SECTOR MAP-BASED RAPID DATA ENCRYPTION POLICY COMPLIANCE
First Claim
1. A method comprising:
- receiving, at a computing device, a request to activate a policy for the computing device, the policy indicating that data written by the computing device to a storage volume after activation of the policy be encrypted;
activating, in response to the request, the policy for the computing device, including encrypting data written to the storage volume after returning an indication of compliance with the policy, and further including using a sector map to identify one or more sectors of the storage volume that are not encrypted; and
returning, in response to the request, the indication of compliance with the policy despite one or more sectors of the storage volume being unencrypted.
2 Assignments
0 Petitions
Accused Products
Abstract
To comply with a policy for a computing device indicating that data written by the computing device to the storage volume after activation of the policy be encrypted, a sector map is accessed. The sector map identifies one or more sectors of a storage volume and also identifies, for each of the one or more sectors of the storage volume, a signature of the content of the sector. In response to a request to read the content of a sector, the content of the sector is returned without decrypting the content if the sector is one of the one or more sectors and the signature of the content of the sector matches the signature of the sector identified in the sector map. Otherwise, the content of the sector is decrypted and the decrypted content is returned.
128 Citations
20 Claims
-
1. A method comprising:
-
receiving, at a computing device, a request to activate a policy for the computing device, the policy indicating that data written by the computing device to a storage volume after activation of the policy be encrypted; activating, in response to the request, the policy for the computing device, including encrypting data written to the storage volume after returning an indication of compliance with the policy, and further including using a sector map to identify one or more sectors of the storage volume that are not encrypted; and returning, in response to the request, the indication of compliance with the policy despite one or more sectors of the storage volume being unencrypted. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. One or more computer storage media having stored thereon multiple instructions that, when executed by one or more processors of a computing device to comply with a policy for the computing device, cause the one or more processors to:
-
access a sector map identifying one or more sectors of a storage volume, the sector map further identifying, for each of the one or more sectors, a signature of the content of the sector, the policy indicating that data written by the computing device to the storage volume after activation of the policy be encrypted; and return content of a sector of the storage volume in response to a request to read the content without decrypting the content if the sector is one of the one or more sectors and the signature of the content of the sector matches the signature of the sector identified in the sector map, and otherwise decrypt the content of the sector and return the decrypted content. - View Dependent Claims (15, 16, 17, 18, 19)
-
-
20. A method comprising:
-
accessing, in a computing device complying with a policy indicating that data written by the computing device to a storage volume after activation of the policy be encrypted, a sector map identifying one or more sectors of the storage volume, the sector map further identifying, for each of the one or more sectors, a signature of the content of the sector; receiving a request to read the content of a sector of the storage volume; checking whether the sector is identified in the sector map; if the sector is not identified in the sector map, then decrypting the content of the sector and returning the decrypted content of the sector; if the sector is identified in the sector map, then; checking whether the signature of the content of the sector matches the signature identified for the sector in the sector map, decrypting the content of the sector and returning the decrypted content of the sector if the signature of the content of the sector does not match the signature identified in the sector map of the sector, and returning the content of the sector without decrypting the content of the sector if the signature of the content of the sector does match the signature identified in the sector map of the sector.
-
Specification