| 摘要 |
<p>Methods and apparatus involve protecting encrypted data of endpoint computing assets (201) by managing decryption keys. The endpoint has both a traditional operating system (375) for applications, and the like, and another operating system during a pre-boot phase of operation. During use, the pre-boot operating system prevents users of the endpoint from accessing the encrypted data and the key. Upon determining (406) the encrypted data has been compromised, the key is disassociated (414) from the encrypted data. Disassociation can occur in a variety of ways including deleting or scrambling the key and/or data or re-encrypting the encrypted data with a new key. Key escrowing and updating through the pre-boot is further contemplated. The pre-boot phase also contemplates a limited computing connection between the endpoint and a specified authentication server and approved networking ports, USB devices and biometric equipment. Security policies and enforcement modules are also disclosed as are computer program products, computing arrangements, etc.</p> |
