System and method for wiping and disabling a removed device
First Claim
1. A method for issuing a security command for remote execution at a target mobile device, the target mobile device being configured to receive commands encrypted using a command encryption key, decrypt said encrypted commands using a corresponding command decryption key stored at the target mobile device, and execute said commands once decrypted, the method comprising:
- storing, at a server system, registration data associated with the target mobile device, the registration data including the command encryption key for encrypting commands for the target mobile device;
while the server system is authorized to generate security commands for the target mobile device through possession of the command encryption key;
generating, at the server system, a security command for the target mobile device, the security command comprising at least one of a command to erase at least a portion of data stored at the target mobile device and a command to disable access to at least one application executable at the target mobile device;
encrypting the security command using the command encryption key; and
storing the encrypted security command at the server system; and
after the server system is subsequently configured such that the server system is no longer authorized to generate security commands for the target mobile device, wherein configuring the server system to be no longer authorized to generate security commands for the target mobile device comprises deleting the command encryption key from the server system without deleting the stored encrypted security command;
in response to an instruction received at the server system, retrieving the stored encrypted security command, and transmitting the encrypted security command to the target mobile device for decryption and execution by the target mobile device.
4 Assignments
0 Petitions
Accused Products
Abstract
A system and method implemented at a server system, for securely wiping a remote mobile device after the device registration has been removed from the server system. Prior to removal of the device registration from the server system, a “pre-packaged” command is created and stored at the server system. In the event that it is determined, after removal of the registration, that the device should be wiped or disabled, means are provided for an administrator to issue the previously stored command to the target mobile device.
-
Citations
20 Claims
-
1. A method for issuing a security command for remote execution at a target mobile device, the target mobile device being configured to receive commands encrypted using a command encryption key, decrypt said encrypted commands using a corresponding command decryption key stored at the target mobile device, and execute said commands once decrypted, the method comprising:
-
storing, at a server system, registration data associated with the target mobile device, the registration data including the command encryption key for encrypting commands for the target mobile device; while the server system is authorized to generate security commands for the target mobile device through possession of the command encryption key; generating, at the server system, a security command for the target mobile device, the security command comprising at least one of a command to erase at least a portion of data stored at the target mobile device and a command to disable access to at least one application executable at the target mobile device; encrypting the security command using the command encryption key; and storing the encrypted security command at the server system; and after the server system is subsequently configured such that the server system is no longer authorized to generate security commands for the target mobile device, wherein configuring the server system to be no longer authorized to generate security commands for the target mobile device comprises deleting the command encryption key from the server system without deleting the stored encrypted security command; in response to an instruction received at the server system, retrieving the stored encrypted security command, and transmitting the encrypted security command to the target mobile device for decryption and execution by the target mobile device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A server system for issuing security commands to a target mobile device, the target mobile device being configured to receive commands encrypted using a command encryption key, decrypt said encrypted commands using a corresponding command decryption key stored at the target mobile device, and execute said commands once decrypted, the server system comprising:
-
a processor; a memory, the memory storing executable instructions, which when executed by the processor cause the processor to perform the following; store, at the server system, registration data associated with the target mobile device, the registration data including the command encryption key for encrypting commands for the target mobile device; generate, while the server system is authorized to generate security commands for the target mobile device through possession of the command encryption key a security command for the target mobile device, the security command comprising at least one of a command to erase at least a portion of data stored at the target mobile device and a command to disable access to at least one application executable at the target mobile device; encrypt the security command using the command encryption key; and store the encrypted security command at the server system; and a transmitter to transmit, after the server system is subsequently configured such that the server system is no longer authorized to generate security commands for the target mobile device, wherein configuring the server system to be no longer authorized to generate security commands for the target mobile device comprises deleting the command encryption key from the server system without deleting the stored encrypted security command, the stored encrypted security command to the target mobile device for decryption and execution by the target mobile device. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
-
-
18. A system, comprising:
-
a target mobile device configured to receive commands encrypted using a command encryption key, decrypt said encrypted commands using a corresponding command decryption key stored at the target mobile device, and execute said commands once decrypted; and a server system comprising; a processor and a memory, the memory storing executable instructions, which when executed by the processor cause the processor to perform the following; store, at the server system, registration data associated with the target mobile device, the registration data including the command encryption key for encrypting commands for the target mobile device; generate, while the server system is authorized to generate security commands for the target mobile device through possession of a command encryption key, a security command for the target mobile device, the security command comprising at least one of a command to erase at least a portion of data stored at the target mobile device and a command to disable access to at least one application executable at the target mobile device; encrypt the security command using the command encryption key; store the encrypted security command at the server system; and transmit, after the server system is subsequently configured such that the server system is no longer authorized to generate security commands for the target mobile device, wherein configuring the server system to be no longer authorized to generate security commands for the target mobile device comprises deleting the command encryption key from the server system without deleting the stored encrypted security command, the stored encrypted security command to the target mobile device for decryption and execution by the target mobile device. - View Dependent Claims (19)
-
-
20. A non-transitory computer readable medium having recorded thereon instructions for execution by a computing device to carry out a method for issuing a security command for remote execution at a target mobile device, the target mobile device being configured to receive commands encrypted using a command encryption key, decrypt said encrypted commands using a corresponding command decryption key stored at the target mobile device, and execute said commands once decrypted, the method comprising:
-
storing, at a server system, registration data associated with the target mobile device, the registration data including the command encryption key for encrypting commands for the target mobile device; while the server system is authorized to generate security commands for a target mobile device through possession of the command encryption; generating, at the server system, a security command for the target mobile device, the security command comprising at least one of a command to erase at least a portion of data stored at the target mobile device and a command to disable access to at least one application executable at the target mobile device; encrypting the security command using the command encryption key; and storing the encrypted security command at the server system; and after the server system is subsequently configured such that the server system is no longer authorized to generate security commands for the target mobile device, wherein configuring the server system to be no longer authorized to generate security commands for the target mobile device comprises deleting the command encryption key from the server system without deleting the stored encrypted security command; in response to an instruction received at the server system, retrieving the stored encrypted security command and transmitting the encrypted security command to the target mobile device for decryption and execution by the target mobile device.
-
Specification