Securing data usage in computing devices
First Claim
Patent Images
1. An apparatus comprising:
- a memory to store computer readable instructions; and
one or more processors to execute the computer readable instructions to;
receive a policy comprising a lock policy specifying a plurality of hierarchical lock levels that each permit access to a document that has been defined as accessible at that lock level, the plurality of lock levels including a first lock level assigned to a first document and a second lock level lower than the first lock level that is assigned to a second document, wherein the policy further specifying that users are required to provide a first authentication at the first lock level assigned to the first document to access the first document and are required to provide a second authentication at the second lock level assigned to the second document to access the second document;
receive a request to lock the first document from a user;
in response to receiving the request to lock the first document, prompt the user for the first authentication at the first lock level assigned to the first document specified in the request and receive the first authentication at the first lock level from the user;
in response to receiving the request to lock the first document and receiving the first authentication at the first lock level assigned to the first document specified in the request, automatically lock the first document and the second document without requiring the second authentication at the second lock level for the second document;
receive a request to access the second document; and
allow or deny access to the second document in accordance with the policy.
2 Assignments
0 Petitions
Accused Products
Abstract
Policies are applied to specific data rather than to an entire computing device that contains the specific data. Access to the specific data is controlled by the policies utilizing various password or other authentication credential requirements, selective data caching, data transmission, temporary data storage, and/or pre-defined conditions under which the specific data is to be erased or rendered inaccessible. Policies may be defined by an administrator and pushed to a mobile computing device, whereat the policies are enforced.
40 Citations
20 Claims
-
1. An apparatus comprising:
-
a memory to store computer readable instructions; and one or more processors to execute the computer readable instructions to; receive a policy comprising a lock policy specifying a plurality of hierarchical lock levels that each permit access to a document that has been defined as accessible at that lock level, the plurality of lock levels including a first lock level assigned to a first document and a second lock level lower than the first lock level that is assigned to a second document, wherein the policy further specifying that users are required to provide a first authentication at the first lock level assigned to the first document to access the first document and are required to provide a second authentication at the second lock level assigned to the second document to access the second document; receive a request to lock the first document from a user; in response to receiving the request to lock the first document, prompt the user for the first authentication at the first lock level assigned to the first document specified in the request and receive the first authentication at the first lock level from the user; in response to receiving the request to lock the first document and receiving the first authentication at the first lock level assigned to the first document specified in the request, automatically lock the first document and the second document without requiring the second authentication at the second lock level for the second document; receive a request to access the second document; and allow or deny access to the second document in accordance with the policy. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A mobile computing device, comprising:
-
a processor; and a memory in communication with the processor, the memory comprising instructions stored thereupon which, when executed by the processor, cause the processor to; store personal data associated with a user of the mobile computing device; store enterprise data associated with an enterprise; store one or more policies, each policy comprising instructions for at least one of controlling access to the enterprise data and handling of the enterprise data, wherein at least one policy of the one or more policies comprises instructions specifying a plurality of hierarchical lock levels that each permit access to a portion of the enterprise data that has been defined as accessible at that lock level, the plurality of lock levels including a first lock level that is assigned to a first portion of the enterprise data and a second lock level lower than the first lock level that is assigned to a second portion of the enterprise data and instructions specifying that users are required to provide a first authentication at the first lock level assigned to the first portion of the enterprise data to access the first portion of the enterprise data and are required to provide a second authentication at the second lock level assigned to the second portion of the enterprise data to access the second portion of the enterprise data; receive a request to lock the first portion of the enterprise data from the user; in response to receiving the request to lock the first portion of the enterprise data, prompt the user for the first authentication at the first lock level assigned to the first portion of the enterprise data specified in the request and receive the first authentication at the first lock level from the user; in response to receiving the request to lock the first portion of the enterprise data and receiving the first authentication at the first lock level assigned to the first portion of the enterprise data specified in the request, automatically lock the first portion of the enterprise data and the second portion of the enterprise data without requiring the second authentication at the second lock level for the second portion of the enterprise data; receive a request to access the second portion of the enterprise data; and allow or deny access to the second portion of the enterprise data in accordance with the one or more policies. - View Dependent Claims (8)
-
-
9. A computer-implemented method comprising:
-
receiving, at a client computing device, a policy comprising a lock policy specifying a plurality of hierarchical lock levels that each permit access to a document that has been defined as accessible at that lock level, the plurality of lock levels including a first lock level assigned to a first document and a second lock level lower than the first lock level that is assigned to a second document, wherein the policy further specifies that users are required to provide a first authentication at the first lock level assigned to the first document to access the first document and are required to provide a second authentication at the second lock level assigned to the second document to access the second document; receiving a request to lock the first document from a user; in response to receiving the request to lock the first document, prompt the user for the first authentication at the first lock level assigned to the first document specified in the request and receiving the first authentication at the first lock level from the user; in response to receiving the request to lock the first document and receiving the first authentication at the first lock level assigned to the first document specified in the request, automatically lock the first document and the second document without requiring the second authentication at the second lock level for the second document; receiving, at the client computing device, a request to access the second document; and allowing or denying access to the second document in accordance with the policy. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
-
Specification