Method and apparatus for centrally managed encrypted partition
First Claim
1. In a computer network comprising a main computer comprising a first persistent storage device and a remote computer comprising a memory unit and a second persistent storage device, a method for protecting data stored on the second storage device of the remote computer, the method comprising the steps of:
- automatically creating a first computer generated cryptokey at the main computer;
storing the first computer generated cryptokey on the first persistent storage device of the main computer;
authenticating the remote computer to the main computer;
providing the first computer generated cryptokey from the main computer to the remote computer;
storing the first computer generated cryptokey in the memory unit of the remote computer without storing the first computer generated cryptokey in the second persistent storage device; and
mounting an operative partition encrypted with the first computer generated cryptokey to the remote computer, said operative partition mapped to the second persistent storage device, wherein said data stored on said second persistent storage device is accessible only if while said one remote computer is in communication with said one main computer.
2 Assignments
0 Petitions
Accused Products
Abstract
A method and apparatus for protecting a remote computer connected through a network to a main computer, by creating a cryptokey on the main computer, supplying the cryptokey to the remote computer and mounting a partition on the remote computer using the cryptokey. The cryptokey is not persistently stored on the remote computer but rather saved in its memory, and the connection of the remote computer to the main computer is periodically tested. Once the remote computer is disconnected, the encrypted partition is unmounted and the cryptokey is erased form the memory, thus disabling access of an attacker to data stored in the encrypted partition. The method incorporates swap partition encryption using a cryptokey created each time during the boot of the remote computer.
-
Citations
8 Claims
-
1. In a computer network comprising a main computer comprising a first persistent storage device and a remote computer comprising a memory unit and a second persistent storage device, a method for protecting data stored on the second storage device of the remote computer, the method comprising the steps of:
-
automatically creating a first computer generated cryptokey at the main computer; storing the first computer generated cryptokey on the first persistent storage device of the main computer; authenticating the remote computer to the main computer; providing the first computer generated cryptokey from the main computer to the remote computer; storing the first computer generated cryptokey in the memory unit of the remote computer without storing the first computer generated cryptokey in the second persistent storage device; and mounting an operative partition encrypted with the first computer generated cryptokey to the remote computer, said operative partition mapped to the second persistent storage device, wherein said data stored on said second persistent storage device is accessible only if while said one remote computer is in communication with said one main computer. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. An apparatus for protecting data stored on a persistent storage device associated with a remote computer connected through a network to a main computer, the apparatus comprising:
-
a connection port to receive a first computer generated cryptokey from the main computer; a computer generated cryptokey generator for automatically and locally generating a second computer generated cryptokey; a memory device for storing the first and second computer generated cryptokeys, wherein the first and second computer generated cryptokeys are not stored in a persistent storage device; a first partition generating component for generating a first encrypted partition using the first computer generated cryptokey; a first mount/unmount device for mounting or unmounting the first encrypted partition to the remote computer using the first computer generated cryptokey, said first encrypted partition mapped to the persistent storage device; a second partition generating component for generating encrypted swap partition using the second computer generated cryptokey; a second mount/unmount device for mounting or unmounting the encrypted swap partition to the remote computer using the second computer generated cryptokey, said encrypted swap partition mapped to the persistent storage device; a connection testing component for testing whether the remote computer is connected to the main computer through the network; and an authentication component for determining whether the remote computer is authenticated to be connected to the main computer.
-
-
8. A non-transitory computer readable storage medium storing a set of instructions adapted to be executed by a general purpose computer to perform a method, the method comprising:
-
automatically creating a first computer generated cryptokey at a main computer, wherein the main computer includes a first persistent storage device and communicates with a remote computer having a memory unit and a second persistent storage device; storing the first computer generated cryptokey on the first persistent storage device;
authenticating an at least one remote computer to the at least one main computer;providing the first computer generated cryptokey from the main computer to the remote computer; storing the first computer generated cryptokey in a memory unit of the remote computer without storing the first computer generated cryptokey in the second persistent storage device; and
meansmounting an operative partition encrypted with the first computer generated cryptokey to the remote computer, said operative partition mapped to the second persistent storage device storing data wherein said data is accessible only if said remote computer is by is in communication with said main computer.
-
Specification