User controllable platform-level trigger to set policy for protecting platform from malware
First Claim
Patent Images
1. A method to protect data stored in a storage system of a device from malware alteration, comprising:
- receiving an indication that the data is to be protected, wherein the receiving an indication in response to a hardware switch being activated;
triggering an interrupt of the device to lock the data outside of operating system control;
securing the data from the malware alteration by preventing an operating system process from altering the data, bysending by a trusted application a first message to the storage system, the first message specifying that the data is to be protected from the malware alteration, andreceiving by a trusted application a second message from the storage system indicating that the data is protected from malware alteration, wherein the first and second message are transported over a tunnel between the device and the storage system.
2 Assignments
0 Petitions
Accused Products
Abstract
Embodiments of systems, apparatuses, and methods to protect data stored in a storage system of a device from malware alternation are described. In some embodiments, a system receives an indication that the data is to be protected. In addition, the system further triggers an interrupt of the device and secures the data from the malware alternation.
15 Citations
15 Claims
-
1. A method to protect data stored in a storage system of a device from malware alteration, comprising:
-
receiving an indication that the data is to be protected, wherein the receiving an indication in response to a hardware switch being activated; triggering an interrupt of the device to lock the data outside of operating system control; securing the data from the malware alteration by preventing an operating system process from altering the data, by sending by a trusted application a first message to the storage system, the first message specifying that the data is to be protected from the malware alteration, and receiving by a trusted application a second message from the storage system indicating that the data is protected from malware alteration, wherein the first and second message are transported over a tunnel between the device and the storage system. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A device to protect data stored in a storage system of a device from malware alternation, comprising:
-
a hardware switch, when activated, to indicate that the data is to be protected and to trigger an interrupt of the device to lock the data outside of operating system control; lockable storage to secure the data from the malware alternation by preventing an operating system process from altering the data; and a trusted application interface to send a first message to the storage system, the first message to specify that the data is to be protected from the malware alternation and to receive a second message from the storage system that indicates that the data is protected from the malware alteration, wherein the first and second message are transported over a tunnel between the device and the storage system. - View Dependent Claims (9, 10)
-
-
11. A non-transitory machine-readable medium having executable instructions to cause one or more processing units to perform a method to protect data stored in a storage system of a device from malware alternation, the method comprising:
-
receiving an indication that the data is to be protected, wherein the receiving an indication in response to a hardware switch being activated; triggering an interrupt of the device to lock the data outside of operating system control; securing the data from the malware alteration by preventing an operating system process from altering the data, by sending by a trusted application a first message to the storage system, the first message specifying that the data is to be protected from the malware alteration, and receiving by a trusted application a second message from the storage system indicating that the data is protected from malware alteration, wherein the first and second message are transported over a tunnel between the device and the storage system. - View Dependent Claims (12, 13, 14, 15)
-
Specification