TWI767548B - Methods and systems for operating user devices having multiple operating systems - Google Patents

Methods and systems for operating user devices having multiple operating systems Download PDF

Info

Publication number
TWI767548B
TWI767548B TW110103847A TW110103847A TWI767548B TW I767548 B TWI767548 B TW I767548B TW 110103847 A TW110103847 A TW 110103847A TW 110103847 A TW110103847 A TW 110103847A TW I767548 B TWI767548 B TW I767548B
Authority
TW
Taiwan
Prior art keywords
user device
operating system
monitoring module
communication medium
operating
Prior art date
Application number
TW110103847A
Other languages
Chinese (zh)
Other versions
TW202232313A (en
Inventor
郭文章
王其斌
蔡德旺
楊棣焱
李健銘
鄭秉豪
林咨岑
王秀惠
Original Assignee
台灣積體電路製造股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 台灣積體電路製造股份有限公司 filed Critical 台灣積體電路製造股份有限公司
Priority to TW110103847A priority Critical patent/TWI767548B/en
Application granted granted Critical
Publication of TWI767548B publication Critical patent/TWI767548B/en
Publication of TW202232313A publication Critical patent/TW202232313A/en

Links

Images

Landscapes

  • Stored Programmes (AREA)
  • Mechanical Control Devices (AREA)
  • Switches With Compound Operations (AREA)

Abstract

The embodiments of the present invention relate to a method and system for operating user devices having multiple operating systems. In some embodiments, the method comprises: accessing operating system booting rules set up by a configuration module based on the using location of the user device; detecting the using location of the user device by a monitoring module; based on the operating system booting rules, loading a corresponding operating system in response to the monitoring module detecting in which restricted zone the user devise is being used. In some embodiments, the system comprises: a configuration module, which sets up operating system booting rules based on the using location of the user device; and a monitoring module configured to detect the using location of the user device.

Description

操作具有複數個作業系統之使用者裝置的方法及系統Method and system for operating a user device having multiple operating systems

本發明之實施例係關於操作具有複數個作業系統之使用者裝置的方法及系統。Embodiments of the present invention relate to methods and systems for operating user devices having a plurality of operating systems.

對於諸多個人及企業雇員而言,個人裝置對於攜帶及處理資料至關重要。個人裝置安裝有作業系統,其負責管理個人裝置之硬體及軟體資源,並提供軟體服務給使用者。對企業而言,企業雇員之個人裝置須經由企業之資訊技術(IT)系統進行安全控管,以確保企業之機密資料不被未經授權之使用者存取,其中一種控管方式即是針對作業系統進行管控。然而,現有安全控管措施可能造成個人裝置之使用者的不便利性或是過度增加企業支出成本。因此,需要一種改良之安全控管措施。For many individuals and corporate employees, personal devices are essential for carrying and processing data. The personal device is installed with an operating system, which is responsible for managing the hardware and software resources of the personal device and providing software services to users. For enterprises, the personal devices of enterprise employees must be securely controlled through the information technology (IT) system of the enterprise to ensure that the confidential information of the enterprise is not accessed by unauthorized users. The operating system is controlled. However, existing security controls may cause inconvenience to users of personal devices or unduly increase business costs. Therefore, there is a need for an improved security control measure.

本發明的一些實施例係關於一種操作具有複數個作業系統之使用者裝置的方法,該方法包括:存取組態模組所設定之基於該使用者裝置之使用位置的作業系統啟動規則;藉由監測模組偵測該使用者裝置之使用位置;基於該作業系統啟動規則,回應於該監測模組偵測該使用位置位於第一工作區,該使用者裝置載入第一作業系統。Some embodiments of the present invention relate to a method for operating a user device having a plurality of operating systems, the method comprising: accessing an operating system activation rule set by a configuration module based on a usage location of the user device; The use position of the user device is detected by the monitoring module; based on the operating system activation rule, the user device is loaded into the first operating system in response to the monitoring module detecting that the use position is located in the first work area.

本發明的一些實施例係關於一種操作具有複數個作業系統之使用者裝置的方法,該方法包括:存取組態模組所設定之基於該使用者裝置之使用位置的作業系統啟動規則;藉由監測模組偵測該使用者裝置之使用位置;基於該作業系統啟動規則,回應於該監測模組偵測該使用位置由第一工作區改變至第二工作區,而自動切換該使用者裝置之作業系統,其中該自動切換該使用者裝置之作業系統包括:維持該使用者裝置電源開啟狀態;儲存並加密第一作業系統之資料;關閉該第一作業系統;及載入第二作業系統。Some embodiments of the present invention relate to a method for operating a user device having a plurality of operating systems, the method comprising: accessing an operating system activation rule set by a configuration module based on a usage location of the user device; The use position of the user device is detected by the monitoring module; based on the operating system activation rule, the user is automatically switched in response to the monitoring module detecting that the use position is changed from the first work area to the second work area The operating system of the device, wherein the automatic switching of the operating system of the user device comprises: maintaining the power-on state of the user device; storing and encrypting the data of the first operating system; closing the first operating system; and loading the second operation system.

本發明的一些實施例係關於一種操作具有複數個作業系統之使用者裝置的系統,其包括:環境訊號源;通訊媒介,其由該環境訊號源發出;及具有複數個作業系統之使用者裝置,其包括:組態模組,其設定基於該使用者裝置之使用位置的作業系統啟動規則;及監測模組,其接收該通訊媒介,且經組態以偵測該使用者裝置之使用位置;其中該使用者裝置基於該作業系統啟動規則,執行以下步驟:回應於該監測模組偵測該使用者裝置位於第一工作區,啟動第一作業系統;或回應於該監測模組偵測該使用者裝置由第一工作區改變至第二工作區,自動切換該使用者裝置之作業系統,其中該自動切換該使用者裝置之作業系統包括:維持該使用者裝置電源開啟狀態;儲存並加密第一作業系統之資料;關閉該第一作業系統;及載入第二作業系統。Some embodiments of the present invention relate to a system for operating a user device having a plurality of operating systems, comprising: an ambient signal source; a communication medium sent from the ambient signal source; and a user device having a plurality of operating systems , which includes: a configuration module that sets operating system startup rules based on the usage location of the user device; and a monitoring module that receives the communication medium and is configured to detect the usage location of the user device ; wherein the user device performs the following steps based on the operating system activation rule: in response to the monitoring module detecting that the user device is located in the first work area, start the first operating system; or in response to the monitoring module detecting The user equipment is changed from the first working area to the second working area, and the operating system of the user equipment is automatically switched, wherein the automatic switching of the operating system of the user equipment includes: maintaining the power-on state of the user equipment; saving and encrypting the data of the first operating system; shutting down the first operating system; and loading the second operating system.

以下揭示內容提供用於實施所提供標的之不同特徵之諸多不同實施例或實例。下文描述組件及佈置之特定實例以簡化本發明實施例。當然,此等僅僅係實例,而不意欲係限制性的。另外,本發明實施例可在各種實例中重複參考數字及/或字母。此重複係為簡單及清楚之目的,並且本身並不表示所論述之各種實施例及/或組態之間之關係。The following disclosure provides many different embodiments or examples for implementing different features of the provided subject matter. Specific examples of components and arrangements are described below to simplify embodiments of the invention. Of course, these are merely examples and are not intended to be limiting. Additionally, the present embodiments may repeat reference numerals and/or letters in various instances. This repetition is for the purpose of simplicity and clarity, and does not in itself represent a relationship between the various embodiments and/or configurations discussed.

貫穿本發明實施例使用之術語「耦合」描述兩個或更多個裝置或元件之間之直接或間接連接。在一些情況中,至少兩個裝置或元件之間之耦合係指其之間之僅電或導電連接,且介入特徵可出現在耦合裝置與元件之間。在一些其他情況中,至少兩個裝置或元件之間之耦合可涉及主體接觸及/或電連接。The term "coupled" as used throughout the present embodiments describes a direct or indirect connection between two or more devices or elements. In some cases, coupling between at least two devices or elements refers to only electrical or conductive connections therebetween, and intervening features may be present between the coupled devices and elements. In some other cases, the coupling between at least two devices or elements may involve body contact and/or electrical connection.

在企業或公司中,於不同工作區,例如:辦公室、實驗室或產線等,可能對員工之電腦或行動裝置有不同的安全規範或允許不同權限,而需要使用不同的作業系統。另一方面,於不同工作情境下,例如:資訊技術(IT)系統管理人員於文書處理時或是進行IT系統管理時,亦可能需要使用不同的作業系統。因應上述需求,有些公司或企業會於不同工作區設置具有不同安全規範的電腦。然而,此舉導致員工具有一台以上之電腦於不同工作區,進而增加公司或企業支出成本。現有雙啟動(Dual-booting)系統,允許使用者於同一台電腦或行動裝置中執行不同的作業系統;然而,使用者必須於開機時自行選取所欲開啟之作業系統,造成使用上的不便利。In an enterprise or company, different work areas, such as offices, laboratories or production lines, may have different security regulations or allow different permissions for employees' computers or mobile devices, and need to use different operating systems. On the other hand, in different work situations, for example, information technology (IT) system administrators may need to use different operating systems during document processing or IT system management. In response to the above requirements, some companies or enterprises will set up computers with different security specifications in different work areas. However, this will result in employees having more than one computer in different work areas, thereby increasing the cost of the company or enterprise. The existing dual-booting system allows users to run different operating systems on the same computer or mobile device; however, the user must select the operating system to be turned on when booting, which causes inconvenience in use. .

在本發明之一些實施例中,提供一種操作具有複數個作業系統之使用者裝置的方法,該方法能夠根據使用者裝置之不同使用位置而自動開啟或切換相對應之作業系統,其中藉由監測模組以偵測該使用者裝置之使用位置是位於何管制區(例如:辦公室、實驗室、產線或公司/企業外部等),且藉由組態模組設立使用者裝置之作業系統啟動規則,該作業系統啟動規則係基於不同管制區而設定,例如:於辦公室則允許執行諸如企業版Windows之辦公室作業系統;於產線則允許執行諸如Linux之產線作業系統;於公司/企業外部則允許執行諸如居家版Windows之外部作業系統;於風險狀態時則進入加密模式等。In some embodiments of the present invention, a method for operating a user device having a plurality of operating systems is provided, and the method can automatically turn on or switch the corresponding operating system according to different usage positions of the user device, wherein by monitoring The module is used to detect which control area the user device is used in (for example: office, laboratory, production line, or outside the company/enterprise, etc.), and configure the module to set up the operating system of the user device to start Rules, the operating system startup rules are set based on different control areas, for example: in the office, the office operating system such as enterprise version Windows is allowed to be executed; in the production line, the production line operating system such as Linux is allowed to be executed; outside the company/enterprise It allows the execution of external operating systems such as home edition Windows; when in a risky state, it enters encryption mode, etc.

依據本發明之一些實施例所提供的方法,具有複數個作業系統之使用者裝置於開機時會自動載入作業系統,因此使用者於開機時無須自行選擇將要執行的作業系統,因而增進使用便利性;另一方面,可減少或消除使用者嘗試登入不允許之作業系統之企圖或機會,因而增進安全性。舉例而言,一使用者於辦公室開啟該使用者裝置之電源,該使用者裝置之系統經由該組態模組而設立作業系統啟動規則,並回應於該監測模組偵測到該使用者裝置位於辦公室,而自動啟動諸如企業版Windows之辦公室作業系統,該使用者無須自行點選進入辦公室作業系統、產線作業系統或外部作業系統等。According to the method provided by some embodiments of the present invention, a user device having a plurality of operating systems will automatically load the operating system when booting, so the user does not need to select the operating system to be executed when booting, thus improving the convenience of use security; on the other hand, may reduce or eliminate the user's attempts or opportunities to log into an operating system that is not allowed, thereby increasing security. For example, a user turns on the power of the user device in the office, the system of the user device sets up operating system startup rules through the configuration module, and responds to the monitoring module detecting the user device It is located in the office, and automatically starts the office operating system such as enterprise version Windows, the user does not need to click to enter the office operating system, the production line operating system or the external operating system.

依據本發明之一些實施例所提供的方法,具有複數個作業系統之使用者裝置於執行作業系統後,該監測模組仍持續偵測該使用者裝置之使用位置。當偵測到使用位置改變時,例如:從辦公區改變至產線,則該使用者裝置會自動儲存並加密原作業系統所執行之程式,並關閉原作業系統,藉此可加強安全控管、增進資料安全性;同時,回應於偵測到的新使用位置,自動切換至相對應的作業系統,藉此增進使用便利性。舉例而言,位於辦公室之使用者裝置自動啟動辦公室作業系統後,該監測模組仍持續偵測該使用裝置之使用位置,倘若該使用者裝置之使用位置離開該辦公室,例如:該使用者裝置從辦公室被攜帶至產線,該監測模組則會偵測到該使用位置由該辦公室移至產線,此時該使用者裝置會自動儲存該辦公室作業系統之程式資料並進行加密,且關閉該辦公室作業系統,使該辦公室作業系統之資料無法被存取,同時回應於偵測到新使用位置位於產線,而自動開啟產線作業系統。According to the method provided by some embodiments of the present invention, after the user device having a plurality of operating systems executes the operating system, the monitoring module continues to detect the use position of the user device. When a change in the location of use is detected, such as changing from an office area to a production line, the user device will automatically save and encrypt the programs executed by the original operating system, and close the original operating system, thereby enhancing security control. , Improve data security; at the same time, in response to the detected new location, automatically switch to the corresponding operating system, thereby improving the convenience of use. For example, after the user device in the office automatically starts the office operating system, the monitoring module continues to detect the use position of the user device, if the use position of the user device leaves the office, for example: the user device When it is carried from the office to the production line, the monitoring module will detect that the use position is moved from the office to the production line. At this time, the user device will automatically store the program data of the office operating system, encrypt it, and close it. In the office operating system, the data of the office operating system cannot be accessed, and at the same time, the production line operating system is automatically activated in response to detecting that the new use position is located in the production line.

圖1為根據一些實施例之用於操作具有複數個作業系統之使用者裝置的應用場景10示意圖。組織(例如公司/企業100)內部可以劃分為不同工作區,例如第一工作區101、第二工作區102,該不同工作區可為辦公室、實驗室或產線等。在一些實施例中,第一工作區101及第二工作區102具有不同的資訊安全規範,或是允許使用不同的作業系統。在一些實施例中,第一工作區101及第二工作區102具有不同的工作情境。舉例而言,第一工作區101可為用於文書處理之辦公室,而第二工作區102可為用於操作生產機台之產線。此外,公司/企業100設置並操作資訊技術(IT)系統,其分佈在辦公室、實驗室及/或產線等並由至少一個伺服器及包含例示性使用者裝置104、105、106之若干使用者裝置組成。IT系統亦包含連接IT系統中之伺服器及使用者裝置之一或多者的無線網路111、112及/或有線網路121、122,其中無線網路111及/或有線網路121設置於第一工作區101,無線網路112及/或有線網路122則設置於第二工作區102。在一些實施例中,使用者裝置104、105之使用位置位於公司/企業100內部。在一些實施例中,使用者裝置104位於第一工作區101,其連接至第一工作區101所設置之無線網路111及/或有線網路121。在一些實施例中,使用者裝置105之使用位置位於公司/企業100內部之第二工作區102,其連接至第二工作區102所設置之無線網路112及/或有線網路122。在一些實施例中,使用者裝置106之使用位置位於公司/企業100外部,其連接至外部無線網路或有線網路。在一些實施例中,無線網路111、112及/或有線網路121、122包含網路介面裝備、纜線、有線/無線收發器及其他網路組件。在一些實施例中,伺服器至少包含網域名稱伺服器、金鑰伺服器、網域控制站及資料伺服器。在一些實施例中,公司/企業100之機密資料(例如產品設計及製造資料、雇員統計資料以及市場行銷及客戶資訊)儲存在伺服器中並能夠由公司/企業100之一或多個符合條件之雇員基於個人存取級別及資料之安全級別來存取。FIG. 1 is a schematic diagram of an application scenario 10 for operating a user device having a plurality of operating systems according to some embodiments. An organization (eg, company/enterprise 100 ) may be divided into different work areas, such as a first work area 101 and a second work area 102 , and the different work areas may be offices, laboratories, or production lines. In some embodiments, the first work area 101 and the second work area 102 have different information security specifications, or allow the use of different operating systems. In some embodiments, the first work area 101 and the second work area 102 have different work contexts. For example, the first work area 101 may be an office for document processing, and the second work area 102 may be a production line for operating production machines. In addition, company/enterprise 100 sets up and operates information technology (IT) systems that are distributed in offices, laboratories, and/or production lines, etc. and are used by at least one server and several including exemplary user devices 104, 105, 106 device composition. The IT system also includes wireless networks 111, 112 and/or wired networks 121, 122 connected to one or more of the servers and user devices in the IT system, wherein the wireless network 111 and/or the wired network 121 are configured In the first work area 101 , the wireless network 112 and/or the wired network 122 are arranged in the second work area 102 . In some embodiments, the location of use of the user devices 104 , 105 is within the company/enterprise 100 . In some embodiments, the user device 104 is located in the first work area 101 and is connected to the wireless network 111 and/or the wired network 121 provided in the first work area 101 . In some embodiments, the use location of the user device 105 is located in the second work area 102 inside the company/enterprise 100 , which is connected to the wireless network 112 and/or the wired network 122 set in the second work area 102 . In some embodiments, the user device 106 is used at a location outside the company/enterprise 100, which is connected to an external wireless or wired network. In some embodiments, wireless networks 111, 112 and/or wired networks 121, 122 include network interface equipment, cables, wired/wireless transceivers, and other network components. In some embodiments, the servers include at least a domain name server, a key server, a domain controller and a data server. In some embodiments, confidential data of the company/enterprise 100 (eg, product design and manufacturing data, employee statistics, and marketing and customer information) is stored on the server and can be qualified by one or more of the company/enterprise 100 employees based on their personal access level and data security level.

在一些實施例中,使用者裝置104、105、106屬於公司/企業100之IT系統並由公司/企業100之IT系統管理。使用者裝置104、105、106可為可儲存資料之固定或行動裝置,例如桌上型電腦、蜂巢電話、筆記型電腦、平板電腦、個人數位助理(PDA)、可攜式儲存裝置、視訊/音訊信號收發器或類似者。在一些替代實施例中,使用者裝置104、105、106為固定裝置,例如桌上型電腦、有線通信裝置、伺服器之終端或類似者。在一些實施例中,使用者裝置104、105、106為行動裝置,例如PDA、智慧型手機、手機平板、筆記型電腦、平板電腦、穿戴式設備或類似者。在一些實施例中,使用者裝置104、105、106裝備有有線或無線介面,其用於藉由主體線線路或無線地與公司/企業100之管理主體(例如伺服器)通信。在一些實施例中,使用者裝置104、105、106可被攜帶至不同工作區(例如第一工作區101、第二工作區102),甚至可被攜帶至公司/企業100外部。In some embodiments, the user devices 104 , 105 , 106 belong to and are managed by the IT system of the company/enterprise 100 . User devices 104, 105, 106 can be fixed or mobile devices that can store data, such as desktop computers, cellular phones, notebook computers, tablet computers, personal digital assistants (PDAs), portable storage devices, video/ Audio signal transceiver or similar. In some alternative embodiments, the user devices 104, 105, 106 are stationary devices such as desktop computers, wired communication devices, server terminals, or the like. In some embodiments, the user devices 104, 105, 106 are mobile devices, such as PDAs, smart phones, cell phone tablets, notebook computers, tablet computers, wearable devices, or the like. In some embodiments, the user devices 104, 105, 106 are equipped with a wired or wireless interface for communicating with a management entity (eg, a server) of the company/enterprise 100 via the host line or wirelessly. In some embodiments, the user devices 104 , 105 , 106 may be carried to different work areas (eg, the first work area 101 , the second work area 102 ), or even outside the company/enterprise 100 .

在一些實施例中,第一工作區101、第二工作區102可由物理邊界或虛擬邊界來定義。在一些實施例中,第一工作區101由無線網路111之信號覆蓋內之範圍界定,或是由有線網路121所到達之範圍界定。在一些實施例中,第二工作區102由無線網路112之信號覆蓋內之範圍界定,或是由有線網路122所到達之範圍界定。在一些實施例中,第一工作區101、第二工作區102由下文所述環境訊號源204所發出之通訊媒介206界定,例如由GPS信號、Wi-Fi信號、蜂巢網路信號(例如GSM)、RFID信號、NFC信號、藍芽信號、超聲波信號、其組合或類似者界定。In some embodiments, the first work area 101, the second work area 102 may be defined by physical boundaries or virtual boundaries. In some embodiments, the first work area 101 is defined by the range within the signal coverage of the wireless network 111 , or by the range reached by the wired network 121 . In some embodiments, the second work area 102 is defined by the range within the signal coverage of the wireless network 112 or by the range reached by the wired network 122 . In some embodiments, the first work area 101 and the second work area 102 are defined by the communication medium 206 emitted by the environmental signal source 204 described below, such as GPS signals, Wi-Fi signals, cellular network signals (such as GSM signals) ), an RFID signal, an NFC signal, a Bluetooth signal, an ultrasonic signal, a combination thereof, or the like.

在一些實施例中,使用者裝置104連接至第一工作區101所架設之無線網路111或有線網路121,因此判定該使用者裝置位於第一工作區101;使用者裝置105連接至第二工作區102所架設之無線網路112或有線網路122,因此判定該使用者裝置位於第二工作區102;使用者裝置106被攜帶至公司/企業100外部,無法連接至任何公司/企業100之無線網路或有線網路,因此判定該使用者裝置106在公司/企業外部。In some embodiments, the user device 104 is connected to the wireless network 111 or the wired network 121 set up in the first work area 101, so it is determined that the user device is located in the first work area 101; the user device 105 is connected to the first work area 101. The second work area 102 has the wireless network 112 or wired network 122, so it is determined that the user device is located in the second work area 102; the user device 106 is carried outside the company/enterprise 100 and cannot be connected to any company/enterprise 100's wireless network or wired network, so it is determined that the user device 106 is outside the company/enterprise.

圖2示意性地展示根據一些實施例之用於操作具有複數個作業系統之使用者裝置的系統20。該系統20包含使用者裝置202、環境訊號源204及通訊媒介206,其中該使用者裝置包含處理器210、記憶體212、基本輸入輸出系統(BIOS)230、儲存裝置214、組態模組216、監測模組218及加密模組220,其中該儲存裝置214中存有複數個作業系統,例如第一作業系統240、第二作業系統242、第三作業系統244。該使用者裝置亦可包含輸入裝置、輸出裝置、電源供應器、網路介面單元、電力控制單元及匯流排等(未繪示)。監測模組218可用以接收環境訊號源204所發出的通訊媒介206,或是監測模組218可經由通訊媒介206而連接至環境訊號源204。在一些實施例中,使用者裝置202為前文所述之使用者裝置104、105、106。FIG. 2 schematically shows a system 20 for operating a user device having a plurality of operating systems, according to some embodiments. The system 20 includes a user device 202 , an environmental signal source 204 and a communication medium 206 , wherein the user device includes a processor 210 , a memory 212 , a basic input output system (BIOS) 230 , a storage device 214 , and a configuration module 216 , the monitoring module 218 and the encryption module 220 , wherein the storage device 214 stores a plurality of operating systems, such as a first operating system 240 , a second operating system 242 , and a third operating system 244 . The user device may also include an input device, an output device, a power supply, a network interface unit, a power control unit, a bus bar, etc. (not shown). The monitoring module 218 can be used to receive the communication medium 206 sent by the environmental signal source 204 , or the monitoring module 218 can be connected to the environmental signal source 204 via the communication medium 206 . In some embodiments, the user device 202 is the user device 104, 105, 106 described above.

環境訊號源204用以發出通訊媒介206,其可由組織(例如公司/企業100)之IT系統所管理。在一些實施例中,組織(例如公司/企業100)內部存在有複數個環境訊號源204,其等安裝於前文所述不同工作區,例如第一工作區101、第二工作區102;該環境訊號源204於不同工作區中會發出隱含該工作區位置信息之通訊媒介206。在一些實施例中,環境訊號源204為無線網路或有線網路之網路伺服器。舉例而言,環境訊號源204可為前文所述之無線網路111、112或有線網路121、122之網路伺服器。在一些實施例中,環境訊號源204為例如GPS信號源、Wi-Fi信號源、蜂巢網路信號(例如GSM)源、RFID信號源、NFC信號源、藍芽信號源、超聲波信號源、其組合或類似者。在一些實施例中,該通訊媒介206為GPS信號、Wi-Fi信號、蜂巢網路信號(例如GSM)、RFID信號、NFC信號、藍芽信號、超聲波信號、其組合或類似者。例如,該通訊媒介206可為前文所述無線網路111、112之無線網路訊號。在一些替代實施例中,通訊媒介206可為有線網路之訊號,例如前文所述有線網路121、122之訊號。在一些實施例中,環境訊號源204由組織(例如公司/企業100)所授權設置,且經組態以賦予通訊媒介206一認證識別資訊,或經組態以對通訊媒介206進行加密,例如利用所授權之金鑰對通訊媒介206進行加密。The environmental signal source 204 is used to send out the communication medium 206, which may be managed by the IT system of the organization (eg, the company/enterprise 100). In some embodiments, there are a plurality of environmental signal sources 204 within an organization (eg, company/enterprise 100 ), which are installed in different work areas such as the first work area 101 and the second work area 102; the environment The signal source 204 in different work areas sends out a communication medium 206 that implies the location information of the work area. In some embodiments, the ambient signal source 204 is a network server of a wireless network or a wired network. For example, the ambient signal source 204 may be the network server of the aforementioned wireless networks 111, 112 or the wired networks 121, 122. In some embodiments, the ambient signal source 204 is, for example, a GPS signal source, a Wi-Fi signal source, a cellular network signal (eg, GSM) source, an RFID signal source, an NFC signal source, a Bluetooth signal source, an ultrasonic signal source, etc. combination or similar. In some embodiments, the communication medium 206 is a GPS signal, a Wi-Fi signal, a cellular network signal (eg, GSM), an RFID signal, an NFC signal, a Bluetooth signal, an ultrasonic signal, a combination thereof, or the like. For example, the communication medium 206 may be the wireless network signal of the aforementioned wireless networks 111, 112. In some alternative embodiments, the communication medium 206 may be a signal of a wired network, such as the signals of the wired networks 121, 122 described above. In some embodiments, ambient signal source 204 is authorized by an organization (eg, company/enterprise 100) and is configured to give communication medium 206 an authenticating identification, or is configured to encrypt communication medium 206, such as The communication medium 206 is encrypted with an authorized key.

監測模組218經組態以用於偵測使用者裝置202之使用位置。在一些實施例中,監測模組218為硬體裝置。在一些實施例中,監測模組218為通訊媒介206之接收器,其接收環境訊號源204所發出的通訊媒介206。在一些實施例中,監測模組218讀取隱含於通訊媒介206中的位置信息。在一些實施例中,監測模組218藉由通訊媒介206中的位置信息,判定使用者裝置202是位於何管制區(例如:前文所述第一工作區101、第二工作區102或公司/企業100外部),該等管制區允許使用者開啟不同的作業系統。在一些實施例中,監測模組218為座標定位器,例如:GPS座標接收器或收發器,其自通訊媒介206獲得使用裝置202之使用位置座標後,判讀該使用位置座標位於何管制區(例如:前文所述第一工作區101、第二工作區102或公司/企業100外部)。在一些實施例中,通訊媒介206為無線網路(例如前文所述無線網路111、112)之訊號或有線網路(例如前文所述有線網路121、122)之訊號,監測模組218可讀取該無線網路或該有線網路之IP位址,據此判斷使用者裝置202之使用位置位於何管制區(例如:前文所述第一工作區101、第二工作區102或公司/企業100外部)。在一些實施例中,監測模組218經組態以對通訊媒介206進行認證,以判定通訊媒介206是否係由經組織(例如公司/企業100)所授權之環境訊號源204所發出,該認證可藉由下列一者或多者達成:(1)監測模組218經組態以讀取通訊媒介206之認證識別資訊;或(2)監測模組218經組態以對加密之通訊媒介206進行解密,例如利用金鑰對通訊媒介206進行解密,其中該金鑰可與前文所述對通訊媒介206進行加密之金鑰相同或不同。在一些實施例中,在使用者裝置202執行啟動指令或啟動作業系統之前,監測模組218執行偵測使用者裝置202之使用位置。在一些實施例中,在使用者裝置202執行啟動指令或啟動作業系統之後,監測模組218執行偵測使用者裝置202之使用位置。在一些實施例中,監測模組218之偵測作業以週期性方式執行,例如以具有10秒、15秒之週期或其他合適週期之間隔執行。在一些實施例中,預定間隔可被設置為大於或等於零,例如事件觸發之監測方案可與週期性監測同時採用。The monitoring module 218 is configured to detect the usage location of the user device 202 . In some embodiments, the monitoring module 218 is a hardware device. In some embodiments, the monitoring module 218 is a receiver of the communication medium 206 that receives the communication medium 206 from the environmental signal source 204 . In some embodiments, the monitoring module 218 reads location information implicit in the communication medium 206 . In some embodiments, the monitoring module 218 uses the location information in the communication medium 206 to determine which control area the user device 202 is located in (for example, the first work area 101, the second work area 102 or the company/ external to enterprise 100), these control zones allow users to start different operating systems. In some embodiments, the monitoring module 218 is a coordinate locator, such as a GPS coordinate receiver or transceiver, which obtains the use position coordinates of the use device 202 from the communication medium 206 and interprets which control area the use position coordinates are located in ( For example: the aforementioned first work area 101, second work area 102, or outside the company/enterprise 100). In some embodiments, the communication medium 206 is a signal of a wireless network (eg, the aforementioned wireless networks 111 , 112 ) or a signal of a wired network (eg, the aforementioned wired network 121 , 122 ), and the monitoring module 218 The IP address of the wireless network or the wired network can be read to determine which control area the user device 202 is located in (for example, the first work area 101, the second work area 102 or the company mentioned above) /enterprise 100 external). In some embodiments, the monitoring module 218 is configured to authenticate the communication medium 206 to determine whether the communication medium 206 is issued by an environmental signal source 204 authorized by an organization (eg, company/enterprise 100 ), the authentication This may be accomplished by one or more of the following: (1) the monitoring module 218 is configured to read the authentication identification information of the communication medium 206; or (2) the monitoring module 218 is configured to read the encrypted communication medium 206 Decryption is performed, such as decrypting the communication medium 206 using a key, which may be the same as or different from the key used to encrypt the communication medium 206 described above. In some embodiments, the monitoring module 218 performs detection of the usage location of the user device 202 before the user device 202 executes the boot command or starts the operating system. In some embodiments, after the user device 202 executes the boot command or starts the operating system, the monitoring module 218 performs detection of the usage location of the user device 202 . In some embodiments, the detection operations of the monitoring module 218 are performed in a periodic manner, such as at intervals having a period of 10 seconds, 15 seconds, or other suitable period. In some embodiments, the predetermined interval may be set to be greater than or equal to zero, eg, an event-triggered monitoring scheme may be employed concurrently with periodic monitoring.

儲存裝置214經組態以儲存可由處理器210執行之程式指令及由程式指令存取之資料。在一些實施例中,儲存裝置214包括非暫時性電腦可讀儲存媒體,例如硬碟、固態硬碟、快閃記憶體、磁帶、光碟、隨身碟或類似者。在一些實施例中,儲存裝置214儲存使用者裝置202之作業系統之指令及資料。在一些實施例中,儲存裝置214中存有複數個作業系統之指令及資料,例如第一作業系統240、第二作業系統242、第三作業系統244。在一些實施例中,第一作業系統240、第二作業系統242、第三作業系統244各自獨立為微軟Windows、Apple Mac OS、Linux、UNIX或彼等之不同版本。在一些實施例中,第一作業系統240、第二作業系統242、第三作業系統244各自獨立為Android、iOS、Symbian、Microsoft Mobile、Microsoft Phone或彼等之不同版本。在一些實施例中,儲存裝置214被分割成不同儲存區域,第一作業系統240、第二作業系統242、第三作業系統244分別儲存於儲存裝置214之不同分割區;在一些替代實施例中,使用者裝置202包括複數個儲存裝置(未繪示),第一作業系統240、第二作業系統242、第三作業系統244分別儲存於不同的儲存裝置中。在一些實施例中,儲存裝置214為硬碟裝置,其包含主啟動記錄(Master Boot Record,MBR;亦稱主啟動磁區),該主啟動記錄存放幻數(magic number)、分區表(partition table)及啟動載入器(boot loader),其中該幻數作為該主啟動記錄之識別碼,其允許其他程式(例如:基本輸入輸出系統(BIOS))辨識出該主啟動記錄之位置;該分區表記錄該硬碟裝置中各分割區之資訊,例如:硬碟裝置中各分割區的格式、大小及位置等;該啟動載入器則作為啟動作業系統之啟動程式,當啟動載入器被載入記憶體212且經處理器210執行後,其會將第一作業系統240、第二作業系統242或第三作業系統244載入記憶體212中而啟動相對應的作業系統。The storage device 214 is configured to store program instructions executable by the processor 210 and data accessed by the program instructions. In some embodiments, storage device 214 includes a non-transitory computer-readable storage medium, such as a hard disk, solid state disk, flash memory, magnetic tape, optical disk, pen drive, or the like. In some embodiments, the storage device 214 stores instructions and data for the operating system of the user device 202 . In some embodiments, the storage device 214 stores instructions and data of a plurality of operating systems, such as the first operating system 240 , the second operating system 242 , and the third operating system 244 . In some embodiments, the first operating system 240, the second operating system 242, and the third operating system 244 are each independently Microsoft Windows, Apple Mac OS, Linux, UNIX, or different versions thereof. In some embodiments, the first operating system 240, the second operating system 242, and the third operating system 244 are each independently Android, iOS, Symbian, Microsoft Mobile, Microsoft Phone, or different versions thereof. In some embodiments, the storage device 214 is divided into different storage areas, and the first operating system 240 , the second operating system 242 , and the third operating system 244 are respectively stored in different partitions of the storage device 214 ; in some alternative embodiments , the user device 202 includes a plurality of storage devices (not shown), and the first operating system 240 , the second operating system 242 , and the third operating system 244 are respectively stored in different storage devices. In some embodiments, the storage device 214 is a hard disk device, which includes a master boot record (MBR; also known as a master boot volume), where the master boot record stores a magic number, a partition table (partition table) table) and boot loader (boot loader), wherein the magic number is used as the identification code of the master boot record, which allows other programs (such as: basic input output system (BIOS)) to identify the location of the master boot record; the The partition table records the information of each partition in the hard disk device, such as the format, size and location of each partition in the hard disk device; the boot loader is used as the boot program to start the operating system, when the boot loader After being loaded into the memory 212 and executed by the processor 210, it will load the first operating system 240, the second operating system 242 or the third operating system 244 into the memory 212 to start the corresponding operating system.

記憶體212經組態以儲存待由處理器210執行之程式指令及由程式指令存取之資料。在一些實施例中,記憶體212包含揮發性記憶體裝置、非揮發性記憶體裝置或其組合。在一些實施例中,記憶體212包含唯讀記憶體(ROM)裝置、隨機存取記憶體(RAM)裝置、快閃記憶體裝置或其組合。在一些實施例中,記憶體212儲存使用者裝置202之基本輸入輸出系統(BIOS)2023,其經組態以在使用者裝置202之啟動程序期間執行硬體初始化及硬體測試。在一些實施例中,BIOS 230儲存於記憶體212之ROM裝置或快閃記憶體裝置中。在一些實施例中,BIOS 230執行尋找前文所述儲存裝置214中的主啟動記錄,並將該主啟動記錄載入記憶體212,例如載入記憶體212之RAM裝置,繼而執行前文所述主啟動記錄中的啟動載入器,藉由該啟動載入器將第一作業系統240、第二作業系統242、第三作業系統244載入記憶體212。在一些實施例中,前述第一作業系統240、第二作業系統242、第三作業系統244係載入記憶體212之RAM裝置。Memory 212 is configured to store program instructions to be executed by processor 210 and data accessed by the program instructions. In some embodiments, memory 212 includes volatile memory devices, non-volatile memory devices, or combinations thereof. In some embodiments, memory 212 includes read only memory (ROM) devices, random access memory (RAM) devices, flash memory devices, or combinations thereof. In some embodiments, memory 212 stores a basic input output system (BIOS) 2023 of user device 202 that is configured to perform hardware initialization and hardware testing during the boot process of user device 202 . In some embodiments, BIOS 230 is stored in a ROM device or a flash memory device of memory 212 . In some embodiments, the BIOS 230 performs a search for the master boot record in the storage device 214 described above, and loads the master boot record into the memory 212, such as a RAM device of the memory 212, and then executes the main boot record described above. The boot loader in the boot record is used to load the first operating system 240 , the second operating system 242 and the third operating system 244 into the memory 212 through the boot loader. In some embodiments, the aforementioned first OS 240 , second OS 242 , and third OS 244 are RAM devices loaded into memory 212 .

處理器210經組態以執行儲存在記憶體212或儲存裝置214中之程式指令。處理器210可為中央處理單元(CPU)、微處理器或特定應用積體電路(ASIC)。在一些實施例中,當使用者裝置202開啟時,處理器210經組態以自記憶體212載入BIOS 230以執行硬體及韌體初始化及測試。在一些實施例中,在使用者裝置202之啟動程序執行期間或之後,處理器210經組態以自儲存在儲存裝置214中之作業系統載入程式指令。在一些實施例中,處理器210經組態以執行組態模組216所設定之作業系統啟動規則及監測模組218之指令。Processor 210 is configured to execute program instructions stored in memory 212 or storage device 214 . The processor 210 may be a central processing unit (CPU), a microprocessor, or an application specific integrated circuit (ASIC). In some embodiments, when user device 202 is turned on, processor 210 is configured to load BIOS 230 from memory 212 to perform hardware and firmware initialization and testing. In some embodiments, the processor 210 is configured to load program instructions from the operating system stored in the storage device 214 during or after the execution of the startup procedure of the user device 202 . In some embodiments, the processor 210 is configured to execute the operating system startup rules set by the configuration module 216 and the instructions of the monitoring module 218 .

組態模組216經組態以設定使用者裝置202的作業系統啟動規則,該作業系統啟動規則係基於使用者裝置202的使用位置。在一些實施例中,該使用位置係藉由前文所述監測模組2024所偵測。在一些實施例中,組態模組為軟體程式,其可儲存於例如但不限於記憶體212、儲存裝置214或類似者。在一些實施例中,組態模組216經系統管理員(例如公司/企業100之IT系統管理員)限定修改權限,且須有該系統管理員之授權方得對組態模組進行修改,例如須獲得該系統管理員所核發之特定金鑰進行解鎖方得修改組態模組216,或是僅得由該系統管理員進行修改。在一些實施例中,該作業系統啟動規則為根據所偵測到的使用位置,允許開啟相對應的作業系統或進入加密模式。舉例而言,該作業系統啟動規則可為但不限於:當監測模組218偵測到使用者裝置202位於前文所述第一工作區101,則執行第一作業系統240;當監測模組218偵測到使用者裝置202位於前文所述第二工作區102,則執行第二作業系統242;當監測模組218偵測到使用者裝置202位於前文所述公司/企業100外部,則執行第三作業系統244或進入加密模式。在一些實施例中,該作業系統啟動規則為根據所偵測到的使用位置之改變,關閉正執行的作業系統,並開啟另一作業系統或進入加密模式。舉例而言,該作業系統啟動規則可為但不限於:當監測模組218偵測到使用者裝置202由前文所述第一工作區101改變至第二工作區102,則關閉正執行的第一作業系統240,並開啟第二作業系統242;當監測模組218偵測到使用者裝置202之使用位置由第二工作區102改變至公司/企業100外部,則關閉正執行的第二作業系統242,並開啟第三作業系統244或進入加密模式。在一些實施例中,該作業系統啟動規則進一步包含在關閉正在執行的作業系統之前,儲存該作業系統之資料。在一些實施例中,該作業系統啟動規則進一步包含在關閉正在執行的作業系統之前,對該作業系統之資料進行加密。在一些實施例中,BIOS 230/啟動載入器基於組態模組216所設定的作業系統啟動規則,並讀取監測模組218所偵測到的使用位置,據此開啟相對應的作業系統。在一些實施例中,開啟相對應的作業系統包含將相對應的作業系統由儲存裝置214載入至記憶體212,並將處理器210控制權移交給該相對應的作業系統。The configuration module 216 is configured to set operating system startup rules for the user device 202 based on where the user device 202 is used. In some embodiments, the usage location is detected by the monitoring module 2024 described above. In some embodiments, the configuration module is a software program, which may be stored in, for example, but not limited to, memory 212, storage device 214, or the like. In some embodiments, the configuration module 216 is limited by a system administrator (such as the IT system administrator of the company/enterprise 100) to modify the authority, and the configuration module can be modified only with the authorization of the system administrator, For example, the configuration module 216 can be modified only by obtaining a specific key issued by the system administrator for unlocking, or only by the system administrator. In some embodiments, the operating system startup rule is to allow the corresponding operating system to be started or to enter the encryption mode according to the detected usage location. For example, the operating system startup rule may be, but not limited to: when the monitoring module 218 detects that the user device 202 is located in the first work area 101, the first operating system 240 is executed; when the monitoring module 218 When it is detected that the user device 202 is located in the second work area 102, the second operating system 242 is executed; when the monitoring module 218 detects that the user device 202 is located outside the company/enterprise 100, the second operating system 242 is executed. Three operating system 244 or enter encryption mode. In some embodiments, the operating system startup rule is to shut down the running operating system and start another operating system or enter an encrypted mode according to the detected change of the usage location. For example, the operating system startup rule may be, but is not limited to: when the monitoring module 218 detects that the user device 202 is changed from the first work area 101 to the second work area 102, the execution of the first work area 102 is closed. An operating system 240 is opened, and the second operating system 242 is turned on; when the monitoring module 218 detects that the use position of the user device 202 is changed from the second work area 102 to the outside of the company/enterprise 100, the second operation being executed is closed system 242, and start the third operating system 244 or enter the encryption mode. In some embodiments, the operating system startup rule further includes storing data of the operating system before shutting down the operating system. In some embodiments, the operating system startup rule further includes encrypting data on the operating system before shutting down the operating system. In some embodiments, the BIOS 230/boot loader reads the usage location detected by the monitoring module 218 based on the operating system startup rules set by the configuration module 216, and starts the corresponding operating system accordingly . In some embodiments, starting the corresponding operating system includes loading the corresponding operating system from the storage device 214 to the memory 212, and transferring control of the processor 210 to the corresponding operating system.

在一些實施例中,加密模組220包含加密/解密電路或程式,其經組態以執行儲存裝置214之加密及解密任務。在一些實施例中,加密模組220經實施為獨立半導體晶片(例如:可信賴平台模組(TPM)晶片),其使用特定硬體結構執行加密及解密以節省電力及時間。在一些實施例中,加密及解密係基於高度發展之密碼學理論來達成。舉例而言,加密模組220基於僅由符合條件之使用者知道之金鑰來執行加密及解密任務。在無金鑰之情況下,惡意攻擊者很難或不可能在有限時間內駭客攻擊儲存裝置214並竊取儲存裝置214中之資料。在一些實施例中,儲存裝置214每次在使用者進入休眠模式或關閉之前被加密模組220加密。在一些實施例中,當儲存裝置214處於休眠模式或睡眠模式時,關閉或降低對儲存裝置218之電力供應。當使用者裝置202自休眠模式或睡眠模式開啟或喚醒時,使用者裝置202需要存取金鑰以便解密儲存裝置214。在一些實施例中,加密模組220之金鑰僅由公司/企業100提供,例如經由金鑰伺服器,並且係自儲存裝置214啟動作業系統之唯一方式。使用者裝置202需要連結至公司IT系統之金鑰伺服器以接收金鑰。在一些實施例中,加密模組220之金鑰儲存在儲存裝置214或記憶體212之特定位置,並且可僅藉由獨立金鑰保護方案來存取。在一些實施例中,自金鑰伺服器接收之金鑰被用於認證使用者之存取權杖,且因此使另一個加密/解密金鑰能夠執行加密/解密任務。在此等情況下,加密/解密金鑰可為自非對稱加密框架選擇之私人金鑰,並且可用等效電路實施,使得竊取金鑰之可能性最小化。In some embodiments, encryption module 220 includes encryption/decryption circuits or programs that are configured to perform encryption and decryption tasks for storage device 214 . In some embodiments, the encryption module 220 is implemented as a separate semiconductor chip (eg, a Trusted Platform Module (TPM) chip) that uses specific hardware structures to perform encryption and decryption to save power and time. In some embodiments, encryption and decryption are accomplished based on highly developed cryptography theory. For example, encryption module 220 performs encryption and decryption tasks based on keys known only to eligible users. Without the key, it is difficult or impossible for a malicious attacker to hack the storage device 214 and steal the data in the storage device 214 within a limited time. In some embodiments, the storage device 214 is encrypted by the encryption module 220 each time the user enters sleep mode or shuts down. In some embodiments, the power supply to the storage device 218 is turned off or reduced when the storage device 214 is in hibernate mode or sleep mode. When the user device 202 is powered on or woken up from hibernate mode or sleep mode, the user device 202 needs to access the key in order to decrypt the storage device 214 . In some embodiments, the encryption module 220 key is provided only by the company/enterprise 100 , eg, via a key server, and is the only way to boot the operating system from the storage device 214 . The user device 202 needs to be connected to the key server of the company's IT system to receive the key. In some embodiments, the encryption module 220 key is stored in a specific location in the storage device 214 or in the memory 212 and can only be accessed by an independent key protection scheme. In some embodiments, the key received from the key server is used to authenticate the user's access token and thus enable another encryption/decryption key to perform encryption/decryption tasks. In such cases, the encryption/decryption key may be a private key selected from an asymmetric encryption framework, and may be implemented in equivalent circuits, minimizing the possibility of key theft.

圖3為根據一些實施例之操作具有複數個作業系統之使用者裝置的方法流程圖。在一些實施例中,圖3所展示之方法30可用於圖2所展示之系統20中。應理解,可於圖3中所展示之各步驟之前、期間及之後另提供額外操作/步驟,並且於方法30之額外實施例中,可替換或移除下文描述之操作中之部分;操作及處理之順序亦可互換;此外,某一個實施例之相同或類似組態、結構、材料或操作亦可用於其他實施例中,並且可省略其詳細解釋。在一些實施例中,該使用者裝置為前文所述使用者裝置104、105、106或202。3 is a flowchart of a method of operating a user device having a plurality of operating systems in accordance with some embodiments. In some embodiments, the method 30 shown in FIG. 3 may be used in the system 20 shown in FIG. 2 . It should be understood that additional operations/steps may be provided before, during, and after the various steps shown in FIG. 3, and in additional embodiments of method 30, portions of the operations described below may be replaced or removed; operations and The order of processing may also be interchanged; in addition, the same or similar configurations, structures, materials, or operations of one embodiment may also be used in other embodiments, and detailed explanations thereof may be omitted. In some embodiments, the user device is the user device 104, 105, 106 or 202 described above.

在步驟302,開啟該使用者裝置之電源。在步驟306,該使用者裝置存取組態模組所設定之作業系統啟動規則。在一些實施例中,該組態模組為前文所述組態模組216。在一些實施例中,該組態模組為軟體程式且儲存於記憶體(例如記憶體212),該步驟306包含由該使用者裝置之處理器直接存取該組態模組;在一些替代實施例中,該組態模組為軟體程式且儲存於儲存裝置(例如儲存裝置214),該步驟306包含將該組態模組載入該使用者裝置之記憶體再由該使用者裝置之處理器存取該組態模組。In step 302, the user device is powered on. In step 306, the user device accesses the operating system startup rules set by the configuration module. In some embodiments, the configuration module is the configuration module 216 described above. In some embodiments, the configuration module is a software program and is stored in memory (eg, memory 212), and step 306 includes direct access to the configuration module by the processor of the user device; in some alternatives In an embodiment, the configuration module is a software program and is stored in a storage device (eg, storage device 214 ), and the step 306 includes loading the configuration module into the memory of the user device and then storing the configuration module in the user device. The processor accesses the configuration module.

在步驟308,該使用者裝置藉由監測模組接收環境訊號源所發出之通訊媒介。在一些實施例中,該監測模組為前文所述監測模組218。在一些實施例中,該環境訊號源為前文所述環境訊號源204。在一些實施例中,該通訊媒介為前文所述通訊媒介206。在一些替代實施例中,步驟308包括該使用者裝置經由通訊媒介206連接至環境訊號源204。在一些實施例中,在步驟308,使用者裝置202藉由監測模組218接收環境訊號源204所發出之通訊媒介206,且進一步認證通訊媒介206是否係由經組織(例如公司/企業100)所授權之環境訊號源204所發出,其中經授權之環境訊號源204所發出之通訊媒介206可具有認證識別資訊、經系統管理員(例如前文所述公司/企業100之IT系統管理員)以金鑰進行加密或以上兩者之結合,該認證可藉由下列一者或多者達成:(1)監測模組218經組態以讀取通訊媒介206之認證識別資訊;或(2)監測模組218經組態以利用金鑰對加密之通訊媒介206進行解密。倘若監測模組218能夠成功讀取到通訊媒介206之認證識別資訊,則通過認證,並進入步驟310;或者,倘若監測模組218能夠成功以金鑰對加密之通訊媒介206進行解密,則通過認證,並進入步驟310。In step 308, the user device receives the communication medium sent by the environmental signal source through the monitoring module. In some embodiments, the monitoring module is the monitoring module 218 described above. In some embodiments, the ambient signal source is the ambient signal source 204 described above. In some embodiments, the communication medium is the communication medium 206 described above. In some alternative embodiments, step 308 includes connecting the user device to the ambient signal source 204 via the communication medium 206 . In some embodiments, in step 308, the user device 202 receives the communication medium 206 from the environmental signal source 204 via the monitoring module 218, and further verifies whether the communication medium 206 is organized by an organization (eg, company/enterprise 100). Sent by the authorized environmental signal source 204, wherein the communication medium 206 sent by the authorized environmental signal source 204 may have authentication identification information, and the system administrator (such as the IT system administrator of the company/enterprise 100 mentioned above) can use the The key is encrypted or a combination of the two, the authentication can be achieved by one or more of the following: (1) the monitoring module 218 is configured to read the authentication identification information of the communication medium 206; or (2) monitoring Module 218 is configured to decrypt encrypted communication medium 206 using the key. If the monitoring module 218 can successfully read the authentication identification information of the communication medium 206, the authentication is passed, and the process goes to step 310; or, if the monitoring module 218 can successfully decrypt the encrypted communication medium 206 with the key, pass the authentication Authenticate, and go to step 310.

在步驟310,使用監測模組偵測該使用者裝置之使用位置。在一些實施例中,該監測模組為前文所述監測模組218。在一些實施例中,該監測模組藉由讀取隱含於通訊媒介之位置信息偵測該使用者裝置之使用位置係位於何管制區(例如:第一工作區101、第二工作區102或公司/企業100外部)。在一些實施例中,該位置信息包含位置座標、IP位址、其組合或類似者。In step 310, use the monitoring module to detect the usage position of the user device. In some embodiments, the monitoring module is the monitoring module 218 described above. In some embodiments, the monitoring module detects which control area the use location of the user device is located in by reading the location information implicit in the communication medium (for example, the first work area 101 and the second work area 102 ). or outside of Company/Enterprise 100). In some embodiments, the location information includes location coordinates, IP addresses, combinations thereof, or the like.

在步驟312,藉由監測模組判定該使用者裝置之使用位置是位於何管制區(例如:第一工作區101、第二工作區102或公司/企業100外部)。接著,該使用者裝置基於前述作業系統啟動規則,回應於該判定結果,以開啟相對應的作業系統。若判定該使用位置位於第一工作區(例如第一工作區101),則進入步驟314,開啟第一作業系統;若判定該使用位置位於第二工作區(例如第二工作區102),則進入步驟316,開啟第二作業系統;若判定該使用位置位於非工作區(例如公司/企業100外部),則進入步驟318,進一步判定該使用者裝置是否取得授權得以於非工作區使用;若判定該使用者裝置已取得授權得以於非工作區使用,則進入步驟324,開啟第三作業系統;若判定該使用者裝置未取得於非工作區使用的授權,則進入步驟322,使該使用者裝置進入加密模式。在一些實施例中,該第一作業系統、第二作業系統及第三作業系統分別為前文所述第一作業系統240、第二作業系統242及第三作業系統244。在一些實施例中,步驟314、316、324分別包括存取第一作業系統、第二作業系統、第三作業系統所在儲存裝置或儲存裝置分割區。在一些實施例中,步驟314、316、324分別包括藉由啟動載入器將第一作業系統、第二作業系統、第三作業系統載入記憶體。在一些實施例中,該加密模式係藉由前述加密模組220達成。在一些實施例中,該加密模式包含對該使用者裝置之儲存裝置(例如硬碟)進行加密、鎖定該使用者裝置之輸出裝置(例如顯示器)、使該使用者裝置進入休眠(hibernation)狀態或關閉該使用者裝置之電源、其組合或類似者。In step 312 , the monitoring module determines which control area the user device is located in (eg, the first work area 101 , the second work area 102 or outside the company/enterprise 100 ). Next, the user device responds to the determination result to activate the corresponding operating system based on the aforementioned operating system startup rule. If it is determined that the use position is located in the first work area (for example, the first work area 101 ), then go to step 314 to start the first operating system; if it is determined that the use position is located in the second work area (for example, the second work area 102 ), then Go to step 316, start the second operating system; if it is determined that the use location is located in a non-work area (for example, outside the company/enterprise 100), then go to step 318 to further determine whether the user device is authorized to be used in the non-work area; if If it is determined that the user device has been authorized to be used in the non-work area, then go to step 324 to start the third operating system; if it is determined that the user device has not been authorized to use in the non-work area, then go to step 322 to enable the use of the user device. The user device enters encryption mode. In some embodiments, the first operating system, the second operating system and the third operating system are the aforementioned first operating system 240 , the second operating system 242 and the third operating system 244 , respectively. In some embodiments, steps 314 , 316 , and 324 respectively include accessing the storage device or storage device partition where the first operating system, the second operating system, and the third operating system are located. In some embodiments, steps 314 , 316 , and 324 include loading the first operating system, the second operating system, and the third operating system into memory via a boot loader, respectively. In some embodiments, the encryption mode is achieved by the aforementioned encryption module 220 . In some embodiments, the encryption mode includes encrypting a storage device (eg, a hard disk) of the user device, locking an output device (eg, a display) of the user device, and hibernation of the user device or power off the user device, a combination thereof, or the like.

在步驟320,監測模組持續偵測該使用者裝置之使用位置,其偵測方法如前文步驟310所述。在一些實施例中,該監測模組之偵測作業以週期性方式執行,例如以具有10秒、15秒之週期或其他合適週期之間隔執行。在步驟326,由監測模組判定該使用者裝置之使用位置是否改變至其他管制區(例如第一工作區101、第二工作區102或公司/企業100外部)。若判定該使用位置並未改變至其他管制區,則進入步驟328,維持正在執行的作業系統之運作;若判定該使用位置改變至其他管制區,則進入步驟330,儲存並加密正在執行的作業系統資料。在一些實施例中,進入步驟328後,返回步驟320,持續偵測該使用者裝置之使用位置是否改變至其他管制區。在一些實施例中,在步驟330,將正在執行的作業系統資料儲存於記憶體或儲存裝置,例如記憶體212或儲存裝置214。在一些實施例中,在步驟330,藉由前文所述加密模組220對正在執行的作業系統之資料進行加密。In step 320, the monitoring module continuously detects the use position of the user device, and the detection method is as described in step 310 above. In some embodiments, the detection operation of the monitoring module is performed in a periodic manner, such as at intervals of 10 seconds, 15 seconds, or other suitable periods. In step 326 , the monitoring module determines whether the use location of the user device has changed to another control area (eg, the first work area 101 , the second work area 102 , or outside the company/enterprise 100 ). If it is determined that the use location has not been changed to another control area, go to step 328 to maintain the operation of the operating system being executed; if it is determined that the use location has been changed to another control area, go to step 330 to store and encrypt the operation being executed system information. In some embodiments, after entering step 328, return to step 320 to continuously detect whether the use position of the user device is changed to another control area. In some embodiments, at step 330 , the running operating system data is stored in memory or a storage device, such as memory 212 or storage device 214 . In some embodiments, in step 330, the data of the running operating system is encrypted by the encryption module 220 described above.

在步驟332,關閉使用位置改變前所執行的作業系統或使其進入休眠狀態。在一些實施例中,步驟332進一步包含維持該使用者裝置電源開啟狀態。在步驟332後,返回步驟312,判定該使用者裝置之使用位置位於何管制區,隨後根據新的使用位置開啟相對應的作業系統。In step 332, the operating system executed before the usage location change is shut down or put into a dormant state. In some embodiments, step 332 further includes maintaining the power-on state of the user device. After step 332, the process returns to step 312 to determine which control area the use position of the user device is located in, and then start the corresponding operating system according to the new use position.

根據一實施例,一種操作具有複數個作業系統之使用者裝置的方法,該方法包括:存取組態模組所設定之基於該使用者裝置之使用位置的作業系統啟動規則;藉由監測模組偵測該使用者裝置之使用位置;基於該作業系統啟動規則,回應於該監測模組偵測該使用位置位於第一工作區,使該使用者裝置載入第一作業系統。According to one embodiment, a method of operating a user device having a plurality of operating systems includes: accessing an operating system activation rule set by a configuration module based on a usage location of the user device; The group detects the use position of the user device; based on the operating system activation rule, in response to the monitoring module detecting that the use position is located in the first work area, the user device is loaded into the first operating system.

根據一實施例,一種操作具有複數個作業系統之使用者裝置之方法,該方法包括:存取組態模組所設定之基於該使用者裝置之使用位置的作業系統啟動規則;藉由監測模組偵測該使用者裝置之使用位置;基於該作業系統啟動規則,回應於該監測模組偵測該使用位置由第一工作區改變至第二工作區,而自動切換該使用者裝置之作業系統,其中該自動切換該使用者裝置之作業系統包括:維持該使用者裝置電源開啟狀態;儲存並加密第一作業系統之資料;關閉該第一作業系統或使其進入休眠狀態;及載入第二作業系統。According to one embodiment, a method of operating a user device having a plurality of operating systems includes: accessing an operating system startup rule set by a configuration module based on a usage location of the user device; The group detects the use position of the user device; based on the operating system activation rule, in response to the monitoring module detecting that the use position is changed from the first work area to the second work area, the operation of the user device is automatically switched The system, wherein the automatic switching of the operating system of the user device comprises: maintaining the power-on state of the user device; storing and encrypting data of the first operating system; shutting down the first operating system or making it hibernate; and loading Second operating system.

根據一實施例,一種操作具有複數個作業系統之使用者裝置的系統,其包括:環境訊號源;通訊媒介,其由該環境訊號源發出;及具有複數個作業系統之使用者裝置,其包括:組態模組,其設定基於該使用者裝置之使用位置的作業系統啟動規則;及監測模組,其接收該通訊媒介,且經組態以偵測該使用者裝置之使用位置;其中該使用者裝置基於該作業系統啟動規則,執行以下步驟:回應於該監測模組偵測該使用者裝置位於第一工作區,載入第一作業系統;或回應於該監測模組偵測該使用者裝置由第一工作區改變至第二工作區,自動切換該使用者裝置之作業系統,其中該自動切換該使用者裝置之作業系統包括:維持該使用者裝置電源開啟狀態;儲存並加密第一作業系統之資料;關閉該第一作業系統或使其進入休眠;及載入第二作業系統。According to one embodiment, a system for operating a user device having a plurality of operating systems, comprising: an ambient signal source; a communication medium sent from the ambient signal source; and a user device having a plurality of operating systems, comprising: : a configuration module that sets operating system startup rules based on the usage location of the user device; and a monitoring module that receives the communication medium and is configured to detect the usage location of the user device; wherein the The user device performs the following steps based on the operating system activation rule: in response to the monitoring module detecting that the user device is located in the first work area, loading the first operating system; or in response to the monitoring module detecting the use The user device is changed from the first working area to the second working area, and the operating system of the user device is automatically switched, wherein the automatic switching of the operating system of the user device includes: maintaining the power-on state of the user device; storing and encrypting the first information of an operating system; shutting down the first operating system or putting it into hibernation; and loading the second operating system.

前述內容概述若干實施例之特徵,使得熟習此項技術者可更好地理解本發明實施例之態樣。熟習此項技術者應瞭解,其可容易地使用本發明實施例作為設計或修改其他過程及結構之基礎以用於實施相同目的及/或達成本文介紹之實施例之相同優點。熟習此項技術者亦應認識到,此等等效構造不脫離本發明實施例之精神及範疇,並且在不脫離本發明實施例之精神及範疇之情況下,其等可在本文中進行各種改變、替換及變更。本發明之各實施例能夠相互結合而不脫離本發明之精神及範疇。The foregoing outlines features of several embodiments so that those skilled in the art may better understand aspects of the embodiments of the invention. Those skilled in the art should appreciate that they may readily use the present embodiments as a basis for designing or modifying other processes and structures for carrying out the same purposes and/or achieving the same advantages of the embodiments described herein. Those skilled in the art should also realize that such equivalent constructions do not depart from the spirit and scope of the embodiments of the present invention, and that various modifications may be made herein without departing from the spirit and scope of the embodiments of the present invention. Alterations, substitutions and alterations. The various embodiments of the present invention can be combined with each other without departing from the spirit and scope of the present invention.

10:應用場景 20:系統 30:方法 100:公司/企業 101:第一工作區 102:第二工作區 104:使用者裝置 105:使用者裝置 106:使用者裝置 111:無線網路 112:無線網路 121:有線網路 122:有線網路 202:使用者裝置 204:環境訊號源 206:通訊媒介 210:處理器 212:記憶體 214:儲存裝置 216:組態模組 218:監測模組 220:加密模組 230:基本輸入輸出系統(BIOS) 240:第一作業系統 242:第二作業系統 244:第三作業系統 302:步驟 306:步驟 308:步驟 310:步驟 312:步驟 314:步驟 316:步驟 318:步驟 320:步驟 322:步驟 324:步驟 326:步驟 328:步驟 330:步驟 332:步驟10: Application scenarios 20: System 30: Method 100: Company/Enterprise 101: The first work area 102: Second work area 104: User device 105: User device 106: User device 111: Wireless Network 112: Wireless Network 121: wired network 122: wired network 202: User device 204: Ambient signal source 206: Communication Medium 210: Processor 212: Memory 214: Storage Device 216: Configuration module 218: Monitoring module 220: Encryption Module 230: Basic Input Output System (BIOS) 240: First Operating System 242: Second Operating System 244: Third Operating System 302: Step 306: Steps 308: Steps 310: Steps 312: Steps 314: Steps 316: Steps 318: Steps 320: Steps 322: Steps 324: Steps 326: Steps 328: Steps 330: Steps 332: Steps

在與隨附圖式一起閱讀時,自下文實施方式更佳地理解本發明實施例之態樣。應注意,根據業界中之標準實踐,各種特徵未按比例繪製。實際上,為了清楚論述,可任意增加或減少各種特徵之尺寸。Aspects of embodiments of the invention are better understood from the following description when read in conjunction with the accompanying drawings. It should be noted that in accordance with standard practice in the industry, the various features are not drawn to scale. In fact, the dimensions of the various features may be arbitrarily increased or decreased for clarity of discussion.

圖1展示根據本發明一些實施例之用於操作具有複數個作業系統之使用者裝置的應用場景示意圖。FIG. 1 shows a schematic diagram of an application scenario for operating a user device with multiple operating systems according to some embodiments of the present invention.

圖2展示根據本發明一些實施例之用於操作具有複數個作業系統之使用者裝置的系統。2 shows a system for operating a user device having a plurality of operating systems in accordance with some embodiments of the present invention.

圖3展示根據本發明一些實施例之用於操作具有複數個作業系統之使用者裝置的方法流程圖。3 shows a flowchart of a method for operating a user device having a plurality of operating systems in accordance with some embodiments of the present invention.

20:系統 20: System

202:使用者裝置 202: User device

204:環境訊號源 204: Ambient signal source

206:通訊媒介 206: Communication Medium

210:處理器 210: Processor

212:記憶體 212: Memory

214:儲存裝置 214: Storage Device

216:組態模組 216: Configuration module

218:監測模組 218: Monitoring module

220:加密模組 220: Encryption Module

230:基本輸入輸出系統(BIOS) 230: Basic Input Output System (BIOS)

240:第一作業系統 240: First Operating System

242:第二作業系統 242: Second Operating System

244:第三作業系統 244: Third Operating System

Claims (10)

一種操作具有複數個作業系統之使用者裝置的方法,該方法包括: 存取組態模組所設定之基於該使用者裝置之使用位置的作業系統啟動規則; 藉由監測模組偵測該使用者裝置之使用位置; 基於該作業系統啟動規則,回應於該監測模組偵測該使用位置位於第一工作區,而載入該使用者裝置之第一作業系統。 A method of operating a user device having a plurality of operating systems, the method comprising: Access the operating system startup rules set by the configuration module based on the usage location of the user device; Detect the use position of the user device by the monitoring module; Based on the operating system activation rule, in response to the monitoring module detecting that the use position is located in the first working area, the first operating system of the user device is loaded into the first operating system. 如請求項1之方法,其中該方法進一步包括藉由監測模組以接收環境訊號源所發出之通訊媒介,其中該環境訊號源經組態以賦予該通訊媒介一認證識別資訊,且該方法進一步包括藉由該監測模組讀取該認證識別資訊。The method of claim 1, wherein the method further comprises receiving, by the monitoring module, a communication medium sent by an environmental signal source, wherein the environmental signal source is configured to assign an authentication identification information to the communication medium, and the method further Including reading the authentication identification information by the monitoring module. 如請求項1之方法,其中該方法進一步包括藉由監測模組以接收環境訊號源所發出之通訊媒介,其中該環境訊號源經組態以第一金鑰對該通訊媒介進行加密,且該方法進一步包括藉由該監測模組以第二金鑰解密該通訊媒介,其中該第一金鑰與該第二金鑰為相同或不同。The method of claim 1, wherein the method further comprises receiving, by the monitoring module, a communication medium from an ambient signal source, wherein the ambient signal source is configured to encrypt the communication medium with a first key, and the The method further includes decrypting, by the monitoring module, the communication medium with a second key, wherein the first key and the second key are the same or different. 如請求項1之方法,其中該組態模組儲存於該使用者裝置之記憶體且該使用者裝置直接存取該組態模組,或該組態模組儲存於該使用者裝置之儲存裝置且該使用者裝置將該組態模組載入記憶體後再存取該組態模組。The method of claim 1, wherein the configuration module is stored in memory of the user device and the user device directly accesses the configuration module, or the configuration module is stored in the storage of the user device and the user device loads the configuration module into the memory and then accesses the configuration module. 如請求項1之方法,其中偵測該使用者裝置之使用位置包含讀取隱含於通訊媒介之位置信息,該位置信息包括位置座標、IP位址或其組合。The method of claim 1, wherein detecting the usage location of the user device comprises reading location information implicit in the communication medium, the location information including location coordinates, IP addresses, or a combination thereof. 一種操作具有複數個作業系統之使用者裝置之方法,該方法包括: 存取組態模組所設定之基於該使用者裝置之使用位置的作業系統啟動規則; 藉由監測模組以偵測該使用者裝置之使用位置; 基於該作業系統啟動規則,回應於該監測模組偵測該使用位置由第一工作區改變至第二工作區,而自動切換該使用者裝置之作業系統, 其中該自動切換該使用者裝置之作業系統包括: 維持該使用者裝置電源開啟狀態; 儲存並加密第一作業系統之資料; 關閉該第一作業系統或使其進入休眠;及 載入第二作業系統。 A method of operating a user device having a plurality of operating systems, the method comprising: Access the operating system startup rules set by the configuration module based on the usage location of the user device; Detect the use position of the user device by the monitoring module; Based on the operating system activation rule, in response to the monitoring module detecting that the use position is changed from the first work area to the second work area, the operating system of the user device is automatically switched, The operating system for automatically switching the user device includes: maintaining the power-on state of the user equipment; Store and encrypt the data of the first operating system; shut down or hibernate the primary operating system; and Load the second operating system. 如請求項6之方法,其中該監測模組以週期性方式偵測該使用者裝置之使用位置。The method of claim 6, wherein the monitoring module periodically detects the usage position of the user device. 如請求項6之方法,其中該方法進一步包括藉由監測模組以接收環境訊號源所發出之通訊媒介,其中該環境訊號源經組態以賦予該通訊媒介一認證識別資訊,且該方法進一步包括藉由該監測模組讀取該認證識別資訊。6. The method of claim 6, wherein the method further comprises receiving, by the monitoring module, a communication medium from an ambient signal source, wherein the ambient signal source is configured to give the communication medium an authentication identification, and the method further Including reading the authentication identification information by the monitoring module. 一種操作具有複數個作業系統之使用者裝置的系統,其包括: 環境訊號源; 通訊媒介,其由該環境訊號源發出;及 具有複數個作業系統之使用者裝置,其包括: 組態模組,其設定基於該使用者裝置之使用位置的作業系統啟動規則;及 監測模組,其接收該通訊媒介,且經組態以偵測該使用者裝置之使用位置; 其中該使用者裝置基於該作業系統啟動規則,執行以下步驟: 回應於該監測模組偵測該使用者裝置位於第一工作區以載入該使用者裝置之第一作業系統;或 回應於該監測模組偵測該使用者裝置由第一工作區改變至第二工作區,自動切換該使用者裝置之作業系統,其中該自動切換該使用者裝置之作業系統包括: 維持該使用者裝置電源開啟狀態; 儲存並加密第一作業系統之資料; 關閉該第一作業系統或使其進入休眠;及 載入第二作業系統。 A system for operating a user device having a plurality of operating systems, comprising: environmental signal source; the communication medium from the environmental signal source; and A user device having a plurality of operating systems, including: a configuration module that sets operating system startup rules based on the location of use of the user device; and a monitoring module that receives the communication medium and is configured to detect the usage location of the user device; The user device performs the following steps based on the operating system startup rule: in response to the monitoring module detecting that the user device is located in the first work area to load the first operating system of the user device; or In response to the monitoring module detecting that the user equipment is changed from the first working area to the second working area, the operating system of the user equipment is automatically switched, wherein the automatic switching of the operating system of the user equipment includes: maintaining the power-on state of the user equipment; Store and encrypt the data of the first operating system; shut down or hibernate the primary operating system; and Load the second operating system. 如請求項9之系統,其中該組態模組之修改權限經鎖定且須以金鑰進行解鎖方得對其進行修改。As claimed in the system of item 9, wherein the modification authority of the configuration module is locked and must be unlocked with a key to modify it.
TW110103847A 2021-02-02 2021-02-02 Methods and systems for operating user devices having multiple operating systems TWI767548B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW110103847A TWI767548B (en) 2021-02-02 2021-02-02 Methods and systems for operating user devices having multiple operating systems

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW110103847A TWI767548B (en) 2021-02-02 2021-02-02 Methods and systems for operating user devices having multiple operating systems

Publications (2)

Publication Number Publication Date
TWI767548B true TWI767548B (en) 2022-06-11
TW202232313A TW202232313A (en) 2022-08-16

Family

ID=83103691

Family Applications (1)

Application Number Title Priority Date Filing Date
TW110103847A TWI767548B (en) 2021-02-02 2021-02-02 Methods and systems for operating user devices having multiple operating systems

Country Status (1)

Country Link
TW (1) TWI767548B (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TW567410B (en) * 2001-03-01 2003-12-21 Ibm Method and system for log repair action handling on a logically partitioned multiprocessing system
TW200712875A (en) * 2005-09-07 2007-04-01 Mitac Technology Corp Method for fast switching between different operating systems in computer device with multiple operating systems
US7356677B1 (en) * 2001-10-19 2008-04-08 Flash Vos, Inc. Computer system capable of fast switching between multiple operating systems and applications
TW201001285A (en) * 2008-06-25 2010-01-01 Universal Scient Ind Co Ltd System and method for multi-functions booting
TW201229901A (en) * 2011-01-05 2012-07-16 Insyde Software Corp Method for rapidly switching operation system
TWI588747B (en) * 2014-01-14 2017-06-21 仁寶電腦工業股份有限公司 Method for switching operating systems and electronic apparatus

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TW567410B (en) * 2001-03-01 2003-12-21 Ibm Method and system for log repair action handling on a logically partitioned multiprocessing system
US7356677B1 (en) * 2001-10-19 2008-04-08 Flash Vos, Inc. Computer system capable of fast switching between multiple operating systems and applications
TW200712875A (en) * 2005-09-07 2007-04-01 Mitac Technology Corp Method for fast switching between different operating systems in computer device with multiple operating systems
TW201001285A (en) * 2008-06-25 2010-01-01 Universal Scient Ind Co Ltd System and method for multi-functions booting
TW201229901A (en) * 2011-01-05 2012-07-16 Insyde Software Corp Method for rapidly switching operation system
TWI588747B (en) * 2014-01-14 2017-06-21 仁寶電腦工業股份有限公司 Method for switching operating systems and electronic apparatus

Also Published As

Publication number Publication date
TW202232313A (en) 2022-08-16

Similar Documents

Publication Publication Date Title
US10194266B2 (en) Enforcement of proximity based policies
US9811682B2 (en) Security policy for device data
KR101208257B1 (en) System and method to provide added security to a platform using locality-based data
US8566610B2 (en) Methods and apparatus for restoration of an anti-theft platform
KR101654778B1 (en) Hardware-enforced access protection
US20150381658A1 (en) Premises-aware security and policy orchestration
US20110307709A1 (en) Managing security operating modes
US20100111309A1 (en) Encryption key management system and methods thereof
US10523427B2 (en) Systems and methods for management controller management of key encryption key
US10148444B2 (en) Systems and methods for storing administrator secrets in management controller-owned cryptoprocessor
US10366025B2 (en) Systems and methods for dual-ported cryptoprocessor for host system and management controller shared cryptoprocessor resources
US10019577B2 (en) Hardware hardened advanced threat protection
US10146952B2 (en) Systems and methods for dynamic root of trust measurement in management controller domain
TWI767548B (en) Methods and systems for operating user devices having multiple operating systems
US20230177148A1 (en) Liveness guarantees in secure enclaves using health tickets
US11593462B2 (en) Baseboard management controller firmware security system
CN114840259A (en) Method and system for operating user device with multiple operating systems
US10778650B2 (en) Systems and methods for management domain attestation service
US10089457B2 (en) Unlocking device to access uncertified networks
US20240064148A1 (en) System and method for managing privileged account access
CN117610038A (en) Method and device for realizing encrypted USB flash disk, electronic equipment and storage medium