DATA PROTECTION BASED ON USER INPUT DURING DEVICE BOOT-UP, USER LOGIN, AND DEVICE SHUT-DOWN STATES

US 20160300074A1
Filed: 06/27/2014
Published: 10/13/2016
Est. Priority Date: 06/27/2014
Status: Active Grant

First Claim

Patent Images

1. A system, comprising:

at least one processor; and

one or more memory devices connected to the at least one processor, the one or more memory devices storing software components for execution by the at least one processor, the software components including a user login component that comprises;

monitoring logic configured to determine whether a particular password has been entered and to determine whether at least one user input behavior is present; and

mode selection logic configured to activate a first mode of operation of the computing device in response to a determination that the particular password has been entered and the at least one user input behavior is present, and to activate a second mode of operation of the computing device in response to determining that the particular password has been entered and the at least one user input behavior is not present;

the first mode of operation of the computing device being a mode in which sensitive data stored on the computing device and non-sensitive data stored on the computing device are both visible and accessible to a user, and the second mode of operation of the computing device being a mode in which the non-sensitive data stored on the computing device is visible and accessible to the user and the sensitive data stored on the computing device is rendered one or more of invisible to the user and inaccessible to the user.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computing device is described herein that automatically enters a data protection mode in response to the detected presence or absence of certain user input and/or user input behaviors during a device boot-up state, a user login state, or a device shut-down state. When the device enters the data protection mode, sensitive data stored on the device is automatically rendered invisible and/or inaccessible to a user thereof. The sensitive data may be rendered invisible and/or inaccessible in a manner that is not likely to be apparent to the user of the computing device.

Citations

20 Claims

1. A system, comprising:
- at least one processor; and
  
  one or more memory devices connected to the at least one processor, the one or more memory devices storing software components for execution by the at least one processor, the software components including a user login component that comprises;
  
  monitoring logic configured to determine whether a particular password has been entered and to determine whether at least one user input behavior is present; and
  
  mode selection logic configured to activate a first mode of operation of the computing device in response to a determination that the particular password has been entered and the at least one user input behavior is present, and to activate a second mode of operation of the computing device in response to determining that the particular password has been entered and the at least one user input behavior is not present;
  
  the first mode of operation of the computing device being a mode in which sensitive data stored on the computing device and non-sensitive data stored on the computing device are both visible and accessible to a user, and the second mode of operation of the computing device being a mode in which the non-sensitive data stored on the computing device is visible and accessible to the user and the sensitive data stored on the computing device is rendered one or more of invisible to the user and inaccessible to the user.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The system of claim 1, wherein the mode selection logic is further configured to activate a third mode of operation of the computing device in response to a determination that the particular password has not been entered, the third mode of operation of the computing device being a mode in which access is denied to the sensitive data stored on the computing device and the non-sensitive data stored on the computing device.
  - 3. The system of claim 1, wherein the monitoring logic is configured to determine whether the at least one user input behavior is present by determining whether the particular password was entered by the user at a speed that is within a predefined range.
  - 4. The system of claim 1, wherein the monitoring logic is configured to determine whether the at least one user input behavior is present by determining whether or not a measure of regularity associated with the entry of the particular password by the user is within a predefined range.
  - 5. The system of claim 1, wherein the monitoring logic is configured to determine whether the at least one user input behavior is present by determining whether the user has provided particular input in addition to the particular password.
  - 6. The system of claim 4, wherein the monitoring logic is configured to determine whether the user has provided the particular input by:
    - determining whether the user has pressed one or more particular keys or buttons before and/or after entering the particular password;
      
      ordetermining whether the user has entered one or more particular characters before and/or after entering the particular password.
  - 7. The system of claim 1, wherein the second mode of operation of the computing device is a mode in which at least one item of sensitive data is rendered invisible to the user or inaccessible to the user by performing one or more of:
    - hard deleting the item of sensitive data;
      
      soft deleting the item of sensitive data;
      
      causing file system requests for the item of sensitive data to be ignored;
      
      disabling the item of sensitive data from being opened; and
      
      closing or hiding a window in which the item of data is displayed.

8. A method for protecting sensitive data stored on a computing device, comprising performing during a boot-up process of the computing device:
- determining whether particular user input has been received via at least one user interface of the computing device;
  
  in response to a determination that the particular user input has been received, activating a first mode of operation of the computing device in which sensitive data stored on the computing device and non-sensitive data stored on the computing device are both visible and accessible to a user; and
  
  in response to a determination that the particular user input has not been received, activating a second mode of operation of the computing device in which the non-sensitive data stored on the computing device is visible and accessible to the user and the sensitive data stored on the computing device is rendered one or more of invisible to the user and inaccessible to the user.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The method of claim 8, wherein determining whether the particular user input has been received via the at least one user interface of the computing device comprises determining whether one or more particular keys or buttons have been pressed.
  - 10. The method of claim 8, wherein determining whether the particular user input has been received via the at least one user interface of the computing device comprises determining whether a particular password has been entered.
  - 11. The method of claim 8, further comprising:
    - subsequent to rendering the sensitive data inaccessible to the user during the second operating mode, restoring access to the sensitive data in response to determining that the particular user input has been received via the at least one user interface of the computing device during a subsequent boot-up process.
  - 12. The method of claim 10, further comprising:
    - subsequent to rendering the sensitive data inaccessible to the user during the second operating mode, restoring access to the sensitive data in response to determining that a second particular user input has been received via the at least one user interface of the computing device during a subsequent boot-up process.
  - 13. The method of claim 10, wherein the second mode of operation of the computing device is a mode in which at least one item of sensitive data is rendered invisible to the user or inaccessible to the user by performing one or more of:
    - hard deleting the item of sensitive data;
      
      soft deleting the item of sensitive data;
      
      causing file system requests for the item of sensitive data to be ignored;
      
      disabling the item of sensitive data from being opened;
      
      orclosing or hiding a window in which the item of data is displayed.

14. A computer program product comprising a computer-readable memory having computer program logic recorded thereon that when executed by at least one processor causes the at least one processor to perform a method for protecting sensitive data stored on a computing device, the method comprising performing the following during a shut-down process of the computing device:
- determining whether particular user input has been received via at least one user interface of the computing device;
  
  in response to a determination that the particular user input has been received, not activating a data protection mode of operation of the computing device in which sensitive data stored on the computing device is rendered one or more of invisible to a user and inaccessible to the user; and
  
  in response to a determination that the particular user input has not been received, activating the second mode of operation of the computing device.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The computer program product of claim 14, wherein determining whether the particular user input has been received via the at least one user interface of the computing device comprises determining whether one or more particular keys or buttons have been pressed.
  - 16. The computer program product of claim 14, wherein determining whether the particular user input has been received via the at least one user interface of the computing device comprises determining whether a particular password has been entered.
  - 17. The computer program product of claim 14, further comprising:
    - subsequent to rendering the sensitive data inaccessible to the user during the second operating mode, restoring access to the sensitive data in response to determining that a particular password has been entered during a subsequently-executed login process of the computing device.
  - 18. The computer program product of claim 14, wherein the method further comprises:
    - subsequent to rendering the sensitive data inaccessible to the user during the second operating mode, restoring access to the sensitive data in response to determining that a particular password has been entered and at least one user input behavior is present during a subsequently-executed login process of the computing device.
  - 19. The computer program product of claim 14, wherein the method further comprises:
    - subsequent to rendering the sensitive data inaccessible to the user during the second operating mode, restoring access to the sensitive data in response to determining that the user has entered second particular input during a subsequently-executed boot-up process of the computing device.
  - 20. The computer program product of claim 14, wherein the second mode of operation of the computing device is a mode in which at least one item of sensitive data is rendered inaccessible by the user by performing one or more of:
    - hard deleting the item of sensitive data;
      
      soft deleting the item of sensitive data;
      
      causing file system requests for the item of sensitive data to be ignored;
      
      ordisabling the item of sensitive data from being opened.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Huang, Jerry, Liu, Zhen, Li, QingHu, Liu, Chen

Granted Patent

US 10,372,937 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/316   by observing the pattern of...

G06F 21/575   Secure boot

G06F 21/6245   Protecting personal data, e...

G06F 21/83   input devices, e.g. keyboar...

G06F 21/88   Detecting or preventing the...

G06F 2221/034   Test or assess a computer o...

G06F 2221/2111   Location-sensitive, e.g. ge...

G06F 2221/2137   Time limited access, e.g. t...

G06F 2221/2139   Recurrent verification

DATA PROTECTION BASED ON USER INPUT DURING DEVICE BOOT-UP, USER LOGIN, AND DEVICE SHUT-DOWN STATES

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

DATA PROTECTION BASED ON USER INPUT DURING DEVICE BOOT-UP, USER LOGIN, AND DEVICE SHUT-DOWN STATES

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links