摘要:
A method provides a protected region of a data storage device associated with a computational device, where data in the protected region is primarily protected by preventing access without proper access authorization. The method comprises the steps of providing, in an unprotected region of the data storage device, a first operating system and associated operating system data; monitoring operating system data accessed by the computational device until a predetermined functionality becomes available; storing, in the protected region, the monitored operating system data; providing, in the protected region, a second operating system; transferring control of the computational device from the first operating system to the second operating system; storing data in the protected region; and preventing access to the stored data in the protected region without access authorization. In a further embodiment of the method, the second operating system optionally provides a second level of security by preventing decryption of data stored in the protected region without decryption authorization.
摘要:
A method provides a protected region of a data storage device associated with a computational device, where data in the protected region is primarily protected by preventing access without proper access authorization. The method comprises the steps of providing, in an unprotected region of the data storage device, a first operating system and associated operating system data; monitoring operating system data accessed by the computational device until a predetermined functionality becomes available; storing, in the protected region, the monitored operating system data; providing, in the protected region, a second operating system; transferring control of the computational device from the first operating system to the second operating system; storing data in the protected region; and preventing access to the stored data in the protected region without access authorization. In a further embodiment of the method, the second operating system optionally provides a second level of security by preventing decryption of data stored in the protected region without decryption authorization.
摘要:
The invention establishes a protected volume on a data storage device associated with a computational device by allowing an operating system of the computational device to boot up to a point (the volume conversion crossover point) at which predetermined functionality of the operating system becomes available, then establishing the protected volume. A copy of the operating system data (cleartext operating system data) that is accessed during boot up prior to the volume conversion crossover point (which can be known by monitoring and recording access to operating system data during boot-up) is stored in an unprotected region of the data storage device. A copy of the cleartext operating system data is also stored in the protected volume. After the protected volume is established, the computational device is reset, causing the operating system to boot up again. During each boot-up of the operating system after the protected volume has been established, the cleartext operating system data is used until the volume conversion crossover point, at which time operation of the computational device converts to a secure mode (if authorized) in which data stored on the data storage device can be accessed from the protected volume (including the copy of the cleartext operating system data that is stored in the protected volume).
摘要:
Techniques are given for determining the data transmission or sending rates in a router or switch of two or more input queues in one or more input ports sharing an output port, which may optionally include an output queue. The output port receives desired or requested data from each input queue sharing the output port. The output port analyzes this data and sends feedback to each input port so that, if needed, the input port can adjust its transmission or sending rate.
摘要:
Techniques are given for determining the data transmission or sending rates in a router or switch of two or more input queues in one or more input ports sharing an output port, which may optionally include an output queue. The output port receives desired or requested data from each input queue sharing the output port. The output port analyzes this data and sends feedback to each input port so that, if needed, the input port can adjust its transmission or sending rate.
摘要:
Techniques are given for determining the data transmission or sending rates in a router or switch of two or more input queues in one or more input ports sharing an output port, which may optionally include an output queue. The output port receives desired or requested data from each input queue sharing the output port. The output port analyzes this data and sends feedback to each input port so that, if needed, the input port can adjust its transmission or sending rate.