Secure data protection during disasters
First Claim
1. One or more computer-readable storage media comprising computer-executable instructions for strengthening algorithmic protection of data on a computing device in preparation for a disaster at the computing device, the computer-executable instructions directed to steps comprising:
- comparing, to protected decryption keys stored in a location remote from the computing device, multiple protected decryption keys that are stored on the computing device, the multiple protected decryption keys being able to be decrypted into at least one decryption key that can be used to access algorithmically protected data on the computing device;
copying, to the location remote from the computing device, if the comparing reveals that none of the multiple protected decryption keys are equivalent to any of the protected decryption keys stored in the location remote from the computing device, at least one of the multiple protected decryption keys and a corresponding key that can decrypt the copied at least one of the multiple protected decryption keys into the at least one decryption key;
removing at least some of the multiple protected decryption keys from the computing device, such that the removing leaves at least one protected decryption key that can be decrypted into the at least one decryption key that can be used to access the algorithmically protected data on the computing device, and wherein the removing the at least some of the multiple protected decryption keys strengthens the algorithmic protection of data; and
algorithmically protecting at least some data on the computing device such that an associated key required to algorithmically unprotect the data has not previously been used by the computing device to access the data.
2 Assignments
0 Petitions
Accused Products
Abstract
In situations, such as disasters, where the physical protection of data may be compromised, algorithmic protection of such data can be increased in anticipation of the disaster. An off-site mechanism can send a disaster preparation script to computing devices expected to be affected, resulting in the deletion of decryption keys from those computing devices. Once the disaster passes, the off-site mechanism, upon receiving confirmation of the physical integrity of the computing devices, can return one or more decryption keys to the computing devices, enabling access algorithmically protected data. The off-site mechanism can also optionally provide access information that can be used to obtain access to the algorithmically protected data via at least one returned decryption key.
27 Citations
14 Claims
-
1. One or more computer-readable storage media comprising computer-executable instructions for strengthening algorithmic protection of data on a computing device in preparation for a disaster at the computing device, the computer-executable instructions directed to steps comprising:
-
comparing, to protected decryption keys stored in a location remote from the computing device, multiple protected decryption keys that are stored on the computing device, the multiple protected decryption keys being able to be decrypted into at least one decryption key that can be used to access algorithmically protected data on the computing device; copying, to the location remote from the computing device, if the comparing reveals that none of the multiple protected decryption keys are equivalent to any of the protected decryption keys stored in the location remote from the computing device, at least one of the multiple protected decryption keys and a corresponding key that can decrypt the copied at least one of the multiple protected decryption keys into the at least one decryption key; removing at least some of the multiple protected decryption keys from the computing device, such that the removing leaves at least one protected decryption key that can be decrypted into the at least one decryption key that can be used to access the algorithmically protected data on the computing device, and wherein the removing the at least some of the multiple protected decryption keys strengthens the algorithmic protection of data; and algorithmically protecting at least some data on the computing device such that an associated key required to algorithmically unprotect the data has not previously been used by the computing device to access the data. - View Dependent Claims (2, 3, 4)
-
-
5. One or more computer-readable storage media comprising computer-executable instructions for decreasing algorithmic protection of data following a disaster, the computer-executable instructions directed to steps comprising:
-
receiving, from a computing device affected by the disaster, and that comprises algorithmically protected data stored on the computing device prior to the disaster, a network communication comprising at least one identifier utilized to verify that the computing device is physically secure; transmitting, in response to the receiving, at least one key that can be used to access the algorithmically protected data on the computing device, to the computing device, the at least one key not having previously been stored on the computing device; and transmitting, in response to the receiving, instructions to the computing device for storing the at least one key in a predetermined area of the computing device where such keys would be automatically identified by the computing device upon startup, wherein the storing of the at least one key decreases the algorithmic protection of data. - View Dependent Claims (6, 7, 8, 9)
-
-
10. A method for strengthening algorithmic protection of data on a computing device in preparation for a disaster at the computing device, the method comprising:
-
comparing, to protected decryption keys stored in a location remote from the computing device, multiple protected decryption keys that are stored on the computing device, the multiple protected decryption keys being able to be decrypted into at least one decryption key that can be used to access algorithmically protected data on the computing device; copying, to the location remote from the computing device, if the comparing reveals that none of the multiple protected decryption keys are equivalent to any of the protected decryption keys stored in the location remote from the computing device, at least one of the multiple protected decryption keys and a corresponding key that can decrypt the copied at least one of the multiple protected decryption keys into the at least one decryption key; removing at least some of the multiple protected decryption keys from the computing device, such that the removing leaves at least one protected decryption key that can be decrypted into the at least one decryption key that can be used to access the algorithmically protected data on the computing device, and wherein the removing the at least some of the multiple protected decryption keys strengthens the algorithmic protection of data; and receiving, from the computing device, a network communication comprising at least one identifier utilized to verify that the computing device is physically secure; transmitting, in response to the receiving, at least one key that can be used to access the algorithmically protected data on the computing device, to the computing device after the disaster, the at least one key not having previously been stored on the computing device; and transmitting, in response to the receiving, instructions to the computing device after the disaster for storing the at least one key in a predetermined area of the computing device where such keys would be automatically identified by the computing device upon startup, wherein the storing of the at least one key decreases the algorithmic protection of data. - View Dependent Claims (11, 12, 13, 14)
-
Specification