Method, apparatus, and system for enabling a secure location-aware platform
First Claim
Patent Images
1. A method for security control, the method comprising:
- identifying a change in network status of a device, the device including a secure partition, a first virtual user partition, and a second virtual user partition, each of the secure partition, the first virtual user partition, and the second virtual user partition being different partitions of the device, and the secure partition including a location awareness agent;
determining, with the location awareness agent, whether the device is connected to a network;
determining, in response to the device being connected to the network, whether the network is secure by attempting to connect to a known network infrastructure element in a secure network;
applying, with the location awareness agent, a first set of security controls to a first operating system in the first virtual user partition in response to determining that the device is connected to the secure network, the location awareness agent to apply the first set of security controls to the first operating system prior to enabling the first operating system to access the secure network;
applying, with the location awareness agent, a second set of security controls to a second operating system in the second virtual user partition in response to determining that the device is connected to an unsecure network, the location awareness agent to apply the second set of security controls to the second operating system prior to enabling the second operating system to access the unsecure network;
identifying whether the device moves from the secure network to the unsecure network; and
transferring an execution environment from the first operating system in the first virtual user partition to the second operating system in the second virtual user partition in response to identifying that the device moved from the secure network to the unsecure network.
0 Assignments
0 Petitions
Accused Products
Abstract
A method, apparatus, and system enable a secure location-aware platform. Specifically, embodiments of the present invention may utilize a secure processing partition on the platform to determine a location of the platform and dynamically apply and/or change security controls accordingly.
14 Citations
17 Claims
-
1. A method for security control, the method comprising:
-
identifying a change in network status of a device, the device including a secure partition, a first virtual user partition, and a second virtual user partition, each of the secure partition, the first virtual user partition, and the second virtual user partition being different partitions of the device, and the secure partition including a location awareness agent; determining, with the location awareness agent, whether the device is connected to a network; determining, in response to the device being connected to the network, whether the network is secure by attempting to connect to a known network infrastructure element in a secure network; applying, with the location awareness agent, a first set of security controls to a first operating system in the first virtual user partition in response to determining that the device is connected to the secure network, the location awareness agent to apply the first set of security controls to the first operating system prior to enabling the first operating system to access the secure network; applying, with the location awareness agent, a second set of security controls to a second operating system in the second virtual user partition in response to determining that the device is connected to an unsecure network, the location awareness agent to apply the second set of security controls to the second operating system prior to enabling the second operating system to access the unsecure network; identifying whether the device moves from the secure network to the unsecure network; and transferring an execution environment from the first operating system in the first virtual user partition to the second operating system in the second virtual user partition in response to identifying that the device moved from the secure network to the unsecure network. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A computing device, comprising:
-
a network interface card; a virtual machine monitor to manage allocation of resources of the computing device among one or more virtual user partitions; a secure partition to manage access to the network interface card for the one or more virtual user partitions, the secure partition comprises a location awareness agent to determine whether the computing device is connected to a network, wherein in response to determining that the computing device is connected to a network, the location awareness agent to determine whether the computing device is connected to one of a secure network or an unsecure network by attempting to connect to a known network element in the secure network; a first virtual user partition having a first operating system to enable access to the secure network, the location awareness agent to apply a first set of security controls to the first operating system of the first virtual user partition prior to enabling access to the secure network; and a second virtual user partition having a second operating system to enable access to the unsecure network, the location awareness agent to apply a second set of security controls to the second operating system of the second virtual user partition prior to enabling access to the unsecure network, wherein each of the secure partition, the first virtual user partition, and the second virtual user partition being different partitions of the computing device, and wherein the location awareness agent further to detect if the computing device roams from the secure network to the unsecure network and, in response to detecting that the computing device roamed from the secure network to the unsecure network, to transfer an execution environment from the first operating system of the first virtual user partition to the second operating system of the second virtual user partition. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A non-transitory, machine-accessible storage medium having instructions stored thereon, which when executed by a processor of a device, cause the device to:
-
indentify a change in network status of a device, the device including a secure partition, a first virtual user partition, and a second virtual user partition, each of the secure partition, the first virtual user partition, and the second virtual user partition being different partitions of the device, and the secure partition including a location awareness agent; determine, with the location awareness agent, whether the device is connected to a network; determine, in response to the device being connected to the network, whether the network is secure by attempting to connect to a known network infrastructure element in a secure network; apply, with the location awareness agent, a first set of security controls to a first operating system in the first virtual user partition in response to determining that the device is connected to the secure network, the location awareness agent to apply the first set of security controls to the first operating system prior to enabling the first operating system to access the secure network; apply, with the location awareness agent, a second set of security controls to a second operating system in the second virtual user partition in response to determining that the device is connected to an unsecure network, the location awareness agent to apply the second set of security controls to the second operating system prior to enabling the second operating system to access the unsecure network; identify whether the device moves from the secure network to the unsecure network; and transfer an execution environment from the first virtual operating system in the first user partition to the second operating system in the second virtual user partition response to identifying that the device moved from the secure network to the unsecure network. - View Dependent Claims (16, 17)
-
Specification