CONTROLLING MOBILE DEVICE ACCESS TO SECURE DATA
First Claim
1. A method, comprising:
- intercepting, by a mobile device, a read or write operation from a managed application executing on the mobile device;
accessing, based on the read or write operation, a secure container that is a logical interface into which read or write operations are redirected and in which data is in an encrypted form;
determining to perform a selective wipe of data associated with the managed application;
deleting encrypted data from the secure container; and
transmitting a selective wipe acknowledgement to an access gateway, wherein the acknowledgement includes a listing of secure containers that included data that was deleted during the selective wipe.
1 Assignment
0 Petitions
Accused Products
Abstract
Various aspects of the disclosure relate to providing secure containers or data vaults for data of one or more managed applications. In some embodiments, each managed application may be assigned its own private data vault and/or may be assigned a shared data vault that is accessible to at least one other managed application. As the managed application executes, calls for access to the data may be intercepted and redirected to the secure containers. Data stored in a secure container may be encrypted according to a policy. Other aspects relate to deleting data from a secure container, such as via a selective wipe of data associated with a managed application. Further aspects relate to configuring and creating the secure containers, retrieving key information required to encrypt/decrypt the data stored in the secure containers, and publishing the managed applications, policy information and key information for download to a mobile device.
-
Citations
20 Claims
-
1. A method, comprising:
-
intercepting, by a mobile device, a read or write operation from a managed application executing on the mobile device; accessing, based on the read or write operation, a secure container that is a logical interface into which read or write operations are redirected and in which data is in an encrypted form; determining to perform a selective wipe of data associated with the managed application; deleting encrypted data from the secure container; and transmitting a selective wipe acknowledgement to an access gateway, wherein the acknowledgement includes a listing of secure containers that included data that was deleted during the selective wipe. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. An apparatus, comprising:
-
at least one processor; and memory storing executable instructions configured to, when executed by the at least one processor, cause the apparatus to; intercept a read or write operation from a managed application executing on the apparatus; access, based on the read or write operation, a secure container that is a logical interface into which read or write operations are redirected and in which data is in an encrypted form; determine to perform a selective wipe of data associated with the managed application; delete encrypted data from the secure container; and transmit a selective wipe acknowledgement to an access gateway, wherein the acknowledgement includes a listing of secure containers that included data that was deleted during the selective wipe. - View Dependent Claims (12, 13, 14, 15, 16)
-
-
17. One or more non-transitory computer-readable media storing instructions configured to, when executed, cause at least one computing device to:
-
intercept a read or write operation from a managed application executing on the at least one computing device; access, based on the read or write operation, a secure container that is a logical interface into which read or write operations are redirected and in which data is in an encrypted form; determine to perform a selective wipe of data associated with the managed application; delete encrypted data from the secure container; and transmit a selective wipe acknowledgement to an access gateway, wherein the acknowledgement includes a listing of secure containers that included data that was deleted during the selective wipe. - View Dependent Claims (18, 19, 20)
-
Specification