Secure data protection during disasters

US 8,135,135 B2
Filed: 12/08/2006
Issued: 03/13/2012
Est. Priority Date: 12/08/2006
Status: Expired due to Fees

First Claim

Patent Images

1. One or more computer-readable storage media comprising computer-executable instructions for strengthening algorithmic protection of data on a computing device in preparation for a disaster at the computing device, the computer-executable instructions directed to steps comprising:

comparing, to protected decryption keys stored in a location remote from the computing device, multiple protected decryption keys that are stored on the computing device, the multiple protected decryption keys being able to be decrypted into at least one decryption key that can be used to access algorithmically protected data on the computing device;

copying, to the location remote from the computing device, if the comparing reveals that none of the multiple protected decryption keys are equivalent to any of the protected decryption keys stored in the location remote from the computing device, at least one of the multiple protected decryption keys and a corresponding key that can decrypt the copied at least one of the multiple protected decryption keys into the at least one decryption key;

removing at least some of the multiple protected decryption keys from the computing device, such that the removing leaves at least one protected decryption key that can be decrypted into the at least one decryption key that can be used to access the algorithmically protected data on the computing device, and wherein the removing the at least some of the multiple protected decryption keys strengthens the algorithmic protection of data; and

algorithmically protecting at least some data on the computing device such that an associated key required to algorithmically unprotect the data has not previously been used by the computing device to access the data.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In situations, such as disasters, where the physical protection of data may be compromised, algorithmic protection of such data can be increased in anticipation of the disaster. An off-site mechanism can send a disaster preparation script to computing devices expected to be affected, resulting in the deletion of decryption keys from those computing devices. Once the disaster passes, the off-site mechanism, upon receiving confirmation of the physical integrity of the computing devices, can return one or more decryption keys to the computing devices, enabling access algorithmically protected data. The off-site mechanism can also optionally provide access information that can be used to obtain access to the algorithmically protected data via at least one returned decryption key.

27 Citations

View as Search Results

14 Claims

1. One or more computer-readable storage media comprising computer-executable instructions for strengthening algorithmic protection of data on a computing device in preparation for a disaster at the computing device, the computer-executable instructions directed to steps comprising:
- comparing, to protected decryption keys stored in a location remote from the computing device, multiple protected decryption keys that are stored on the computing device, the multiple protected decryption keys being able to be decrypted into at least one decryption key that can be used to access algorithmically protected data on the computing device;
  
  copying, to the location remote from the computing device, if the comparing reveals that none of the multiple protected decryption keys are equivalent to any of the protected decryption keys stored in the location remote from the computing device, at least one of the multiple protected decryption keys and a corresponding key that can decrypt the copied at least one of the multiple protected decryption keys into the at least one decryption key;
  
  removing at least some of the multiple protected decryption keys from the computing device, such that the removing leaves at least one protected decryption key that can be decrypted into the at least one decryption key that can be used to access the algorithmically protected data on the computing device, and wherein the removing the at least some of the multiple protected decryption keys strengthens the algorithmic protection of data; and
  
  algorithmically protecting at least some data on the computing device such that an associated key required to algorithmically unprotect the data has not previously been used by the computing device to access the data.
- View Dependent Claims (2, 3, 4)
- - 2. The computer-readable storage media of claim 1, wherein the computer-executable instructions are further directed to steps comprising:
    - verifying that the computing device comprises algorithmically protected data; and
      
      , if the computing device does not comprise algorithmically protected data, algorithmically protecting at least some data on the computing device.
  - 3. The computer-readable storage media of claim 1, wherein the associated key is exclusively stored at the off-site location.
  - 4. The computer-readable storage media of claim 1, wherein the computer-executable instructions are further directed to steps comprising:
    - shutting down the computing device.

5. One or more computer-readable storage media comprising computer-executable instructions for decreasing algorithmic protection of data following a disaster, the computer-executable instructions directed to steps comprising:
- receiving, from a computing device affected by the disaster, and that comprises algorithmically protected data stored on the computing device prior to the disaster, a network communication comprising at least one identifier utilized to verify that the computing device is physically secure;
  
  transmitting, in response to the receiving, at least one key that can be used to access the algorithmically protected data on the computing device, to the computing device, the at least one key not having previously been stored on the computing device; and
  
  transmitting, in response to the receiving, instructions to the computing device for storing the at least one key in a predetermined area of the computing device where such keys would be automatically identified by the computing device upon startup, wherein the storing of the at least one key decreases the algorithmic protection of data.
- View Dependent Claims (6, 7, 8, 9)
- - 6. The computer-readable storage media of claim 5, wherein the computer-executable instructions are further directed to steps comprising:
    - transmitting, in response to the receiving, all keys that were previously stored on the computing device, which were removed from the computing device in anticipation of the disaster;
      
      wherein the predetermined area is an area of the computing device from which the keys were removed in anticipation of the disaster.
  - 7. The computer-readable storage media of claim 5, wherein the computer-executable instructions are further directed to steps comprising:
    - transmitting data necessary for the computing device to access the at least one key.
  - 8. The computer-readable storage media of claim 5, wherein the at least one key is different from keys previously used to access algorithmically protected data on the computing device.
  - 9. The computer-readable storage media of claim 5, wherein the at least one key was generated for providing recovery access to algorithmically protected data on the computing device.

10. A method for strengthening algorithmic protection of data on a computing device in preparation for a disaster at the computing device, the method comprising:
- comparing, to protected decryption keys stored in a location remote from the computing device, multiple protected decryption keys that are stored on the computing device, the multiple protected decryption keys being able to be decrypted into at least one decryption key that can be used to access algorithmically protected data on the computing device;
  
  copying, to the location remote from the computing device, if the comparing reveals that none of the multiple protected decryption keys are equivalent to any of the protected decryption keys stored in the location remote from the computing device, at least one of the multiple protected decryption keys and a corresponding key that can decrypt the copied at least one of the multiple protected decryption keys into the at least one decryption key;
  
  removing at least some of the multiple protected decryption keys from the computing device, such that the removing leaves at least one protected decryption key that can be decrypted into the at least one decryption key that can be used to access the algorithmically protected data on the computing device, and wherein the removing the at least some of the multiple protected decryption keys strengthens the algorithmic protection of data; and
  
  receiving, from the computing device, a network communication comprising at least one identifier utilized to verify that the computing device is physically secure;
  
  transmitting, in response to the receiving, at least one key that can be used to access the algorithmically protected data on the computing device, to the computing device after the disaster, the at least one key not having previously been stored on the computing device; and
  
  transmitting, in response to the receiving, instructions to the computing device after the disaster for storing the at least one key in a predetermined area of the computing device where such keys would be automatically identified by the computing device upon startup, wherein the storing of the at least one key decreases the algorithmic protection of data.
- View Dependent Claims (11, 12, 13, 14)
- - 11. The method of claim 10, further comprising:
    - shutting down the computing device.
  - 12. The method of claim 10, further comprising:
    - transmitting, in response to the receiving, to the computing device after the disaster, all keys, previously used to access the algorithmically protected data on the computing device, which were removed from the computing device in anticipation of the disaster.
  - 13. The method of claim 10, further comprising:
    - transmitting, to the computing device after the disaster, data necessary for the computing device to access the at least one key.
  - 14. The method of claim 10, wherein the at least one key is different from keys previously used to access algorithmically protected data on the computing device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Biddle, Peter N., Ray, Kenneth D., Ureche, Octavian T., Holt, Erik
Primary Examiner(s)
Barron, Jr., Gilberto
Assistant Examiner(s)
Gregory, Shaun

Application Number

US11/635,897
Publication Number

US 20080141040A1
Time in Patent Office

1,922 Days
Field of Search

None
US Class Current

380/286
CPC Class Codes

G06F 11/1415   at system level

G06F 21/6218   to a system of files or obj...

H04L 9/0897   involving additional device...

Secure data protection during disasters

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

27 Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Secure data protection during disasters

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

27 Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links