Security command for remote execution at target device

US 9,686,252 B2
Filed: 09/09/2014
Issued: 06/20/2017
Est. Priority Date: 12/14/2006
Status: Active Grant

First Claim

Patent Images

1. A method for issuing a security command for remote execution at a target mobile device associated with a user, the method comprising:

generating, by a computing device, an encrypted security command for the target mobile device, while the computing device stores registration data for the user and the target mobile device, wherein the registration data comprises a command encryption key for encrypting a security command for the target mobile device, and wherein the encrypted security command is generated by encrypting the security command using the command encryption key;

storing the encrypted security command in memory of the computing device, wherein the encrypted security command comprises a command to wipe or disable the target mobile device;

after the computing device no longer stores the registration data, receiving, by the computing device, an instruction to wipe or disable the target mobile device; and

in response to receiving the instruction;

retrieving, by the computing device, the stored encrypted security command from the memory of the computing device; and

transmitting, by the computing device, the retrieved encrypted security command to the target mobile device for decryption by the target mobile device using a command decryption key corresponding to the command encryption key.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method implemented at a server system, for securely wiping a remote mobile device after the device registration has been removed from the server system. Prior to removal of the device registration from the server system, a “pre-packaged” command is created and stored at the server system. In the event that it is determined, after removal of the registration, that the device should be wiped or disabled, means are provided for an administrator to issue the previously stored command to the target mobile device.

48 Citations

21 Claims

1. A method for issuing a security command for remote execution at a target mobile device associated with a user, the method comprising:
- generating, by a computing device, an encrypted security command for the target mobile device, while the computing device stores registration data for the user and the target mobile device, wherein the registration data comprises a command encryption key for encrypting a security command for the target mobile device, and wherein the encrypted security command is generated by encrypting the security command using the command encryption key;
  
  storing the encrypted security command in memory of the computing device, wherein the encrypted security command comprises a command to wipe or disable the target mobile device;
  
  after the computing device no longer stores the registration data, receiving, by the computing device, an instruction to wipe or disable the target mobile device; and
  
  in response to receiving the instruction;
  
  retrieving, by the computing device, the stored encrypted security command from the memory of the computing device; and
  
  transmitting, by the computing device, the retrieved encrypted security command to the target mobile device for decryption by the target mobile device using a command decryption key corresponding to the command encryption key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, wherein the transmitting the retrieved encrypted security command comprises inserting the retrieved encrypted security command in a message addressed to the target mobile device.
  - 3. The method of claim 1, wherein the generating the encrypted security command comprises inserting the security command in a message addressed to the target mobile device, and encrypting the message using the command encryption key;
    - wherein the storing the encrypted security command comprises storing the encrypted message; and
      
      wherein the retrieving the stored encrypted security command comprises retrieving the stored encrypted message and the transmitting the retrieved encrypted security command comprises transmitting the retrieved encrypted message to the target mobile device.
  - 4. The method of claim 1, further comprising deleting the command encryption key.
  - 5. The method of claim 4, wherein the command encryption key is deleted in response to a command to delete the registration data associated with the target mobile device.
  - 6. The method of claim 5, wherein the generating the encrypted security command for the target mobile device and the storing the encrypted security command are carried out upon receipt of the command to delete the registration data but before deletion of the registration data.
  - 7. The method of claim 1, wherein the command encryption key is part of a symmetric key pair.
  - 8. The method of claim 1, wherein the command encryption key is part of an asymmetric key pair.
  - 9. The method of claim 1, wherein the storing the encrypted security command further comprises assigning an expiration time to the stored encrypted security command, such that the stored encrypted security command is automatically deleted at the expiration time.
  - 10. The method of claim 1, further comprising deleting the stored encrypted security command in response to a received command to delete the stored encrypted security command.
  - 11. The method of claim 1, wherein the security command comprises a command to erase at least a portion of data stored at the target mobile device.
  - 12. The method of claim 1, wherein the security command comprises a command to disable access to at least one application executable at the target mobile device.

13. An apparatus for issuing a security command for remote execution at a target mobile device associated with a user, the apparatus comprising:
- a memory and a processor, the processor configured to;
  
  store registration data for the user and the target mobile device, the registration data comprising a command encryption key for encrypting a security command for the target mobile device;
  
  while the registration data is stored, generate an encrypted security command for the target mobile device by encrypting the security command using the command encryption key, and store the encrypted security command in the memory, wherein the encrypted security command comprises a command to wipe or disable the target mobile device;
  
  after the registration data comprising the command encryption key is no longer stored, receive an instruction to wipe or disable the target mobile device; and
  
  in response to receiving the instruction, retrieve the stored encrypted security command from the memory and transmit the retrieved encrypted security command to the target mobile device for decryption by the target mobile device using a command decryption key corresponding to the command encryption key.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
- - 14. The apparatus of claim 13, wherein the processor is configured to:
    - insert the security command in a message addressed to the target mobile device and encrypt the message using the command encryption key when generating the encrypted security command;
      
      store the encrypted message when storing the encrypted security command;
      
      retrieve the stored encrypted message when retrieving the stored encrypted security command; and
      
      transmit the retrieved encrypted message when transmitting the retrieved encrypted security command.
  - 15. The apparatus of claim 13, wherein the command encryption key is part of a symmetric key pair.
  - 16. The apparatus of claim 13, wherein the command encryption key is part of an asymmetric key pair.
  - 17. The apparatus of claim 13, wherein the processor is further configured to assign an expiration time to the stored encrypted security command, such that the stored encrypted security command is automatically deleted at the expiration time.
  - 18. The apparatus of claim 13, wherein the processor is further configured to delete the stored encrypted security command in response to a received command to delete the stored encrypted security command.
  - 19. The apparatus of claim 13, wherein the security command comprises a command to erase at least a portion of data stored at the target mobile device.
  - 20. The apparatus of claim 13, wherein the security command comprises a command to disable access to at least one application executable at the target mobile device.

21. A non-transitory computer-readable medium comprising computer-executable instructions which, when executed by a processor of a computing device, result in:
- while the computing device stores registration data for a target mobile device associated with a user, the registration data comprising a command encryption key for encrypting a security command for the target mobile device, the computing device generating an encrypted security command for the target mobile device by encrypting the security command using the command encryption key, and storing the encrypted security command in memory of the computing device, wherein the encrypted security command comprises a command to wipe or disable the target mobile device;
  
  after the computing device no longer stores the registration data comprising the command encryption key, the computing device receiving an instruction to wipe or disable the target mobile device; and
  
  in response to receiving the instruction, the computing device retrieving the stored encrypted security command from the memory of the computing device and transmitting the retrieved encrypted security command to the target mobile device for decryption by the target mobile device using a command decryption key corresponding to the command encryption key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Malikie Innovations Limited (Key Patent Innovations Limited)
Original Assignee
Blackberry Limited
Inventors
Brown, Michael Kenneth, Totzke, Scott William, Kirkup, Michael Grant
Primary Examiner(s)
Arani, Taghi
Assistant Examiner(s)
VU, PHY ANH TRAN

Application Number

US14/480,696
Publication Number

US 20140380045A1
Time in Patent Office

1,015 Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/0435   wherein the sending and rec...

H04L 63/0442   wherein the sending and rec...

H04L 63/06   for supporting key manageme...

Security command for remote execution at target device

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

48 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Security command for remote execution at target device

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

48 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links