Methods and systems for attaching an encrypted data partition during the startup of an operating system
First Claim
1. A method for attaching one or more encrypted data partitions of a data storage device during a startup process of an operating system of a computing system, the computing system comprising a processor, a memory and the data storage device, the method comprising:
- monitoring a portion of the startup process of the operating system, the portion of the startup process performed by an execution of one or more user-mode processes;
after monitoring the portion of the startup process performed by the execution of one or more user-mode processes and prior to execution of a service control manager (services.exe) process, pausing the startup process of the operating system, and attaching the one or more encrypted data partitions to the operating system by (i) retrieving one or more decryption keys corresponding to the one or more encrypted data partitions from a key management server communicatively coupled to the computing system, and (ii) transmitting the one or more retrieved decryption keys to a disk filter driver of the operating system, the disk filter driver providing the operating system with access to the one or more encrypted data partitions; and
resuming the startup process of the operating system with the one or more encrypted data partitions attached to the operating system,wherein the monitored portion of the startup process includes one or more of a master session manager (manager smss.exe) process, an autochk.exe process, a session manager (smss.exe) process, a client/server runtime subsystem (csrss.exe) process, or a Windows initialization (wininit.exe) process.
9 Assignments
0 Petitions
Accused Products
Abstract
During the startup of an operating system of a computing system, a monitoring process of the operating system is used to detect an entry point of a daemon manager process. In response to detecting the entry point, the startup process is paused, and an early attach process is launched so as to attach one or more encrypted data partitions to the operating system. As part of the early attach process, the network stack of the computing system may be initialized, which allows the early attach process to retrieve one or more decryption keys corresponding to the one or more encrypted data partitions from an external key management server. The one or more decryption keys may be transmitted to a disk filter driver of the operating system, which provides the operating system with access to the one or more encrypted data partitions. Upon the conclusion of the early attach process, the operating system startup process resumes with the one or more encrypted data partitions now accessible to the operating system.
-
Citations
17 Claims
-
1. A method for attaching one or more encrypted data partitions of a data storage device during a startup process of an operating system of a computing system, the computing system comprising a processor, a memory and the data storage device, the method comprising:
-
monitoring a portion of the startup process of the operating system, the portion of the startup process performed by an execution of one or more user-mode processes; after monitoring the portion of the startup process performed by the execution of one or more user-mode processes and prior to execution of a service control manager (services.exe) process, pausing the startup process of the operating system, and attaching the one or more encrypted data partitions to the operating system by (i) retrieving one or more decryption keys corresponding to the one or more encrypted data partitions from a key management server communicatively coupled to the computing system, and (ii) transmitting the one or more retrieved decryption keys to a disk filter driver of the operating system, the disk filter driver providing the operating system with access to the one or more encrypted data partitions; and resuming the startup process of the operating system with the one or more encrypted data partitions attached to the operating system, wherein the monitored portion of the startup process includes one or more of a master session manager (manager smss.exe) process, an autochk.exe process, a session manager (smss.exe) process, a client/server runtime subsystem (csrss.exe) process, or a Windows initialization (wininit.exe) process. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A non-transitory machine-readable storage medium for attaching one or more encrypted data partitions of a data storage device during a startup process of an operating system of a computing system, the non-transitory machine-readable storage medium comprising software instructions that, when executed by a processor of the computing system, cause the processor to:
-
monitor a portion of the startup process of the operating system, the portion of the startup process performed by an execution of one or more user-mode processes; after monitoring the portion of the startup process performed by the execution of the one or more user-mode processes and prior to execution of a service control manager (services.exe) process, pause the startup process of the operating system, and attach the one or more encrypted data partitions to the operating system by (i) retrieving one or more decryption keys corresponding to the one or more encrypted data partitions from a key management server communicatively coupled to the computing system, and (ii) transmitting the one or more retrieved decryption keys to a disk filter driver of the operating system, the disk filter driver providing the operating system with access to the one or more encrypted data partitions; and resume the startup process of the operating system with the one or more encrypted data partitions attached to the operating system, wherein the monitored portion of the startup process includes one or more of a master session manager (manager smss.exe) process, an autochk.exe process, a session manager (smss.exe) process, a client/server runtime subsystem (csrss.exe) process, or a Windows initialization (wininit.exe) process. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A method for retrieving one or more decryption keys during a startup process of an operating system of a computing system, the computing system comprising a processor, a memory and a data storage device, the method comprising:
-
monitoring a portion of the startup process of the operating system, the portion of the startup process performed by an execution of one or more user-mode processes; after monitoring the portion of the startup process performed by the execution of the one or more user-mode processes, retrieving the one or more decryption keys by; determining an Internet Protocol (IP) address of a network interface of the computing system, wherein the IP address is either a static IP address that is retrieved from the operating system or is a dynamic IP address that is retrieved from a dynamic host configuration protocol (DHCP) server; initializing a transmission control protocol (TCP)/IP network stack with the IP address of the network interface; determining an IP address of a key management server, wherein the IP address of the key management server is either retrieved from a domain name system (DNS) server or is retrieved locally from the computing system; and retrieving, using the initialized TCP/IP network stack, the one or more decryption keys from the key management server using the IP address of the key management server; and after retrieving the one or more decryption keys, performing an initialization of network services, wherein the initialization of network services is performed by an operating system service, and wherein the monitored portion of the startup process includes one or more of a master session manager (manager smss.exe) process, an autochk.exe process, a session manager (smss.exe) process, a client/server runtime subsystem (csrss.exe) process, or a Windows initialization (wininit.exe) process. - View Dependent Claims (14, 15)
-
-
16. A method for retrieving one or more decryption keys during a startup process of an operating system of a computing system, the computing system comprising a processor, a memory and a data storage device, the method comprising:
-
monitoring a portion of the startup process of the operating system, the portion of the startup process performed by an execution of one or more user-mode processes; after monitoring the portion of the startup process performed by the execution of the one or more user-mode processes, retrieving the one or more decryption keys by; determining an Internet Protocol (IP) address of a network interface of the computing system, wherein the IP address is either a static IP address that is retrieved from the operating system or is a dynamic IP address that is retrieved from a dynamic host configuration protocol (DHCP) server; initializing a transmission control protocol (TCP)/IP network stack with the IP address of the network interface; determining an IP address of a key management server, wherein the IP address of the key management server is either retrieved from a domain name system (DNS) server or is retrieved locally from the computing system; and retrieving, using the initialized TCP/IP network stack, the one or more decryption keys from the key management server using the IP address of the key management server; after retrieving the one or more decryption keys, performing an initialization of network services, wherein the initialization of network services is performed by an operating system service; and transmitting respective identifiers of one or more encrypted data partitions of the data storage device to the key management server, wherein the one or more decryption keys that are retrieved correspond to the identifiers of the one or more encrypted data partitions. - View Dependent Claims (17)
-
Specification