Posture-based data protection
First Claim
Patent Images
1. A method for providing access to encrypted data on a computing device based on a security-posture of the computing device, comprising:
- assessing the security-posture of the computing device upon which the encrypted data is stored;
if the assessed security-posture meets specified criteria, providing the computing device with a key which enables the computing device to access the encrypted data, wherein providing the computing device with the key involves using a key-management server which interacts with the computing device to provide the key;
allowing the key to be cached locally on the computing device;
monitoring activity on the computing device; and
if the activity causes the security-posture of the computing device to no longer meet the specified criteria, erasing the locally cached copy of the key so that the computing device cannot access the encrypted data without interacting with the key-management server again.
3 Assignments
0 Petitions
Accused Products
Abstract
One embodiment of the present invention provides a system that facilitates access to encrypted data on a computing device based on a security-posture of the computing device. During operation, the system assesses the security-posture of the computing device upon which the encrypted data is stored. If the assessed security-posture meets specified criteria, the system provides the computing device with a key which enables the computing device to access the encrypted data.
41 Citations
18 Claims
-
1. A method for providing access to encrypted data on a computing device based on a security-posture of the computing device, comprising:
-
assessing the security-posture of the computing device upon which the encrypted data is stored; if the assessed security-posture meets specified criteria, providing the computing device with a key which enables the computing device to access the encrypted data, wherein providing the computing device with the key involves using a key-management server which interacts with the computing device to provide the key; allowing the key to be cached locally on the computing device; monitoring activity on the computing device; and if the activity causes the security-posture of the computing device to no longer meet the specified criteria, erasing the locally cached copy of the key so that the computing device cannot access the encrypted data without interacting with the key-management server again. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A computer-readable storage medium storing instructions that when executed by a computer cause the computer to perform a method for providing access to encrypted data on a computing device based on a security-posture of the computing device, the method comprising:
-
assessing the security-posture of the computing device upon which the encrypted data is stored; if the assessed security-posture meets specified criteria, providing the computing device with a key which enables the computing device to access the encrypted data, wherein providing the computing device with the key involves using a key-management server which interacts with the computing device to provide the key; allowing the key to be cached locally on the computing device; monitoring activity on the computing device; and if the activity causes the security-posture of the computing device to no longer meet the specified criteria, erasing the locally cached copy of the key so that the computing device cannot access the encrypted data without interacting with the key-management server again. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. An apparatus that provides access to encrypted data on a computing device based on a security-posture of the computing device, comprising:
-
an assessment mechanism configured to assess the security-posture of the computing device upon which the encrypted data is stored; an access mechanism, wherein if the assessed security-posture meets specified criteria, the access mechanism is configured to provide the computing device with a key which enables the computing device to access the encrypted data, the access mechanism being further configured to use a key-management server which interacts with the computing device to provide the key; a caching mechanism configured to allow the key to be cached locally on the computing device; and a monitoring mechanism configured to monitor activity on the computing device; wherein if the activity causes the security-posture of the computing device to no longer meet the specified criteria, the monitoring mechanism is configured to erase the cached copy of the key so that computing device cannot access the encrypted data without interacting with the key-management server again. - View Dependent Claims (14, 15, 16, 17, 18)
-
Specification