Secure data synchronization

US 10,121,018 B2
Filed: 07/14/2016
Issued: 11/06/2018
Est. Priority Date: 09/12/2011
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

determining that enterprise data is stored locally on a first device, the first device corresponding to an enterprise device based on an association with at least one enterprise policy or permission;

receiving a request to propagate the enterprise data from the first device to a second device;

determining whether the second device is an enterprise device or a non-enterprise device;

based at least on a determination that the second device is a non-enterprise device based on a lack of the association with at least one enterprise policy or permission, determining whether a propagation permission associated with the first device indicates that the first device is permitted to propagate the enterprise data to non-enterprise devices; and

based at least on a determination that the first device lacks permission to propagate the enterprise data to a non-enterprise device, preventing the enterprise data from being propagated from the first device to the second device.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques for secure data synchronization are described. In one or more implementations, a determination is made as to whether enterprise data is stored locally on a first device corresponding to an enterprise device. Based on a determination that the second device is a non-enterprise device, a determination is made as to whether a permission associated with the first device indicates that the first device is permitted to propagate the enterprise data to non-enterprise devices. If the first device lacks permission to propagate the enterprise data to non-enterprise devices, the enterprise data is prevented from being propagated to the second device.

Citations

21 Claims

1. A method comprising:
- determining that enterprise data is stored locally on a first device, the first device corresponding to an enterprise device based on an association with at least one enterprise policy or permission;
  
  receiving a request to propagate the enterprise data from the first device to a second device;
  
  determining whether the second device is an enterprise device or a non-enterprise device;
  
  based at least on a determination that the second device is a non-enterprise device based on a lack of the association with at least one enterprise policy or permission, determining whether a propagation permission associated with the first device indicates that the first device is permitted to propagate the enterprise data to non-enterprise devices; and
  
  based at least on a determination that the first device lacks permission to propagate the enterprise data to a non-enterprise device, preventing the enterprise data from being propagated from the first device to the second device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method as recited in claim 1, further comprising identifying the enterprise data based on at least one of a device type of the first device, a type of application that generates the enterprise data, or a nature of the enterprise data itself.
  - 3. The method as recited in claim 1, wherein the propagation permission associated with the first device includes a data synchronization policy that indicates that the enterprise data is not to be propagated to a non-enterprise device.
  - 4. The method as recited in claim 1, wherein the propagation permission associated with the first device permits the enterprise data to be propagated to a particular non-enterprise device, wherein the first device has previously propagated other enterprise data to the particular non-enterprise device.
  - 5. The method as recited in claim 1, wherein the permission associated with the first device permits the enterprise data to be propagated to a particular non-enterprise device, wherein the enterprise data includes a first type of data that is a same type as a second type of data that was previously transmitted from the first device to the particular non-enterprise device.
  - 6. The method as recited in claim 1, wherein the enterprise data includes one or more of business data or work-related data.
  - 7. The method as recited in claim 1, wherein the determination that the first device lacks permission to propagate the enterprise data to non-enterprise devices includes a determination that an additional permission associated with the enterprise data indicates that the enterprise data is not permitted to be propagated to non-enterprise devices.
  - 8. The method as recited in claim 1, wherein propagation of the enterprise data is controlled based on a type of the enterprise data.
  - 9. The method as recited in claim 1, wherein the propagation permission specifies a type of storage to which the enterprise data may be propagated.

10. A system comprising:
- one or more processors; and
  
  one or more computer-readable hardware storage media storing computer-executable instructions which are executable by the one or more processors to cause the system to perform operations including;
  
  identifying an association of a first device with at least one enterprise policy or permission;
  
  determining that enterprise data is stored locally on the first device, the first device corresponding to an enterprise device based on the association with at least one enterprise policy or permission;
  
  receiving a request to propagate the enterprise data from the first device to a second device;
  
  determining whether the second device is an enterprise device or a non-enterprise device;
  
  based at least on a determination that the second device is a non-enterprise device made by identifying a lack of an association of the second device with at least one enterprise policy or permission, determining whether the enterprise data is permitted to be propagated to non-enterprise devices based on a propagation permission associated with one of the first device or the enterprise data; and
  
  based at least on the propagation permission indicating that the enterprise data is not to be propagated to a non-enterprise device, preventing the enterprise data from being propagated from the first device to the second device.
- View Dependent Claims (11, 12, 13, 14, 15)
- - 11. The system as recited in claim 10, wherein:
    - the propagation permission is associated with the first device; and
      
      the propagation permission specifies that a particular type of data was previously transmitted from the non-enterprise device to the first device, wherein additional data of a same type as the particular type of data is permitted to be propagated from the first device to the non-enterprise device.
  - 12. The system as recited in claim 10, wherein the operations further comprise identifying the enterprise data based on at least one of a device type of the first device, a type of application that generates the enterprise data, or a nature of the enterprise data itself.
  - 13. The system as recited in claim 10, wherein the propagation permission specifies a type of storage to which the enterprise data is permitted to be propagated.
  - 14. The system as recited in claim 10, wherein the propagation permission includes a data synchronization policy that indicates that the enterprise data is not to be propagated to the non-enterprise device.
  - 15. The system as recited in claim 10, wherein propagation of the enterprise data is controlled based on a type of the enterprise data, the type including at least one sensitive personal data or sensitive work-related data.

16. A method comprising:
- determining that enterprise data is stored locally on a device having an association with at least one enterprise policy or permission;
  
  ascertaining whether the enterprise data is permitted to be propagated to a different device based at least in part on whether the different device is an enterprise device or a non-enterprise device; and
  
  in an event that the different device is a non-enterprise device according to a lack of an association of the different device with at least one enterprise policy or permission, preventing the enterprise data from being propagated to the non-enterprise device unless a propagation permission associated with the device indicates that the enterprise data is permitted to be propagated to the non-enterprise device.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The method as recited in claim 16, further comprising identifying the enterprise data based on at least one of a device type of the device, a type of application that generates the enterprise data, or a nature of the enterprise data itself.
  - 18. The method as recited in claim 16, wherein the propagation permission associated with the device includes a data synchronization policy that indicates that the enterprise data is not to be propagated to a non-enterprise device.
  - 19. The method as recited in claim 16, wherein the propagation permission associated with the enterprise device indicates that the enterprise data is permitted to be propagated to the non-enterprise device based on an indication that the device has previously propagated other enterprise data to the non-enterprise device.
  - 20. The method as recited in claim 16, wherein the propagation permission associated with the enterprise device indicates that the enterprise data is permitted to be propagated to the non-enterprise device based at least on the enterprise data including a first type of data that is a same type as a second type of data that was previously transmitted from the device to the non-enterprise device.

21. A method comprising:
- determining that enterprise data is stored on an enterprise portion of a device, the enterprise portion of the device having an association with at least one enterprise policy or permission;
  
  receiving a request to propagate the enterprise data from the enterprise portion of the device to a non-enterprise portion of the device, the non-enterprise portion of the device lacking the association with at least one enterprise policy or permission;
  
  determining whether a propagation permission associated with the enterprise portion of the device indicates that the enterprise portion of the device is permitted to propagate the enterprise data to the non-enterprise portion of the device; and
  
  based at least on a determination that the enterprise portion of the device lacks permission to propagate the enterprise data to the non-enterprise portion of the device, preventing the enterprise data from being propagated from the enterprise portion of the device to the non-enterprise portion of the device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Inventors
Tamayo-Rios, Matthew Z., Sinha, Saurav, Ovechkin, Ruslan, Kannan, Gopinathan, Bharadwaj, Vijay G., Macaulay, Christopher R., Fleischman, Eric, Ide, Nathan J., Liu, Kun
Primary Examiner(s)
King, John B

Application Number

US15/210,112
Publication Number

US 20160321464A1
Time in Patent Office

845 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/44   Program or device authentic...

G06F 21/6218   to a system of files or obj...

G06F 21/6245   Protecting personal data, e...

G06F 21/6272   by registering files or doc...

G06F 2221/2107   File encryption

H04L 63/0428   wherein the data content is...

H04L 63/062   for key distribution, e.g. ...

H04L 67/1095   Replication or mirroring of...

H04L 67/1097   for distributed storage of ...

Secure data synchronization

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Secure data synchronization

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links