Coerced encryption on connected devices

US 9,654,454 B2
Filed: 08/17/2015
Issued: 05/16/2017
Est. Priority Date: 08/01/2013
Status: Active Grant

First Claim

Patent Images

1. A system, comprising:

one or more processors;

memory; and

one or more programs, wherein the one or more programs are stored in the memory for execution by the one or more processors, the one or more programs comprising instructions for;

receiving, over a network from a personal computing device having a storage device, a first indication that disk encryption is disabled on the storage device;

wherein the storage device stores one or more content items that are currently unsynchronized with one or more corresponding content items hosted by an online content management service;

based on the first indication, withholding synchronization data from the personal computing device for synchronizing the one or more content items on the storage device with the one or more corresponding content items hosted by the online content management service until after a second indication is received over the network from the personal computing device that disk encryption is enabled on the storage device; and

after the second indication is received over the network from the personal computing device, sending the withheld synchronization data to the personal computing device for synchronizing the one or more content items on the storage device with the one or more corresponding content items hosted by the online content management service;

wherein the withheld synchronization data sent to the personal computing device is encrypted at the personal computing device using disk encryption enabled on the storage device.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques for coercing users to encrypt synchronized content stored at their personal computing devices. In some aspects, one or more computing devices receive, from a personal computing device, an indication of whether data stored in at least a portion of a storage device of the personal computing device is protected by disk encryption. In response to determining, based on the indication, that the portion of the storage device is not protected by encryption, synchronization data for synchronizing a copy of one or more synchronized content items stored in the portion of the storage device with another copy of the synchronized content items stored at one or more server computing devices is withheld from the personal computing device until disk encryption on the personal computing device is enabled so as to coerce the user to enable disk encryption on the personal computing device.

17 Citations

20 Claims

1. A system, comprising:
- one or more processors;
  
  memory; and
  
  one or more programs, wherein the one or more programs are stored in the memory for execution by the one or more processors, the one or more programs comprising instructions for;
  
  receiving, over a network from a personal computing device having a storage device, a first indication that disk encryption is disabled on the storage device;
  
  wherein the storage device stores one or more content items that are currently unsynchronized with one or more corresponding content items hosted by an online content management service;
  
  based on the first indication, withholding synchronization data from the personal computing device for synchronizing the one or more content items on the storage device with the one or more corresponding content items hosted by the online content management service until after a second indication is received over the network from the personal computing device that disk encryption is enabled on the storage device; and
  
  after the second indication is received over the network from the personal computing device, sending the withheld synchronization data to the personal computing device for synchronizing the one or more content items on the storage device with the one or more corresponding content items hosted by the online content management service;
  
  wherein the withheld synchronization data sent to the personal computing device is encrypted at the personal computing device using disk encryption enabled on the storage device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The system of claim 1, the one or more programs further comprising instructions for:
    - sending, to the personal computing device, instructions for a user to enable disk encryption for the storage device.
  - 3. The system of claim 1, the one or more programs further comprising instructions for:
    - based on the first indication, sending data to the personal computing device identifying one or more particular content items, of the one or more content items stored on the storage device, to be removed from the storage device.
  - 4. The system of claim 1, the one or more programs further comprising instructions for:
    - prior to receiving the first indication from the personal computing device, receiving configuration data for configuring a disk encryption policy associated with the personal computing device, the configuration data indicating that disk encryption of the storage device must be enabled in order to receive synchronization data for synchronizing content items stored on the storage device with corresponding content items hosted by the online content management service.
  - 5. The system of claim 1, wherein the withheld synchronization data pertains to changes to the one or more corresponding content items hosted by the online content management service, the changes having been made to the one or more corresponding content items since a last successful synchronization between the personal computing device and the online content management service.
  - 6. The system of claim 1, the one or more programs further comprising instructions for providing a user interface that allows an administrator to configure a disk encryption policy applicable to the personal computing device.
  - 7. The system of claim 6, wherein the user interface allows the administrator to apply the configured disk encryption policy to the personal computing device, to a user of the personal computing device, or to a group of users of which the user of the personal computing device is a member.
  - 8. The system of claim 1, wherein the first indication is received from a synchronization client application installed on the personal computing device.
  - 9. The system of claim 1, wherein the one or more content items on the storage device are file encrypted.
  - 10. The system of claim 1, the one or more programs further comprising instructions for:
    - automatically enabling, on the personal computing device, disk encryption on the storage device; and
      
      sending the withheld synchronization data to the personal computing device after disk encryption on the storage device is enabled.

11. A method, comprising:
- at one or more computing devices comprising one or more processors and memory storing one or more programs executed by the one or more processors to perform the method, performing the operations of;
  
  receiving, over a network from a personal computing device having a storage device, a first indication that disk encryption is disabled on the storage device;
  
  wherein the storage device stores one or more content items that are currently unsynchronized with one or more corresponding content items hosted by an online content management service;
  
  based on the first indication, withholding synchronization data from the personal computing device for synchronizing the one or more content items on the storage device with the one or more corresponding content items hosted by the online content management service until after a second indication is received over the network from the personal computing device that disk encryption is enabled on the storage device; and
  
  after the second indication is received over the network from the personal computing device, sending the withheld synchronization data to the personal computing device for synchronizing the one or more content items on the storage device with the one or more corresponding content items hosted by the online content management service;
  
  wherein the withheld synchronization data sent to the personal computing device is encrypted at the personal computing device using disk encryption enabled on the storage device.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The method of claim 11, further comprising:
    - based on the first indication, sending data to the personal computing device identifying one or more particular content items, of the one or more content items stored on the storage device, to be removed from the storage device.
  - 13. The method of claim 11, further comprising:
    - prior to receiving the first indication from the personal computing device, receiving configuration data for configuring a disk encryption policy associated with the personal computing device, the configuration data indicating that disk encryption of the storage device must be enabled in order to receive synchronization data for synchronizing content items stored on the storage device with corresponding content items hosted by the online content management service.
  - 14. The method of claim 11, wherein the withheld synchronization data pertains to changes to the one or more corresponding content items hosted by the online content management service, the changes having been made to the one or more corresponding content items since a last successful synchronization between the personal computing device and the online content management service.
  - 15. The method of claim 11, further comprising:
    - providing a user interface that allows an administrator to configure a disk encryption policy applicable to the personal computing device.
  - 16. The method of claim 15, wherein the user interface allows the administrator to apply the configured disk encryption policy to the personal computing device, to a user of the personal computing device, or to a group of users of which the user of the personal computing device is a member.
  - 17. The method of claim 11, wherein the one or more content items on the storage device are file encrypted.
  - 18. The method of claim 11, further comprising:
    - automatically enabling, on the personal computing device, disk encryption on the storage device; and
      
      sending the withheld synchronization data to the personal computing device after disk encryption on the storage device is enabled.
  - 19. The method of claim 11, further comprising:
    - sending, to the personal computing device, instructions for a user to enable disk encryption for the storage device.
  - 20. The method of claim 11, wherein the first indication is received from a synchronization client application installed on the personal computing device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Dropbox, Inc.
Original Assignee
Dropbox, Inc.
Inventors
Byrne, Sean
Primary Examiner(s)
Jeudy, Josnel

Application Number

US14/828,210
Publication Number

US 20150358299A1
Time in Patent Office

638 Days
Field of Search
US Class Current
CPC Class Codes

G06F 12/1408   by using cryptography for d...

G06F 21/60   Protecting data

G06F 21/78   to assure secure storage of...

G06F 21/88   Detecting or preventing the...

G06F 2212/1052   Security improvement

H04L 63/0272   Virtual private networks

H04L 63/0281   Proxies

H04L 63/0457   wherein the sending and rec...

H04L 63/0853   using an additional device,...

H04L 67/1095   Replication or mirroring of...

Coerced encryption on connected devices

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

17 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Coerced encryption on connected devices

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

17 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links