Discriminating data protection system

US 8,419,806 B2
Filed: 05/05/2010
Issued: 04/16/2013
Est. Priority Date: 05/05/2009
Status: Active Grant

First Claim

Patent Images

1. A non-transitory computer readable medium having stored thereon an agent program that instructs an electronic computing device to at least:

determine, in response to a trigger which indicates a likely theft or loss of the device, a first point in time prior to the trigger, said first point in time being associated with a last known use prior to the theft or loss of the electronic computing device;

identify a first set of files on the device that were created prior to said first point in time;

identify a second set of files on the device that were created between said first point in time and the trigger, and which were therefore potentially created by an innocent user after the theft or loss of the device; and

execute, in connection with the theft or loss, a discriminating data protection policy that treats the first set of files differently from the second set of files.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A data protection system selectively deletes data from an electronic device when the device is reported as lost or stolen, or when another data protection triggering event occurs. Different data files may, for example, be treated differently depending on when such files were created. For example, data files that were created while the computing device was known to be in the owner'"'"'s possession may be deleted, while data files created after the electronic device left the owner'"'"'s possession may be left intact (since they may have been created by an innocent user). Data files created between these two points in time may be quarantined so that they later be restored, if appropriate.

Citations

19 Claims

1. A non-transitory computer readable medium having stored thereon an agent program that instructs an electronic computing device to at least:
- determine, in response to a trigger which indicates a likely theft or loss of the device, a first point in time prior to the trigger, said first point in time being associated with a last known use prior to the theft or loss of the electronic computing device;
  
  identify a first set of files on the device that were created prior to said first point in time;
  
  identify a second set of files on the device that were created between said first point in time and the trigger, and which were therefore potentially created by an innocent user after the theft or loss of the device; and
  
  execute, in connection with the theft or loss, a discriminating data protection policy that treats the first set of files differently from the second set of files.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The computer readable medium of claim 1, wherein the agent program further instructs the electronic computing device to:
    - determine, in response to said trigger, a second point in time, wherein the second point in time is after the first point in time, and is a reported date of theft or loss of the device, wherein the second set of files consists of files created between the first point in time and the second point in time;
      
      identify a third set of files on the device that were created after the second point in time; and
      
      discriminate, in executing the discriminating data protection policy, between;
      
      (1) the first set of files stored on the computing device that were created before the first point in time, (2) the second set of files stored on the computing device that were created between the first point in time and the second point in time, and (3) the third set of files stored on the computing device that were created after the second point in time.
  - 3. The computer readable medium of claim 1, wherein the trigger comprises a failure of a current user to supply a valid access credential.
  - 4. The computer readable medium of claim 2, wherein the agent program instructs the electronic computing device to:
    - transmit the second set of files to a monitoring center in encrypted or unencrypted form, and to then delete the second set of files from the device;
      
      delete the first set of files from the computing device without first transmitting the first set of files to the monitoring center; and
      
      leave the third set of files intact on the device.
  - 5. The computer readable medium of claim 1, wherein the agent program instructs the electronic computing device to delete the first set of files, and to encrypt or quarantine the second set of files.
  - 6. The computer readable medium of claim 1, wherein the agent program instructs the electronic computing device to delete the first set of files only.
  - 7. The computer readable medium of claim 1, wherein the first point in time is a date of last known authorized use of the device prior to the theft or loss of the device.
  - 8. The computer readable medium of claim 1, wherein the trigger is one of:
    - a. an elapse of a predetermined time interval during which a communication over a network with a monitoring center is not made;
      
      b. use of the electronic computing device without connection to the internet;
      
      c. use of the device without input of a correct password;
      
      d. input of a predetermined number of incorrect passwords;
      
      ore. a combination of an elapse of a predetermined time interval during which a communication over a network with a monitoring center is not made and the input of a predetermined number of incorrect passwords.
  - 9. The computer-readable medium of claim 1, wherein the first point in time is based on a last connection established between the electronic computing device and a monitoring center.
  - 10. The computer-readable medium of claim 9, wherein the trigger is an event in which a client component running on the computing device detects, based on usage of the electronic computing device, a likely theft of the electronic computing device.

11. A system for protecting data, the system comprising:
- an electronic computing device having a processor and a memory, the electronic computing device configured to;
  
  determine, in response to a trigger which indicates that the device has likely been lost or stolen, a first point in time associated with a last known use prior to the theft or loss of the electronic computing device, said first point in time being prior to said trigger;
  
  identify a first set of files on the device that were created prior to said first point in time;
  
  identify a second set of files on the device that were created between said first point in time and the trigger, and which were therefore potentially created by an innocent user after the theft or loss of the device; and
  
  execute, in connection with the theft or loss, a discriminating data protection policy that treats the first set of files differently from the second set of files.
- View Dependent Claims (12, 13, 14)
- - 12. The system of claim 11, wherein the electronic computing device is configured to communicate over a network with a monitoring center to implement the discriminating data protection policy.
  - 13. The system of claim 12, wherein the electronic computing device is configured to receive, from the monitoring center, a notification of the theft or loss, said notification identifying said first point in time.
  - 14. The system of claim 11, wherein the electronic computing device is further configured to:
    - determine, in response to said trigger, a second point in time, wherein the second point in time is after the first point in time, and is a reported date of theft or loss of the device, wherein the second set of files consists of files created between the first point in time and the second point in time;
      
      identify a third set of files on the device that were created after the second point in time; and
      
      discriminate, in executing said discriminating data protection policy, between;
      
      (1) the first set of files stored on the computing device that were created before the first point in time, (2) the second set of files stored on the computing device that were created between the first point in time and the second point in time, and (3) the third set of files stored on the computing device that were created after the second point in time.

15. A method for protecting data stored on an electronic computing device until ownership of the data can be determined, the method comprising:
- by the electronic computing device under control of an agent program;
  
  determining, in response to a trigger which indicates that the device has likely been lost or stolen, a first point in time associated with a last known use prior to a theft or loss of the electronic computing device, said trigger occurring after said first point in time;
  
  identifying a first set of files on the device that were created prior to said first point in time;
  
  identifying a second set of files on the device that were created between said first point in time and the trigger, and which were therefore potentially created by an innocent user after the theft or loss of the device; and
  
  executing, in connection with the theft or loss, a discriminating data protection policy that treats the first set of files differently from the second set of files.
- View Dependent Claims (16, 17, 18, 19)
- - 16. The method of claim 15, further comprising the steps of:
    - determining, in response to said trigger, a second point in time associated with the theft or loss of the electronic computing device, wherein the second point in time is after the first point in time, and is a reported point in time of theft or loss of the device, wherein the second set of files consists of files created between the first point in time and the second point in time;
      
      identifying a third set of files on the device that were created after the second point in time; and
      
      executing, in connection with the theft or loss, a discriminating data protection policy that discriminates between;
      
      (1) the first set of files stored on the computing device that were created before the first point in time, (2) the second set of files stored on the computing device that were created between the first point in time and the second point in time, and (3) the third set of files stored on the computing device that were created after the second point in time.
  - 17. The method of claim 15, wherein the first point in time is based on a last connection established between the electronic computing device and a monitoring center.
  - 18. The method of claim 17, wherein the trigger is an event in which the agent program detects, based on usage of the electronic computing device, a likely theft of the electronic computing device.
  - 19. The method of claim 17, wherein the first point in time is based on a last internet connection established by the electronic computing device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Absolute Software Corporation
Original Assignee
Absolute Software Corporation
Inventors
Chase, Robert
Primary Examiner(s)
Armouche, Hadi
Assistant Examiner(s)
LEWIS, LISA C

Application Number

US12/774,603
Publication Number

US 20100287619A1
Time in Patent Office

1,077 Days
Field of Search

726/26, 726/34, 726/35
US Class Current

726/35
CPC Class Codes

G06F 21/60   Protecting data

G06F 21/88   Detecting or preventing the...

G06F 2221/2101   Auditing as a secondary aspect

G06F 2221/2107   File encryption

G06F 2221/2111   Location-sensitive, e.g. ge...

G06F 2221/2115   Third party

G06F 2221/2143   Clearing memory, e.g. to pr...

G06F 2221/2151   Time stamp

H04L 63/1441   Countermeasures against mal...

Discriminating data protection system

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Discriminating data protection system

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links