| 发明名称 | Multi-factor secure appliance decommissioning | ||
| 摘要 | A network-based appliance includes a mechanism to erase data on the appliance's local storage. The appliance's normal system reset operation is overridden to enable a local user to place the appliance into a safe mode during which remote erasure of the storage is permitted, provided that mode is entered within a first time period following initiation of a system reset. If the appliance is placed in the mode within the time period, it can then receive commands to wipe the local storage. Once the safe mode is entered by detecting one or more actions of a local user, preferably the appliance data itself is wiped by another person or entity that is remote from the device. Thus, physical (local) presence to the appliance is necessary to place the device in the safe mode, while non-physical (remote) presence with respect to the appliance enables actual wiping of the storage device. | ||
| 申请公布号 | US9455976(B2) | 申请公布日期 | 2016.09.27 |
| 申请号 | US201414294219 | 申请日期 | 2014.06.03 |
| 申请人 | GLOBALFOUNDRIES INC. | 发明人 | Milman Ivan Matthew;Martin Ronald Dwayne;Hira Kalpesh |
| 分类号 | H04L29/06;H04L29/08;G06F9/455 | 主分类号 | H04L29/06 |
| 代理机构 | DeLio, Peterson & Curcio, LLC | 代理人 | DeLio, Peterson & Curcio, LLC ;Nowak Kelly M. |
| 主权项 | 1. An apparatus, comprising: a processor; computer memory holding computer program instructions executed by the processor to invoke a privileged operation within a network-connected appliance using a privileged command, the network-connected appliance having a normal system reset and a local storage, the computer program instructions comprising:program code responsive to detecting, during a first time period, of a local action on the appliance, to initiate a second time period and to transition the appliance into a state that overrides the normal system reset and places the network-connected appliance into a safe mode in which invocation of the privileged operation is allowed for remote erasure of the network-connected appliance local storage, wherein the local action is receipt of a button press on the appliance to place the application in the safe mode during which remote erasure of the local storage is permitted remote from the appliance; andprogram code responsive to detecting, prior to expiration of the second time period, of an authorized remote request, to initiate the privileged command and enable remote erasure of sensitive data on the network-connected appliance local storage prior to decommissioning the network-connected appliance, the program code response to detecting the authorized remote request including program code to detect remote entry of a key uniquely assigned to a hardware element in the device and program code responsive to detection of the remote entry of the key, to interrupt the second time period to allow initiating the privileged command. | ||
| 地址 | Grand Cayman KY | ||