Data erasure of a target device

US 10,162,565 B2
Filed: 01/30/2014
Issued: 12/25/2018
Est. Priority Date: 01/30/2014
Status: Active Grant

First Claim

Patent Images

1. A target device comprising:

a first storage including an operating system;

a second storage including boot strap information; and

a processor to;

execute the boot strap information;

in response to receiving an erase command over a network from a remote source, authenticate the erase command; and

in response to the authenticating of the erase command, erase the first storage prior to completion of the executing of the boot strap information, the erasing of the first storage comprising erasing the operating system.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Examples herein disclose erasing data from a target device based upon an authentication of an erase command. The examples receive an erase command during execution to boot strap information and authenticate the erase command. Upon the authentication of the erase command, the examples erase data from the target device prior to completion of execution of boot strap information.

Citations

18 Claims

1. A target device comprising:
- a first storage including an operating system;
  
  a second storage including boot strap information; and
  
  a processor to;
  
  execute the boot strap information;
  
  in response to receiving an erase command over a network from a remote source, authenticate the erase command; and
  
  in response to the authenticating of the erase command, erase the first storage prior to completion of the executing of the boot strap information, the erasing of the first storage comprising erasing the operating system.
- View Dependent Claims (2, 3, 4, 5, 6, 15, 16)
- - 2. The target device of claim 1, wherein the processor is to erase the first storage in response to the authenticating of the erase command during execution of one of:
    - a Basic Input/Output System (BIOS), and a Unified Extensible Firmware Interface (UEFI).
  - 3. The target device of claim 1, wherein the erase command received from the remote source over the network is digitally signed for authentication at the target device.
  - 4. The target device of claim 1, wherein the erasing of the first storage is processor agnostic.
  - 5. The target device of claim 1, wherein the processor is further to:
    - receive a key from the remote source, wherein the erase command is authenticated using the key.
  - 6. The target device of claim 1, wherein the processor is to store a record of an execution of the erase command in the second storage.
  - 15. The target device of claim 1, wherein the authenticating of the erase command is based on a cryptographic key, and the erasing of the first storage in response to the authenticating of the erase command based on the cryptographic key is performed in a pre-boot environment before completion of a boot of the target device.
  - 16. The target device of claim 1, wherein the erase command is received from the remote source responsive to the remote source receiving a report of loss of the target device.

7. A method executed by a target device, the method comprising:
- receiving an erase command during execution of boot strap information;
  
  provisioning a cryptographic key at the target device prior to receiving the erase command;
  
  authenticating the erase command, wherein the authenticating of the erase command is based on the cryptographic key; and
  
  upon the authentication of the erase command, erasing data from the target device prior to completion of execution of the boot strap information.
- View Dependent Claims (8, 9, 10, 11, 12, 17)
- - 8. The method of claim 7, further comprising:
    - recording the erasing of the data to track the erase command, wherein the erasing of the data is performed in a pre-boot environment.
  - 9. The method of claim 7, wherein the erase command includes a universal unique identifier of the target device, and the erasing of data from the target device includes erasing an operating system from a storage of the target device.
  - 10. The method of claim 7, further comprising:
    - receiving a request to accept the cryptographic key by the target device prior to receiving the erase command; and
      
      inputting an access code for the acceptance of the cryptographic key on the target device.
  - 11. The method of claim 7, wherein the target device authenticates the erase command utilizing private and public key-pair signature validation.
  - 12. The method of claim 7, wherein the erase command includes a digital signature, and the authenticating of the erase command comprises authenticating the digital signature with the cryptographic key on the target device.
  - 17. The method of claim 7, wherein the erase command is received by the target device from a remote source over a network.

13. A non-transitory machine-readable storage medium comprising instructions that when executed cause a target device to:
- execute boot strap information;
  
  receive an erase command digitally signed by a remote source;
  
  authenticate the erase command through the digital signature; and
  
  in response to the authenticating of the erase command, erase data from the target device prior to execution of an operating system on the target device, wherein the erasing of the data from the target device comprises erasing the operating system.
- View Dependent Claims (14, 18)
- - 14. The non-transitory machine-readable storage medium of claim 13, wherein the instructions when executed cause the target device to:
    - provision a cryptographic key from the remote source at the target device prior to receipt of the erase command;
      
      utilize the cryptographic key to authenticate the digital signature as part of the authenticating of the erase command.
  - 18. The non-transitory machine-readable storage medium of claim 13, wherein the erase command is received by the target device from the remote source over a network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Original Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Inventors
Wang, Lan, Liu, Wei-Ze, Pham, Quoc P, Waldron, James Robert
Primary Examiner(s)
Brown, Anthony D
Assistant Examiner(s)
Anderson, Michael D

Application Number

US15/030,287
Publication Number

US 20160328180A1
Time in Patent Office

1,790 Days
Field of Search

713171
US Class Current
CPC Class Codes

G06F 13/14   Handling requests for inter...

G06F 21/44   Program or device authentic...

G06F 21/57   Certifying or maintaining t...

G06F 21/575   Secure boot

G06F 21/602   Providing cryptographic fac...

G06F 3/0608   Saving storage space on sto...

G06F 3/0622   in relation to access

G06F 3/0632   by initialisation or re-ini...

G06F 3/0652   Erasing, e.g. deleting, dat...

G06F 3/0683   Plurality of storage devices

G06F 9/4401   Bootstrapping security arra...

G06F 9/4406   Loading of operating system

H04L 63/061   for key exchange, e.g. in p...

H04L 9/3247   involving digital signatures

Data erasure of a target device

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Data erasure of a target device

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links