomplished by providing:

A system for resident data security on a mobile device, comprising a cryptographic engine, the cryptographic engine encrypts the resident data according to hybrid cryptographic approach, a control application, the control application is coupled to the cryptographic engine and a standalone application, the standalone application utilizes the cryptographic engine through the control application for encryption and decryption of the resident data.

Preferably that the standalone application is a file manager for browsing contents on the mobile device for locating the resident data and selects both the resident data to be encrypted and encrypted resident data to be decrypted by the cryptographic engine.

Preferably, the private and public key pairs used in the hybrid cryptographic approach are generated according to Elliptic Curve Cryptography algorithm. Preferably, the symmetric encryption key and symmetric decryption key are generated according to Elliptic Curve Cryptography algorithm.

Preferably, the selected resident data is encrypted and the selected encrypted resident data is decrypted according to Advanced Encryption Standard algorithm.

Preferably, the selected resident data is encrypted and the selected encrypted resident data is decrypted according to a proprietary 32-bit block based cryptographic algorithm.

Preferably, the system for resident data security further comprising an authentication system coupled to the cryptographic engine for handling the generated private key on the mobile device, the authentication system makes the private key available to the cryptographic engine after the authentication system has authenticated the entity's identity.

Preferably, the system for resident data security further providing a function for backing up selected encrypted resident data and exporting the backed up encrypted resident data to another storage device, and a function for importing backed up encrypted resident data from another storage device and restoring the backed up encrypted resident data.

Preferably, the system for resident data security further comprising a settings module, the settings module is coupled to the cryptographic engine to further provide a function for remotely wiping out resident data on the mobile device.

A system for resident data security on the mobile device, comprising a settings module, the settings module containing a unique pass code, and an engine, the engine detecting any incoming mobile messages for an instruction for wiping out resident data and the unique pass code in incoming mobile messages arriving on the mobile device and wiping out resident data on the mobile device upon detection of both the instruction for wiping out resident data and the unique pass code and verifying the detected unique pass code against the copy in the settings module.

Preferably, the mobile message is a Secure Mobile Messaging (SMM) message composed with the header, the instruction for wiping out resident and the unique pass code.

A system for mobile device and resident data security on a mobile device, comprising an engine, the engine detects a phone number associated with a subscriber's identity module card used with the mobile device, a settings module, the settings module containing a preset phone number and at least one associate's phone number; and a mobile messaging means wherein the engine composing a silent tracking message and sending the silent tracking message to another mobile device at the associate's phone number using the mobile messaging means when the detected phone number is different from the preset phone number.

Preferably, the silent tracking message is a Short Message Service (SMS) message.

Preferably, the silent tracking message includes the detected new phone number, International Mobile Subscriber Identity (EVlSI) associated with the detected new phone number, information of mobile operator through which the silent tracking message was sent and the International Mobile Equipment Identity (IMEI).

Preferably, the system for mobile device and resident data security further comprising a means for obtaining present location information on the mobile device through the Global Positioning System (GPS), the silent tracking message further including the obtained current location information at the time of composing.

Preferably, the engine for the mobile device and resident data security system further includes a function for remotely wiping out resident data after sending out silent tracking message for a predetermined period. Preferably, the Silent Tracking Message (STM) engine for mobile device and resident data security further includes a function for wiping out resident data when the function for sending out the silent tracking message is not disabled after recovered by the owner of the device within a predetermined period.

A system for resident data security comprising a settings module, the setting modules containing at least one blocked phone number, and an engine, the engine detecting any mobile message arriving on the device, reading the sender's phone number contained in the newly arrived mobile message and deleting any newly arrived mobile message when the sender's phone number read by the engine matches any of the blocked phone numbers.

Brief Description of the Drawings

The drawings constitute a part of this specification and include exemplary embodiments to the invention, which may be embodied in various forms. It is to be understood that in some instances various aspects of the invention may be extricated from the entire invention and shown alone by itself to facilitate an understanding of the invention.

Figure Ia is a representation of the composition of a mobile message such as SMS, MMS or email according to the GSM standard (prior art), comprising of a conventional messaging message header and a message body.

Figure Ib is a representation of the composition of a new mobile message according to the invention.

Figure Ic is a representation of the composition of a Secure Mobile Messaging (SMM) according to the invention.

Figure 2a is a schematic overview of the SMM application developed according to Symbian OS with its various modules on a mobile device. Figure 2b shows the workflow of TTA engine identifying and transforming newly received SMM messages into different type of SMM messages.

Figure 2c is a schematic representation of the SMM MTM shown in Figure 2a.

Figure 2d shows the workflow of composing and sending SMM messages.

Figure 2e is a representation of the SMM cryptographic engine settings.

Figure 2f is a representation of the contact database shown in Figure 2a.

Figure 3 a shows the workflow of public key generation and exchange between two entities.

Figure 3b is a schematic representation of a sender sending an encrypted SMM message to a recipient who decrypts the SMM message.

Figure 4a is a detail representation of the secure vault which can be applied in the SMM application.

Figures 4b and 4c show the workflow of secure vault backup and import/export which can be applied in an SMM enabled device.

Figure 5a, 5b and 5c show the workflow for enabling data wipe function as applied on a SMM enabled mobile device, triggering by the user of the mobile device and the execution of the data wipe function upon the triggering.

Figure 6a and 6b show the workflow for enabling the silent tracking message as applied on a SMM enabled device and its execution using the SMM application on a SMM enabled mobile device. Figure 7a and 7b show the workflow for blocking unwanted SMS or spam SMS as applied in the SMM application on a SMM enabled device.

Detailed Descriptions of the Invention

Detailed descriptions of the preferred embodiments which summarize all aspects of different embodiments of this invention are provided herein and it is appreciated that these aspects may be implemented individually or in any combination. It is also understood that the present invention may be embodied in various forms. Therefore, specific details disclosed herein are not to be interpreted as limiting, but rather as a basis for the claims and as a representative basis for teaching one skilled in the art to employ the present invention in virtually any appropriately detailed system, structure or manner.

On the overall, the invention is a new mobile message type that can ride on existing telecommunication network while at the same time can only be operated exclusively with proprietary applications. The new mobile message can be used with various applications for various purposes and allows for customization of these applications and its respective protocol. The invention also includes a method for composing and a method for manipulating the new mobile message type when a device receives it. A means for composing the new mobile message type and a means for receiving the new mobile message type to be used with the various proprietary applications are also invented. The invented mobile message, the means for composing the mobile message, the means for manipulating received mobile message and a protocol for the new mobile message are applied in a Secure and Trusted Mobile Messaging System to provide trust and security to mobile messages over communication or resident on mobile devices.

The system for secure, trusted and secure, or trusted mobile messaging according to the invention as disclosed in co-pending Malaysian Patent Applications PI20053739 and PI20054619 is referred to herein and throughout the specification either as

Secure and Trusted Mobile Messaging or Secure Mobile Messaging (SMM). According to the invention, a mobile device messaging system adapted for sending and receiving SMM messages uses a hybrid cryptographic approach wherein two key pairs for two users, (a sender and a receiver) comprising a public key and a private key for each user, are used to encrypt and decrypt or sign and verify messages to be exchanged. This system is also extended to include non-mobile devices such as servers as one of the terminal in the messaging system and other devices that can communicate with a mobile device that will simply be referred to as "telecommunication devices" throughout the specification.

Generally, the SMM system executed by using the new mobile message that can ride on existing telecommunication network modifies conventional SMS, MMS or email message body to provide compatibility of SMM messages with conventional messaging protocol. Hence the use of SMM system requires new add-on application and modules but no modification to default hardware or software components of the mobile devices, existing telecommunication networks or conventional messaging formats and protocols. It uses existing mobile telecommunication network such as Global Services for Mobile (GSM), Code Division Multiple Access (CDMA), Time Division Multiple Access (TDMA), and Personnel Communication Services (PCS).

In order to handle the SMM messages received by a mobile device in SMM system customized for Symbian OS, a SMM message type module (MTM) is seamlessly integrated into a conventional mobile messaging MTM, which can be the SMS MTM, MMS MTM and the email MTM which resides at the mobile device. The new MTM comprises a plurality of components that works together to provide message handling for SMM protocol. Besides the SMM MTM, one of the components that the SMM application utilizes is a tapping, transforming and acting (TTA) engine executing an algorithm to identify SMM from conventional mobile messages like SMS, MMS, or Email. The TTA engine basically identifies a mobile message for proprietary application, transforms it into internal message type and taking relevant action based on the internal message type. When it is applied in the SMM application, the TTA engine will identify SMM mobile messages from other messages. Once a SMM message is identified, the engine transforms it into an internal message type for use with the SMM application.

Another component that the SMM application uses is the SMM contact database on mobile device, which helps the user to store and later retrieve public keys of his contact and other related contact information such as name, phone number(s), and address. In one of the embodiments of this invention, the SMM contacts database is included in a seamless manner with a native contact database residing on the mobile device. The invention also includes a file manager for backing up the SMM contact database, SMM messages, SMM settings and other related configuration files and restoring the backup on a backup device for resumption of SMM service for a user on the backup device.

Advancement in fabrication of microchips for mobile messaging devices has allowed applications with advanced features to be installed and operated thereon. Examples of such applications include diary, personal planners and notepad. They permitted user to store various data or information such as personal particulars, schedules, appointments, itineraries, reminders, alarms and notes which are usually proprietary, private, confidential or sensitive for easy access and convenience. This is more so especially when the users are frequently on the move. These and other information such as various mobile messages constitutes the part of the resident data on the mobile device. However, in the event of loss of the device, user is subjected to violation of his/her privacy when any unintended individual pries into the resident data on the devices.

In another embodiment of the invention, some forms of protection and measures are available to provide security to the mobile device and the resident data on it. Each of these forms of protection and measures can be implemented on its own as standalones or in conjunction with or an extension of other applications such as the SMM application. According to this embodiment of the invention, users are allowed to encrypt selected information and data for security, privacy and confidentiality purposes or against unsolicited use of the mobile device or the resident data. In the event of the loss of a user's mobile device, the user can send mobile message, preferably an SMS composed of instruction for wiping out with a pass code from any telecommunication device to wipe out the resident data that resides on said mobile device. Thus, the privacy of the user is protected and unsolicited use of the device or applications thereon can be prevented. The mobile device can further more transmit a Silent Tracking Message (STM) when it is stolen and used with an unauthorized SIM card. Last but not least, the invention also includes an anti-SMS spamming function for filtering out unsolicited SMSes.

Following the foregoing overview of the invention, the details of its working are as follow. Figure Ia shows -the prior art mobile message (100a) composition that contains a mobile message header (101) which can be an SMS, MMS or email header and its text body (102) as per the GSM standard. The header includes fields identifying the type of mobile message, parameters identifying the mobile service provider, source and destination addresses, and other fields as specified in GSM standards.

Figure Ib illustrates a new mobile message (100b) composition according to the invention that has conventional mobile messaging header (101) (such as SMS, MMS or email header) and composed according to conventional mobile message protocol to allow it to be fully compatible with the conventional mobile messaging protocol. However the mobile message body (119) is modified so that it carries data (118) to be conveyed and information (111) on how the data should be handled, manipulated or operated with an application installed on a telecommunication device according to a prescribed protocol. The information can include a unique header, an encoding or a label. By retaining an conventional mobile messaging header (101) and composing the new mobile message (100b) according to an conventional mobile message protocol, the new mobile message is compatible with conventional messaging protocol, can be transmitted through present mobile telecommunication network and will not be dropped at any juncture during its journey. For instance, if the conventional mobile message header (101) is an SMS header, the new mobile message (100b) will be composed according to SMS format. Part or all of the information (111) and data (118) is later encoded and the encoding factor (117) constitutes the increase in the size of SMM text body. In short, the new mobile message (100b) rides on existing telecommunication network and messaging protocol. However, a telecommunication device adapted for its use manipulates the new mobile message (100b) according to a prescribed protocol for an application thereon.

The SMM message (100c) illustrated in Figure Ic applies the new mobile message (100b) as shown in Figure Ib. SMM message (100c) has a message body (112) that contains the plaintext (116) which can either be signed or encrypted or both signed and encrypted and additional information (111) to be interpreted according to the prescribed SMM protocol to enable the execution of the invention. The additional information (111) contains SMM identification label (113) and information packet (114) which describes the signed, encrypted or signed and encrypted plaintext or the digital signature (115), if it is present. The SMM Identification label (113) is used to uniquely identify SMM messages (100c) from other conventional mobile messages (100a) or even new mobile message types (100b) that are used for other applications or purposes. The information packet (114) is used among various functions, to identify various types of SMM messages that includes but not limited to public key message, encrypted only message, encrypted and signed message and signed only message. The SMM protocol is designed to cater for different functions provided by the SMM system; some of which are available in the SMM application disclosed herein as briefly mentioned in the foregoing overview. Certain SMM functions are available on all the telecommunication devices utilizing the SMM system while others are only available for certain group of devices such as mobile devices utilizing SMM system.

The SMM message (100c) is operated with a SMM application instead of conventional messaging applications such SMS, MMS or email application on the telecommunication device. More specifically, when the SMM message (100c) reaches the telecommunication device, it is firstly handled by default components thereon according to the type of conventional message header (101) in the SMM message, i.e. whether it is an SMS, MMS and email message header. The SMM message (100c) is subsequently transformed by a tapping, transforming and acting (TTA) engine into different types of SMM message, all of which will be handled by the SMM application, its specific engines or modules not according to any conventional messaging protocol.

The information packet (114) allows the TTA engine installed in the mobile device to recognize whether the SMM message is an encrypted only message, encrypted and signed message, signed only message, or other internal type of SMM messages. The presence of digital signature (115) depends on whether the plaintext (116) is signed. The plaintext (116) and digital signature (115), if present, are encrypted according to a chosen encryption option, and makes up part of the modified message body (112). In order to further ensure that the modified SMS, MMS or email message (100a) (which is now a SMM message (10Oc)) can travel through different telecommunication networks, the information packet (114), the digital signature (115) and the message (116), both of which may be encrypted are encoded and the encoding factor (117) constitutes the increase in the size of SMM message body (112).

According to the teaching of the invention disclosed herein, an application residing on a first device is developed for composing the message body (119) of the new mobile message (100b) according to a prescribed protocol for the operation of an application on a second remote device. The mobile message (100b) is composed according to a conventional mobile telecommunication messaging protocol such as the SMS, MMS or email protocol so that it can be transmitted to the remote device through existing mobile telecommunication network.

Generally, the application for composing the mobile message can be customized for different operating systems. The application would have a user interface means coupled to it for composing data (118) in the message body (119). The application would also compose the message body (119) containing the data (118) and the information (111) for describing the data. The information (111) is composed according to the protocol prescribed for the operation of the application on the remote device. The application would also complete the composition of the mobile message (100b) on the first device and send it to the remote device through an existing mobile telecommunication network by using a mobile messaging means on the first device. The application for composing new mobile message on the first device and the application for using the new mobile message on the second device can likewise be replicated on each other to make each of the first and second devices a complete messaging device.

When the application for composing the mobile message is customized for an operating system that is based on message type module (MTM) architecture, the application will have a new message type module configuration developed for its use. Examples of mobile telecommunication device operating with the MTM architecture such as those in Symbian Operating System (Symbian OS ®) are smartphones and personal digital assistants (PDA). An engine (which is the TTA engine) used with the application is also developed for receiving the new mobile messages.

The user interface means of the application customized for Symbian OS ® comprises a user interface message type module (UI MTM), a user interface data message type module (UI data MTM) and a client MTM. A representation of the UI

MTM in a typical application appears similarly to the SMM UI MTM representation shown in Figure 2c. The user interface means is coupled to a conventional mobile messaging server MTM to compose a new MTM configuration. In the case of a mobile telecommunication device that has other applications operating on it, the device has a user interface (UI) system for handling UI MTM and the UI data MTM of each of these applications. Similarly, both the UI MTM and the UI data MTM for the application that uses the new mobile message type are also coupled to the UI system and to each other. When a user accesses the application through the UI system of the mobile telecommunication device, the user uses the application through the UI MTM and UI data MTM provides the user interface (UI) elements that the user sees to the UI MTM. The user interface means with the XJI system jointly provides all the user interface of the application.

The mobile messaging means according to the Symbian OS ® comprises a conventional mobile messaging server MTM coupled to a message store which in turn is coupled to a message centre. When the application is adapted for use on an existing telecommunication device, the conventional server MTM, the message store and the message centre are default components on the device. The message centre handles all incoming and outgoing mobile messages. The conventional server MTM which can be an SMS server MTM, MMS server MTM or an email server MTM will capture the respective type of mobile messages and stores them in the respective message store. If the application for composing the mobile message is used on a new device dedicated for it and the device is operating with an operating system based on MTM architecture such as that in Symbian OS ®, the mobile messaging means thereon can be configured to operate with conventional types of mobile messages according to respective conventional mobile telecommunication protocol just as in the case of adapting the application for the existing telecommunication device.

An engine or similar applications for handling or even manipulating the mobile message taught according to the invention disclosed herein can also be customized for different operating systems. For a mobile telecommunication device operating with Symbian OS ® that is configured to receive the mobile message, the tapping, transforming and acting (TTA) engine can be used. A session server that waits for any incoming message that reaches a message store informs or invokes the TTA engine to tap into message store for the new mobile message. When the new mobile message is identified, the engine transforms it into different internal mobile message types and acts based on the internal mobile message type. The actions taken by the engine can be customized for different applications. If the internal mobile message type needs to be further processed by an application that uses it, for example the SMM application, the action that needs to be taken by the TTA engine is to store it into the message store. On hindsight, it was obvious that applications, such as the SMM application that uses the new mobile message, TTA engine or an application functioning in a similar manner for receiving the mobile message can be customized for other mobile OS such as Java 2 Platform Micro Edition (J2ME) and Windows CE. It is believed that most, if not all of the functions of the SMM application customized for Symbian OS ® can be replicated on other operating systems. There may be differences in the operation of the applications or engines customized for different platforms or operating systems because of the differences in the operating systems that they are based on. Nevertheless, since a protocol is prescribed for the mobile message when it is applied for any application or system or purpose, all the applications that handle the SMM messages, will interpret the mobile message according to the protocol and operate accordingly to arrive at the same end result, although the detailed operations of different applications can be different. Customizing an engine or an application for a different OS other than the Symbian OS ® for handling the new message type according to the protocol prescribed for the SMM application and the SMM system is anticipated as it allows any application, in this case the SMM application to be applicable across different platforms and makes the SMM system available to a wider user base.

Therefore, the use of the new mobile message and applications customized for Symbian OS that operate with the new message type is firstly not only limited for use in the SMM application, but also can be applied for other applications. The present disclosure exemplifies how they can be applied by using SMM application for the mobile messaging as an example. Secondly, the new mobile message taught according to the invention can be operated with any application or engine developed in a different manner and its utility is not necessarily limited to a single operating system, such as the Symbian OS ®.

The SMM application that applies the new MTM configuration and the TTA engine in combination with other modules is now disclosed as follows. Figure 2a shows a schematic overview of the SMM application for the SMM system on a mobile telecommunication device comprising the SMM control application (210) and various modules that function together with the SMM control application. The SMM application for the mobile telecommunication device as shown in Figure 2a is a SMM application that is customized for Symbian OS. The SMM application functions together with a mobile messaging means comprising the default message center (220), the conventional mobile messaging message type module (MTM) server (222) and default message store (214) on the conventional mobile telecommunication device. The SMM control application (210) controls the overall operation of the entire SMM application by controlling and coordinating different modules to function together. The new modules used in the SMM application are the SMM message type module (MTM) (212), which includes, the conventional mobile messaging server MTM (222), the TTA engine (213), a session server (214), a SMM cryptographic engine (215), an authentication system (217), a SMM settings module (216), a SMM contacts database (218), and a file manager (219).

In a typical execution of the SMM application on the mobile telecommunication device, SMM application is installed as one of the applications on the mobile telecommunication device. Preferably, the SMM application is installed according to a secure installation and licensing mechanism which are not covered in this disclosure. Subsequently, each time the user accesses the SMM application on the mobile device, the user needs to authenticate his/her identity by providing the password set during the installation of the SMM application and the authentication is handled by the authentication system (217). A user cannot use any of the SMM application if the password provided during access to the SMM application is incorrect. Different features and functions of the SMM application can be set or customized according to the user's preferences through SMM settings module (216).

On a lower level of the SMM application, the TTA engine (213) and the SMM MTM (212) play crucial roles respectively in ensuring that incoming SMM mobile messages can be operated with the SMM application and outgoing SMM mobile messages is compatible with the conventional mobile messaging protocols and existing networks. In addition to SMM MTM (212) and the TTA engine (213) that provides seamless integration of the SMM application the mobile telecommunication device, a SMM contact database (218) is provided for use with the SMM application and is preferably integrated seamlessly with native address book (228) to make it easy for the user to use the application.

Figure 2b illustrates the workflow of TTA engine (213) tapping all incoming mobile messages, which can be SMS, MMS, email, or SMM messages and filtering only the SMM messages. It must be noted that tapping and transforming of messages take place in the background without the need for user intervention. According to Figure 2a and 2b, any incoming mobile message firstly arrives (230) at the default message centre (220). Then the conventional mobile messaging MTM server (222) picks up (231) the incoming mobile message and passes or stores (232) it in the message store (224). The newly invented session server (214) invokes (233) the TTA engine (213) that has registered itself for such an event. The TTA engine (213) identifies the SMM message (234) by tapping for the SMM identification label (113) or detecting the presence of SMM identification label (113) in the information (111) carried in a SMM message (100c). Then, based on the information packet (114), the filtered or tapped message is then transformed (235) into a public key message, encrypted only message, encrypted and signed message, signed only message, or other internal types of SMM message. The TTA engine (213) will then determine whether the transformed SMM messages are valid SMM message types before taking further action on the SMM messages. The TTA engine (213) or other SMM modules such as the cryptographic engine (215) may act upon the transformed SMM messages later. For the current invention, the action carried out by TTA engine is only storing (236) valid transformed messages into the message store for further action, processing or operation by other SMM modules. On the other hand, if the SMM identification label (113) is not detected, then no action is taken and the incoming mobile message will remain as a conventional mobile message in the message store (224). The SMM control application working in conjunction with other modules will retrieve (237) the transformed SMM message from the message store (224) later and processed (238) the transformed message according to its SMM message type. The use of the tapping, transforming and acting (TTA) engine on a mobile telecommunication device acts as a bridge between SMM system and conventional mobile messaging system allows the SMM system to integrate well with the conventional mobile messaging system. The TTA Engine is a separate component that works with existing messaging application utilizing conventional messaging server MTM (222) and the newly invented session server (214) to receive SMM messages riding on available messaging protocol. It is to be noted that SMM messages that ride on available messaging protocol can be handled in other ways in telecommunication devices based on other operating system.

According to the embodiment of the invention executed on a MTM architecture based operating system such as Symbian OS, another aspect of the seamless integration of SMM application with the existing mobile telecommunication and conventional messaging protocols involves a SMM message type module (SMM UI MTM) (212) being integrated into the conventional mobile messaging MTM for composing on SMM mobile message (100c).

Figure 2c is a representation showing how the SMM MTM (212) integrates seamlessly with the conventional mobile messaging MTM (225). The SMM application has its own MTM (212) comprising a SMM UI MTM (212a), a SMM UI data MTM (212b) and SMM client MTM (212c) for operating on the SMM messages. However the SMM MTM (212) is only complete when it is integrated with a conventional mobile messaging server MTM (222) through the SMM client MTM (212c) to compose a new MTM configuration.

With reference to Figure 2a and 2c, the user interface (UI) system (226) works together with the SMM UI MTM (212a) and the SMM UI data MTM (212b) in the SMM MTM (212) to jointly provide the interface to interact with the entire SMM application and to access all the functions of the SMM application and all the SMM messages. Both the SMM UI MTM (212a) and the SMM UI data MTM (212b) are coupled to each other. The UI system (226) is coupled with both of SMM UI MTM (212a) and SMM UI data MTM (212b) for handling the SMM UI MTM (212a). When a user accesses the application through the UI system (226) of the mobile telecommunication device, the user uses the application through the SMM UI MTM (212a) and the SMM UI data MTM (212b) provides the user interface (UI) elements that the user sees to the SMM UI MTM (212a).

With reference to flowchart shown in Figure 2a and 2d, the SMM application utilizes the SMM UI MTM (212a) to compose (250) the content of a type of SMM mobile message (100c). The relevant SMM modules subsequently process (251) the composed content. The SMM application and the cryptographic engine jointly compose (252) the information packet while the SMM application also composes (253) the identification label and the SMM mobile message according to the conventional mobile messaging protocol to complete the composition of the SMM mobile message. The composed SMM message is moved (254) to the message store (214) from where the conventional server MTM (222) picks it up (255), forwards it (256) to the message centre (220) for it to be sent out (257) from there.

It needs to be pointed again that the TTA engine (213) and the new MTM (212) seamlessly integrated with conventional MTM are among the major parts of the SMM application that can be applied to develop applications for other purposes for mobile devices operating on a MTM based architecture. The specific details of a TTA engine and a seamlessly integrated MTM for a new application may be different from those used in the SMM application. However, the general structure of the respective components and actions carried out by these components are likely to be the same for different applications since the same approaches of tapping, transforming and acting on a message and seamlessly integrating new MTM with existing MTM are adopted in them. These applications can similarly receive and transform the new mobile messages for its use. Depending on the purposes of these applications, it can also be enabled to compose the new mobile message.

According to Figure 2a, the SMM application is also composed of the SMM cryptographic engine (215) which includes a key pair generation sub-module (215 a), an asymmetric cryptographic sub-module (215b), a symmetric key generation sub- module (215c), a_symmetric cryptographic sub-module (215d) and a hashing and signing sub-module (215c). The SMM cryptographic engine (215) with its sub- modules (215a, 215b, 215c, 215d, 215e) provides the core functions related to the secure and trusted mobile messaging which includes i) key pair generation, ii) encryption and decryption using password based symmetric approach, iii) encryption and decryption using keys in asymmetric approach and iv) signing and verification. Other embodiments of this invention are secure vault (280), data wipe (282), the STM (284), and anti-spam (286), which are described in detail in later part of this document.

The SMM application preferably provides the secure and trusted messages (SMM messages) using a hybrid cryptographic approach which is a combination of asymmetric key pair generation with their management and symmetric encryption/decryption of a message. The key pair comprising a public key, K_Pb and a private key, K_pv for an entity, which can be a mobile user, a server, or an application, is preferably generated using Elliptic Curve Cryptography (ECC) algorithm by the key pair generation sub-module (215a) as shown in Figure 2a. The public key, K_pb of different entities needs to be exchanged before communication can take place using SMM mobile messages. The exchange of public keys belonging to different entities can take place through various methods such as direct public key exchange between different entities, indirect public key exchange through an Enterprise Server (ES), or public key broadcasting by an ES.

Figure 2e shows the cryptographic settings in the crypto engine (256) that are stored in the SMM settings module (216) such as the chosen cryptographic mode (256el) which can be symmetric or asymmetric, the chosen level of security (256e2) which can be high, medium, or low for symmetric algorithm, and the chosen symmetric algorithm (256e3) for encryption can be AES or a 32-bit base novel proprietary algorithm. In the asymmetric mode, there is the option of encrypting, signing and encrypting, or signing a composed plaintext to be sent out. According to another preferred embodiment of the invention, public key of each entity is stored in a separate SMM contacts database (218), which is different from native contact database (228) as shown in Figures 2f to avoid interfering with the operation of the conventional messaging system. The native contacts database (228) for a conventional messaging application on a mobile device contains contacts' name stored in a name field (228a), phone number field (228b) and fields for other details (228c) corresponding to each contact's name. Other details (228c) for each contact may include home and office phone number, speed dial number, or email addresses. Meanwhile, SMM contacts database holds the entity's name and phone number (228b), public key (218a) and protection flag (218b) corresponding to each entity's name.

According to the preferred embodiment as shown in Figure 2e, both SMM contacts database and native database are preferably integrated by having intersection fields that are common to each database. The entity's name (228a) and phone number (228b) from native contact database are mapped to the SMM contact database by integrating the two different databases. In the integrated database, the entity's name and the contact's name are entered in the same name field (228a) and the entity's phone number and the contact's phone number are entered in the same phone number field (228b).

The entries in the integrated database can be categorized into (a) SMM contacts and having entry in the native contacts database, (b) SMM contacts with no entry in the native contacts database and (c) non SMM contacts but having entry in the native contact database i.e. existing contacts of the conventional messaging system. Whenever a user gets obtains a public key from any entity as it will be explained later, the key and its details are stored in SMM contact database. If the name of the entity existed in the default contacts database as a contact's name, the user can easily map the public key to that contact's name (category (a)). Otherwise, the user makes a new entry (category (b)) in the integrated database. The SMM contacts will be represented with their respective phone number if no name is entered. When the default and new databases are integrated, the SMM contacts database is more convenient to manage as the user sees only a list with contacts from the default contacts database and the SMM contact database. Firstly, integrated database allows all SMM contacts (category (a) and (b)) to be contacted by the conventional mobile messaging regardless of whether the SMM contacts were existing contacts entered earlier in the native contacts database (because by now both databases are integrated). The user can easily message an SMM contact (i.e. an entity) by either the conventional mobile messaging or SMM from the same screen or menu when the user is using the mobile device. Secondly, existing contacts (category (a)) can be easily corresponded through SMM also whenever they have signed up for SMM service and their devices are SMM enabled.

In the SMM contact database, the flag (218b) is used to differentiate the peer user from other type of users like server user, PDA user, computer user and etc. The name and flag field is only used for server users, as the actual number is same for server users, but internally different name and UID is mapped, which make one to multiple entries. When the flag is set, server user entries cannot be deleted by users.

In another embodiment of the invention, the spam flag (218c) is used to set phone numbers in the database as spam phone numbers among the list of contacts or new contacts so that the anti-spam application, which is discussed in the later part of the document, can drop the message or store the message in the spam folder for future reference.

In another embodiment of the invention, the SMM contacts database may not be integrated with the native contacts database. Although it is not so convenient for the user, mobile device usually has function that allows existing names and phone numbers to be copied to the SMM contacts database or vice versa for making new entries in either database.

Figure 3a illustrates the public key exchange among SMM enabled mobile entities. As an illustrative example, an entity A (30 IA) would like to send a SMM to another entity B (301B). After the both entities generated their respective key pairs independently, i.e., public and private keys (K_Pb_A and K_PVA) of entity A and public and private keys (K_PbB and K_PVB) of entity B as illustrated in process (302a) and (302b), the entities then exchange their public keys (303). In the case where the entities are users of mobile devices, they can exchange public keys directly among themselves or request for other mobile user's public key from an SMM-enabled server referred to as an enterprise server (ES) if the service is available. An entity's public key may be stored in a key repository that resides at the ES before others request it. Details of public key exchange between different entities are disclosed in another co-pending patent application PI20053739 filed by the applicant.

After a sender e.g., entity A (301A) obtains and stores the public key of an intended recipient, e.g., entity B (301B) in the SMM contact database (218) and vice versa, both entities can communicate using SMM messages which can be secured messages as shown in Figure 3b. SMM messages can also be trusted and secured, or trusted messages as disclosed in another co-pending application PI20054619 filed by the applicant. When a sender, e.g., Entity A (301A) wants to send a secure SMM message, xK_e(M) (300a) to a recipient, e.g., Entity B (301B), the plaintext, M is firstly composed (304) as shown in Figure 4a through the SMM MTM (212). The sender private keys K_pVA and recipient public key K_Pbβ are prepared by the asymmetric cryptographic sub-module (215b) and passed on to the symmetric key generation sub-module (215c). The encryption key, xK_e at selected encryption level, x is generated (305) by the symmetric key generation sub-module (215c). Next, the plaintext is symmetrically encrypted (306) by the symmetric cryptographic sub- module (215d) with the generated encryption key xECe. User can choose to encrypt the plaintext using either the Advanced Encryption Standard (AES) algorithm or the proprietary 32-bit base cryptographic algorithm. After the plaintext is encrypted, SMM message type encoding and encryption information are encapsulated in the SMM message. A complete SMM mobile message is formed as explained earlier by composing SMM identification label (113) and information packet (114) according to SMM protocol and conventional mobile message header (101) and attaching them to the encrypted plaintext. Then this composition is encoded according to conventional messaging protocol, which is sent out (308) to entity B and the encryption key, .rK_e is destroyed. In the case of secure vault, which is one of the inventions discussed here, the entity A and entity B will be referring to the same user and the above logic of cryptographic operations will also hold good.

Figure 3b further illustrates the decryption of the secure SMM message, xK_e(M) (300b) by entity B (301B) according to the embodiment of this invention. When entity B (301B) receives a mobile message (which may or may not be a SMM message) (310), the TTA engine is activated to identify the SMM mobile message by tapping for the SMM identification label (113) as shown in Figure Ic. After transforming tapped SMM message as , explained earlier and decoding the transformed SMM message, the encryption information encapsulated in the SMM message is read. Based on the information, the SMM cryptographic engine (215) prepares decryption key, xK^ (i.e., K_d=K_e) and decrypts the message. It prepares the private key, K_pVB and entity A's public key, K_Pb_A using the asymmetric cryptographic sub-module (215b) and passes them on to the symmetric key generation sub-module (215c). The decryption key, IQ is generated (312) by the symmetric key generation sub-module (215c). Level of encryption x to be used for generating xK_<i is extracted from the encryption information in received message. Next, the message is symmetrically decrypted (314) by the symmetric cryptographic sub-module (215d) with the generated decryption key xKd. The decryption algorithm used is either the Advanced Encryption Standard (AES) algorithm or the proprietary 32-bit base cryptographic algorithm depending on the information extracted from encryption information of the message. The decryption xK_d(xK_e(M)) reveals the plaintext M (314). Plaintext M is displayed to the user through the SMM MTM (212).

In addition to sending SMM messages securely, in a trusted manner or in both manners, SMM messages that are residing on any SMM enabled device also needs to be stored securely. Preferably, all incoming SMM messages are respectively decrypted or verified only at the moment the user is reading them. Encrypted or signed messages are not overwritten with their respective decrypted or verified copies but they are kept separately. Decrypted and verified copies of messages are deleted by the SMM application after the user reads them. All SMM messages together with SMM contact database, SMM settings, user password, SMM configuration files are considered as secure data used with the SMM application.

All the SMM messages, encrypted or unencrypted, signed or unsigned, to be sent, sent or received, are considered as part of the data used with the SMM application on a SMM enabled devices. According to another embodiment of the invention, all such data are preferably stored in a secure vault (280) as pointed out in Figure 2a and further as illustrated in Figure 4a. These data are unencrypted or unsigned composed outgoing SMM messages (i.e. plain data (256b)), incoming SMM messages (secured data (256c)) that are decrypted or verified, incoming messages SMM messages that needs to be verified or decrypted or outgoing messages SMM messages that are already signed or encrypted, public keys in the SMM contact database (218) and phone numbers of all of these SMM messages, all of which are most likely private and confidential in nature. Some of the data such as password (256d), enforced cryptographic settings (256e), result code (256f) and result status setting (256g) which are proprietary in nature are also stored in the secure vault.

Secure vault (280) can also be used to contain other encrypted data or information which do not belong or relate to the SMM application such as conventional SMS, MMS, email or data files of other applications on the mobile device which are usually proprietary, private, confidential or sensitive in nature such as personal particulars (e.g. citizen identification number, social security number, credit card number, PIN numbers of ATM or Credit card numbers), .schedules, appointments, itineraries, reminders, alarms, notes and other files which are encrypted when they are not in use. So in general secure vault (280) can store all type of resident data that needs to be secured through the cryptographic engine (215) provided that they are made available to the secure vault.

The secure vault (280) uses private and public keys for encrypting all of the resident data mentioned just before, so that without the private key, the resident data can not be decrypted. Basically, all data encrypted by the cryptographic engine (215) constitutes the secure vault. Encrypted SMM messages from respective senders received on the mobile device are decrypted by the cryptographic engine (215) and its related sub-modules (215a, 215b, 215c, 215d) using the symmetric decryption key generated from the respective sender's public key and the recipient's private key as explained earlier.

Meanwhile, other types of resident data mentioned earlier which are not encrypted SMM messages are also encrypted by the cryptographic engine (215) and its related sub-modules (215a, 215b, 215c, 215d) using a symmetric encryption key, which is generated from the entity's public key and private key. ^"When the encrypted resident data (which is now part of the secure vault) needs to be used by any of its related application, the cryptographic engine (215) decrypts it by using a generated symmetric decryption key (which is the same as the symmetric encryption key). The algorithms used for generating the entity's private and public key pairs, the encryption or decryption key and performing the encryption and decryption are also the same as explained earlier which respectively are ECC, AES or the 32-bit proprietary symmetrical cryptographic algorithm.

It is desirable that resident data that is considered private, confidential, sensitive or proprietary in nature is always stored in the secure vault (280) i.e. in an encrypted form on the mobile device when they are not used by any of the related application to provide resident data security. Furthermore encryption key, which are also the same as the decryption key since symmetric encryption is applied, is never stored on the mobile device. They are always generated as and when it is needed and destroyed after used.

According to Figure 3a also, it is also possible for other application (390) on the same mobile device to have the privilege of storing their respective resident data in the secure vault (282) by using the cryptographic engine (215) to encrypt these resident data. Every application (390) that needs to access the secure vault must use the private key which is only available for encryption or decryption after the legitimate user of the mobile device has authenticated himself. In the case of SMM application as explained earlier, private key is made available after user authentication that is required prior to the use of SMM application is successful i.e. user activates the SMM application before using the secure vault. In other embodiments of the secure vault to be further explained elsewhere, the standalone application (which now is not an SMM application) may have its own user authentication system. This user authentication system may be implemented in various manners such as by a password-based authentication which is known only by the unique or legitimate user. After user authentication, the resident data can be encrypted and stored in the non- volatile storage medium (229) on the mobile device or encrypted data can be retrieved from the non-volatile storage medium (229) and decrypted. Other applications or file explorers (392) that do not have the privilege to the secure vault will get only encrypted data when it directly accesses the nonvolatile storage medium. Thus unauthenticated users who do not have the privilege to use the standalone application or applications (390) will not be able to decrypt part of or the entire secured user data.

During implementation, one embodiment of the secure vault provides the cryptographic engine through the SMM application installed on the mobile device. As pointed earlier, an alternative embodiment of the secure vault can be associated with other standalone application such as personal planner application if SMM application is not present on the mobile device. It follows that the encrypted resident data will not have SMM messages, settings and configuration files but contain other private, confidential, sensitive or proprietary data such as the application's settings module. In another alternative embodiment, the standalone application may be file manager which manages all the files on the mobile device and can provide data security for these files belonging to other applications. The file manager will be capable of browsing through the content of the mobile device and selects the resident data to be encrypted. It is envisioned that the cryptographic engine (215) in the alternative embodiments may also be coupled to the file manager or other types of standalone application through a control application. In all embodiments of the secure vault disclosed herein, backing up, exporting and importing of the secure vault to and from another storage device and remotely wiping out the secure vault can also be provided. The detail of backing up, exporting, importing and remotely wiping out the secure vault or even other data that is not part of the secure vault is further explained henceforth.

Another embodiment of the invention also allows backup of SMM application's secure vault in a present SMM enabled device through the file manager (219) and restoring it on the present device some time later or on a second SMM enabled device. Backup and restoration enables a user existing public and private key pair, SMM based contacts, SMM messages, SMM settings and related SMM configuration and system files, to be reinstated on a second SMM enabled device for a user to continue using SMM with his current subscription in event of loss, theft or damage of first mobile device. If the SMM contacts database or secure vault on the first SMM enabled device is corrupted, they can also be restored with the backup from a backup device.

Figure 4b and 4c illustrates the workflow of a user of the SMM application backing up the secure vault (400) on a backup device (export) and restoring it on same or second SMM enabled device (import). This process is handled mainly by the file manager (219). The user has to enter a password (402) before the SMM application can proceed with the back up. Then, the user selects the contents to be backed up (404) such as the SMM contacts database, SMM contacts public keys or SMM messages. The user also has to select the medium of transfer (406) based on the mode of communication available on both the first SMM enabled device and the backup device. The medium of transfer can be Infra Red (IR) or Bluetooth or data cable in the case of when both SMM enabled device and the back up device are mobile devices. The medium of transfer is not limited to only IR or Bluetooth but can be other medium of transfer that is available on both devices. The backup device may be other devices such as a computer or a smart mobile devices or a PDA. The backup content is then transferred to the backup device (408) once the backup device is ready. The user needs to remember the password to restore the backup later. The password can be the same password entered at step (402) or a different password set at an instance before the backup content is transferred (408).

The user can restore the backup on the default mobile device, or on another SMM enabled device from the backup device. The file manager (219) in the SMM application handles the import of the backed up from the back up device. Figure 4c shows that the user needs to select the medium of transfer (412) to receive the transmission of the backup contents. The user then selects the backup file on the backup device in order to restore it (414) on a SMM enabled device. The user is prompted to enter the password (416) that protects the backup contents that was set during the backup process (400). If the entered password is the same as the password (418) embedded in the backup contents, the backup contents are restored (422) on the backup device. Otherwise, the contents will not be restored on the device and the user is notified of the incorrect password (420). Supposedly at some point of time later the secure vault in the first SMM enabled device is corrupted or their contents are accidentally deleted but overall the SMM application is still working. Then, the user can import the back up from the backup device and restores it on the first SMM device according to the backup (400) and restoration (410) processes outlined herein. In cases where the user uses a new SMM mobile device, he can resume using the SMM service along with secure vault with the new SMM application installed using the existing private and key pairs, SMM contacts database and SMM messages imported from the back up.

As explained earlier, backing up, exporting and importing of secure vault is also available when alternative embodiment of the secure vault not related the SMM application is applied. Such standalone application may be a file manager similar to the file manager (219) illustrated for the case of SMM application or a different standalone application that provide functionalities similar to the SMM application file manager (219). Therefore, the process for backing up, export and import of the secure vault in these alternative embodiments will be similar to the secure vault (280) used in the case of SMM application. In the case when the first SMM enabled mobile device is lost, the user can continue using the SMM service with his backup secure vault (280) on the second SMM enabled device as explained earlier. The user can also wipe away the contents on the lost device (i.e. the first SMM enabled device) by invoking data wipe function (282) indicated in Figure 2a which is another embodiment of this invention. The contents that will be wiped out is not limited to the secure vault (280) containing SMM application related data such as SMM messages (inbox, sent items, archive etc), SMM contacts database and SMM settings, but can also include native contacts details. In other words, all the contents in the SMM contacts database, native contacts database and secure vault will be wiped out to prevent privacy of the user being violated and the SMM application being compromised by anyone using any information available in the SMM contacts database and secure vault.

The user has to enable data wipe (500a) as illustrated in Figure 5 a before it can be invoked later as shown in Figure 5b and 5c. According to Figure 5a, the user sets the pass code (502) and has the option (504) to enable (508) or disable (506) the TTA engine for data wipe function before hand. The TTA engine also checks the pass code against certain preset rules to ensure that it is a valid pass code (503). If the pass code is deemed unsuitable to be used as a pass code the flow is ended and data wipe function is not enabled. Otherwise, a valid pass code is stored in the settings module (216) and data wipe function is enabled. In the event that the mobile device is lost or stolen, the user can send a mobile message (500b) as shown in Figure 5b that contained the instruction for wiping out resident data and the pass code (510) from any other mobile devices to the SMM mobile device. Preferably, this mobile message is composed according to the new mobile message composition as shown in Figure Ib which contained the default messaging header (101) and is composed according to a prescribed protocol for data wipe function. This mobile message can be an SMS composed with a header that will be identified by the TTA engine, the instruction for wiping out resident data and the pass code. When the data wipe function is applied in the SMM application, this mobile message contains SMM identification label (113) as the header. When the mobile message containing the pass code is received (511) by the lost SMM enabled device as shown in Figure 5 c, it will invoke the TTA engine (213) shown in Figure 2c because the TTA engine (213) taps into the default message store (242) whenever there is a new incoming message as explained earlier. In the case of SMM application, this mobile message will be identified as SMM message because of the presence of the SMM identification label (113). After transformation of the mobile message in the similar as other SMM messages as explained earlier and illustrated in Figure 2b, the TTA engine will recognize that the message is a data wipe message. Following this, the SMM application will check whether the data wipe function has been enabled (512). If the data wipe function has not been enabled in the TTA engine, the data wipe message will be ignored (514) and data wipe of the resident data will not be carried out. Otherwise, the SMM application proceeds to check whether the pass code in the data wipe message is correct (516). If it is incorrect, the data wipe function will not be carried out. If the pass code in the data wipe message matches the pass code set earlier (502), the SMM application will proceed to wipe off the native contacts, the SMM contacts, all SMM messages and the rest of the content in the secure vault. All the steps in the data wipe process (500c), from the incoming data wipe message onwards till the end is carried out silently without any visual, audio or any form of indication to any person possessing the lost device at that moment.

Alternative embodiments of data wipe function can be envisioned for at least two application scenarios besides it being used as part of the SMM application. In one of these alternative embodiments, the TTA engine and a settings module for storing the pass code can be provided on its own, apart from any application as a resident engine on the mobile device. Otherwise, the TTA engine and the setting modules can also be provided in conjunction with other application besides the SMM application. In another alternative embodiment, data wipe function need not be provided on a mobile device in conjunction with any embodiment of the secure vault disclosed herein. It can be provided on its own, such as a third party application for wiping out any resident data that is generated by other applications on a mobile device. A further embodiment on this invention allows the user to configure the SMM application (600a) on a SMM enabled mobile device to send out Silent Tracking Message (STM) or a device recovery message (600b) to another mobile device when the device is lost or stolen and somebody else utilizes it. As illustrated in Figure 6a, the user can key in the mobile phone number (602) that a STM will be sent to and has the option (604) to enable the feature (608) or disable this feature (606).

If the subscriber identity module (SIM) card in the SMM enabled mobile device is changed in any event such as theft of the SMM enabled mobile device, the TTA engine (213) is triggered and identify the different SIM card that is used (608) as illustrated in the Figure 6b. TTA ascertains that a different SIM card is used when the phone number on the new SIM card is different from a preset phone number stored in a setting module, such as the SMM settings module (SMM) when the STM is provided with the SMM application. The preset phone number will be the owner's phone number which can only be changed when the SMM application is invoked and the latter requires user authentication. The TTA engine goes on to detect International Mobile Subscriber Identity (IMSI) associated with the detected new phone number and optionally the International Mobile Equipment Identity (TMEI) if the STM mode is enabled (610).

STMs will be sent out from time to time over a predetermined period until it is disabled within the predetermined period or the predetermined period elapses. Just before any STM is sent, the TTA engine (213) will also compose the STM with information of the telecommunication network operator through which the silent tracking message will be sent. This mobile telecommunication network operator will be available to the TTA engine through conventional facilities on the mobile device which can also be found all other mobile phones. If the mobile device is also equipped with a current location facility utilizing the Global Positioning System (GPS), the mobile phone current location information (612) just before a STM is sent will also be included by the TTA engine in a STM. When the TTA engine has finished composing a STM, the TTA engine (213) will send the STM message silently using the mobile messaging means on the mobile device without leaving a copy of the STM in the outbox. If a copy of the STM is created in the outbox, it will be deleted without the knowledge of the person in possession of the phone at that moment.

Each of the STM contains the new mobile phone number, IMSI detected in step (608), mobile telecommunication network operator information and may optionally include the IMEI and the location information (614), if the current location information of the SMM enabled mobile device is available to the TTA engine. If the location information is not available, the STM will just have the new mobile phone number and the IMSI detected (616) and optionally the IMEI. STM in both cases (614, 616) are sent to at least one associate's mobile number set earlier (602) in a setting module, which in the case of SMM application is the SMM settings module (216). Based on the STM received on another telecommunication device at the associate's phone number, the owner of the lost or stolen SMM mobile device can initiate any recovery and investigation of the lost mobile device. The STM is not carried out upon detecting the change in SIM card if it was not activated earlier (620).

In an alternative embodiment, STM functionality further includes forwarding a copy of all mobile messages sent out by the person in possession of the lost or stolen mobile device to the same mobile device.

In another alternative embodiment, data wipe functionality can be provided in conjunction with STM functionality to delete the secure vault or other resident data that has been predetermined beforehand on. the mobile device when the predetermined period (61S) has elapsed. Provision can be made to configure the predetermined period through the settings module (216) if it is necessary.

It is envisioned that the TTA engine and the setting modules various embodiments of the STM functionality can. be provided independently of the SMM application, together with other application or as a third party application resident on the mobile device.

The SMM application can be extended to block spam mobile messages or unsolicited mobile messages according to the workflow in Figures 7a and 7b. This is useful in light of the possibility of unsolicited content sent to a user which can be annoying if the content is harmless or dangerous to the mobile device or resident data if it is otherwise. Although virus targeting mobile device spreading through mobile messages is unheard of at the time of invention, nevertheless this is a possible danger in light of the Cabir virus spreading through Bluetooth enabled mobile devices.

Mobile messages are conventionally composed according to the default messaging protocol has the default messaging header (101) which carries the sender's phone number in it. The user firstly enters the phone number of the mobile device that he wants to block into a blocked phone number list (702) maintained by the SMM application as illustrated in Figure 7a and 7b configured in the SMM contacts database (21S). He has the option (704) to enable (708) or disable (706) the anti- spam messages function by a spam flag (218c) associated with each contact. When an incoming message arrives in the message store (242), the TTA engine (213) will check on the default message header (101) for blocked phone number (712) as illustrated in Figure 7b. If the user enabled anti-spam messages (714) earlier, the phone number in the incoming message is compared with phone number in the blocked list (716) which is enabled with spam flag (218c). The incoming message will be deleted if the phone number in its messaging header matches any phone number entered into the blocked phone number list earlier (718). Otherwise the incoming message is subjected to further processing (720). If anti-spam is disabled no comparison of detected phone number with blocked phone number list is carried out and incoming message is subjected to any further processing (720) as outlined earlier. It is also envisioned part of the SMM application, specifically the TTA engine (213) and the cryptographic engine (215) can be implemented as a plug-in application, a standalone application or incorporated into and used with other applications as a means for providing security to resident data and mobile devices and means for anti mobile message spamming, all of which is apparent to a person ordinary skilled in the art. When the application is customized for a mobile device operating on a Symbian OS, the necessary UI and UI elements can be added to default mobile messaging UI MTM for implementing the TTA engine and the cryptographic engine as a plug-in application on existing mobile devices. The user can use an application's user interface extended with the mobile device and resident data security functionality to encrypt and decrypt the resident data (i.e. secure vault), activate data-wipe, activate STM and to enable anti mobile message spamming.

Other existing applications on the mobile device also can be configured to carry out any of the mobile device and resident data security measures. One of the conceivable way which is known to a person ordinary skilled in the art is to provide the mobile device and resident data security measure as a plug-in application to be accessible to other applications such as conventional messaging application, diary and planner on the mobile device and data for various application can always be stored in an encrypted form.

It is also practically possible and apparent to a person ordinary skilled in the art to provide each of the mobile device and resident data security measures as third party applications on mobile devices in combinations not covered in the detailed specifications which are not to be taken as limiting.

While the invention has been described in connection with the preferred embodiments, it is not intended to limit the scope of the invention to the particular form set forth, but on the contrary, it is intended to cover such alternatives, modifications, and equivalents as may be included within the spirit and scope of the invention as defined by the appended claims.

Claims

1. A system on a mobile device, comprising: a cryptographic engine, the cryptographic engine encrypts the resident data according to hybrid cryptographic approach; a coritrol application, the control application is coupled to the cryptographic engine; and a standalone application, the standalone application utilizes the crypto graphic engine through the control application for encryption and decryption of the resident data.

2. The system as claimed in claim 1 wherein the standalone application is a file manager for browsing contents on the mobile device for locating the resident data and selects both the resident data to be encrypted and encrypted resident data to be decrypted by the cryptographic engine.

3. The system as claimed in claim 1 wherein the cryptographic engine is coupled to a key pair generation sub-module for generating a pair of private key and public key belonging to an entity associated with the mobile device through the key pair generation sub-module on the mobile device.

4. The system as claimed in claim 3 wherein the private and public key pairs are generated according to Elliptic Curve Cryptography algorithm.

5. The system as claimed in claim 3 wherein the cryptographic engine is coupled to an asymmetric cryptographic sub-module, a symmetric key generation sub- module and a symmetric cryptographic sub-module, the cryptographic engine generates a symmetric encryption key using the entity's private key and public key through the asymmetric cryptographic sub-module and symmetric key generation module and uses the symmetric encryption key to encrypt the resident data through a symmetric cryptographic sub-module. 2006/000026

39

6. The system as claimed in claim 5 wherein the cryptographic engine generates a symmetric decryption key using the entity's private key and public key using the asymmetric cryptographic module and the symmetric key generation module and decrypts the encrypted resident data on the mobile device using the symmetric cryptographic sub-module.

7. The system as claimed in claims 5 and 6 wherein the symmetric encryption key and the symmetric decryption key is generated according to Elliptic Curve Cryptography algorithm.

8. The system as claimed in claims 5 and 6 wherein the selected resident data is encrypted and the selected encrypted resident data is decrypted according to Advanced Encryption Standard algorithm.

9. The system as claimed in claims 5 and 6 wherein the selected resident data is encrypted and the selected encrypted resident data is decrypted according to a proprietary 32-bit block based cryptographic algorithm.

10. The system as claimed in claim 3 further comprising an authentication system coupled to the cryptographic engine for handling the generated private key on the mobile device, the authentication system makes the private key available to the cryptographic engine after the authentication system has authenticated the entity's identity.

11. The system as claimed in claim 10 wherein the entity's identity is authenticated through a password.

12. The system as claimed in claim 10 further providing a function for backing up selected encrypted resident data and exporting the backed up encrypted resident data to another storage device. MY2006/000026

40

13. The system as claimed in claim 10 further providing a function for importing backed up encrypted resident data from another storage device and restoring the backed up encrypted resident data.

14. The system as claimed in claim 12 wherein the backed up encrypted resident data is protected with a password through the authentication system.

15. The system as claimed in claim. 14 wherein the password for the backed up encrypted resident data is the same as a password used in the entity's identity authentication.

16. The system as claimed in claim 1 further comprising a settings module, the settings module is coupled to the cryptographic engine to further provide a function for remotely wiping out resident data on the mobile device.

17. The system as claimed in claim 16 wherein the settings module contains a unique pass code and the engine is detecting for an instruction for wiping out resident data and the unique pass code in incoming mobile messages arriving on the mobile device and wiping out the resident data upon detection of both the instruction for wiping out and the unique pass code and verifying the detected unique pass code against the copy in the settings module.

18. The system as claimed in claim 17 wherein the mobile message contains a header, the instruction for wiping out resident data and the unique pass code and the engine detecting for the presence of the header in any of the incoming mobile messages and transforming the mobile message carrying the header into an internal message type before detecting for the instruction for wiping out and the unique pass code in the transformed mobile message.

19. The system as claimed in claim 16 wherein the resident data comprising the settings module, the configuration files of the standalone application utilizing the cryptographic engine and mobile messages on the mobile device.

20. The system as claimed in claim 16 wherein the function for remotely wiping out the resident data can be optionally disabled through the settings module.

5

21. A system on the mobile device, comprising: a settings module, the settings module containing a unique pass code; and an engine, the engine detecting any incoming mobile messages for an instruction for wiping out resident data and the unique pass code in incoming mobile 10 messages arriving on the mobile device and wiping out resident data on the mobile device upon detection of both the instruction for wiping out resident data and the unique pass code and verifying the detected unique pass code against the copy in the settings module.

15 22. The system as claimed in claim 21 wherein the mobile message contains a header and the engine detecting for the presence of the header in any of the incoming mobile messages and transforming the mobile message carrying the header into an internal message type before detecting for the instruction for wiping out resident data and the unique pass code in the transformed mobile

20 message and verifying the detected unique pass code.

23. The system as claimed in claim 22 wherein the mobile message is an SMS message composed with the header, the instruction for wiping out resident and the unique pass code.

25

24. The system as claimed in claim 21 wherein the resident data comprising the settings module, configuration files of other applications and mobile messages on the mobile device.

30 25. The system as claimed in claim 21 wherein the function for wiping out the resident data can be optionally disabled through the settings module.

26. A system on a mobile device, comprising: an engine, the engine detects a phone number associated with a subscriber's identity module card used with the mobile device; a settings module, the settings module containing a preset phone number and at least one associate's phone number; and a mobile messaging means wherein the engine composing a silent tracking message and sending the silent tracking message to another mobile device at the associate's phone number using the mobile messaging means when the detected phone number is different from the preset phone number.

27. The system as claimed in claim 26 wherein the silent tracking message is a Secure Mobile Message (SMM) message.

28. The system as claimed in claim 26 wherein the engine deletes a copy of the sent silent tracking message from the outbox of the mobile device.

29. The system as claimed in claim 26 wherein the silent tracking message includes the detected new phone number, International Mobile Subscriber Identity (IMSI) associated with the detected new phone number, information of mobile operator through which the silent tracking message was sent and the International Mobile Equipment Identity (IMEI).

30. The system as claimed in claims 26 and 29 further comprising a means for obtaining a present location information on the mobile device through the Global Positioning System (GPS), the silent tracking message further including the obtained current location information at the time of composing.

31. The system as claimed in claim 26 wherein, until the engine is disabled, the engine sends the silent tracking message from time to time.

32. The system as claimed in claim 26 wherein the engine further includes a function for remotely wiping out resident data after sending out silent tracking message for a predetermined period.

5 33. The system as claimed in claim 32 wherein the settings module contains a unique pass code and the engine detects detecting any incoming mobile messages for an instruction for wiping out the resident data and the unique pass code in any incoming mobile messages arriving on the mobile device and wiping out the resident data on the mobile device upon detection of both the instruction 10 for wiping out resident data and the unique pass code and verifying the detected unique pass code against the copy in the settings module.

34. The system as claimed in claim 33 wherein the mobile message contains a header and the engine detecting for the presence of the header in any of the 15 incoming mobile messages and transforming the mobile message carrying the header into an internal message type before detecting for the instruction for wiping out resident data and the unique pass code in the transformed mobile message and verifying the detected unique pass code.

20 35. The system as claimed in claim 34 wherein the mobile message is an SMS message composed with the header, the instruction for wiping out resident and the unique pass code.

36. The system as claimed in claim 26 wherein the engine further includes a function 25 for wiping out resident data when the function for sending out the silent tracking message is not disabled within a predetermined period.

37. The system as claimed in claims 35 and 36 wherein the resident data comprising the settings module, configuration files of other applications and mobile

30 messages on the mobile device.

38. A system on a mobile device, comprising: a contacts database, the contact database containing at least one blocked phone number; and an engine, the engine detecting any mobile message arriving on the device, reading the sender's phone number contained in the newly arrived mobile message and deleting any newly arrived mobile message when the sender's phone number read by the engine matches any of the blocked phone number.

39. The system for anti mobile message spamming as claimed in claim 38 wherein the system can be optionally disabled.