Data accessibility control
First Claim
Patent Images
1. A method of controlling the accessibility of data to a computer processor configured to context switch between a user context and a secure context, the method comprising:
- obtaining an identifier;
determining dependent on the identifier, in the secure context, whether to make data accessible in the user context; and
,in the event that it is determined to make data accessible, controlling a map of data storage to provide access to the data in the user context according to a selected map, wherein controlling a map of data storage comprises choosing between at least two pre-stored maps of the data storage based on the identifier to choose the selected map, wherein each said map of data storage comprises an association between a plurality of file names and a corresponding plurality of storage addresses;
wherein the selected map is made available to applications in the user context to enable the applications to use the selected map to request access to data identified by the map,wherein in the event that data requested by the applications comprises encrypted data, the encrypted data is decrypted in the secure context to provide unencrypted data to the applications in the user context.
1 Assignment
0 Petitions
Accused Products
Abstract
A computer implemented method and apparatus for controlling the accessibility of data on a data storage 9 comprises obtaining an identifier, and determining dependent on the identifier, in a secure context 5 of a computer processor 1, whether to make data accessible in a user context 3. In the event that data is to be made accessible, access is provided to the data in the user context 3.
-
Citations
16 Claims
-
1. A method of controlling the accessibility of data to a computer processor configured to context switch between a user context and a secure context, the method comprising:
-
obtaining an identifier; determining dependent on the identifier, in the secure context, whether to make data accessible in the user context; and
,in the event that it is determined to make data accessible, controlling a map of data storage to provide access to the data in the user context according to a selected map, wherein controlling a map of data storage comprises choosing between at least two pre-stored maps of the data storage based on the identifier to choose the selected map, wherein each said map of data storage comprises an association between a plurality of file names and a corresponding plurality of storage addresses; wherein the selected map is made available to applications in the user context to enable the applications to use the selected map to request access to data identified by the map, wherein in the event that data requested by the applications comprises encrypted data, the encrypted data is decrypted in the secure context to provide unencrypted data to the applications in the user context. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A method of controlling the accessibility of data to a computer processor, the method comprising:
-
obtaining an identifier; passing the identifier to a security controller operating in the computer processor; the security controller determining dependent on the identifier, whether to make data accessible; and dependent on the determination of the identifier, the security controller controlling the accessibility of data on a data storage coupled to the processor by controlling a map of the data storage, wherein controlling a map of data storage comprises choosing between at least two pre-stored maps of the data storage based on the identifier wherein each said map of data storage comprises an association between a plurality of file names and a corresponding plurality of storage addresses; wherein the selected map is made available to user applications to enable the user applications to use the selected map to request access to data identified by the map, wherein in the event that data requested by the applications comprises encrypted data, the encrypted data is decrypted by the security controller to provide unencrypted data to the user applications. - View Dependent Claims (15)
-
-
16. A non-transitory computer readable storage medium comprising a program for a computer configured to cause a processor to
obtain an identifier; -
determine dependent on the identifier, in the secure context, whether to make data accessible in the user context; and
,in the event that it is determined to make data accessible, control a map of data storage to provide access to the data in the user context, wherein controlling a map of data storage comprises choosing between at least two pre-stored maps of the data storage based on the identifier wherein each said map of data storage comprises an association between a plurality of file names and a corresponding plurality of storage addresses; wherein the selected map is made available to user applications to enable the user applications to use the selected map to request access to data identified by the map, wherein in the event that data requested by the applications comprises encrypted data, the encrypted data is decrypted by the security controller to provide unencrypted data to the user applications.
-
Specification