Special PC mode entered upon detection of undesired state
First Claim
1. A computer adapted for operation in a normal mode and an alternate mode comprising:
- a memory;
a processor coupled to the memory;
a first boot device having precedence over any other boot device, the first boot device remaining active concurrently with the any other boot device, the first boot device comprising;
a memory for storing data in a tamper-resistant manner, the data comprising at least one of configuration data, cryptographic data, status data, or executable program data;
a circuit providing monotonically increasing time readings;
a data input/output circuit; and
a program execution environment, coupled to the clock and the data input/output circuit, for executing at least one of a monitoring program or a measurement program stored in the memory;
wherein the first boot device determines when the computer is operating in compliance with a criterion.
3 Assignments
0 Petitions
Accused Products
Abstract
A system and method for monitoring a computer, particularly a pay-per-use computer, uses an isolated computing environment or supervisor. The isolated computing environment boots prior to any boot device associated with an operating system, runs concurrently with the operating system and monitors and measures the computer in operation. Once the isolated computing environment determines the computer is not in compliance with the required policies, the isolated computing environment may either impose an impediment to use such as slowing clock speed or completely disable the operating system. The user may have to return the computer to a service provider to restore it from the offending condition and reset the computer to an operational state.
128 Citations
20 Claims
-
1. A computer adapted for operation in a normal mode and an alternate mode comprising:
-
a memory;
a processor coupled to the memory;
a first boot device having precedence over any other boot device, the first boot device remaining active concurrently with the any other boot device, the first boot device comprising;
a memory for storing data in a tamper-resistant manner, the data comprising at least one of configuration data, cryptographic data, status data, or executable program data;
a circuit providing monotonically increasing time readings;
a data input/output circuit; and
a program execution environment, coupled to the clock and the data input/output circuit, for executing at least one of a monitoring program or a measurement program stored in the memory;
wherein the first boot device determines when the computer is operating in compliance with a criterion. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A supervisor for monitoring compliance with a policy on a computer comprising:
-
a secure memory;
a clock providing monotonically increasing time measurements;
an input/output circuit; and
a processing capability separate from a processor used to host an operating system of the computer, the processing capability coupled to the secure memory, the clock and the input/output circuit, the processing capability for evaluating data corresponding to compliance with the policy received via the input/output circuit in view of information from the secure memory and the clock. - View Dependent Claims (14, 15)
-
-
16. A method of determining non-compliance to a policy on a computer comprising:
-
associating non-compliance to the policy with at least one criterion measurable on the computer;
instantiating a supervisor prior to activating an operating system;
monitoring data, at the supervisor, corresponding to the at least one criterion on the computer; and
determining when the computer is in a non-compliant state by evaluating the data. - View Dependent Claims (17, 18, 19, 20)
-
Specification