Key management to protect encrypted data of an endpoint computing device
US8588422B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | May 28, 2009 |
| Grant date | Nov 19, 2013 |
| Priority date | — |
| Expiry date | Jul 15, 2031 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F21/57
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
Methods and apparatus involve protecting encrypted data of endpoint computing assets by managing decryption keys. The endpoint has both a traditional operating system for applications, and the like, and another operating system during a pre-boot phase of operation. During use, the pre-boot operating system prevents users of the endpoint from accessing the encrypted data and the key. Upon determining the encrypted data has been compromised, the key is disassociated from the encrypted data. Disassociation can occur in a variety of ways including deleting or scrambling the key and/or data or re-encrypting the encrypted data with a new key. Key escrowing and updating through the pre-boot is further contemplated. The pre-boot phase also contemplates a limited computing connection between the endpoint and a specified authentication server and approved networking ports, USB devices and biometric equipment. Security policies and enforcement modules are also disclosed as are computer program products, computing arrangements, etc.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.