System and method for wiping and disabling a removed device

摘要

A system and method implemented at a server system, for securely wiping a remote mobile device after the device registration has been removed from the server system. Prior to removal of the device registration from the server system, a “pre-packaged” command is created and stored at the server system. In the event that it is determined, after removal of the registration, that the device should be wiped or disabled, means are provided for an administrator to issue the previously stored command to the target mobile device.

主权项

1. A method for issuing a security command for remote execution at a target mobile device, the target mobile device being configured to receive commands encrypted using a command encryption key, decrypt said encrypted commands using a corresponding command decryption key stored at the target mobile device, and execute said commands once decrypted, the method comprising:
storing, at a server system, registration data associated with the target mobile device, the registration data including the command encryption key for encrypting commands for the target mobile device; while the server system is authorized to generate security commands for the target mobile device through possession of the command encryption key:
generating, at the server system, a security command for the target mobile device, the security command comprising at least one of a command to erase at least a portion of data stored at the target mobile device and a command to disable access to at least one application executable at the target mobile device;encrypting the security command using the command encryption key; andstoring the encrypted security command at the server system; andafter the server system is subsequently configured such that the server system is no longer authorized to generate security commands for the target mobile device, wherein configuring the server system to be no longer authorized to generate security commands for the target mobile device comprises deleting the command encryption key from the server system without deleting the stored encrypted security command:in response to an instruction received at the server system, retrieving the stored encrypted security command, and transmitting the encrypted security command to the target mobile device for decryption and execution by the target mobile device.