SYSTEM AND METHOD FOR WIPING AND DISABLING A REMOVED DEVICE

US 20080148042A1
Filed: 12/14/2006
Published: 06/19/2008
Est. Priority Date: 12/14/2006
Status: Active Grant

First Claim

Patent Images

1. A method, implemented at a server system, for causing a security command to be executed remotely at a target mobile device, wherein the target mobile device is configured to receive, decrypt using a command decryption key, and execute security commands from the server system and the server system is initially provided with a command encryption key for encrypting security commands for the target device, the method comprising the steps of:

generating a security command for the target mobile device by encrypting the security command using the command encryption key;

storing the encrypted security command;

deleting the command encryption key in response to a received instruction;

receiving a further instruction to issue the security command to the target mobile device after the command encryption key is deleted;

in response to the received further instruction, retrieving the previously stored encrypted security command, and transmitting the security command to the target mobile device.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method implemented at a server system, for securely wiping a remote mobile device after the device registration has been removed from the server system. Prior to removal of the device registration from the server system, a “pre-packaged” command is created and stored at the server system. In the event that it is determined, after removal of the registration, that the device should be wiped or disabled, means are provided for an administrator to issue the previously stored command to the target mobile device.

87 Citations

View as Search Results

27 Claims

1. A method, implemented at a server system, for causing a security command to be executed remotely at a target mobile device, wherein the target mobile device is configured to receive, decrypt using a command decryption key, and execute security commands from the server system and the server system is initially provided with a command encryption key for encrypting security commands for the target device, the method comprising the steps of:
- generating a security command for the target mobile device by encrypting the security command using the command encryption key;
  
  storing the encrypted security command;
  
  deleting the command encryption key in response to a received instruction;
  
  receiving a further instruction to issue the security command to the target mobile device after the command encryption key is deleted;
  
  in response to the received further instruction, retrieving the previously stored encrypted security command, and transmitting the security command to the target mobile device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 26, 27)
- - 2. The method of claim 1, wherein the step of generating a security command comprises the steps of inserting the security command in a message addressed to the target device, encrypting the message using the command encryption key, and storing the encrypted message;
    - and the step of transmitting the security command comprises the steps of retrieving the encrypted message and transmitting the encrypted message to the target mobile device.
  - 3. The method of claim 1, wherein the step of transmitting the security command comprises the steps of retrieving the stored encrypted security command and inserting it in a message addressed to the target mobile device.
  - 4. The method of claim 1, further comprising the step of receiving a command to delete the command encryption key prior to the step of deleting the command encryption key.
  - 5. The method of claim 4, wherein the initially provided command encryption key is comprised in registration data associated with the target mobile device, and the command to delete the command encryption key comprises a command to delete the registration data associated with the target mobile device.
  - 6. The method of claim 5 wherein the step of storing further comprises the step of assigning an expiration time to the stored security command, such that the stored security command is automatically deleted at the expiration time.
  - 7. The method of claim 5 further comprising the step of deleting the stored security command in response to a received command to delete the stored security command.
  - 8. The method of claim 1 wherein the security command is a command to erase at least a portion of data stored at the target mobile device.
  - 9. The method of claim 8 wherein the security command further comprises a command to disable access to at least one application executable at the target mobile device.
  - 10. The method of claim 1 wherein the command decryption key and the command encryption key are a symmetric key pair.
  - 11. The method of claim 1 wherein the command decryption key and the command encryption key are an asymmetric key pair.
  - 12. The method of claim 11 wherein the command decryption key is a transport key.
  - 26. A computer readable memory having recorded thereon instructions for execution by a computing device to carry out the method of claim 1.
  - 27. A medium embodying a data signal representing sequences of instructions which, when received and executed by a processor, cause the processor to carry out the method of claim 1.

13. A server system for issuing security commands to a target mobile device, comprising:
- a processor configured to generate an encrypted security command for a selected target mobile device using an associated command encryption key, the selected target mobile device being provided with a command decryption key corresponding to the command encryption key;
  
  memory for storing a set of security commands for a target mobile device, a registration for the selected target mobile device comprising the associated command encryption key, and the encrypted security command for the selected target mobile device;
  
  a transmission module for transmitting commands to target mobile devices;
  
  wherein the processor is further configured to respond to a received removal instruction by removing the registration for the selected target mobile device while maintaining the stored encrypted security command, to respond to an issuing instruction received after having responded to the removal instruction by transmitting the stored encrypted security command to the selected target mobile device.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 23, 24, 25)
- - 14. The server system of claim 13, wherein the processor is further configured to generate the encrypted security command by encrypting a security command using the associated command encryption key for storage in the memory, and the transmission module is further configured to generate a message addressed to the target mobile device comprising the previously stored encrypted security command retrieved from the memory.
  - 15. The server system of claim 13, wherein the processor is further configured to generate the encrypted security command by generating a message comprising the security command and encrypting the message using the associated command encryption key for storage in the memory.
  - 16. The server system of claim 13, wherein the processor is further configured to delete the stored security command at an expiration time.
  - 17. The method of claim 13, wherein the processor is further configured to delete the stored security command in response to a received command to delete the stored security command.
  - 18. The server system of claim 13 wherein the encrypted security command is a command to erase at least a portion of data stored at the selected target mobile device.
  - 19. The server system of claim 18 wherein the encrypted security command further comprises a command to disable access to at least one application executable at the selected target mobile device.
  - 20. The server system of claim 13 wherein the command decryption key and the command encryption key are a symmetric key pair.
  - 21. The server system of claim 13 wherein the command decryption key and the command encryption key are an asymmetric key pair.
  - 23. The server system of claim 21 wherein the command decryption key is a transport key.
  - 24. A system for providing communication between a server system and a target mobile device, comprising the server system of claim 13 and a target mobile device provided with a command decryption key for decrypting encrypted security commands received from the server system, the target mobile device being configured to execute the received security command provided it is decrypted successfully by the target mobile device.
  - 25. The system of claim 24 wherein the target mobile device is a wireless mobile communication device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Malikie Innovations Limited (Key Patent Innovations Limited)
Original Assignee
Blackberry Limited
Inventors
BROWN, Michael K., KIRKUP, Michael G., TOTZKE, Scott W.

Granted Patent

US 8,856,511 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/154
CPC Class Codes

H04L 63/0435   wherein the sending and rec...

H04L 63/0442   wherein the sending and rec...

H04L 63/06   for supporting key manageme...

SYSTEM AND METHOD FOR WIPING AND DISABLING A REMOVED DEVICE

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

87 Citations

27 Claims

Specification

Use Cases

Quick Links

Others

SYSTEM AND METHOD FOR WIPING AND DISABLING A REMOVED DEVICE

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

87 Citations

27 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others