There is prior art disclosing methods for a network access point to check whether a device requesting access to a network has authorization credentials to access the network. For example, the network access point may request a user name and password for a user of the device prior to granting access. In another example, a cell phone service provider may check to see if a cell phone has an account with Internet access privilege before providing Internet access to a cell phone.
U.S. patent application Ser. No. 15/348,210 filed Nov. 10, 2016 discloses a method for a computing device to allow access to authorized external access entities to user information on the computing device.
There is prior art (for example, Intel Manageability Engine, Intel Software Guard Extensions, Intel Trusted Execution Technology, Intel Authenticated Code Modules, and ARM trust zone) disclosing methods for executing a module in a partition of a computing device, and protecting that module from software executing outside that partition.
There is prior art disclosing the design and implementation of key escrow systems, wherein a key escrow agent is provided with cryptographic keys that can be used at any time to decrypt communications from a device.
Computing devices have been proposed that would allow for authorized law enforcement entities special privileges in unlocking the device, for decrypting messages communicated by the device, and/or for retrieving information stored or used on the device. A country or other political entity could require that all devices sold in that country conform to specified policies for authorized law enforcement access. But all countries may not have the same policies, and some countries may not cooperate with law enforcement entities of another country. The purpose of this invention is to present a method whereby a policy enforcing network access point can set a policy requirement for law enforcement access for any devices that it allows on a network, and then robustly verify whether a device meets this policy requirement before allowing the device on the network. With this invention, a country could set a law enforcement access policy requirement for devices that obtain Internet access within the country.