	US 12,468,815 B2
	Client authentication and data management system
Ariel Silverstone, Redmond, WA (US)
Assigned to COMPUTER PROTECTION IP, LLC, Cumming, GA (US)
Filed by COMPUTER PROTECTION IP, LLC, Cumming, GA (US)
Filed on Jan. 27, 2022, as Appl. No. 17/586,721.
Application 14/937,315 is a division of application No. 13/917,092, filed on Jun. 13, 2013, abandoned.
Application 14/937,315 is a division of application No. 12/514,222, granted, now 8,468,591, issued on Jun. 18, 2013, previously published as PCT/US2007/081386, filed on Oct. 13, 2007.
Application 17/586,721 is a continuation of application No. 14/937,315, filed on Nov. 10, 2015, abandoned.
Claims priority of provisional application 60/939,394, filed on May 22, 2007.
Prior Publication US 2022/0147634 A1, May 12, 2022
This patent is subject to a terminal disclaimer.
Int. Cl. G06F 21/57 (2013.01); G06F 9/455 (2018.01); G06F 21/44 (2013.01); G06F 21/53 (2013.01); G06F 21/55 (2013.01); G06F 21/60 (2013.01); H04L 9/40 (2022.01)

CPC G06F 21/575 (2013.01) [G06F 9/45558 (2013.01); G06F 21/44 (2013.01); G06F 21/53 (2013.01); G06F 21/554 (2013.01); G06F 21/602 (2013.01); H04L 63/08 (2013.01); H04L 63/20 (2013.01); G06F 2009/45587 (2013.01); G06F 2221/033 (2013.01)]

13 Claims

1. A system for protecting a computing device from unauthorized use comprising:

(a) a computing device configured for communication over a network, said computing device having memory, storage, a BIOS, and input/output functions, said computing device capable of being connected to a network;

(b) a boot file residing on the computing device that is launched upon applying power to the computing device and that initiates the BIOS of the computing device and then initiates a call to launch the computing device;

(c) a hypervisor residing on the computing device that intercepts the call to launch the computing device prior to an operating system on the computing device booting;

(d) a server communicatively coupled to said computing device and configured to authenticate said computing device by first receiving a request for authentication that is sent from the hypervisor of the computing device and responding to the request for authentication by sending an authenticated indicator or a “not-authenticated” indicator to the computing device;

(e) a virtual machine manager comprising a plurality of modules executable by one or more systems in a distributed computing environment, wherein at least a portion of the virtual machine manager is executed on the computing device;

(f) the computing device further being configured to launch a virtual machine operating system under the control of the virtual machine manager only in response to receiving said authenticated indicator from the server, wherein prior to receiving said authenticated indicator said virtual machine operating system is not running and wherein once said virtual machine operating system is launched, said virtual machine operating system runs under the control of a particular virtual machine that is being managed by said virtual machine manager; and

(g) the computing device further configured to prevent said virtual machine operating system from launching prior to receiving said authenticated indicator and/or in response to receiving a “not authenticated” indicator, and to enter a replication mode, wherein the hypervisor allows the operating system of the computing device to load and grants access to unprotected areas on the computing device but prevents access to sensitive data present on the computing device, wherein the unauthenticated computing device operates with restricted access.