Approach for managing access to data on client devices

US 10,540,510 B2
Filed: 04/28/2016
Issued: 01/21/2020
Est. Priority Date: 09/06/2011
Status: Active Grant

First Claim

Patent Images

1. An apparatus comprising:

one or more processors; and

one or more memories storing instructions which, when processed by the one or more processors, cause;

storing, by a manager system in volatile or non-volatile storage, a set of user data records;

wherein each user data record identifies a set of characteristics that uniquely identifies a corresponding user;

wherein the set of characteristics include an authorization level for the corresponding user;

detecting, by an exit system, that a particular user is attempting to remove a particular mobile wireless device from a location;

wherein the particular mobile wireless device has stored thereon, one or more electronic documents or information having one or more particular data attribute values;

in response to detecting, by the exit system, that the particular user is attempting to remove the particular mobile wireless device from the location, sending, from the exit system to the manager system via a network, a request to determine whether the particular user is authorized to remove from the location one or more electronic documents or information having the one or more particular data attribute values;

in response to the request to determine whether the particular user is authorized to remove from the location the one or more electronic documents or information having the one or more particular data attribute values;

determining, by the manager system, an authorization level of the particular user,determining, by the manager system based on the particular authorization level of the particular user, a first set of one or more policies that corresponds to the authorization level of the particular user and specifies data attribute values of information that is not allowed to be stored on mobile devices inside the location and outside the location;

determining, by the manager system, a second set of one or more policies that correspond to the one or more particular data attribute values for the one or more electronic documents or information and specifies download and processing restrictions for electronic documents;

determining, by the manager system, based upon the first set of one or more policies that specifies data attribute values of information that is not allowed to be stored on mobile devices inside the location and outside the location, the one or more particular data attribute values, and the second set of one or more policies that specifies download and processing restrictions for electronic documents, whether the particular user is authorized to remove from the location the one or more electronic documents or information having the one or more particular data attribute values;

in response to determining that the particular user is not authorized to remove from the location the one or more electronic documents or information having the one or more particular data attribute values, returning, from the manager system to the exit system via a network, a response message that indicates that the particular user is not authorized to remove from the location the one or more electronic documents or information having the one or more particular data attribute values; and

in response to receiving the response message, rendering the one or more electronic documents or information having the one or more particular data attribute values inaccessible on the particular mobile wireless device.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system is configured to manage access to electronic documents on mobile wireless devices. An exit system detects when a particular user attempts to remove a particular mobile wireless device from a building. The exit system sends a request to a manager system, via a network, to determine whether the user is authorized to remove one or more electronic documents or information that are on the particular mobile wireless device from the building. In response to determining that the particular user is not authorized, the system renders the one or more electronic documents or information inaccessible on the particular mobile wireless device.

Citations

20 Claims

1. An apparatus comprising:
- one or more processors; and
  
  one or more memories storing instructions which, when processed by the one or more processors, cause;
  
  storing, by a manager system in volatile or non-volatile storage, a set of user data records;
  
  wherein each user data record identifies a set of characteristics that uniquely identifies a corresponding user;
  
  wherein the set of characteristics include an authorization level for the corresponding user;
  
  detecting, by an exit system, that a particular user is attempting to remove a particular mobile wireless device from a location;
  
  wherein the particular mobile wireless device has stored thereon, one or more electronic documents or information having one or more particular data attribute values;
  
  in response to detecting, by the exit system, that the particular user is attempting to remove the particular mobile wireless device from the location, sending, from the exit system to the manager system via a network, a request to determine whether the particular user is authorized to remove from the location one or more electronic documents or information having the one or more particular data attribute values;
  
  in response to the request to determine whether the particular user is authorized to remove from the location the one or more electronic documents or information having the one or more particular data attribute values;
  
  determining, by the manager system, an authorization level of the particular user,determining, by the manager system based on the particular authorization level of the particular user, a first set of one or more policies that corresponds to the authorization level of the particular user and specifies data attribute values of information that is not allowed to be stored on mobile devices inside the location and outside the location;
  
  determining, by the manager system, a second set of one or more policies that correspond to the one or more particular data attribute values for the one or more electronic documents or information and specifies download and processing restrictions for electronic documents;
  
  determining, by the manager system, based upon the first set of one or more policies that specifies data attribute values of information that is not allowed to be stored on mobile devices inside the location and outside the location, the one or more particular data attribute values, and the second set of one or more policies that specifies download and processing restrictions for electronic documents, whether the particular user is authorized to remove from the location the one or more electronic documents or information having the one or more particular data attribute values;
  
  in response to determining that the particular user is not authorized to remove from the location the one or more electronic documents or information having the one or more particular data attribute values, returning, from the manager system to the exit system via a network, a response message that indicates that the particular user is not authorized to remove from the location the one or more electronic documents or information having the one or more particular data attribute values; and
  
  in response to receiving the response message, rendering the one or more electronic documents or information having the one or more particular data attribute values inaccessible on the particular mobile wireless device.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The apparatus of claim 1, wherein the instructions for detecting, by an exit system, that a particular user is attempting to remove a particular mobile wireless device from a location comprise instructions for detecting one or more of a scan of a user identification card, a wireless signal strength of the particular mobile wireless device.
  - 3. The apparatus of claim 1, wherein the instructions for detecting, by an exit system, that a particular user is attempting to remove a particular mobile wireless device from a location comprise instructions for receiving one or more of position data from a global positioning system of the particular mobile wireless device, a radio-frequency identification (RFID) signal, or a unique identifier entered via one or more of:
    - a keypad or a keyboard.
  - 4. The apparatus of claim 1, wherein the instructions, when executed by one or more processors, further cause:
    - detecting that the particular mobile wireless device is in proximity to the particular user.
  - 5. The apparatus of claim 1, wherein the instructions for rendering the one or more electronic documents or information inaccessible on the particular mobile wireless device comprise instructions for encrypting the one or more electronic documents or information.
  - 6. The apparatus of claim 1, wherein the instructions for rendering the one or more electronic documents or information inaccessible on the particular mobile wireless device comprise instructions for deleting the one or more electronic documents or information.
  - 7. The apparatus of claim 1, wherein:
    - the one or more electronic documents or information were previously encrypted using a first encryption key; and
      
      the instructions for rendering the one or more electronic documents or information inaccessible on the particular mobile wireless device comprise instructions for re-encrypting the one or more electronic documents or information using a second encryption key.

8. A computer-implemented method comprising:
- storing, by a manager system in volatile or non-volatile storage, a set of user data records;
  
  wherein each user data record identifies a set of characteristics that uniquely identifies a corresponding user;
  
  wherein the set of characteristics include an authorization level for the corresponding user;
  
  detecting, by an exit system, that a particular user is attempting to remove a particular mobile wireless device from a location;
  
  wherein the particular mobile wireless device has stored thereon, one or more electronic documents or information having one or more particular data attribute values;
  
  in response to detecting, by the exit system, that the particular user is attempting to remove the particular mobile wireless device from the location, sending, from the exit system to the manager system via a network, a request to determine whether the particular user is authorized to remove from the location one or more electronic documents or information having the one or more particular data attribute values;
  
  in response to the request to determine whether the particular user is authorized to remove from the location the one or more electronic documents or information having the one or more particular data attribute values;
  
  determining, by the manager system, an authorization level of the particular user,determining, by the manager system based on the particular authorization level of the particular user, a first set of one or more policies that corresponds to the authorization level of the particular user and specifies data attribute values of information that is not allowed to be stored on mobile devices inside the location and outside the location;
  
  determining, by the manager system, a second set of one or more policies that correspond to the one or more particular data attribute values for the one or more electronic documents or information and specifies download and processing restrictions for electronic documents;
  
  determining, by the manager system, based upon the first set of one or more policies that specifies data attribute values of information that is not allowed to be stored on mobile devices inside the location and outside the location, the one or more particular data attribute values, and the second set of one or more policies that specifies download and processing restrictions for electronic documents, whether the particular user is authorized to remove from the location the one or more electronic documents or information having the one or more particular data attribute values;
  
  in response to determining that the particular user is not authorized to remove from the location the one or more electronic documents or information having the one or more particular data attribute values, returning, from the manager system to the exit system via a network, a response message that indicates that the particular user is not authorized to remove from the location the one or more electronic documents or information having the one or more particular data attribute values; and
  
  in response to receiving the response message, rendering the one or more electronic documents or information having the one or more particular data attribute values inaccessible on the particular mobile wireless device.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The computer-implemented method of claim 8, wherein detecting, by an exit system, that a particular user is attempting to remove a particular mobile wireless device from a location comprises detecting one or more of a scan of a user identification card, a wireless signal strength of the particular mobile wireless device.
  - 10. The computer-implemented method of claim 8, wherein detecting, by an exit system, that a particular user is attempting to remove a particular mobile wireless device from a location comprises receiving one or more of position data from a global positioning system of the particular mobile wireless device, a radio-frequency identification (RFID) signal, or a unique identifier entered via one or more of:
    - a keypad or a keyboard.
  - 11. The computer-implemented method of claim 8, further comprising:
    - detecting that the particular mobile wireless device is in proximity to the particular user.
  - 12. The computer-implemented method of claim 8, wherein rendering the one or more electronic documents or information inaccessible on the particular mobile wireless device comprises encrypting the one or more electronic documents or information.
  - 13. The computer-implemented method of claim 8, wherein rendering the one or more electronic documents or information inaccessible on the particular mobile wireless device comprises deleting the one or more electronic documents or information.
  - 14. The computer-implemented method of claim 8, wherein:
    - the one or more electronic documents or information were previously encrypted using a first encryption key; and
      
      rendering the one or more electronic documents or information inaccessible on the particular mobile wireless device comprises re-encrypting the one or more electronic documents or information using a second encryption key.

15. One or more non-transitory computer-readable media storing instructions which, when processed by one or more processors, cause:
- storing, by a manager system in volatile or non-volatile storage, a set of user data records;
  
  wherein each user data record identifies a set of characteristics that uniquely identifies a corresponding user;
  
  wherein the set of characteristics include an authorization level for the corresponding user;
  
  detecting, by an exit system, that a particular user is attempting to remove a particular mobile wireless device from a location;
  
  wherein the particular mobile wireless device has stored thereon, one or more electronic documents or information having one or more particular data attribute values;
  
  in response to detecting, by the exit system, that the particular user is attempting to remove the particular mobile wireless device from the location, sending, from the exit system to the manager system via a network, a request to determine whether the particular user is authorized to remove from the location one or more electronic documents or information having the one or more particular data attribute values;
  
  in response to the request to determine whether the particular user is authorized to remove from the location the one or more electronic documents or information having the one or more particular data attribute values;
  
  determining, by the manager system, an authorization level of the particular user,determining, by the manager system based on the particular authorization level of the particular user, a first set of one or more policies that corresponds to the authorization level of the particular user; and
  
  specifies data attribute values of information that is not allowed to be stored on mobile devices inside the location and outside the location;
  
  determining, by the manager system, a second set of one or more policies that correspond to the one or more particular data attribute values for the one or more electronic documents or information; and
  
  specifies download and processing restrictions for electronic documents;
  
  determining, by the manager system, based upon the first set of one or more policies that specifies data attribute values of information that is not allowed to be stored on mobile devices inside the location and outside the location, the one or more particular data attribute values, and the second set of one or more policies that specifies download and processing restrictions for electronic documents, whether the particular user is authorized to remove from the location the one or more electronic documents or information having the one or more particular data attribute values;
  
  in response to determining that the particular user is not authorized to remove from the location the one or more electronic documents or information having the one or more particular data attribute values, returning, from the manager system to the exit system via a network, a response message that indicates that the particular user is not authorized to remove from the location the one or more electronic documents or information having the one or more particular data attribute values; and
  
  in response to receiving the response message, rendering the one or more electronic documents or information having the one or more particular data attribute values inaccessible on the particular mobile wireless device.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The one or more non-transitory computer-readable media of claim 15, wherein the instructions for detecting, by an exit system, that a particular user is attempting to remove a particular mobile wireless device from a location comprise instructions for detecting one or more of a scan of a user identification card, a wireless signal strength of the particular mobile wireless device.
  - 17. The one or more non-transitory computer-readable media of claim 15, further comprising addition instructions which, when processed by the one or more processors, cause receiving one or more of position data from a global positioning system of the particular mobile wireless device, a radio-frequency identification (RFID) signal, or a unique identifier entered via one or more of:
    - a keypad or a keyboard.
  - 18. The one or more non-transitory computer-readable media of claim 15, further comprising addition instructions which, when processed by the one or more processors, cause detecting that the particular mobile wireless device is in proximity to the particular user.
  - 19. The one or more non-transitory computer-readable media of claim 15, further comprising addition instructions which, when processed by the one or more processors, cause one or more of encrypting the one or more electronic documents or information, or deleting the one or more electronic documents or information.
  - 20. The one or more non-transitory computer-readable media of claim 15, wherein:
    - the one or more electronic documents or information were previously encrypted using a first encryption key; and
      
      the instructions for rendering the one or more electronic documents or information inaccessible on the particular mobile wireless device comprise instructions for re-encrypting the one or more electronic documents or information using a second encryption key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Ricoh Company Limited
Original Assignee
Ricoh Company Limited
Inventors
Motoyama, Tetsuro
Primary Examiner(s)
Lemma, Samson B

Application Number

US15/141,584
Publication Number

US 20160292448A1
Time in Patent Office

1,363 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/6218   to a system of files or obj...

H04B 5/77   for interrogation

H04L 63/06   for supporting key manageme...

H04L 63/105   Multiple levels of security

H04L 63/20   for managing network securi...

H04W 12/08   Access security

H04W 4/021   Services related to particu...

H04W 4/025   using location based inform...

H04W 88/02   Terminal devices

Approach for managing access to data on client devices

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Approach for managing access to data on client devices

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links