System for data protection in power off mode
First Claim
1. A system in a computing device to protect data stored by the computing device, the computing device including a main operating system that executes in first hardware processor of the computing device, the system comprising:
- at least one sensor configured to detect tampering with the computing device; and
a security module executing continuously in a second operating system in second hardware processor of the computing device, second operating system separate from the main operating system, the second hardware processor, including the security module and the second operating system, being in the computing device and configured to receive power from a battery of the computing device to remain in a powered-on state when the computing device is turned off, the security module communicatively coupled with the at least one sensor, the security module including;
a contextual trigger monitor configured to receive an indication of the detected tampering with the computing device, anda data protection enactor configured to enact a data protection response in response to the receiving of the detected tampering, the data protection enactor configurable by a user interface that enables the data protection response to be associated with the data, the user interface enabling the data protection response to be selected from a plurality of data protection responses that include a hard delete of the data and a soft delete of the data.
2 Assignments
0 Petitions
Accused Products
Abstract
Methods, systems, and computer program products are provided for protecting data stored on a device, even when the device is powered off. The device includes a first operating system and a security module. The first operating system (OS) is the main OS for the device, managing computer resources when the device is powered up in an “on” mode. The security module is separate from the main OS, and is configured to monitor for undesired tampering of the device. The security module is implemented in hardware that functions even when the device is turned off, and thus can protect data against unauthorized access even when the device is off. The security module may be implemented in the form of a circuit, a system-on-chip (SOC), a secondary OS that executes in a processor circuit separate from the processor hardware that operates the main OS, and/or in another manner.
-
Citations
20 Claims
-
1. A system in a computing device to protect data stored by the computing device, the computing device including a main operating system that executes in first hardware processor of the computing device, the system comprising:
-
at least one sensor configured to detect tampering with the computing device; and a security module executing continuously in a second operating system in second hardware processor of the computing device, second operating system separate from the main operating system, the second hardware processor, including the security module and the second operating system, being in the computing device and configured to receive power from a battery of the computing device to remain in a powered-on state when the computing device is turned off, the security module communicatively coupled with the at least one sensor, the security module including; a contextual trigger monitor configured to receive an indication of the detected tampering with the computing device, and a data protection enactor configured to enact a data protection response in response to the receiving of the detected tampering, the data protection enactor configurable by a user interface that enables the data protection response to be associated with the data, the user interface enabling the data protection response to be selected from a plurality of data protection responses that include a hard delete of the data and a soft delete of the data. - View Dependent Claims (2, 3, 4, 5, 6, 7, 14)
-
-
8. A method in a computing device to protect data stored by the computing device, the computing device including a main operating system that executes in first hardware processor of the computing device, the method comprising:
executing a security module continuously in a second operating system in second hardware processor of the computing device, the second operating system separate from the main operating system in the computing device and is communicatively coupled with at least one sensor, said executing the security module including; receiving power in the second hardware processor that includes the security module and the second operating system, the second hardware processor being in the computing device and receiving power from a battery of the computing device to remain in a powered-on state when the computing device is turned off, receiving an indication from at least one sensor of tampering with the computing device, and enacting a data protection response in response to the received indication of the tampering, the enacting the data protection response being configurable by a user interface that enables the data protection response to be associated with the data, the user interface enabling the data protection response to be selected from a plurality of data protection responses that include a hard delete of the data and a soft delete of the data. - View Dependent Claims (9, 10, 11, 12, 13)
-
15. A method in a computing device to protect data stored by the computing device, the computing device including a main operating system that executes in first hardware processor of the computing device, the method comprising:
-
providing a user interface that enables a selection of a data protection response to be associated with the data from a plurality of data protection responses, the plurality of data protection responses including a hard delete of the data and a soft delete of the data; executing a security module continuously in a second operating system in second hardware processor of the computing device, the second operating system separate from the main operating system in the computing device and is communicatively coupled with at least one sensor, said executing the security module including; receiving power in the security module and the second operating system to remain in a powered-on state when the computing device is turned off, receiving an indication from at least one sensor of tampering with the computing device, and enacting the data protection response associated with the data in response to the received indication of the tampering, at least one of the receiving an indication or the enacting the data protection response being configurable by the user interface. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification