Detection of offline attempts to circumvent security policies

US 10,432,672 B2
Filed: 03/20/2018
Issued: 10/01/2019
Est. Priority Date: 10/27/2015
Status: Active Grant

First Claim

Patent Images

1. A system, comprising:

a computing device comprising a processor and a memory;

a first application comprising machine-readable instructions stored in the memory that, when executed by the processor, cause the computing device to at least;

monitor a second application to detect a deletion of a user account initiated locally on the computing device, wherein the user account is associated with an enrollment of the computing device with a management service;

identify data subject to a policy received from the management service;

delete the data from the memory of the computing device; and

delete a value for a setting of the computing device, wherein the value for the setting was previously set to place the computing device in compliance with the policy.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed are approaches for detecting attempts to circumvent security policies on a client device. A deletion of a user account on a computing device is detected, wherein the deletion is initiated locally on the computing device and the user account is associated with an enrollment of the computing device with a management service. Data stored in a memory of the computing device that is subject to a policy received from the management service is identified. The data is deleted from the memory of the computing device. The policy is then deleted from the memory of the computing device.

Citations

20 Claims

1. A system, comprising:
- a computing device comprising a processor and a memory;
  
  a first application comprising machine-readable instructions stored in the memory that, when executed by the processor, cause the computing device to at least;
  
  monitor a second application to detect a deletion of a user account initiated locally on the computing device, wherein the user account is associated with an enrollment of the computing device with a management service;
  
  identify data subject to a policy received from the management service;
  
  delete the data from the memory of the computing device; and
  
  delete a value for a setting of the computing device, wherein the value for the setting was previously set to place the computing device in compliance with the policy.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The system of claim 1, wherein the first application further causes the computing device to unenroll the computing device from the management service.
  - 3. The system of claim 1, wherein the first application further causes the computing device to at least report the deletion of the user account to the management service.
  - 4. The system of claim 1, wherein the first application further causes the computing device to at least uninstall the first application from the computing device.
  - 5. The system of claim 1, wherein the first application further causes the computing device to at least delete the policy from the memory of the computing device.
  - 6. The system of claim 1, wherein the data comprises a third application installed on the computing device to place the computing device in compliance with the policy.
  - 7. The system of claim 1, wherein causing the computing device to delete the data from the memory of the computing device comprises causing the computing device to overwrite the data in the memory of the computing device with a stream of bits, wherein each bit in the stream of bits is set to the same value.

8. A method, comprising:
- monitoring an application executing in a computing device to detect a deletion of a user account on a computing device by the application, wherein the deletion is initiated locally on the computing device and the user account is associated with an enrollment of the computing device with a management service;
  
  identifying data stored in a memory of the computing device that is subject to a policy received from the management service;
  
  deleting the data from the memory of the computing device; and
  
  deleting a value for a setting of the computing device, wherein the value for the setting was previously set to place the computing device in compliance with the policy.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The method of claim 8, further comprising reporting the deletion of the user account to the management service.
  - 10. The method of claim 8, further comprising unenrolling the computing device from the management service.
  - 11. The method of claim 8, further comprising deleting the policy from the memory of the computing device.
  - 12. The method of claim 8, wherein the data comprises a second application installed on the computing device to place the computing device in compliance with the policy.
  - 13. The method of claim 8, wherein deleting the data from the memory of the computing device comprises overwriting the data in the memory of the computing device with a stream of bits, wherein each bit in the stream of bits is set to the same value.

14. A non-transitory computer readable medium comprising machine readable instructions that, when executed by a processor of a computing device, cause the computing device to at least:
- monitor an application to detect a deletion of a user account on the computing device initiated with the application, wherein the deletion is initiated locally on the computing device and the user account is associated with an enrollment of the computing device with a management service;
  
  identify data stored in a memory of the computing device that is subject to a policy received from the management service;
  
  delete the data from the memory of the computing device; and
  
  delete a value for a setting of the computing device, wherein the value for the setting was previously set to place the computing device in compliance with the policy.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The non-transitory computer readable medium of claim 14, wherein the machine readable instructions further cause the computing device to at least unenroll the computing device from the management service.
  - 16. The non-transitory computer readable medium of claim 14, wherein the machine readable instructions further cause the computing device to at least delete the policy from the memory of the computing device.
  - 17. The non-transitory computer readable medium of claim 14, wherein the machine readable instructions further cause the computing device to at least report the deletion of the user account to the management service.
  - 18. The non-transitory computer readable medium of claim 14, wherein the machine readable instructions further cause the computing device to at least remove the machine readable instructions from the computing device.
  - 19. The non-transitory computer readable medium of claim 14, wherein the data comprises a second application installed on the computing device to place the computing device in compliance with the policy.
  - 20. The non-transitory computer readable medium of claim 14, wherein causing the computing device to delete the data from the memory of the computing device comprises causing the computing device to overwrite the data in the memory of the computing device with a stream of bits, wherein each bit in the stream of bits is set to the same value.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Omnissa, LLC
Original Assignee
AirWatch LLC (Broadcom, Inc.)
Inventors
Murthy, Varun, Regula, Kalyan, Shantharam, Shravan, Roszak, Jason
Primary Examiner(s)
Abedin, Shanto

Application Number

US15/926,010
Publication Number

US 20180213005A1
Time in Patent Office

560 Days
Field of Search

726 1
US Class Current
CPC Class Codes

G06F 21/10   Protecting distributed prog...

G06F 21/57   Certifying or maintaining t...

G06F 21/6218   to a system of files or obj...

G06F 2221/2143   Clearing memory, e.g. to pr...

H04L 63/102   Entity profiles

H04L 63/20   for managing network securi...

Detection of offline attempts to circumvent security policies

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Detection of offline attempts to circumvent security policies

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links