Key protectors based on online keys
First Claim
1. A method of creating a key protector for a storage media, the method being implemented in a computing device and comprising:
- obtaining an online key, wherein the online key is protected by a remote service;
generating one or more local keys;
combining the one or more local keys and the online key to generate a combined key;
encrypting, based at least in part on the combined key, a master key for encrypting and decrypting the storage media or one or more storage media encryption keys that are used to encrypt and decrypt the storage media; and
storing a key protector for the storage media, the key protector including the encrypted master key.
2 Assignments
0 Petitions
Accused Products
Abstract
An online key stored by a remote service is generated or otherwise obtained, and a storage media (as it applies to the storage of data on a physical or virtual storage media) master key for encrypting and decrypting a physical or virtual storage media or encrypting and decrypting one or more storage media encryption keys that are used to encrypt a physical or virtual storage media is encrypted based at least in part on the online key. A key protector for the storage media is stored, the key protector including the encrypted master key. The key protector can be subsequently accessed, and the online key obtained from the remote service. The master key is decrypted based on the online key, allowing the one or more storage media encryption keys that are used to decrypt the storage media to be decrypted.
56 Citations
19 Claims
-
1. A method of creating a key protector for a storage media, the method being implemented in a computing device and comprising:
-
obtaining an online key, wherein the online key is protected by a remote service; generating one or more local keys; combining the one or more local keys and the online key to generate a combined key; encrypting, based at least in part on the combined key, a master key for encrypting and decrypting the storage media or one or more storage media encryption keys that are used to encrypt and decrypt the storage media; and storing a key protector for the storage media, the key protector including the encrypted master key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method of accessing a user-protected storage media, the method being implemented in a computing device and comprising:
-
obtaining, from a remote service, an online key associated with one or both of the computing device and a user of the computing device; obtaining one or more local keys; combining the online key and the one or more local keys; obtaining a key protector including an encrypted master key, wherein the master key is for decrypting the user-protected storage media or decrypting one or more storage media encryption keys that are used to decrypt the user-protected storage media; and using the online key to decrypt the master key from the encrypted master key in the key protector, wherein using the online key to decrypt the master key comprises using the combined key to decrypt the master key from the encrypted master key in the key protector. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. One or more computer storage media devices having stored thereon instructions that, when executed by one or more processors of a computing device, cause the one or more processors to:
-
generate one or more local keys; generate an online key; combine the one or more local keys and the online key to generate a combined key; protect the online key by encrypting the online key with a public key of a remote service; protect each of the one or more local keys so that each of the one or more local keys can be retrieved only after a user of the computing device has been authenticated; encrypt, using a symmetric key cryptography cipher that uses the combined key as a symmetric key, a master key for encrypting and decrypting one or more storage media encryption keys that are used to encrypt a storage media; encrypt the combined key based at least in part on the master key; and store, on the storage media, a key protector for the storage media, the key protector including the encrypted master key, the encrypted combined key, and the online key encrypted with the public key of the remote service.
-
Specification