Methods and systems for attaching an encrypted data partition during the startup of an operating system

US 10,402,206 B2
Filed: 09/21/2017
Issued: 09/03/2019
Est. Priority Date: 01/31/2017
Status: Active Grant

First Claim

Patent Images

1. A method for attaching one or more encrypted data partitions of a data storage device during a startup process of an operating system of a computing system, the computing system comprising a processor, a memory and the data storage device, the method comprising:

monitoring a portion of the startup process of the operating system, the portion of the startup process performed by an execution of one or more user-mode processes;

after monitoring the portion of the startup process performed by the execution of one or more user-mode processes and prior to execution of a service control manager (services.exe) process, pausing the startup process of the operating system, and attaching the one or more encrypted data partitions to the operating system by (i) retrieving one or more decryption keys corresponding to the one or more encrypted data partitions from a key management server communicatively coupled to the computing system, and (ii) transmitting the one or more retrieved decryption keys to a disk filter driver of the operating system, the disk filter driver providing the operating system with access to the one or more encrypted data partitions; and

resuming the startup process of the operating system with the one or more encrypted data partitions attached to the operating system,wherein the monitored portion of the startup process includes one or more of a master session manager (manager smss.exe) process, an autochk.exe process, a session manager (smss.exe) process, a client/server runtime subsystem (csrss.exe) process, or a Windows initialization (wininit.exe) process.

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

During the startup of an operating system of a computing system, a monitoring process of the operating system is used to detect an entry point of a daemon manager process. In response to detecting the entry point, the startup process is paused, and an early attach process is launched so as to attach one or more encrypted data partitions to the operating system. As part of the early attach process, the network stack of the computing system may be initialized, which allows the early attach process to retrieve one or more decryption keys corresponding to the one or more encrypted data partitions from an external key management server. The one or more decryption keys may be transmitted to a disk filter driver of the operating system, which provides the operating system with access to the one or more encrypted data partitions. Upon the conclusion of the early attach process, the operating system startup process resumes with the one or more encrypted data partitions now accessible to the operating system.

Citations

17 Claims

1. A method for attaching one or more encrypted data partitions of a data storage device during a startup process of an operating system of a computing system, the computing system comprising a processor, a memory and the data storage device, the method comprising:
- monitoring a portion of the startup process of the operating system, the portion of the startup process performed by an execution of one or more user-mode processes;
  
  after monitoring the portion of the startup process performed by the execution of one or more user-mode processes and prior to execution of a service control manager (services.exe) process, pausing the startup process of the operating system, and attaching the one or more encrypted data partitions to the operating system by (i) retrieving one or more decryption keys corresponding to the one or more encrypted data partitions from a key management server communicatively coupled to the computing system, and (ii) transmitting the one or more retrieved decryption keys to a disk filter driver of the operating system, the disk filter driver providing the operating system with access to the one or more encrypted data partitions; and
  
  resuming the startup process of the operating system with the one or more encrypted data partitions attached to the operating system,wherein the monitored portion of the startup process includes one or more of a master session manager (manager smss.exe) process, an autochk.exe process, a session manager (smss.exe) process, a client/server runtime subsystem (csrss.exe) process, or a Windows initialization (wininit.exe) process.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein retrieving the one or more decryption keys from the key management server comprises:
    - determining an Internet Protocol (IP) address of a network interface of the computing system, wherein the IP address is either a static IP address that is retrieved from the operating system or is a dynamic IP address that is retrieved from a dynamic host configuration protocol (DHCP) server;
      
      initializing a transmission control protocol (TCP)/IP network stack with the IP address of the network interface;
      
      determining an IP address of the key management server, wherein the IP address of the key management server is either retrieved from a domain name system (DNS) server or is retrieved locally from the computing system; and
      
      retrieving, using the initialized TCP/IP network stack, the one or more decryption keys from the key management server using the IP address of the key management server.
  - 3. The method of claim 1, further comprising after retrieving the one or more decryption keys, releasing the IP address of the network interface, wherein the IP address is a dynamic IP address.
  - 4. The method of claim 1, further comprising after retrieving the one or more decryption keys, performing an initialization of network services by an operating system service.
  - 5. The method of claim 4, wherein the operating system service is a Windows dynamic host configuration protocol (DHCP) client.
  - 6. The method of claim 1, wherein the disk filter driver communicatively couples a file system driver of the operating system with a disk driver of the operating system.

7. A non-transitory machine-readable storage medium for attaching one or more encrypted data partitions of a data storage device during a startup process of an operating system of a computing system, the non-transitory machine-readable storage medium comprising software instructions that, when executed by a processor of the computing system, cause the processor to:
- monitor a portion of the startup process of the operating system, the portion of the startup process performed by an execution of one or more user-mode processes;
  
  after monitoring the portion of the startup process performed by the execution of the one or more user-mode processes and prior to execution of a service control manager (services.exe) process, pause the startup process of the operating system, and attach the one or more encrypted data partitions to the operating system by (i) retrieving one or more decryption keys corresponding to the one or more encrypted data partitions from a key management server communicatively coupled to the computing system, and (ii) transmitting the one or more retrieved decryption keys to a disk filter driver of the operating system, the disk filter driver providing the operating system with access to the one or more encrypted data partitions; and
  
  resume the startup process of the operating system with the one or more encrypted data partitions attached to the operating system,wherein the monitored portion of the startup process includes one or more of a master session manager (manager smss.exe) process, an autochk.exe process, a session manager (smss.exe) process, a client/server runtime subsystem (csrss.exe) process, or a Windows initialization (wininit.exe) process.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The non-transitory machine-readable storage medium of claim 7, wherein retrieving the one or more decryption keys from the key management server comprises:
    - determining an Internet Protocol (IP) address of a network interface of the computing system, wherein the IP address is either a static IP address that is retrieved from the operating system or is a dynamic IP address that is retrieved from a dynamic host configuration protocol (DHCP) server;
      
      initializing a transmission control protocol (TCP)/IP network stack with the IP address of the network interface;
      
      determining an IP address of the key management server, wherein the IP address of the key management server is either retrieved from a domain name system (DNS) server or is retrieved locally from the computing system; and
      
      retrieving, using the initialized TCP/IP network stack, the one or more decryption keys from the key management server using the IP address of the key management server.
  - 9. The non-transitory machine-readable storage medium of claim 7, further comprising software instructions that cause the processor to, after retrieving the one or more decryption keys, release the IP address of the network interface, wherein the IP address is a dynamic IP address.
  - 10. The non-transitory machine-readable storage medium of claim 7, further comprising software instructions that cause the processor to, after retrieving the one or more decryption keys, perform an initialization of network services by an operating system service.
  - 11. The non-transitory machine-readable storage medium of claim 10, wherein the operating system service is a Windows dynamic host configuration protocol (DHCP) client.
  - 12. The non-transitory machine-readable storage medium of claim 7, wherein the disk filter driver communicatively couples a file system driver of the operating system with a disk driver of the operating system.

13. A method for retrieving one or more decryption keys during a startup process of an operating system of a computing system, the computing system comprising a processor, a memory and a data storage device, the method comprising:
- monitoring a portion of the startup process of the operating system, the portion of the startup process performed by an execution of one or more user-mode processes;
  
  after monitoring the portion of the startup process performed by the execution of the one or more user-mode processes, retrieving the one or more decryption keys by;
  
  determining an Internet Protocol (IP) address of a network interface of the computing system, wherein the IP address is either a static IP address that is retrieved from the operating system or is a dynamic IP address that is retrieved from a dynamic host configuration protocol (DHCP) server;
  
  initializing a transmission control protocol (TCP)/IP network stack with the IP address of the network interface;
  
  determining an IP address of a key management server, wherein the IP address of the key management server is either retrieved from a domain name system (DNS) server or is retrieved locally from the computing system; and
  
  retrieving, using the initialized TCP/IP network stack, the one or more decryption keys from the key management server using the IP address of the key management server; and
  
  after retrieving the one or more decryption keys, performing an initialization of network services, wherein the initialization of network services is performed by an operating system service, and wherein the monitored portion of the startup process includes one or more of a master session manager (manager smss.exe) process, an autochk.exe process, a session manager (smss.exe) process, a client/server runtime subsystem (csrss.exe) process, or a Windows initialization (wininit.exe) process.
- View Dependent Claims (14, 15)
- - 14. The method of claim 13, further comprising after retrieving the one or more decryption keys, releasing the IP address of the network interface, wherein the IP address is a dynamic IP address.
  - 15. The method of claim 13, wherein the operating system service is a Windows dynamic host configuration protocol (DHCP) client.

16. A method for retrieving one or more decryption keys during a startup process of an operating system of a computing system, the computing system comprising a processor, a memory and a data storage device, the method comprising:
- monitoring a portion of the startup process of the operating system, the portion of the startup process performed by an execution of one or more user-mode processes;
  
  after monitoring the portion of the startup process performed by the execution of the one or more user-mode processes, retrieving the one or more decryption keys by;
  
  determining an Internet Protocol (IP) address of a network interface of the computing system, wherein the IP address is either a static IP address that is retrieved from the operating system or is a dynamic IP address that is retrieved from a dynamic host configuration protocol (DHCP) server;
  
  initializing a transmission control protocol (TCP)/IP network stack with the IP address of the network interface;
  
  determining an IP address of a key management server, wherein the IP address of the key management server is either retrieved from a domain name system (DNS) server or is retrieved locally from the computing system; and
  
  retrieving, using the initialized TCP/IP network stack, the one or more decryption keys from the key management server using the IP address of the key management server;
  
  after retrieving the one or more decryption keys, performing an initialization of network services, wherein the initialization of network services is performed by an operating system service; and
  
  transmitting respective identifiers of one or more encrypted data partitions of the data storage device to the key management server, wherein the one or more decryption keys that are retrieved correspond to the identifiers of the one or more encrypted data partitions.
- View Dependent Claims (17)
- - 17. The method of claim 16, further comprising transmitting the one or more retrieved decryption keys to a disk filter driver of the operating system, the disk filter driver providing the operating system with access to the one or more encrypted data partitions.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Entrust Corp.
Original Assignee
HyTrust, Inc. (Entrust Corp.)
Inventors
Katchapalayam, Babu, Pate, Stephen D.
Primary Examiner(s)
Abbaszadeh, Jaweed A
Assistant Examiner(s)
Pandey, Keshab R

Application Number

US15/711,535
Publication Number

US 20180217847A1
Time in Patent Office

712 Days
Field of Search
US Class Current
CPC Class Codes

G06F 1/32   Means for saving power

G06F 21/575   Secure boot

G06F 21/6209   to a single file or object,...

G06F 21/6218   to a system of files or obj...

G06F 9/44   Arrangements for executing ...

G06F 9/4406   Loading of operating system

G06F 9/4411   Configuring for operating w...

G06F 9/4418   Suspend and resume; Hiberna...

H04L 9/083   involving central third par...

H04L 9/0894   Escrow, recovery or storing...

H04L 9/14   using a plurality of keys o...

Methods and systems for attaching an encrypted data partition during the startup of an operating system

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and systems for attaching an encrypted data partition during the startup of an operating system

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links