Method for managing security of a data processing system with configurable security restrictions

US 9,411,947 B2
Filed: 05/30/2014
Issued: 08/09/2016
Est. Priority Date: 05/30/2014
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method, comprising:

booting a data processing device;

in response to receiving a request from an application for modifying a security settings of a data processing system;

rebooting the data processing system, including rebooting a kernel of an operating system of the data processing device;

before the kernel of the operating system has finished rebooting, displaying a message on a display of the data processing system to request a user who operates the data processing system to perform a physical action specified in the displayed message to prove that the user was physically present to issue the request for modifying the security settings;

in response to receiving an action physically performed by the user, verifying whether the action physically performed by the user conforms to the requested physical action specified in the displayed message; and

modifying the security settings of the data processing system in response to determining that the user action conforms to the requested physical action specified in the displayed message.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques for managing security of a data processing system are described herein. According to one embodiment, in response to a request for modifying a security settings of a data processing system, a message is displayed on a display of the data processing system to request a user who operates the data processing system to perform a physical action to prove that the user was physically present to issue the request for modifying the security settings. It is verified whether a user action physically performed by the user conforms to the requested physical action. The security settings of the data processing system is modified, in response to determining that the user action conforms to the requested physical action.

10 Citations

23 Claims

1. A computer-implemented method, comprising:
- booting a data processing device;
  
  in response to receiving a request from an application for modifying a security settings of a data processing system;
  
  rebooting the data processing system, including rebooting a kernel of an operating system of the data processing device;
  
  before the kernel of the operating system has finished rebooting, displaying a message on a display of the data processing system to request a user who operates the data processing system to perform a physical action specified in the displayed message to prove that the user was physically present to issue the request for modifying the security settings;
  
  in response to receiving an action physically performed by the user, verifying whether the action physically performed by the user conforms to the requested physical action specified in the displayed message; and
  
  modifying the security settings of the data processing system in response to determining that the user action conforms to the requested physical action specified in the displayed message.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, further comprising:
    - retrieving a first secret code from a secure storage location of the data processing system, andincluding the first secret code within the message to be displayed as part of the message, wherein the physical action specified in the displayed message comprises entering the first secret code.
  - 3. The method of claim 2, wherein the secure storage comprises a secure enclave processor.
  - 4. The method of claim 1, further comprising:
    - generating, by the data processing device, a secret code, wherein the physical action specified in the displayed message comprises entering the secret code.
  - 5. The method of claim 4, further comprising:
    - storing the secret code in a secure memory of the data processing system; and
      
      determining, by boot logic of the data processing system, whether the secret code is to be displayed in the message displayed to the user after the reboot.
  - 6. The method of claim 1, further comprising:
    - generating a first secret code; and
      
      including the first secret code in the message, wherein the first secret code is displayed in a CAPTCHA form as part of the message.
  - 7. The method of claim 6, further comprising:
    - prompting the user via the displayed message to reenter in an input field the first secret code that is displayed in the CAPTCHA form;
      
      in response to receiving a second secret code via the input field, comparing the first secret code with the second secret code; and
      
      verifying the user is physically present if the first secret code and the second secret code are matched.
  - 8. The method of claim 1, wherein the requested physical action comprises a physical touch action detected by at least one of a sensor, a button, and a switch attached to the data processing system.
  - 9. The method of claim 1, wherein the requested physical action comprises at least one of one or more keystrokes on a keyboard, one or more clicks of a mouse, and a voice stream recorded by a voice recorder.

10. A non-transitory machine-readable medium having instructions stored therein, which when executed by a processor, cause the processor to perform a method, the method comprising:
- booting a data processing device;
  
  in response to receiving a request from an application for modifying a security settings of a data processing system;
  
  rebooting the data processing system, including rebooting a kernel of an operating system of the data processing device;
  
  before the kernel of the operating system has finished rebooting, displaying a message on a display of the data processing system to request a user who operates the data processing system to perform a physical action specified in the displayed message to prove that the user was physically present to issue the request for modifying the security settings;
  
  in response to receiving an action physically performed by the user, verifying whether the action physically performed by the user conforms to the requested physical action specified in the displayed message; and
  
  modifying the security settings of the data processing system in response to determining that the user action conforms to the requested physical action specified in the displayed message.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The non-transitory machine-readable medium of claim 10, wherein the method further comprises:
    - retrieving a first secret code from a secure storage location of the data processing system, andincluding the first secret code within the message to be displayed as part of the message, wherein the physical action specified in the message comprises entering a first secret code.
  - 12. The non-transitory machine-readable medium of claim 10, wherein the secure storage comprises a secure enclave processor.
  - 13. The non-transitory machine-readable medium of claim 10, wherein the method further comprises:
    - generating, by the data processing device, a secret code, wherein the physical action specified in the displayed message comprises entering the secret code.
  - 14. The non-transitory machine-readable medium of claim 13, further comprising:
    - storing the secret code in a secure memory of the data processing system; and
      
      determining, by boot logic of the data processing system, whether the secret code is to be displayed in the message displayed to the user after the reboot.
  - 15. The non-transitory machine-readable medium of claim 10, wherein the method further comprises:
    - generating a first secret code; and
      
      including the first secret code in the message, wherein the first secret code is displayed in a CAPTCHA form as part of the message.
  - 16. The non-transitory machine-readable medium of claim 15, further comprising:
    - prompting the user via the displayed message to reenter in an input field the first secret code that is displayed in the CAPTCHA form;
      
      in response to receiving a second secret code via the input field, comparing the first secret code with the second secret code; and
      
      verifying the user is physically present if the first secret code and the second secret code are matched.
  - 17. The non-transitory machine-readable medium of claim 10, wherein the requested physical action comprises a physical touch action detected by at least one of a sensor, a button, and a switch attached to the data processing system.
  - 18. The non-transitory machine-readable medium of claim 10, wherein the requested physical action comprises at least one of one or more keystrokes on a keyboard, one or more clicks of a mouse, and a voice stream recorded by a voice recorder.

19. A data processing system, comprising:
- a processor; and
  
  a memory coupled to the processor for storing instructions, which when executed from the memory, cause the processor to perform operations, the operations including;
  
  booting a data processing device;
  
  in response to receiving a request from an application for modifying a security settings of a data processing system;
  
  rebooting the data processing system, including rebooting a kernel of an operating system of the data processing device;
  
  before the kernel of the operating system has finished rebooting, displaying a message on a display of the data processing system to request a user who operates the data processing system to perform a physical action specified in the displayed message to prove that the user was physically present to issue the request for modifying the security settings,in response to receiving an action physically performed by the user, verifying whether the action physically performed by the user conforms to the requested physical action specified in the displayed message, andmodifying the security settings of the data processing system in response to determining that the user action conforms to the requested physical action specified in the displayed message.
- View Dependent Claims (20, 21, 22, 23)
- - 20. The system of claim 19, wherein the operations further comprise:
    - retrieving a first secret code from a secure storage location of the data processing system, andincluding the first secret code within the message to be displayed as part of the message, wherein the physical action specified in the displayed message comprises entering the first secret code.
  - 21. The method of claim 20, wherein the secure storage comprises a secure enclave processor.
  - 22. The method of claim 19, wherein the operations further comprise:
    - generating, by the data processing system, a secret code, wherein the physical action specified in the displayed message comprises entering the secret code.
  - 23. The method of claim 22, further comprising:
    - storing the secret code in a secure memory of the data processing system; and
      
      determining, by boot logic of the data processing system, whether the secret code is to be displayed in the message displayed to the user after the reboot.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Apple Inc.
Original Assignee
Apple Inc.
Inventors
Krstic, Ivan, Martel, Pierre-Olivier J., Hughes, Gregory Daniel
Primary Examiner(s)
Le, David

Application Number

US14/292,711
Publication Number

US 20150347741A1
Time in Patent Office

802 Days
Field of Search

None
US Class Current

1/1
CPC Class Codes

G06F 21/32 using biometric data, e.g. ...

G06F 2221/2133 Verifying human interaction...

Method for managing security of a data processing system with configurable security restrictions

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

10 Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Method for managing security of a data processing system with configurable security restrictions

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

10 Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links