| 发明名称 |
Data protection for organizations on computing devices |
| 摘要 |
An application on a device can communicate with organization services. The application accesses a protection system on the device, which encrypts data obtained by the application from an organization service using an encryption key, and includes with the data an indication of a decryption key usable to decrypt the encrypted data. The protection system maintains a record of the encryption and decryption keys associated with the organization. The data can be stored in various locations on at least the device, and can be read by various applications on at least the device. If the organization determines that data of the organization stored on a device is to no longer be accessible on the device (e.g., is to be revoked from the device), a command is communicated to the device to revoke data associated with the organization. In response to this command, the protection system deletes the decryption key. |
| 申请公布号 |
US9430664(B2) |
申请公布日期 |
2016.08.30 |
| 申请号 |
US201313933928 |
申请日期 |
2013.07.02 |
| 申请人 |
Microsoft Technology Licensing, LLC |
发明人 |
Adam Preston Derek;Novotney Peter J.;Ide Nathan J.;Basmov Innokentiy;Acharya Narendra S.;Ureche Octavian T.;Sinha Saurav;Kannan Gopinathan;Macaulay Christopher R.;Grass Michael J. |
| 分类号 |
G06F21/62;H04L29/06 |
主分类号 |
G06F21/62 |
| 代理机构 |
|
代理人 |
Churna Timothy;Yee Judy;Minhas Micky |
| 主权项 |
1. A method in a device, the method comprising:
exposing, by an organization data protection system on the device, an application programming interface (API) to protect data associated with an organization; exposing, as part of the API, a first method that an application on the device can invoke to pass to the organization data protection system an identifier of data to be protected and to have the organization data protection system encrypt the data to be protected with an encryption key associated with the organization, the organization data protection system determining a data status for the data prior to the first method being invoked, the data status indicating whether the data can be protected for the organization based on one or more protection statuses contained in metadata associated with the data; and exposing, as part of the API, a second method that the application on the device can invoke to pass to the organization data protection system an identifier of the organization and to have the organization data protection system delete a decryption key that is associated with the organization and that is used to decrypt the data to be protected. |
| 地址 |
Redmond WA US |
