METHOD AND APPARATUS FOR PREVENTING ACCESS TO ENCRYPTED DATA IN A NODE
First Claim
1. A method of preventing access to data in a node, wherein the data is encrypted using an encryption algorithm with a cryptographic key-material, comprising:
- receiving a trigger, wherein the trigger indicates suspicious activity performed on the node or indicates theft of the node;
sending the trigger to a central authority, wherein the central authority has a policy setting for preventing access to the encrypted data;
receiving an acknowledgement of the trigger from the central authority;
verifying the validity of the trigger;
updating a theft status of the node when the trigger is verified;
requesting an approval from the central authority for preventing access to the encrypted data after updating the theft status;
receiving the approval from the central authority; and
preventing access to the encrypted data based on the policy setting, responsive to receiving the approval.
1 Assignment
0 Petitions
Accused Products
Abstract
A method of preventing access of data in a node quickly and securely when the node is lost or stolen. The data is first encrypted using an encryption algorithm with a cryptographic key-material. Heuristic methods of detecting un-authorized access to the node are implemented to generate a theft-trigger. The theft-trigger is received and sent to a central authority. The validity of the trigger is verified and the central authority sends an acknowledgement of the trigger. When approval is given from the central authority, access to the data is prevented by deleting or concealing some cryptographic key-material.
-
Citations
26 Claims
-
1. A method of preventing access to data in a node, wherein the data is encrypted using an encryption algorithm with a cryptographic key-material, comprising:
-
receiving a trigger, wherein the trigger indicates suspicious activity performed on the node or indicates theft of the node; sending the trigger to a central authority, wherein the central authority has a policy setting for preventing access to the encrypted data; receiving an acknowledgement of the trigger from the central authority; verifying the validity of the trigger; updating a theft status of the node when the trigger is verified; requesting an approval from the central authority for preventing access to the encrypted data after updating the theft status; receiving the approval from the central authority; and preventing access to the encrypted data based on the policy setting, responsive to receiving the approval. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A node comprising:
-
a mass storage device having data encrypted using an encryption algorithm with a cryptographic key-material; a host processor having an Operating System (OS) executing on the host processor, wherein the OS comprises; a key management module, to manage the storage of the cryptographic key-material; a theft management module, to monitor a theft status and to detect a trigger, wherein the trigger indicates suspicious activity performed on the node or indicates theft of the node; a shredding agent, to prevent access to the encrypted data; and a Secure File Shredding Management (SFSM) module to; receive the trigger; send the trigger to a central authority, wherein the central authority has a policy setting for preventing access to the encrypted data; receive an acknowledgement of the trigger from the central authority; verify the validity of the trigger; update the theft status of the node when the trigger is verified; request an approval from the central authority for preventing access to the encrypted data after updating the theft status; receive the approval from the central authority; and initiate the shredding agent to prevent access to the encrypted data based on the policy setting, responsive to receiving the approval. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A computer readable medium having instructions stored thereon which, when executed in a node, cause a host processor, having data encrypted using an encryption algorithm with a cryptographic key-material, and a security module, to perform the following steps:
-
receiving a trigger, wherein the trigger indicates suspicious activity performed on the node or indicates theft of the node; sending the trigger to a central authority, wherein the central authority has a policy setting for preventing access to the encrypted data; verifying the validity of the trigger; receiving an acknowledgement of the trigger from the central authority; updating a theft status of the node when the trigger is verified; requesting an approval from the central authority for preventing access to the encrypted data after updating the theft status; receiving the approval from the central authority; and preventing access to the encrypted data based on the policy setting, responsive to receiving the approval. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26)
-
Specification