Coerced encryption on connected devices

US 10,104,044 B2
Filed: 05/08/2017
Issued: 10/16/2018
Est. Priority Date: 08/01/2013
Status: Active Grant

First Claim

Patent Images

1. A method performed by a computing system comprising one or more processors and memory, the method comprising:

synchronizing, over a network, one or more content items stored on a storage device of a personal computing device with one or more corresponding content items hosted by an online content management server;

subsequent to the synchronizing, receiving, at the online content management server, over a network from the personal computing device, an indication that disk encryption is currently disabled on the storage device; and

based, at least in part, on receiving the indication, performing both;

(a) withholding new synchronization data from the personal computing device for synchronizing the one or more content items stored on the storage device of the personal computing device with the corresponding one or more content items hosted by the online content management server, and (b) sending, from the online content management server, an instruction to the personal computing device to remove, from the storage device, the one or more content items stored on the storage device of the personal computing device.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques for coercing users to encrypt synchronized content stored at their personal computing devices. In some aspects, one or more computing devices receive, from a personal computing device, an indication of whether data stored in at least a portion of a storage device of the personal computing device is protected by disk encryption. In response to determining, based on the indication, that the portion of the storage device is not protected by encryption, synchronization data for synchronizing a copy of one or more synchronized content items stored in the portion of the storage device with another copy of the synchronized content items stored at one or more server computing devices is withheld from the personal computing device until disk encryption on the personal computing device is enabled so as to coerce the user to enable disk encryption on the personal computing device.

22 Citations

19 Claims

1. A method performed by a computing system comprising one or more processors and memory, the method comprising:
- synchronizing, over a network, one or more content items stored on a storage device of a personal computing device with one or more corresponding content items hosted by an online content management server;
  
  subsequent to the synchronizing, receiving, at the online content management server, over a network from the personal computing device, an indication that disk encryption is currently disabled on the storage device; and
  
  based, at least in part, on receiving the indication, performing both;
  
  (a) withholding new synchronization data from the personal computing device for synchronizing the one or more content items stored on the storage device of the personal computing device with the corresponding one or more content items hosted by the online content management server, and (b) sending, from the online content management server, an instruction to the personal computing device to remove, from the storage device, the one or more content items stored on the storage device of the personal computing device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, further comprising:
    - based at least in part on a disk encryption policy associated with the personal computing device, determining that the one or more content items being stored on the storage device while disk encryption is disabled violates the disk encryption policy;
      
      wherein the sending the instruction to the personal computing device to remove the one or more content items from the storage device is based at least in part on the determining that the one or more content items being stored on the storage device while disk encryption is disabled violates the disk encryption policy.
  - 3. The method of claim 1, wherein the one or more content items stored on the storage device of the personal computing device correspond to one or more corresponding content items hosted by an online content management server.
  - 4. The method of claim 1, wherein the instruction to the personal computing device identifies the one or more content items stored on the storage device to be removed from the storage device.
  - 5. The method of claim 1, further comprising:
    - receiving a registration request from the personal computing device, the registration request to register the personal computing device with an online content management server for synchronizing the one or more content items with one or more corresponding content items hosted by an online content management server; and
      
      wherein the sending the instruction to the personal computing device to remove the one or more content items stored on the storage device from the personal computing device is based at least in part on the receiving the registration request.
  - 6. The method of claim 1, further comprising:
    - receiving a synchronization request from the personal computing device, the synchronization request to synchronize the one or more content items with one or more corresponding content items hosted by an online content management server; and
      
      wherein the sending the instruction to the personal computing device to remove the one or more content items stored on the storage device from the personal computing device is based at least in part on the receiving the synchronization request.
  - 7. The method of claim 1, further comprising:
    - prior to the receiving the indication from the personal computing device, receiving configuration data for configuring a disk encryption policy associated with the personal computing device, the configuration data indicating that disk encryption of the storage device must be enabled in order to receive synchronization data for synchronizing content items stored on the storage device with corresponding content items hosted by an online content management server.
  - 8. The method of claim 1, further comprising:
    - providing a user interface that allows an administrator to configure a disk encryption policy applicable to the personal computing device.
  - 9. The method of claim 8, wherein the user interface allows the administrator to apply the disk encryption policy to the personal computing device, to a user of the personal computing device, or to a group of users of which the user of the personal computing device is a member.

10. A method performed by a computing system comprising one or more processors and memory, the method comprising:
- synchronizing one or more content items stored in a portion of a storage device of a personal computing device with corresponding one or more content items hosted by an online content management server by at least sending synchronization data from the online content management server to the personal computing device;
  
  subsequent to the synchronizing, determining, at the online content management server, that disk encryption is disabled on the storage device of the personal computing device, the storage device storing the one or more content items;
  
  based at least in part on the determining that disk encryption is disabled on the storage device of the personal computing device, performing both;
  
  (a) withholding new synchronization data from the personal computing device for synchronizing the one or more content items stored in the portion of the storage device of the personal computing device with corresponding one or more content items hosted by the online content management server, and (b) sending, from the content management server, an instruction to the personal computing device to enable disk encryption for at least a portion of the storage device storing the one or more content items, the sending the instruction causing the personal computing device to automatically enable disk encryption for at least the portion of the storage device storing the one or more content items.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 11. The method of claim 10, further comprising:
    - prior to the determining that disk encryption is disabled on the storage device of the personal computing device, receiving, at the content management server, over a network from the personal computing device, information about disk encryption at the storage device that indicates that the disk encryption is disabled on the storage device of the personal computing device.
  - 12. The method of claim 10 further comprising:
    - based at least in part on a disk encryption policy associated with the personal computing device, determining that the one or more content items being stored on the storage device while disk encryption is disabled violates the disk encryption policy;
      
      wherein sending the instruction to the personal computing device to enable disk encryption for at least the portion of the storage device storing the one or more content items is based at least in part on the determining that the one or more content items being stored on the storage device while disk encryption is disabled violates the disk encryption policy.
  - 13. The method of claim 10, wherein the one or more content items stored on the storage device of the personal computing device correspond one or more corresponding content items hosted by an online content management server.
  - 14. The method of claim 10, wherein at least one content item of the one or more content items on the storage device is file encrypted.
  - 15. The method of claim 10, further comprising:
    - invoking an Application Programming Interface (API) at the personal computing device to enable disk encryption for at least the portion of the storage device storing the one or more content items based at least in part the sending the instruction to the personal computing device to enable disk encryption for at least the portion of the storage device storing the one or more content items.
  - 16. The method of claim 10, further comprising:
    - providing a user interface at the personal computing device, the user interface comprising a link, which when activated by user input, enables disk encryption for at least the portion of the storage device storing the one or more content items; and
      
      wherein the providing the user interface at the personal computing device is based at least in part on the sending the instruction to the personal computing device to enable disk encryption for at least the portion of the storage device storing the one or more content items.
  - 17. The method of claim 10, further comprising:
    - prior to the determining that disk encryption is disabled on the storage device of the personal computing device, receiving configuration data for configuring a disk encryption policy associated with the personal computing device, the configuration data indicating that disk encryption of the storage device must be enabled in order to receive synchronization data for synchronizing content items stored on the storage device with corresponding content items hosted by an online content management server.
  - 18. The method of claim 10, further comprising providing a user interface that allows an administrator to configure a disk encryption policy applicable to the personal computing device.
  - 19. The method of claim 18, wherein the user interface allows the administrator to apply the configured disk encryption policy to the personal computing device, to a user of the personal computing device, or to a group of users of which the user of the personal computing device is a member.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Dropbox, Inc.
Original Assignee
Dropbox, Inc.
Inventors
Byrne, Sean
Primary Examiner(s)
Jeudy, Josnel

Application Number

US15/589,790
Publication Number

US 20170244675A1
Time in Patent Office

526 Days
Field of Search
US Class Current
CPC Class Codes

G06F 12/1408   by using cryptography for d...

G06F 21/60   Protecting data

G06F 21/78   to assure secure storage of...

G06F 21/88   Detecting or preventing the...

G06F 2212/1052   Security improvement

H04L 63/0272   Virtual private networks

H04L 63/0281   Proxies

H04L 63/0457   wherein the sending and rec...

H04L 63/0853   using an additional device,...

H04L 67/1095   Replication or mirroring of...

Coerced encryption on connected devices

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

22 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Coerced encryption on connected devices

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

22 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links