| 发明名称 | System and method for wiping encrypted data on a device having file-level content protection | ||
| 摘要 | Disclosed herein are systems, methods, and non-transitory computer-readable storage media for erasing user data stored in a file system. The method includes destroying all key bags containing encryption keys on a device having a file system encrypted on a per file and per class basis, erasing and rebuilding at least part of the file system associated with user data, and creating a new default key bag containing encryption keys. Also disclosed herein is a method of erasing user data stored in a remote file system encrypted on a per file and per class basis. The method includes transmitting obliteration instructions to a remote device, which cause the remote device to destroy all key bags containing encryption keys on the remote device, erase and rebuild at least part of the file system associated with user data, and create on the remote device a new default key bag containing encryption keys. | ||
| 申请公布号 | US8756419(B2) | 申请公布日期 | 2014.06.17 |
| 申请号 | US201313941373 | 申请日期 | 2013.07.12 |
| 申请人 | Apple Inc. | 发明人 | De Atley Dallas Blake;Freedman Gordon;Duffy, Jr. Thomas Brogan;Toelkes Tahoma Madrone;Smith Michael John;Chinn Paul William;Rahardja David |
| 分类号 | H04L29/06;G06F11/30;G06F7/04 | 主分类号 | H04L29/06 |
| 代理机构 | Womble Carlyle Sandridge & Rice LLP | 代理人 | Womble Carlyle Sandridge & Rice LLP |
| 主权项 | 1. A computer-implemented method for erasing user data stored in a file system, the method causing a computing device to perform steps comprising: receiving, by the computing device, through a wireless data connection, erasure instructions from a master device, wherein the master device generates the erasure instructions in response to the computing device being reported as lost or stolen; erasing, by the computing device, in response to receiving the erasure instructions, all key sets containing encryption keys loaded in a volatile memory on the computing device and all key sets containing encryption keys stored in a file system on the computing device, wherein the file system on the computing device uses file-level data protection; sending, by the computing device, in response to the erasing, incremental confirmations of at least one step of execution of the erasure instructions to the master device through the wireless data connection; erasing and rebuilding, subsequent to the erasing, at least part of the file system associated with user data; creating, subsequent to the erasing and rebuilding, a new default key set containing class encryption keys, wherein each class encryption key is encrypted using a unique code specific to the computing device, and the unique code is only usable by the computing device; and rebooting the computing device. | ||
| 地址 | Cupertino CA US | ||