Expedited device backup, wipe, and enrollment

US 10,152,383 B2
Filed: 12/17/2014
Issued: 12/11/2018
Est. Priority Date: 12/17/2014
Status: Active Grant

First Claim

Patent Images

1. A non-transitory computer-readable medium embodying a program for performing a criteria-based backup and wipe of enterprise data stored on a client device enrolled with a remote management service, the program, when executed by the client device, being configured to cause the client device to at least:

send a request to a computing device over a network to enroll the client device with the remote management service, wherein the remote management service is executable on the computing device and configured to;

oversee operation of the client device remotely;

maintain a device state of the client device; and

determine that the device state of the client device is not in conformance with at least one compliance rule;

maintain enterprise data and personal data in memory on the client device;

in response to a determination that the device state of the client device is not in conformance with the at least one compliance rule, receive a communication from the remote management service of the computing device that comprises predefined criteria that causes the client device to perform a backup of the enterprise data associated with the predefined criteria and to perform a wipe of the enterprise data associated with the predefined criteria from the client device, wherein the communication is generated by the remote management service in response to;

an enrollment of another client device with the remote management service;

ora number of a plurality of client devices permitted by the remote management service exceeding a predefined threshold, the client device being one of the plurality of client devices;

in response to a determination that the device state of the client device is not in conformance with the at least one compliance rule, place the client device in a locked state during the backup of the enterprise data by disabling at least one hardware function or at least one software function on the client device during the backup;

perform the backup of the enterprise data by communicating the enterprise data maintained in the memory to the remote management service over a network; and

perform the wipe of the enterprise data by removing the enterprise data associated with the predefined criteria specified in the communication from the client device, wherein the personal data not associated with the predefined criteria is retained in the memory of the client device after the wipe.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Remotely causing a backup and a wipe of data from a device enrolled with a management service is described. A client device may receive a communication generated from a remote computing device that causes performance of a backup of data associated with predefined criteria and performance of a wipe of the data associated with the predefined criteria. The device may perform the backup of the data by communicating the data to the remote computing device over a network. Further, the device may perform the wipe of the data by removing the data associated with the predefined criteria in response to a confirmation that the data has been received by the remote computing device. Data not associated with the predefined criteria may be retained on the client device.

Citations

23 Claims

1. A non-transitory computer-readable medium embodying a program for performing a criteria-based backup and wipe of enterprise data stored on a client device enrolled with a remote management service, the program, when executed by the client device, being configured to cause the client device to at least:
- send a request to a computing device over a network to enroll the client device with the remote management service, wherein the remote management service is executable on the computing device and configured to;
  
  oversee operation of the client device remotely;
  
  maintain a device state of the client device; and
  
  determine that the device state of the client device is not in conformance with at least one compliance rule;
  
  maintain enterprise data and personal data in memory on the client device;
  
  in response to a determination that the device state of the client device is not in conformance with the at least one compliance rule, receive a communication from the remote management service of the computing device that comprises predefined criteria that causes the client device to perform a backup of the enterprise data associated with the predefined criteria and to perform a wipe of the enterprise data associated with the predefined criteria from the client device, wherein the communication is generated by the remote management service in response to;
  
  an enrollment of another client device with the remote management service;
  
  ora number of a plurality of client devices permitted by the remote management service exceeding a predefined threshold, the client device being one of the plurality of client devices;
  
  in response to a determination that the device state of the client device is not in conformance with the at least one compliance rule, place the client device in a locked state during the backup of the enterprise data by disabling at least one hardware function or at least one software function on the client device during the backup;
  
  perform the backup of the enterprise data by communicating the enterprise data maintained in the memory to the remote management service over a network; and
  
  perform the wipe of the enterprise data by removing the enterprise data associated with the predefined criteria specified in the communication from the client device, wherein the personal data not associated with the predefined criteria is retained in the memory of the client device after the wipe.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The non-transitory computer-readable medium of claim 1, wherein:
    - the client device is associated with an account of the remote management service; and
      
      the enrollment of another client device is performed in response to credentials of the account of the remote management service being provided on another client device.
  - 3. The non-transitory computer-readable medium of claim 2, wherein the predefined threshold comprises a permitted number of devices specified for the account of the remote management service.
  - 4. The non-transitory computer-readable medium of claim 1, wherein the program, when executed by the computing device, is further configured to at least:
    - receive the at least one compliance rule generated by the remote management service; and
      
      determine that the backup and the wipe of the enterprise data is necessary based at least in part on the at least one compliance rule, wherein the at least one compliance rule is locally enforced on the client device by at least one client application.
  - 5. The non-transitory computer-readable medium of claim 1, wherein the program, when executed by the client device, is further configured to at least:
    - detect a tampering of the client device during performance of the backup of the enterprise data associated with the predefined criteria or during performance of the wipe of the enterprise data associated with the predefined criteria; and
      
      communicate data associated with the tampering to the remote management service.
  - 6. The non-transitory computer-readable medium of claim 1, wherein the program, when executed by the client device, is further configured to at least:
    - detect a tampering of the client device during performance of the backup of the enterprise data associated with the predefined criteria;
      
      identify a tampering level associated with the tampering;
      
      interrupt performance of the backup of enterprise data associated with the predefined criteria in response to the tampering level exceeding a predefined threshold; and
      
      perform the wipe of the enterprise data associated with the predefined criteria in response to the tampering level exceeding a predefined threshold.
  - 7. The non-transitory computer-readable medium of claim 1, wherein the program, when executed by the client device, is further configured to at least:
    - determine whether a network connection is available on the client device;
      
      in response to the network connection being unavailable, wait for an establishment of the network connection for a predefined period of time; and
      
      in response to an expiration of the predefined period of time, perform the wipe of the enterprise data associated with the predefined criteria.
  - 8. The non-transitory computer-readable medium of claim 1, wherein the locked state prevents access to at least a portion of features available on the at least one client device, terminates execution of predefined applications, prevents execution of predefined applications, or a combination thereof.

9. A method for performing a criteria-based backup and wipe of enterprise data stored on a first client device enrolled with a remote management service to migrate the enterprise data from the first client device to a second client device, comprising:
- enrolling, by at least one computing device, the first client device with the remote management service, where the remote management service is configured to oversee operation of the first client device remotely while enrolled, wherein the first client device has the enterprise data and personal data stored in memory of the first client device;
  
  maintaining, by the at least one computing device, a device state of the first client device;
  
  determining, by the at least one computing device, that the device state of the first client device is not in compliance with at least one compliance rule;
  
  in response to a determination that the device state of the first client device is not in compliance with the at least one compliance rule, generating, by the at least one computing device, a communication having predefined criteria that causes a client application executable on the first client device to perform a backup of the enterprise data associated with the predefined criteria and to perform a wipe of the enterprise data associated with the predefined criteria, wherein the communication is generated by the at least one computing device in response to;
  
  an enrollment of a second client device with the remote management service;
  
  ora number of a plurality of client devices permitted by the remote management service exceeding a predefined threshold, the first client device and the second client device being ones of the plurality of client devices;
  
  in response to a determination that the device state of the first client device is not in conformance with the at least one compliance rule, directing the client application to place the first client device in a locked state during the backup of the enterprise data by disabling at least one hardware function or at least one software function on the first client device during the backup;
  
  communicating, from the at least one computing device, a confirmation to the first client device that confirms receipt of backup data by the at least one computing device, the confirmation causing the wipe of the enterprise data to be performed by the client application executable on the first client device, wherein the wipe does not comprise personal data; and
  
  communicating, from the at least one computing device, the backup data to the second client device in response to the enrollment of the second client device with the remote management service.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The method of claim 9, wherein:
    - the first client device is associated with an account of the remote management service; and
      
      the enrollment of the second client device is performed in response to credentials of the account of the remote management service being provided on the second client device.
  - 11. The method of claim 9, wherein the communication is further generated by the remote management service in response to a command performed by an administrator of the remote management service.
  - 12. The method of claim 10, wherein the predefined threshold comprises a permitted number of devices specified for the account of the remote management service.
  - 13. The method of claim 9, wherein the remote management service is executed on the at least one computing device.
  - 14. The method of claim 9, further comprising:
    - receiving, by the at least one computing device, a confirmation that the wipe of the enterprise data associated with the predefined criteria has been performed by the first client device; and
      
      removing, by the at least one computing device, the first client device from a list of enrolled devices.
  - 15. The method of claim 9, wherein the locked state prevents access to at least a portion of features available on the at least one client device, terminates execution of predefined applications, prevents execution of predefined applications, or a combination thereof.

16. A system for performing a criteria-based backup and wipe of enterprise data stored on at least one client device enrolled with a remote management service, comprising:
- the at least one client device comprising at least one hardware processor; and
  
  program code that, when executed in the at least one hardware processor, causes the at least one client device to at least;
  
  send a request to a computing device over a network to enroll the client device with the remote management service, wherein the remote management service is configured to;
  
  oversee operation of the at least one client device remotely;
  
  maintain a device state of the at least one client device; and
  
  determine that the device state of the at least one client device is not in conformance with at least one compliance rule;
  
  maintain enterprise data and personal data in memory on the at least one client device;
  
  in response to a determination that the device state of the at least one client device is not in conformance with the at least one compliance rule, receive a communication generated by and sent from the remote management service comprising predefined criteria that causes performance of a backup of the enterprise data associated with the predefined criteria and performance of a wipe of the enterprise data associated with the predefined criteria from the at least one client device, wherein the communication is generated by the remote management service in response to;
  
  an enrollment of another client device with the remote management service;
  
  ora number of a plurality of client devices permitted by the remote management service exceeding a predefined threshold, the client device being one of the plurality of client devices;
  
  in response to a determination that the device state of the at least one client device is not in conformance with the at least one compliance rule, place the at least one client device in a locked state during the backup of the enterprise data by disabling at least one hardware function or at least one software function on the at least one client device during the backup and the wipe;
  
  perform the backup of the enterprise data by communicating the enterprise data to the remote management service over a network; and
  
  perform the wipe of the enterprise data by removing the enterprise data associated with the predefined criteria in the communication in response to a confirmation that the enterprise data has been received by the remote management service, wherein personal data not associated with the predefined criteria is retained on the at least one client device.
- View Dependent Claims (17, 18, 19, 20, 21, 22, 23)
- - 17. The system of claim 16, further comprising program code that, when executed in the at least one hardware processor, causes the at least one client device to at least:
    - detect a tampering of the at least one client device during performance of the backup of the enterprise data associated with the predefined criteria or during performance of the wipe of the enterprise data associated with the predefined criteria; and
      
      communicate data associated with the tampering to the remote management service.
  - 18. The system of claim 16, wherein further comprising program code that, when executed in the at least one hardware processor, causes the at least one client device to at least:
    - determine that a network connection is unavailable to the at least one client device;
      
      in response to the network connection being unavailable, wait for an establishment of the network connection for a predefined period of time; and
      
      in response to an expiration of the predefined period of time, perform the wipe of the enterprise data associated with the predefined criteria.
  - 19. The system of claim 16, wherein further comprising program code that, when executed in the at least one hardware processor, causes the at least one client device to at least:
    - detect a tampering of the at least one client device during performance of the backup of the enterprise data associated with the predefined criteria;
      
      identify a tampering level associated with the tampering;
      
      interrupt performance of the backup of the enterprise data associated with the predefined criteria in response to the tampering level exceeding a predefined threshold; and
      
      perform the wipe of the enterprise data associated with the predefined criteria in response to the tampering level exceeding a predefined threshold.
  - 20. The system of claim 16, wherein:
    - the client device is associated with an account of the remote management service; and
      
      the enrollment of another client device is performed in response to credentials of the account of the remote management service being provided on another client device.
  - 21. The system of claim 20, wherein the predefined threshold comprises a permitted number of devices specified for the account of the remote management service.
  - 22. The system of claim 16, further comprising program code that, when executed in the at least one hardware processor, causes the client device to at least:
    - identify at least one compliance rule generated by the remote management service set forth in the communication; and
      
      determine that the backup or the wipe of the enterprise data is warranted based at least in part on the at least one compliance rule, wherein the at least one compliance rule is locally enforced on the at least one client device by at least one client application.
  - 23. The system of claim 16, wherein the locked state prevents access to at least a portion of features available on the at least one client device, terminates execution of predefined applications, prevents execution of predefined applications, or a combination thereof.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Omnissa, LLC
Original Assignee
AirWatch LLC (Broadcom, Inc.)
Inventors
Stuntebeck, Erich Peter, Brannon, Jonathan Blake
Primary Examiner(s)
Hoang, Son T

Application Number

US14/573,596
Publication Number

US 20160179624A1
Time in Patent Office

1,455 Days
Field of Search

None
US Class Current
CPC Class Codes

G06F 11/1458   Management of the backup or...

G06F 11/1464   for networked environments

G06F 16/215   Improving data quality; Dat...

G06F 21/6218   to a system of files or obj...

G06F 2221/2143   Clearing memory, e.g. to pr...

Expedited device backup, wipe, and enrollment

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Expedited device backup, wipe, and enrollment

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links