Approaches for ensuring data security
First Claim
1. One or more machine-readable non-transitory mediums storing one or more sequences of instructions for securing a client, which when executed, cause:
- a BIOS agent to store policy data within a BIOS of the client, wherein the BIOS agent is one or more modules operating at runtime in the BIOS of the client, wherein the policy data is capable of being updated from a server after an operating system on the client has loaded, and wherein the policy data describes one or more security policies followed by the client after the operating system has loaded;
upon the BIOS agent receiving updated policy data from the server white the operating system executes, the client enforcing any new security policies described by the updated policy data without rebooting the client; and
in response to the client following at least one of the one or more security policies, a hard-disk drive (HDD) of the client to lock by instructing a controller present in the hard-disk drive (HDD) to deny, to any entity, access to data stored on the hard-disk drive (HDD) unless the entity supplies, to the controller, a recognized authentication credential.
3 Assignments
0 Petitions
Accused Products
Abstract
Techniques for protecting resources of a client from theft or unauthorized access. A BIOS agent stores policy data within a BIOS of the client. The BIOS agent is one or more software modules operating in the BIOS of the client. The policy data describes one or more security policies which the client is to follow. In response to the client following at least one of the one or more security policies, a persistent storage medium of the client is locked by instructing a controller of the persistent storage medium to deny, to any entity, access to data stored on the persistent storage medium unless the entity supplies, to the controller, a recognized authentication credential. In this way, a malicious user without access to the recognized authentication credential cannot access the data stored on the persistent storage medium, even if the persistent storage medium is removed from the client.
-
Citations
21 Claims
-
1. One or more machine-readable non-transitory mediums storing one or more sequences of instructions for securing a client, which when executed, cause:
-
a BIOS agent to store policy data within a BIOS of the client, wherein the BIOS agent is one or more modules operating at runtime in the BIOS of the client, wherein the policy data is capable of being updated from a server after an operating system on the client has loaded, and wherein the policy data describes one or more security policies followed by the client after the operating system has loaded; upon the BIOS agent receiving updated policy data from the server white the operating system executes, the client enforcing any new security policies described by the updated policy data without rebooting the client; and in response to the client following at least one of the one or more security policies, a hard-disk drive (HDD) of the client to lock by instructing a controller present in the hard-disk drive (HDD) to deny, to any entity, access to data stored on the hard-disk drive (HDD) unless the entity supplies, to the controller, a recognized authentication credential. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method for securing a client, comprising:
-
a BIOS agent storing policy data within a BIOS of the client, wherein the BIOS agent is one or more modules operating at runtime in the BIOS of the client, wherein the policy data is capable of being updated from a server after an operating system on the client has loaded, and wherein the policy data describes one or more security policies followed by the client after the operating system has loaded; upon the BIOS agent receiving updated policy data from the server while the operating system executes, the client enforcing any new security policies described by the updated policy data without rebooting the client; and in response to the client following at least one of the one or more security policies, locking a hard-disk drive (HDD) of the client by instructing a controller present in the hard-disk drive (HDD) to deny, to any entity, access to data stored on the hard-disk drive (HDD) unless the entity supplies, to the controller, a recognized authentication credential. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. An apparatus for securing resources thereof, comprising:
-
one or more processors; and one or more machine-readable non-transitory mediums storing one or more sequences of instructions, which when executed by the one or more processors, cause; a BIOS agent to store policy data within a BIOS of the client, wherein the BIOS agent is one or more modules operating at runtime in the BIOS of the client, wherein the policy data is capable of being updated from a server after an operating system on the client has loaded, and wherein the policy data describes one or more security policies followed by the client after the operating system has loaded; upon the BIOS agent receiving updated policy data from the server while the operating system executes, the client enforcing any new security policies described by the updated policy data without rebooting the client; and in response to the client following at least one of the one or more security policies, a persistent storage medium of the client to lock by instructing a controller present in the persistent storage medium to deny, to any entity, access to data stored on the persistent storage medium unless the entity supplies, to the controller, a recognized authentication credential.
-
Specification