System and method to provide server control for access to mobile client data
First Claim
Patent Images
1. A system for protecting a data item, comprising:
- a hardware processor;
a sensitivity determination module configured to determine a sensitivity score of the data item and a current protection level of the data item upon initiation of transfer of the data item from a server to a client device;
a policy decision module configured to apply a policy, using the processor, to determine an appropriate protection for the data item based upon the sensitivity score, the current protection level, and features of the client device, wherein the features of the client device include one or more of a history of compromises, an ownership status, an operating system, a version of the operating system, applications stored on the client device, a patch status, suspected malware, a status of a network connected to the client device, and an application of the client device used to access the data item; and
a secure migration manager module configured to provide a protected data item to the client device by applying the appropriate protection to one or more data items, wherein a unique encryption key is employed for each application of a protection technique on each of the one or more data items.
0 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for protecting a data item include, upon initiation of transfer of the data item from a server to a client device, determining a sensitivity score and a current protection level of the data item. A policy is applied to determine an appropriate protection for the data item based upon the sensitivity score and the current protection level. A protected data item is provided to the client device by applying the appropriate protection to the data item.
-
Citations
23 Claims
-
1. A system for protecting a data item, comprising:
-
a hardware processor; a sensitivity determination module configured to determine a sensitivity score of the data item and a current protection level of the data item upon initiation of transfer of the data item from a server to a client device; a policy decision module configured to apply a policy, using the processor, to determine an appropriate protection for the data item based upon the sensitivity score, the current protection level, and features of the client device, wherein the features of the client device include one or more of a history of compromises, an ownership status, an operating system, a version of the operating system, applications stored on the client device, a patch status, suspected malware, a status of a network connected to the client device, and an application of the client device used to access the data item; and a secure migration manager module configured to provide a protected data item to the client device by applying the appropriate protection to one or more data items, wherein a unique encryption key is employed for each application of a protection technique on each of the one or more data items. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A system for protecting a data item, comprising:
-
a hardware processor; a sensitivity determination module configured to determine a sensitivity score of the data item and a current protection level of the data item using a data protection server upon initiation of transfer of the data item from a server to a mobile device; a policy decision module configured to apply a policy, using the processor, to determine an appropriate protection for the data item using the data protection server, wherein the appropriate protection is based upon the sensitivity score, the current protection level, features of at least one of the data item and the mobile device, wherein the features of the mobile device include one or more of a history of compromises, an ownership status, an operating system, a version of the operating system, applications stored on the client device, a patch status, suspected malware, a status of a network connected to the client device, and an application of the client device used to access the data item; and a secure migration manager module configured to provide one or more protected data items to the mobile device by applying the appropriate protection to the one or more data items using the data protection server, wherein a unique encryption key is employed for each application of a protection technique on each of the one or more data items.
-
-
14. A system for accessing one or more protected data items, comprising:
-
a hardware processor; a policy decision module configured to determine, using the processor, a level of confidence that a user of a client device is an authorized user of the client device to determine eligibility of the user to access the one or more protected data items in response to a request to access the one or more protected data items, wherein the level of confidence is based on one or more of a context of the client device, an authentication history of the client device, and an access history of the user of the client device, wherein the context of the client device includes one or more of a current location, a location history, a history of compromises, an ownership status, an operating system, a version of the operating system, an application stored on the client device, a patch status, suspected malware, and a security status of a network connected to the client device; and an authentication manager module configured to provide access to the one or more protected data items to the client device in accordance with the level of confidence, such that a level of confidence needed to access the protected data item is based upon a sensitivity score of the one or more protected data items, wherein a unique encryption key is employed for each application of a protection technique on each of the one or more protected data items. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. A system for accessing one or more protected data items, comprising:
-
a hardware processor; a policy decision module configured to determine, using the processor, a level of confidence that a user of a mobile device is an authorized user of the mobile device to determine eligibility of the user to access the one or more protected data items using a data protection server in response to a request to access the one or more protected data items, wherein the level of confidence is based on one or more of a context of the client device, an authentication history of the client device, and an access history of the user of the client device, wherein the context of the client device includes one or more of a current location, a location history, a history of compromises, an ownership status, an operating system, a version of the operating system, an application stored on the client device, a patch status, suspected malware, and a security status of a network connected to the client device; and an authentication manager module configured to provide access to the one or more protected data items to the client device using the data protection system in accordance with the level of confidence, such that a level of confidence needed to access the one or more protected data items is based upon sensitivity of the one or more protected data items, wherein a unique encryption key is employed for each application of a protection technique on each of the one or more protected data items.
-
Specification