Keys for encrypted disk partitions

US 10,389,693 B2
Filed: 08/23/2016
Issued: 08/20/2019
Est. Priority Date: 08/23/2016
Status: Active Grant

First Claim

Patent Images

1. A non-transitory machine-readable storage medium comprising instructions executable by a processing resource, the instructions comprising:

instructions to receive a key request from a requestor, wherein the key request is for a key to an encrypted disk partition of a protected computing device and comprises a unique identifier associated with the encrypted disk partition, and wherein the key request is one of a plurality of key requests received from the requestor;

instructions to determine a validity of the key request, wherein the determination of the validity of the key request is based on a number of previous key requests comprising the unique identifier; and

instructions to identify a pattern of requests indicative of a normal boot-up process;

instructions to identify a received pattern for the plurality of key requests received from the requestor;

instructions to determine if the received pattern is the same as the pattern of requests indicative of a normal boot-up process;

in response to determining the received pattern is different from the pattern of requests indicative of a normal boot-up process, instructions to determine the key request is invalid;

instructions to send the key to the requestor based on the determination of the validity of the key request;

instructions to receive a registration request from the protected computing device, the registration request including information identifying the protected computing device;

instructions to receive the unique identifier from the protected computing device;

instructions to receive the key from the protected computing device;

instructions to store the unique identifier with the information identifying the protected computing device on a first database;

instructions to store the key on a second database;

instructions to receive a key identification number; and

instructions to store the key identification number, unique identifier, and information identifying the protected computing device on a third database,wherein the pattern of requests indicative of a normal boot-up process comprises a non-linear pattern of requests.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Examples described herein include receiving a key request from a requestor, determining a validity of the key request, and sending the key to the requestor based on the determination of the validity of the key request. In some examples, the key request is for a key to an encrypted disk partition of a protected computing device and comprises a unique identifier associated with the encrypted disk partition.

58 Citations

15 Claims

1. A non-transitory machine-readable storage medium comprising instructions executable by a processing resource, the instructions comprising:
- instructions to receive a key request from a requestor, wherein the key request is for a key to an encrypted disk partition of a protected computing device and comprises a unique identifier associated with the encrypted disk partition, and wherein the key request is one of a plurality of key requests received from the requestor;
  
  instructions to determine a validity of the key request, wherein the determination of the validity of the key request is based on a number of previous key requests comprising the unique identifier; and
  
  instructions to identify a pattern of requests indicative of a normal boot-up process;
  
  instructions to identify a received pattern for the plurality of key requests received from the requestor;
  
  instructions to determine if the received pattern is the same as the pattern of requests indicative of a normal boot-up process;
  
  in response to determining the received pattern is different from the pattern of requests indicative of a normal boot-up process, instructions to determine the key request is invalid;
  
  instructions to send the key to the requestor based on the determination of the validity of the key request;
  
  instructions to receive a registration request from the protected computing device, the registration request including information identifying the protected computing device;
  
  instructions to receive the unique identifier from the protected computing device;
  
  instructions to receive the key from the protected computing device;
  
  instructions to store the unique identifier with the information identifying the protected computing device on a first database;
  
  instructions to store the key on a second database;
  
  instructions to receive a key identification number; and
  
  instructions to store the key identification number, unique identifier, and information identifying the protected computing device on a third database,wherein the pattern of requests indicative of a normal boot-up process comprises a non-linear pattern of requests.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The non-transitory machine-readable storage medium of claim 1, the instructions comprising:
    - instructions to receive a registration request from the protected computing device;
      
      instructions to receive the unique identifier associated with the encrypted disk partition from the protected computing device;
      
      instructions to receive the key to the encrypted disk partition from the protected computing device; and
      
      instructions executable by the processing resource to store the unique identifier and the key.
  - 3. The non-transitory machine-readable storage medium of claim 1 wherein the instructions to determine the validity of the key request comprise instructions to determine that the unique identifier is associated with the requestor.
  - 4. The non-transitory machine-readable storage medium of claim 2,wherein the unique identifier and the key are stored on a hardware security device;
    - andwherein the instructions to send the key comprise instructions to retrieve the key from the hardware security device.
  - 5. The non-transitory machine-readable storage medium of claim 2,wherein the unique identifier and the key are received from the protected computing device over a first encrypted communication session;
    - andwherein the key request is received from the requestor over a second encrypted communication session.
  - 6. The non-transitory machine-readable storage medium of claim 1, wherein the instructions to determine the validity of the key request comprise instructions to determine an identity of the requestor.
  - 7. The non-transitory machine-readable storage medium of claim 1, wherein the instructions to determine the validity of the key request comprise instructions to compare the requestor to the information identifying the protected computing device that is stored on the first database.
  - 8. The non-transitory machine-readable storage medium of claim 2, wherein the instructions comprise instructions to send the unique identifier and the key to a secondary computing device.

9. A computing device, comprising:
- a registration engine to receive a registration request from a protected computing device and to receive a key for an encrypted disk partition of the protected computing device and a unique identifier associated with the encrypted disk partition, wherein the registration request comprises information identifying the protected computing device;
  
  a request engine to receive a plurality of key requests comprise a key request from a requestor, the key request comprising the unique identifier and information identifying the requestor;
  
  a validation engine to determine validity of the key request and to send the key based on the determination of the validity of the key request, wherein the determination of the validity of the key request is based on a number of previous key requests comprising the unique identifier; and
  
  a memory comprising a first database, a second database, and a third database;
  
  wherein the validation engine is configured to determine validity of key requests by;
  
  identifying a pattern of requests indicative of a normal boot-up process, wherein the pattern of requests indicative of a normal boot-up process comprises a non-linear pattern of requests;
  
  identifying a received pattern for the plurality of key requests received from the requestor;
  
  determining if the received pattern is the same as the pattern of requests indicative of a normal boot-up process;
  
  in response to determining the received pattern is different from the pattern of requests indicative of a normal boot-up process, determining the key request is invalid; and
  
  in response to determining the received pattern is the same as the pattern of requests indicative of a normal boot up process, sending the key to the requestor;
  
  wherein the registration engine is configured to store the key, the information identifying the protected computing device, and the unique identifier by;
  
  storing the unique identifier with the information identifying the protected computing device on the first database;
  
  instructions to store the key on the second database;
  
  instructions to receive a key identification number; and
  
  instructions to store the key identification number, unique identifier, and information identifying the protected computing device on the third database.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The computing device of claim 9, wherein the validation engine is to determine the validity of the key request based on a comparison of the information identifying the protected computing device and the information identifying the requestor.
  - 11. The computing device of claim 9, wherein the validation engine is to determine the validity of the key request based on a comparison of the information identifying the requestor and the unique identifier associated with the encrypted disk partition.
  - 12. The computing device of claim 9, wherein the registration request is received over a transport layer security encrypted session.
  - 13. The computing device of claim 9, wherein the key request is received over a transport layer security encrypted session.
  - 14. The computing device of claim 9, wherein the validation engine is to determine the validity of the key request based on a pattern associated with the number of previous key requests comprising the unique identifier.
  - 15. The computing device of claim 9, comprising a transfer engine to send the key, the information identifying the protected computing device, and the unique identifier to a secondary computing device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett Packard Enterprise Development LP (Hewlett-Packard Enterprise Company)
Original Assignee
Hewlett Packard Enterprise Development LP (Hewlett-Packard Enterprise Company)
Inventors
Clark, Robert Graham, Kelsey, Timothy John, Stephenson, Bryan, Chivers, Douglas
Primary Examiner(s)
Zarrineh, Shahriar

Application Number

US15/244,774
Publication Number

US 20180063101A1
Time in Patent Office

1,092 Days
Field of Search

713171
US Class Current
CPC Class Codes

G06F 12/1408 by using cryptography for d...

H04L 63/061 for key exchange, e.g. in p...

Keys for encrypted disk partitions

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

58 Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Keys for encrypted disk partitions

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

58 Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links