Selectively wiping a remote device
First Claim
1. A method, the method comprising:
- determining an authorization level selected from a plurality of authorization levels for a command issuer at a server, the command issuer being associated with one of said plurality of authorization levels, each one of the plurality of authorization levels permitting issuance of a securing command;
issuing the command comprising an indicator of said authorization level from the server;
receiving said command at a client device;
determining, using a corresponding predefined rule stored at the client device and associated with said authorization level indicated by said indicator, which of a plurality of data types at the client device is to be secured, said corresponding predefined rule comprising a value indicating each of the plurality of data types to be secured in response to a received command; and
securing, at the client device, the data corresponding to each of the plurality of data types thus determined by;
setting a flag at the client device, the flag comprising a subset value for said each of the plurality of data types, the subset value indicating whether the data of that data type is to be secured,checking each of the subset values of the flag, andcarrying out a securing operation if the subset value indicates that the data of that data type is to be secured, andafter each of the subset values has been checked, resetting the subset values to indicate that no further securing operation is to be carried out.
2 Assignments
0 Petitions
Accused Products
Abstract
A system and method for selectively securing data from unauthorized access on a client device storing a plurality of data types with reference to an authorization level indicated in a command. A command is received at a client device comprising an authorization level indicator. Based on at least one predefined rule, which may be implemented in an IT policy stored at the client device, each of the plurality of data types to be secured is determined, and then the data corresponding to those types is secured. The data may be secured by encrypting and/or deleting the data at the client device. The predefined rules associated with each authorization level may be configured by a user or administrator having an authorization level that exceeds the associated authorization level. The system and method thus provide a method for securing only selected data types, depending on the authorization level of the issuer of the command.
82 Citations
15 Claims
-
1. A method, the method comprising:
-
determining an authorization level selected from a plurality of authorization levels for a command issuer at a server, the command issuer being associated with one of said plurality of authorization levels, each one of the plurality of authorization levels permitting issuance of a securing command; issuing the command comprising an indicator of said authorization level from the server; receiving said command at a client device; determining, using a corresponding predefined rule stored at the client device and associated with said authorization level indicated by said indicator, which of a plurality of data types at the client device is to be secured, said corresponding predefined rule comprising a value indicating each of the plurality of data types to be secured in response to a received command; and securing, at the client device, the data corresponding to each of the plurality of data types thus determined by; setting a flag at the client device, the flag comprising a subset value for said each of the plurality of data types, the subset value indicating whether the data of that data type is to be secured, checking each of the subset values of the flag, and carrying out a securing operation if the subset value indicates that the data of that data type is to be secured, and after each of the subset values has been checked, resetting the subset values to indicate that no further securing operation is to be carried out. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A non-transitory computer readable memory having recorded thereon statements and instructions for execution by one or more computing devices to:
-
determine an authorization level selected from a plurality of authorization levels for a command issuer at a server, the command issuer being associated with one of said plurality of authorization levels, each one of the plurality of authorization levels permitting issuance of a securing command; issue the command comprising an indicator of said authorization level from the server; receive said command at a client device; determine, using a corresponding predefined rule stored at the client device and associated with said authorization level indicated by said indicator, which of a plurality of data types at the client device is to be secured, said corresponding predefined rule comprising a value indicating each of the plurality of data types to be secured in response to a received command; and secure, at the client device, the data corresponding to each of the plurality of data types thus determined by; setting a flag at the client device, the flag comprising a subset value for said each of the plurality of data types, the subset value indicating whether the data of that data type is to be secured, checking each of the subset values of the flag, and carrying out a securing operation if the subset value indicates that the data of that data type is to be secured, and after each of the subset values has been checked, resetting the subset values to indicate that no further securing operation is to be carried out.
-
-
12. A method comprising:
-
determining an authorization level selected from a plurality of authorization levels for a command issuer at a server, the command issuer being associated with one of said plurality of authorization levels, each one of the plurality of authorization levels permitting issuance of a securing command; issuing the command comprising an indicator of said authorization level from the server; receiving said command at a client device; determining which of the plurality of data types at the client device is to be secured by identifying each of a plurality of predefined rules corresponding to an authorization level equal to or less than the authorization level indicated in the received command, each of the plurality of predefined rules being associated with one of the plurality of data types, said each of the plurality of predefined rules comprising a value indicating each of the plurality of data types to be secured in response to a received command; and securing only the data corresponding to each of the plurality of data types thus identified by; setting a flag at the client device, the flag comprising a subset value for said each of the plurality of data types, the subset value indicating whether the data of that data type is to be secured, checking each of the subset values of the flag, and carrying out a securing operation if the subset value indicates that the data of that data type is to be secured, and after each of the subset values has been checked, resetting the subset values to indicate that no further securing operation is to be carried out. - View Dependent Claims (13, 14)
-
-
15. A non-transitory computer readable memory having recorded thereon statements and instructions for execution by one or more computing devices to:
-
determine an authorization level selected from a plurality of authorization levels for a command issuer at a server, the command issuer being associated with one of said plurality of authorization levels, each one of the plurality of authorization levels permitting issuance of a securing command; issue the command comprising an indicator of said authorization level from the server; receive said command at a client device; determine which of the plurality of data types at the client device is to be secured by identifying each of a plurality of predefined rules corresponding to an authorization level equal to or less than the authorization level indicated in the received command, each of the plurality of predefined rules being associated with one of the plurality of data types, said each of the plurality of predefined rules comprising a value indicating each of the plurality of data types to be secured in response to a received command; and secure only the data corresponding to each of the plurality of data types thus identified by; setting a flag at the client device, the flag comprising a subset value for said each of the plurality of data types, the subset value indicating whether the data of that data type is to be secured, checking each of the subset values of the flag, and carrying out a securing operation if the subset value indicates that the data of that data type is to be secured, and after each of the subset values has been checked, resetting the subset values to indicate that no further securing operation is to be carried out.
-
Specification