| 发明名称 | Data access control systems and methods | ||
| 摘要 | Various hardware and software configurations are described herein which provide improved security and control over protected data. In some embodiments, a computer includes a main motherboard card coupled to all input/output devices connected to the computer, and a trusted operating system operates on the main motherboard which includes an access control module for controlling access to the protected data in accordance with rules. The trusted operating system stores the protected data in an unprotected form only on the memory devices on the main motherboard. The computer may also have a computer card coupled to the main motherboard via a PCI bus, on which is operating a guest operating system session for handling requests for data from software applications on the computer. A tamper detection mechanism is provided in the computer for protecting against attempts to copy the unprotected form of the protected data onto memory devices other than the one or more memory devices used by the motherboard or computer card. | ||
| 申请公布号 | US9171176(B2) | 申请公布日期 | 2015.10.27 |
| 申请号 | US201414307394 | 申请日期 | 2014.06.17 |
| 申请人 | Intellectual Ventures II LLC | 发明人 | Sturtevant Daniel Joseph;Lalancette Christopher;Lack Michael Nathan;Schneck Paul B. |
| 分类号 | G06F21/00;G06F21/62;G06F21/60;G06F21/85;G06F21/31;H04L29/06 | 主分类号 | G06F21/00 |
| 代理机构 | Perkins Coie LLP | 代理人 | Perkins Coie LLP |
| 主权项 | 1. A computer-readable storage device storing instructions configured to, in response to being executed by a computing device, cause the computing device to perform operations for protecting data on the computing device, the operations comprising: executing a trusted operating system configured to: cause protected data to be stored on one or more first memory devices;execute an access control module, wherein the access control module controls access to the protected data in accordance with one or more rules specified in a ticket, and prevents unauthorized use of the ticket by storing a log, the log identifying either a user and data the user has gained access to, or identifying which tickets have been used; executing one or more instances of operating systems different from the trusted operating system, the one or more instances of operating systems different from the trusted operating system configured to run one or more software applications usable to access the protected data in an unprotected form; and preventing at least one attempt to copy the unprotected form of the protected data onto memory devices other than the one or more first memory devices. | ||
| 地址 | Wilmington DE US | ||