| 发明名称 | Remote management of endpoint computing device with full disk encryption | ||
| 摘要 | Methods and apparatus involve protecting data encrypted by a first key on an endpoint computing asset including a drive with full disk encryption. The endpoint has both a main operating system for applications, and the like, and another operating system during a pre-boot phase of operation. During use, the pre-boot operating system prevents a user of the endpoint from accessing the encrypted data and the key. In one embodiment, an information exchange partition on the endpoint is accessible from a remote location and includes data encrypted using a second key accessible to both the pre-boot operating system and the main operating system. Another embodiment allows for the provision of a network connection to the endpoint during the pre-boot phase of operation in accordance with a security policy. | ||
| 申请公布号 | US9154299(B2) | 申请公布日期 | 2015.10.06 |
| 申请号 | US201012966421 | 申请日期 | 2010.12.13 |
| 申请人 | Novell, Inc. | 发明人 | Beachem Brent R.;Smith Merrill K. |
| 分类号 | H04L29/06;H04L9/08 | 主分类号 | H04L29/06 |
| 代理机构 | Schwegman Lundberg & Woessner, P.A. | 代理人 | Schwegman Lundberg & Woessner, P.A. |
| 主权项 | 1. In a computing system environment, a method of providing remote management of an endpoint computing device employing full disk encryption for data encrypted by a first key, said endpoint computing device including a pre-boot operating system that prevents a user of the endpoint computing device from accessing the encrypted data and a main operating system without providing proper authentication, comprising: providing an information exchange partition associated with the endpoint computing device accessible from a remote location and authenticated from the remote location via a specified credential during a pre-boot phase, said information exchange partition including data encrypted using a second key, wherein the encrypted data and the second key are accessible to the pre-boot operating system and the main operating system, the second key also used for decrypting the encrypted data; and performing at least one test, without any user action, as part of the pre-boot phase, reporting results for the at least one test over a network to a remote diagnostics module; probing, by the remote diagnostic module in response to the results, the endpoint computing device for a current version of security policy software components, current settings on the endpoint computing device, and attributes for the settings, wherein at least one setting indicates which particular ports of the endpoint computing device are blocked; and distributing code to repair a diagnosed problem on the endpoint computing device to the endpoint computing device, and executing the code on the endpoint computing device without any particular user interaction or intervention. | ||
| 地址 | Provo UT US | ||