Approach for managing access to data on client devices
First Claim
Patent Images
1. An apparatus comprising:
- one or more processors; and
one or more memories storing instructions which, when processed by the one or more processors, cause;
storing, by a manager system in volatile or non-volatile storage, a set of user data records;
wherein each user data record identifies a set of characteristics that uniquely identifies a corresponding user;
wherein the set of characteristics include an authorization level for the corresponding user;
detecting, by an exit system, that a particular user is attempting to remove a particular mobile wireless device from a location;
wherein the particular mobile wireless device has stored thereon, one or more electronic documents or information having one or more particular data attribute values;
in response to detecting, by the exit system, that the particular user is attempting to remove the particular mobile wireless device from the location, sending, from the exit system to the manager system via a network, a request to determine whether the particular user is authorized to remove from the location one or more electronic documents or information having the one or more particular data attribute values;
in response to the request to determine whether the particular user is authorized to remove from the location the one or more electronic documents or information having the one or more particular data attribute values;
determining, by the manager system, an authorization level of the particular user,determining, by the manager system based on the particular authorization level of the particular user, a first set of one or more policies that corresponds to the authorization level of the particular user and specifies data attribute values of information that is not allowed to be stored on mobile devices inside the location and outside the location;
determining, by the manager system, a second set of one or more policies that correspond to the one or more particular data attribute values for the one or more electronic documents or information and specifies download and processing restrictions for electronic documents;
determining, by the manager system, based upon the first set of one or more policies that specifies data attribute values of information that is not allowed to be stored on mobile devices inside the location and outside the location, the one or more particular data attribute values, and the second set of one or more policies that specifies download and processing restrictions for electronic documents, whether the particular user is authorized to remove from the location the one or more electronic documents or information having the one or more particular data attribute values;
in response to determining that the particular user is not authorized to remove from the location the one or more electronic documents or information having the one or more particular data attribute values, returning, from the manager system to the exit system via a network, a response message that indicates that the particular user is not authorized to remove from the location the one or more electronic documents or information having the one or more particular data attribute values; and
in response to receiving the response message, rendering the one or more electronic documents or information having the one or more particular data attribute values inaccessible on the particular mobile wireless device.
0 Assignments
0 Petitions
Accused Products
Abstract
A system is configured to manage access to electronic documents on mobile wireless devices. An exit system detects when a particular user attempts to remove a particular mobile wireless device from a building. The exit system sends a request to a manager system, via a network, to determine whether the user is authorized to remove one or more electronic documents or information that are on the particular mobile wireless device from the building. In response to determining that the particular user is not authorized, the system renders the one or more electronic documents or information inaccessible on the particular mobile wireless device.
-
Citations
20 Claims
-
1. An apparatus comprising:
-
one or more processors; and one or more memories storing instructions which, when processed by the one or more processors, cause; storing, by a manager system in volatile or non-volatile storage, a set of user data records; wherein each user data record identifies a set of characteristics that uniquely identifies a corresponding user; wherein the set of characteristics include an authorization level for the corresponding user; detecting, by an exit system, that a particular user is attempting to remove a particular mobile wireless device from a location; wherein the particular mobile wireless device has stored thereon, one or more electronic documents or information having one or more particular data attribute values; in response to detecting, by the exit system, that the particular user is attempting to remove the particular mobile wireless device from the location, sending, from the exit system to the manager system via a network, a request to determine whether the particular user is authorized to remove from the location one or more electronic documents or information having the one or more particular data attribute values; in response to the request to determine whether the particular user is authorized to remove from the location the one or more electronic documents or information having the one or more particular data attribute values; determining, by the manager system, an authorization level of the particular user, determining, by the manager system based on the particular authorization level of the particular user, a first set of one or more policies that corresponds to the authorization level of the particular user and specifies data attribute values of information that is not allowed to be stored on mobile devices inside the location and outside the location; determining, by the manager system, a second set of one or more policies that correspond to the one or more particular data attribute values for the one or more electronic documents or information and specifies download and processing restrictions for electronic documents; determining, by the manager system, based upon the first set of one or more policies that specifies data attribute values of information that is not allowed to be stored on mobile devices inside the location and outside the location, the one or more particular data attribute values, and the second set of one or more policies that specifies download and processing restrictions for electronic documents, whether the particular user is authorized to remove from the location the one or more electronic documents or information having the one or more particular data attribute values; in response to determining that the particular user is not authorized to remove from the location the one or more electronic documents or information having the one or more particular data attribute values, returning, from the manager system to the exit system via a network, a response message that indicates that the particular user is not authorized to remove from the location the one or more electronic documents or information having the one or more particular data attribute values; and in response to receiving the response message, rendering the one or more electronic documents or information having the one or more particular data attribute values inaccessible on the particular mobile wireless device. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A computer-implemented method comprising:
-
storing, by a manager system in volatile or non-volatile storage, a set of user data records; wherein each user data record identifies a set of characteristics that uniquely identifies a corresponding user; wherein the set of characteristics include an authorization level for the corresponding user; detecting, by an exit system, that a particular user is attempting to remove a particular mobile wireless device from a location; wherein the particular mobile wireless device has stored thereon, one or more electronic documents or information having one or more particular data attribute values; in response to detecting, by the exit system, that the particular user is attempting to remove the particular mobile wireless device from the location, sending, from the exit system to the manager system via a network, a request to determine whether the particular user is authorized to remove from the location one or more electronic documents or information having the one or more particular data attribute values; in response to the request to determine whether the particular user is authorized to remove from the location the one or more electronic documents or information having the one or more particular data attribute values; determining, by the manager system, an authorization level of the particular user, determining, by the manager system based on the particular authorization level of the particular user, a first set of one or more policies that corresponds to the authorization level of the particular user and specifies data attribute values of information that is not allowed to be stored on mobile devices inside the location and outside the location; determining, by the manager system, a second set of one or more policies that correspond to the one or more particular data attribute values for the one or more electronic documents or information and specifies download and processing restrictions for electronic documents; determining, by the manager system, based upon the first set of one or more policies that specifies data attribute values of information that is not allowed to be stored on mobile devices inside the location and outside the location, the one or more particular data attribute values, and the second set of one or more policies that specifies download and processing restrictions for electronic documents, whether the particular user is authorized to remove from the location the one or more electronic documents or information having the one or more particular data attribute values; in response to determining that the particular user is not authorized to remove from the location the one or more electronic documents or information having the one or more particular data attribute values, returning, from the manager system to the exit system via a network, a response message that indicates that the particular user is not authorized to remove from the location the one or more electronic documents or information having the one or more particular data attribute values; and in response to receiving the response message, rendering the one or more electronic documents or information having the one or more particular data attribute values inaccessible on the particular mobile wireless device. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. One or more non-transitory computer-readable media storing instructions which, when processed by one or more processors, cause:
-
storing, by a manager system in volatile or non-volatile storage, a set of user data records; wherein each user data record identifies a set of characteristics that uniquely identifies a corresponding user; wherein the set of characteristics include an authorization level for the corresponding user; detecting, by an exit system, that a particular user is attempting to remove a particular mobile wireless device from a location; wherein the particular mobile wireless device has stored thereon, one or more electronic documents or information having one or more particular data attribute values; in response to detecting, by the exit system, that the particular user is attempting to remove the particular mobile wireless device from the location, sending, from the exit system to the manager system via a network, a request to determine whether the particular user is authorized to remove from the location one or more electronic documents or information having the one or more particular data attribute values; in response to the request to determine whether the particular user is authorized to remove from the location the one or more electronic documents or information having the one or more particular data attribute values; determining, by the manager system, an authorization level of the particular user, determining, by the manager system based on the particular authorization level of the particular user, a first set of one or more policies that corresponds to the authorization level of the particular user; and
specifies data attribute values of information that is not allowed to be stored on mobile devices inside the location and outside the location;determining, by the manager system, a second set of one or more policies that correspond to the one or more particular data attribute values for the one or more electronic documents or information; and
specifies download and processing restrictions for electronic documents;determining, by the manager system, based upon the first set of one or more policies that specifies data attribute values of information that is not allowed to be stored on mobile devices inside the location and outside the location, the one or more particular data attribute values, and the second set of one or more policies that specifies download and processing restrictions for electronic documents, whether the particular user is authorized to remove from the location the one or more electronic documents or information having the one or more particular data attribute values; in response to determining that the particular user is not authorized to remove from the location the one or more electronic documents or information having the one or more particular data attribute values, returning, from the manager system to the exit system via a network, a response message that indicates that the particular user is not authorized to remove from the location the one or more electronic documents or information having the one or more particular data attribute values; and in response to receiving the response message, rendering the one or more electronic documents or information having the one or more particular data attribute values inaccessible on the particular mobile wireless device. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification