(12) United States Patent
`BrOWn et al.
`
`(10) Patent No.:
`(45) Date of Patent:
`
`US 9,652,629 B2
`*May 16, 2017
`
`USOO9652629B2
`
`(54) SELECTIVELY WIPING AREMOTE DEVICE
`(71) Applicant: BlackBerry Limited, Waterloo (CA)
`(72) Inventors: Michael K. Brown, Fergus (CA);
`Michael S. Brown, Kitchener (CA);
`Herbert A. Little, Waterloo (CA):
`Scott W. Totzke, Waterloo (CA)
`(73) Assignee: BlackBerry Limited, Waterloo, Ontario
`(CA)
`
`(*) Notice:
`
`Subject to any disclaimer, the term of this
`patent is extended or adjusted under 35
`U.S.C. 154(b) by 0 days.
`This patent is Subject to a terminal dis-
`claimer.
`
`(21) Appl. No.: 14/816,271
`(22) Filed:
`Aug. 3, 2015
`
`(65)
`
`Prior Publication Data
`US 2015/0339495 A1
`Nov. 26, 2015
`
`Related U.S. Application Data
`(63) Continuation of application No. 13/245,061, filed on
`Sep. 26, 2011, now Pat. No. 9,100,413, which is a
`(Continued)
`
`(51) Int. Cl.
`H04L 29/06
`G06F2L/62
`
`(2006.01)
`(2013.01)
`(Continued)
`
`52) U.S. Cl
`(
`AV e. we
`CPC ........ G06F 21/6245 (2013.01); G06F 21/602
`plot so 21/6218 (2013.01);
`Ont1nue
`(58) Field of Classification Search
`None
`See application file for complete search history.
`
`(56)
`
`References Cited
`U.S. PATENT DOCUMENTS
`$5.2 A '98. Finan et al.
`k - W
`Continued
`(Continued)
`FOREIGN PATENT DOCUMENTS
`23881.17
`12/2002
`2495.083
`1, 2008
`Continued
`(
`)
`OTHER PUBLICATIONS
`EPO, Extended European Search Report relating to Application No.
`12190992.3, dated Feb. 13, 2013.
`(Continued)
`
`CA
`CA
`
`Primary Examiner — Shin-Hon Chen
`(74) Attorney, Agent, or Firm — Rowand LLP
`
`(57)
`
`ABSTRACT
`
`A system and method for selectively securing data from
`unauthorized access on a client device storing a plurality of
`data types with reference to an authorization level indicated
`in a command. A command is received at a client device
`-
`comprising an authorization level indicator. Based on at
`least one predefined rule, which may be implemented in an
`IT policy stored at the client device, each of the plurality of
`data types to be secured is determined, and then the data
`corresponding to those types is secured. The data may be
`secured by encrypting and/or deleting the data at the client
`device. The predefined rules associated with each authori
`Zation level may be configured by a user or administrator
`having an authorization level that exceeds the associated
`authorization level.
`
`33 Claims, 6 Drawing Sheets
`
`Configure wipe permissions
`Set the data categories to be erased by each
`authorization level:
`
`
`
`
`
`
`
`1 2
`
`SS
`S.
`
`Authorization level O
`Message data
`722-NCalendar data
`Addressional:
`User-created data
`PIM/messaging apps ::::
`Third-party apps
`f
`Encryption keys :
`
`.
`
`.
`
`.
`
`. .
`
`. .
`
`APPL-1009
`APPLE INC. / Page 1 of 19
`
`

`

`US 9,652,629 B2
`Page 2
`
`Related U.S. Application Data
`continuation of application No. 12/016,723, filed on
`Jan. 18, 2008, now Pat. No. 8,056,143.
`(60) Provisional application No. 60/885,796, filed on Jan.
`19, 2007.
`(51) Int. Cl.
`HO47 (2/02
`G06F2L/60
`G06F2L/88
`GO6F 7/04
`GO6F 17/30
`GO6F II/OO
`GO6F 7/OO
`HO4N 7/16
`(52) U.S. Cl.
`CPC ............ G06F 2 1/88 (2013.01); H04L 63/105
`(2013.01); H04 W 12/02 (2013.01); G06F
`222 1/2107 (2013.01); G06F 222 1/2113
`(2013.01); G06F 222 1/2143 (2013.01); H04L
`63/0428 (2013.01)
`
`(2009.01)
`(2013.01)
`(2013.01)
`(2006.01)
`(2006.01)
`(2006.01)
`(2006.01)
`(2011.01)
`
`(56)
`
`References Cited
`
`9, 2004 Lin et al.
`2004/O181673 A1
`2/2005 Hudis et al.
`2005, OO39001 A1
`2005/0186954 A1* 8/2005 Kenney ................... HO4M 1,67
`455,420
`2005/0222933 A1* 10/2005 Wesby .............. G06Q 40/00
`TOS/36 R.
`2005/0227729 A1* 10/2005 Nakayama ... HO4M 1,275
`455,558
`S.E. A. E. R. ams et al.
`2006/0265328 A1 11/2006 Yasukura
`2007/00 15490 A1* 1/2007 Munje ..................... HO4M 1766
`455,410
`
`2/2007 Thomas et al.
`2007.0035390 A1
`2007/0056043 A1* 3/2007 Onyon ............... G06F 21.88
`T26/26
`2007/0094463 A1
`4/2007 Brown et al.
`2007/0094471 A1
`4, 2007 Shaath et al.
`2007,0199.075 A1
`8, 2007 Skoric et al.
`2008.0113649 A1
`5/2008 Ibacache ................... HO4L 900
`ck
`455,410
`2008/0141337 A1* 6/2008 Yeung ................. GoGF23
`2008/0148042 A1* 6/2008 Brown .................... HO4L 63,06
`T13,154
`
`2009.0036157 A1
`2013, OO31595 A1
`2013,009 1564 A1
`
`2/2009 Mackie
`1/2013 Nevstruev et al.
`4/2013 Fitzgerald et al.
`
`U.S. PATENT DOCUMENTS
`
`FOREIGN PATENT DOCUMENTS
`
`5,265,159 A 11/1993 Kung
`5,748,084 A
`5, 1998 Isikoff
`5,901,285 A
`5, 1999 Labatte et al.
`5,987,609 A 11/1999 HaSebe
`6, 160,873 A 12/2000 Troung et al.
`6,167.253 A 12/2000 Farris et al.
`6,167,519 A 12/2000 Sonobe
`6,236,971 B1
`5, 2001 Stefik et al.
`6,292,898 B1
`9, 2001 Sutherland
`7,113,912 B2
`9, 2006 Stefik et al.
`7,159,120 B2
`1/2007 Muratov et al.
`7,216,110 B1
`5/2007 Ogg et al.
`R:
`658 EG al
`8,056,43 B2
`11/2011 Brown et al.
`8,140,863 B2
`3/2012 Brown et al.
`8,676.273 B1
`3/2014 Fujisaki
`2001/0045884 A1 11/2001 Barrus et al.
`2002.0002685 A1
`1/2002 Shim
`2002/0066034 A1
`5/2002 Schlossberg et al.
`2002/0143961 A1 10/2002 Siegel et al.
`2003/0023561 A1
`1/2003 Stefik et al.
`38.932 A. 539. Malov et al.
`2003. O149662 A1
`8, 2003 Shore
`2003/O162555 A1
`8, 2003 Loveland
`2004/0025053 A1
`2/2004 Hayward
`2004/0123153 A1* 6/2004 Wright .................... G06F 21.32
`T26.1
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`to go
`455,419
`
`2004/0124975 A1
`2004/0177270 A1
`
`7/2004 Fujiwara et al.
`9, 2004 Little et al.
`
`EP
`EP
`EP
`EP
`EP
`WO
`WO
`WO
`WO
`
`O836131
`O899647
`132O010
`1585OO7
`1633 155
`2004OO1619
`2004O15576
`2006O44746
`2006 125112
`
`4f1998
`3, 1999
`6, 2003
`10/2005
`3, 2006
`12/2003
`2, 2004
`4/2006
`11 2006
`
`OTHER PUBLICATIONS
`EPO, Replacement Extended European Search Report relating to
`Application No. 12190992.3, dated Mar. 4. 2013.
`International Search Report mailed Jun. 14, 2006 in WO2006/
`O44746.
`Menezes A.J. et al.: “Hash Functions and Data Integrity”. Jan. 1,
`1997, Handbook of Applied Cryptography; ICRC Press Series on
`Discrete Mathematics and its Applications), pp. 321-383,
`XPOO2275660.
`EPO, Supplementary European Search Report relating to Applica
`ton No. 08706234, dated Mar 12, 2010.
`dated Oct 28, 2010.
`USPTO, US Office Action relating to U.S. Appl. No. 13/245,061,
`dated Jan. 22, 2015.
`EPO, EP Examination Report relating to Application No. 8706234.
`5, dated Aug. 8, 2012.
`
`EPO, Examination Report relating to Application No. 08706234.5,
`
`* cited by examiner
`
`APPL-1009
`APPLE INC. / Page 2 of 19
`
`

`

`U.S. Patent
`
`May 16, 2017
`
`Sheet 1 of 6
`
`US 9,652,629 B2
`
`
`
`
`
`Wireless
`Infrastructure
`
`
`
`e
`
`18
`
`Wireless
`NetWork
`
`C2
`
`
`
`100
`
`
`
`Mobile
`Communication
`Device
`
`Figure 1
`
`APPL-1009
`APPLE INC. / Page 3 of 19
`
`

`

`U.S. Patent
`
`May 16, 2017
`
`Sheet 2 of 6
`
`US 9,652,629 B2
`
`99 #799 #7
`
`
`
`Microprocessor
`
`Z ?un61–
`
`APPL-1009
`APPLE INC. / Page 4 of 19
`
`

`

`U.S. Patent
`
`May 16, 2017
`
`Sheet 3 of 6
`
`US 9,652,629 B2
`
`OPERATING SYSTEM 301
`
`350
`
`300
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`KEYS 302
`
`PIMIMESSAGING APPLICATIONS 305
`
`sa
`
`THRD-PARTY APPLICATIONS 306
`
`
`
`
`
`
`
`MESSAGE DATA 310
`
`CALENDAR DATA 311
`
`ADDRESS BOOK DATA 312
`
`USER-ENTERED DATA 313
`
`IT POLICES 315
`
`AO1 OPERATING SYSTEM OOOOAEOO-OOB 13OOO
`
`AO3 KEYS OOB 13001-00BGOOOO
`
`A10 PIM/MSGNGAPPS OOBGOOO1-AFOOOOOO
`
`A11 THIRD-PARTY APPSAFOOOOO1-BAOOOOOO
`
`s A20 PMIMESSAGE DATA BAOOOOO1-EEOOOOOO
`
`A22 USER-ENTERED DATA EE000001-FOOOOOOO
`
`
`
`AEOIT POLICES FOOOOOO1-FOGOOOOO
`
`352
`
`Figure 3
`
`354
`
`360
`
`
`
`Password Reduired = True
`MaxSecurityTimeOut = 15
`UserCanChangeTimeout = False
`Allow PIN to PEN - False
`AllowVoiceCalling = False
`Password AttemptLimit - 5
`PIMMessage Data WipeMinLevel
`User Data WipeMinLevel = 0
`IT Policy WipeMinLevel = 4
`Third PartyApp WipeMinLevel = 0
`PIMMessage:AppWipeMinLevel = 2
`Key Data WipeMinLEve} = 2
`
`- O
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`Password Required = True
`MaxSecurityTimeout = 15
`User CanChange TimeOut = False
`Allow PIN to PEN = Ealse
`AllowVoiceCalling = False
`Password Attemptimit = 5
`Data WipeAuthLevel 0 = 0000 OOOOOOOOOO
`Data WipeAuthLevel1 = 00000000111100
`Data WipeAuthLevel 2 = 00000011111100
`Data WipeAuthLevel4 = 00111111111111
`
`Figure 4a
`
`Figure 4b
`
`APPL-1009
`APPLE INC. / Page 5 of 19
`
`

`

`U.S. Patent
`
`May 16, 2017
`
`Sheet 4 of 6
`
`US 9,652,629 B2
`
`OO OO CO 1
`
`11 OO
`
`AO1 AO3 A10 A11 A20 A22 AEO
`
`Figure 5
`
`
`
`receive Command
`message
`500
`
`authenticate
`Command
`510
`
`set flag
`520
`
`execute wipe
`COmmand
`530
`
`Figure 6
`
`YE
`
`reset flag
`540
`
`
`
`
`
`check next flag
`Subset value
`532
`
`end of flag?
`534
`
`YES
`
`delete data Corr
`esponding to subset
`538
`
`Figure 7a
`
`
`
`YE
`
`end
`
`
`
`
`
`
`
`
`
`
`
`check next SubSet
`value
`542
`
`end of flag?
`544
`
`delete data COrr
`esponding to subset
`548
`
`reset Subset Value
`550
`
`Figure 7b
`
`APPL-1009
`APPLE INC. / Page 6 of 19
`
`

`

`U.S. Patent
`
`May 16, 2017
`
`Sheet S of 6
`
`US 9,652,629 B2
`
`Administrator - Help Desk
`
`
`
`
`
`
`
`
`
`DeviceID
`AEOOO3C5
`AC56OOOE
`3EOO56OO
`Erase Data and Disable Handheld
`This will send a command to Amy Wong's device to
`erase selected previously stored information.
`
`680
`
`Select data Categories to be erased:
`A.
`s Message data
`Calendar data
`A. Book data
`Other user-Created data
`PIM/messaging applications
`Third-party applications
`: Encryption keys (will be prompted to reset)
`... IT Policy
`
`Are you sure you want to do this?
`
`Status
`unning
`Running
`
`Last Contact Time
`2006 1131 OO:31:
`20061203 12:01:33
`20061203 18:34:
`
`610
`
`Options
`- Assign IT Policy
`620
`Reset Master Ke
`KeSe VaSIe Key
`Set PassWord and Lock Handheld
`Erase Data and Disable Handheld
`Remove User
`
`
`
`Figure 8a
`
`
`
`
`
`
`
`6OO
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`DeviceID
`
`3EOO56OO
`
`o=daystrom/cn=aw
`Mailbox:
`M5
`M Server:
`a Wong itpol
`IT Policy Name:
`Applied Successful
`T Policy Status:
`Last IT Policy Update: 20061123 15:22:0
`
`
`
`Figure 8b
`
`Erase Data and Disable Handheld
`This will send a command to Hugh Farnsworth's
`device to erase selected previously stored information.
`
`
`
`
`
`690
`
`Select data categories to be erased:
`Message data
`Calendar data
`Address Book data
`Oth
`er-Created dat
`er user-Created Cata
`PIM/messaging applications
`Third-party applications
`Encryption keys (will be prompted to reset)
`IT Policy
`
`Are you sure you want to do this?
`
`
`
`APPL-1009
`APPLE INC. / Page 7 of 19
`
`

`

`U.S. Patent
`
`May 16, 2017
`
`Sheet 6 of 6
`
`US 9,652,629 B2
`
`YYYY
`(YN
`Ë
`YNNY)
`
`
`
`[][][][] Mojod II
`
`q6 ?un61–
`
`
`
`e6 ?un6|-
`
`
`
`
`
`
`
`
`
`06 eun61–No.ŒŒST
`
`APPL-1009
`APPLE INC. / Page 8 of 19
`
`

`

`1.
`SELECTIVELY WIPNG AREMOTE DEVICE
`
`2
`FIGS. 9a, 9b, and 9c are further example user interfaces
`for configuring wipe permissions.
`
`US 9,652,629 B2
`
`REFERENCE TO PRIORAPPLICATIONS
`
`This application is a continuation of U.S. application Ser. 5
`No. 13/245,061, filed Sep. 26, 2011, which is a continuation
`of U.S. application Ser. No. 12/016,723, filed Jan. 18, 2008,
`which claims priority from U.S. Application No. 60/885,
`796, filed Jan. 19, 2007, the entirety of which is incorporated
`herein by reference.
`
`10
`
`BACKGROUND
`
`1. Technical Field
`The present disclosure relates generally to the field of 15
`computer and network security, and more particularly, to
`wiping data stored on a remote device Such as a mobile
`communication device.
`2. Description of the Related Art
`Data stored in the memory of a communication and/or 20
`computing device, such as a mobile communication device,
`personal digital assistant (PDA), Smartphone, laptop com
`puter, and the like, may include data of a sensitive or critical
`nature that is accessible only by authorized users. Such data
`may include e-mail, calendar information, contact informa- 25
`tion in an address book, and other information that may be
`utilized, received, or transmitted by or from the communi
`cation device in the execution of communication-related or
`productivity-related applications. The data may further
`include applications, or data files created at the device or 30
`received by an authorized user at the device that are personal
`to the user, or that are used by the device for the management
`of data and/or security functions on the communication
`device. Such data includes information technology (IT)
`policies, which may comprise rules concerning a variety of 35
`security and management-related issues, such as user autho
`rization to use certain functions or install Software on the
`communication device, encryption algorithms in wireless
`communication, and authentication processes to be
`employed before allowing user access to data on the device, 40
`for example if an authentication token such as a Smart card
`is required.
`
`BRIEF DESCRIPTION OF THE DRAWINGS
`
`45
`
`Embodiments of the inventive aspects of this disclosure
`will be best understood with reference to the following
`detailed description, when read in conjunction with the
`accompanying drawings, in which:
`FIG. 1 is a schematic of a network for implementing a 50
`system and method of preventing access to data.
`FIG. 2 is a block diagram of a mobile communication
`device for use with the network of FIG. 1.
`FIG. 3 is a schematic representation of data stored in a
`memory store of a communication device.
`FIG. 4a is a schematic representation of data that may be
`incorporated into an exemplary IT policy.
`FIG. 4b is a further schematic representation of data that
`may be incorporated into an exemplary IT policy.
`FIG. 5 is a schematic representation of a flag in accor- 60
`dance with one embodiment.
`FIG. 6 is a flowchart of a method for processing a wipe
`command at a communication device.
`FIGS. 7a and 7b are flowcharts of methods for executing
`a wipe command.
`FIGS. 8a and 8b are example user interfaces for issuing
`a wipe command.
`
`55
`
`65
`
`DETAILED DESCRIPTION OF THE
`INVENTION
`
`While data may be protected by requiring the user to enter
`a valid password in order to access applications or data on
`the device, or by encrypting data stored on the device Such
`that access to the data requires decryption by a valid
`decryption key, there are instances when the device may be
`compromised, decommissioned, or redeployed, making it
`desirable to delete or “wipe' data, including applications, on
`the communication device so that it cannot be accessed by
`unauthorized or malicious users. However, it may not
`always be necessary or desirable to wipe all data and
`applications from a device.
`Therefore, it is desirable to provide a system and method
`for selectively wiping data at a communication device. Thus,
`as described herein, there is provided a method for selec
`tively securing data from unauthorized access on a client
`device storing a plurality of data types, the method com
`prising receiving a command at the client device, the com
`mand comprising an indicator of an authorization level.
`wherein the authorization level is associated with an issuer
`of the command; determining which of a plurality of data
`types is to be secured by identifying a predefined rule
`associated with the authorization level indicated in the
`received command, wherein the client device is provided
`with a plurality of predefined rules each associated with one
`of a plurality of authorization levels, each of the predefined
`rules comprising a value indicating each of the plurality of
`data types to be secured in response to a received command;
`and securing the data of the data types indicated by the value
`comprised in the identified predefined rule.
`In a further aspect, determining which of a plurality of
`data types is to be secured further comprises, when a
`predefined rule associated with the authorization level indi
`cated in the received command is not found, identifying a
`predefined rule associated with the next highest authoriza
`tion level that is lower than the indicated authorization level.
`In still a further aspect, the plurality of predefined rules is
`stored at the client device in association with an IT policy.
`In another aspect, securing the data further comprises setting
`a flag at the client device, the flag comprising a Subset value
`for each of the plurality of data types, the subset value
`indicating whether the data of that data type is to be secured;
`in response to the received command, checking each of the
`Subset values of the flag, and carrying out a securing
`operation if the subset value indicates that the data of that
`data type is to be secured; and after each of the subset values
`has been checked, resetting the Subset values to indicate that
`no further securing operation is to be carried out. In yet a
`further aspect, securing the data comprises one of deleting
`the data; encrypting the data; or encrypting, then deleting,
`the data. The securing operation may comprise one of
`deleting the data of that data type; encrypting the data of that
`data type; and encrypting, then deleting, the data of that data
`type. In a further aspect, the command is received in an
`encrypted message, and prior to securing the data the
`command is authenticated by decrypting the message and
`extracting the command, such that the command is authen
`ticated if the command is extracted successfully. The client
`device may comprise a mobile communications device, and
`the command may be received over the air, or received from
`input at the client device, or received as detection of a
`predetermined action, condition or trigger for the execution
`
`APPL-1009
`APPLE INC. / Page 9 of 19
`
`

`

`US 9,652,629 B2
`
`10
`
`25
`
`35
`
`3
`of the wipe command at the client device. In yet a further
`aspect, prior to receiving the command at the client device,
`the method may comprise defining, at a location remote
`from the client device, a plurality of predefined rules asso
`ciated with an authorization level; and transmitting to the
`client device the plurality of predefined rules thus defined.
`Defining the plurality of predefined rules may comprise, for
`a given authorization level, presenting a set of configuration
`options for configuring securing operations for each of the
`plurality of data types for authorization levels lower than the
`given authorization level; and constructing a plurality of
`rules comprising selected configuration options. The data
`types may comprise at least one of an operating system,
`encryption and decryption keys, personal information man
`agement applications, messaging applications, e-mail data,
`15
`short message service data, instant messaging data, multi
`media message data, Voicemail data, calendar data, address
`book data, or IT policies.
`There is further provided a computer readable memory
`having recorded thereon statements and instructions for
`execution by a computer to receive a command at the client
`device, the command comprising an indicator of an autho
`rization level, wherein the authorization level is associated
`with an issuer of the command; determine which of a
`plurality of data types is to be secured by identifying a
`predefined rule associated with the authorization level indi
`cated in the received command, wherein the client device is
`provided with a plurality of predefined rules each associated
`with one of a plurality of authorization levels, each of the
`predefined rules comprising a value indicating each of the
`plurality of data types to be secured in response to a received
`command; and secure the data of the data types indicated by
`the value comprised in the identified predefined rule.
`In a further embodiment, there is provided a method for
`selectively securing data from unauthorized access on a
`client device storing a plurality of data types, the method
`comprising receiving a command at the client device, the
`command comprising an indicator of an authorization level.
`wherein the authorization level is associated with an issuer
`of the command; determining which of the plurality of data
`40
`types is to be secured by identifying each of a plurality of
`predefined rules comprising an indicator of an authorization
`level equal to or less than the authorization level indicated
`in the received command, each of the plurality of predefined
`rules being associated with one of the plurality of data types;
`and securing only the data corresponding to each of the
`plurality of data types associated with the predefined rules
`thus identified. In a further aspect, securing the data further
`comprises setting a flag at the client device, the flag com
`prising a Subset value for each of the plurality of data types,
`50
`the subset value indicating whether the data of that data type
`is to be secured; in response to the received command,
`checking each of the Subset values of the flag, and carrying
`out a securing operation if the Subset value indicates that the
`data of that data type is to be secured; and after each of the
`Subset values has been checked, resetting the Subset values
`to indicate that no further securing operation is to be carried
`out. In another aspect, securing the data comprises one of
`deleting the data; encrypting the data; or encrypting, then
`deleting, the data.
`In still a further aspect, there is provided computer
`readable memory having recorded thereon statements and
`instructions for execution by a computer to receive a com
`mand at the client device, the command comprising an
`indicator of an authorization level, wherein the authorization
`level is associated with an issuer of the command; determine
`which of the plurality of data types is to be secured by
`
`30
`
`45
`
`55
`
`60
`
`65
`
`4
`identifying each of a plurality of predefined rules comprising
`an indicator of an authorization level equal to or less than the
`authorization level indicated in the received command, each
`of the plurality of predefined rules being associated with one
`of the plurality of data types; and secure only the data
`corresponding to each of the plurality of data types associ
`ated with the predefined rules thus identified.
`In yet a further embodiment, there is provided a mobile
`client device for selectively securing data from unauthorized
`access on the client device storing a plurality of data types,
`the device comprising a processor, a memory storing data
`comprising at least one of a plurality of data types; and a
`receiver operatively connected to the processor for receiving
`a command at the client device, the command comprising an
`indicator of an authorization level, wherein the authorization
`level is associated with an issuer of the command; wherein
`the processor is configured to determine, using at least one
`predefined rule associated with the authorization level indi
`cated by the authorization level indicator, which of a plu
`rality of data types is to be secured and to secure the data
`stored in the memory corresponding to each of the plurality
`of data types thus determined. In a further aspect, each of the
`predefined rules is associated with one of a plurality of
`authorization levels, and each of the predefined rules com
`prises a value indicating each of the plurality of data types
`to be secured in response to a received command, and
`wherein the processor is further configured to identify the
`predefined rule associated with the authorization level indi
`cated in the received command, and to secure only those
`data types indicated by the value comprised in the identified
`predefined rule. In still a further aspect, the device further
`comprises a memory for storing a flag comprising a Subset
`value for each of the plurality of data types, the subset value
`indicating whether the data of that data type is to be secured,
`the processor being further configured to set the flag; in
`response to the received command, check each of the Subset
`values of the flag, and carry out a securing operation if the
`subset value indicates that the data of that data type is to be
`secured; and after each of the subset values has been
`checked, reset the subset values to indicate that no further
`securing operation is to be carried out. The processor may be
`configured to secure the data by deleting the data corre
`sponding to each of the plurality of data types thus deter
`mined from the memory, or to secure the data by encrypting
`the data corresponding to each of the plurality of data types
`thus determined in the memory. Further, in another aspect,
`the command may be received in an encrypted message, and
`the processor is configured to decrypt the message and
`extract the command, Such that the command is authenti
`cated if the command is extracted Successfully.
`Referring to FIG. 1, an overview of an exemplary com
`munication system for use with the embodiments described
`below is shown. One skilled in the art will appreciate that
`there may be many different topologies, but the system
`shown in FIG. 1 helps demonstrate the operation of the
`systems and methods described in the present application.
`There may be many communication devices connected to
`the system that are not shown in the simple overview of FIG.
`1.
`FIG. 1 shows first communication device, here a client
`personal computer 10, a network, here the Internet 20, a
`server system 40, a wireless gateway 85, wireless infrastruc
`ture 90, a wireless network 105 and a second communication
`device, here a client mobile communication device 100. It
`will be appreciated by those skilled in the art that the devices
`referred to herein as client devices, personal computers,
`mobile devices, mobile communication devices, communi
`
`APPL-1009
`APPLE INC. / Page 10 of 19
`
`

`

`5
`cation devices, computing devices, or data storage devices
`may comprise devices whose main function is directed to
`data or voice communication over a network and data
`storage, but may also be provided with personal or produc
`tivity applications, or devices whose main function is
`directed to computing or executing productivity applica
`tions, but are also adapted to enable a user to communicate
`over a network. Such devices include, but are not limited to,
`laptop and notebook computers, PDAs, Smartphones, and
`the like. The client device is capable of communicating over
`a wireless network, as set out in further detail below.
`A client personal computer 10 may, for example, be
`connected to an ISP (Internet Service Provider) on which a
`user of the system has an account, located within a company,
`possibly connected to a local area network (LAN), and
`connected to the Internet 20, or connected to the Internet 20
`through a large ASP (application service provider). Those
`skilled in the art will appreciate that the systems shown in
`FIG. 1 may instead be connected to a wide area network
`(WAN) other than the Internet.
`The wireless gateway 85 and infrastructure 90 provide a
`link between the Internet 20 and wireless network 105. The
`wireless infrastructure 90 determines the most likely net
`work for locating a given user and tracks the user as they
`roam between countries or networks. Messages and other
`data may be delivered to the client mobile device 100 via
`wireless transmission, typically at a radio frequency (RF),
`from a base station in the wireless network 105 to the client
`mobile device 100. The particular network 105 may be any
`wireless network over which messages may be exchanged
`with a mobile communication device. The client mobile
`device 100 may also receive data by other means, for
`example through a direct connection to a port provided on
`the mobile device 100, such as a Universal Serial Bus (USB)
`link.
`The server system 40 may be implemented, for example,
`on a network computer within the firewall of a corporation,
`a computer within an ISP or ASP system or the like. The
`server system 40 may act as the application, network access,
`and/or file server for one or more communication devices. In
`the embodiment described below, the server system 40 also
`acts as an authoritative server for managing IP policies and
`issuing software and security-related commands to the client
`devices 10, 100. The mobile device 100, if it is configured
`for receiving and possibly sending e-mail, may be associated
`with an account on the server system 40. The software
`products and other components that are often used in con
`junction with the functions of the server system 40 described
`herein are not shown in FIG. 1, as they do not directly play
`a role in the system and method described below. If the
`server system 40 acts as a message server, the server system
`40 may support either a so-called “pull or “push” message
`access scheme, wherein the mobile device 100 requests that
`stored messages be forwarded by the message server to the
`mobile device 100 (“pull), or the server system 40 may be
`provided with means for automatically redirecting messages
`addressed to the user of the mobile device 100 as they are
`received (“push”).
`The server system 40 may be used to provide adminis
`trative functions for the client devices 10 and 100, for
`example by establishing and transmitting information tech
`nology (IT) policies. In accordance with various embodi
`ments, administrator access is provided at the server system
`40 for issuing various commands relating to the manage
`ment and security features of the client devices 10, 100,
`although the system and method described herein may be
`implemented from another device on the network, if such
`
`10
`
`15
`
`25
`
`30
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`US 9,652,629 B2
`
`6
`administrator-level access is provided at the other device.
`For ease of reference, the various administrative functions
`and registration of client devices at a server will be described
`with reference to the server system 40. The system of FIG.
`1 may be configured to provide for multiple levels of
`administrator-level access; for example, the system of FIG.
`1 may be implemented for use with an organization or
`institution mandating multiple levels of security authoriza
`tion and IT Support. The IT Support roles may comprise
`“help desk” support, which is authorized to provide a first set
`of administrator and IT support services to users of client
`devices 10, 100 such as application support and certain
`security-related Support Such as resetting passwords, but is
`not authorized to provide certain higher-level administrator
`functions relating to more sensitive security issues; and
`“security” IT support with a higher level of authorization for
`providing a second set of administrator and IT Support
`services to the users of the client devices 10, 100, such as
`deploying and redeploying client devices 10, 100, config
`uring security protocols at and between the client devices 10,
`100 and the server 40, and other functions that may require
`a greater level of knowledge, certification, trust, or security
`clearance to implement or configure. The level of authori
`Zation provided to particular support or administrative per
`sonnel may be determined by the server 40 in accordance
`with a predetermined IT policy when the individual support
`person logs into the server 40; upon login, the server 40 may
`look up the individuals administrative authorization level,
`and provide the individual with access to the functions
`commensurate with his or her authorization level.
`Typically, and particularly in the instance where the client
`device is a communication device 100 Such as a Smartphone,
`PDA, or laptop or other mobile computer, a single user is
`designated as the authorized user of the client device 10,
`100, although more than one user may be authorized to use
`the client device 10, 100, particularly if the device is a
`networked desktop computer or other non-mobile device.
`Depending on the IT policy configured on that client device
`10, 100, the user of the device may have access to a varied
`set of functions on the device. For example, in the case of a
`smartphone or other client device 10, 100 capable of voice
`and/or SMS communication, the voice and/or SMS func
`tions may be disabled. While one method of disabling a
`function is to delete or simply not install the portion of the
`devices applications or operating system relating to this
`function, this may not be feasible or desirable. Instead, the
`availability of the function may be determined by the IT
`policy configured for that device. Furthermore, users may be
`granted varying levels of access to configure or use the
`functions of the same client device 10, 100. Some users may
`only be provided with access to previously installed appli
`cation programs, and may not have Sufficient authority to
`install further applications, and may only