{
  "patent_number": "US 9430664",
  "country": "US",
  "title": "How Microsoft Protects Corporate Data on Employee Devices",
  "original_title": "Data protection for organizations on computing devices",
  "summary": "A system that lets companies remotely lock or delete specific work data on a phone or computer without wiping the user's personal files.",
  "what_it_does": "This patent describes a software gatekeeper on a device that manages corporate data security. It provides an API, or a set of rules, that apps use to ask the system to encrypt specific files using a corporate key. If an employee leaves a company or loses their device, the company sends a signal to the device. The system then deletes the specific decryption key for that organization, effectively turning the work files into unreadable digital noise while leaving personal photos and apps untouched.",
  "what_it_does_not_cover": [
    "Does not cover full-device remote wipes that erase all personal and system data.",
    "Does not cover encryption methods that rely on user-entered passwords rather than managed keys.",
    "Does not cover cloud-based storage security that does not involve local device-level key management.",
    "Does not cover hardware-level security like Trusted Platform Modules (TPM) that exist independently of the OS API."
  ],
  "filed": "2013-07-02",
  "granted": "2016-08-30",
  "expires": null,
  "status": "active",
  "holder": "Microsoft Technology Licensing LLC",
  "holder_url": "https://patentbrief.org/company/microsoft-technology-licensing-llc",
  "inventors": [
    {
      "name": "Saurav Sinha",
      "url": "https://patentbrief.org/inventor/saurav-sinha"
    },
    {
      "name": "Michael J. Grass",
      "url": "https://patentbrief.org/inventor/michael-j-grass"
    },
    {
      "name": "Narendra S. Acharya",
      "url": "https://patentbrief.org/inventor/narendra-s-acharya"
    },
    {
      "name": "Innokentiy Basmov",
      "url": "https://patentbrief.org/inventor/innokentiy-basmov"
    },
    {
      "name": "Gopinathan Kannan",
      "url": "https://patentbrief.org/inventor/gopinathan-kannan"
    },
    {
      "name": "Nathan J. Ide",
      "url": "https://patentbrief.org/inventor/nathan-j-ide"
    },
    {
      "name": "Christopher R. Macaulay",
      "url": "https://patentbrief.org/inventor/christopher-r-macaulay"
    },
    {
      "name": "Preston Derek Adam",
      "url": "https://patentbrief.org/inventor/preston-derek-adam"
    },
    {
      "name": "Octavian T. Ureche",
      "url": "https://patentbrief.org/inventor/octavian-t-ureche"
    },
    {
      "name": "Peter J. Novotney",
      "url": "https://patentbrief.org/inventor/peter-j-novotney"
    }
  ],
  "times_cited": 10,
  "tags": [
    "software",
    "consumer_electronics",
    "telecommunications"
  ],
  "abstract": "An application on a device can communicate with organization services. The application accesses a protection system on the device, which encrypts data obtained by the application from an organization service using an encryption key, and includes with the data an indication of a decryption key usable to decrypt the encrypted data. The protection system maintains a record of the encryption and decryption keys associated with the organization. The data can be stored in various locations on at least the device, and can be read by various applications on at least the device. If the organization determines that data of the organization stored on a device is to no longer be accessible on the device (e.g., is to be revoked from the device), a command is communicated to the device to revoke data associated with the organization. In response to this command, the protection system deletes the decryption key.",
  "url": "https://patentbrief.org/patent/us/9430664/windows-defender-antivirus",
  "markdown_url": "https://patentbrief.org/patent/us/9430664/windows-defender-antivirus/md",
  "google_patents_url": "https://patents.google.com/patent/US9430664",
  "relatedPatents": []
}