Confidential data access and storage

US 9,411,966 B1
Filed: 05/21/2013
Issued: 08/09/2016
Est. Priority Date: 05/21/2013
Status: Active Grant

First Claim

Patent Images

1. An electronic device comprising:

one or more processors;

one or more internal computer-readable media;

an internal removable storage device interface to communicatively couple an internal removable storage device to the electronic device;

a network interface;

a peripheral interface to communicatively couple a peripheral device to the electronic device;

a data security module maintained on the one or more computer-readable media and executed on the one or more processors to perform operations that include;

receiving a data item from one or more data servers via the network interface, wherein receiving the data item includes receiving a confidential identifier that indicates that the data item contains confidential data;

determining that the peripheral device is communicatively coupled to the electronic device via the peripheral interface;

receiving a token from the peripheral device via the peripheral interface;

receiving credential data representing one or more credentials from a user input device associated with the electronic device;

sending the token and the credential data to the one or more data servers to establish a virtual private network (VPN) connection with the electronic device and the one or more data servers;

automatically disabling storage of the data item to at least one of;

the one or more internal computer-readable media;

orthe internal removable storage device; and

sending the data item to the peripheral device to be stored on the peripheral device.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system is described for managing storage and access of confidential data downloaded from a server (e.g., an enterprise data server) onto a mobile device. The confidential data may be received over a network directly or be embedded as part of an email or other application. Instead of storing the data item locally, the data item may be communicated to a peripheral device that is communicatively coupled to the mobile device via a peripheral interface. The data item is encrypted and stored on the peripheral device.

30 Citations

View as Search Results

31 Claims

1. An electronic device comprising:
- one or more processors;
  
  one or more internal computer-readable media;
  
  an internal removable storage device interface to communicatively couple an internal removable storage device to the electronic device;
  
  a network interface;
  
  a peripheral interface to communicatively couple a peripheral device to the electronic device;
  
  a data security module maintained on the one or more computer-readable media and executed on the one or more processors to perform operations that include;
  
  receiving a data item from one or more data servers via the network interface, wherein receiving the data item includes receiving a confidential identifier that indicates that the data item contains confidential data;
  
  determining that the peripheral device is communicatively coupled to the electronic device via the peripheral interface;
  
  receiving a token from the peripheral device via the peripheral interface;
  
  receiving credential data representing one or more credentials from a user input device associated with the electronic device;
  
  sending the token and the credential data to the one or more data servers to establish a virtual private network (VPN) connection with the electronic device and the one or more data servers;
  
  automatically disabling storage of the data item to at least one of;
  
  the one or more internal computer-readable media;
  
  orthe internal removable storage device; and
  
  sending the data item to the peripheral device to be stored on the peripheral device.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The electronic device as recited in claim 1, wherein the data security module further performs operations that include:
    - receiving a request to access the data item via the electronic device after communicating the data item to the peripheral device; and
      
      based at least partly on the determining that the peripheral device is communicatively coupled to the electronic device via the peripheral interface, receiving the data item from the peripheral device.
  - 3. The electronic device as recited in claim 2, wherein the data security module further performs operations that include denying the request to access the data item based at least partly on a determination that the peripheral device is not communicatively coupled to the electronic device via the peripheral interface.
  - 4. The electronic device as recited in claim 1, wherein:
    - the data security module is included as part of an operating system of the electronic device or is stored on the one or more computer-readable media as a data security application that is separate from the operating system; and
      
      the data security module determines that the data item includes confidential data by determining that an attachment to an electronic mail message includes the confidential data.
  - 5. The electronic device as recited in claim 1, wherein the peripheral interface includes a wireless interface.

6. A method comprising:
- under control of one or more processors of an electronic device specifically configured with executable instructions,receiving confidential identifiers from one or more data servers via a network interface of the electronic device;
  
  receiving a data item from the one or more data servers;
  
  determining that the data item includes confidential data based at least partly on a determination that a confidential identifier is associated with the data item;
  
  receiving a token from a peripheral device communicatively coupled to the electronic device via a peripheral interface of the electronic device;
  
  receiving credential data representing one or more credentials from a user input device associated with the electronic device;
  
  sending the token and the credential data to the one or more data servers to establish a virtual private network (VPN) connection with the electronic device and the one or more data servers;
  
  disabling storage of the data item to one or more internal computer-readable media of the electronic device; and
  
  sending the data item to the peripheral device to be stored on the peripheral device.
- View Dependent Claims (7, 8, 9, 10, 11, 12, 13, 14)
- - 7. The method as recited in claim 6, further comprising disabling storage of the data item to an internal removable storage device communicatively coupled to the electronic device via a removable storage device interface.
  - 8. The method as recited in claim 6, wherein the one or more credentials include at least one of a username or a password.
  - 9. The method as recited in claim 6, further comprising:
    - receiving an updated list of confidential identifiers from the one or more data servers; and
      
      determining that the data item includes confidential data based at least partly on a determination that the confidential identifier associated with the data item is included in the updated list of confidential identifiers,wherein storage of the data item to the one or more computer-readable media of the electronic device is disabled in response to determining that the data item includes confidential data.
  - 10. The method as recited in claim 6, wherein the electronic device includes a smart phone.
  - 11. The method as recited in claim 6, wherein determining that the data item includes confidential data is based at least partly on a determination that the data item is an attachment to an email message.
  - 12. The method as recited in claim 6, wherein the token is generated by a token generation module stored on the peripheral device.
  - 13. The method as recited in claim 6, further comprising encrypting the data item prior to sending the data item to the peripheral device.
  - 14. The method as recited in claim 6, further comprising encrypting, by an encryption module stored on the peripheral device, the data item after it is stored on the peripheral device.

15. A system comprising:
- one or more processors;
  
  one or more internal computer-readable media;
  
  a network interface;
  
  a peripheral interface;
  
  a storage disabling module maintained on the one or more computer-readable media and executed on the one or more processors to perform operations that include;
  
  receiving a data item from one or more data servers via the network interface;
  
  receiving a confidential data identifier that indicates that the data item includes confidential information;
  
  receiving a token from a peripheral device via the peripheral interface;
  
  receiving credential data representing one or more credentials from a user input device;
  
  sending the token and the credential data via the network interface to the one or more data servers to establish a virtual private network (VPN) connection with the network interface and the one or more data servers;
  
  disabling storage of the data item to the one or more internal computer-readable media; and
  
  sending the data item to the peripheral device to be stored on the peripheral device.
- View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
- - 16. The system as recited in claim 15, wherein the one or more credentials include at least one of a username or a password.
  - 17. The system as recited in claim 15, wherein the storage disabling module automatically disables storage of the data item to the one or more computer-readable media of the electronic device in response to determining that the VPN connection has been established.
  - 18. The system as recited in claim 15, wherein the peripheral interface includes a universal serial bus (USB) device interface.
  - 19. The system as recited in claim 15, wherein the peripheral interface includes a wireless interface.
  - 20. The system as recited in claim 15, wherein the peripheral interface includes an audio interface.
  - 21. The system as recited in claim 15, further comprising a removable storage device interface to communicate with a removable storage device, wherein the storage disabling module is further configured to disable storage of the data item to the removable storage device.
  - 22. The system as recited in claim 15, further comprising:
    - a data identification module maintained on the one or more computer-readable media and executed on the one or more processors to perform operations that include determining that the data item includes confidential information,wherein the storage disabling module disables storage of the data item in response to the data identification module determining that the data item includes confidential information.
  - 23. The system as recited in claim 15, further comprising the peripheral device, wherein the peripheral device is communicatively coupled to the peripheral interface.
  - 24. The system as recited in claim 23, wherein the peripheral device comprises:
    - internal computer-readable media; and
      
      a token generation module maintained on the internal computer-readable media and having instructions that when executed by the one or more processors, cause the peripheral device to generate the token at least partly in response to being communicatively coupled to the peripheral interface.
  - 25. The system as recited in claim 15, wherein the data item is an attachment to an email message.
  - 26. The system as recited in claim 15, wherein the operations further comprise encrypting the data item.

27. One or more non-transitory computer-readable media maintaining instructions executable by one or more processors to perform operations comprising:
- receiving a data item from one or more data servers;
  
  receiving a confidential identifier from the one or more data servers;
  
  receiving a token from a peripheral device via a peripheral interface;
  
  receiving credential data representing one or more credentials from a user input device;
  
  sending the token and the credential data to the one or more data servers to establish a virtual private network (VPN) connection with the one or more data servers;
  
  disabling storage of the data item to at least one or more internal computer-readable media based at least in part on a determination that the confidential identifier indicates that the data item contains confidential data; and
  
  sending the data item to a peripheral device via the peripheral interface, the data item to be stored on the peripheral device.
- View Dependent Claims (28, 29, 30, 31)
- - 28. The non-transitory computer-readable media as recited in claim 27, wherein storage of the data item to at least the one or more internal computer-readable media is automatically disabled in response to determining that the VPN connection has been established.
  - 29. The non-transitory computer-readable media as recited in claim 27, the operations further comprising disabling storage of the data item to a removable storage device via a removable storage device interface.
  - 30. The electronic device as recited in claim 29, wherein automatically disabling storage of the data item to at least one of the one or more internal computer-readable media or the internal removable storage device is in response to determining that the virtual private network (VPN) connection has been established.
  - 31. The system as recited in claim 27, wherein receiving the confidential data identifier includes receiving a list of confidential data item identifiers.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Original Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Inventors
Smith, Brandon John
Primary Examiner(s)
Ho, Dao

Application Number

US13/899,310
Time in Patent Office

1,176 Days
Field of Search

726/15
US Class Current

1/1
CPC Class Codes

G06F 12/0866   for peripheral storage syst...

G06F 21/34   involving the use of extern...

H04L 63/0272   Virtual private networks

H04L 63/0428   wherein the data content is...

H04L 63/0853   using an additional device,...

H04L 67/1097   for distributed storage of ...

Confidential data access and storage

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

30 Citations

31 Claims

Specification

Solutions

Use Cases

Quick Links

Confidential data access and storage

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

30 Citations

31 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links