Automatic sanitization of data on a mobile device in a network environment

US 9,351,163 B2
Filed: 12/26/2012
Issued: 05/24/2016
Est. Priority Date: 12/26/2012
Status: Active Grant

First Claim

Patent Images

1. A method of protecting objects on a mobile device, comprising:

establishing a network connection from the mobile device to a central security system in a central network;

receiving a first message from the central security system authorizing a first grace window on the mobile device;

activating the first grace window based, at least in part, on the first message, wherein the first grace window defines a first period of time during which the mobile device can remain disconnected from the central security system without a sanitization policy being applied to the mobile device;

attempting to establish a new network connection to the central security system to receive a second message authorizing a second grace window, wherein the attempting occurs at least once prior to the expiration of the first grace window; and

if the second message is received from the central security system, activating the second grace window based, at least in part, on the second message, wherein the second grace window defines a second period of time during which the mobile device can remain disconnected from the central security system without the sanitization policy being applied to the mobile device, wherein the second period of time is based on a level of sensitivity of at least one object in a protected network that a user of the mobile device is authorized to access.

View all claims

10 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method is provided in one example embodiment and includes establishing a network connection to a central security system in a central network, receiving a message from the central security system, activating a grace window based on the message, and determining whether the grace window has expired. The method further includes deleting, when the grace window expires, one or more objects from the mobile device based on a sanitization policy. In specific embodiments, the network connection is terminated before the grace window expires, and the grace window expires unless the mobile device establishes another network connection with the central security system. In further embodiments, the method includes receiving the sanitization policy from the central security system. The sanitization policy identifies the one or more objects to be deleted from the mobile device when the grace window expires.

Citations

24 Claims

1. A method of protecting objects on a mobile device, comprising:
- establishing a network connection from the mobile device to a central security system in a central network;
  
  receiving a first message from the central security system authorizing a first grace window on the mobile device;
  
  activating the first grace window based, at least in part, on the first message, wherein the first grace window defines a first period of time during which the mobile device can remain disconnected from the central security system without a sanitization policy being applied to the mobile device;
  
  attempting to establish a new network connection to the central security system to receive a second message authorizing a second grace window, wherein the attempting occurs at least once prior to the expiration of the first grace window; and
  
  if the second message is received from the central security system, activating the second grace window based, at least in part, on the second message, wherein the second grace window defines a second period of time during which the mobile device can remain disconnected from the central security system without the sanitization policy being applied to the mobile device, wherein the second period of time is based on a level of sensitivity of at least one object in a protected network that a user of the mobile device is authorized to access.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the activating the first grace window includes storing, in the mobile device, configuration information for the first grace window.
  - 3. The method of claim 2, wherein the first message includes the configuration information.
  - 4. The method of claim 2, wherein the activating the first grace window includes storing, in the mobile device, a connection time corresponding to the network connection, wherein the configuration information is to include a length of time allowed for the first grace window, wherein the first period of time is based on the connection time and the length of time.
  - 5. The method of claim 2, wherein the configuration information includes an expiry time that indicates a date and time when the first grace window expires, wherein the first period of time is based on the expiry time.
  - 6. The method of claim 1, further comprising:
    - receiving the sanitization policy from the central security system, wherein the sanitization policy identifies an action to be taken by the mobile device to prevent access to one or more objects on the mobile device if the first grace window expires and a new grace window is not authorized.
  - 7. The method of claim 6, further comprising:
    - attempting, if the first grace window is determined to have expired and before the action is taken by the mobile device, to establish another network connection to the central security system to receive another message authorizing another grace window.

8. At least one non-transitory machine accessible storage medium having instructions stored thereon for protecting objects on a mobile device, the instructions when executed by a processor cause the processor to:
- establish a network connection from the mobile device to a central security system in a central network;
  
  receive a first message from the central security system authorizing a first grace window on the mobile device;
  
  activate the first grace window based, at least in part, on the first message, wherein the first grace window is to define a first period of time during which the mobile device can remain disconnected from the central security system without a sanitization policy being applied to the mobile device;
  
  attempt to establish a new network connection to the central security system to receive a second message authorizing a second grace window, wherein the attempt is to occur at least once prior to the expiration of the first grace window; and
  
  if the second message is received from the central security system, activate the second grace window based, at least in part, on the second message, wherein the second grace window is to define a second period of time during which the mobile device can remain disconnected from the central security system without the sanitization policy being applied to the mobile device, wherein the second period of time is based on a level of sensitivity of at least one object in a protected network that a user of the mobile device is authorized to access.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 9. The at least one non-transitory machine accessible storage medium of claim 8, comprising further instructions that when executed by the processor cause the processor to:
    - store, in the mobile device, configuration information for the first grace window.
  - 10. The at least one non-transitory machine accessible storage medium of claim 9, comprising further instructions that when executed by the processor cause the processor to:
    - store, in the mobile device, a connection time corresponding to the network connection, wherein the configuration information is to include a length of time allowed for the first grace window, wherein the first period of time is based on the connection time and the length of time.
  - 11. The at least one non-transitory machine accessible storage medium of claim 8, comprising further instructions that when executed by the processor cause the processor to:
    - receive the sanitization policy from the central security system, wherein the sanitization policy identifies an action to be taken by the mobile device to prevent access to one or more objects on the mobile device if the first grace window expires and a new grace window is not authorized.
  - 12. The at least one non-transitory machine accessible storage medium of claim 8, comprising further instructions that when executed by the processor cause the processor to:
    - attempt, if the first grace window is determined to have expired and before the action is taken by the mobile device, to establish another network connection to the central security system to receive another message authorizing another grace window.
  - 13. The at least one non-transitory machine accessible storage medium of claim 8, wherein the attempt to establish the new network connection includes a determination of whether the mobile device is authenticated.
  - 14. The at least one non-transitory machine accessible storage medium of claim 8, comprising further instructions that when executed by the processor cause the processor to:
    - delete, if the first grace window expires and the second message is not received from the central security system, one or more objects from the mobile device based on the sanitization policy.
  - 15. The at least one non-transitory machine accessible storage medium of claim 8, comprising further instructions that when executed by the processor cause the processor to:
    - receive a second sanitization policy associated with the second message received from the central security system and authorizing the second grace window, wherein the second sanitization policy indicates another action to be taken by the mobile device if the second grace window expires and a third grace window is not authorized.
  - 16. The at least one non-transitory machine accessible storage medium of claim 8, wherein the second period of time is a different length of time than the first period of time based, at least in part, on a level of sensitivity of at least one other object in the protected network that the user of the mobile device is authorized to access.
  - 17. The at least one non-transitory machine accessible storage medium of claim 9, wherein the first message is to include the configuration information.
  - 18. The at least one non-transitory machine accessible storage medium of claim 9, wherein the configuration information is to include an expiry time that indicates a date and time when the first grace window expires, wherein the first period of time is based on the expiry time.
  - 19. The at least one non-transitory machine accessible storage medium of claim 9, wherein the configuration information is for one of:
    - the mobile device or a group of mobile devices.

20. An apparatus for protecting objects, the apparatus comprising:
- a processor; and
  
  a sanitization module configured to execute on the processor to;
  
  establish a network connection to a central security system in a central network;
  
  receive a first message from the central security system authorizing a first grace window on the mobile device;
  
  activate the first grace window based, at least in part, on the first message, wherein the first grace window is to define a first period of time during which the mobile device can remain disconnected from the central security system without a sanitization policy being applied to the mobile device;
  
  attempt to establish a new network connection to the central security system to receive a second message authorizing a second grace window, wherein the attempt is to occur at least once prior to the expiration of the first grace window; and
  
  if the second message is received from the central security system, activate the second grace window based, at least in part, on the second message, wherein the second grace window is to define a second period of time during which the mobile device can remain disconnected from the central security system without the sanitization policy being applied to the mobile device, wherein the second period of time is based on a level of sensitivity of at least one object in a protected network that a user of the mobile device is authorized to access.
- View Dependent Claims (21, 22, 23, 24)
- - 21. The apparatus of claim 20, wherein the sanitization module is further configured to:
    - store, in the mobile device, configuration information for the first grace window.
  - 22. The apparatus of claim 21, wherein the configuration information includes an expiry time that indicates a date and time when the first grace window expires, wherein the first period of time is based on the expiry time.
  - 23. The apparatus of claim 20, wherein the sanitization module is further configured to:
    - receive the sanitization policy from the central security system, wherein the sanitization policy identifies an action to be taken by the mobile device to prevent access to one or more objects on the mobile device if the first grace window expires and a new grace window is not authorized.
  - 24. The apparatus of claim 20, wherein the sanitization module is further configured to:
    - delete, if the first grace window expires and the second message is not received from the central security system, one or more objects from the mobile device based on the sanitization policy.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, LLC
Original Assignee
McAfee, Inc. (McAfee, LLC)
Inventors
Hunt, Simon, Robison, Brian T.
Primary Examiner(s)
Kim, Jung
Assistant Examiner(s)
TRAN, TRI MINH

Application Number

US13/727,510
Publication Number

US 20140181998A1
Time in Patent Office

1,245 Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/62   Protecting access to data v...

G06F 2221/2137   Time limited access, e.g. t...

G06F 2221/2143   Clearing memory, e.g. to pr...

H04L 63/108   when the policy decisions a...

H04L 63/20   for managing network securi...

H04W 12/08   Access security

H04W 12/37   Managing security policies ...

Automatic sanitization of data on a mobile device in a network environment

First Claim

10 Assignments

0 Petitions

Accused Products

Abstract

Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Automatic sanitization of data on a mobile device in a network environment

First Claim

10 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links