US 9,811,682 B2
Security policy for device data
Dustin Michael Ingalls, Carnation, WA (US); Nathan J. Ide, Bothell, WA (US); Christopher R. Macaulay, Seattle, WA (US); Octavian T. Ureche, Bellevue, WA (US); Michael J. Grass, Kenmore, WA (US); Sai Vinayak, Tamilnadu (IN); and Preston Derek Adam, Woodinville, WA (US)
Assigned to Microsoft Technology Licensing, LLC, Redmond, WA (US)
Filed by Microsoft Technology Licensing, LLC, Redmond, WA (US)
Filed on Jan. 25, 2016, as Appl. No. 15/5,260.
Application 15/005,260 is a division of application No. 13/370,232, filed on Feb. 9, 2012, granted, now 9,245,143.
Prior Publication US 2016/0154973 A1, Jun. 2, 2016
Int. Cl. G06F 21/00 (2013.01); G06F 21/62 (2013.01); G06F 21/88 (2013.01); H04L 9/08 (2006.01)
CPC G06F 21/6218 (2013.01) [G06F 21/88 (2013.01); H04L 9/0894 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A system comprising:
one or more processors; and
one or more computer-readable storage media storing instructions that, responsive to execution by the one or more processors, cause the system to perform operations including:
detecting a violation of a security policy for a device;
occluding, in response to said detecting, a security key usable to decrypt encrypted data for the device;
initiating a reboot of the device in response to the security key being occluded;
launching a recovery experience that requests a recovery key for recovering the occluded security key in response to detecting that an encrypted operating system for the device is not available for the reboot based on said occluding of the security key;
determining whether a correct recovery key is provided as part of the recovery experience;
enabling the security key to be recovered in response to determining that the correct recovery key is provided; and
causing the operating system to be decrypted for the reboot using the security key.