Temporally isolating data accessed by a computing device
First Claim
1. A method of temporally isolating data so that the data accessed by a computing device is limited to a set of data associated with a current mode of operation, comprising:
- receiving a first command to switch to a first mode of operation associated with a first set of data and a first security policy;
receiving an identification of an operator of the computing device that is requesting to engage the computing device in the first mode of operation;
authenticating the identification of the operator;
in response to the identification of the operator being authenticated, initiating a transition of the computing device to switch to the first mode of operation,in response to the identification of the operator failing authentication, disallowing the transition of the computing device to switch to the first mode of operation;
in response to initiating the transition to the first mode of operation, removing any data accessible by the computing device associated with modes of operation different from the first mode of operation so that the removed data is inaccessible by the computing device when operating in the first mode of operation;
storing a second set of data associated with at least one of the modes of operation different from the first mode of operation in a location that is inaccessible to an operating system associated with the computing device so that the operating system is unable to access the second set of data when operating in the first mode of operation;
in response to the data associated with the modes of operation different from the first mode of operation being removed, switching to the first mode of operation; and
operating in the first mode of operation based on a first plurality of rules associated with the first security policy in temporal isolation from any data associated with any other mode of operation of the computing device,wherein the computing device is limited to operating in the first mode of operation and is prevented from accessing any removed data of any other mode of operation while in the first mode of operation.
1 Assignment
0 Petitions
Accused Products
Abstract
Embodiments of the present invention provide a method to temporally isolate data accessed by a computing device so that the data accessed by the computing device is limited to a single set of data. The method includes removing any data that is accessed by the computing device when operating in different modes so that the data is inaccessible by the computing device when operating in the mode. The method also includes switching to the mode after the data associated with the modes different from the mode have been removed. The method also includes operating in the mode based on a plurality of rules associated with the security policy in temporal isolation from any other mode associated with the computing device. The computing device is limited to operating in the mode and is prevented from accessing any data that is distinct from the single set of data of the mode.
-
Citations
17 Claims
-
1. A method of temporally isolating data so that the data accessed by a computing device is limited to a set of data associated with a current mode of operation, comprising:
-
receiving a first command to switch to a first mode of operation associated with a first set of data and a first security policy; receiving an identification of an operator of the computing device that is requesting to engage the computing device in the first mode of operation; authenticating the identification of the operator; in response to the identification of the operator being authenticated, initiating a transition of the computing device to switch to the first mode of operation, in response to the identification of the operator failing authentication, disallowing the transition of the computing device to switch to the first mode of operation; in response to initiating the transition to the first mode of operation, removing any data accessible by the computing device associated with modes of operation different from the first mode of operation so that the removed data is inaccessible by the computing device when operating in the first mode of operation; storing a second set of data associated with at least one of the modes of operation different from the first mode of operation in a location that is inaccessible to an operating system associated with the computing device so that the operating system is unable to access the second set of data when operating in the first mode of operation; in response to the data associated with the modes of operation different from the first mode of operation being removed, switching to the first mode of operation; and operating in the first mode of operation based on a first plurality of rules associated with the first security policy in temporal isolation from any data associated with any other mode of operation of the computing device, wherein the computing device is limited to operating in the first mode of operation and is prevented from accessing any removed data of any other mode of operation while in the first mode of operation. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A system for temporally isolating data so that the data accessed by a computing device is limited to a set of data associated with a current mode of operation, comprising:
-
a mode switch controller configured to; receive a first command to switch to a first mode of operation associated with a first set of data and a first security policy, receive an identification of an operator of the computing device that is requesting to engage the computing device in the first mode of operation, authenticate the identification of the operator, in response to the identification of the operator being authenticated, initiate a transition of the computing device to switch to the first mode of operation, in response to the identification of the operator failing authentication, disallow the transition of the computing device to switch to the first mode of operation, in response to initiating the transition to the first mode of operation, remove any data accessible by the computing device associated with modes of operation different from the first mode of operation so that the removed data is inaccessible by the computing device when operating in the first mode of operation, store a second set of data associated with at least one of the modes of operation different from the first mode of operation in a location that is inaccessible to an operating system associated with the computing device so that the operating system is unable to access the second set of data when operating in the first mode of operation, and in response to the data associated with the modes of operation different from the first mode of operation being removed, switch the computing device to the first mode of operation; and a security processor configured to; control the computing device to operate in the first mode of operation based on a first plurality of rules associated with the first security policy in temporal isolation from any data associated with any other mode of operation of the computing device, wherein the computing device is limited to operating in the first mode of operation and is prevented from accessing any removed data of any other mode of operation while in the first mode of operation. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17)
-
Specification