CN105518700B - System for the data protection in shutdown mode - Google Patents

Abstract

Provide the method, system and computer program product for the data that protection is stored in equipment in equipment shutdown.The equipment includes the first operating system and security module.First operating system (OS) is the main OS of the equipment, manages computer resource when equipment energization is in " booting " mode.Security module is separated with main OS, and is configured to monitor undesirable equipment and is distorted.The security module realizes that the security module works when the device is turned off within hardware, and therefore can protect data when the device is turned off from the access of unauthorized.The security module can be realized in the form of circuit, system on chip (SOC), the secondary OS that executes in the processor circuit separated with the processor hardware for executing main OS, and/or in another form.

Description

System for the data protection in shutdown mode

Background

More and more data are stored in equipment, are especially stored in mobile device.For example, people can store Personal data, and employee can store on their device company data, government data, client-related data, intellectual property and/ Or the data of other sensitive forms.When device losses, being stolen or being compromised in some other manner, these sensitive datas are set to In risk.

In order to solve this problem, the technology for protecting the sensitive data in equipment has been developed.Traditional equipment Data Protection Technologies generally rely on some form of user authentication, encryption or combinations thereof.For example, user it is settable she equipment come Input particular password or PIN are required before data can be accessed in equipment.Additionally, some equipment allow users to pair The file or folder being stored thereon is encrypted, it means that must be inputted before file can be checked or be replicated close Code.Although such mechanism can help prevent sensitive data by the access of unauthorized, they are not completely reliable. For example, if user is forced to provide her password in the case where violating her wish, or if equipment is grasped in activity It is removed when making (that is, after the password that user has had input her), then password mechanism will not have effect.Also some other sides Formula can be used for capturing user authentication and encipherment scheme.Once these data protection measures have been hacked, then usually not square Formula prevents access of the sensitive data by unauthorized.

If the user determine that the equipment that she is in her is likely to stolen place, then she comes the step that can take the initiative Protect sensitive data.For example, user can input commands into equipment to delete all sensitive datas from the device.Depend on In the scene, this may be necessary for the personal security's property and sensitive data of protecting user.However, in many feelings Under condition, user will not be able to expect that her equipment will be stolen and thus without taking such step.Even if user can be pre- In the case where expecting that equipment is stolen, user may be quick to delete from the device to interact with her equipment without enough Deal with Time Feel data.

It summarizes

This general introduction is provided so as to introduce in simplified form will be described in detail below in some concepts for further describing.This The key features or essential features for being not intended to mark claimed subject are summarized, are intended to be used to limit claimed The range of theme.

Provide method, system and the computer for the data that protection is stored in equipment in equipment shutdown Program product.The equipment includes the first operating system and security module.First operating system (OS) is the main OS of the equipment, is being set Standby be powered when being in " booting " mode manages computer resource.Security module is separated with master operating system, and is configured to supervise It is distorted depending on undesirable equipment.Security module is worked in equipment shutdown with hardware realization, the security module, and Even therefore can also protect data from the access of unauthorized when equipment is shut down.

Below with reference to each attached drawing, the further features and advantages of detailed description of the present invention and each reality of the invention Apply example structurally and operationally.It is worth noting that, the present invention is not limited only to specific embodiment described herein.It is presented herein this The purposes of a little being merely to illustrate property of embodiment.Based on description contained herein, technology of the other embodiments for related fields Personnel will be apparent.

Detailed description of the invention

It is integrated to this specification and the attached drawing formed part of this specification shows each embodiment of the invention, and Together with the description, it is further used for illustrating the principle of the present invention, and those skilled in the relevant arts is allowed to implement and use these realities Apply example.

It includes the data for being configured to protect the data of storage on the computing device that Fig. 1, which is shown according to an example embodiment, The block diagram of the data protection environment of protection system.

Fig. 2 shows the streams for the process for providing the protection for being configured to stored data according to an example embodiment Cheng Tu.

Fig. 3 shows the process for selecting the data protection for data to respond according to an example embodiment.

Fig. 4 shows the flow chart as optional data protection Response List according to an example embodiment.

Fig. 5 shows to provide and be triggered according to an example embodiment for monitoring context triggering associated with data pair The flow chart of the process of the execution of data protection response.

Fig. 6 is shown according to an example embodiment for restoring according to the soft process for deleting deleted data.

Fig. 7 is shown according to an example embodiment for equipment to be distorted to the mistake for being dispatched to data and triggering as context Journey.

Fig. 8, which is shown, is configured to distort equipment the context touching being used as data protection according to an example embodiment The block diagram of the data protection system of hair.

Fig. 9 is shown according to an example embodiment for executing the process of security module.

Figure 10 shows to provide according to an example embodiment and distort for supervision equipment to trigger and respond to data protection The flow chart of the process of execution.

Figure 11, which is shown, to be provided according to an example embodiment for the various processes of distorting sensor in supervision equipment Flow chart.

Figure 12 shows the section of a part of the equipment for being associated with the sensor that monitoring is distorted according to an example embodiment Figure.

Figure 13 A-13D shows the various example implementations of the security module according to each embodiment.

Figure 14 shows the block diagram that can wherein realize the illustrative user device of each embodiment.

Figure 15 shows the block diagram that can be used to realize the Example Computing Device of each embodiment.

When combining that wherein identical appended drawing reference identifies the attached drawing of corresponding element, the features and advantages of the present invention will be from It is become more fully apparent in detailed description set forth below.In the accompanying drawings, identical reference label refers generally to identical, function Similar element in upper similar and/or structure.The attached drawing that wherein element occurs for the first time is by most left in corresponding reference label The digital indication of side.

Detailed description

I. it introduces

The specification and drawings disclose one or more embodiments including each feature of the invention.The scope of the present invention It is not limited to the disclosed embodiments.The disclosed embodiments are merely exemplary the present invention, and the disclosed embodiments is modified Version also by the present invention it is contemplated.Various embodiments of the present invention are defined by the claims appended hereto.

Described by reference expression in specification to " one embodiment ", " embodiment ", " example embodiment " etc. Embodiment may include a particular feature, structure, or characteristic, still, each embodiment can need not include the special characteristic, structure, Or feature.In addition, these phrases not necessarily refer to identical embodiment.In addition, when describing special characteristic, knot about a certain embodiment When structure or characteristic, in spite of being explicitly described, realized about other embodiments this feature, structure or characteristic be considered as In the knowledge of those skilled in the art.

Multiple exemplary embodiments are described below.It should be noted that any chapters and sections/sub- chapter title is not intended to provided herein Limitation.Each embodiment is described in this document, and any kind of embodiment can be included under any chapters and sections/sub- chapters and sections. In addition, each embodiment disclosed in any chapters and sections/sub- chapters and sections can from identical chapters and sections/sub- chapters and sections and/or different chapters and sections/sub- chapter Any other embodiment described in section combines in any way.

Chapters and sections II below describes the example data including the calculating equipment for realizing the data protection of context triggering Protect environment.It is the exemplary embodiment triggered for the context of data protection that chapters and sections III, which describes wherein equipment and distorts,.Chapter Section IV describes the example movement for calculating equipment and desk device is realized.Chapters and sections V provides some example embodiments.Chapters and sections VI is provided Some summing-ups are commented.

II. for the example embodiment of the data protection of context triggering

Each embodiment described herein is realized in a manner of based on the configurable of context and automatically and is set to being stored in The protection of standby upper data.Provisioning Policy is allowed users to based on the data protection of context to protect the data in equipment to exempt from By undesired access, such as used in the case where equipment has been stolen, in the wish that equipment is just violating user (for example, User is forced to provide equipment password, equipment is removed in activity operations) in the case where and other situations under.It is examining When measuring risky external context, movement predetermined is performed automatically to protect data, to prevent data from being damaged It is bad.

Data protection system based on context is protected for the access that user accidentally or reluctantly authorizes.When When risky context is identified, data are automatically protected come from being compromised.

The embodiment implemented for the data protection based on context and execute framework is provided.Implementing framework can be used for Define data sensitive rank (for example, rank 1, rank 2 etc.), data protection response (for example, soft deletion, hard deletion etc.), wind Between danger/triggering context (context 1, context 2) and these elements mapping (for example, rank 1- > context 1- > it is soft It deletes, indicates when context 1 is detected, the content of rank 1 will be by soft deletion).Execution framework is configured to activate pre- The action/response first defined is to ensure that data are protected.Movements such as " soft deletion " (hiding datas) can be reduced, and " hard Delete " data are wiped completely without the option for data convert.

In embodiments, potential dangerous situation may occur in the shutdown mode of equipment.For example, when equipment is being closed When machine mode, a people may attempt to open equipment to store thereon from the one or more storage equipment of equipment removal to access Data.Provide the technology for detecting the situation automatically.In one embodiment, the implementation of data safety can in such case By by the additional firmware of chipset (for example, Attached Processor, OS etc.) form include in a device with realize tampering detection come It completes.For example, low-power consumption, the IC chip to work always and the 2nd OS may be present in the equipment to protect the equipment to exempt from It is removed by storage.Even if equipment main OS shutdown when, once detect that device hardware is just tampered, data protection movement just by The second, the OS to work always is executed.

In an example embodiment, data protection can be configured the selected data in equipment: equipment as follows Equipped with the special chip group (one or more IC chips) distorted with low power consumption operation so as to processing equipment.The chipset can wrap Include the 2nd OS to work always.The OS be installed at one or more device locations (be such as attached to the shell of equipment/ In physical container, the encirclement in device housings, at storing framework in a device (for example, being attached to the storage in equipment At the screw of frame)) sensor connection.In the OS to work always, context setting can be configured.Monitor physical container Sensor be configured to be arranged the acceptable acceptable terms (for example, correctly spiral open order) for opening equipment. In main OS, the content to be protected stored in a device can be specific together with the context and (all) protected for trigger data Protection response selected together.For example, the data protection about one or more file/folders can be requested to request to mark Content to be protected out.(no matter whether main OS is switched on) when the 2nd OS is detected to physical container when distorting, the 2nd OS is just held Row tentation data protects response/movement, may include the hard deletion of content, so that being marked as sensitive data can be deleted automatically Remove and without it is any for recovery option.

Various possible responses can be taken to protect data in the case where context is triggered and is detected.Such data The example of protection response includes one of the following or multiple: it is hard to delete, it is off-loaded automatically from wherein being marked as sensitive data It is deleted in equipment, without the option for reduction；Soft deletion, wherein being marked as sensitive data by operating system (OS) It (is deposited by the data of soft deletion by deleting the link to the data and link being stored in home automatically to hide It stores up but invisible to user, protected data can be encrypted etc.)；Prompting be provided to user (for example, message, sound, Visual prompting etc.)；File can be prohibited to open；Show that the window of the opening of the data can be closed；The window of opening can be hidden It ensconces behind other windows；Etc..

Note that in embodiments, one or more of such data protection can be executed by " independently ", so that place The user of reason equipment is unaware of data protection response and is executed.For example, the personnel of processing equipment, which may be because, distorts equipment (example Such as, the shell for attempting to open equipment takes device memory), because fail correct time input password or key sequence, Because by equipment conveying to specific position, because being interacted in a manner of unfamiliar with equipment UI, because being sensed personnel Biometric condition etc. and cause data protection response to be performed.Data protection response can be performed in an independent way, be made The personnel are unaware of response and are executed.For example, data can be by independently hiding, soft deletion or hard deletion, so that the personnel Even data are unaware of to be present in equipment just in equipment or once.Additionally or alternatively, shown window can be in the people The previous arrangement that member sees window is rearranged before, and prompting can be sent to equipment in the case where the personnel are unaware of Owner or administrator, and/or other data protections response can be performed in a discrete fashion.

There can be various benefits to this independently execute of data protection.For example, unauthorized personnel attempts in access equipment Sensitive data can trigger to the soft deletion of the sensitive data or hide.If unauthorized personnel is unaware of the data and just sets at this It is standby upper or be once present in the equipment, and the data are not found on the device immediately (because it is hidden or is deleted by soft Except), then the personnel more rapidly may find the data to trial on the device and lose interest.In addition, if the equipment Authorized user just threatened by unauthorized personnel, then there are more close for the data on the device any by authorized user Reason is shifted responsibility onto others.

If responding the data by soft deletion as data protection, which can be restored later by OS.When data are soft When deletion, the link for only arriving the data (for example, file) is deleted.Data can by from secure storage restore chain fetch by Reduction/recovery.In one embodiment, the recovery of data can be automatically, such as in user next time using correct Password and correct password entry context are come when logging in.Alternatively, recovery can be triggered by correct password context.

Therefore, each embodiment provides feature, such as for the risky environment pair in outside that wherein user is located at The method and system of the automatic and independent triggering of data protection is used for via contents attribute, is directed to all account's overlay devices On the data protections of data distort to define the method and system of sensitive data to be protected, and for detection device Method and system as the context for activating data protection to respond.

It is provided in following sub- chapters and sections and data the protection implement example is further described.For example, sub- chapter immediately below Section describes the further embodiment for configuring protection for data, is the triggering and execution described to data protection later The sub- chapters and sections of further embodiment.

A. the example embodiment for configuration data protection

In embodiments, data protection system can be configured in various manners to protect data from undesired visit It asks.For example, it includes being configured to protect the data of storage on computing device 102 that Fig. 1, which is shown according to an example embodiment, The block diagram of the data protection environment 100 of data protection system 136.It shows as shown in figure 1, data protection environment 100 includes calculating Equipment 102 and server 104.It calculates equipment 102 and server 104 is communicatively coupled by network 106.Data protection system 136 are included in calculating equipment 102.In the embodiment in figure 1, data protection system 136 include subscriber interface module 108, Context triggers monitor 110, data protection actuator 112 and storage 114.In addition, server 104 includes user interface Module 128.These features of environment 100 are described as follows.

It shows as shown in figure 1, data protection system 136, which can be implemented in, to be calculated in equipment 102.Note that in another implementation In example, data protection system 136, which can be partly implemented in, to be calculated in equipment 102, is partly implemented in server 104. For example, subscriber interface module 108, context triggering monitor 110 and data protection actuator 112 can be included in calculating In equipment 102.Alternatively, subscriber interface module 108 may not be present in calculating equipment 102, alternatively, server 104 User interface 128 and context triggering monitor 110 and data protection actuator 112 can be used as data protection system 136 A part.In another embodiment, both user interface 108 and 128 exists and one as data protection system 136 Point.

Calculating equipment 102 can be any kind of static or mobile computing device, including mobile computer (for example,Equipment, personal digital assistant (PDA), laptop computer, notebook computer, such as Apple iPad^TMTablet computer, net book etc.), mobile phone is (for example, mobile phone, such as MicrosoftPhone, is realized Apple iPhone Android^TMThe phone of operating system,If Standby, RIMThe smart phone of equipment etc.), wearable calculating equipment is (for example, smartwatch including such as Glass^TMIntelligent glasses headset equipment etc.), smart camera or other types of mobile device or such as The static calculations equipment such as desktop computer or PC (personal computer).

Storage 114 may include one or more of any kind of storage medium/equipment for storing data, including Disk (for example, in hard disk drive), CD (for example, in CD drive), tape are (for example, in tape drive In), RAM device, the memory devices of ROM device etc., and/or any other suitable type storage medium/equipment.

The data 124 for being shown as being stored in storage 114 can be any kind of data, including one or more texts Part, one or more file, the combination of file and file, and/or any other type of data structure and/or it is any its The data structure of its quantity.Although individual data example (data 124) is shown as being stored in storage 114, this is single Data instance is displayed in Fig. 1 for explanation is simplified.It is appreciated that any number of data instance can be stored in In storage 114, wherein each example is the arbitrary size with the corresponding security parameters configured as disclosed herein One or more files and/or file.

The example of network 106 includes the logical of local area network (LAN), wide area network (WAN), personal area network (PAN) or such as internet The combination of communication network.For the communication on network 106, calculates equipment 102 and server 104 can be respectively wired including can be Or wireless network interface (for example, network interface card (NIC)), such as 802.11 WLAN of IEEE (WLAN) wirelessly connects Mouthful, worldwide interoperability for microwave accesses (Wi-MAX) interface, Ethernet interface, universal serial bus (USB) interface, cellular network connect Mouth, Bluetooth^TMWired or wireless interface of interface etc etc..

User can interact with the subscriber interface module 108 (when it is present) calculated at equipment 102, or can be with server Subscriber interface module 128 (when it is present) at 104 interacts, to be configured to the number stored for calculating equipment 102 According to the data protection of (being such as stored in the data 124 in storage 114).The user of configuration data protection can be calculating equipment 102 owner or other users, system manager's (for example, when calculating equipment 102 is the equipment of enterprise) or other people Member.

Calculating the subscriber interface module 108 at equipment 102 may be present as the user configuration use for calculating equipment 102 In the traditional approach of the protection for the data being stored in calculating equipment 102.Subscriber interface module 108 can be stored in calculating and set Data protection application in standby 102 a part (for example, individually desk-top or mobile application, be based partially on cloud " app (is answered With) " etc.), it can be a part for calculating the OS of equipment 102, or can be present in another way and be configured in calculating and set In standby 102.

When interacting with the user interface generated by subscriber interface module 108, user may make to can determine storage The selection of such data is used for data protection configuration by the data (such as data 124) stored in 114.User can with Family interface interacts to data protection of the configuration pin to data 124, and can be by data protection configuration and data 124 in association It is stored as security attributes 122.

In another embodiment, it may be desirable to which there is no subscriber interface module 108 in calculating equipment 102.For example, following Situation can be confirmed as security vulnerabilities: obtaining and any personnel that can be logged on in calculating equipment 102 are able to access that user Interface 108, and thus can configure (including removing) for being stored in the protection for calculating the data at equipment 102.In such reality It applies in example, subscriber interface module 108 may not be present in calculating at equipment 102, and alternatively, subscriber interface module 128 may be present in To be used for protection of the configuration pin to the data being stored in calculating equipment 102 at server 104.For example, subscriber interface module 128 can be stored in server 102 can not be by a part for the data protections application (or OS) that network accesses, can be with Be can by network access application (for example, the addressable application of browser) a part or can deposit in another way It is and is configured in server 104.

When interacting with the user interface generated by the subscriber interface module 128 of server 104, user's energy may make The data (such as data 124) for calculating and being stored at equipment 102 are enough determined by network 106, data selection is used to count According to relaying configuration.User can interact to data protection of the configuration pin to data 124 with user interface, and can be by data protection Configuration is stored as security attributes 122 with data 124 in association.

In embodiments, subscriber interface module 108 and/or subscriber interface module 128 can be used for either type come Configuration data protection.For example, in one embodiment, subscriber interface module 108 and/or subscriber interface module 128 can come according to fig. 2 Operation.Fig. 2 shows the processes for the process for providing the protection for being configured to stored data according to an example embodiment Figure 200.Flow chart 200 is described below with reference to Fig. 1.Based on being described below, the embodiment of other structures and operation leads correlation The technical staff in domain will be apparent.

Flow chart 200 starts from step 202.In step 202, it provides and data sensitive rank is dispatched to deposit The user interface of the data of storage on the computing device.For example, show as shown in figure 1, subscriber interface module 108 (when it is present) can User interface 138 is generated, and subscriber interface module 128 (when it is present) produces user interface 140.User interface 138 and use Family interface 140 respectively can be any type of user interface including any number of user interface element, including figure is used Family interface, touch interface, voice control interface, tactile interface, posture interface etc..

In one embodiment, user interface 138 and/or user interface 140 are provided to so that data sensitive rank The data of storage on computing device 102, such as data 124 can be dispatched to.It shows as shown in figure 1, user interface 138 includes First data sensitive (DS) selector 116, and user interface 140 includes the 2nd DS selector 130.Which deposited depending on User can interact with DS selector 116 and/or DS selector 130 data sensitive rank is assigned to data 124.Example Such as, DS selector 116 and/or DS selector 130 can be user interface element, such as check box, switching switch, button, under Draw menu or another user interface element.The data sensitive that user can be interacted with user interface element to select data 124. For example, user can be interacted with DS selector 116 or DS selector 130 selected data are appointed as it is sensitive or insensitive.? In one embodiment, selected data can be also appointed as having different by user from DS selector 116 or the interaction of DS selector 130 Sensitivity level (for example, insensitive, medium sensitive, highly sensitive etc.).

In step 204, data protection response is enabled to be selected to by user interface associated with data.? In one embodiment, user interface 138 and/or user interface 140 are provided to so that data protection response can be dispatched to and deposit The data of storage on computing device 102, such as data 124.It is confirmed as being at least potentially subject to be not intended to or having wind in data It (is misplaced, is potentially stolen, known being stolen, potentially just for example, calculating equipment 102 in the case where the access of danger Access data etc. are just being forced to by the user of unauthorized personnel's access, calculating equipment 102), data can be executed for the data protect Shield response.

It shows as shown in figure 1, user interface 138 includes the first data protection response (DPR) selector 118, and user circle Face 140 includes the 2nd DPR selector 132.Which exist depending on, user can be with DPR selector 118 and/or DPR selector 132 interactions are to be assigned to data 124 for data protection response.For example, DPR selector 118 and/or DPR selector 132 can be Disclosed herein or known any type of user interface element in other ways.User can hand over the user interface element Mutually come select for data 124 data protection respond.Various types of data protection responses can be used for selecting and be assigned to number According to 124.

For example, in one embodiment, the step 204 of flow chart 200 may include the process shown in Fig. 3.Fig. 3 shows basis The step 302 for selecting the data protection for data to respond of one example embodiment.In step 302, data protection is rung It should be allowed to select from the multiple data protections response for including soft deletion and deleting firmly.As a result, in one embodiment, DPR is selected It selects device 118 and/or DPR selector 132 can provide data protection Response List, and one or more of data protection response It can be selected from the list and be dispatched to data (for example, by drop-down menu, check box etc.).Data protection response can wrap Include hard deletion data or soft deletion data.It is hard to delete " " including so that data are permanent as that will be discussed in more detail herein Ground is inaccessible (for example, data in overriding memory/storage), and " soft deletion " includes so that data can not temporarily visit It asks, so that it can be reduced in the subsequent time.

Other types of data protection response can be selected therefrom.For example, Fig. 4 shows offer according to an example embodiment The flow chart 400 of process for optional data protection response.Each step of flow chart 400 describes separated and independent number It is responded according to protection.Any one or more it can be selected and be dispatched in the response of data protection described in flow chart 400 Specific data instance.Flow chart 400 is described as follows.Based on being described below, the embodiment of other structures and operation is for phase The technical staff in pass field will be apparent.

Flow chart 400 starts from step 402.In step 402, by the way that the image watermarking in equipment will be calculated not by user It checks to execute the soft deletion to the data.As described above, DPR selector 118 and/or DPR selector 132 can provide use In the option for the data protection response that soft deletion is assigned as being used for data.According to soft deletion, data are on computing device 102 It is hidden not checked by user.For example, indicating that the link to file of the data can be deleted, and link and/or data The position for being considered safe can be stored in for possible sequential reduction/recovery.

In step 404, executed by deleting the data calculated in equipment without the option for being used to restore to this The hard deletion of data.As described above, DPR selector 118 and/or DPR selector 132 can provide is divided for that will delete firmly Group is the option for the data protection of data response.It is deleted according to hard, data are in such a way that data cannot be reduced or restore It is deleted from storage (for example, storage 114).For example, data, which are stored in storage location therein, to be covered with 1 and 0 mode It writes.

In a step 406, prompting is broadcasted.In one embodiment, DPR selector 118 and/or DPR selector 132 can mention For the option for the data protection for being assigned as being used for data will to be reminded to respond.Prompting can be configured to calculating equipment 102 Authorized user (for example, owner, system manager etc.) notification data may be by the threat of unauthorized access.Prompting can quilt The address of the telephone number of authorized user is delivered/is transmitted to, or present in another form, including such as email message, text This message, social network message, call, serge serge noise (or other sound) etc..

In a step 408, file is prohibited to be opened.In one embodiment, DPR selector 118 and/or DPR choosing Selecting device 132 can provide for that will forbid one or more files (indicating data) that can be opened as the data guarantor for data Protect the option of response.File can be prohibited be opened in any way, including passing through lock file, being promoted to file Permit (on access authority of user) etc..

In step 410, a data display window opened is closed.In one embodiment, DPR selector 118 and/or DPR selector 132 can provide for ringing the display window for closing the opening of display data as the data protection for being used for data The option answered.

In step 412, the data display window of opening is hidden in behind at least one other window.In an embodiment In, DPR selector 118 and/or DPR selector 132 can provide for that open display window will be hidden in one or more The option responded behind other windows as the data protection for data.For example, data display window can be moved to Behind the one or more of the other window being opened, and/or one or more new windows can be opened in data display window Front.

Note that as described in this article, data protection can be responded with DPR selector 118 and/or DPR selector 132 It is assigned to data.In another embodiment, data protection response can be by associated with data sensitive in advance, and works as the data When sensibility rank is dispatched to specific data, associated data protection response is also dispatched to the data.For example, soft deletion Can be associated with low data sensitive rank, and deleting firmly can be associated with high data sensitive rank.If hyposensitivity Rank is dispatched to specific data (in the step 202 of flow chart 200), then soft deletion is assigned to the certain number with being automatically also According to (in step 204).

Fig. 2 is referred back to, in step 206, context triggering is enabled to be dispatched to data by user interface.? In one embodiment, user interface 138 and/or user interface 140 are provided to so that context triggering can be dispatched to storage Data on computing device 102, such as data 124.Context triggering can be a certain condition or condition set, when detecting this When condition or condition set, instruction, which calculates equipment 102, to be become by or vulnerable to unauthorized access.

It shows as shown in figure 1, user interface 138 includes the first context triggering (CT) selector 120, and user interface 140 include the 2nd CT selector 134.Which exist depending on, user can hand over CT selector 120 and/or CT selector 134 It is mutually triggered context is arranged, the detection designation date protected mode of context triggering is activated by data protection actuator 112. For example, CT selector 120 and/or CT selector 134 can be disclosed herein or known any type in other ways User interface element.User can interact that the context for data 124 is selected to trigger with the user interface element.Context The example of triggering includes but is not limited to: sensing unauthorized user very close to calculating equipment 102；It distorts and calculates equipment 102；? Equipment starting, login or down periods, user fail to provide desired input；And it calculates the user of equipment 102 and senses Behavior indicate that the user is not authorized user.Various other context triggerings can also be used.

As described above, sensibility rank, data protection response and context triggering are selectable to be assigned to number According to 124.Calculate equipment 102 at make to sensibility rank, data protection response and context triggering selection from Family interface module 108 is exported as security attributes 122A.That makes at server 104 protects sensibility rank, data What shield response and context triggered selects to export from subscriber interface module 128 as security attributes 122B, and in signal of communication In be sent on network 106 calculate equipment 102.Security attributes 122A or 122B can be stored in association with data 124 As security attributes 122.

B. for triggering and executing the example embodiment of data protection

Data protection system can be configured in various manners to monitor the data threatened by unauthorized access, and executes number The data are protected according to Preservation tactics.For example, calculating the data protection system in equipment 102 as described in above with respect to Fig. 1 136 include context triggering monitor 110 and data protection actuator 112.Context triggering monitor 110 and data protection are held Row device 112 is configured to detect the unauthorized access to data and executes data protection.Context triggers monitor 110 and data Protection actuator 112 is being described below in relation to Fig. 5.Fig. 5, which is shown, to be provided according to an example embodiment for monitoring and data Associated context triggers to trigger the flow chart 500 of the process of the execution to data protection response.Flow chart 500, up and down Text triggering monitor 110 and data protection actuator 112 are such as described below.Based on being described below, other structures and operation Embodiment will be apparent those skilled in the relevant art.

Flow chart 500 starts from step 502.In step 502, the generation of monitoring context triggering.For example, as shown in figure 1 Display, context triggers the context triggering that monitor 110 receives security attributes 122 associated with data 124.Up and down Text triggering monitor 110 can directly receive the context touching of security attributes 122 from subscriber interface module 108 or from storage 114 Hair.Context triggering monitor 110 determines whether to have been detected by any one in context triggering with time operation. If context triggering monitor 110 determines that context triggering has been detected, context triggering monitor 110 passes through life Carry out notification data protection actuator 112 at trigger notice 126.

In step 504, when detecting the generation of context triggering, data protection response associated with data is held Row.In response to trigger notice 126, data protection actuator 112 be can be performed in security attributes 122 associated with data 124 Data protection response.Performed data protection response is shown as the movement 142 being performed in Fig. 1.

In embodiments, the data protection response in security attributes 122 can indicate and data protection actuator 112 Referred to herein or known any one or more data protection responses in other ways can be performed.For example, data protection Response can indicate and data protection actuator 112 can be performed it is showing in flow chart 400 (Fig. 4) and it is herein otherly Just describe data protection response in it is any one or more and/or based on introduction herein for those skilled in the art Member will become apparent to any other suitable data protection response.Therefore, data protection actuator 122 may include or access is used In the functionality for executing one or more data protection responses.For example, data protection actuator 112 may include or access and can hold (it may include file encryption, file/folder is mobile and/or renames, reconfigures for the soft deletion of style of writing part and/file To the link etc. of file/folder) file manager module.Data protection actuator 112 may include or access is configured to The messaging interface of reminder message is sent (for example, tool of sending short messages, e-mail, instant message transrecieving tool, social activity Internet message receives and dispatches tool, telephone communication tool, audio instrument etc.).In another example, data protection actuator 112 can wrap Include or access (for example, OS) window management module that can be rearranged shown window and/or open window.Data are protected Shield actuator 112 can be configured with such as will be apparent to those skilled in the art based on introduction herein for executing One or more data protections response it is additional and/or replacement functionality.

Therefore, in embodiments, can be triggered based on context (undesired to distort equipment etc.) for storage The data protection of data in equipment.The example of such data protection includes soft deletion, hard deletion, prompting etc..Note that such as Fruit data are by soft deletion, then once it is determined that the threat of unauthorized data access is weakened or is passed through, data can be resumed.Cause This, Fig. 6 is shown according to an example embodiment for restoring according to the soft process for deleting deleted data.In step 602, Data are recovered as visible to user on the computing device.In such embodiments, previously in a device by it is soft deletion or it is hidden The data of hiding can be resumed or restore.For example, the link to data file can restore from the home etc. in storage.Recovery can To be automatically, such as to log on to meter using correct password and correct password entry context in authorized user next time When calculating in equipment 102.Alternatively, recovery only can be triggered manually, such as by being triggered by password context.

III. equipment distorts the example embodiment of the triggering as data protection

As described above, specific data is selectable to protect.For example, user can be with subscriber interface module with reference to Fig. 1 108 (calculating equipment 102) or subscriber interface module 128 (server 104) interaction carry out the security parameters of configuration data.Data peace Full property rank can be dispatched to data, and (for example, the step 202) in Fig. 2, and data protection response can be dispatched to data (example Such as, the step 204) in Fig. 2.In one embodiment, equipment, which is distorted, can be assigned as context triggering (for example, the step of Fig. 2 In 206).If calculate equipment 102 just physically distorted in the following manner: an obvious entity just attempting by from calculate equipment 102 extract one or more physical assemblies (for example, memory devices) to obtain the unauthorized access to data, then such Trigger data protection response can be detected and be used for by distorting.

For example, Fig. 7 is shown according to an example embodiment for assigning the step 702 that context triggers to data.? In step 702, equipment, which is distorted, to be enabled to be dispatched to data.Therefore, the equipment comprising data of interest is not intended to Distort be context triggering.For example, (such as being attempted opening equipment 102 in an undesired manner when calculating equipment 102 Unauthorized personnel) when distorting (for example, remove one or more memory devices), context triggering can be detected, and institute The data protection response of choosing can be performed.

CT selector 120 and/or CT selector 134 allow equipment to distort to be selected in various ways.For example, CT is selected Device 120 and/or CT selector 134 allow to make the context triggering selection of general " equipment is distorted " type.In such feelings In shape, calculate in equipment 102 it is any distort sensor all and can be monitored triggered as potential context for data.Another In one embodiment, CT selector 120 and/or CT selector 134 allow to include specific distorting biography calculate in equipment 102 Sensor is individually selected to be triggered as context.The example of such sensor that may be present include equipment open sensor, (device housings are fixed together screw sensor by its sensing, by the mechanism attaches such as storing framework to interior of shell etc. Screw is by turn), optical sensor (it is by being opened to detection environment light come sensor device shell), device housings integrality pass Sensor etc..

Data protection system 136 can be configured to monitor in various manners threat of the designation date by unauthorized access Distort triggering.It is configured to distort equipment as the upper of data protection according to an example embodiment for example, Fig. 8 is shown The block diagram of the data protection system 800 hereafter triggered.As shown in Fig. 8, data protection system 800 includes 802 He of security module One or more distorts sensor 804.Security module 802 is configured to supervision equipment and distorts and execute for the number for calculating equipment According to protection, even if when calculating equipment is shut down/powers off.Security module 802 includes that context trigger sensor 110 and data are protected Protect actuator 112.Main OS 814 and storage 114 are also presented in fig. 8.In one embodiment, context triggers monitor 110 The step 502 (Fig. 5) of executable flow chart 500, and flow chart can be performed in the data protection actuator 112 of security module 802 500 step 504.Data protection system 800 is an example of the data protection system 136 being displayed in Fig. 1, and is gone out It is not that all features of system 800 are all necessarily displayed in fig. 8 in the purpose for being easy explanation.Data protection system 800 can quilt It is included in and calculates in equipment 102.Data protection system 800 is described below.

In the embodiment in fig. 8, context triggering monitor 110, which is configured to distort equipment, is used as data protection Context triggering.Specifically, distorting sensor 804 as shown in Fig. 8 and being configured to sense by unauthorized personnel to meter Calculate distorting for equipment 102.It distorts sensor 804 and can determine in various ways and equipment is distorted, including set by sensing to calculate Standby 102 one or more attributes, this distorts instruction.

Therefore, in one embodiment, data securing apparatus 800 can be operated according to Fig. 9.Fig. 9 is shown according to an example The step 902 for being used to execute security module of embodiment.In step 902, with the peace that separates of operating system calculated in equipment Full module is performed.For example, as shown in figure 8, security module 802 is dividually operated with main OS 814.It is powered when calculating equipment 102 When being in "ON" mode, main OS 814 is executed in the processor hardware for calculating equipment 102 with management equipment resource.Calculate equipment 102 can be powered off by user, such as by user by calculate equipment 102 power switch from "ON" move on to "Off", by user by The lower predetermined button for calculating equipment 102 is said word " shutdown " (or similar word) up to the predetermined amount time, by user or is passed through User executes other movements or by calculating 102 automatic shutdown of equipment (such as in order to save power in the non-use of predetermined amount After time).When calculating equipment 102 powers off, and therefore main OS814 is no longer able to operation, security module 802 continues to operate. By this method, even if security module 802 can also detect distorting to calculating equipment 102 when calculating the shutdown of equipment 102.One In embodiment, security module 802 is configured to (relative to the main OS814 executed in the processor hardware for calculating equipment 102) Consume lower power consumption.By this method, security module 802 can keep operation when calculating equipment 102 and being shut down, fast without consuming Speed exhausts the excessive power for calculating the battery of equipment 102.

In this way, security module 802 can operate in various ways.For example, Figure 10 shows offer according to an example embodiment Distort for supervision equipment to trigger the flow chart 1000 of the process of the execution responded to data protection.In one embodiment, Security module 802 can be operated according to flow chart 1000.Flow chart 1000 is described below with reference to Fig. 8.Based on being described below, other Structure and the embodiment of operation will be apparent those skilled in the relevant art.

Flow chart 1000 starts from step 1002.In step 1002, security module is executed when calculating equipment shutdown.As above Face description, security module 802 is configured to execute when calculating equipment 102 and shutting down.By this method, even if calculating When equipment 102 is shut down, security module 802 also can protect data from unwarranted access.In embodiments, security module 802 power and set in calculating being coupled to the power supply one or more battery of equipment 102 (for example, calculate), persistently receive this Standby 102 hardware for not entering "Off" or " economize on electricity " mode when being shut down are (for example, one or more processors circuit and/or other Circuit) in realize.

In step 1004, the instruction distorted to the shell for calculating equipment is received from least one sensor.For example, having Fig. 8 is closed, sensor 804 is distorted and is configured to sense distorting to calculating equipment 102.It is detectable to calculating to distort sensor 804 Distorting for the shell of equipment 102 is such as agitated, unscrews or is otherwise set with each feature interaction of shell with opening calculating Standby 102, hole is bored or otherwise formed on the surface for calculating equipment 102, is hit with object and calculates equipment 102 or with calculating 102 impacting object of equipment is split with attempting to make to calculate equipment 102, or otherwise distorts shell.It is such distort interaction can It is executed by unauthorized personnel, attempts to remove the storage equipment comprising protected data from calculating equipment 102.As shown in figure 8, distorting Indicator 806 is distorted in the generation of sensor 804, and instruction distorts sensor and has been detected by distorting to calculating equipment 102.Up and down Text triggering monitor 110 be configured to monitor be used to indicate distort distort indicator 806.

For example, in one embodiment, context triggering monitor 110 can be operated according to Figure 11.Figure 11 shows offer root According to the flow chart 1100 for the various processes for distorting sensor in supervision equipment of an example embodiment.Flow chart 1100 Each step describes separating of being performed and absolute version distorts monitoring.Described in flow chart 1100 any one or Multiple monitoring processes of distorting can be executed by context triggering monitor 110, this depends on spy that is on the scene and being configured for monitoring Surely sensor is distorted.For the purpose of explanation, flow chart 1100 is described below with reference to Fig. 8 and 12.Figure 12 is shown to be shown according to one The sectional view of a part of the equipment 1200 for being combined with the sensor that monitoring is distorted of example embodiment.Equipment 1200 is to calculate equipment 102 example.Based on being described below, the embodiment of other structures and operation will be aobvious for those skilled in the relevant art And it is clear to.

Flow chart 1100 starts from step 1102.In step 1102, shell is fixed together and/or fixed storage frame One or more screws it is monitored.In one embodiment, context triggering monitor 110 can be configured to monitor one or Multiple screw sensors, this one or more screw sensor monitoring calculate the screw of equipment.Screw sensor can be configured to Determine whether the screw that each structure for calculating equipment is fixed together is rotated and/or is removed from equipment is calculated.If screw Be removed and/or rotated, then calculate equipment may be in be opened during and/or such as calculate equipment memory set Standby etc structure may be in be removed during.In this way, what screw sensor can be unscrewed and/or be removed by detection One or more screws distort calculating equipment to detect, and produce and distort indicator 806 to indicate this.

For example, equipment 1200 includes first housing portion 1202 and second housing portion 1204 with reference to Figure 12.First and Two casing parts 1202 and 1204 are interlocked as shown in figure 12 to form the shell of each component for equipment 1200.Such component Example include such as display, one or more button, one or more microphones, one or more cameras, one or more Integrated circuit, and/or other electronic building bricks etc..Shell forms encirclement 1206, wherein may include certain components.In each embodiment In, equipment 1200 may include any amount of casing part.

As shown in figure 12, the first and second casing parts 1202 and 1204 can be connected to one by one or more screws 1216 It rises.In addition, as shown in figure 12, other components of equipment 102 can be attached to the shell of equipment 102 by one or more screws 1222 On, such as dispose the component palette or storage framework 1218 of one or more memory devices 1220.Screw 1216 and/or 1222 can It is coupled to one or more screw sensors 1208.Screw sensor 1208 is configured to detect screw (such as screw 1216 And/or one of 1222) when unscrewed and/or removed.When screw 1216 just by unscrewing or removal when, this indicating equipment 1200 Shell is being opened, so that internal component (may such as store the memory devices 1220 of sensitive data) may be moved It removes.Similarly, when screw 1222 just by unscrewing or removal when, this instruction motherboard or storing framework 1218 be removed so that institute The component (may such as store the memory devices 1220 of sensitive data) of placement may be removed.

Each example of screw sensor 1208 includes potentiometer or other types of rheostat etc..One or more screws pass Sensor 1208 can trigger monitor 110 with context and be communicatively coupled to distort instruction to the context triggering offer of monitor 110 Symbol 806 is just tampered with the one or more corresponding screws of instruction.

In step 1104, monitor whether each section of shell becomes to be separated from each other.In one embodiment, context touches Hair monitor 110 can be configured to monitor one or more cover sensors, this one or more cover sensor detection calculates Whether each section of the shell of equipment is just being separated from each other.Cover sensor can be configured to determine calculate equipment whether be in by During being opened so that each structure of memory devices for such as calculating equipment etc is likely to be in removed danger. Calculating equipment is distorted in this way, cover sensor can be separated to detect by detection casing part, and produces and distorts finger Show symbol 806 to indicate this.

For example, with reference to Figure 12, equipment 1200 may include one or more of different piece for being coupled to the shell of equipment 1200 A cover sensor 1210.In the illustration in fig 12, cover sensor 1210 is coupling in the first and second casing parts 1202 And between 1204, and it therefore can detect when that the first and second casing parts 1202 and 1204 are just being separated from each other and equipment 1200 are being opened.For example, cover sensor 1210 can be one usually coupled when being closed in circuit with equipment 1200 The connected connectivity sensor of a or multiple conductive and/or magetic indicator joints.When the first and second phases of casing part 1202 and 1204 Connector is separated from each other when mutually removing, and dead circuit, resistance increase, electric current is caused to reduce (because of disconnecting circuit) and/or shell The magnetic field that sensor 1208 can sense changes.In other embodiments, cover sensor 1210 can be configured in other ways Detect when the first and second casing parts 1202 and 1204 are separated from each other.

In step 1106, the destruction to shell is monitored.In one embodiment, context triggering monitor 110 can be matched It is set to monitoring detection and calculates the one or more shell mechanism the sensors whether shell of equipment is just being destroyed.Shell mechanism sensing Device may be configured to determine that whether calculating equipment is in and be drilled into, breaks, crushing etc. so that such as calculate the memory of equipment During each structure of equipment etc is likely to be in removed danger.In this way, shell mechanism sensor can pass through detection Shell is destroyed to detect and distort calculating equipment, and produces and distort indicator 806 to indicate this.

For example, equipment 1200 may include that can be incorporated into the shell of equipment 1200 and/or along equipment with reference to Figure 12 One or more shell mechanism sensors 1214 that 1200 surface combines.In the illustration in fig 12, shell mechanism sensor 1214 are integrated in the material of the first and second casing parts 1202 and 1204, and therefore can detect when first and second Casing part 1202 and 1204 is destroyed and the encirclement 1206 of equipment 1200 is being accessed.For example, shell mechanism sensor 1210, which can be detection, senses the electric resistance sensor or piezoelectric film of first and/or the destruction of second housing portion 1202 and 1204 Device, detection device 1200 are just accelerated to adding for the speed that (for example, when broken or when being thrown into surface) may destroy Velocity sensor or other types of destruction sensor.

In step 1108, the light in encirclement that monitoring shell is formed.In one embodiment, context triggers monitor 110, which can be configured to monitor detection, calculates the one or more the optical sensors whether shell of equipment has been opened.Optical sensor It can be configured to determine that calculating equipment is opened because the light quantity that optical sensor receives has increased, so that calculating depositing for equipment Each structure of storage device etc is likely to be in removed danger.In this way, photo structure sensor can be by detecting shell quilt It destroys to detect and be distorted to calculating equipment, and produces and distort indicator 806 to indicate this.

For example, equipment 1200 may include one for being incorporated into the encirclement 1206 of equipment 1200 or more with reference to Figure 12 A optical sensor 1212.In the illustration in fig 12, optical sensor 1212 is placed in the inner surface of first housing portion 1202, but It is that in other embodiments, other places in equipment 1200 can be placed in.Therefore, optical sensor 1212 can detect equipment When 1200 be opened (for example, the first and second casing parts 1202 and 1204 have been separated from each other), because working as equipment The light quantity (environment light is received by optical sensor 1212) that 1200 optical sensors 1212 when being opened receive, which is noticeably greater than, works as equipment The light quantity that (periphery 1206 is dark) optical sensor 1212 receives when 1200 closing.For example, optical sensor 1212 can be light Electric diode or other types of optical sensor.

Note that sensor monitoring process shown in the flow chart 1100 of sensor and Figure 11 shown in Figure 12 is as solution What the purpose said provided, it is not intended to limit.By introduction herein, other kinds of sensor and monitoring process are to ability It is obvious for the technical staff in domain.

In step 1006, in response to the received instruction distorted, data protection associated with data responds quilt It executes.In one embodiment, context triggering monitor 110 also receives usurping for security attribute 122 associated with data 124 Change sensor context triggering 810.Distorting sensor context triggering 810 can be as described above (for example, Fig. 2 step 206) data 124 are assigned to.It includes (all as above with each sensor of calculating equipment 102 for distorting sensor context triggering 810 The other types of sensor that the detection of the one or more sensors and/or equipment 102 of face description is distorted) it is one associated Or multiple context triggerings.Context triggering monitor 110 determines that one distorted in sensor 804 is usurped with time operation Change sensor whether have been detected by it is any distort sensor context triggering.

For example, distorting sensor context triggering 810 can indicate that one or more distorts sensor context triggering, such as Screw is distorted (as monitored in the step 1102 of Figure 11), shell separates (as monitored in the step 1104 of Figure 11), shell is broken It bad (as monitored in the step 1106 of Figure 11), internal light sensing (as monitored in the step 1108 of Figure 11) and/or other usurps Change sensor context triggering.

Context triggering monitor 110 is configured to distort instruction by what is received in distorting indicator 806 and distort The sensor context triggering of respectively distorting of sensor context triggering 810 is compared.If it is true that context triggers monitor 110 Surely distort sensor context triggering be detected, then context triggering monitor 110 by generate distort notify 808 come Notification data protects actuator 112.It distorts and notifies 808 instructions that should data 124 be executed with data protection response.

Pay attention in one embodiment, context triggering monitor 110 can receive to distort not to be considered in indicator 806 Distort it is predetermined distort instruction, and filtered out due to not guaranteeing data protection by context triggering monitor 110.For example, Distorting indicator 806 can indicate that the screw for calculating equipment is unscrewed with certain order (for example, such as the screw sensor 1208 of Figure 12 It is detected).However, distorting sensor context triggering 810 can indicate that the screw unscrewing of specific predesigned order is acceptable (for example, sequential order that the screw of equipment can be removed suitably), and do not indicate to distort.Such predesigned order can be protected It stays and is known by the personnel for opening the calculating equipment for maintenance, repairing, upgrading and/or other purposes are authorized to.If Context triggering monitor 110, which detects, to be distorted indicator 806 and/or is not indicating to receive in the other sensing datas distorted Such predesigned order, then context triggering monitor 110, which may not generate to distort, notifies 808.

As shown in fig. 8, the reception of data protection actuator 112, which is distorted, notifies 808 and data protection response 812.Base 808 are notified in distorting, and data protection actuator 112 can be performed the data in security attributes 122 associated with data 124 and protect Shield response 812.As described above, one biography is distorted with distort sensor context triggering 810 when distorting the instruction of indicator 806 When sensor context triggers matched distort, data protection actuator 112 is configured to carry out data protection response 812.

Therefore, in embodiments, the data protection to data can be triggered based on context (such as equipment is distorted).This The example of the data protection of sample includes soft deletion, hard deletion, prompting etc..In the case where equipment is distorted, hard it will delete with counting It may be to close to need according to protection response.This is because the personnel of very possible unauthorized attempt to extract memory from calculating equipment Equipment accesses the data being stored thereon.Memory devices will likely be lost for the owner for calculating equipment, and because This sensitive data of storage thereon can also be permanently deleted before unauthorized personnel successfully extracts memory devices.Pay attention to If data are by soft deletion, once it is determined that the threat of unauthorized data access has been eliminated or in the past (for example, the step of Fig. 6 It is rapid 602), such as unauthorized personnel extracts memory devices not successfully and calculates equipment be resumed when, data can It is resumed.

As described above, security module 802 (Fig. 8) can be implemented in various ways in calculating equipment, so that peace Full module 802 can protect sensitive data when calculating equipment shutdown.For example, Figure 13 A-13D is shown according to each reality Apply each example implementation of the security module 802 in calculating equipment of example.Figure 13 A-13D is described as follows.

Figure 13 A shows the example embodiment of security module 802, and wherein security module 802 is implemented in circuit 1302. In such embodiments, security module 802 can be implemented in pure hardware (non-firmware or software).Hardware may include one or Multiple IC chips are (for example, ASIC (application specific integrated circuit), FPGA (field programmable gate array), resistor, electricity Container, transistor, switchs and/or is configured to realize other hardware components of each function of security module 802 inductor).? In another embodiment, other than hardware, circuit 1302 may also include firmware to execute its function.For example, circuit 1302 may be used also The one or more processors circuit of each function of security module 802 is realized including being configured to carry out firmware.Circuit 1302 It is coupled to the battery (such as rechargeable battery) for calculating equipment, provides power when calculating equipment shutdown to allow Circuit 1302 operates.

Note that circuit 1302 may include the battery (chargeable or not chargeable) of their own, to provide function to circuit 1302 Rate is with safe operation module 802, even if exhausting to the one or more battery electricity that the other components for calculating equipment provide power It is no longer able to provide power.

Figure 13 B shows the example embodiment of security module 802, and wherein security module 802 is implemented in system on chip (SOC) in 1304.SOC 1304 is the example of circuit 1302, and the integrated circuit of each function including realizing security module 802 Chip.SOC 1304 can be entirely hardware, or may include consolidating of executing in the one or more processors circuit of SOC1304 Part.SOC 1304 is provided with power supply (for example, other batteries from its own battery and/or calculating equipment) even if to count It is also executed when calculating equipment shutdown.

Figure 13 C shows another example embodiment of security module 802, and wherein security module 802 is implemented in the second behaviour Make in system (OS) 1306.2nd OS 1306 is secondary OS, so that the execution of security module 802 can be supported by calculating equipment. In such embodiments, security module 802 can be implemented in the one or more processors circuit 1314 for calculating equipment In the software of execution.2nd OS does not include the repertoire of main OS, because security module 802 is supported to need less function, thus Less memory space is consumed, in lower power operation.Processor circuit 1314 is provided with power (for example, certainly from it The battery of body and/or the other batteries for calculating equipment) to be executed when calculating equipment shutdown.Processor circuit 1314 It can be included in the hardware separated with the processor circuit/hardware for executing the main OS for calculating equipment.

For example, Figure 13 D shows the example of the security module 802 in the 2nd OS 1306 separated with the main OS for calculating equipment It realizes.As illustrated in figure 13d, main OS 814 is realizing one or more processor circuits 1312 in the first integrated circuit 1308 Middle operation.2nd OS 1306 operation is being realized in one or more processor circuits 1304 in the second integrated circuit 1310. In the embodiment of Figure 13 D, the first and second integrated circuits are separated from each other.By this method, the second integrated circuit 1310 can receive Power with even if the first integrated circuit 1308 does not receive power to be operated in power on mode, or calculate equipment shutdown when It operates in the low power mode.

IV. example movement and static device embodiment

Calculating equipment 102, server 104, subscriber interface module 108, context triggering monitor 110, data protection are held Row device 112, DS selector 116, DPR selector 118, CT selector 120, subscriber interface module 128, DS selector 130, DPR Selector 132, CT selector 134, data protection system 136, system 800, security module 802, main OS 814, circuit 1302, System on chip 1304, the 2nd OS 1306, integrated circuit 1308, integrated circuit 1310, processor circuit 1312, processor circuit 1314, flow chart 200, step 302, flow chart 400, flow chart 500, step 602, step 702, step 902, flow chart 1000 And flow chart 1100 can have the hardware of software and/or firmware with hardware or combination to realize.For example, subscriber interface module 108, context triggers monitor 110, data protection actuator 112, DS selector 116, DPR selector 118, CT selector 120, subscriber interface module 128, DS selector 130, DPR selector 132, CT selector 134, data protection system 136, system 800, security module 802, main OS814, the 2nd OS 1306, flow chart 200, step 302, flow chart 400, flow chart 500, step Rapid 602, step 702, step 902, flow chart 1100 and/or flow chart 1100 can be implemented as being configured in one or more It is executed in processor and is stored in computer program code/instruction in computer readable storage medium.Alternatively, calculating is set Standby 102, server 104, subscriber interface module 108, context triggering monitor 110, data protection actuator 112, DS selection Device 116, DPR selector 118, CT selector 120, subscriber interface module 128, DS selector 130, DPR selector 132, CT choosing Select device 134, data protection system 136, system 800, security module 802, main OS 814, circuit 1302, system on chip 1304, Two OS 1306, integrated circuit 1308, integrated circuit 1310, processor circuit 1312, processor circuit 1314, flow chart 200, Step 302, flow chart 400, flow chart 500, step 602, step 702, step 902, flow chart 1000, and/or flow chart 1100 can be implemented as hardware logic/electronic circuit.

For example, in one embodiment, in any combination, subscriber interface module 108, context triggering monitor 110, Data protection actuator 112, DS selector 116, DPR selector 118, CT selector 120, data protection system 136, system 800, security module 802, main OS 814, circuit 1302, system on chip 1304, the 2nd OS 1306, integrated circuit 1308, integrated Circuit 1310, processor circuit 1312, processor circuit 1314, flow chart 200, step 302, flow chart 400, flow chart 500, One or more of step 602, step 702, step 902, flow chart 1000 and/or flow chart 1100 can be in SoC together It is implemented.SoC may include IC chip, which includes following one or more: processor (such as centre Manage unit (CPU), microcontroller, microprocessor, digital signal processor (DSP) etc.), memory, one or more communications Interface, and/or further circuit for executing its function and optionally execute the program code received and/or including The firmware of insertion.

Figure 14 shows the block diagram of EXEMPLARY MOBILE DEVICE 1400, which includes being indicated generally at component 1402 various optional hardware and software components.For example, the component 1402 of mobile device 1400 may be included in mobile device The example of the component in calculating equipment 102 (Fig. 1) in embodiment.Any quantity of feature/element of component 1402 and combination And additional and/or alternative features/element can be included in mobile device embodiment, as known to those skilled in the relevant arts 's.Note that any component in component 1402 can with any other assembly communication in component 1402, although for ease of explanation All connections are not showed that.Mobile device 1400 can be it is described elsewhere herein or refer to or in other ways In known various mobile devices (for example, cellular phone, smart phone, handheld computer, personal digital assistant (PDA) etc.) It is any, and allow via one or more communication network 1404 such as honeycomb or satellite network or pass through local area network Or wide area network carries out the wireless two-way communication with one or more mobile devices.

Shown mobile device 1400 may include for executing such as Signal coding, image procossing, data processing, input/defeated The controller or processor (referred to as processor circuit 1410) of the task of processing, power supply control, and/or other function etc out. Processor circuit 1410 is in one or more physical hardware electronic circuit apparatus elements and/or as central processing unit (CPU), IDE (the semiconductor material core of microcontroller, microprocessor, and/or other physical hardware processing circuits Piece or tube core) in realize electronics and/or optical circuit.The executable storage of processor circuit 1410 is in computer-readable medium Program code, such as one or more application 1414, the program code of operating system 1412, appointing of storing in memory 1420 What program code etc..The controllable distribution and use to component 1402 of operating system 1412, and support one or more application journey Sequence 1414 (also referred to as " application ", " app " etc.).Application program 1414 may include public mobile computing application program (for example, electronics Mail applications, calendar, contact manager, web browser, information receiving application program) or any other calculating application (such as word processing application, mapping application, media player application).

As shown, mobile device 1400 may include memory 1420.Memory 1420 may include non-removable memory 1422 and/or removable memory 1424.Non-removable memory 1422 may include RAM, ROM, flash memory, hard disk or other crowds Well known memory storage techniques.Removable memory 1424 may include flash memory or the well known subscriber in gsm communication system Identity module (SIM) card, or the other well known memory storage techniques of such as " smart card ".Memory 1420 can be used for storing Data and/or for run operating system 1412 and application 1414 code.Sample data may include having via one or more Line or wireless network are sent to and/or the webpage received from one or more network servers or other equipment, text, image, Audio files, video data or other data sets.Memory 1420 can be used for storing such as International Mobile Subscriber identity (IMSI) Etc. the device identifiers such as subscriber identifiers, and International Mobile Equipment Identifier (IMEI).This class identifier can be transmitted To network server with identity user and equipment.

Multiple programs can be stored in memory 1420.These programs include that operating system 1412, one or more are answered With program 1414, other program modules and program data.The example of such application program or program module may include for example, For realizing computer program logic below (for example, computer program code or instruction): subscriber interface module 108, up and down Text triggering monitor 110, data protection actuator 112, DS selector 116, DPR selector 118, CT selector 120, Yong Hujie Face mould block 128, DS selector 130, DPR selector 132, CT selector 134, data protection system 136, system 800, safe mould Block 802, main OS 814, flow chart 200, step 302, flow chart 400, flow chart 500, step 602, step 702, step 902, Flow chart 1000, and/or flow chart 1100 (any appropriate step including flow chart 200,400,500,1000,1100) and/ Or other embodiments herein described.

Mobile device 1400 can support such as touch screen 1430, microphone 1434, camera 1436, physical keyboard 1438, and/or One or more input equipments 1430 of tracking ball 1440, and the one or more of such as loudspeaker 1452 and display 1454 Output equipment 1450.Such as the touch screen of touch screen 1432 can detect input in different ways.For example, capacitive touch screen is in object Body (for example, finger tip) detects touch input when the electric current for flowing through surface being made to deform or interrupt.As another example, touch screen can Using optical sensor, touch input is detected when the light beam from optical sensor is interrupted.For passing through certain touches Shield for the input being detected, the physical contact with screen surface is not required in that.For example, as known in the art, touching Touching screen 1432 can be configured to use capacitance sensing support finger hovering detection.Other detections as already described above can be used Technology, including detection and detection based on ultrasound based on camera.In order to realize that finger hovers, the finger of user is usually being touched Touch screen top predetermined space distance in, such as between 0.1 to 0.25 inch or between 0.25 to 0.5 inch or 0.5 to Between 0.75 inch or between 0.75 to 1 inch or between 1 to 1.5 inch etc..

For illustrative purposes, touch screen 1432 is considered as including control interface 1492.Control interface 1492 is configured to control Make content associated with the virtual element being shown on touch screen 1432.In an example embodiment, 1492 quilt of control interface It is configured to control the content provided by one or more application program 1414.For example, being answered when the user of mobile device 1400 utilizes Used time, control interface 1492 can be presented to the control that user allows the user to this content of access control on touch screen 1432 Part.The presentation of control interface 1492 can based on the detection of (such as triggering in) away from the movement in 1432 distance to a declared goal of touch screen or Person is without this type games.For making control interface (such as control interface 1492) be presented on touch screen based on movement or without movement Example embodiment on (such as touch screen 1432) is describing in further detail below.

Other possible output equipment (not shown) may include piezoelectricity or other haptic output devices.Some equipment can provide More than one input/output function.It is set for example, touch screen 1432 and display 1454 can be combined in single input/output In standby.Input equipment 1430 may include natural user interface (NUI).NUI is to allow users in a manner of " nature " and equipment Interaction is without any interfacing by the artificial restraint forced by input equipments such as mouse, keyboard, remote controlers.The side NUI The example of method includes dependent on gesture recognition, the aerial appearance in speech recognition, touch and stylus identification, screen and near screen Gesture, head and those of eyes tracking, voice and voice, vision, touch, posture and machine intelligence method.NUI's is other Example includes using accelerometer/gyroscope, face recognition, 3D display, head, eye and to stare tracking, enhancing on the spot in person existing Real and imaginary intend reality system movement posture detect (all these that more natural interface is all provided), and for by using The technology of electrode field sensing electrode (EEG and correlation technique) sensing brain activity.As a result, in a particular example, operating system 1412 or application program 1414 may include as the voice control interface for allowing user to operate via voice command equipment 1400 A part speech recognition software.In addition, equipment 1400 may include allowing to carry out user's interaction via the spatial attitude of user The input equipment and software of (such as detecting and explain posture to provide input to game application).

Radio modem 1460 can be coupled to antenna (not shown), and can support processor circuit 1410 and outer The two-way communication of portion's equipment room, as fully understood in this field.Modem 1460 is shown generally, and May include for mobile communications network 1404 and/or it is other based on radio modem (for example, bluetooth 1464 or/ Or Wi-Fi 1462) cellular modem 1466 that is communicated.Cellular modem 1466 can be configured to basis and appoint What communication standard appropriate or technology (such as GSM, 3G, 4G, 5G etc.) realize call (and optionally transmitting data). At least one of radio modem 1460 is typically configured to one or more cellular networks (such as, in list In a cellular network, between cellular network or data and voice between mobile device and Public Switched Telephone Network (PSTN) The GSM network of communication) it is communicated.

Mobile device 1400 may also include at least one input/output end port 1480, power supply 1482, such as global positioning system The receiver of satellite navigation system 1484, accelerometer 1486, and/or physical connector 1490 of system (GPS) receiver etc, the object Reason connector 1490 can be USB port, (firewire) port IEEE 1394, and/or the port RS-232.Shown in component 1402 Be not must or cover it is whole because as understood by those skilled in the art, any component may not be present and add The other components in ground may be present.

In addition, Figure 15 shows the exemplary realization that can wherein realize the calculating equipment 1500 of each embodiment.It is set for example, calculating It can be at one or more similar with the calculating equipment 1500 in stationary computers embodiment for 102 and/or server 104 (Fig. 1) It is realized in a calculating equipment, one or more features and/or alternative features including calculating equipment 1500.Pair mentioned herein The description of computer 1500 simply to illustrate that, be not restrictive.Embodiment can also be in those skilled in the relevant art It is realized in known other types of computer system.

As shown in figure 15, equipment 1500 is calculated to include one or more processors (referred to as processor route 1502), be System memory 1504, and will include that the various system components of system storage 1504 be coupled to the bus of processor circuit 1502 1506.Processor circuit 1502 is in one or more physical hardware electronic circuit apparatus elements and/or as central processing list IDE (the semiconductor material of first (CPU), microcontroller, microprocessor, and/or other physical hardware processing circuits Chip or tube core) in realize electronics and/or optical circuit.Processor circuit 1502 is executable to be stored in computer-readable medium In program code, program code, application program 1532, other programs 1534 of operating system 1530 etc..Bus 1506 If indicating the one or more of any one of the bus structures of dry type bus structures, including memory bus or memory Controller, peripheral bus, accelerated graphics port and processor or office using any one of various bus architectures Portion's bus.System storage 1504 includes read-only memory (ROM) 1508 and random access memory (RAM) 1510.Substantially defeated Enter/output system 1512 (BIOS) is stored in ROM 1508.

Computer system 1500 also has one or more following drivers: the hard disk drive for reading writing harddisk 1514, for reading or writing the disc driver 1516 of moveable magnetic disc 1518 and for reading or writing such as CD ROM, DVD The CD drive 1520 of the removable CD 1522 of ROM or other optical mediums etc.Hard disk drive 1514, disc driver 1516 and CD-ROM driver 1520 driven respectively by hard disk drive interface 1524, disk drive interface 1526 and optics Dynamic device interface 1528 is connected to bus 1506.Driver and their associated computer-readable mediums provide for computer To the nonvolatile storage of computer readable instructions, data structure, program module and other data.Although describing hard disk, can Mobile disk and removable CD, but it is also possible to using such as flash card, digital video disc, RAM, ROM etc. its The hardware based computer readable storage medium of his type stores data.

Several program modules can be stored on hard disk, disk, CD, ROM or RAM.These programs include operating system 1530, one or more application program 1532, other programs 1534 and program data 1536.Application program 1532 or other journeys Sequence 1534 may include for example, for realizing computer program logic below (for example, computer program code or instruction): user Interface module 108, context trigger monitor 110, data protection actuator 112, DS selector 116, DPR selector 118, CT Selector 120, subscriber interface module 128, DS selector 130, DPR selector 132, CT selector 134, data protection system 136, system 800, security module 802, main OS 814, flow chart 200, step 302, flow chart 400, flow chart 500, step 602, step 702, step 902, flow chart 1000, and/or flow chart 1100 (including flow chart 200,400,500,1000, 1100 any appropriate step) and/or other embodiments herein described.

User can be by the input equipment of such as keyboard 1538 and pointing device 1540 etc into calculating equipment 1500 Input order and information.Other input equipment (not shown) may include microphone, control-rod, game paddle, satellite antenna, scanning Instrument, touch screen and/or touch plate, the speech recognition system for receiving voice input, the gesture for receiving gesture input It is identifying system, such.These and other input equipments are often coupled to the serial port interface 1542 of bus 1506 It is connected to process circuit 1502, but it is also possible to by other interfaces, such as parallel port, game port, universal serial bus (USB) port, to be attached.

Display screen 1544 is connected to bus 1506 also by the interface of such as video adapter 1546 etc.Display screen 1544 It can be outside calculating equipment 1500 or included.Display screen 1544 can show information, and as receiving user command And/or the user interface of other information (for example, passing through touch, finger gesture, dummy keyboard etc.).In addition to display screen 1544 it Outside, calculating equipment 1500 may also include other peripheral output devices (not shown), such as loudspeaker and printer.

Computer 1500 is by adapter or network interface 1550, modem 1552 or for being established by network Other means of communication are connected to network 1548 (for example, internet).It can be built-in or external modem 1552 It can be connected to bus 1506 via serial port interface 1542, as shown in figure 15, or can be used including parallel interface Another interface type is connected to bus 1506.

As used herein, term " computer program medium ", " computer-readable medium " and " computer-readable storage Medium " be used to refer to physical hardware medium, hard disk such as associated with hard disk drive 1514, moveable magnetic disc 1518, Removable CD 1522, the physical hardware medium of other such as RAM, ROM etc, flash card, digital video disc, zip disk, MEM, (the memories including Figure 14 such as storage equipment and other types of physics/tangible media based on nanotechnology 1420).These computer readable storage mediums distinguish and not be overlapped with communication media (not including communication media).Communication media Load capacity calculation machine readable instruction, data structure, program module or other usually in the modulated message signals such as carrier wave Data.Term " modulated message signal " refer to so that be set or changed in a manner of encoded information in the signal one or The signal of multiple characteristics.As an example, not a limit, communication media include such as acoustics, RF, infrared ray wireless medium and its Its wireless medium and wired medium.Embodiment is also for these communication medias.

As indicated above, computer program and module (including application program 1532 and other programs 1534) can be stored up There are on hard disk, disk, CD, ROM, RAM or other hardware store media.Such computer program can also pass through network Interface 1550, serial port interface 1542 or any other interface type receive.These computer programs are by application program It executes or makes computer 1500 can be realized features of embodiments discussed herein when loading.Therefore, these computer journeys The controller of sequence expression computer system 1500.

Each embodiment further relate to include the computer code or instruction being stored on any computer-readable medium calculating Machine program product.Such computer program product includes hard drive, disc drives, memory devices packet, portable memory Stick, memory card and other types of physical store hardware.

V. example embodiment

In one embodiment, the data of calculating equipment storage described in the system protection in equipment are calculated.The calculating is set Standby includes the master operating system executed in the processor hardware for calculating equipment.The system comprises be configured to detection pair Described at least one sensor distorted for calculating equipment, and be configured to what operating system separated in the calculating equipment In continuously perform (including be configured to it is described calculating equipment shutdown when execution) security module.The security module with it is described At least one sensor is communicatively coupled.Security module includes being configured to receive to detected to the calculating equipment The context for the instruction distorted triggers monitor, and is configured in response to the detected reception execution distorted and institute State the data protection actuator of the associated data protection response of data.

In one embodiment of the system, the data protection response is the hard deletion of the data.

In an embodiment of the system, the security module is implemented as circuit.

In an embodiment of the system, the security module is implemented in system on chip (SOC) equipment.

In an embodiment of the system, the system can further comprise the second operating system, including described Security module.

In an embodiment of the system, the system can further comprise execute second operating system and with The separated processor circuit of the processor hardware of the master operating system is executed, the processor circuit is configured in the meter With poweron mode operation when calculating equipment shutdown.

In an embodiment of the system, at least one described sensor is configured to execute at least one operated below A: one or more screws of the monitoring fastening shell for calculating equipment and/or fastening storing framework monitor the shell Each section becomes to be separated from each other, monitor destruction to shell or encirclement that the monitoring shell is formed in light.

In an embodiment of the system, the system can further comprise subscriber interface module, make data quick Perceptual rank, data protection response and context triggering can be associated with the data of the calculating equipment storage.

In one embodiment, the data that the method in equipment protects the calculating equipment to store are calculated.The calculating is set Standby includes the master operating system executed in the processor hardware for calculating equipment.The described method includes: executing and the meter Calculate the security module that the operating system in equipment is separated and is communicatively coupled at least one sensor.Execute the safety Module executes the security module, receives from least one sensor in relation to setting to the calculating when being included in equipment shutdown The standby instruction the distorted and instruction in response to distorting described in received is protected to execute data associated with the data Shield response.

In an embodiment of the method, the security module is implemented as circuit, and executes the security module packet Include the operation circuit.

In an embodiment of the method, the security module is implemented in system on chip (SOC) equipment, and is executed The security module includes operating the SOC device.

In one embodiment of the method, executing the security module includes executing including the security module The second operating system.

In an embodiment of the method, execute the security module further comprise with execute the main operation system The separated processor circuit of the processor hardware of system executes second operating system, and the processor circuit is configured to With poweron mode operation when the calculating equipment is shut down.

In an embodiment of the method, at least one described sensor is configured to carry out following one: monitoring is tight Gu the shell for calculating equipment and/or each section change for fastening one or more screws of storing framework, the monitoring shell It must be separated from each other, monitor light in destruction to shell or the encirclement that the monitoring shell is formed.

In another embodiment, the data that the method in equipment protects the calculating equipment to store are calculated.The calculating Equipment includes the master operating system executed in the processor hardware for calculating equipment.The method includes providing user circle Face, which, which allows to respond data protection, is assigned to the data, and the data protection response assigned includes data It is hard to delete, and execute peace that is separating with the operating system in the calculating equipment and being communicatively coupled at least one sensor Full module.It executes when the security module is included in equipment shutdown and executes the security module, from least one sensor The related instruction distorted to the calculating equipment and the instruction in response to distorting described in received are received to execute and institute State the associated data protection response of data.

In an embodiment of the method, the security module is implemented as circuit, and executes the security module packet It includes and executes the circuit.

In an embodiment of the method, the security module is implemented in system on chip (SOC) equipment, and is executed The security module includes executing the SOC device.

In one embodiment of the method, executing the security module includes executing including the security module The second operating system.

In an embodiment of the method, execute the security module further comprise with execute the main operation system The separated processor circuit of the processor hardware of system executes second operating system, and the processor circuit is configured to With poweron mode operation when the calculating equipment is shut down.

In an embodiment of the method, at least one described sensor is configured to carry out following one: monitoring is tight Gu each section of one or more screws of the shell for calculating equipment and/or fastening storage framework, the monitoring shell becomes It must be separated from each other, monitor light in destruction to shell or the encirclement that the monitoring shell is formed.

VI. it concludes the speech

Although described above is various embodiments of the present invention, however, it is to be understood that they are intended only as example to present , and without limitation.Those, which are proficient in the personnel in relation to technology, will be understood that, without departing from as defined in the appended claims In the case where the spirit and scope of the present invention, it can be carry out various modifications in terms of form and details.Therefore, the scope of the present invention It should not be limited by either one or two of the above exemplary embodiments, and only should be equivalent with theirs according to following claim Content is defined.

Claims (19)

1. a kind of in the system for protecting the data by the calculating equipment storage calculated in equipment, the calculating equipment packet The master operating system executed in the first processor hardware for calculating equipment is included, it is described for protecting by the calculating equipment The system of the data of storage includes:

It is configured to detect to described at least one sensor distorted for calculating equipment；And

The security module that continuously carries out in the second operating system in the second processor hardware for calculating equipment, described the Two operating systems are to separate with the master operating system, and the security module and second operating system are configured in institute It states and receives power when calculating equipment shutdown to remain powered on state, the security module and at least one described sensor are communicatedly Coupling, the security module include:

It is configured to receive the detected context triggering monitor to the instruction distorted for calculating equipment, and

It is configured to execute the detected reception distorted data protection response associated with the data Data protection actuator；

The wherein system for protecting the data by the calculating equipment storage further include: user circle of user interface is provided Face mould block, the user interface, which allows to respond data protection, to be assigned to by the data of the calculating equipment storage.

2. the system as claimed in claim 1, which is characterized in that the data protection response is the hard deletion to the data.

3. the system as claimed in claim 1, which is characterized in that the security module is implemented as circuit.

4. system as claimed in claim 3, which is characterized in that the security module is implemented in system on chip SOC device.

5. the system as claimed in claim 1, which is characterized in that the second processor hardware further comprises:

The processor circuit for executing second operating system and being separated with the first processor hardware, the processor electricity Road is configured to when the calculating equipment is shut down with poweron mode operation.

6. the system as claimed in claim 1, which is characterized in that at least one described sensor is configured to execute following operation At least one:

The monitoring fastening shell for calculating equipment and/or the one or more screws for fastening storing framework；

Monitor that each section of the shell becomes to be separated from each other；

Monitor the destruction to the shell；Or

Monitor the light in the encirclement of the shell formation.

7. the system as claimed in claim 1, which is characterized in that

Wherein the subscriber interface module enable data sensitive rank, data protection response and context trigger with The data for calculating equipment storage are associated.

8. a kind of in the method for protecting the data by the calculating equipment storage calculated in equipment, the calculating equipment packet Include the master operating system executed in the first processor hardware for calculating equipment, which comprises

User interface is provided, the user interface, which allows to respond data protection, to be assigned to as described in calculating equipment storage Data；

Security module is continuously carried out in the second operating system in the second processor hardware for calculating equipment, described second Operating system is to separate and be communicatively coupled at least one sensor with the master operating system, described to execute the safety Module includes:

Power is received to remain powered in the security module and second operating system in calculating equipment shutdown State,

Receive from least one sensor about to it is described calculate equipment the instruction distorted, and

In response to received to the instruction distorted, data protection response associated with the data is executed.

9. method according to claim 8, which is characterized in that the security module is implemented as circuit, and execution institute Stating security module includes:

Operate the circuit.

10. method as claimed in claim 9, which is characterized in that the security module is implemented in system on chip SOC device In, and the execution security module includes:

Operate the system on chip SOC device.

11. method according to claim 8, which is characterized in that described to execute the security module further include:

Second operating system, the processor circuit are executed with the processor circuit separated with the first processor hardware It is configured to when the calculating equipment is shut down with poweron mode operation.

12. method according to claim 8, which is characterized in that at least one described sensor be configured to execute with down toward It is one few:

The monitoring fastening shell for calculating equipment and/or the one or more screws for fastening storing framework；

Monitor that each section of the shell becomes to be separated from each other；

Monitor the destruction to the shell；Or

Monitor the light in the encirclement of shell formation.

13. a kind of in the method for protecting the data by the calculating equipment storage calculated in equipment, the calculating equipment Including the master operating system executed in the first processor hardware for calculating equipment, which comprises

User interface is provided, the user interface, which allows to respond data protection, is assigned to the data, and the data assigned are protected Shield response includes the hard deletion to the data；

Security module is continuously carried out in the second operating system in the second processor hardware for calculating equipment, described second Operating system is to separate and be communicatively coupled at least one sensor, the execution security module with the master operating system Include:

The calculating equipment shutdown when in the security module and the second operating system receive power to remain powered on state,

Receive from least one sensor about to it is described calculate equipment the instruction distorted, and

In response to the instruction distorted described in received, executes data protection associated with the data and respond.

14. method as claimed in claim 13, which is characterized in that the security module is implemented as circuit, and the execution The security module includes:

Execute the circuit.

15. method as claimed in claim 14, which is characterized in that the security module is implemented in system on chip SOC device In, and the execution security module includes:

Execute the system on chip SOC device.

16. method as claimed in claim 13, which is characterized in that described to execute the security module further include:

Second operating system, the processor circuit are executed with the processor circuit separated with the first processor hardware It is configured to when the calculating equipment is shut down with poweron mode operation.

17. method as claimed in claim 13, which is characterized in that at least one described sensor be configured to execute with down toward It is one few:

The monitoring fastening shell for calculating equipment and/or the one or more screws for fastening storing framework；

Monitor that each section of the shell becomes to be separated from each other；

Monitor the destruction to the shell；Or

Monitor the light in the encirclement of shell formation.

18. a kind of computer readable storage medium with instruction makes machine execute such as right when executed It is required that method described in any claim in 8-17.

19. a kind of computer system, including the dress for executing the method as described in any claim in claim 8-17 It sets.