Method, apparatus and system for enabling a secure location-aware platform

US 20080092236A1
Filed: 10/17/2006
Published: 04/17/2008
Est. Priority Date: 10/17/2006
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

identifying a change in network status of a device, the device including a secure partition and a user partition, the secure partition including a location awareness agent;

the location awareness agent determining whether the device is connected to a network;

if the device is connected to the network, the location awareness agent determining whether the network is secure;

if the network is secure, the location awareness agent applying a first set of security controls to an operating system in the user partition prior to enabling the operating system to access the network; and

if the network is unsecure, the location awareness agent applying second set security controls to the operating system in the user partition prior to enabling the operating system to access the network.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method, apparatus and system enable a secure location-aware platform. Specifically, embodiments of the present invention may utilize a secure processing partition on the platform to determine a location of the platform and dynamically apply and/or change security controls accordingly.

Citations

14 Claims

1. A method comprising:
- identifying a change in network status of a device, the device including a secure partition and a user partition, the secure partition including a location awareness agent;
  
  the location awareness agent determining whether the device is connected to a network;
  
  if the device is connected to the network, the location awareness agent determining whether the network is secure;
  
  if the network is secure, the location awareness agent applying a first set of security controls to an operating system in the user partition prior to enabling the operating system to access the network; and
  
  if the network is unsecure, the location awareness agent applying second set security controls to the operating system in the user partition prior to enabling the operating system to access the network.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method according to claim 1 wherein the first set of security controls is different than the second set of security controls and the second set of security controls imposes at least one more restriction than the first set of security controls.
  - 3. The method according to claim 1 wherein determining whether the network is secure further comprises attempting to connect to known network infrastructure elements.
  - 4. The method according to claim 1 wherein the first set of security controls enables the user partition to access data on the device and the second set of security controls restricts the user partition from accessing at least a portion of the data on the device.
  - 5. The method according to claim 1 wherein the secure partition is at least one of an Active Management Technologies (“
    - AMT”
      
      ), a Manageability Engine”
      
      (“
      
      ME”
      
      ), a Platform Resource Layer (“
      
      PRL”
      
      ), a virtual machine (“
      
      VM”
      
      ) and an independent processor core.
  - 6. The method according to claim 1 wherein the device is a wireless device.

7. A computing device, comprising:
- a network interface card;
  
  a user partition coupled to the network interface card;
  
  a secure partition coupled to the network interface card and the user partition, the secure partition managing access of the network interface card by the user partition;
  
  a location awareness agent coupled to the secure partition and the user partition, the location awareness agent capable of determining whether the computing device is connected to a network, if the computing device is connected to the network, the location awareness agent capable of determining whether the network is secure, if the network is secure, the location awareness agent capable of applying a first set of security controls to an operating system in the user partition prior to enabling the operating system to access the network and if the network is unsecure, the location awareness agent capable of applying second set security controls to the operating system in the user partition prior to enabling the operating system to access the network
- View Dependent Claims (8, 9)
- - 8. The computing device according to claim 7 further comprising a storage area coupled to the secure partition and the user partition, the storage area including data accessible by the secure partition and the user partition, the first set of security controls and the second set of security controls imposing restrictions on access to the data by the user partition, the second set of security controls imposing at least one more restriction on access than the first set of security controls.
  - 9. The computing device according to claim 7 wherein the secure partition is at least one of an Active Management Technologies (“
    - AMT”
      
      ) partition, a Manageability Engine”
      
      (“
      
      ME”
      
      ), a Platform Resource Layer (“
      
      PRL”
      
      ), a virtual machine (“
      
      VM”
      
      ) partition and an independent processor core.

10. An article comprising a machine-accessible medium having stored thereon instructions that, when executed by a machine, cause the machine to:
- identify a change in network status of a device, the device including a secure partition and a user partition;
  
  determine whether the device is connected to a network;
  
  if the device is connected to the network, determine whether the network is secure;
  
  if the network is secure, apply a first set of security controls to an operating system in the user partition prior to enabling the operating system to access the network; and
  
  if the network is unsecure, apply a second set security controls to the operating system in the user partition prior to enabling the operating system to access the network.
- View Dependent Claims (11, 12, 13, 14)
- - 11. The article according to claim 10 wherein the first set of security controls is different than the second set of security controls and the second set of security controls imposes at least one more restriction than the first set of security controls.
  - 12. The article according to claim 10 wherein the instructions, when executed by a machine, cause the machine to determine whether the network is secure by attempting to connect to known network infrastructure elements.
  - 13. The article according to claim 10 wherein the first set of security controls enables the user partition to access data on the device and the second set of security controls restricts the user partition from accessing at least a portion of the data on the wireless device.
  - 14. The article according to claim 10 wherein the device is a wireless device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Morgan, Dennis

Granted Patent

US 8,024,806 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/22
CPC Class Codes

G06F 21/53   by executing in a restricte...

G06F 21/57   Certifying or maintaining t...

G06F 2221/2111   Location-sensitive, e.g. ge...

H04L 63/0209   Architectural arrangements,...

H04L 63/105   Multiple levels of security

H04L 63/107   wherein the security polici...

H04L 63/20   for managing network securi...

Method, apparatus and system for enabling a secure location-aware platform

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Method, apparatus and system for enabling a secure location-aware platform

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links