Systems and methods for protecting against unauthorized access of encrypted data during power-management modes
First Claim
1. A computer-implemented method for protecting against unauthorized access of encrypted data during power-management modes, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:
- detecting initiation of a power-management mode that suspends the functionality of at least one component of the computing device while maintaining the functionality of the computing device'"'"'s memory;
before the computing device enters the power-management mode;
identifying, within the memory of the computing device, an encryption key that is required to access encrypted data stored in a storage device of the computing device;
removing the encryption key from the memory of the computing device in order to protect against unauthorized access of the encrypted data during implementation of the power-management mode;
upon discontinuation of the power-management mode, obtaining user credentials from a user of the computing device in order to authenticate the user;
upon successful authentication of the user, regenerating the encryption key based at least in part on the user credentials by entering at least a portion of the user credentials into a key derivation function that regenerates the encryption key by introducing a salt that expands the portion of the user credentials into the encryption key in order to enable access to the encrypted data stored in the storage device.
2 Assignments
0 Petitions
Accused Products
Abstract
A method may include detecting initiation of a power-management mode that suspends the functionality of at least one component of a computing device while maintaining the functionality of the device'"'"'s memory. The method may also include, before the device enters the power-management mode, (1) identifying, within the device'"'"'s memory, an encryption key that is required to access encrypted data stored in the device'"'"'s storage device, and (2) removing the encryption key from the device'"'"'s memory in order to protect against unauthorized access of the encrypted data during implementation of the power-management mode. The method may also include, upon detecting discontinuation of the power-management mode, (1) obtaining user credentials from a user of the device in order to authenticate the user and, upon successfully authenticating the user, (2) using the user credentials to regenerate the encryption key in order to enable access to the encrypted data stored in the storage device.
56 Citations
19 Claims
-
1. A computer-implemented method for protecting against unauthorized access of encrypted data during power-management modes, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:
-
detecting initiation of a power-management mode that suspends the functionality of at least one component of the computing device while maintaining the functionality of the computing device'"'"'s memory; before the computing device enters the power-management mode; identifying, within the memory of the computing device, an encryption key that is required to access encrypted data stored in a storage device of the computing device; removing the encryption key from the memory of the computing device in order to protect against unauthorized access of the encrypted data during implementation of the power-management mode; upon discontinuation of the power-management mode, obtaining user credentials from a user of the computing device in order to authenticate the user; upon successful authentication of the user, regenerating the encryption key based at least in part on the user credentials by entering at least a portion of the user credentials into a key derivation function that regenerates the encryption key by introducing a salt that expands the portion of the user credentials into the encryption key in order to enable access to the encrypted data stored in the storage device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A system for protecting against unauthorized access of encrypted data during implementation of a power-management mode, the system comprising:
-
a mode-detection module programmed to; detect initiation of a power-management mode that suspends the functionality of at least one component of a computing device while maintaining the functionality of the computing device'"'"'s memory; a filter-driver module programmed to, before the computing device enters the power-management mode; identify, within the memory of the computing device, an encryption key that is required to access encrypted data stored in a storage device of the computing device; remove the encryption key from the memory of the computing device in order to protect against unauthorized access of the encrypted data during implementation of the power-management mode; a user-authentication module programmed to, upon discontinuation of the power-management mode, receive user credentials from a user of the computing device in order to authenticate the user; an encryption-key module programmed to, upon successful authentication of the user, regenerate the encryption key based at least in part on the user credentials by entering at least a portion of the user credentials into a key derivation function that regenerates the encryption key by introducing a salt that expands the portion of the user credentials into the encryption key in order to enable access to the encrypted data stored in the storage device; at least one processor configured to execute the mode-detection module, the filter-driver module, the user-authentication module, and the encryption-key module. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A non-transitory computer-readable-storage medium comprising one or more computer-executable instructions that, when executed by at least one processor of a computing device, cause the computing device to:
-
detect initiation of a power-management mode that suspends the functionality of at least one component of the computing device while maintaining the functionality of the computing device'"'"'s memory; before the computing device enters the power-management mode; identify, within the memory of the computing device, an encryption key that is required to access encrypted data stored in a storage device of the computing device; remove the encryption key from the memory of the computing device in order to protect against unauthorized access of the encrypted data during implementation of the power-management mode; upon discontinuation of the power-management mode, receive user credentials from a user of the computing device in order to authenticate the user; upon successful authentication of the user, regenerate the encryption key based at least in part on the user credentials by entering at least a portion of the user credentials into a key derivation function that regenerates the encryption key by introducing a salt that expands the portion of the user credentials into the encryption key in order to enable access to the encrypted data stored in the storage device. - View Dependent Claims (18, 19)
-
Specification