SELECTIVELY WIPING A REMOTE DEVICE

US 20080178300A1
Filed: 01/18/2008
Published: 07/24/2008
Est. Priority Date: 01/19/2007
Status: Active Grant

First Claim

Patent Images

1. A method for selectively securing data from unauthorized access on a client device storing a plurality of data types, the method comprising:

receiving a command at the client device, the command comprising an indicator of an authorization level, wherein the authorization level is associated with an issuer of the command;

determining which of a plurality of data types is to be secured by identifying a predefined rule associated with the authorization level indicated in the received command, wherein the client device is provided with a plurality of predefined rules each associated with one of a plurality of authorization levels, each of the predefined rules comprising a value indicating each of the plurality of data types to be secured in response to a received command; and

securing the data of the data types indicated by the value comprised in the identified predefined rule.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for selectively securing data from unauthorized access on a client device storing a plurality of data types with reference to an authorization level indicated in a command. A command is received at a client device comprising an authorization level indicator. Based on at least one predefined rule, which may be implemented in an IT policy stored at the client device, each of the plurality of data types to be secured is determined, and then the data corresponding to those types is secured. The data may be secured by encrypting and/or deleting the data at the client device. The predefined rules associated with each authorization level may be configured by a user or administrator having an authorization level that exceeds the associated authorization level. The system and method thus provide a method for securing only selected data types, depending on the authorization level of the issuer of the command.

242 Citations

26 Claims

1. A method for selectively securing data from unauthorized access on a client device storing a plurality of data types, the method comprising:
- receiving a command at the client device, the command comprising an indicator of an authorization level, wherein the authorization level is associated with an issuer of the command;
  
  determining which of a plurality of data types is to be secured by identifying a predefined rule associated with the authorization level indicated in the received command, wherein the client device is provided with a plurality of predefined rules each associated with one of a plurality of authorization levels, each of the predefined rules comprising a value indicating each of the plurality of data types to be secured in response to a received command; and
  
  securing the data of the data types indicated by the value comprised in the identified predefined rule.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The method of claim 1, wherein determining which of a plurality of data types is to be secured further comprises, when a predefined rule associated with the authorization level indicated in the received command is not found, identifying a predefined rule associated with the next highest authorization level that is lower than the indicated authorization level.
  - 3. The method of claim 2, wherein the plurality of predefined rules is stored at the client device in association with an IT policy.
  - 4. The method of claim 2, wherein securing the data further comprises:
    - setting a flag at the client device, the flag comprising a subset value for each of the plurality of data types, the subset value indicating whether the data of that data type is to be secured;
      
      in response to the received command, checking each of the subset values of the flag, and carrying out a securing operation if the subset value indicates that the data of that data type is to be secured; and
      
      after each of the subset values has been checked, resetting the subset values to indicate that no further securing operation is to be carried out.
  - 5. The method of claim 2, wherein the act of securing the data comprises one of deleting the data;
    - encrypting the data;
      
      or encrypting, then deleting, the data.
  - 6. The method of claim 5, wherein the securing operation comprises one of deleting the data of that data type;
    - encrypting the data of that data type;
      
      or encrypting, then deleting, the data of that data type.
  - 7. The method of claim 2, wherein the command is received in an encrypted message, and prior to securing the data the command is authenticated by decrypting the message and extracting the command, such that the command is authenticated if the command is extracted successfully.
  - 8. The method of claim 2 wherein the client device comprises a mobile communications device.
  - 9. The method of claim 8 wherein the command is received over the air.
  - 10. The method of claim 2 wherein the command is received from input at the client device, or is invoked in response to detection of a predetermined action, condition or trigger for the execution of the command at the client device.
  - 11. The method of claim 2, further comprising, prior to receiving the command at the client device:
    - defining, at a location remote from the client device, a plurality of predefined rules associated with an authorization level; and
      
      transmitting to the client device the plurality of predefined rules thus defined.
  - 12. The method of claim 11, wherein defining the plurality of predefined rules comprises:
    - for a given authorization level,presenting a set of configuration options for configuring securing operations for each of the plurality of data types for authorization levels lower than the given authorization level; and
      
      constructing a plurality of rules comprising selected configuration options.
  - 13. The method of claim 2, wherein the data types comprise at least one of an operating system, encryption and decryption keys, personal information management applications, messaging applications, e-mail data, short message service data, instant messaging data, multimedia message data, voicemail data, calendar data, address book data, or IT policies.
  - 14. The method of claim 10, wherein the predetermined action, condition, or trigger comprises receipt at the client device of an incorrect password a predetermined number of times.

15. A computer readable memory having recorded thereon statements and instructions for execution by a computer to:
- receive a command at the client device, the command comprising an indicator of an authorization level, wherein the authorization level is associated with an issuer of the command;
  
  determine which of a plurality of data types is to be secured by identifying a predefined rule associated with the authorization level indicated in the received command, wherein the client device is provided with a plurality of predefined rules each associated with one of a plurality of authorization levels, each of the predefined rules comprising a value indicating each of the plurality of data types to be secured in response to a received command; and
  
  secure the data of the data types indicated by the value comprised in the identified predefined rule.

16. A method for selectively securing data from unauthorized access on a client device storing a plurality of data types, the method comprising:
- receiving a command at the client device, the command comprising an indicator of an authorization level, wherein the authorization level is associated with an issuer of the command;
  
  determining which of the plurality of data types is to be secured by identifying each of a plurality of predefined rules comprising an indicator of an authorization level equal to or less than the authorization level indicated in the received command, each of the plurality of predefined rules being associated with one of the plurality of data types; and
  
  securing only the data corresponding to each of the plurality of data types associated with the predefined rules thus identified.
- View Dependent Claims (17, 18, 19)
- - 17. The method of claim 16, wherein securing the data further comprises:
    - setting a flag at the client device, the flag comprising a subset value for each of the plurality of data types, the subset value indicating whether the data of that data type is to be secured;
      
      in response to the received command, checking each of the subset values of the flag, and carrying out a securing operation if the subset value indicates that the data of that data type is to be secured; and
      
      after each of the subset values has been checked, resetting the subset values to indicate that no further securing operation is to be carried out.
  - 18. The method of claim 16, wherein the act of securing the data comprises one of deleting the data;
    - encrypting the data;
      
      or encrypting, then deleting, the data.
  - 19. The method of claim 16 wherein the client device comprises a mobile communications device.

20. A computer readable memory having recorded thereon statements and instructions for execution by a computer to:
- receive a command at the client device, the command comprising an indicator of an authorization level, wherein the authorization level is associated with an issuer of the command;
  
  determine which of the plurality of data types is to be secured by identifying each of a plurality of predefined rules comprising an indicator of an authorization level equal to or less than the authorization level indicated in the received command, each of the plurality of predefined rules being associated with one of the plurality of data types; and
  
  secure only the data corresponding to each of the plurality of data types associated with the predefined rules thus identified.

21. A mobile client device for selectively securing data from unauthorized access on the client device storing a plurality of data types, the device comprising:
- a processor;
  
  a memory storing data comprising at least one of a plurality of data types; and
  
  a receiver operatively connected to the processor for receiving a command at the client device, the command comprising an indicator of an authorization level, wherein the authorization level is associated with an issuer of the command;
  
  wherein the processor is configured to determine, using at least one predefined rule associated with the authorization level indicated by the authorization level indicator, which of a plurality of data types is to be secured and to secure the data stored in the memory corresponding to each of the plurality of data types thus determined.
- View Dependent Claims (22, 23, 24, 25, 26)
- - 22. The mobile client device of claim 21, wherein each of the predefined rules is associated with one of a plurality of authorization levels, and each of the predefined rules comprises a value indicating each of the plurality of data types to be secured in response to a received command, and wherein the processor is further configured to identify the predefined rule associated with the authorization level indicated in the received command, and to secure only those data types indicated by the value comprised in the identified predefined rule.
  - 23. The mobile client device of claim 21, further comprising a memory for storing a flag comprising a subset value for each of the plurality of data types, the subset value indicating whether the data of that data type is to be secured, the processor being further configured to:
    - set the flag;
      
      in response to the received command, check each of the subset values of the flag, and carry out a securing operation if the subset value indicates that the data of that data type is to be secured; and
      
      after each of the subset values has been checked, reset the subset values to indicate that no further securing operation is to be carried out.
  - 24. The mobile client device of claim 21, wherein the processor is configured to secure the data by deleting the data corresponding to each of the plurality of data types thus determined from the memory.
  - 25. The mobile client device of claim 21, wherein the processor is configured to secure the data by encrypting the data corresponding to each of the plurality of data types thus determined in the memory.
  - 26. The mobile client device of claim 21, wherein the command is received in an encrypted message, and the processor is configured to decrypt the message and extract the command, such that the command is authenticated if the command is extracted successfully.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Blackberry Limited
Original Assignee
Blackberry Limited
Inventors
BROWN, Michael K., LITTLE, Herbert A., BROWN, Michael S., TOTZKE, Scott W.

Granted Patent

US 8,056,143 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/29
CPC Class Codes

G06F 21/602   Providing cryptographic fac...

G06F 21/6218   to a system of files or obj...

G06F 21/6245   Protecting personal data, e...

G06F 21/88   Detecting or preventing the...

G06F 2221/2107   File encryption

G06F 2221/2113   Multi-level security, e.g. ...

G06F 2221/2143   Clearing memory, e.g. to pr...

H04L 63/0428   wherein the data content is...

H04L 63/101   Access control lists [ACL]

H04L 63/105   Multiple levels of security

H04W 12/02   Protecting privacy or anony...

H04W 12/033   of the user plane, e.g. use...

H04W 12/08   Access security

SELECTIVELY WIPING A REMOTE DEVICE

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

242 Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

SELECTIVELY WIPING A REMOTE DEVICE

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

242 Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links