System and method for N-ary locality in a security co-processor
First Claim
Patent Images
1. A method of expanding locality in a security co-processor module of a computing system comprising:
- setting a security mode of the security co-processor module to an enhanced mode in response to a determination that the computing system provides a capability to obtain the current geographic location;
receiving a request by the security co-processor module to execute an operation;
determining the security mode for the security co-processor module;
when the security mode is set to a normal mode, checking a machine mode of the computing system and executing the requested operation when the machine mode is acceptable;
when the security mode is set to an enhanced mode, getting a security policy, getting a current geographic location of the computing system and a current trusted time, determining if the requested operation is acceptable according to geographic location and trusted time attribute entries specified in the security policy, the current geographic location, and the current trusted time, and checking the machine mode of the computing system; and
when the requested operation and machine mode are both acceptable, executing the requested operation.
1 Assignment
0 Petitions
Accused Products
Abstract
Enhancing locality in a security co-processor module of a computing system may be achieved by including one or more additional attributes such as geographic location, trusted time, a hardware vendor string, and one or more environmental factors into an access control space for machine mode measurement of a computing system.
-
Citations
30 Claims
-
1. A method of expanding locality in a security co-processor module of a computing system comprising:
-
setting a security mode of the security co-processor module to an enhanced mode in response to a determination that the computing system provides a capability to obtain the current geographic location; receiving a request by the security co-processor module to execute an operation; determining the security mode for the security co-processor module; when the security mode is set to a normal mode, checking a machine mode of the computing system and executing the requested operation when the machine mode is acceptable; when the security mode is set to an enhanced mode, getting a security policy, getting a current geographic location of the computing system and a current trusted time, determining if the requested operation is acceptable according to geographic location and trusted time attribute entries specified in the security policy, the current geographic location, and the current trusted time, and checking the machine mode of the computing system; and when the requested operation and machine mode are both acceptable, executing the requested operation. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. An article comprising a non-transitory machine readable medium having a plurality of machine instructions that, in response to execution by a security co-processor module within a computing system, cause the security co-processor module to:
-
set a security mode of the security co-processor module to an enhanced mode in response to a determination that the computing system provides a capability to obtain a current geographic location; receive a request by the security co-processor module to execute an operation; determine the security mode for the security co-processor module; when the security mode is set to a normal mode, check a machine mode of the computing system and execute the requested operation when the machine mode is acceptable; when the security mode is set to the enhanced mode, get a security policy, get a current geographic location of the computing system and a current trusted time, determine if the requested operation is acceptable according to geographic location and trusted time attribute entries specified in the security policy, the current geographic location, and the current trusted time, and check the machine mode of the computing system; and when the requested operation and the machine mode both are acceptable, execute the requested operation. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A security co-processor circuit of a computing system having:
-
a security mode configured to be settable to a normal mode or an enhanced mode when the computing system provides a capability to obtain a current geographic location or a current trusted time; and a security policy configured to receive one or more entries associated with increasing security of the computing system; wherein the security co-processor circuit is configured to; receive a request to execute an operation; when the security mode is set to the normal mode, to check a machine mode of the computing system and to execute the requested operation when the machine mode is acceptable; when the security mode is set to the enhanced mode, to get a current geographic location of the computing system and a current trusted time, to determine if the requested operation is acceptable according to geographic location and trusted time attribute entries specified in the security policy, the current geographic location, and the current trusted time, and to check the machine mode of the computing system; and when the requested operation and the machine mode are both acceptable, execute the requested operation. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30)
-
Specification