System and method for wiping and disabling a removed device

US 8,856,511 B2
Filed: 12/14/2006
Issued: 10/07/2014
Est. Priority Date: 12/14/2006
Status: Active Grant

First Claim

Patent Images

1. A method for issuing a security command for remote execution at a target mobile device, the target mobile device being configured to receive commands encrypted using a command encryption key, decrypt said encrypted commands using a corresponding command decryption key stored at the target mobile device, and execute said commands once decrypted, the method comprising:

storing, at a server system, registration data associated with the target mobile device, the registration data including the command encryption key for encrypting commands for the target mobile device;

while the server system is authorized to generate security commands for the target mobile device through possession of the command encryption key;

generating, at the server system, a security command for the target mobile device, the security command comprising at least one of a command to erase at least a portion of data stored at the target mobile device and a command to disable access to at least one application executable at the target mobile device;

encrypting the security command using the command encryption key; and

storing the encrypted security command at the server system; and

after the server system is subsequently configured such that the server system is no longer authorized to generate security commands for the target mobile device, wherein configuring the server system to be no longer authorized to generate security commands for the target mobile device comprises deleting the command encryption key from the server system without deleting the stored encrypted security command;

in response to an instruction received at the server system, retrieving the stored encrypted security command, and transmitting the encrypted security command to the target mobile device for decryption and execution by the target mobile device.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method implemented at a server system, for securely wiping a remote mobile device after the device registration has been removed from the server system. Prior to removal of the device registration from the server system, a “pre-packaged” command is created and stored at the server system. In the event that it is determined, after removal of the registration, that the device should be wiped or disabled, means are provided for an administrator to issue the previously stored command to the target mobile device.

Citations

20 Claims

1. A method for issuing a security command for remote execution at a target mobile device, the target mobile device being configured to receive commands encrypted using a command encryption key, decrypt said encrypted commands using a corresponding command decryption key stored at the target mobile device, and execute said commands once decrypted, the method comprising:
- storing, at a server system, registration data associated with the target mobile device, the registration data including the command encryption key for encrypting commands for the target mobile device;
  
  while the server system is authorized to generate security commands for the target mobile device through possession of the command encryption key;
  
  generating, at the server system, a security command for the target mobile device, the security command comprising at least one of a command to erase at least a portion of data stored at the target mobile device and a command to disable access to at least one application executable at the target mobile device;
  
  encrypting the security command using the command encryption key; and
  
  storing the encrypted security command at the server system; and
  
  after the server system is subsequently configured such that the server system is no longer authorized to generate security commands for the target mobile device, wherein configuring the server system to be no longer authorized to generate security commands for the target mobile device comprises deleting the command encryption key from the server system without deleting the stored encrypted security command;
  
  in response to an instruction received at the server system, retrieving the stored encrypted security command, and transmitting the encrypted security command to the target mobile device for decryption and execution by the target mobile device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein generating the encrypted security command comprises inserting the security command in a message addressed to the target mobile device;
    - and further wherein transmitting the encrypted security command comprises retrieving the message and transmitting the message to the target mobile device.
  - 3. The method of claim 1, wherein transmitting the encrypted security command comprises retrieving the stored encrypted security command and inserting it in a message addressed to the target mobile device.
  - 4. The method of claim 1, the command encryption key is deleted from the server system in response to a command to delete the registration data associated with the target mobile device.
  - 5. The method of claim 1, wherein storing the encrypted security command further comprises assigning an expiration time to the stored encrypted security command, such that the stored encrypted security command is automatically deleted at the expiration time.
  - 6. The method of claim 1 further comprising deleting the stored security encrypted command in response to a received command to delete the stored encrypted security command.
  - 7. The method of claim 1, wherein the command encryption key and the corresponding command decryption key comprise a symmetric key pair.
  - 8. The method of claim 1, wherein the command encryption key and the corresponding command decryption key comprise an asymmetric key pair.
  - 9. The method of claim 8, wherein the corresponding command decryption key comprises a transport key.

10. A server system for issuing security commands to a target mobile device, the target mobile device being configured to receive commands encrypted using a command encryption key, decrypt said encrypted commands using a corresponding command decryption key stored at the target mobile device, and execute said commands once decrypted, the server system comprising:
- a processor;
  
  a memory, the memory storing executable instructions, which when executed by the processor cause the processor to perform the following;
  
  store, at the server system, registration data associated with the target mobile device, the registration data including the command encryption key for encrypting commands for the target mobile device;
  
  generate, while the server system is authorized to generate security commands for the target mobile device through possession of the command encryption key a security command for the target mobile device, the security command comprising at least one of a command to erase at least a portion of data stored at the target mobile device and a command to disable access to at least one application executable at the target mobile device;
  
  encrypt the security command using the command encryption key; and
  
  store the encrypted security command at the server system; and
  
  a transmitter to transmit, after the server system is subsequently configured such that the server system is no longer authorized to generate security commands for the target mobile device, wherein configuring the server system to be no longer authorized to generate security commands for the target mobile device comprises deleting the command encryption key from the server system without deleting the stored encrypted security command, the stored encrypted security command to the target mobile device for decryption and execution by the target mobile device.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
- - 11. The server system of claim 10, wherein the transmission module is further configured to generate a message addressed to the target mobile device comprising the stored encrypted security command.
  - 12. The server system of claim 10, wherein the processor is further configured to generate the encrypted security command by generating a message comprising the security command and encrypting the message using the command encryption key.
  - 13. The server system of claim 10, wherein the processor is further configured to delete the stored encrypted security command at an expiration time.
  - 14. The server system of claim 10, wherein the processor is further configured to delete the stored encrypted security command in response to a received command to delete the stored security command.
  - 15. The server system of claim 10, wherein the corresponding command decryption key and the command encryption key comprise a symmetric key pair.
  - 16. The server system of claim 10, wherein the corresponding command decryption key and the command encryption key comprise an asymmetric key pair.
  - 17. The server system of claim 16, wherein the corresponding command decryption key comprises a transport key.

18. A system, comprising:
- a target mobile device configured to receive commands encrypted using a command encryption key, decrypt said encrypted commands using a corresponding command decryption key stored at the target mobile device, and execute said commands once decrypted; and
  
  a server system comprising;
  
  a processor and a memory, the memory storing executable instructions, which when executed by the processor cause the processor to perform the following;
  
  store, at the server system, registration data associated with the target mobile device, the registration data including the command encryption key for encrypting commands for the target mobile device;
  
  generate, while the server system is authorized to generate security commands for the target mobile device through possession of a command encryption key, a security command for the target mobile device, the security command comprising at least one of a command to erase at least a portion of data stored at the target mobile device and a command to disable access to at least one application executable at the target mobile device;
  
  encrypt the security command using the command encryption key;
  
  store the encrypted security command at the server system; and
  
  transmit, after the server system is subsequently configured such that the server system is no longer authorized to generate security commands for the target mobile device, wherein configuring the server system to be no longer authorized to generate security commands for the target mobile device comprises deleting the command encryption key from the server system without deleting the stored encrypted security command, the stored encrypted security command to the target mobile device for decryption and execution by the target mobile device.
- View Dependent Claims (19)
- - 19. The system of claim 18, wherein the target mobile device comprises a wireless mobile communication device.

20. A non-transitory computer readable medium having recorded thereon instructions for execution by a computing device to carry out a method for issuing a security command for remote execution at a target mobile device, the target mobile device being configured to receive commands encrypted using a command encryption key, decrypt said encrypted commands using a corresponding command decryption key stored at the target mobile device, and execute said commands once decrypted, the method comprising:
- storing, at a server system, registration data associated with the target mobile device, the registration data including the command encryption key for encrypting commands for the target mobile device;
  
  while the server system is authorized to generate security commands for a target mobile device through possession of the command encryption;
  
  generating, at the server system, a security command for the target mobile device, the security command comprising at least one of a command to erase at least a portion of data stored at the target mobile device and a command to disable access to at least one application executable at the target mobile device;
  
  encrypting the security command using the command encryption key; and
  
  storing the encrypted security command at the server system; and
  
  after the server system is subsequently configured such that the server system is no longer authorized to generate security commands for the target mobile device, wherein configuring the server system to be no longer authorized to generate security commands for the target mobile device comprises deleting the command encryption key from the server system without deleting the stored encrypted security command;
  
  in response to an instruction received at the server system, retrieving the stored encrypted security command and transmitting the encrypted security command to the target mobile device for decryption and execution by the target mobile device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Malikie Innovations Limited (Key Patent Innovations Limited)
Original Assignee
Blackberry Limited
Inventors
Brown, Michael K., Totzke, Scott W., Kirkup, Michael G.
Primary Examiner(s)
Shiferaw, Eleni
Assistant Examiner(s)
VU, PHY ANH TRAN

Application Number

US11/610,621
Publication Number

US 20080148042A1
Time in Patent Office

2,854 Days
Field of Search

713153-167, 726/26
US Class Current

713/154
CPC Class Codes

H04L 63/0435   wherein the sending and rec...

H04L 63/0442   wherein the sending and rec...

H04L 63/06   for supporting key manageme...

System and method for wiping and disabling a removed device

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for wiping and disabling a removed device

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links