Distributed data revocation using data commands

摘要

A policy proxy intercepts a data stream between a data server and a user or other device, identifies the user device, and identifies a policy in an integrated policy server applicable to the user device based on the identity of the user device. The policy proxy may identify one or more of the policy elements based on the user device, and translate the policy elements into actions involving the data stream between the data server and the user device so as to implement at least one aspect of the identified policy. The actions can comprise permitting normal exchange of data between the data server and the user device, preventing communication between the data server and the user device, or modifying the data stream between the data server and the user device.

主权项

1. A method for operating a network comprising:
intercepting, at a policy proxy implemented on non-transitory computer-readable media, a data stream being exchanged between a data server and the mobile device, wherein the policy proxy is remotely and communicably connected to the mobile device over a communication network, and the data stream comprises a synchronization request and email synchronization results, comparing, at the policy proxy, actual policy elements of the mobile device with expected policy elements of the mobile device, wherein the mobile device is not configured to support the expected policy elements; and, modifying, at the policy proxy, the data stream in accordance with difference between the actual policy elements and the expected policy elements to bring the mobile device into compliance with the expected policy elements; wherein modifying the data stream comprises, when the mobile device requests from the data server to synchronize with a non-empty mailbox or a non-empty folder and the policy proxy determines the mobile device does not have access to the non-empty mailbox or the non-empty folder, modifying the e-mail synchronization results from the data server to cause the mobile device to synchronize with an empty mailbox or an empty folder, respectively, and to cause the deletion of the non-empty mailbox or the non-empty folder of the mobile device respectively.