DATA ACCESSIBILITY CONTROL

US 20160292444A1
Filed: 10/31/2014
Published: 10/06/2016
Est. Priority Date: 11/08/2013
Status: Active Grant

First Claim

Patent Images

1. A method of controlling the accessibility of data to a computer processor configured to context switch between a user context and a secure context, the method comprising:

obtaining an identifier;

determining dependent on the identifier, in the secure context, whether to make data accessible in the user context; and

,in the event that it is determined to make data accessible, providing access to the data in the user context.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer implemented method and apparatus for controlling the accessibility of data on a data storage 9 comprises obtaining an identifier, and determining dependent on the identifier, in a secure context 5 of a computer processor 1, whether to make data accessible in a user context 3. In the event that data is to be made accessible, access is provided to the data in the user context 3.

23 Citations

View as Search Results

52 Claims

1. A method of controlling the accessibility of data to a computer processor configured to context switch between a user context and a secure context, the method comprising:
- obtaining an identifier;
  
  determining dependent on the identifier, in the secure context, whether to make data accessible in the user context; and
  
  ,in the event that it is determined to make data accessible, providing access to the data in the user context.
- View Dependent Claims (2, 3, 4, 6, 7, 8, 9, 10, 11, 13, 14, 15, 16, 17, 18, 52)
- - 2. The method of claim 1 wherein determining dependent on the identifier comprises passing the identifier to a security controller operating in the secure context of the computer processor, and the security controller determining dependent on the identifier, in the secure context, whether to make data accessible in the user context.
  - 3. The method of claim 1 wherein making data accessible comprises controlling a map of data storage.
  - 4. The method of claim 1 wherein the data is selected in the secure context.
  - 6. The method of claim 1 wherein obtaining the identifier comprises obtaining the identifier in the user context and passing the identifier from the user context to the secure context.
  - 7. The method of claim 1 wherein obtaining the identifier comprises obtaining the identifier in the secure context.
  - 8. The method of claim 1 wherein the identifier is verified in the secure context.
  - 9. The method of claim 1 wherein the secure context is TrustZone®
    - .
  - 10. The method of claim 1 wherein the processor has a core configured to provide a secure context virtual core and a user context virtual core, and the secure context operates in the secure context virtual core and the user context operates in the user context virtual core.
  - 11. The method of claim 1 wherein hardware and/or software resources are partitioned between the secure context and the user context.
  - 13. The method claim 1 wherein providing access to the data comprises decrypting the data and making the decrypted data accessible.
  - 14. The method of claim 1 wherein making data accessible comprises selecting a map of data storage from at least two stored maps.
  - 15. The method of claim 1 comprising sending a first network message based on the identifier from the processor operating in the secure context to a remote device, wherein determining dependent on the identifier comprises determining based on a second network message received from the remote device.
  - 16. The method of claim 1 wherein the identifier comprises at least one of:
    - time information, GPS information, host computer information, a MAC address, an IP address, a wireless network ID, SSID, GSM cell, GSM data, a user identifier indicating a user currently operating the host computer, and one or more unique identifiers to prevent spoofing or false reporting from the host computer.
  - 17. The method of claim 1 wherein a weighting is applied to the identifier dependent on the source of the identifier, the weighted identifier being used to determine the accessibility of the data.
  - 18. The method of claim 17 wherein the weighting is determined by a lookup table indicating the weighting to apply to an identifier based on its source.
  - 52. A computer readable non-transitory storage medium comprising a program for a computer configured to cause a processor to perform the method of claim 1.

5. A method of controlling the accessibility of data recorded by a computer configured to context switch between a user context and a secure context, the method comprising:
- receiving data in the user context;
  
  obtaining an identifier;
  
  determining dependent on the identifier, in the secure context, whether data is to be recorded to a data storage according to a first map or a second map.

12. A method of controlling the accessibility of data to a computer processor, the method comprising:
- obtaining an identifier;
  
  passing the identifier to a security controller operating in the computer processor;
  
  the security controller determining dependent on the identifier, whether to make data accessible; and
  
  dependent on the determination of the identifier, the security controller controlling the accessibility of data on a data storage coupled to the processor by controlling a map of the data storage.
- View Dependent Claims (51)
- - 51. The method of claim 12 comprising sending a first network message based on the identifier to a remote device, wherein determining dependent on the identifier comprises determining based on a second network message received from the remote device.

19-50. -50. (canceled)

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Exacttrak Limited
Original Assignee
John Pragnell, Norman Shaw
Inventors
SHAW, Norman, PRAGNELL, John

Granted Patent

US 10,592,680 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 16/2272   Management thereof

G06F 21/10   Protecting distributed prog...

G06F 21/6218   to a system of files or obj...

G06F 21/74   operating in dual or compar...

DATA ACCESSIBILITY CONTROL

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

23 Citations

52 Claims

Specification

Solutions

Use Cases

Quick Links

DATA ACCESSIBILITY CONTROL

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

23 Citations

52 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links