With the proliferation of Internet connected devices there exists a growing need for secure computing environments that can be customized to the unique resources available on each device that take into consideration that the device may have to operate in a wide variety of locations in many different contexts.
U.S. patent application Ser. No. 13/945,677 discloses a system for policy-based access control and management for mobile computing devices that addresses this need. That application is included by reference as if fully set forth herein. The basic system presented in that application is summarized in FIG. 1 and FIG. 2.
The system described therein provides extensive granularity of control over permitted operations, plus network, file system, and device access on handsets controlled by the system. Furthermore, the system utilizes one or more policy decision point (PDP) servers (101) Which respond to encrypted queries from handsets controlled by a given instance of the system. These PDP servers may be remote from the handset, or may even be hosted within the handset (102). The queries typically encapsulate requests for use of specific handset or network-accessible assets, and the PDP response to such a request is then received by the querying handset, with subsequent decisions made by the PDP then enforced at the Policy Enforcement Points (PEPs) on the handset (103). Note that for the purpose of brevity in the present description, we use the term “handset” largely in regard to “smartphone” devices and similar phone devices, but the invention should be considered generally applicable for the case of any computing device that might be a client in the system.
The system and methods described in U.S. patent application Ser. No. 13/945,677 refer to software implementations whereby software that implements the policy control is loaded onto the computing hardware. However, there are instances where a purely hardware implementation or a hybrid implementation is advantageous. This new configuration is the focus of the present invention.