Data protection based on user input during device boot-up, user login, and device shut-down states

US 10,372,937 B2
Filed: 06/27/2014
Issued: 08/06/2019
Est. Priority Date: 06/27/2014
Status: Active Grant

First Claim

Patent Images

1. A computing device comprising:

a monitor configured to determine, during a shut-down process of the computing device, whether particular user input has been received via at least one user interface of the computing device, wherein the shut-down process of the computing device comprises a process during which an operating system and/or other software processes executing on the computing device are suspended or terminated and one or more hardware components of the computing device are being powered down; and

a processor configured to activate a first mode of operation of the computing device in response to a determination that the particular user input has been received, and to activate a second mode of operation of the computing device in response to determining that the particular user input has not been received, the first mode of operation of the computing device being a mode in which sensitive data stored on the computing device and non-sensitive data stored on the computing device are both visible and accessible to a user, and the second mode of operation of the computing device being a mode in which the non-sensitive data stored on the computing device is visible and accessible to the user and the sensitive data stored on the computing device is rendered one or more of invisible to the user and inaccessible to the user, and the second mode of operation of the computing device being a mode in which at least one item of sensitive data is rendered invisible to the user or inaccessible to the user by performing one or more of;

soft deleting the item of sensitive data, the soft deleting the item of sensitive data comprising deleting a link or file pointer to the item of sensitive data, the link or file pointer being restorable from a secure store;

orclosing or hiding a window in which the item of data is displayed.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computing device is described herein that automatically enters a data protection mode in response to the detected presence or absence of certain user input and/or user input behaviors during a device boot-up state, a user login state, or a device shut-down state. When the device enters the data protection mode, sensitive data stored on the device is automatically rendered invisible and/or inaccessible to a user thereof. The sensitive data may be rendered invisible and/or inaccessible in a manner that is not likely to be apparent to the user of the computing device.

123 Citations

20 Claims

1. A computing device comprising:
- a monitor configured to determine, during a shut-down process of the computing device, whether particular user input has been received via at least one user interface of the computing device, wherein the shut-down process of the computing device comprises a process during which an operating system and/or other software processes executing on the computing device are suspended or terminated and one or more hardware components of the computing device are being powered down; and
  
  a processor configured to activate a first mode of operation of the computing device in response to a determination that the particular user input has been received, and to activate a second mode of operation of the computing device in response to determining that the particular user input has not been received, the first mode of operation of the computing device being a mode in which sensitive data stored on the computing device and non-sensitive data stored on the computing device are both visible and accessible to a user, and the second mode of operation of the computing device being a mode in which the non-sensitive data stored on the computing device is visible and accessible to the user and the sensitive data stored on the computing device is rendered one or more of invisible to the user and inaccessible to the user, and the second mode of operation of the computing device being a mode in which at least one item of sensitive data is rendered invisible to the user or inaccessible to the user by performing one or more of;
  
  soft deleting the item of sensitive data, the soft deleting the item of sensitive data comprising deleting a link or file pointer to the item of sensitive data, the link or file pointer being restorable from a secure store;
  
  orclosing or hiding a window in which the item of data is displayed.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The computing device of claim 1, wherein the monitor is configured to determine whether the particular user input has been received via the at least one user interface of the computing device by determining whether one or more particular keys or buttons have been pressed.
  - 3. The computing device of claim 1, wherein the monitor is configured to determine whether the particular user input has been received via the at least one user interface of the computing device by determining whether a particular password has been entered.
  - 4. The computing device of claim 1, wherein the processor is further configured to, subsequent to rendering the sensitive data inaccessible to the user in the second mode of operation, restore access to the sensitive data in response to determining that a particular password has been entered during a subsequently-executed login process of the computing device.
  - 5. The computing device of claim 1, wherein the processor is further configured to, subsequent to rendering the sensitive data inaccessible to the user in the second mode of operation, restore access to the sensitive data in response to determining that a particular password has been entered and at least one user input behavior is present during a subsequently-executed login process of the computing device.
  - 6. The computing device of claim 5, wherein the processor is further configured to, subsequent to rendering the sensitive data inaccessible to the user in the second mode of operation, restore access to the sensitive data in response to determining that the user has entered a second particular input during a subsequently-executed boot-up process of the computing device.
  - 7. The computing device of claim 1, wherein the monitor is configured to determine whether the particular user input has been received via the at least one user interface of the computing device by determining whether one or more user input behaviors are present during the shut-down process.

8. A method for protecting sensitive data stored on a computing device, comprising:
- determining, during a shut-down process of the computing device, whether particular user input has been received via at least one user interface of the computing device, wherein the shut-down process of the computing device comprises a process during which an operating system and/or other software processes executing on the computing device are suspended or terminated and one or more hardware components of the computing device are being powered down;
  
  in response to a determination that the particular user input has been received, activating, during the shut-down process of the computing device, a first mode of operation of the computing device in which sensitive data stored on the computing device and non-sensitive data stored on the computing device are both visible and accessible to a user; and
  
  in response to a determination that the particular user input has not been received, activating, during the shut-down process of the computing device, a second mode of operation of the computing device in which the non-sensitive data stored on the computing device is visible and accessible to the user and the sensitive data stored on the computing device is rendered one or more of invisible to the user and inaccessible to the user by performing one or more of;
  
  soft deleting an item of sensitive data, the soft deleting the item of sensitive data comprising deleting a link or file pointer to the item of sensitive data, the link or file pointer being restorable from a secure store;
  
  orclosing or hiding a window in which the item of data is displayed.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The method of claim 8, wherein determining whether the particular user input has been received via the at least one user interface of the computing device comprises determining whether one or more particular keys or buttons have been pressed.
  - 10. The method of claim 8, wherein determining whether the particular user input has been received via the at least one user interface of the computing device comprises determining whether a particular password has been entered.
  - 11. The method of claim 8, further comprising:
    - subsequent to rendering the sensitive data inaccessible to the user during the second operating mode, restoring access to the sensitive data in response to determining that a particular password has been entered during a subsequently-executed login process of the computing device.
  - 12. The method of claim 10, further comprising:
    - subsequent to rendering the sensitive data inaccessible to the user during the second operating mode, restoring access to the sensitive data in response to determining that a particular password has been entered and at least one user input behavior is present during a subsequently-executed login process of the computing device.
  - 13. The method of claim 8, wherein determining whether the particular user input has been received via the at least one user interface of the computing device comprises determining whether one or more user input behaviors are present during the shut-down process.

14. A computer program product comprising a computer-readable memory having computer program logic recorded thereon that when executed by at least one processor causes the at least one processor to perform a method for protecting sensitive data stored on a computing device, the method comprising:
- determining, during a shut-down process of the computing device, whether particular user input has been received via at least one user interface of the computing device, wherein the shut-down process of the computing device comprises a process during which an operating system and/or other software processes executing on the computing device are suspended or terminated and one or more hardware components of the computing device are being powered down;
  
  in response to a determination that the particular user input has been received, not activating, during the shut-down process of the computing device, a data protection mode of operation of the computing device in which sensitive data stored on the computing device is rendered one or more of invisible to a user and inaccessible to the user by performing one or more of;
  
  soft deleting an item of sensitive data, the soft deleting the item of sensitive data comprising deleting a link or file pointer to the item of sensitive data, the link or file pointer being restorable from a secure store;
  
  orclosing or hiding a window in which the item of data is displayed; and
  
  in response to a determination that the particular user input has not been received, activating, during the shut-down process of the computing device, the data protection mode of the computing device.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The computer program product of claim 14, wherein determining whether the particular user input has been received via the at least one user interface of the computing device comprises determining whether one or more particular keys or buttons have been pressed.
  - 16. The computer program product of claim 14, wherein determining whether the particular user input has been received via the at least one user interface of the computing device comprises determining whether a particular password has been entered.
  - 17. The computer program product of claim 14, further comprising:
    - subsequent to rendering the sensitive data inaccessible to the user during the data protection mode, restoring access to the sensitive data in response to determining that a particular password has been entered during a subsequently-executed login process of the computing device.
  - 18. The computer program product of claim 14, wherein the method further comprises:
    - subsequent to rendering the sensitive data inaccessible to the user during the data protection mode, restoring access to the sensitive data in response to determining that a particular password has been entered and at least one user input behavior is present during a subsequently-executed login process of the computing device.
  - 19. The computer program product of claim 14, wherein the method further comprises:
    - subsequent to rendering the sensitive data inaccessible to the user during the data protection mode, restoring access to the sensitive data in response to determining that the user has entered a second particular input during a subsequently-executed boot-up process of the computing device.
  - 20. The computer program product of claim 14, wherein determining whether the particular user input has been received via the at least one user interface of the computing device comprises determining whether one or more input behaviors are present during the shut-down process.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Inventors
Huang, Jerry, Liu, Zhen, Li, QingHu, Liu, Chen
Primary Examiner(s)
Gee, Jason K
Assistant Examiner(s)
Gao, Shu C

Application Number

US14/402,982
Publication Number

US 20160300074A1
Time in Patent Office

1,866 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/316   by observing the pattern of...

G06F 21/575   Secure boot

G06F 21/6245   Protecting personal data, e...

G06F 21/83   input devices, e.g. keyboar...

G06F 21/88   Detecting or preventing the...

G06F 2221/034   Test or assess a computer o...

G06F 2221/2111   Location-sensitive, e.g. ge...

G06F 2221/2137   Time limited access, e.g. t...

G06F 2221/2139   Recurrent verification

Data protection based on user input during device boot-up, user login, and device shut-down states

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

123 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Data protection based on user input during device boot-up, user login, and device shut-down states

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

123 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links