WO2015198336A2 - Remotely managed data loss prevention/protection in electronic devices - Google Patents

Remotely managed data loss prevention/protection in electronic devices Download PDF

Info

Publication number
WO2015198336A2
WO2015198336A2 PCT/IN2014/000417 IN2014000417W WO2015198336A2 WO 2015198336 A2 WO2015198336 A2 WO 2015198336A2 IN 2014000417 W IN2014000417 W IN 2014000417W WO 2015198336 A2 WO2015198336 A2 WO 2015198336A2
Authority
WO
WIPO (PCT)
Prior art keywords
data
electronic device
properties
encrypted data
logical container
Prior art date
Application number
PCT/IN2014/000417
Other languages
French (fr)
Other versions
WO2015198336A3 (en
Inventor
Ankur P PANCHBUDHE
Anand A Kekre
Original Assignee
Vaultize Technologies Private Limited
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Vaultize Technologies Private Limited filed Critical Vaultize Technologies Private Limited
Priority to PCT/IN2014/000417 priority Critical patent/WO2015198336A2/en
Publication of WO2015198336A2 publication Critical patent/WO2015198336A2/en
Publication of WO2015198336A3 publication Critical patent/WO2015198336A3/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/10Integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • H04W12/126Anti-theft arrangements, e.g. protection against subscriber identity module [SIM] cloning

Definitions

  • the embodiments herein relate to data loss protection/protection (DLP) and more particularly relates to remotely managing the DLP by containerizing the data on electronic devices.
  • DLP data loss protection/protection
  • MDM Mobile Device Management
  • MAM Mobile App Management
  • DLP data loss protection/protection
  • apps three broad approaches are taken: containerize the whole device, containerize specific apps, or run the apps within separate virtual machines. Containerization of the whole device may raise issues related to privacy and individual rights, while, containerizing of the specific apps require special support and software/hardware to be purchased and deployed.
  • the virtual machine approach may not be completely developed and may be an unproven technology. As these solutions mainly control the device properties, settings, and configurations, these solutions may not accurately containerize the data and address the DLP for the electronic devices. Additionally, existing approaches may not directly containerize the data and the data loss may still occur while exchanging data between the apps.
  • FIG. 1 is a high level overview of a system used to remotely manage data loss prevention/protection (DLP), according to embodiments as disclosed herein;
  • DLP data loss prevention/protection
  • FIG. 2 expands features and functionalities of controller module as described in the FIG. 1 , according to embodiments as disclosed herein;
  • FIG. 3 is a sequence diagram that illustrates various operations performed by the system, according to embodiments as disclosed herein;
  • FIG. 4 shows an example illustration of containerizing the data, according to
  • FIG. 5 is a flow diagram illustrating a method for remotely managing data loss protection/prevention, according to embodiments as disclosed herein;
  • FIG. 6 illustrates a computing environment implementing the method and system according to embodiments as disclosed herein.
  • Containerization Refers to a process of separating data belonging to separate entities into different logical containers, so that the data belonging to separate entities do not combine with each other or combines only in a way that is allowed.
  • Logical container Can be a class, a data structure, a logical object or component, storing the data and controlling access to the data based on one or more parameters, such as to provide data loss prevention and protection.
  • First electronic device Can be any electronic device capable of originating, providing, containerizing, maintaining, and managing data over a communication network.
  • the first electronic device can also be any third-party that can containerize, maintain, and manage the data originated from any other electronic device over the communication network.
  • Second electronic device Can be any electronic device accessing the data provided by the first electronic device over the communication network through the server.
  • the second electronic device in some embodiments, can be the first electronic device capable of accessing the data over the communication network.
  • Server One or more computers, or equivalent systems or modules along with sufficient software or firmware, which can containerize, maintain, manage, and store the data over the communication network, such as to provide data loss prevention and protection.
  • User Can be an individual, a group, an organization, a department, or a combination thereof.
  • the interests of an entity are a combination of the interests of all entities that make up the "user". Further, as the user could be composed of many entities, a specific user can have more than one electronic device.
  • the embodiments herein achieve a method and system for remotely managing data loss prevention/protection (DLP).
  • the method includes identifying the data on the first electronic device that needs to be containerized.
  • the identified data can be encrypted and logically containerized into one or more logical containers based on one or more parameters.
  • the logical containers described herein define access to the encrypted data in accordance to the parameters.
  • the method includes copying the logical containers on a server over a communication network, such as to provide data loss prevention on the electronic device.
  • the method includes controlling access to the data on second electronic device in accordance to the logical containers.
  • the method and system disclosed herein is dynamic, robust, and reliable for providing the DLP.
  • the managers can allow corporate data to remain encrypted as well as prevent unauthorized users from deleting, sending, copying, and modifying, the data.
  • the system and method can be used to: separate work and personal mobile device details on a single device using secure logical containers. More importantly, the logical container can be used to prevent security from being compromised. Further, the system and method can be used to provide freedom to choose device types and operating systems, and provide increased privacy including restrictions on the ability of the users to access personal data and applications that reside on a networked device.
  • the system and method allows an administrator to centrally control the data access by configuring policies based on users' different parameters to restrict malicious usage of the data content.
  • FIGS. 1 through 6 where similar reference characters denote corresponding features consistently throughout the figures, there are shown preferred embodiments.
  • FIG. 1 illustrates a high level overview of a system 1 00 used to remotely manage data loss prevention/protection (DLP), according to embodiments as disclosed herein.
  • the system 100 includes a server 102, a first electronic device 104, and a second electronic device 106 communicating with each other over a communication network 108.
  • the communication network 108 described herein can be for example, but not limited to, machine to machine (M2M) network, wireless network, wire line network, public network such as the Internet, a private network, a global system for mobile communication network (GSM), a general packet radio network (GPRS), a local area network (LAN), a wide area network (WAN), a metropolitan area network (MAN), a cellular network, public switched telephone network (PSTN), a personal area network, a combination thereof, or any other communication network.
  • M2M machine to machine
  • GSM global system for mobile communication network
  • GPRS general packet radio network
  • LAN local area network
  • WAN wide area network
  • MAN metropolitan area network
  • PSTN public switched telephone network
  • personal area network a combination thereof, or any other communication network.
  • the first electronic device 104 and the second electronic device 1 06 described herein can be for example, but not limited to, a digital camera, a mobile phone, a smart phone, a tablet, a Personal Digital Assistant (PDA), smart navigation devices, a handheld gaming console, a portable and handheld media player, a smart pager, a laptop or any other electronic device.
  • the first electronic device 104 described herein can include data such as for example but not limited to, files, folders, emails, contacts, address books, phone books, playlists, SMS, calendars, schedules, tasks, to-do lists, notes, bookmarks, application h istory, multimedia files, media libraries, settings, preferences, and the like.
  • the data can be created from an application or by another application (for example, by copying, moving or sharing the data).
  • the data may be created on the first electronic device 104, or the data may be received from the server 1 02, or from any other device like the second electronic device 106.
  • the data can also be originated from a file server or network attached storage (not shown) and then sent to the electronic device 104.
  • the FIG. 1 depicts two separate devices 104 and 106 to bring out the fact that the data to be containerized can originate from or belong to multiple devices and can be containerized in different ways or forms. These two devices can belong to separate users. For example, one of the devices can be a smart phone, while the other device can be a laptop belonging to the same person. In another example, the devices can also belong to different users and of different device types.
  • the server 102 described herein can be any general purpose computer capable of containerizing, managing, and maintaining the data over the communication network 108. Further, in an embodiment, the system 100 includes a communication module 1 10, a controller module 1 12, and a storage module 1 14.
  • the communication module 1 10 can be configured to allow the server 102 and the electronic device 104 to communicate with each other. Further, the communication module 1 10 includes sufficient interfaces to enable communication with various devices throughout the communication network 108.
  • the controller module 1 12 can be configured to identify the data available on the first electronic device 104.
  • the controller module 1 12 can be configured to encrypt and containerize the data based on one or more associated parameters.
  • the parameters described herein can include for example, but not limited to, user information (for example: owner of data, title, manager, group, department or location of the user, and the like), properties of data (for example: name, folder, tags, type of content, and the like), properties of data content (for example:, words, phrases, sentences, patterns, and the like), properties of information gleaned or derived from the data (for example: with data mining, content analysis, and the like), properties of relationships of data (for example: links, application ownership, and the like) and properties of the electronic device at any given time (for example:, geo-location, network addresses, and the like), and the like.
  • the logical container described herein defines the access to the data by various electronic devices. Further, the storage module 1 14 can be configured to store the logical containers of the data.
  • FIG. 1 shows an example overview of the system 100 but, it is to be understood that another embodiment is not limited thereto.
  • the system 100 can include different modules (not shown) communicating among each other along with other hardware or software components.
  • the component can be, but not limited to, a process running in the electronic device, an executable process, a thread of execution, a program, and/or a computer.
  • the component can be, but not limited to, a process running in the electronic device, an executable process, a thread of execution, a program, and/or a computer.
  • FIG. 2 expands features and functionalities of the controller module 1 12 as described in the FIG. 1 , according to embodiments as disclosed herein.
  • the controller module 1 12 can be configured to include a rule engine 202, a containerization module 204, a packaging module 206, and a dissemination module 208.
  • the data available on the first electronic device 104 can be containerized using the parameters.
  • the rule engine 202 can be configured to implement on or more rules using various combinations of the parameters to containerize the data.
  • the containerization module 204 can be configured to implement the rules including the combination of parameters to containerize the data into logical containers. For example, administrator may select the data on which the containerization needs to be applied based on any or combination of the data properties like name, folder, owner, access rights, words, phrases or sentences in the content of the data information derived from the data using techniques like data mining, content analysis, access time, modified time, creation time of data, size of data, properties of the user of data like group, division, designation and location and the like.
  • the logical container described herein defines the access to the electronic device based on the parameters associated with the data.
  • the logical container controls the access to the data based on policies of the organization.
  • the policy of the organization can be: always keeping the data encrypted on the electronic device, keeping each unit of data (for example, a file, a folder, categories) encrypted separately (that is, separate encryption key per unit), applying user or device specific encryption (for example, using a unique user or device identifier), not allowing the user of the electronic device to open the data in a third-party application, not allowing the user to modify the data, not allowing the user to copy or move the data, not allowing the user to copy, cut or paste content within data (for example, into different app), not allowing user to bring data from outside the apps, forcing the user to enter a password every time the app is launched or when data needs to be uploaded to or downloaded from the server, forcing the user to enter a password when opening specified data, not allowing the user to share data with other users or de
  • the containerization of data can be performed on the server 102 or on the first electronic device 104.
  • the packaging module 206 can be configured to bundle the logical containers into a package on the server 102 or on the first electronic device 104.
  • the logical container can be packaged using techniques known in the art such as for example, but not limited to, a compression, an encryption, and the like.
  • the server 102 bundles the information about containerization into a package and sends it to the appropriate electronic devices.
  • the dissemination module 208 can be configured to distribute the logical container information in the form of a package to one or more electronic devices available within the communication network 108.
  • the devices in the communication network 108 can also achieve this by periodically requesting the server 102 or the first electronic device 104 for any new information.
  • the various operations performed by the system 100 are described in conjunction with the FIG. 3.
  • FIG. 3 is a sequence diagram 300 that illustrates various operations performed by the system 100, according to embodiments as disclosed herein.
  • the data available on the first electronic device 104 can be identified.
  • the data described herein can include for example, but not limited to, files, folders, emails, contacts, address books, phone books, playlists, SMS, calendars, schedules, tasks, to-do lists, notes, bookmarks, application history, multimedia files, media libraries, settings, preferences, and the like.
  • the first electronic device 104 can be configured to encrypt the identified data.
  • the encryption of the data can be performed by using any encryption technique known in the art.
  • the first electronic device 104 can be configured to copy the encrypted data on the server 102.
  • a secure channel between the server 102 and the first electronic device 104 can be formed by copying the data on in the encrypted form.
  • the data is remotely copied on the server 102 such as to allow the first electronic device 104 to enable data loss prevention.
  • one or more parameters associated with the encrypted data can be identified.
  • the parameters described herein can include for example, but not limited to, user information, properties of data, properties of data content, properties of information gleaned or derived from the data, properties of relationships of data, properties of the first electronic device 104 at any given time, and the like.
  • the encrypted data can be containerized into one or more logical containers based on the identified parameters.
  • the server 102 can be configured to implement one or more rules including the parameters to containerize the data.
  • the data belonging to the same entity can be containerized into one logical container while the other data into another logical container.
  • the logical container described herein defines the access to the data by various electronic devices.
  • the logical container can be used to prevent security from being compromised.
  • the administrator or the user may selects the data on which the containerization needs to be applied based on any or combination of the data properties.
  • the data belonging to the employee can be containerized into one container while the belonging to the company's financial information can be containerized into another container.
  • the logical container described herein defines the access to the data based on the parameters associated with the data.
  • the logical container controls the access to the data based on policies of the organization.
  • the server 102 can be configured to receive a request from the second electronic device 106 to access the data.
  • the server 102 can be configured to provide the logical container in response to receiving the request.
  • the logical container including the encrypted data request by the user can be identified and transferred to the second electronic device 106.
  • the second electronic device 106 can be configured to decrypt the encrypted data associated with the logical container.
  • the logical container controls the access to the data based on the parameters. For example, if the parameters of the user indicate that the user is a general user but the data is very important then the logical container may allow the user to access the data in read only mode.
  • the logical container restrict the access to the portions of data until the user is in the location X.
  • the parameters associated with the data can be constantly monitored, such as to automatically manage and containerize the data.
  • the constant monitoring of the parameters can allow the system 100 to provide seamless, optimal, personalized, reliable, uninterrupted, and enhanced services to the user.
  • the various operations are described with respect to different devices the two separate devices 104 and 106 indicates that the data to be containerized can originate from or belong to multiple devices and can be containerized in different ways or forms.
  • the operations described with the respective devices are only for illustrative purpose, and does not limit the scope of the invention. Further, it is to be understood that the same or similar operation can also be performed interchangeably with the server 102, the first electronic device 104, and the second electronic device 106, without departing from the scope of the invention.
  • FIG. 4 shows an example illustration 400 of containerizing the data, according . to the embodiments as disclosed herein.
  • the controller module 1 12 can identify the data available on the server 102.
  • the data may be created on the server 102 itself, or it could have been received from the any electronic device in encrypted form.
  • the identified data is related to employee salary details, project time-sheets, company financial information, user device location, the user device specification, and the like.
  • the controller module 1 in communication with the rule engine 202, can be configured to identify the parameters associated with the data.
  • the parameters described herein can include for example, but not limited to, user information, properties of data, properties of data content, properties of information gleaned or derived from the data, properties of relationships of data, properties of the device at any given time, and the like.
  • the rule engine 202 can be configured to implement on or more rules using various combinations of the parameters to containerize the data.
  • the containerization module 204 can be configured to implement the rules including the combination of parameters to containerize the data into logical containers. For example, the containerization module 204 can containerize the data belonging to the employee salary and having location X into a logical container C I .
  • the containerization module 204 can containerize the data belonging to the employee salary and having location Y into a logical container C2. Similarly, the containerization module 204 can containerize the data belonging to project time-sheets and company financial information into a logical container C3. Similarly, the containerization module 204 can containerize the data belonging to device specification and location X and Y into a logical container C4. Further, the logical container defines access to the data based on the parameters associated with the data. In an embodiment, the logical container controls the access to the data based on policies of the organization.
  • FIG. 5 is a flow diagram illustrating a method 500 for remotely managing data loss protection/prevention, according to embodiments as disclosed herein.
  • the various steps of the method 500 are summarized into individual blocks where some of the steps are performed using the server 102, the first electronic device 104, and the second electronic device 106.
  • the method 500 and other description described herein provide a basis for a control program which can be readily implemented using a microcontroller, microprocessor, or an equivalent thereof.
  • the method 500 includes identifying the data available on the first electronic device 104.
  • the data available on the first electronic device 104 can be originated at the first electronic device 104 or may belong to multiple devices.
  • the method 500 allows the controller module 1 12 to identify the data available at the first electronic device 104.
  • the method 500 includes encrypting the identified data.
  • the method 500 allows the controller module 1 12 to encrypt the identified data using any technique known in the art.
  • the method 500 includes copying the encrypted data on the server 102.
  • the method 500 allows the controller module 1 12 to copy the encrypted data on the server 102, such as to enable data loss prevention.
  • the method 500 includes identifying the parameters associated with the encrypted data.
  • the parameters described herein can include for example, but not limited to, user information, properties of data, properties of data content, properties of information gleaned or derived from the data, properties of relationships of data, properties of the first electronic device 104 at any given time, and the like.
  • the method 500 includes containerizing the encrypted into logical containers based on the identified parameters. The method 500 allows the controller module 1 12 to implement one or more rules including the parameters to containerize the data. Into the logical containers. The data belonging to the same entity can be containerized into one logical container while the other data into another logical container. The logical container defines the access to the data by various electronic devices.
  • the method 500 includes receiving a request from the second electronic device 106 to access the data.
  • the method 500 includes providing the logical containers including the encrypted data request by the second electronic device 106.
  • the method 500 allows the controller module 1 12 to identify and transfer the logical container including the encrypted data requested by the user to the second electronic device 106.
  • the method 500 includes controlling access to the encrypted data associated with the logical container at the second electronic device 106.
  • the logical container controls the access to the data based on the parameters.
  • the method 500 allow the second electronic device 106 to decrypt the encrypted data whose access is controlled using the logical container based on various combinations of the parameters.
  • the method 500 includes constantly monitoring the parameters associated with the data, such as to automatically manage and containerize the data.
  • the constant monitoring of the parameters can allow the controller module 1 12 to provide seamless, optimal, personalized, reliable, uninterrupted, and enhanced services to the user.
  • the method 500 includes determining whether any changes in the parameters. Any changes in the parameters can affect the performance, sensitivity, cost, and reliability of the system 100.
  • the method 500 upon detecting any changes in the parameters, includes repeating the steps 508 through 520 such as to provide seamless and uninterrupted data services to the user.
  • FIG. 6 illustrates a computing environment implementing the method of remotely managing data loss prevention, according to the embodiments as disclosed herein.
  • the computing environment 601 comprises at least one processing unit 604 that is equipped with a control unit 602 and an Arithmetic Logic Unit (ALU) 603, a memory 605, a storage unit 606, plurality of networking devices 608 and a plurality Input output (I/O) devices 607.
  • the processing unit 604 is responsible for processing the instructions of the algorithm.
  • the processing unit 604 receives commands from the control unit in order to perform its processing. Further, any logical and arithmetic operations involved in the execution of the instructions are computed with the help of the ALU 603.
  • the algorithm comprising of instructions and codes required for the implementation are stored in either the memory unit 605 or the storage 606 or both. At the time of execution, the instructions may be fetched from the corresponding memory 605 and/or storage 606, and executed by the processing unit 604.
  • networking devices 608 or external I/O devices 607 may be connected to the computing environment to support the implementation through the networking unit and the I/O device unit.
  • FIGS. 1 , 2, 5, 6 include blocks which can be at least one of a hardware device, or a combination of hardware device and software module.

Abstract

Embodiments herein provide a method and system for remotely managing data loss protection/prevention. The method includes identifying data available on a first electronic device, encrypting the identified data, and copying the encrypted data on a server. Further, the method includes identifying one or more parameters associated with the encrypted data, and containerizing the encrypted data into one or more logical containers based on the parameters. The logical container defines access to the encrypted data in accordance to the parameters. Furthermore, the method includes controlling access to the encrypted data on a second electronic device using the logical containers.

Description

Remotely managed data loss prevention/protection in electronic devices
FIELD OF INVENTION
[001] The embodiments herein relate to data loss protection/protection (DLP) and more particularly relates to remotely managing the DLP by containerizing the data on electronic devices.
BACKGROUND
[002] Generally, electronic devices like smart phones, tablets, laptops, and like can be remotely managed using a variety of solutions such known as Mobile Device Management (MDM), Mobile App Management (MAM). These solutions control the electronic device itself by controlling the device properties, settings and configuration. These solutions can also containerize the applications installed on the device such as to provide data loss protection/protection (DLP). For containerizing the applications (commonly referred to as apps), three broad approaches are taken: containerize the whole device, containerize specific apps, or run the apps within separate virtual machines. Containerization of the whole device may raise issues related to privacy and individual rights, while, containerizing of the specific apps require special support and software/hardware to be purchased and deployed. These solutions do not manage the data itself in any apps or software. Further, the virtual machine approach may not be completely developed and may be an unproven technology. As these solutions mainly control the device properties, settings, and configurations, these solutions may not accurately containerize the data and address the DLP for the electronic devices. Additionally, existing approaches may not directly containerize the data and the data loss may still occur while exchanging data between the apps.
[003] Therefore, there is a need for remotely managing data loss prevention by accurately containerizing the data itself on electronic devices. BRIEF DESCRIPTION OF FIGURES
[004] This invention is illustrated in the accompanying drawings, throughout which like reference letters indicate corresponding parts in the various figures. The embodiments herein will be better understood from the following description with reference to the drawings, in which:
[005] FIG. 1 is a high level overview of a system used to remotely manage data loss prevention/protection (DLP), according to embodiments as disclosed herein;
[006] FIG. 2 expands features and functionalities of controller module as described in the FIG. 1 , according to embodiments as disclosed herein;
[007] FIG. 3 is a sequence diagram that illustrates various operations performed by the system, according to embodiments as disclosed herein;
[008] FIG. 4 shows an example illustration of containerizing the data, according to
v
the embodiments as disclosed herein;
[009] FIG. 5 is a flow diagram illustrating a method for remotely managing data loss protection/prevention, according to embodiments as disclosed herein; and
[0010] FIG. 6 illustrates a computing environment implementing the method and system according to embodiments as disclosed herein.
DETAILED DESCRIPTION OF INVENTION
[001 1 ] The embodiments herein and the various features and advantageous details thereof are explained more fully with reference to the non-limiting embodiments that are illustrated in the accompanying drawings and detailed in the following description. Descriptions of well-known components and processing techniques are omitted so as to not unnecessarily obscure the embodiments herein. Also, the various embodiments described herein are not necessarily mutually exclusive, as some embodiments can be combined with one or more other embodiments to form new embodiments. The term "or" as used herein, refers to a non-exclusive or, unless otherwise indicated. The examples used herein are intended merely to facilitate an understanding of ways in which the embodiments herein can be practiced and to further enable those skilled in the art to practice the embodiments herein. Accordingly, the examples should not be construed as limiting the scope of the embodiments herein.
[0012] Prior to describing the present invention in detail, it is useful to provide definitions for key terms and concepts used herein. Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs.
[0013] Containerization: Refers to a process of separating data belonging to separate entities into different logical containers, so that the data belonging to separate entities do not combine with each other or combines only in a way that is allowed.
[0014] Logical container: Can be a class, a data structure, a logical object or component, storing the data and controlling access to the data based on one or more parameters, such as to provide data loss prevention and protection.
[0015] First electronic device: Can be any electronic device capable of originating, providing, containerizing, maintaining, and managing data over a communication network. The first electronic device can also be any third-party that can containerize, maintain, and manage the data originated from any other electronic device over the communication network.
[0016] Second electronic device: Can be any electronic device accessing the data provided by the first electronic device over the communication network through the server. The second electronic device, in some embodiments, can be the first electronic device capable of accessing the data over the communication network.
[0017] Server: One or more computers, or equivalent systems or modules along with sufficient software or firmware, which can containerize, maintain, manage, and store the data over the communication network, such as to provide data loss prevention and protection.
[0018] User: Can be an individual, a group, an organization, a department, or a combination thereof. In some embodiment, the interests of an entity are a combination of the interests of all entities that make up the "user". Further, as the user could be composed of many entities, a specific user can have more than one electronic device.
[0019] The embodiments herein achieve a method and system for remotely managing data loss prevention/protection (DLP). The method includes identifying the data on the first electronic device that needs to be containerized. The identified data can be encrypted and logically containerized into one or more logical containers based on one or more parameters. The logical containers described herein define access to the encrypted data in accordance to the parameters. Further, the method includes copying the logical containers on a server over a communication network, such as to provide data loss prevention on the electronic device. Furthermore, the method includes controlling access to the data on second electronic device in accordance to the logical containers.
[0020] The method and system disclosed herein is dynamic, robust, and reliable for providing the DLP. The managers can allow corporate data to remain encrypted as well as prevent unauthorized users from deleting, sending, copying, and modifying, the data. The system and method can be used to: separate work and personal mobile device details on a single device using secure logical containers. More importantly, the logical container can be used to prevent security from being compromised. Further, the system and method can be used to provide freedom to choose device types and operating systems, and provide increased privacy including restrictions on the ability of the users to access personal data and applications that reside on a networked device. The system and method allows an administrator to centrally control the data access by configuring policies based on users' different parameters to restrict malicious usage of the data content. In an instance, if an electronic device is lost or stolen, business applications or data can be recovered, disabled, locked, wiped, or the like remotely using the remote copy of the data. The overall effect of the system and method can be used to increase the user satisfaction and productivity, while ensuring the DLP and access control. Furthermore, the proposed system and method can be implemented using existing infrastructure, components, and modules, and may not require extensive set-up or instrumentation.
[0021 ] Referring now to the drawings, and more particularly to FIGS. 1 through 6, where similar reference characters denote corresponding features consistently throughout the figures, there are shown preferred embodiments.
[0022] FIG. 1 illustrates a high level overview of a system 1 00 used to remotely manage data loss prevention/protection (DLP), according to embodiments as disclosed herein. In an embodiment, the system 100 includes a server 102, a first electronic device 104, and a second electronic device 106 communicating with each other over a communication network 108. In an embodiment, the communication network 108 described herein can be for example, but not limited to, machine to machine (M2M) network, wireless network, wire line network, public network such as the Internet, a private network, a global system for mobile communication network (GSM), a general packet radio network (GPRS), a local area network (LAN), a wide area network (WAN), a metropolitan area network (MAN), a cellular network, public switched telephone network (PSTN), a personal area network, a combination thereof, or any other communication network.
[0023] The first electronic device 104 and the second electronic device 1 06 described herein can be for example, but not limited to, a digital camera, a mobile phone, a smart phone, a tablet, a Personal Digital Assistant (PDA), smart navigation devices, a handheld gaming console, a portable and handheld media player, a smart pager, a laptop or any other electronic device. The first electronic device 104 described herein can include data such as for example but not limited to, files, folders, emails, contacts, address books, phone books, playlists, SMS, calendars, schedules, tasks, to-do lists, notes, bookmarks, application h istory, multimedia files, media libraries, settings, preferences, and the like. The data can be created from an application or by another application (for example, by copying, moving or sharing the data). In an embodiment, the data may be created on the first electronic device 104, or the data may be received from the server 1 02, or from any other device like the second electronic device 106. Further, the data can also be originated from a file server or network attached storage (not shown) and then sent to the electronic device 104.
[0024] Unlike conventional system, the FIG. 1 depicts two separate devices 104 and 106 to bring out the fact that the data to be containerized can originate from or belong to multiple devices and can be containerized in different ways or forms. These two devices can belong to separate users. For example, one of the devices can be a smart phone, while the other device can be a laptop belonging to the same person. In another example, the devices can also belong to different users and of different device types. The server 102 described herein can be any general purpose computer capable of containerizing, managing, and maintaining the data over the communication network 108. Further, in an embodiment, the system 100 includes a communication module 1 10, a controller module 1 12, and a storage module 1 14.
[0025] The communication module 1 10 can be configured to allow the server 102 and the electronic device 104 to communicate with each other. Further, the communication module 1 10 includes sufficient interfaces to enable communication with various devices throughout the communication network 108. The controller module 1 12 can be configured to identify the data available on the first electronic device 104. The controller module 1 12 can be configured to encrypt and containerize the data based on one or more associated parameters. The parameters described herein can include for example, but not limited to, user information (for example: owner of data, title, manager, group, department or location of the user, and the like), properties of data (for example: name, folder, tags, type of content, and the like), properties of data content (for example:, words, phrases, sentences, patterns, and the like), properties of information gleaned or derived from the data (for example: with data mining, content analysis, and the like), properties of relationships of data (for example: links, application ownership, and the like) and properties of the electronic device at any given time (for example:, geo-location, network addresses, and the like), and the like. The logical container described herein defines the access to the data by various electronic devices. Further, the storage module 1 14 can be configured to store the logical containers of the data.
[0026] The FIG. 1 shows an example overview of the system 100 but, it is to be understood that another embodiment is not limited thereto. Further, the system 100 can include different modules (not shown) communicating among each other along with other hardware or software components. For example, the component can be, but not limited to, a process running in the electronic device, an executable process, a thread of execution, a program, and/or a computer. By way of illustration, both an application running on an electronic device and the electronic device can be the component. [0027] FIG. 2 expands features and functionalities of the controller module 1 12 as described in the FIG. 1 , according to embodiments as disclosed herein. In an embodiment, the controller module 1 12 can be configured to include a rule engine 202, a containerization module 204, a packaging module 206, and a dissemination module 208. The data available on the first electronic device 104 can be containerized using the parameters. The rule engine 202 can be configured to implement on or more rules using various combinations of the parameters to containerize the data.
[0028] The containerization module 204 can be configured to implement the rules including the combination of parameters to containerize the data into logical containers. For example, administrator may select the data on which the containerization needs to be applied based on any or combination of the data properties like name, folder, owner, access rights, words, phrases or sentences in the content of the data information derived from the data using techniques like data mining, content analysis, access time, modified time, creation time of data, size of data, properties of the user of data like group, division, designation and location and the like.
[0029] The logical container described herein defines the access to the electronic device based on the parameters associated with the data. In an embodiment, the logical container controls the access to the data based on policies of the organization. For example, the policy of the organization can be: always keeping the data encrypted on the electronic device, keeping each unit of data (for example, a file, a folder, categories) encrypted separately (that is, separate encryption key per unit), applying user or device specific encryption (for example, using a unique user or device identifier), not allowing the user of the electronic device to open the data in a third-party application, not allowing the user to modify the data, not allowing the user to copy or move the data, not allowing the user to copy, cut or paste content within data (for example, into different app), not allowing user to bring data from outside the apps, forcing the user to enter a password every time the app is launched or when data needs to be uploaded to or downloaded from the server, forcing the user to enter a password when opening specified data, not allowing the user to share data with other users or de i.c.es. through app or otherwise,
Figure imgf000011_0001
devices, not allowing the user to share data with people outside the organization, allowing the user to share data with only the specified users outside the organization, not allowing the user to synchronize data to other devices, allowing the user to sync data to only the specified devices, not allowing the user to attach data to any forms of communication (for example, email, instant message, and the like), allowing user to attach data to only specified forms or types of communication, allowing any of the previous forms of sharing, sync and attachment with only the specified rights applied to the data, allowing the sharing, sync and attachment of data only after specified forms of encryption or password protection, tracking each and every operation made by the user with the specified data and conveying this information to the server, automatically removing any data, settings, configuration, attachment, sharing and sync that does not comply with the organization's policies, and the like.
[0030] In an embodiment, the containerization of data can be performed on the server 102 or on the first electronic device 104.The packaging module 206 can be configured to bundle the logical containers into a package on the server 102 or on the first electronic device 104. The logical container can be packaged using techniques known in the art such as for example, but not limited to, a compression, an encryption, and the like. For example, depending on the administrator selection, the server 102 bundles the information about containerization into a package and sends it to the appropriate electronic devices. Further, the dissemination module 208 can be configured to distribute the logical container information in the form of a package to one or more electronic devices available within the communication network 108. The devices in the communication network 108 can also achieve this by periodically requesting the server 102 or the first electronic device 104 for any new information. Furthermore, the various operations performed by the system 100 are described in conjunction with the FIG. 3.
[0031 ] FIG. 3 is a sequence diagram 300 that illustrates various operations performed by the system 100, according to embodiments as disclosed herein. In an embodiment, at 302, the data available on the first electronic device 104 can be identified. The data described herein can include for example, but not limited to, files, folders, emails, contacts, address books, phone books, playlists, SMS, calendars, schedules, tasks, to-do lists, notes, bookmarks, application history, multimedia files, media libraries, settings, preferences, and the like. At 304, the first electronic device 104 can be configured to encrypt the identified data. The encryption of the data can be performed by using any encryption technique known in the art. Further, at 306, the first electronic device 104 can be configured to copy the encrypted data on the server 102. Unlike conventional systems, a secure channel between the server 102 and the first electronic device 104 can be formed by copying the data on in the encrypted form. The data is remotely copied on the server 102 such as to allow the first electronic device 104 to enable data loss prevention.
[0032] At 308, one or more parameters associated with the encrypted data can be identified. The parameters described herein can include for example, but not limited to, user information, properties of data, properties of data content, properties of information gleaned or derived from the data, properties of relationships of data, properties of the first electronic device 104 at any given time, and the like. At 3 10, the encrypted data can be containerized into one or more logical containers based on the identified parameters. The server 102 can be configured to implement one or more rules including the parameters to containerize the data. Into the logical containers. For example, the data belonging to the same entity can be containerized into one logical container while the other data into another logical container. The logical container described herein defines the access to the data by various electronic devices. More importantly, the logical container can be used to prevent security from being compromised. In an embodiment, the administrator or the user may selects the data on which the containerization needs to be applied based on any or combination of the data properties. For example, the data belonging to the employee can be containerized into one container while the belonging to the company's financial information can be containerized into another container. The logical container described herein defines the access to the data based on the parameters associated with the data. The logical container controls the access to the data based on policies of the organization.
[0033] Furthermore, at 312, the server 102 can be configured to receive a request from the second electronic device 106 to access the data. At 314, the server 102 can be configured to provide the logical container in response to receiving the request. The logical container including the encrypted data request by the user can be identified and transferred to the second electronic device 106. At 316, the second electronic device 106 can be configured to decrypt the encrypted data associated with the logical container. The logical container controls the access to the data based on the parameters. For example, if the parameters of the user indicate that the user is a general user but the data is very important then the logical container may allow the user to access the data in read only mode. In another example, if the parameters associated with the device indicate that the second electronic device is in location X but the some portions of the data requested by the user cannot be accessed in that location then the logical container restrict the access to the portions of data until the user is in the location X.
[0034] Furthermore, at 316, the parameters associated with the data can be constantly monitored, such as to automatically manage and containerize the data. The constant monitoring of the parameters can allow the system 100 to provide seamless, optimal, personalized, reliable, uninterrupted, and enhanced services to the user.
[0035] Unlike conventional system, the various operations are described with respect to different devices the two separate devices 104 and 106 indicates that the data to be containerized can originate from or belong to multiple devices and can be containerized in different ways or forms. The operations described with the respective devices are only for illustrative purpose, and does not limit the scope of the invention. Further, it is to be understood that the same or similar operation can also be performed interchangeably with the server 102, the first electronic device 104, and the second electronic device 106, without departing from the scope of the invention.
[0036] FIG. 4 shows an example illustration 400 of containerizing the data, according . to the embodiments as disclosed herein. An example way of containerizing the data on the server 102 (or on the first electronic device 104) and providing controlled access to the containerized data on the second electronic device 106. The controller module 1 12 can identify the data available on the server 102. The data may be created on the server 102 itself, or it could have been received from the any electronic device in encrypted form. For example, as shown in the FIG. 4, the identified data is related to employee salary details, project time-sheets, company financial information, user device location, the user device specification, and the like.
[0037] The controller module 1 12, in communication with the rule engine 202, can be configured to identify the parameters associated with the data. The parameters described herein can include for example, but not limited to, user information, properties of data, properties of data content, properties of information gleaned or derived from the data, properties of relationships of data, properties of the device at any given time, and the like. The rule engine 202 can be configured to implement on or more rules using various combinations of the parameters to containerize the data. Further, the containerization module 204 can be configured to implement the rules including the combination of parameters to containerize the data into logical containers. For example, the containerization module 204 can containerize the data belonging to the employee salary and having location X into a logical container C I . Similarly, the containerization module 204 can containerize the data belonging to the employee salary and having location Y into a logical container C2. Similarly, the containerization module 204 can containerize the data belonging to project time-sheets and company financial information into a logical container C3. Similarly, the containerization module 204 can containerize the data belonging to device specification and location X and Y into a logical container C4. Further, the logical container defines access to the data based on the parameters associated with the data. In an embodiment, the logical container controls the access to the data based on policies of the organization.
[0038] FIG. 5 is a flow diagram illustrating a method 500 for remotely managing data loss protection/prevention, according to embodiments as disclosed herein. The various steps of the method 500 are summarized into individual blocks where some of the steps are performed using the server 102, the first electronic device 104, and the second electronic device 106. The method 500 and other description described herein provide a basis for a control program which can be readily implemented using a microcontroller, microprocessor, or an equivalent thereof.
[0039] In an embodiment, at step 502, the method 500 includes identifying the data available on the first electronic device 104. The data available on the first electronic device 104 can be originated at the first electronic device 104 or may belong to multiple devices. In an example, the method 500 allows the controller module 1 12 to identify the data available at the first electronic device 104. At step 504, the method 500 includes encrypting the identified data. The method 500 allows the controller module 1 12 to encrypt the identified data using any technique known in the art. At step 506, the method 500 includes copying the encrypted data on the server 102. The method 500 allows the controller module 1 12 to copy the encrypted data on the server 102, such as to enable data loss prevention.
[0040] Further, at step 508, the method 500 includes identifying the parameters associated with the encrypted data. The parameters described herein can include for example, but not limited to, user information, properties of data, properties of data content, properties of information gleaned or derived from the data, properties of relationships of data, properties of the first electronic device 104 at any given time, and the like. At step 5 10, the method 500 includes containerizing the encrypted into logical containers based on the identified parameters. The method 500 allows the controller module 1 12 to implement one or more rules including the parameters to containerize the data. Into the logical containers. The data belonging to the same entity can be containerized into one logical container while the other data into another logical container. The logical container defines the access to the data by various electronic devices.
[0041 ] At step 512, the method 500 includes receiving a request from the second electronic device 106 to access the data. At step 514, the method 500 includes providing the logical containers including the encrypted data request by the second electronic device 106. The method 500 allows the controller module 1 12 to identify and transfer the logical container including the encrypted data requested by the user to the second electronic device 106. At step 516, the method 500 includes controlling access to the encrypted data associated with the logical container at the second electronic device 106. The logical container controls the access to the data based on the parameters. The method 500 allow the second electronic device 106 to decrypt the encrypted data whose access is controlled using the logical container based on various combinations of the parameters. [0042] In an embodiment, at step 518, the method 500 includes constantly monitoring the parameters associated with the data, such as to automatically manage and containerize the data. The constant monitoring of the parameters can allow the controller module 1 12 to provide seamless, optimal, personalized, reliable, uninterrupted, and enhanced services to the user. At step 520, the method 500 includes determining whether any changes in the parameters. Any changes in the parameters can affect the performance, sensitivity, cost, and reliability of the system 100. In an embodiment, upon detecting any changes in the parameters, the method 500 includes repeating the steps 508 through 520 such as to provide seamless and uninterrupted data services to the user.
[0043] The various steps, blocks, operations, and acts described with respect to the FIGS. 4 and 5 can be performed in sequential order, in random order, simultaneously, parallel, or a combination thereof. Further, in some embodiments, some of the steps, blocks, operations, and acts can be omitted, skipped, modified, or added without departing from scope of the invention.
[0044] The various labels, modules, components, devices, names, elements, operations, or the like described with respective to FIGS. 1 through 5 are only for illustrative purpose and does not limit the scope of the invention. Further, it is to be understood that any other labels, modules, components, devices, names, elements, operations, can be used to perform the same, similar, or substantially similar operations or functions without departing from the scope of the invention.
[0045] FIG. 6 illustrates a computing environment implementing the method of remotely managing data loss prevention, according to the embodiments as disclosed herein. As depicted in the figure, the computing environment 601 comprises at least one processing unit 604 that is equipped with a control unit 602 and an Arithmetic Logic Unit (ALU) 603, a memory 605, a storage unit 606, plurality of networking devices 608 and a plurality Input output (I/O) devices 607. The processing unit 604 is responsible for processing the instructions of the algorithm. The processing unit 604 receives commands from the control unit in order to perform its processing. Further, any logical and arithmetic operations involved in the execution of the instructions are computed with the help of the ALU 603.
[0046] The algorithm comprising of instructions and codes required for the implementation are stored in either the memory unit 605 or the storage 606 or both. At the time of execution, the instructions may be fetched from the corresponding memory 605 and/or storage 606, and executed by the processing unit 604.
[0047] In case of any hardware implementations various networking devices 608 or external I/O devices 607 may be connected to the computing environment to support the implementation through the networking unit and the I/O device unit.
[0048] The embodiments disclosed herein can be implemented through at least one software program running on at least one hardware device and performing network management functions to control the elements. The elements shown in FIGS. 1 , 2, 5, 6 include blocks which can be at least one of a hardware device, or a combination of hardware device and software module.
[0049] The foregoing description of the specific embodiments will so fully reveal the general nature of the embodiments herein that others can, by applying current knowledge, readily modify and/or adapt for various applications such specific embodiments without departing from the generic concept, and, therefore, such adaptations and modifications should and are intended to be comprehended within the meaning and range of equivalents of the disclosed embodiments. It is to be understood that the phraseology or terminology employed herein is for the purpose of description and not of limitation. Therefore, while the embodiments herein have been described in terms of preferred embodiments, those skilled in the art will recognize that the embodiments herein can be practiced with modification within the spirit and scope of the embodiments as described herein.

Claims

STATEMENT OF CLAIMS
We claim:
1. A method for remotely managing data loss protection, the method comprising: identifying data available on a first electronic device; encrypting, at said first electronic device, said data; copying said encrypted data on a server; identifying, at said server, at least one parameter associated with said encrypted data; containerizing, at said server, said encrypted data into at least one logical container based on said at least one parameter, wherein said logical container defines access to said encrypted data in accordance to said at least one parameter; and controlling access to said encrypted data on a second electronic device using said at least one logical container.
2. The method of claim 1 , wherein controlling access to said encrypted data on said second electronic device using said at least one logical container further comprises: receiving a request from said second electronic device to access said encrypted data;
providing said at least one logical container to said second electronic device; decrypting said encrypted data associated with said at least one logical container on said second electronic device; and controlling access to said decrypted data on said second electronic device using said logical containers.
3. The method of claim 1, wherein said at least one parameter comprises at least one of user information, properties of said data, properties of said data content, properties of information gleaned from said data, properties of information derived from said data, properties of relationships of said data, properties of said first electronic device, and properties of said second electronic device, and properties of said server.
4. The method of claim 1, wherein said method further comprises constantly monitoring said at least one parameter associated with said data.
5. The method of claim 4, wherein said method further comprises containerizing said data based on said monitoring result.
6. A method for remotely managing data loss prevention, the method comprising: identifying data available on a first electronic device; encrypting, at said first electronic device, said data; identifying, at . said first electronic device, at least one parameter associated with said encrypted data; containerizing, at said first electronic device, said encrypted data into at least one logical container based on said at least one parameter, wherein said logical container defines access to said encrypted data in accordance to said at least one parameter; copying said at least one logical container on a server; and controlling access to said encrypted data on a second electronic device using said at least one logical container.
7. The method of claim 6, wherein controlling access to said encrypted data on said second electronic device using said at least one logical containers further comprises: receiving a request from said second electronic device to access said encrypted data;
providing said at least one logical container to said second electronic device; decrypting said encrypted data associated with said at least one logical container on said second electronic device; and controlling access to said decrypted data on said second electronic device using said logical containers.
8. The method of claim 6, wherein said at least one parameter comprises at least one of user information, properties of said data, properties of said data content, properties of information gleaned from said data, properties of information derived from said data, properties of relationships of said data, properties of said first electronic device, and properties of said second electronic device, and properties of said server.
9. The method of claim 6, wherein said method further comprises constantly monitoring said parameters associated with said data.
10. The method of claim 9, wherein said method further comprises containerizing said data based on said monitoring result.
1 1. A system for remotely managing data loss protection, the system comprising a controller module configured to: identify data available on a first electronic device, encrypt, at said first electronic device, said data, copy said encrypted data on a server, identify, at said server, at least one parameter associated with said encrypted data, containerize, at said server, said encrypted data into at least one logical container based on said at least one parameter, wherein said logical container defines access to said encrypted data in accordance to said at least one parameter, and control access to said encrypted data on a second electronic device using said at least one logical container.
12. The system of claim 1 1 , wherein control access to said encrypted data on said second electronic device using said at least one logical container further comprises: receive a request from said second electronic device to access said encrypted data,
provide said at least one logical container to said second electronic device, decrypt said encrypted data associated with said at least one logical container on said second electronic device, and control access to said decrypted data on said second electronic device using said logical containers.
13. The system of claim 1 1, wherein said at least one parameter comprises at least one of user information, properties of said data, properties of said data content, properties of information gleaned from said data, properties of information derived from said data, properties of relationships of said data, properties of said first electronic device, and properties of said second electronic device, and properties of said server.
14. The system of claim 1 1 , wherein said controller module is further configured to constantly monitor said at least one parameter associated with said data. 5. The system of claim 14, wherein said controller module is further configured containerize said data based on said monitoring result.
16. A system for remotely managing data loss prevention, the system comprising a controller module configured to: identify data available on a first electronic device, encrypt, at said first electronic device, said data, identify, at said first electronic device, at least one parameter associated with said encrypted data, containerize, at said first electronic device, said encrypted data into at least one logical container based on said at least one parameter, wherein said logical container defines access to said encrypted data in accordance to said at least one parameter, copy said at least one logical container on a server, and control access to said encrypted data on a second electronic device using said at least one logical container.
17. The system of claim 16, wherein control access to said encrypted data on said second electronic device using said at least one logical containers further comprises: receive a request from said second electronic device to access said encrypted data,
provide said at least one logical container to said second electronic device, decrypt said encrypted data associated with said at least one logical container on said second electronic device, and control access to said decrypted data on said second electronic device using said logical containers.
18. The system of claim 16, wherein said at least one parameter comprises at least one of user information, properties of said data, properties of said data content, properties of information gleaned from said data, properties of information derived from said data, properties of relationships of said data, properties of said first electronic device, and properties of said second electronic device, and properties of said server.
19. The system of claim 16, wherein said controller module is further configured to constantly monitoring said parameters associated with said data.
20. The system of claim 19, wherein said controller module is further configured to. containerize said data based on said monitoring result.
21. A computer program product for remotely managing data loss protection, the product comprising: an integrated circuit comprising at least one processor;
at least one memory having a computer program code within said circuit, wherein said at least one memory and said computer program code with said at least one processor cause said product to: identify data available on a first electronic device, encrypt, at said first electronic device, said data, copy said encrypted data on a server, identify, at said server, at least one parameter associated with said encrypted data, containerize, at said server, said encrypted data into at least one logical container based on said at least one parameter, wherein said logical container defines access to said encrypted data in accordance to said at least one parameter, and control access to said encrypted data on a second electronic device using said at least one logical container.
22. The computer program product of claims 21 , wherein control access to said encrypted data on said second electronic device using said at least one logical containers further comprises: receive a request from said second electronic device to access said encrypted data,
provide said at least one logical container to said second electronic device, decrypt said encrypted data associated with said at least one logical container on said second electronic device, and control access to said decrypted data on said second electronic device using said logical containers.
23. The computer program product of claims 21 , wherein said at least one parameter comprises at least one of user information, properties of said data, properties of said data content, properties of information gleaned from said data, properties of information derived from said data, properties of relationships of said data, properties of said first electronic device, and properties of said second electronic device, and properties of said server.
24. The computer program product of claims 21 , wherein said controller module is further configured to constantly monitoring said parameters associated with said data.
25. The computer program product of claims 24, wherein said controller module is further configured to containerize said data based on said monitoring result.
26. A computer program product for remotely managing data loss protection, the product comprising: an integrated circuit comprising at least one processor;
at least one memory having a computer program code within said circuit, wherein said at least one memory and said computer program code with said at least one processor cause said product to: identify data available on a first electronic device, encrypt, at said first electronic device, said data, identify, at said first electronic device, at least one parameter associated with said encrypted data, containerize, at said first electronic device, said encrypted data into at least one logical container based on said at least one parameter, wherein said logical container defines access to said encrypted data in accordance to said at least one parameter, copy said at least one logical container on a server, and control access to said encrypted data on a second electronic device using said at least one logical container.
27. The computer program product of claims 26, wherein control access to said encrypted data on said second electronic device using said at least one logical containers further comprises: receive a request from said second electronic device to access said encrypted data,
provide said at least one logical container to said second electronic device, decrypt said encrypted data associated with said at least one logical container on said second electronic device, and control access to said decrypted data on said second electronic device using said logical containers.
28. The computer program product of claims 26, wherein said at least one parameter comprises at least one of user information, properties of said data, properties of said data content, properties of information gleaned from said data, properties of information derived from said data, properties of relationships of said data, properties of said first electronic device, and properties of said second electronic device, and properties of said server.
29. The computer program product of claims 26, wherein said controller module is further configured to constantly monitoring said parameters associated with said data.
30. The computer program product of claims 29, wherein said controller module is further configured to containerize said data based on said monitoring result.
PCT/IN2014/000417 2014-06-23 2014-06-23 Remotely managed data loss prevention/protection in electronic devices WO2015198336A2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/IN2014/000417 WO2015198336A2 (en) 2014-06-23 2014-06-23 Remotely managed data loss prevention/protection in electronic devices

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/IN2014/000417 WO2015198336A2 (en) 2014-06-23 2014-06-23 Remotely managed data loss prevention/protection in electronic devices

Publications (2)

Publication Number Publication Date
WO2015198336A2 true WO2015198336A2 (en) 2015-12-30
WO2015198336A3 WO2015198336A3 (en) 2020-07-23

Family

ID=54938895

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IN2014/000417 WO2015198336A2 (en) 2014-06-23 2014-06-23 Remotely managed data loss prevention/protection in electronic devices

Country Status (1)

Country Link
WO (1) WO2015198336A2 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3686764A1 (en) * 2019-01-25 2020-07-29 Usecrypt S.A. Electronic communications device and messaging application therefor
US11210407B2 (en) 2019-01-25 2021-12-28 V440 Spó£Ka Akcyjna Electronic communications device and messaging application therefor

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7421741B2 (en) * 2003-10-20 2008-09-02 Phillips Ii Eugene B Securing digital content system and method
US7383462B2 (en) * 2004-07-02 2008-06-03 Hitachi, Ltd. Method and apparatus for encrypted remote copy for secure data backup and restoration
US20140108793A1 (en) * 2012-10-16 2014-04-17 Citrix Systems, Inc. Controlling mobile device access to secure data

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3686764A1 (en) * 2019-01-25 2020-07-29 Usecrypt S.A. Electronic communications device and messaging application therefor
US11210407B2 (en) 2019-01-25 2021-12-28 V440 Spó£Ka Akcyjna Electronic communications device and messaging application therefor

Also Published As

Publication number Publication date
WO2015198336A3 (en) 2020-07-23

Similar Documents

Publication Publication Date Title
US8423511B1 (en) Systems and methods for securing data on mobile devices
EP3404948B1 (en) Centralized selective application approval for mobile devices
US9037870B1 (en) Method and system for providing a rotating key encrypted file system
US20150081644A1 (en) Method and system for backing up and restoring a virtual file system
EP2448303B1 (en) Method and system for securing data of a mobile communications device
US9246944B1 (en) Systems and methods for enforcing data loss prevention policies on mobile devices
US9762722B2 (en) Location-based and time-based mobile device security
US8572757B1 (en) Seamless secure private collaboration across trust boundaries
US10440111B2 (en) Application execution program, application execution method, and information processing terminal device that executes application
US10157290B1 (en) Systems and methods for encrypting files
US20170005809A1 (en) Intelligent Deletion of Revoked Data
US20130290733A1 (en) Systems and methods for caching security information
CN104903861B (en) Clipboard management
US20140096230A1 (en) Method and system for sharing vpn connections between applications
US20130290734A1 (en) Systems and methods for caching security information
CN101783801A (en) Software protection method based on network, client side and server
CN112287372B (en) Method and apparatus for protecting clipboard privacy
US9215251B2 (en) Apparatus, systems, and methods for managing data security
EP3195123B1 (en) Dynamic application containers
US10051045B2 (en) Searching content associated with multiple applications
US20180136940A1 (en) Operating system management
US20140281499A1 (en) Method and system for enabling communications between unrelated applications
US9262646B1 (en) Systems and methods for managing web browser histories
US20170244759A1 (en) Policy-Managed Secure Code Execution and Messaging for Computing Devices and Computing Device Security.
US20180205762A1 (en) Automatically securing data based on geolocation, network or device parameters

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 14895978

Country of ref document: EP

Kind code of ref document: A2

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 14895978

Country of ref document: EP

Kind code of ref document: A2

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 11.07.2017)

122 Ep: pct application non-entry in european phase

Ref document number: 14895978

Country of ref document: EP

Kind code of ref document: A2