Access unit switching through physical mediation
First Claim
1. A computer comprising:
- a processor; and
a fast trusted access unit switch module stored in a virtual machine monitor of the computer and executable on the processor configured to;
verify identity of a user of a single account on a computing device including a fast trusted access unit switching module that enables the user to securely switch between a plurality of levels of allowable privilege and access rights;
determine the plurality of levels of allowable privilege and access rights which afforded to the user of the single account, the plurality of levels of allowable privilege and access rights includes at least a high level and a low level;
establish a plurality of access units on the computing device with each of the access units capable of having a plurality of levels of privilege and access rights;
grant access to the user of the single account to interface with the access unit, via the fast trusted access unit switch module, with the low level of privilege and access rights required to interface with the access unit; and
change the low level of privilege and access rights to the high level of privilege and access rights for the user of the single account when the user of the single account is required to interface with the access unit using the high level of privilege and access rights when the user initiates a first physical action that generates a signal that is provided to an isolation kernel via a trusted path; and
change the high level of privilege and access right to the low level of privilege and access rights for the user of the single account when the user of the single account is not required to interface with the access unit using the high level of privilege and access rights when the user initiates a second physical action that generates a signal that is provided to the isolation kernel via the trusted path.
2 Assignments
0 Petitions
Accused Products
Abstract
A plurality of access units may be established with varying levels of privilege and access rights, such that the user may perform tasks carrying with them a high risk of viral infection in an access unit with a low level of privilege and access rights. When an authenticated user desires to perform tasks requiring a higher level of privilege and access rights, the user may switch to an access unit having a higher privilege and access rights level by instigating a physical action. The physical action may include selecting a button (included in either a UI or on a peripheral device), or inputting biometric data to switch among running access units. A signal instigated by the physical action is transmitted along a trusted path between the isolation kernel and where the physical action was instigated.
30 Citations
9 Claims
-
1. A computer comprising:
-
a processor; and a fast trusted access unit switch module stored in a virtual machine monitor of the computer and executable on the processor configured to; verify identity of a user of a single account on a computing device including a fast trusted access unit switching module that enables the user to securely switch between a plurality of levels of allowable privilege and access rights; determine the plurality of levels of allowable privilege and access rights which afforded to the user of the single account, the plurality of levels of allowable privilege and access rights includes at least a high level and a low level; establish a plurality of access units on the computing device with each of the access units capable of having a plurality of levels of privilege and access rights; grant access to the user of the single account to interface with the access unit, via the fast trusted access unit switch module, with the low level of privilege and access rights required to interface with the access unit; and change the low level of privilege and access rights to the high level of privilege and access rights for the user of the single account when the user of the single account is required to interface with the access unit using the high level of privilege and access rights when the user initiates a first physical action that generates a signal that is provided to an isolation kernel via a trusted path; and change the high level of privilege and access right to the low level of privilege and access rights for the user of the single account when the user of the single account is not required to interface with the access unit using the high level of privilege and access rights when the user initiates a second physical action that generates a signal that is provided to the isolation kernel via the trusted path. - View Dependent Claims (2)
-
-
3. One or more computer-readable devices having computer-readable instructions therein that, when executed by a computing device, cause the computing device to perform acts comprising:
-
verifying the identity of a user of a single account on a computing device including a fast trusted access unit switching module that enables the user to securely switch between a plurality of levels of allowable privilege and access rights; determining the plurality of levels of allowable privilege and access rights which can be afforded to the user of the single account, the plurality of levels of allowable privilege and access rights includes at least a high level and a low level; establishing a plurality of access units on the computing device with each of the access units capable of having a plurality of levels of privilege and access rights; granting access to the user of the single account to interface with the access unit, via the fast trusted access unit switch module, with the low level of privilege and access rights required to interface with the access unit; and changing the low level of privilege and access rights to the high level of privilege and access rights for the user of the single account when the user of the single account is required to interface with the access unit using the high level of privilege and access rights when the user initiates a first physical action that generates a signal that is provided to an isolation kernel via a trusted path; and changing the high level of privilege and access right to the low level of privilege and access rights for the user of the single account when the user of the single account is not required to interface with the access unit using the high level of privilege and access rights when the user initiates a second physical action that generates a signal that is provided to the isolation kernel via the trusted path. - View Dependent Claims (4, 5, 6, 7, 8, 9)
-
Specification