System and method for preventing access to data on a compromised remote device
First Claim
Patent Images
1. A method of controlling access to data held on a mobile device, the method comprising:
- maintaining, on a mobile device which is a client of a server system, a plurality of sets of data items, the plurality of sets of data items comprising;
a first set of data items comprising data items to be synchronized between the server system and the mobile device via a wireless data connection, such that values of data items of the first set are updated at the server system in response to changes thereto on the mobile device, and values of data items of the first set are updated at the mobile device in response to changes thereto at the server system; and
a second set of data items, different to the first set of data items, the second set of data items comprising data items which are not synchronized with the server system;
receiving, at the server system, an indication that the mobile device has a deauthorized status, the indication originating from a source other than the mobile device;
transmitting, from the server system to the mobile device, in response to the indication, a command to prevent access to the first set of data items; and
responsive to receipt of the command at the mobile device, selectively erasing data items on the mobile device, such that;
data items of the first set of data items are erased; and
access to data items of the second set of data items is maintained after receipt of the command.
4 Assignments
0 Petitions
Accused Products
Abstract
This invention discloses a system and method for selective erasure, encryption and or copying of data on a remote device if the remote device has been compromised or the level of authorization of a roaming user in charge of the remote device has been modified.
-
Citations
32 Claims
-
1. A method of controlling access to data held on a mobile device, the method comprising:
-
maintaining, on a mobile device which is a client of a server system, a plurality of sets of data items, the plurality of sets of data items comprising; a first set of data items comprising data items to be synchronized between the server system and the mobile device via a wireless data connection, such that values of data items of the first set are updated at the server system in response to changes thereto on the mobile device, and values of data items of the first set are updated at the mobile device in response to changes thereto at the server system; and a second set of data items, different to the first set of data items, the second set of data items comprising data items which are not synchronized with the server system; receiving, at the server system, an indication that the mobile device has a deauthorized status, the indication originating from a source other than the mobile device; transmitting, from the server system to the mobile device, in response to the indication, a command to prevent access to the first set of data items; and responsive to receipt of the command at the mobile device, selectively erasing data items on the mobile device, such that; data items of the first set of data items are erased; and access to data items of the second set of data items is maintained after receipt of the command. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A server system for use in controlling access to data held on a mobile device, the server system comprising:
at least one processor and a memory, wherein the at least one processor and memory is configured to cause the server system at least to perform the steps of; receiving, at the server system, an indication that a mobile device has a deauthorized status, the indication originating from a source other than the mobile device, wherein the mobile device is a client of the server system; responsive to receipt of the indication, selecting a set procedure determining data items to be erased at the mobile device; transmitting, to the mobile device, based on the selected procedure, a command to erase data items of a first set of data items, the command being based on the selected set procedure, wherein; the first set of data items comprises data items to be synchronized between a server remote from the mobile device and the mobile device via a wireless data connection, such that values of data items of the first set are updated at the remote server in response to changes thereto on the mobile device, and values of data items of the first set are updated at the mobile device in response to changes thereto at the remote server; the first set of data items are different from a second set of data items, the second set of data items comprising data items which are not synchronized with the remote server; the command results in data items of the first set of data items being erased; and access to data items of the second set of data items is maintained on the mobile device, after receipt of the command. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22)
-
23. A mobile device for controlling access to data items held thereon, the mobile device holding sets of data items thereon, including:
-
a first set of data items comprising data items to be synchronized between a server system and the mobile device via a wireless data connection, such that values of data items of the first set are updated at the server system in response to changes thereto on the mobile device, and values of data items of the first set are updated at the mobile device in response to changes thereto at the server system; and a second set of data items, different to the first set of data items, the second set of data items comprising data items which are not synchronized with the server system, wherein the mobile device is a client of the server system and comprises at least one processor and memory which are configured to cause the mobile device at least to perform the steps of; receiving a command from the server system to prevent access to the first set of data items, the command being received in response to an indication that the mobile device is deauthorized, the indication originating from a source other than the mobile device; and responsive to receipt of the command at the mobile device, selectively erasing data items on the mobile device, such that; data items of the first set of data are erased; and access to data items of the second set of data items is maintained after receipt of the command. - View Dependent Claims (24, 25, 26, 27, 28, 29, 30)
-
-
31. A non-transitory computer-readable storage medium comprising code that when executed on a server system causes the server system to perform a method, the method comprising:
-
receiving, at a server system, an indication that a mobile device has a deauthorized status, the indication originating from a source other than the mobile device, wherein the mobile device is a client of the server system; responsive to receipt of the indication, selecting a set procedure determining data items to be erased at the mobile device; transmitting, to the mobile device, based on the selected procedure, a command to erase data items of a first set of data items, the command being based on the selected set procedure, wherein; the first set of data items comprises data items to be synchronized between a server remote from the mobile device and the mobile device via a wireless data connection, such that values of data items of the first set are updated at the remote server in response to changes thereto on the mobile device, and values of data items of the first set are updated at the mobile device in response to changes thereto at the remote server; the first set of data items are different from a second set of data items, the second set of data items comprising data items which are not synchronized with the remote server; the command results in data items of the first set of data items being erased; and access to data items of the second set of data items is maintained on the mobile device, after receipt of the command.
-
-
32. A non-transitory computer-readable storage medium comprising code that when executed on a mobile device causes the mobile device to perform a method, the method comprising:
-
maintaining, on a mobile device which is a client of a server system, a plurality of sets of data items, the plurality of sets of data items comprising; a first set of data items comprising data items to be synchronized between the server system and the mobile device via a wireless data connection, such that values of data items of the first set are updated at the server system in response to changes thereto on the mobile device, and values of data items of the first set are updated at the mobile device in response to changes thereto at the server system; and a second set of data items, different to the first set of data items, the second set of data items comprising data items which are not synchronized with the server system; receiving a command from the server system to prevent access to the first set of data items, the command being received in response to an indication that the mobile device is deauthorized, the indication originating from a source other than the mobile device; and responsive to receipt of the command at the mobile device, selectively erasing data items on the mobile device, such that; data items of the first set of data are erased; and access to data items of the second set of data items is maintained after receipt of the command.
-
Specification