Securing data usage in computing devices

US 10,165,007 B2
Filed: 09/15/2011
Issued: 12/25/2018
Est. Priority Date: 09/15/2011
Status: Active Grant

First Claim

Patent Images

1. An apparatus comprising:

a memory to store computer readable instructions; and

one or more processors to execute the computer readable instructions to;

receive a policy comprising a lock policy specifying a plurality of hierarchical lock levels that each permit access to a document that has been defined as accessible at that lock level, the plurality of lock levels including a first lock level assigned to a first document and a second lock level lower than the first lock level that is assigned to a second document, wherein the policy further specifying that users are required to provide a first authentication at the first lock level assigned to the first document to access the first document and are required to provide a second authentication at the second lock level assigned to the second document to access the second document;

receive a request to lock the first document from a user;

in response to receiving the request to lock the first document, prompt the user for the first authentication at the first lock level assigned to the first document specified in the request and receive the first authentication at the first lock level from the user;

in response to receiving the request to lock the first document and receiving the first authentication at the first lock level assigned to the first document specified in the request, automatically lock the first document and the second document without requiring the second authentication at the second lock level for the second document;

receive a request to access the second document; and

allow or deny access to the second document in accordance with the policy.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Policies are applied to specific data rather than to an entire computing device that contains the specific data. Access to the specific data is controlled by the policies utilizing various password or other authentication credential requirements, selective data caching, data transmission, temporary data storage, and/or pre-defined conditions under which the specific data is to be erased or rendered inaccessible. Policies may be defined by an administrator and pushed to a mobile computing device, whereat the policies are enforced.

40 Citations

View as Search Results

20 Claims

1. An apparatus comprising:
- a memory to store computer readable instructions; and
  
  one or more processors to execute the computer readable instructions to;
  
  receive a policy comprising a lock policy specifying a plurality of hierarchical lock levels that each permit access to a document that has been defined as accessible at that lock level, the plurality of lock levels including a first lock level assigned to a first document and a second lock level lower than the first lock level that is assigned to a second document, wherein the policy further specifying that users are required to provide a first authentication at the first lock level assigned to the first document to access the first document and are required to provide a second authentication at the second lock level assigned to the second document to access the second document;
  
  receive a request to lock the first document from a user;
  
  in response to receiving the request to lock the first document, prompt the user for the first authentication at the first lock level assigned to the first document specified in the request and receive the first authentication at the first lock level from the user;
  
  in response to receiving the request to lock the first document and receiving the first authentication at the first lock level assigned to the first document specified in the request, automatically lock the first document and the second document without requiring the second authentication at the second lock level for the second document;
  
  receive a request to access the second document; and
  
  allow or deny access to the second document in accordance with the policy.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The apparatus of claim 1, wherein the lock policy further comprises instructions specifying one or more lock levels that each permit access to the document based on a location of a computing device that sends a request to access the document.
  - 3. The apparatus of claim 1, wherein the policy further comprises a storage control policy comprising instructions that dictate storage of the document on a computing device that sends the request.
  - 4. The apparatus of claim 3, wherein the storage control policy comprises instructions indicating whether the document can be cached on the computing device and, if the document can be cached, for how long the document can be cached.
  - 5. The apparatus of claim 3, wherein the storage control policy further comprises instructions indicating how long the document can be stored on the computing device.
  - 6. The apparatus of claim 3, wherein the storage control policy comprises instructions indicating one or more conditions under which the document is to be erased or is to be rendered inaccessible.

7. A mobile computing device, comprising:
- a processor; and
  
  a memory in communication with the processor, the memory comprising instructions stored thereupon which, when executed by the processor, cause the processor to;
  
  store personal data associated with a user of the mobile computing device;
  
  store enterprise data associated with an enterprise;
  
  store one or more policies, each policy comprising instructions for at least one of controlling access to the enterprise data and handling of the enterprise data, wherein at least one policy of the one or more policies comprises instructions specifying a plurality of hierarchical lock levels that each permit access to a portion of the enterprise data that has been defined as accessible at that lock level, the plurality of lock levels including a first lock level that is assigned to a first portion of the enterprise data and a second lock level lower than the first lock level that is assigned to a second portion of the enterprise data and instructions specifying that users are required to provide a first authentication at the first lock level assigned to the first portion of the enterprise data to access the first portion of the enterprise data and are required to provide a second authentication at the second lock level assigned to the second portion of the enterprise data to access the second portion of the enterprise data;
  
  receive a request to lock the first portion of the enterprise data from the user;
  
  in response to receiving the request to lock the first portion of the enterprise data, prompt the user for the first authentication at the first lock level assigned to the first portion of the enterprise data specified in the request and receive the first authentication at the first lock level from the user;
  
  in response to receiving the request to lock the first portion of the enterprise data and receiving the first authentication at the first lock level assigned to the first portion of the enterprise data specified in the request, automatically lock the first portion of the enterprise data and the second portion of the enterprise data without requiring the second authentication at the second lock level for the second portion of the enterprise data;
  
  receive a request to access the second portion of the enterprise data; and
  
  allow or deny access to the second portion of the enterprise data in accordance with the one or more policies.
- View Dependent Claims (8)
- - 8. The mobile computing device of claim 7, wherein the one or more policies further comprises a storage control policy comprising instructions that dictate storage of the enterprise data in the memory.

9. A computer-implemented method comprising:
- receiving, at a client computing device, a policy comprising a lock policy specifying a plurality of hierarchical lock levels that each permit access to a document that has been defined as accessible at that lock level, the plurality of lock levels including a first lock level assigned to a first document and a second lock level lower than the first lock level that is assigned to a second document, wherein the policy further specifies that users are required to provide a first authentication at the first lock level assigned to the first document to access the first document and are required to provide a second authentication at the second lock level assigned to the second document to access the second document;
  
  receiving a request to lock the first document from a user;
  
  in response to receiving the request to lock the first document, prompt the user for the first authentication at the first lock level assigned to the first document specified in the request and receiving the first authentication at the first lock level from the user;
  
  in response to receiving the request to lock the first document and receiving the first authentication at the first lock level assigned to the first document specified in the request, automatically lock the first document and the second document without requiring the second authentication at the second lock level for the second document;
  
  receiving, at the client computing device, a request to access the second document; and
  
  allowing or denying access to the second document in accordance with the policy.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 10. The computer-implemented method of claim 9, wherein the lock policy further comprises instructions specifying one or more lock levels that each permit access to the document based on a location of a client computing device requesting access to the document.
  - 11. The computer-implemented method of claim 9, wherein the policy further comprises a storage control policy comprising instructions that dictate storage of the document on the client computing device.
  - 12. The computer-implemented method of claim 11, wherein the storage control policy comprises instructions indicating whether the document is able to be cached on the client computing device and, if the document can be cached, for how long the document can be cached.
  - 13. The computer-implemented method of claim 11, wherein the storage control policy further comprises instructions indicating how long the document can be stored on the client computing device.
  - 14. The computer-implemented method of claim 11, wherein the storage control policy comprises instructions indicating one or more conditions under which the document is to be erased or is to be rendered inaccessible.
  - 15. The computer-implemented method of claim 9, wherein the lock policy further comprises instructions specifying one or more lock levels that each permit access to the document in response the client computing device being connected with a network at a workplace.
  - 16. The computer-implemented method of claim 9, wherein the policy specifies that the document is not accessible on a mobile computing device.
  - 17. The computer-implemented method of claim 9, wherein the policy specifies that the document is not accessible via a network.
  - 18. The computer-implemented method of claim 17, wherein the network is a cellular network.
  - 19. The computer-implemented method of claim 17, wherein the network is a WIFI access network.
  - 20. The computer-implemented method of claim 9, wherein the policy specifies that the document is accessible based upon a usage of a function or application on a mobile computing device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Inventors
Brennan, David John, Desai, Aditi, Ramanathan, Rajesh
Primary Examiner(s)
Le, Chau

Application Number

US13/233,032
Publication Number

US 20130074142A1
Time in Patent Office

2,658 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/31   User authentication

G06F 21/6218   to a system of files or obj...

G06F 21/6245   Protecting personal data, e...

H04L 63/105   Multiple levels of security

H04L 63/20   for managing network securi...

Securing data usage in computing devices

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

40 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Securing data usage in computing devices

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

40 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links