Abstract: A device may comprise at least one wireless transceiver, a memory configured to store a local pasteboard, and a processor. The processor may be configured to receive local selections of data to be placed on a local pasteboard, broadcast advertisements indicating that the local data is on the local pasteboard, and wirelessly transmit the local data to remote device pasteboards. The processor may also be configured to receive advertisements indicating that remote data is available on remote pasteboards of other devices, request the remote data in response to a paste command, wirelessly receive the remote data, and paste the remote data.

Abstract: Methods and apparatuses that enroll a wireless device into an enterprise service with a management server addressed in a management profile are described. The enrollment may grant a control of configurations of the wireless device to the management server via the management profile. In response to receiving a notification from the management server, a trust of the notification may be verified against the management profile. If the trust is verified, a network session may be established with the management server. The network session may be secured via a certificate in the management profile. Management operations may be performed for management commands received over the secure network session to manage the configurations transparently to a user of the wireless device according to the control.

Abstract: In the described embodiments, a device configuration file is used to set configuration settings on a computing device during a configuration operation (e.g., an initial configuration or a re-configuration of the computing device). The device configuration file is retrieved from a location where the device configuration file is hosted using a reference to the location from a bootstrap configuration. The bootstrap configuration is provided by a bootstrap configuration server and is retrieved by the computing device from the bootstrap configuration server during the configuration operation.

Abstract: The described embodiments include a computing device that executes a broker application. The broker application performs a mediated data exchange to exchange data between a first sandboxed application and a second application. For example, the broker application can import data from the second application into the first sandboxed application. As another example, the broker application can export data from the first sandboxed application into the second application.

Abstract: The described embodiments include a computing device that executes a broker application. The broker application performs a mediated data exchange to exchange data between a first sandboxed application and a second application. For example, the broker application can import data from the second application into the first sandboxed application. As another example, the broker application can export data from the first sandboxed application into the second application.

Abstract: In the described embodiments, a device configuration file is used to set configuration settings on a computing device during a configuration operation (e.g., an initial configuration or a re-configuration of the computing device). The device configuration file is retrieved from a location where the device configuration file is hosted using a reference to the location from a bootstrap configuration. The bootstrap configuration is provided by a bootstrap configuration server and is retrieved by the computing device from the bootstrap configuration server during the configuration operation.

Abstract: Disclosed herein are systems, methods, and non-transitory computer-readable storage media for erasing user data stored in a file system. The method includes destroying all key bags containing encryption keys on a device having a file system encrypted on a per file and per class basis, erasing and rebuilding at least part of the file system associated with user data, and creating a new default key bag containing encryption keys. Also disclosed herein is a method of erasing user data stored in a remote file system encrypted on a per file and per class basis. The method includes transmitting obliteration instructions to a remote device, which cause the remote device to destroy all key bags containing encryption keys on the remote device, erase and rebuild at least part of the file system associated with user data, and create on the remote device a new default key bag containing encryption keys.

Abstract: Disclosed herein are systems, methods, and non-transitory computer-readable storage media for erasing user data stored in a file system. The method includes destroying all key bags containing encryption keys on a device having a file system encrypted on a per file and per class basis, erasing and rebuilding at least part of the file system associated with user data, and creating a new default key bag containing encryption keys. Also disclosed herein is a method of erasing user data stored in a remote file system encrypted on a per file and per class basis. The method includes transmitting obliteration instructions to a remote device, which cause the remote device to destroy all key bags containing encryption keys on the remote device, erase and rebuild at least part of the file system associated with user data, and create on the remote device a new default key bag containing encryption keys.

Abstract: A device streams assets to network-based storage, and servers administering the network-based storage operate to notify other authorized devices that the assets are available to download, including initiating the download of assets automatically or in response to user input. With streaming enabled on their device, a user is able to make assets, such as digital photograph, video or other type of media file, data file, or other type of electronic content, available immediately to all of their other devices and to other users having permission to follow assets streamed by their device. Servers secure access to the stream of assets, on both an account level and an asset level in accordance with asset metadata registered for the assets during streaming.

Abstract: Methods and apparatuses that enroll a wireless device into an enterprise service with a management server addressed in a management profile are described. The enrollment may grant a control of configurations of the wireless device to the management server via the management profile. In response to receiving a notification from the management server, a trust of the notification may be verified against the management profile. If the trust is verified, a network session may be established with the management server. The network session may be secured via a certificate in the management profile. Management operations may be performed for management commands received over the secure network session to manage the configurations transparently to a user of the wireless device according to the control.

Abstract: Methods and apparatuses that enroll a wireless device into an enterprise service with a management server addressed in a management profile are described. The enrollment may grant a control of configurations of the wireless device to the management server via the management profile. In response to receiving a notification from the management server, a trust of the notification may be verified against the management profile. If the trust is verified, a network session may be established with the management server. The network session may be secured via a certificate in the management profile. Management operations may be performed for management commands received over the secure network session to manage the configurations transparently to a user of the wireless device according to the control.

Abstract: The described embodiments include a computing device that executes a broker application. The broker application performs a mediated data exchange to exchange data between a first sandboxed application and a second application. For example, the broker application can import data from the second application into the first sandboxed application. As another example, the broker application can export data from the first sandboxed application into the second application.

Abstract: In the described embodiments, a device configuration file is used to set configuration settings on a computing device during a configuration operation (e.g., an initial configuration or a re-configuration of the computing device). The device configuration file is retrieved from a location where the device configuration file is hosted using a reference to the location from a bootstrap configuration. The bootstrap configuration is provided by a bootstrap configuration server and is retrieved by the computing device from the bootstrap configuration server during the configuration operation.

Abstract: Disclosed herein are systems, methods, and non-transitory computer-readable storage media for erasing user data stored in a file system. The method includes destroying all key bags containing encryption keys on a device having a file system encrypted on a per file and per class basis, erasing and rebuilding at least part of the file system associated with user data, and creating a new default key bag containing encryption keys. Also disclosed herein is a method of erasing user data stored in a remote file system encrypted on a per file and per class basis. The method includes transmitting obliteration instructions to a remote device, which cause the remote device to destroy all key bags containing encryption keys on the remote device, erase and rebuild at least part of the file system associated with user data, and create on the remote device a new default key bag containing encryption keys.

Abstract: Disclosed herein are systems, methods, and non-transitory computer-readable storage media for erasing user data stored in a file system. The method includes destroying all key bags containing encryption keys on a device having a file system encrypted on a per file and per class basis, erasing and rebuilding at least part of the file system associated with user data, and creating a new default key bag containing encryption keys. Also disclosed herein is a method of erasing user data stored in a remote file system encrypted on a per file and per class basis. The method includes transmitting obliteration instructions to a remote device, which cause the remote device to destroy all key bags containing encryption keys on the remote device, erase and rebuild at least part of the file system associated with user data, and create on the remote device a new default key bag containing encryption keys.

Abstract: The described embodiments include a content provider device that can assign items of content (applications, digitally-rendered music, books, videos, etc.) to users upon receiving assignment messages from administrative devices. The items of content can be electronically transferred to the user's devices to be used by users. The content provider device can also revoke assignments of items of content from users upon receiving revocation messages from administrative devices. The revocation generally causes the loss of one or more rights to the item of content for the user. For example, the content provider device can stop providing services for the item of content and/or can cause the item of content to be deleted from a corresponding user's device.

Abstract: Disclosed herein are systems, methods, and non-transitory computer-readable storage media for erasing user data stored in a file system. The method includes destroying all key bags containing encryption keys on a device having a file system encrypted on a per file and per class basis, erasing and rebuilding at least part of the file system associated with user data, and creating a new default key bag containing encryption keys. Also disclosed herein is a method of erasing user data stored in a remote file system encrypted on a per file and per class basis. The method includes transmitting obliteration instructions to a remote device, which cause the remote device to destroy all key bags containing encryption keys on the remote device, erase and rebuild at least part of the file system associated with user data, and create on the remote device a new default key bag containing encryption keys.

Abstract: Methods and apparatuses that enroll a wireless device into an enterprise service with a management server addressed in a management profile are described. The enrollment may grant a control of configurations of the wireless device to the management server via the management profile. In response to receiving a notification from the management server, a trust of the notification may be verified against the management profile. If the trust is verified, a network session may be established with the management server. The network session may be secured via a certificate in the management profile. Management operations may be performed for management commands received over the secure network session to manage the configurations transparently to a user of the wireless device according to the control.

Abstract: Disclosed herein are systems, methods, and non-transitory computer-readable storage media for encryption and key management. The method includes encrypting each file on a computing device with a unique file encryption key, encrypting each unique file encryption key with a corresponding class encryption key, and encrypting each class encryption key with an additional encryption key. Further disclosed are systems, methods, and non-transitory computer-readable storage media for encrypting a credential key chain. The method includes encrypting each credential on a computing device with a unique credential encryption key, encrypting each unique credential encryption key with a corresponding credential class encryption key, and encrypting each class encryption key with an additional encryption key.

Abstract: Methods and apparatuses that enroll a wireless device into an enterprise service with a management server addressed in a management profile are described. The enrollment may grant a control of configurations of the wireless device to the management server via the management profile. In response to receiving a notification from the management server, a trust of the notification may be verified against the management profile. If the trust is verified, a network session may be established with the management server. The network session may be secured via a certificate in the management profile. Management operations may be performed for management commands received over the secure network session to manage the configurations transparently to a user of the wireless device according to the control.