System and method to provide server control for access to mobile client data
First Claim
Patent Images
1. A method for protecting a data item, comprising:
- upon initiation of transfer of the data item from a server to a client device, determining a sensitivity score of the data item, a level of confidence that a user of a client device is an authorized user, and a current protection level of the data item, wherein the determining a level of confidence further comprises;
assigning a score to each authentication option;
determining an accumulated score by accumulating scores for two or more authentication options provided by the client device; and
comparing the accumulated score with a minimum score needed to access the protected data item;
applying a policy to determine an appropriate protection for the data item based upon the sensitivity score and the current protection level, wherein the sensitivity score is based on one or more of a value of the data item to a particular individual or organization, a cost of recreating the data item if destroyed or modified, andpotential losses caused directly or indirectly by the data item being made available to non-authorized individuals or organizations;
providing a protected data item to the client device by applying the appropriate protection to the data item, wherein a unique encryption key is employed for each application of a protection technique on each of one or more data items; and
in accordance with the level of confidence, providing access to the protected data item to the client device, wherein the providing access includes sending to the client device one or more of a decryption key and obfuscation inversion function corresponding to an appropriate level of redaction of the protected data item, wherein the appropriate level of redaction is based on the access history of the user of the client device and the context of the client device.
1 Assignment
0 Petitions
Accused Products
Abstract
Systems and methods for protecting a data item include, upon initiation of transfer of the data item from a server to a client device, determining a sensitivity score and a current protection level of the data item. A policy is applied to determine an appropriate protection for the data item based upon the sensitivity score and the current protection level. A protected data item is provided to the client device by applying the appropriate protection to the data item.
30 Citations
23 Claims
-
1. A method for protecting a data item, comprising:
-
upon initiation of transfer of the data item from a server to a client device, determining a sensitivity score of the data item, a level of confidence that a user of a client device is an authorized user, and a current protection level of the data item, wherein the determining a level of confidence further comprises; assigning a score to each authentication option; determining an accumulated score by accumulating scores for two or more authentication options provided by the client device; and comparing the accumulated score with a minimum score needed to access the protected data item; applying a policy to determine an appropriate protection for the data item based upon the sensitivity score and the current protection level, wherein the sensitivity score is based on one or more of a value of the data item to a particular individual or organization, a cost of recreating the data item if destroyed or modified, and potential losses caused directly or indirectly by the data item being made available to non-authorized individuals or organizations; providing a protected data item to the client device by applying the appropriate protection to the data item, wherein a unique encryption key is employed for each application of a protection technique on each of one or more data items; and in accordance with the level of confidence, providing access to the protected data item to the client device, wherein the providing access includes sending to the client device one or more of a decryption key and obfuscation inversion function corresponding to an appropriate level of redaction of the protected data item, wherein the appropriate level of redaction is based on the access history of the user of the client device and the context of the client device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A non-transitory computer readable storage medium comprising a computer readable program for transferring a data item, wherein the computer readable program when executed on a computer causes the computer to perform:
-
upon initiation of transfer of the data item from a server to a client device, determining a sensitivity score of the data item, a level of confidence that a user of a client device is an authorized user, and a current protection level of the data item, wherein the determining a level of confidence further comprises; assigning a score to each authentication option; determining an accumulated score by accumulating scores for two or more authentication options provided by the client device; and comparing the accumulated score with a minimum score needed to access the protected data item; applying a policy to determine an appropriate protection for the data item based upon the sensitivity score and the current protection level, wherein the sensitivity score is based on one or more of a value of the data item to a particular individual or organization, a cost of recreating the data item if destroyed or modified, and potential losses caused directly or indirectly by the data item being made available to non-authorized individuals or organizations; providing a protected data item to the client device by applying the appropriate protection to the data item, wherein a unique encryption key is employed for each application of a protection technique on each of one or more data items; and in accordance with the level of confidence, providing access to the protected data item to the client device, wherein the providing access includes sending to the client device one or more of a decryption key and obfuscation inversion function corresponding to an appropriate level of redaction of the protected data item, wherein the appropriate level of redaction is based on the access history of the user of the client device and the context of the client device.
-
-
14. A method for protecting a data item, comprising:
-
upon initiation of transfer of the data item from a server to a mobile device, determining a sensitivity score of the data item, a level of confidence that a user of a client device is an authorized user, and a current protection level of the data item using a data protection server, wherein the determining a level of confidence further comprises; assigning a score to each authentication option; determining an accumulated score by accumulating scores for two or more authentication options provided by the client device; and comparing the accumulated score with a minimum score needed to access the protected data item; applying a policy to determine an appropriate protection for the data item using the data protection server, wherein the appropriate protection is based upon the sensitivity score, the current protection level, and features of at least one of the data item and the mobile device, wherein the sensitivity score is based on one or more of a value of the data item to a particular individual or organization, a cost of recreating the data item if destroyed or modified, and potential losses caused directly or indirectly by the data item being made available to non-authorized individuals or organizations; providing a protected data item to the mobile device by applying the appropriate protection to the data item using the data protection server, wherein a unique encryption key is employed for each application of a protection technique on each of one or more data items; and in accordance with the level of confidence, providing access to the protected data item to the client device, wherein the providing access includes sending to the client device one or more of a decryption key and obfuscation inversion function corresponding to an appropriate level of redaction of the protected data item, wherein the appropriate level of redaction is based on the access history of the user of the client device and the context of the client device.
-
-
15. A method for accessing a protected data item, comprising:
-
responsive to a request to access the protected data item, determining a level of confidence that a user of a client device is an authorized user of the client device to determine eligibility of the user to access the protected data item, wherein the level of confidence is based on a context of the client device, an authentication history of the client device, an access history of the user of the client device, and a confidence in a type of authentication method employed to access the protected data item, wherein the determining a level of confidence further comprises; assigning a score to each authentication option; determining an accumulated score by accumulating scores for two or more authentication options provided by the client device; and
,comparing the accumulated score with a minimum score needed to access the protected data item; and in accordance with the level of confidence, providing access to the protected data item to the client device such that a level of confidence needed to access the protected data item is based upon a sensitivity score of the protected data item, wherein the sensitivity score is based on one or more of a value of the data item to a particular individual or organization, a cost of recreating the data item if destroyed or modified, and potential losses caused directly or indirectly by the data item being made available to non-authorized individuals or organizations, wherein the providing access includes sending to the client device one or more of a decryption key and obfuscation inversion function corresponding to an appropriate level of redaction of the protected data item, wherein the appropriate level of redaction is based on the access history of the user of the client device and the context of the client device. - View Dependent Claims (16, 17, 18, 19, 20, 21)
-
-
22. A non-transitory computer readable storage medium comprising a computer readable program for transferring a data item, wherein the computer readable program when executed on a computer causes the computer to perform:
-
responsive to a request to access the protected data item, determining a level of confidence that a user of a client device is an authorized user of the client device to determine eligibility of the user to access the protected data item, wherein the level of confidence is based on a context of the client device, an authentication history of the client device, an access history of the user of the client device, and a confidence in a type of authentication method employed to access the protected data item, wherein the determining a level of confidence further comprises; assigning a score to each authentication option; determining an accumulated score by accumulating scores for two or more authentication options provided by the client device; and comparing the accumulated score with a minimum score needed to access the protected data item; and in accordance with the level of confidence, providing access to the protected data item to the client device such that a level of confidence needed to access the protected data item is based upon a sensitivity score of the protected data item, wherein the sensitivity score is based on one or more of a value of the data item to a particular individual or organization, a cost of recreating the data item if destroyed or modified, and potential losses caused directly or indirectly by the data item being made available to non-authorized individuals or organizations, wherein the providing access includes sending to the client device one or more of a decryption key and obfuscation inversion function corresponding to an appropriate level of redaction of the protected data item, wherein the appropriate level of redaction is based on the access history of the user of the client device and the context of the client device.
-
-
23. A method for accessing a protected data item, comprising:
-
responsive to a request to access the protected data item, determining a level of confidence that a user of a mobile device is an authorized user of the mobile device to determine eligibility of the user to access the protected data item using a data protection server, wherein the level of confidence is based on a context of the client device, an authentication history of the client device, an access history of the user of the client device, and a confidence in a type of authentication method employed to gain access the protected data item, wherein the determining a level of confidence further comprises; assigning a score to each authentication option; determining an accumulated score by accumulating scores for two or more authentication options provided by the client device; and comparing the accumulated score with a minimum score needed to access the protected data item; and in accordance with the level of confidence, providing access to the protected data item to the client device using the data protection system such that a level of confidence needed to access the protected data item is based upon a sensitivity score of the protected data item, wherein the sensitivity score is based on one or more of a value of the data item to a particular individual or organization, a cost of recreating the data item if destroyed or modified, and potential losses caused directly or indirectly by the data item being made available to non-authorized individuals or organizations, wherein the providing access includes sending to the client device one or more of a decryption key and obfuscation inversion function corresponding to an appropriate level of redaction of the protected data item, wherein the appropriate level of redaction is based on the access history of the user of the client device and the context of the client device.
-
Specification