Distributed data revocation using data commands
First Claim
1. A method for operating a network comprising:
- intercepting, at a policy proxy implemented on non-transitory computer-readable media, a data stream being exchanged between a data server and the mobile device, wherein the policy proxy is remotely and communicably connected to the mobile device over a communication network, and the data stream comprises a synchronization request and email synchronization results,comparing, at the policy proxy, actual policy elements of the mobile device with expected policy elements of the mobile device, wherein the mobile device is not configured to support the expected policy elements; and
,modifying, at the policy proxy, the data stream in accordance with difference between the actual policy elements and the expected policy elements to bring the mobile device into compliance with the expected policy elements;
wherein modifying the data stream comprises, when the mobile device requests from the data server to synchronize with a non-empty mailbox or a non-empty folder and the policy proxy determines the mobile device does not have access to the non-empty mailbox or the non-empty folder, modifying the e-mail synchronization results from the data server to cause the mobile device to synchronize with an empty mailbox or an empty folder, respectively, and to cause the deletion of the non-empty mailbox or the non-empty folder of the mobile device respectively.
15 Assignments
0 Petitions
Accused Products
Abstract
A policy proxy intercepts a data stream between a data server and a user or other device, identifies the user device, and identifies a policy in an integrated policy server applicable to the user device based on the identity of the user device. The policy proxy may identify one or more of the policy elements based on the user device, and translate the policy elements into actions involving the data stream between the data server and the user device so as to implement at least one aspect of the identified policy. The actions can comprise permitting normal exchange of data between the data server and the user device, preventing communication between the data server and the user device, or modifying the data stream between the data server and the user device.
-
Citations
17 Claims
-
1. A method for operating a network comprising:
-
intercepting, at a policy proxy implemented on non-transitory computer-readable media, a data stream being exchanged between a data server and the mobile device, wherein the policy proxy is remotely and communicably connected to the mobile device over a communication network, and the data stream comprises a synchronization request and email synchronization results, comparing, at the policy proxy, actual policy elements of the mobile device with expected policy elements of the mobile device, wherein the mobile device is not configured to support the expected policy elements; and
,modifying, at the policy proxy, the data stream in accordance with difference between the actual policy elements and the expected policy elements to bring the mobile device into compliance with the expected policy elements; wherein modifying the data stream comprises, when the mobile device requests from the data server to synchronize with a non-empty mailbox or a non-empty folder and the policy proxy determines the mobile device does not have access to the non-empty mailbox or the non-empty folder, modifying the e-mail synchronization results from the data server to cause the mobile device to synchronize with an empty mailbox or an empty folder, respectively, and to cause the deletion of the non-empty mailbox or the non-empty folder of the mobile device respectively. - View Dependent Claims (2, 6, 7, 8, 9, 10, 11)
-
-
3. A system for operating a network comprising:
-
one or more memory elements; a processor; wherein the one or more memory elements has program instructions stored thereon for providing a policy proxy, when the program instructions are executed by the processor, the policy proxy is configured to; intercept a data stream being exchanged between a data server and the mobile device, wherein the policy proxy is remotely and communicably connected to the mobile device over a communication network, and the policy proxy is structured to compare actual policy elements of the mobile device with expected policy elements of the mobile device, wherein the mobile device is not configured to support the expected policy elements, and the data stream comprises a synchronization request and email synchronization results; modify the data stream in accordance with difference between the actual policy elements and the expected policy elements to bring the mobile device into compliance with the expected policy elements; wherein modifying the data stream comprises, when the mobile device requests from the data server to synchronize with a non-empty mailbox or a non-empty folder and the policy proxy determines the mobile device does not have access to the non-empty mailbox or the non-empty folder, modifying the e-mail synchronization results from the data server to cause the mobile device to synchronize with an empty mailbox or an empty folder, respectively, and to cause the deletion of the non-empty mailbox or the non-empty folder of the mobile device respectively. - View Dependent Claims (4, 12, 13, 14, 15)
-
-
5. A computer storage device coupled to a processor, said computer storage device storing computer program instructions that when executed control the processor to perform the following functions:
-
intercepting, using a policy proxy, a data stream being exchanged between a data server and the mobile device, wherein the policy proxy is remotely and communicably connected to the mobile device over a communication network, and the data stream comprises a synchronization request and email synchronization results, comparing, using the policy proxy, actual policy elements of the mobile device with expected policy elements of the mobile device, wherein the mobile device is not configured to support the expected policy elements; modifying, using the policy proxy, the data stream in accordance with difference between the actual policy elements and the expected policy elements to bring the mobile device into compliance with the expected policy elements; wherein the function of modifying the data stream comprises, when the mobile device requests from the data server to synchronize with a non-empty mailbox or a non-empty folder and the policy proxy determines the mobile device does not have access to the non-empty mailbox or the non-empty folder, modifying the e-mail synchronization results from the data server to cause the mobile device to synchronize with an empty mailbox or an empty folder, respectively, and to cause the deletion of the non-empty mailbox or the non-empty folder of the mobile device respectively. - View Dependent Claims (16, 17)
-
Specification