SYSTEM AND METHOD FOR N-ARY LOCALITY IN A SECURITY CO-PROCESSOR
First Claim
Patent Images
1. A method of enhancing locality in a security co-processor module of a computing system comprising:
- receiving a request by the security co-processor module to execute an operation;
determining a security mode for the security co-processor module;
when the security mode is normal, checking a machine mode of the computing system environment and executing the requested operation when the machine mode is acceptable; and
when the security mode is enhanced, getting a security policy, getting a current geographic location of the computing system and a current trusted time, determining if the requested operation is acceptable according to geographic location and trusted time attribute entries specified in the security policy, the current geographic location, and the current trusted time, checking the machine mode of the computing system environment when the requested operation is acceptable, and executing the requested operation when the machine mode is acceptable.
1 Assignment
0 Petitions
Accused Products
Abstract
Enhancing locality in a security co-processor module of a computing system may be achieved by including one or more additional attributes such as geographic location, trusted time, a hardware vendor string, and one or more environmental factors into an access control space for machine mode measurement of a computing system.
13 Citations
30 Claims
-
1. A method of enhancing locality in a security co-processor module of a computing system comprising:
-
receiving a request by the security co-processor module to execute an operation; determining a security mode for the security co-processor module; when the security mode is normal, checking a machine mode of the computing system environment and executing the requested operation when the machine mode is acceptable; and when the security mode is enhanced, getting a security policy, getting a current geographic location of the computing system and a current trusted time, determining if the requested operation is acceptable according to geographic location and trusted time attribute entries specified in the security policy, the current geographic location, and the current trusted time, checking the machine mode of the computing system environment when the requested operation is acceptable, and executing the requested operation when the machine mode is acceptable. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. An article comprising a machine readable medium having a plurality of machine instructions, wherein when the instructions are executed by a security co-processor module within a computing system, the instructions provide for enhancing locality in the security co-processor module of the computing system by
receiving a request by the security co-processor module to execute an operation; -
determining a security mode for the security co-processor module; when the security mode is normal, checking a machine mode of the computing system environment and executing the requested operation when the machine mode is acceptable; and when the security mode is enhanced, getting a security policy, getting a current geographic location of the computing system and a current trusted time, determining if the requested operation is acceptable according to geographic location and trusted time attribute entries specified in the security policy, the current geographic location, and the current trusted time, checking the machine mode of the computing system environment when the requested operation is acceptable, and executing the requested operation when the machine mode is acceptable. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A security co-processor module of a computing system comprising:
-
a security mode; and a security policy; wherein the security co-processor module is configured to receive a request to execute an operation;
when the security mode is normal, to check a machine mode of the computing system environment and to execute the requested operation when the machine mode is acceptable; and
when the security mode is enhanced, to get a current geographic location of the computing system and a current trusted time, to determine if the requested operation is acceptable according to geographic location and trusted time attribute entries specified in the security policy, the current geographic location, and the current trusted time, to check the machine mode of the computing system environment when the requested operation is acceptable, and to execute the requested operation when the machine mode is acceptable. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30)
-
Specification