Le 19 août 2010, a été rendu public un brevet d'APPLE : US 2010207721 qui laisse assez perplexe.
Il s'agirait d'un procédé (logiciel) qui identifierait un utilisateur non autorisé ou une utilisation non autorisée d'un appareil électronique. Quand cette identification se réalisera, l'appareil électronique
Pour identifier que l'utilisateur de l'appareil n'est pas le vrai propriétaire, l'appareil pourra mesurer le rythme cardiaque et le comparer à celui du propriétaire, étudier la voix de l'utilisateur et le comparer à celle du propriétaire, ou encore étudier le comportement de l'utilisateur (nombre de mot de passe tapé).
Si l'appareil comprend que l'utilisateur n'est pas le vrai propriétaire, il prendra des photographies qui seront géolocalisées et transmettra celles-ci à un serveur distant. Et ceci très discrètement!
Il sera aussi possible de bloquer l'appareil, de l'éteindre à distance, d'effacer des données sensibles (carnet d'adresses par exemple).
Ce logiciel sera vraisemblablement embarqué dans nos IPOD TOUCH, IPHONE et IPAD. Il pourra éventuellement permettre de repérer la personne qui aurait volé votre portable préféré mais aussi d'établir qui (photo à l'appui) jailbreak, pirate les produits APPLE. Pire, on peut même imaginer qu'APPLE ou un tiers récupère des données qu'on peut juger confidentielles à notre insu!!!
Combien de temps ces données peuvent être conservées?
Comment ce logiciel sera utilisé? Uniquement pour identifier et repérer des voleurs?
N'existe t'il pas un risque de dérive et de mauvaises utilisations?
Que va dire la CNIL?
Le brevet en question est un brevet uniquement américain US 2010207721 et voici quelques unes de ses revendications:
1 . A method for identifying an unauthorized user of an electronic device, the method comprising: determining that a current user of the electronic device is an unauthorized user; gathering information related to the unauthorized user's operation of the electronic device in response to determining, wherein the unauthorized user's operation comprises operations not related to the authentication; and transmitting an alert notification to a responsible party in response to gathering.
2 . The method of claim 1, wherein determining further comprises: determining the identity of the current user; comparing the determined identity to the identity of one or more authorized users of the electronic device; and detecting that the determined identity does not match the identity of at least one of the one or more authorized users.
3 . The method of claim 1, wherein determining further comprises: identifying a particular activity performed by the current user that indicates suspicious behavior.
4 . The method of claim 3, wherein the particular activity comprises one or more of hacking the electronic device, jailbreaking the electronic device, unlocking the electronic device, removing a SIM card from the electronic device, and moving at least a predetermined distance away from a synced device.
5 . The method of claim 1, wherein gathering further comprises gathering one or more of screenshots, keylogs, communications packets served to the electronic device, and information related to a host device coupled to the electronic device.
6 . The method of claim 1, wherein the alert notification comprises a general message indicating that an unauthorized user has been detected.
11 . An electronic device operable to detect an unauthorized user of an electronic device, the electronic device comprising: a processor operable to: receive an input from a current user of the electronic device; determine the input is not associated with an authorized user of the electronic device; and record usage information of the electronic device in response to determining; and communications circuitry operable to transmit the usage information to a remote device.
12 . The electronic device of claim 11, further comprising: a microphone operable to record the voice of the current user; and wherein the processor is further operable to: compare the recorded voice with voice prints of authorized user of the electronic device; and determine that the recorded voice does not match the voice print of any authorized user of the electronic device.
13 . The electronic device of claim 11, further comprising: a heartbeat sensor operable to detect the heartbeat of the current user; and wherein the processor is further operable to: compare the detected heartbeat with heart signatures of each authorized user of the electronic device; and determine that detected the heartbeat does not match the heart signature of any authorized user of the electronic device.
14 . The electronic device of claim 11, further comprising: an input device operable to receive an authenticating input for authenticating a user of the electronic device; and wherein the processor is further operable to: determine that a predetermined number of successive incorrect authenticating inputs have been received.
15 . The electronic device of claim 11, further comprising: a camera operable to take a photograph of the vicinity of the electronic device; and positioning circuitry operable to determine current location information of the electronic device; and wherein the processor is further operable to: geotag the photograph by associating the photograph with the current location information.
18 . The system of claim 17, wherein: the camera is operable to take a plurality of photographs of the surroundings of the electronic device; and wherein the processor is further operable to: analyze each of the plurality of photographs to identify distinguishing landmarks in the photographs; and determine the location of each photograph based on the identified distinguishing landmarks.