Secure data protection during disasters

US 20080141040A1
Filed: 12/08/2006
Published: 06/12/2008
Est. Priority Date: 12/08/2006
Status: Active Grant

First Claim

Patent Images

1. One or more computer-readable media comprising computer-executable instructions representing a disaster preparation script, the computer-executable instructions directed to steps comprising:

verifying that at least one key, used to access algorithmically protected data on a computing device expected to be affected by a disaster, is stored in an off-site location; and

removing the at least one key from the computing device.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In situations, such as disasters, where the physical protection of data may be compromised, algorithmic protection of such data can be increased in anticipation of the disaster. An off-site mechanism can send a disaster preparation script to computing devices expected to be affected, resulting in the deletion of decryption keys from those computing devices. Once the disaster passes, the off-site mechanism, upon receiving confirmation of the physical integrity of the computing devices, can return one or more decryption keys to the computing devices, enabling access algorithmically protected data. The off-site mechanism can also optionally provide access information that can be used to obtain access to the algorithmically protected data via at least one returned decryption key.

Citations

20 Claims

1. One or more computer-readable media comprising computer-executable instructions representing a disaster preparation script, the computer-executable instructions directed to steps comprising:
- verifying that at least one key, used to access algorithmically protected data on a computing device expected to be affected by a disaster, is stored in an off-site location; and
  
  removing the at least one key from the computing device.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The computer-readable media of claim 1, wherein the computer-executable instructions are further directed to steps comprising:
    - removing, from the computing device, all keys used to access algorithmically protected data on the computing device.
  - 3. The computer-readable media of claim 1, wherein the computer-executable instructions are further directed to steps comprising:
    - verifying that the computing device comprises algorithmically protected data; and
      
      , if the computing device does not comprise algorithmically protected data, algorithmically protecting at least some data on the computing device.
  - 4. The computer-readable media of claim 1, wherein the computer-executable instructions are further directed to steps comprising:
    - algorithmically protecting at least some data on the computing device such that an associated key required to algorithmically unprotect the data has not previously been used by the computing device to access the data.
  - 5. The computer-readable media of claim 4, wherein the associated key is exclusively stored at the off-site location.
  - 6. The computer-readable media of claim 1, wherein the computer-executable instructions are further directed to steps comprising:
    - shutting down the computing device.

7. One or more computer-readable media comprising computer-executable instructions for releasing a computing device from a heightened level of algorithmic security following a disaster affecting the computing device, the computer-executable instructions directed to steps comprising:
- receiving verification that the computing device is physically secure;
  
  transmitting at least one key, used to access algorithmically protected data on a computing device, to the computing device; and
  
  transmitting instructions to the computing device for storing the at least one key in a predetermined area of the computing device where such keys would be automatically identified by the computing device upon startup.
- View Dependent Claims (8, 9, 10, 11, 12, 13)
- - 8. The computer-readable media of claim 7, wherein the computer-executable instructions are further directed to steps comprising:
    - transmitting, to the computing device, all keys, previously used to access algorithmically protected data on the computing device, which were removed from the computing device in anticipation of the disaster.
  - 9. The computer-readable media of claim 7, wherein the computer-executable instructions are further directed to steps comprising:
    - transmitting data necessary for the computing device to access the at least one key.
  - 10. The computer-readable media of claim 7, wherein the receiving verification comprises receiving encrypted computer network communications from the computing device.
  - 11. The computer-readable media of claim 7, wherein the receiving verification comprises receiving input from an individual who has inspected the computing device.
  - 12. The computer-readable media of claim 7, wherein the at least one key is different from keys previously used to access algorithmically protected data on the computing device.
  - 13. The computer-readable media of claim 7, wherein the at least one key was generated for providing recovery access to algorithmically protected data on the computing device.

14. A method for protecting data on a computing device when a disaster is expected to affect the computing device, the method comprising:
- verifying that at least one key, used to access algorithmically protected data on a computing device expected to be affected by a disaster, is stored in an off-site location; and
  
  removing the at least one key from the computing device.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The method of claim 14, further comprising:
    - removing, from the computing device, all keys used to access algorithmically protected data on the computing device.
  - 16. The method of claim 14, further comprising:
    - shutting down the computing device.
  - 17. The method of claim 14, further comprising:
    - receiving verification that the computing device is physically secure after the disaster;
      
      transmitting at least one key, used to access algorithmically protected data on the computing device, to the computing device after the disaster; and
      
      transmitting instructions to the computing device after the disaster for storing the at least one key in a predetermined area of the computing device where such keys would be automatically identified by the computing device upon startup.
  - 18. The method of claim 17, further comprising:
    - transmitting, to the computing device after the disaster, all keys, previously used to access algorithmically protected data on the computing device, which were removed from the computing device in anticipation of the disaster.
  - 19. The method of claim 17, further comprising:
    - transmitting, to the computing device after the disaster, data necessary for the computing device to access the at least one key.
  - 20. The method of claim 17, wherein the at least one key is different from keys previously used to access algorithmically protected data on the computing device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Ureche, Octavian T., Biddle, Peter N., Ray, Kenneth D., Holt, Erik

Granted Patent

US 8,135,135 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/193
CPC Class Codes

G06F 11/1415   at system level

G06F 21/6218   to a system of files or obj...

H04L 9/0897   involving additional device...

Secure data protection during disasters

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Secure data protection during disasters

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links