System and method to provide server control for access to mobile client data

US 10,375,116 B2
Filed: 03/02/2017
Issued: 08/06/2019
Est. Priority Date: 03/02/2012
Status: Active Grant

First Claim

Patent Images

1. A method for protecting a data item, comprising:

upon initiation of transfer of the data item from a server to a client device, determining a sensitivity score of the data item, a confidence level that a user of the client device is an authorized user, and a current protection level of the data item, the sensitivity score being generated based on a value of the data item to a particular individual or organization and a cost of recreating the data item if destroyed or modified;

applying, using a processor, a policy to determine an appropriate protection for the data item based upon the sensitivity score, the confidence level, and the current protection level; and

providing a protected data item to the client device by applying the appropriate protection to the data item, wherein a unique encryption key is employed for each application of a protection technique on each of one or more data items.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for protecting a data item include, upon initiation of transfer of the data item from a server to a client device, determining a sensitivity score and a current protection, level of the data item. A policy is applied to determine an appropriate protection for the data item based upon the sensitivity score and the current protection level. A protected data item is provided to the client device by applying the appropriate protection to the data item.

23 Citations

View as Search Results

20 Claims

1. A method for protecting a data item, comprising:
- upon initiation of transfer of the data item from a server to a client device, determining a sensitivity score of the data item, a confidence level that a user of the client device is an authorized user, and a current protection level of the data item, the sensitivity score being generated based on a value of the data item to a particular individual or organization and a cost of recreating the data item if destroyed or modified;
  
  applying, using a processor, a policy to determine an appropriate protection for the data item based upon the sensitivity score, the confidence level, and the current protection level; and
  
  providing a protected data item to the client device by applying the appropriate protection to the data item, wherein a unique encryption key is employed for each application of a protection technique on each of one or more data items.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method as recited in claim 1, wherein determining the sensitivity score includes:
    - determining sensitivity scores for classes of data on the server;
      
      determining a class of the data item from the classes of data on the server; and
      
      assigning a sensitivity score corresponding to the class of the data item as the sensitivity score of the data item.
  - 3. The method as recited in claim 1, wherein applying the policy includes determining the appropriate protection based upon one or more of features of the data item and features of the client device.
  - 4. The method as recited in claim 3, wherein features of the data item include one or more of type, creator, and indicator of the data item.
  - 5. The method as recited in claim 3, wherein features of the client device include one or more of a history of compromises, an ownership status, an operating system, a version of the operating system, applications stored on the client device, a patch status, suspected malware, a status of a network connected to the client device, and an application of the client device used to access the data item.
  - 6. The method as recited in claim 1, wherein providing the protected data item includes providing a link referring to the protected data item.
  - 7. The method as recited in claim 1, wherein the initiation of transfer includes at least one of a request from the client device and a server initiated transfer of the data item.
  - 8. The method as recited in claim 7, wherein the request from the client device is due to at least one of a user request, a scheduled request, a signal received by a sensor of the client device, and an event external from the client device.
  - 9. The method as recited in claim 7, wherein the server initiated transfer is due to at least one of a request from the client device, a request from a second device, receiving data from the second device, and a scheduled transfer.
  - 10. The method as recited in claim 1, wherein applying the appropriate protection includes at least one of applying encryption, redaction, invertible obfuscation, and non-invertible obfuscation.

11. A non-transitory computer readable storage medium comprising a computer readable program for protecting a data item, wherein the computer readable program when executed on a computer causes the computer to perform the steps of:
- upon initiation of transfer of the data item from a server to a client device, determining a sensitivity score of the data item, a confidence level that a user of the client device is an authorized user, and a current protection level of the data item, the sensitivity score being based on a value of the data item to a particular individual or organization and a cost of recreating the data item if destroyed or modified;
  
  applying a policy to determine an appropriate protection for the data item based upon the sensitivity score, the confidence level, and the current protection level; and
  
  providing a protected data item to the client device by applying the appropriate protection to the data item, wherein a unique encryption key is employed for each application of a protection technique on each of one or more data items.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
- - 12. The non-transitory computer readable storage medium as recited in claim 11, wherein determining the sensitivity score includes:
    - determining sensitivity scores for classes of data on the server;
      
      determining a class of the data item from the classes of data on the server; and
      
      assigning a sensitivity score corresponding to the class of the data item as the sensitivity score of the data item.
  - 13. The non-transitory computer readable storage medium as recited in claim 11, wherein applying the policy includes determining the appropriate protection based upon one or more of features of the data item and features of the client device.
  - 14. The non-transitory computer readable storage medium as recited in claim 13, wherein features of the data item include one or more of type, creator, and indicator of the data item.
  - 15. The non-transitory computer readable storage medium as recited in claim 13, wherein features of the client device include one or more of a history of compromises, an ownership status, an operating system, a version of the operating system, applications stored on the client device, a patch status, suspected malware, a status of a network connected to the client device, and an application of the client device used to access the data item.
  - 16. The non-transitory computer readable storage medium as recited in claim 11, wherein providing the protected data item includes providing a link referring to the protected data item.
  - 17. The non-transitory computer readable storage medium as recited in claim 11, wherein the initiation of transfer includes at least one of a request from the client device and a server initiated transfer of the data item.
  - 18. The non-transitory computer readable storage medium as recited in claim 17, wherein the request from the client device is due to at least one of a user request, a scheduled request, a signal received by a sensor of the client device, and an event external from the client device.
  - 19. The non-transitory computer readable storage medium as recited in claim 17, wherein the server initiated transfer is due to at least one of a request from the client device, a request from a second device, receiving data from the second device, and a scheduled transfer.

20. A method for protecting a data item, comprising:
- upon initiation of transfer of the data item from a server to a mobile device, determining a sensitivity score of the data item, a confidence level that a user of the client device is an authorized user, and a current protection level of the data item using a data protection server, the sensitivity score being generated based on a value of the data item to a particular individual or organization and a cost of recreating the data item if destroyed or modified;
  
  applying a policy to determine an appropriate protection for the data item using the data protection server, wherein the appropriate protection is based upon the sensitivity score, the current protection level, the confidence level, and features of at least one of the data item and the mobile device; and
  
  providing a protected data item to the mobile device by applying the appropriate protection to the data item using the data protection server, wherein a unique encryption key is employed for each application of a protection technique on each of one or more data items.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Cheng, Pau-Chen, Gates, Stephen C., Koved, Lawrence, Teiken, Wilfried
Primary Examiner(s)
Wang, Harris C

Application Number

US15/448,220
Publication Number

US 20170180332A1
Time in Patent Office

887 Days
Field of Search

713168
US Class Current
CPC Class Codes

G06F 21/6218   to a system of files or obj...

H04L 2209/80   Wireless network architectu...

H04L 63/04   for providing a confidentia...

H04L 63/0428   wherein the data content is...

H04L 63/08   for authentication of entit...

H04L 63/083   using passwords cryptograph...

H04L 63/0861   using biometrical features,...

H04L 63/20   for managing network securi...

H04L 9/14   using a plurality of keys o...

H04W 12/06   Authentication

System and method to provide server control for access to mobile client data

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

23 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

System and method to provide server control for access to mobile client data

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

23 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links