Client controlled lock for electronic devices
First Claim
Patent Images
1. A method for securing an electronic device, said method comprising:
- activating a locking mechanism on said device according to a locking policy that defines first and second conditions, wherein when said locking mechanism is activated, then said device operates in a limited mode of operation providing reduced device functionality compared to a normal mode of operation;
determining that the first condition is satisfied and, in response, deactivating said locking mechanism while the device is operating in the limited mode of operation and placing said device into an intermediate mode of operation that is between said limited mode of operation and said normal mode of operation in terms of available device functionality; and
determining that the second condition is satisfied while the device is in the intermediate mode of operation and, in response, placing the device into said normal mode of operation.
2 Assignments
0 Petitions
Accused Products
Abstract
An electronic device can be locked and secured by activating a hardware locking mechanism on the device. The locking mechanism is controlled by a locking policy that is defined and implemented from the client side. If the locking mechanism is activated, then the device operates in a limited mode of operation instead of in a normal mode of operation. The locking mechanism can be deactivated, placing the device into the normal mode of operation, when a specified condition is satisfied.
-
Citations
20 Claims
-
1. A method for securing an electronic device, said method comprising:
-
activating a locking mechanism on said device according to a locking policy that defines first and second conditions, wherein when said locking mechanism is activated, then said device operates in a limited mode of operation providing reduced device functionality compared to a normal mode of operation; determining that the first condition is satisfied and, in response, deactivating said locking mechanism while the device is operating in the limited mode of operation and placing said device into an intermediate mode of operation that is between said limited mode of operation and said normal mode of operation in terms of available device functionality; and determining that the second condition is satisfied while the device is in the intermediate mode of operation and, in response, placing the device into said normal mode of operation. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. An electronic device comprising:
-
a locking mechanism activated based on a locking policy controlled by a client-side authority of the device, the locking mechanism comprising a normal boot instruction path that provides a normal mode of operation when the locking mechanism is deactivated and a reduced-function boot instruction path that provides a limited mode of operation, that has reduced device functionality relative to the normal mode of operation, when the locking mechanism is activated; a locking agent coupled to said locking mechanism, said locking agent configured to; implement said locking policy to activate said locking mechanism to place the device in the limited mode of operation; determine a deactivation condition based on activation of said locking mechanism, the deactivation condition comprising one or more requirements for deactivating said locking mechanism, wherein the locking agent is configured to vary the deactivation condition based on a manner in which the locking mechanism was activated to place the device in the limited mode of operation; and deactivate said locking mechanism when the deactivation condition is satisfied; and one or more computer processors, being a functional part of the electronic device, and activated by the locking agent to facilitate implementing the locking policy to activate the locking mechanism. - View Dependent Claims (10, 11, 12, 13, 14)
-
-
15. A computer system comprising:
-
a processor; memory coupled to said processor; a locking policy that is controlled by a client-side authority of the computer system; a hardware-implemented locking mechanism coupled to said memory and configured to; place the computer system into an unlocked state in which the computer system operates in a first mode of operation having first computing functionality, based on a mode selector controlled by the locking policy; and place the computer system into a locked state in which the computer system operates in a second mode of operation having second computing functionality that is reduced relative to the first computing functionality of the first mode of operation, based on the mode selector controlled by the locking policy, the locking mechanism and mode selector residing within a secure execution environment of the computer system; and a tampering detection mechanism configured to detect an unauthorized attempt to circumvent at least one of the locking policy and the locking mechanism. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification