| CPC H04L 9/0894 (2013.01) [H04L 9/14 (2013.01)] | 15 Claims |
|
1. A computer-implemented method for automatic management of trusted platform module encryption recovery keys, the method comprising:
generating, by at least one computing device configured by executing instructions stored on non-transitory processor readable media, a first request for a trusted platform module encryption recovery key;
transmitting, by the computing device to each of a plurality of host computing devices, the first request;
receiving, by the at least one computing device from each of the plurality of host computing devices in response to the first request, copies of trusted platform module encryption recovery keys, wherein each of the copies of the trusted platform module encryption recovery keys is respectively associated with a trusted platform module operating on a respective host device;
storing, by the at least one computing device in a storage vault, each of the received trusted platform module encryption recovery keys;
generating, by the at least one computing device, a second request for a trusted platform module encryption recovery key;
transmitting, by the computing device to the plurality of host computing devices, the second request;
receiving, by the at least one computing device from at least one of the plurality of host computing devices in response to the second request, a copy of a different trusted platform module encryption recovery key that was not previously received, wherein each copy of the different trusted platform module encryption recovery key is respectively associated with the at least one trusted platform module operating on the at least one of the plurality of host computing devices;
determining, by the at least one computing device, that the copy of the different trusted platform module encryption recovery key was not previously stored in the storage vault; and
storing, by the at least one computing device to the storage vault, the copy of the different trusted platform module encryption recovery key in the storage vault;
receiving, by the at least one computing device from the at least one of the plurality of host computing devices, information representing a plurality of possible events occurring on the at least one of the plurality of host computing devices resulting in generation of the different trusted platform module encryption recovery key;
generating, by the at least one computing device, a respective probability of each of the plurality of events;
determining, by the at least one computing device as a function of the generated respective probabilities, one of the plurality of events that resulted in the generation of the different trusted platform module encryption recovery key; and
storing, by the at least one computing device, information representing the one of the plurality of events.
|