| Patent application number | Description | Published |
|---|
| 20100086134 | FULL VOLUME ENCRYPTION IN A CLUSTERED ENVIRONMENT - Full volume encryption can be applied to volumes in a clustering environment. To simplify the maintenance of keys relevant to such encrypted volumes, a cluster key table construct can be utilized, where each entry of the cluster key table corresponds to an encrypted volume and comprises an identification of the encrypted volume and a key needed to access that volume. Keys can be protected by encrypting them with a key specific to each computing device storing the cluster key table. Updates can be propagated among the computing devices in the cluster by first decrypting the keys and then reencrypting them with a key specific to each computing device as they are stored on those computing devices. Access control requirements can also be added to the entries in the cluster key table. Alternative access control requirements can be accommodated by assigning multiple independent entries to a single encrypted volume. | 04-08-2010 |
| 20100088525 | EXTERNAL ENCRYPTION AND RECOVERY MANAGEMENT WITH HARDWARE ENCRYPTED STORAGE DEVICES - Hardware encrypting storage devices can provide for hardware encryption of data being written to the storage media of such storage devices, and hardware decryption of data being read from that storage media. To utilize existing key management resources, which can be more flexible and accommodating, mechanisms for storing keys protected by the existing resources, but not the hardware encryption of the storage device, can be developed. Dedicated partitions that do not have corresponding encryption bands can be utilized to store keys in a non-hardware-encrypted manner. Likewise, partitions can be defined larger than their associated encryption bands, leaving room near the beginning and end for non-hardware encrypted storage. Or a separate bit can be used to individually specify which data should be hardware encrypted. Additionally automated processes can maintain synchronization between a partition table of the computing device and a band table of the hardware encrypting storage device. | 04-08-2010 |
| 20100107213 | Access Control State Determination Based on Security Policy and Secondary Access Control State - In accordance with one or more aspects, a current security policy for accessing a device or volume of a computing device is identified. A secondary access control state for the device or volume is also identified. An access state for the device is determined based on both the current security policy and the secondary access control state. | 04-29-2010 |
| 20100211792 | COMMUNICATION CHANNEL ACCESS BASED ON CHANNEL IDENTIFIER AND USE POLICY - A communication channel has an associated channel authenticator that includes a channel identifier, a use policy identifying how an owner of the communication channel indicates the communication channel is used, and a digital signature over the channel identifier and use policy. The identifier of the communication channel and the use policy can be verified by a computing device, and a check made as to whether a current security policy of the computing device is satisfied by the use policy. An access that the computing device is allowed to have to the communication channel is determined based at least in part on both whether the current security policy is satisfied by the use policy and whether the identifier of the communication channel and the use policy are verified. | 08-19-2010 |
| 20100211802 | Storage Volume Protection Supporting Legacy Systems - A storage volume is encrypted using a particular encryption technique, the storage volume including an access application and one or more cover files. The access application can be executed by a computing device having an operating system lacking support for the particular encryption technique, and allows the computing device to access data on the storage volume encrypted using the particular encryption technique. | 08-19-2010 |
| 20110019820 | COMMUNICATION CHANNEL CLAIM DEPENDENT SECURITY PRECAUTIONS - A set of security claims for a communication channel are obtained, the set of security claims including one or more security claims each identifying a security characteristic of the communication channel. The security claims are stored, as is a digital signature generated over the set of security claims by an entity. The security claims and digital signature are subsequently accessed when a computing device is to transfer data to and/or from the communication channel. The set of security claims is compared to a security policy of the computing device, and the entity that digitally signed the set of security claims is identified. One or more security precautions that the computing device is to use in transferring data to and/or from the communication channel are determined based at least in part on the comparing and the entity that has digitally signed the set of security claims. | 01-27-2011 |
| 20110022856 | Key Protectors Based On Public Keys - In accordance with one or more aspects, a key protector for a storage volume is created by generating an intermediate key and protecting, based at least in part on a public/private key pair, the intermediate key. A volume master key for encrypting and decrypting one or more volume encryption keys that are used to encrypt the storage volume can be encrypted in different manners, including being encrypted based at least in part on the intermediate key. A key protector for the storage volume is stored that includes both the encrypted volume master key and information indicating how to obtain the intermediate key. Subsequently, the key protector can be accessed and, based at least in part on a private key of the entity associated with the key protector, the intermediate key can be decrypted. The intermediate key can then be used to decrypt the volume master key. | 01-27-2011 |
| 20110088025 | USE OF SOFTWARE UPDATE POLICIES - A portable device may be roamed from one host to another. In one example, the portable device stores software that is to be executed by a host. The host may maintain a policy that governs which software may be executed on the host. When the portable device is connected to a host, the host checks the software version installed on the guest to determine whether that software version is compatible with the host's policy. If the guest's software does not comply with the host's policy, then the host installs a compatible version. If the guest's version complies with the policy and is newer than the host's version, then the host copies the guest's version to the host and propagates it to other guests. In this way, newer versions of software propagate between hosts and guests, while also respecting specific execution policies of the various hosts. | 04-14-2011 |
