What technology area does this patent fall under?

Primary CPC classification H04L9/0891. Mapped technology areas include Electricity.

When was this patent published?

Publication date Tue Jan 12 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).

System and method for wiping encrypted data on a device having file-level content protection

US9237016B2 · US · B2

Patent metadata
Field	Value
Publication number	US-9237016-B2
Application number	US-201414299359-A
Country	US
Kind code	B2
Filing date	Jun 9, 2014
Priority date	Apr 7, 2010
Publication date	Jan 12, 2016
Grant date	Jan 12, 2016

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

Disclosed herein are systems, methods, and non-transitory computer-readable storage media for erasing user data stored in a file system. The method includes destroying all key bags containing encryption keys on a device having a file system encrypted on a per file and per class basis, erasing and rebuilding at least part of the file system associated with user data, and creating a new default key bag containing encryption keys. Also disclosed herein is a method of erasing user data stored in a remote file system encrypted on a per file and per class basis. The method includes transmitting obliteration instructions to a remote device, which cause the remote device to destroy all key bags containing encryption keys on the remote device, erase and rebuild at least part of the file system associated with user data, and create on the remote device a new default key bag containing encryption keys.

First claim

Opening claim text (preview).

We claim: 1. A method for protecting user data stored on a mobile computing device, the method comprising: receiving, by the mobile computing device and from an entity that is authorized to interface with the mobile computing device, instructions to protect the user data; in response to receiving the instructions: erasing, by the mobile computing device, all key sets that contain encryption keys that are associated with the user data; and when all key sets have been erased: creating, by the mobile computing device, a new default key set that includes class encryption keys, and causing, by the mobile computing device, the mobile computing device to reboot. 2. The method of claim 1 , further comprising: transmitting, by the mobile computing device and to the entity, a confirmation that indicates all key sets have been erased at the mobile computing device. 3. The method of claim 1 , further comprising: erasing, by the mobile computing device, at least a portion of the user data from the mobile computing device. 4. The method of claim 3 , further comprising, upon erasing the at least a portion of the user data from the mobile computing device: indicating, by the mobile computing device and to the entity, that the at least a portion of the user data has been erased from the mobile computing device. 5. The method of claim 1 , wherein: the user data comprises a plurality of files that are managed by a file system that is implemented on the mobile computing device, each file of the plurality of files is encrypted in accordance with encryption keys included in the key sets, each encryption key included in the key sets is encrypted with a class encryption included in a plurality of class encryption keys, each class encryption key of the plurality of class encryption keys corresponds to a file protection class, and each file protection class corresponds to a particular file behavior and file access rights. 6. The method of claim 5 , wherein each class encryption key of the plurality of class encryption keys is encrypted based on a user key and a unique code that is specific to the mobile computing device. 7. The method of claim 6 , wherein the user key is based on a passcode that provides access to the mobile computing device. 8. The method of claim 6 , wherein the plurality of class encryption keys is included in an escrow key set, and each class encryption key of the plurality of class encryption keys is encrypted based on the unique code and a public key of an asymmetric key pair. 9. A non-transitory computer-readable storage medium configured to store instructions that, when executed by a processor included in a mobile computing device, cause the mobile computing device to protect user data stored on the mobile computing device, by carrying out steps that include: receiving, by the mobile computing device and from an entity that is authorized to interface with the mobile computing device, instructions to protect the user data; in response to receiving the instructions: erasing, by the mobile computing device, all key sets that contain encryption keys that are associated with the user data; and when all key sets have been erased: creating, by the mobile computing device, a new default key set that includes class encryption keys, and causing, by the mobile computing device, the mobile computing device to reboot. 10. The non-transitory computer-readable storage medium of claim 9 , wherein the steps further include: transmitting, by the mobile computing device and to the entity, a confirmation that indicates all key sets have been erased at the mobile computing device. 11. The non-transitory computer-readable storage medium of claim 9 , wherein the steps further include: erasing, by the mobile computing device, at least a portion of the user data from the mobile computing device. 12. The non-transitory computer-readable storage medium of claim 11 , wherein the steps further include: upon erasing the at least a portion of the user data from the mobile computing device: indicating, by the mobile computing device and to the entity, that the at least a portion of the user data has been erased from the mobile computing device. 13. The non-transitory computer-readable storage medium of claim 9 , wherein: the user data comprises a plurality of files that are managed by a file system that is implemented on the mobile computing device, each file of the plurality of files is encrypted in accordance with encryption keys included in the key sets, each encryption key included in the key sets is encrypted with a class encryption included in a plurality of class encryption keys, each class encryption key of the plurality of class encryption keys corresponds to a file protection class, and each file protection class corresponds to a particular file behavior and file access rights. 14. The non-transitory computer-readable storage medium of claim 13 , wherein each class encryption key of the plurality of class encryption keys is encrypted based on a user key and a unique code that is specific to the mobile computing device. 15. The non-transitory computer-readable storage medium of claim 14 , wherein the user key is based on a passcode that provides access to the mobile computing device. 16. The non-transitory computer-readable storage medium of claim 14 , wherein the plurality of class encryption keys is included in an escrow key set, and each class encryption key of the plurality of class encryption keys is encrypted based on the unique code and a public key of an asymmetric key pair. 17. A mobile computing device configured to protect user data stored on the mobile computing device, the mobile computing device comprising: a processor; and a memory configured to store instructions that, when executed by the processor, cause the processor to carry out steps that include: receiving, by the mobile computing device and from an entity that is authorized to interface with the mobile computing device, instructions to protect the user data; in response to receiving the instructions: erasing, by the mobile computing device, all key sets that contain encryption keys that are associated with the user data; and when all key sets have been erased: creating, by the mobile computing device, a new default key set that includes class encryption keys, and causing, by the mobile computing device, the mobile computing device to reboot. 18. The mobile computing device of claim 17 , wherein the steps further include: erasing, by the mobile computing device, at least a portion of the user data from the mobile computing device. 19. The mobile computing device of claim 17 , wherein: the user data comprises a plurality of files that are managed by a file system that is implemented on the mobile computing device, each file of the plurality of files is encrypted in accordance with encryption keys included in the key sets, each encryption key included in the key sets is encrypted with a class encryption included in a plurality of class encryption keys, each class encryption key of the plurality of class encryption keys corresponds to a file protection class, and each file protection class corresponds to a particular file behavior and file access rights. 20. The mobile computing device of claim 19 , wherein each class encryption key of the plurality of class encryption keys is encrypted based on a user key and a unique code that is specific to the mobile computing device.

Assignees

Inventors

Classifications

H04L9/0894
Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage · CPC title
H04L9/3226
using a predetermined code, e.g. password, passphrase or PIN (network architectures or network communication protocols for supporting authentication of entities using passwords in a packet data network H04L63/083) · CPC title
H04W12/06
Authentication · CPC title
G06F9/4401
Bootstrapping (security arrangements therefor G06F21/57) · CPC title
H04L9/12
Transmitting and receiving encryption devices synchronised or initially set up in a particular manner · CPC title

Patent family

Related publications grouped by family.

View patent family 44761779

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US9237016B2 cover?: Disclosed herein are systems, methods, and non-transitory computer-readable storage media for erasing user data stored in a file system. The method includes destroying all key bags containing encryption keys on a device having a file system encrypted on a per file and per class basis, erasing and rebuilding at least part of the file system associated with user data, and creating a new default k…
Who is the assignee on this patent?: Apple Inc, Apple Inc
What technology area does this patent fall under?: Primary CPC classification H04L9/0891. Mapped technology areas include Electricity.
When was this patent published?: Publication date Tue Jan 12 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).