Providing geographic protection to a system
First Claim
Patent Images
1. A computing device with technology for implementing and authenticating geo-specific launch control policies, the computing device comprising:
- a hardware processor;
a location sensor in communication with the hardware processor, the location sensor configured to provide geographic information identifying a current location of the computing device;
at least one secure storage in communication with the hardware processor;
multiple geo-specific public keys in the secure storage, wherein at least one of the geo-specific public keys corresponds to a geo-specific private key, and wherein each set of corresponding geo-specific public and private keys is associated with a predetermined location;
a geographic launch control policy (LCP) manifest in the secure storage;
at least one geo-specific LCP record in the geographic LCP manifest, the geo-specific LCP record comprising;
a launch policy for a software agent of the computing device, wherein the launch policy provides for different results, depending on whether the current location of the computing device is an approved location for the software agent; and
a digital signature that was created using a key among the geo-specific private keys that is associated with the approved location for the software agent; and
a geo-policy code module that, when executed on the hardware processor, (i) automatically determines whether to launch a desired software agent, based on geo-policy conditions comprising (a) the current location of the computing device, (b) existence in the geographic LCP manifest of at least one geo-specific LCP record that is associated with the current location of the computing device and with the desired software agent, and (c) authenticity of said geo-specific LCP record, and (ii) automatically launches a recovery agent in response to failure of one or more of the geo-policy conditions; and
wherein the geo-policy code module is configured to use at least one of the geo-specific public keys to evaluate the authenticity of said geo-specific LCP record.
0 Assignments
0 Petitions
Accused Products
Abstract
In one embodiment, a method includes determining a location of a system responsive to location information received from at least one of a location sensor and a wireless device of the system, associating the location with a key present in the system to generate an authenticated location of the system, and determining whether the authenticated location is within a geofence boundary indicated in a location portion of a launch control policy (LCP) that provides a geographic-specific policy. Other embodiments are described and claimed.
-
Citations
20 Claims
-
1. A computing device with technology for implementing and authenticating geo-specific launch control policies, the computing device comprising:
-
a hardware processor; a location sensor in communication with the hardware processor, the location sensor configured to provide geographic information identifying a current location of the computing device; at least one secure storage in communication with the hardware processor; multiple geo-specific public keys in the secure storage, wherein at least one of the geo-specific public keys corresponds to a geo-specific private key, and wherein each set of corresponding geo-specific public and private keys is associated with a predetermined location; a geographic launch control policy (LCP) manifest in the secure storage; at least one geo-specific LCP record in the geographic LCP manifest, the geo-specific LCP record comprising; a launch policy for a software agent of the computing device, wherein the launch policy provides for different results, depending on whether the current location of the computing device is an approved location for the software agent; and a digital signature that was created using a key among the geo-specific private keys that is associated with the approved location for the software agent; and a geo-policy code module that, when executed on the hardware processor, (i) automatically determines whether to launch a desired software agent, based on geo-policy conditions comprising (a) the current location of the computing device, (b) existence in the geographic LCP manifest of at least one geo-specific LCP record that is associated with the current location of the computing device and with the desired software agent, and (c) authenticity of said geo-specific LCP record, and (ii) automatically launches a recovery agent in response to failure of one or more of the geo-policy conditions; and wherein the geo-policy code module is configured to use at least one of the geo-specific public keys to evaluate the authenticity of said geo-specific LCP record. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method for implementing and authenticating geo-specific launch control policies, the method comprising:
-
in a computing device comprising a geo-policy code module and secure storage containing (a) multiple geo-specific public keys, wherein at least one of the geo-specific public keys corresponds to a geo-specific private key, and wherein each set of corresponding geo-specific public and private keys is associated with a predetermined location, (b) a geographic launch control policy (LCP) manifest, and (c) at least one geo-specific LCP record in the geographic LCP manifest, wherein the geo-specific LCP record comprises a launch policy for a software agent of the computing device, wherein the launch policy provides for different results depending on whether a current location of the computing device is an approved location for the software agent, and wherein the geo-specific LCP record further comprises a digital signature that was created using a key among the geo-specific private keys that is associated with the approved location for the software agent automatically using the geo-policy code module and the geographic LCP manifest to determine whether to launch a desired software agent on the computing device, based on geo-policy conditions comprising (a) the current location of the computing device, (b) existence in the geographic LCP manifest of a geo-specific LCP record that is associated with the current location of the computing device and with the desired software agent, and (c) authenticity of said geo-specific LCP record; and automatically launching a recovery agent in response to failure of one or more of the geo-policy conditions; and wherein the operation of determining whether to launch the desired software agent comprises using at least one of the geo-specific public keys to evaluate the authenticity of said geo-specific LCP record. - View Dependent Claims (10, 11, 12, 13, 14)
-
-
15. An apparatus for implementing and authenticating geo-specific launch control policies, the apparatus comprising:
-
at least one non-transitory machine-readable storage medium; and instructions in the storage medium that, when executed by a computing device, implement a geo-policy code module which causes the computing device to (i) automatically use a geographic launch control policy (LCP) manifest from secure storage of the computing device to determine whether to launch a desired software agent on the computing device, based on geo-policy conditions comprising (a) a current location of the computing device, (b) existence in the geographic LCP manifest of a geo-specific LCP record that is associated with the current location of the computing device and with the desired software agent, and (c) authenticity of said geo-specific LCP record, and (ii) automatically launch a recovery agent in response to failure of one or more of the geo-policy conditions; and wherein the operation of determining whether to launch the desired software agent comprises; retrieving, from the secure storage, a geo-specific public key that is associated with the current location of the computing device; and using said geo-specific public key to determine whether said geo-specific LCP record comprises a digital signature that was signed using a private key that is also associated with the current location of the computing device. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification