Offline data delete with false trigger protection

US 9,154,499 B2
Filed: 05/29/2008
Issued: 10/06/2015
Est. Priority Date: 05/29/2007
Status: Active Grant

First Claim

Patent Images

1. A method for protecting data stored on an electronic device from access by an illegitimate user, the method comprising:

establishing a first communication between an agent installed in the electronic device and a remote server;

subsequently, determining that a second communication has not been established between the agent and the remote server within a predetermined period of time for establishing a communication between the agent and the remote server;

in response to determining that the second communication has not been established within the predetermined period of time, displaying a password prompt;

waiting until entry of a password by a user in response to the password prompt;

detecting said entry of the password; and

subsequently, processing the entry of the password by a process that comprises;

if the password is valid, setting a timer to measure a further predetermined period of time for establishing the second communication between the agent and the remote server;

if the password is not valid, determining whether a threshold number of invalid password entry attempts have occurred in response to the password prompt, the threshold being greater than one; and

if the threshold number of invalid password entry attempts is reached, executing a data protection policy that causes data on the electronic device to be protected, wherein the data protection policy is executed only if the threshold number of invalid password entry attempts is reached, after and not during said waiting.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for protecting data stored on an electronic device from access by an illegitimate user are presented. The data is protected by activating an offline data delete module installed in the electronic device to conditionally delete the data according to the following criteria: after establishing a first communication between an agent installed in the electronic device and a remote server, obtaining a password from a user if a second communication is not established between the agent and the remote server within a predetermined period of time. After obtaining a password from the user, deleting at least some data stored on the electronic device after a second communication is not established between the agent and the remote server within the predetermined period of time and a predetermined number of incorrect passwords has been obtained.

27 Citations

View as Search Results

19 Claims

1. A method for protecting data stored on an electronic device from access by an illegitimate user, the method comprising:
- establishing a first communication between an agent installed in the electronic device and a remote server;
  
  subsequently, determining that a second communication has not been established between the agent and the remote server within a predetermined period of time for establishing a communication between the agent and the remote server;
  
  in response to determining that the second communication has not been established within the predetermined period of time, displaying a password prompt;
  
  waiting until entry of a password by a user in response to the password prompt;
  
  detecting said entry of the password; and
  
  subsequently, processing the entry of the password by a process that comprises;
  
  if the password is valid, setting a timer to measure a further predetermined period of time for establishing the second communication between the agent and the remote server;
  
  if the password is not valid, determining whether a threshold number of invalid password entry attempts have occurred in response to the password prompt, the threshold being greater than one; and
  
  if the threshold number of invalid password entry attempts is reached, executing a data protection policy that causes data on the electronic device to be protected, wherein the data protection policy is executed only if the threshold number of invalid password entry attempts is reached, after and not during said waiting.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1 further comprising, in response to determining that the second communication has not been established within the predetermined period of time, executing a boot sequence that reboots the electronic device and causes the electronic device to, prior to completion of rebooting, display the password prompt, wherein the electronic device does not finish rebooting unless a valid password is entered in response to the password prompt.
  - 3. The method of claim 2, wherein the process further comprises, if the password is valid, causing the electronic device to finish rebooting.
  - 4. The method of claim 1 further comprising allowing otherwise normal operation of the electronic device while deleting the data stored on the electronic device.
  - 5. The method of claim 1 further comprising writing identification information for the data to a log file and subsequently uploading the log file to the server from the electronic device.
  - 6. The method of claim 1 wherein executing the data protection policy comprises deleting said data from the electronic device.
  - 7. The method of claim 6 further comprising continuing deletion of the data if the deletion is interrupted by shutting down or rebooting the electronic device.

8. An electronic device comprising a memory for the storage of data, an output interface, an input interface, an agent, and an offline data protection module, wherein the agent is configured to communicate with a remote server and the offline data protection module is configured to:
- establish a first communication between an agent installed in the electronic device and a remote server;
  
  subsequently, determine that a second communication has not been established between the agent and the remote server within a predetermined period of time for establishing a communication between the agent and the remote server;
  
  in response to determining that the second communication has not been established within the predetermined period of time, display a password prompt;
  
  wait until entry of a password by a user in response to the password prompt;
  
  detect said entry of the password; and
  
  subsequently, process the entry of the password by a process that comprises;
  
  if the password is valid, setting a timer to measure a further predetermined period of time for establishing the second communication between the agent and the remote server;
  
  if the password is not valid, determining whether a threshold number of invalid password entry attempts have occurred in response to the password prompt, the threshold being greater than one; and
  
  if the threshold number of invalid password entry attempts is reached, executing a data protection policy that causes data on the electronic device to be protected, wherein the data protection policy is executed only if the threshold number of invalid password entry attempts is reached, after and not during said waiting.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15)
- - 9. The electronic device of claim 8, wherein the offline data protection module is further configured to, in response to determining that the second communication has not been established within the predetermined period of time, execute a boot sequence that reboots the electronic device and causes the electronic device to, prior to completion of rebooting, display the password prompt, wherein the electronic device does not finish rebooting unless a valid password is entered in response to the password prompt.
  - 10. The electronic device of claim 9, wherein the process further comprises, if the password is valid, causing the electronic device to finish rebooting.
  - 11. The electronic device of claim 8, wherein the offline data protection module is further configured to allow otherwise normal operation of the electronic device while deleting the at least some data stored on the electronic device.
  - 12. The electronic device of claim 8, wherein the offline data protection module is further configured to write identification information for the at least some data to a log file and upload the log file to the remote server.
  - 13. The electronic device of claim 8, wherein executing the data protection policy comprises deleting said data from the electronic device.
  - 14. The electronic device of claim 13, wherein the offline data protection module is further configured to continue deletion of the at least some data if the deletion is interrupted by shutting down or rebooting the electronic device.
  - 15. The electronic device of claim 13, wherein the offline data protection module is incapable of deleting said data unless both (1) the second communication is not established between the agent and the remote server within the predetermined period of time, and (2) an incorrect password is entered in connection with the password prompt.

16. A non-transitory computer-readable medium carrying computer-executable instructions which, when executed on an electronic device comprising a processor and a memory, the memory storing data to be protected from unauthorized access, carry out a method comprising:
- establishing a first communication between an agent on the electronic device and a remote server;
  
  outputting to a user a request for a password if a second communication is not established between the agent and the remote server within a predetermined period of time for establishing a communication between the agent and the remote server;
  
  waiting for the user to enter a password in response to the request;
  
  detecting user entry of a password in response to the request; and
  
  subsequently, processing the entry of the password by a process that comprises;
  
  if the password is valid, setting a timer to measure a further predetermined period of time for establishing the second communication between the agent and the remote server;
  
  if the password is not valid, determining whether a threshold number of invalid password entry attempts have occurred in connection with the request, the threshold being greater than one; and
  
  if the threshold number of invalid password entry attempts is reached, executing a data protection policy that causes data on the electronic device to be protected, wherein the data protection policy is executed only if the threshold number of invalid password entry attempts is reached, after and not during said waiting.

17. A non-transitory computer-readable medium having stored thereon executable code that directs an electronic device to perform a method that comprises:
- determining that the electronic device has failed to communicate with a designated remote system for a predetermined period of time;
  
  displaying, in connection with said failure to communicate for the predetermined period of time, a prompt for user entry of authentication information; and
  
  waiting until entry of authentication information by a user in response to the prompt;
  
  detecting said entry of the authentication information; and
  
  subsequently, processing the entry of the authentication information by a process that comprises;
  
  if the authentication information is valid, setting a timer to measure a further predetermined period of time for establishing the communication between the electronic device and the remote server;
  
  if the authentication information is not valid, determining whether a threshold number of invalid authentication information entry attempts have occurred in response to the prompt, the threshold being greater than one; and
  
  if the threshold number of invalid authentication information entry attempts is reached, executing a data protection policy that causes data on the electronic device to be protected, wherein the data protection policy is executed only if the threshold number of invalid authentication information entry attempts is reached, after and not during said waiting.
- View Dependent Claims (18, 19)
- - 18. The non-transitory computer-readable medium of claim 17, wherein the method further comprises, in response to determining that the second communication has not been established within the predetermined period of time, executing a boot sequence that reboots the electronic device and causes the electronic device to, prior to completion of rebooting, display the prompt, wherein the electronic device does not finish rebooting unless valid authentication information is entered in response to the prompt.
  - 19. The non-transitory computer-readable medium of claim 18, wherein the process further comprises, if the authentication information is valid, causing the electronic device to finish rebooting.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Absolute Software Corporation
Original Assignee
Absolute Software Corporation
Inventors
Stevens, Jon
Primary Examiner(s)
Hailu, Teshome

Application Number

US12/129,568
Publication Number

US 20080301820A1
Time in Patent Office

2,686 Days
Field of Search

726/2, 726 26- 28
US Class Current

1/1
CPC Class Codes

G06F 21/88 Detecting or preventing the...

H04L 63/0846 using time-dependent-passwo...

Offline data delete with false trigger protection

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

27 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Offline data delete with false trigger protection

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

27 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links