System for data protection in power off mode

US 10,474,849 B2
Filed: 06/27/2014
Issued: 11/12/2019
Est. Priority Date: 06/27/2014
Status: Active Grant

First Claim

Patent Images

1. A system in a computing device to protect data stored by the computing device, the computing device including a main operating system that executes in first hardware processor of the computing device, the system comprising:

at least one sensor configured to detect tampering with the computing device; and

a security module executing continuously in a second operating system in second hardware processor of the computing device, second operating system separate from the main operating system, the second hardware processor, including the security module and the second operating system, being in the computing device and configured to receive power from a battery of the computing device to remain in a powered-on state when the computing device is turned off, the security module communicatively coupled with the at least one sensor, the security module including;

a contextual trigger monitor configured to receive an indication of the detected tampering with the computing device, anda data protection enactor configured to enact a data protection response in response to the receiving of the detected tampering, the data protection enactor configurable by a user interface that enables the data protection response to be associated with the data, the user interface enabling the data protection response to be selected from a plurality of data protection responses that include a hard delete of the data and a soft delete of the data.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, systems, and computer program products are provided for protecting data stored on a device, even when the device is powered off. The device includes a first operating system and a security module. The first operating system (OS) is the main OS for the device, managing computer resources when the device is powered up in an “on” mode. The security module is separate from the main OS, and is configured to monitor for undesired tampering of the device. The security module is implemented in hardware that functions even when the device is turned off, and thus can protect data against unauthorized access even when the device is off. The security module may be implemented in the form of a circuit, a system-on-chip (SOC), a secondary OS that executes in a processor circuit separate from the processor hardware that operates the main OS, and/or in another manner.

132 Citations

20 Claims

1. A system in a computing device to protect data stored by the computing device, the computing device including a main operating system that executes in first hardware processor of the computing device, the system comprising:
- at least one sensor configured to detect tampering with the computing device; and
  
  a security module executing continuously in a second operating system in second hardware processor of the computing device, second operating system separate from the main operating system, the second hardware processor, including the security module and the second operating system, being in the computing device and configured to receive power from a battery of the computing device to remain in a powered-on state when the computing device is turned off, the security module communicatively coupled with the at least one sensor, the security module including;
  
  a contextual trigger monitor configured to receive an indication of the detected tampering with the computing device, anda data protection enactor configured to enact a data protection response in response to the receiving of the detected tampering, the data protection enactor configurable by a user interface that enables the data protection response to be associated with the data, the user interface enabling the data protection response to be selected from a plurality of data protection responses that include a hard delete of the data and a soft delete of the data.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 14)
- - 2. The system of claim 1, wherein the data protection response is a hard delete of the data.
  - 3. The system of claim 1, wherein the security module is implemented as a circuit.
  - 4. The system of claim 3, wherein the security module is implemented in a system-on-chip (SOC) device.
  - 5. The system of claim 1, wherein the second hardware processor comprises:
    - a processor circuit that executes the second operating system and is separate from the first hardware processor, the processor circuit configured to operate in a power-on mode when the computing device is turned off.
  - 6. The system of claim 1, wherein the at least one sensor is configured to at least one of:
    - monitor one or more screws that fasten a housing of the computing device and/or fasten a storage frame;
      
      monitor for portions of the housing becoming separated from each other;
      
      monitor for damage to the housing;
      
      ormonitor for light within an enclosure formed by the housing.
  - 7. The system of claim 1, wherein the user interface further enables a data sensitivity level, a data protection response, and a contextual trigger to be associated with the data stored by the computing device.
  - 14. The system of claim 1, wherein the data protection response includes a soft delete of the data.

8. A method in a computing device to protect data stored by the computing device, the computing device including a main operating system that executes in first hardware processor of the computing device, the method comprising:
- executing a security module continuously in a second operating system in second hardware processor of the computing device, the second operating system separate from the main operating system in the computing device and is communicatively coupled with at least one sensor, said executing the security module including;
  
  receiving power in the second hardware processor that includes the security module and the second operating system, the second hardware processor being in the computing device and receiving power from a battery of the computing device to remain in a powered-on state when the computing device is turned off,receiving an indication from at least one sensor of tampering with the computing device, andenacting a data protection response in response to the received indication of the tampering, the enacting the data protection response being configurable by a user interface that enables the data protection response to be associated with the data, the user interface enabling the data protection response to be selected from a plurality of data protection responses that include a hard delete of the data and a soft delete of the data.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The method of claim 8, wherein the security module is implemented as a circuit, and said executing the security module comprises:
    - operating the circuit.
  - 10. The method of claim 9, wherein the security module is implemented in a system-on-chip (SOC) device, and said executing the security module comprises:
    - operating the SOC device.
  - 11. The method of claim 8, wherein said executing the security module further comprises:
    - executing the second operating system with a processor circuit that is separate from the first hardware processor, the processor circuit configured to operate in a power-on mode when the computing device is turned off.
  - 12. The method of claim 8, wherein the at least one sensor is configured to perform at least one of:
    - monitoring one or more screws that fasten a housing of the computing device and/or fasten a storage frame;
      
      monitoring for portions of the housing becoming separated from each other;
      
      monitoring for damage to the housing;
      
      ormonitoring for light within an enclosure formed by the housing.
  - 13. The method of claim 8, wherein the data protection response includes a soft delete of the data.

15. A method in a computing device to protect data stored by the computing device, the computing device including a main operating system that executes in first hardware processor of the computing device, the method comprising:
- providing a user interface that enables a selection of a data protection response to be associated with the data from a plurality of data protection responses, the plurality of data protection responses including a hard delete of the data and a soft delete of the data;
  
  executing a security module continuously in a second operating system in second hardware processor of the computing device, the second operating system separate from the main operating system in the computing device and is communicatively coupled with at least one sensor, said executing the security module including;
  
  receiving power in the security module and the second operating system to remain in a powered-on state when the computing device is turned off,receiving an indication from at least one sensor of tampering with the computing device, andenacting the data protection response associated with the data in response to the received indication of the tampering, at least one of the receiving an indication or the enacting the data protection response being configurable by the user interface.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The method of claim 15, wherein the security module is implemented as a circuit, and said executing the security module comprises:
    - executing the circuit.
  - 17. The method of claim 16, wherein the security module is implemented in a system-on-chip (SOC) device, and said executing the security module comprises:
    - executing the SOC device.
  - 18. The method of claim 15, wherein said executing the security module further comprises:
    - executing the second operating system with a processor circuit that is separate from the first hardware processor, the processor circuit configured to operate in a power-on mode when the computing device is turned off.
  - 19. The method of claim 18, wherein the at least one sensor is configured to perform at least one of:
    - monitoring one or more screws that fasten a housing of the computing device and/or fasten a storage frame;
      
      monitoring for portions of the housing becoming separated from each other;
      
      monitoring for damage to the housing;
      
      ormonitoring for light within an enclosure formed by the housing.
  - 20. The method of claim 15, wherein the selected data protection response includes the soft delete of the data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Inventors
Huang, Jerry, Liu, Zhen
Primary Examiner(s)
Bechtel, Kevin
Assistant Examiner(s)
Farooqui, Quazi

Application Number

US14/400,528
Publication Number

US 20170116440A1
Time in Patent Office

1,964 Days
Field of Search

726 34, 726 35
US Class Current
CPC Class Codes

G06F 21/6218   to a system of files or obj...

G06F 21/86   Secure or tamper-resistant ...

G06F 21/87   by means of encapsulation, ...

G06F 2221/2143   Clearing memory, e.g. to pr...

System for data protection in power off mode

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

132 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

System for data protection in power off mode

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

132 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links