Alister some ideas.
On the basis that remote wiping is one security policy/procedure and you have other policies/procedures listed, maybe link other policies/procedures which, if compromised, trigger the remote wipe policy in the device itself might work for you.
Some of the M2M devices in an area I work have one-time passwords/pass*. You seem very clued up so I suggest/highlight some possibilities. You are aware of:
a) PIN and PUK invalidation operation (U/SIM) - prevent access but not overwrite
b) e.g. the Blackberry password invalidation policy - prevents acess and overwrites
Combining a policy remote_wipe_trigger with invalid entry of pass
- x-number of enter attempts when device not connected to wireless network
Under this policy wipe of work partitioned area could be possible
- x-number of enter attempts when device connected to wireless network
Under this policy the user has to enter valid password which is not authenticated in the device but sends the password to the authentication server which send back another the entry pass*. The pass* changes everytime the password is entered which means the genuine user would only need to use the password when gaining access to sensitive areas of the partition data.
The above notion is similiar to the security triplets used in GSM but varies in that the password to access general work is not the same as the password to enter the sensitive area. Thus the password for the sensitive area would require the genuine user to contact the appropriate person in the company before being allowed to go any further; the attempts_failed policy activates when detection of x-number of invalid entries.
The retention of pass* in RAM could be subject to the same one-time policy to dissolve connection to access the sensitive area by overwrite_pass* (keys etc).
↧
