SYSTEM AND METHOD FOR WIPING ENCRYPTED DATA ON A DEVICE HAVING FILE-LEVEL CONTENT PROTECTION

US 20110252232A1
Filed: 04/07/2010
Published: 10/13/2011
Est. Priority Date: 04/07/2010
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method of erasing user data stored in a file system, the method causing a computing device to perform steps comprising:

destroying all key bags containing encryption keys on a device having a file system encrypted on a per file and on a per class basis;

erasing and rebuilding at least part of the file system associated with user data; and

creating a new default key bag containing encryption keys.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed herein are systems, methods, and non-transitory computer-readable storage media for erasing user data stored in a file system. The method includes destroying all key bags containing encryption keys on a device having a file system encrypted on a per file and per class basis, erasing and rebuilding at least part of the file system associated with user data, and creating a new default key bag containing encryption keys. Also disclosed herein is a method of erasing user data stored in a remote file system encrypted on a per file and per class basis. The method includes transmitting obliteration instructions to a remote device, which cause the remote device to destroy all key bags containing encryption keys on the remote device, erase and rebuild at least part of the file system associated with user data, and create on the remote device a new default key bag containing encryption keys.

Citations

25 Claims

1. A computer-implemented method of erasing user data stored in a file system, the method causing a computing device to perform steps comprising:
- destroying all key bags containing encryption keys on a device having a file system encrypted on a per file and on a per class basis;
  
  erasing and rebuilding at least part of the file system associated with user data; and
  
  creating a new default key bag containing encryption keys.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The computer-implemented method of claim 1, the method further causing the computing device to, before destroying all key bags, receive obliteration instructions from a master device.
  - 3. The computer-implemented method of claim 2, the method further causing the computing device to transmit a confirmation to the master device indicating that all key bags are destroyed, at least part of the file system is erased and rebuilt, and the new default key bag is created.
  - 4. The computer-implemented method of claim 1, the method further causing the computing device to, before destroying all key bags, receive via the computing device a user command to erase user data.
  - 5. The computer-implemented method of claim 1, wherein destroying all key bags comprises erasing all keys loaded into memory and erasing all key bags stored in the file system.
  - 6. The computer-implemented method of claim 1, the method further comprising rebooting the computing device.

7. A system for erasing user data stored in a file system, the system comprising:
- a processor;
  
  a first module controlling the processor to destroy all key bags containing encryption keys on a device having a file system encrypted on a per file and on a per class basis;
  
  a second module controlling the processor to erase and rebuild at least part of the file system associated with user data; and
  
  a third module controlling the processor to create a new default key bag containing encryption keys.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The system of claim 7, the system further comprising a fourth module controlling the processor to, before destroying all key bags, receive obliteration instructions from a master device.
  - 9. The system of claim 8, the system further comprising a fifth module controlling the processor to transmit a confirmation to the master device indicating that all key bags are destroyed, at least part of the file system is erased and rebuilt, and the new default key bag is created.
  - 10. The system of claim 7, the system further comprising a fourth module controlling the processor to, before destroying all key bags, receive via the computing device a user command to erase user data.
  - 11. The system of claim 7, wherein the second module further controls the processor to erase all keys loaded into memory and erase all key bags stored in the file system.
  - 12. The system of claim 7, the system further comprising a fourth module controlling the processor to reboot the computing device.

13. A non-transitory computer-readable storage medium storing instructions which, when executed by a computing device, cause the computing device to erase user data stored in a file system, the instructions comprising:
- destroying all key bags containing encryption keys on a device having a file system encrypted on a per file and on a per class basis;
  
  erasing and rebuilding at least part of the file system associated with user data; and
  
  creating a new default key bag containing encryption keys.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The non-transitory computer-readable storage medium of claim 13, the instructions further comprising, before destroying all key bags, receiving obliteration instructions from a master device.
  - 15. The non-transitory computer-readable storage medium of claim 14, the instructions further comprising transmitting a confirmation to the master device indicating that all key bags are destroyed, at least part of the file system is erased and rebuilt, and the new default key bag is created.
  - 16. The non-transitory computer-readable storage medium of claim 13, the instructions further comprising, before destroying all key bags, receiving via the computing device a user command to erase user data.
  - 17. The non-transitory computer-readable storage medium of claim 13, wherein destroying all key bags comprises erasing all keys loaded into memory and erasing all key bags stored in the file system.
  - 18. The non-transitory computer-readable storage medium of claim 13, the instructions further comprising rebooting the computing device.

19. A system for erasing user data stored in a remote file system, the system comprising:
- a processor;
  
  a first module controlling the processor to transmit obliteration instructions to a remote device, the obliteration instructions causing the remote device to perform steps comprising;
  
  destroying all key bags containing encryption keys on the remote device, wherein the remote device has a file system encrypted on a per file and on a per class basis;
  
  erasing and rebuilding at least part of the file system associated with user data; and
  
  creating on the remote device a new default key bag containing encryption keys.
- View Dependent Claims (20, 21, 22)
- - 20. The system of claim 19, wherein the first module controls the processor to transmit obliteration instructions wirelessly.
  - 21. The system of claim 19, further comprising a second module controlling the processor to verify, based on a confirmation received from the remote device, that the obliteration instructions were successfully executed on the remote device.
  - 22. The system of claim 19, wherein the obliteration instructions further cause the remote device to reboot.

23. A computer-implemented method of erasing user data stored in a remote file system, the method causing a computing device to perform steps comprising:
- transmitting obliteration instructions to a remote device, the obliteration instructions causing the remote device to perform steps comprising;
  
  destroying all key bags containing encryption keys on the remote device, wherein the remote device has a file system encrypted on a per file and on a per class basis;
  
  erasing and rebuilding at least part of the file system associated with user data; and
  
  creating on the remote device a new default key bag containing encryption keys.
- View Dependent Claims (24, 25)
- - 24. The computer-implemented method of claim 23, wherein the obliteration instructions are transmitted wirelessly.
  - 25. The computer-implemented method of claim 23, further causing the computing device to verify, based on a confirmation received from the remote device, that the obliteration instructions were successfully executed on the remote device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Apple Inc.
Original Assignee
Apple Inc.
Inventors
Smith, Michael John, Toelkes, Tahoma Madrone, Chinn, Paul William, Freedman, Gordon, De Atley, Dallas Blake, Duffy, Thomas Brogan JR., Rahardja, David

Granted Patent

US 8,433,901 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/165
CPC Class Codes

G06F 16/162   Delete operations erasing i...

G06F 21/575   Secure boot

G06F 21/6218   to a system of files or obj...

G06F 2221/2143   Clearing memory, e.g. to pr...

SYSTEM AND METHOD FOR WIPING ENCRYPTED DATA ON A DEVICE HAVING FILE-LEVEL CONTENT PROTECTION

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM AND METHOD FOR WIPING ENCRYPTED DATA ON A DEVICE HAVING FILE-LEVEL CONTENT PROTECTION

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links