Method and apparatus for centrally managed encrypted partition
First Claim
1. In a computer network comprising an at least one main computer comprising a first storage device and an at least one remote computer comprising a memory unit and a second storage device, a method for protecting data stored on the second storage device of the at least one remote computer, the method comprising the steps of:
- creating a first cryptokey;
storing the first cryptokey on the first storage device of the at least one main computer;
authenticating the at least one remote computer to the at least one main computer;
providing the first cryptokey to the at least one remote computer;
storing the first cryptokey in the memory unit of the at least one remote computer; and
mounting an operative partition encrypted with the first cryptokey to the at least one remote computer, said operative partition mapped to the second storage device, whereby said data stored on said second storage device is accessible only if said at least one remote computer is authenticated by said at least one main computer.
2 Assignments
0 Petitions
Accused Products
Abstract
A method and apparatus for protecting a remote computer connected through a network to a main computer, by creating a cryptokey on the main computer, supplying the cryptokey to the remote computer and mounting a partition on the remote computer using the cryptokey. The cryptokey is not persistently stored on the remote computer but rather saved in its memory, and the connection of the remote computer to the main computer is periodically tested. Once the remote computer is disconnected, the encrypted partition is unmounted and the cryptokey is erased form the memory, thus disabling access of an attacker to data stored in the encrypted partition. The method incorporates swap partition encryption using a cryptokey created each time during the boot of the remote computer.
-
Citations
12 Claims
-
1. In a computer network comprising an at least one main computer comprising a first storage device and an at least one remote computer comprising a memory unit and a second storage device, a method for protecting data stored on the second storage device of the at least one remote computer, the method comprising the steps of:
-
creating a first cryptokey; storing the first cryptokey on the first storage device of the at least one main computer; authenticating the at least one remote computer to the at least one main computer; providing the first cryptokey to the at least one remote computer; storing the first cryptokey in the memory unit of the at least one remote computer; and mounting an operative partition encrypted with the first cryptokey to the at least one remote computer, said operative partition mapped to the second storage device, whereby said data stored on said second storage device is accessible only if said at least one remote computer is authenticated by said at least one main computer. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. An apparatus for protecting data stored on a storage device associated with an at least one remote computer connected through a network to an at least one main computer, the apparatus comprising:
-
a cryptokey generator for generating an at least one cryptokey; a partition generating component for generating an at least one encrypted partition using the at least one cryptokey; a mount/unmount device for mounting or unmounting the at least one encrypted partition to the at least one remote computer using the at least one cryptokey, said at least one encrypted partition mapped to the storage device; a connection testing component for testing whether the at least one remote computer is connected to the at least one main computer through the network; and an authentication component for determining whether the at least one remote computer is authenticated for being connected to the at least one main computer. - View Dependent Claims (8, 9, 10, 11)
-
-
12. A computer readable storage medium containing a set of instructions for a general purpose computer, the set of instructions comprising:
-
creating a first cryptokey; storing the first cryptokey on a first storage device of an at least one main computer; authenticating an at least one remote computer to the at least one main computer; providing the first cryptokey to the at least one remote computer; storing the first cryptokey in a memory unit of the at least one remote computer; and mounting an operative partition encrypted with the first cryptokey to the at least one remote computer, said operative partition mapped to a second storage device storing data whereby said data is accessible only if said at least one remote computer is authenticated by said at least one main computer.
-
Specification