Methods and systems for attaching an encrypted data partition during the startup of an operating system
First Claim
1. A method for attaching one or more encrypted data partitions of a data storage device during a startup of an operating system of a computing system, the computing system comprising a processor, a memory and the data storage device, the method comprising:
- monitoring the startup of the operating system;
after execution of a windows initialization process (wininit.exe) but prior to execution of a service control manager process (services.exe), pausing the startup of the operating system, and attaching the one or more encrypted data partitions to the operating system by (i) retrieving one or more decryption keys corresponding to the one or more encrypted data partitions from a key management server communicatively coupled to the computing system, and (ii) transmitting the one or more retrieved decryption keys to a disk filter driver of the operating system, the disk filter driver providing the operating system with access to the one or more encrypted data partitions; and
resuming the startup of the operating system with the one or more encrypted data partitions attached to the operating system.
9 Assignments
0 Petitions
Accused Products
Abstract
During the startup of an operating system of a computing system, a monitoring process of the operating system is used to detect an entry point of a daemon manager process. In response to detecting the entry point, the startup process is paused, and an early attach process is launched so as to attach one or more encrypted data partitions to the operating system. As part of the early attach process, the network stack of the computing system may be initialized, which allows the early attach process to retrieve one or more decryption keys corresponding to the one or more encrypted data partitions from an external key management server. The one or more decryption keys may be transmitted to a disk filter driver of the operating system, which provides the operating system with access to the one or more encrypted data partitions. Upon the conclusion of the early attach process, the operating system startup process resumes with the one or more encrypted data partitions now accessible to the operating system.
17 Citations
13 Claims
-
1. A method for attaching one or more encrypted data partitions of a data storage device during a startup of an operating system of a computing system, the computing system comprising a processor, a memory and the data storage device, the method comprising:
-
monitoring the startup of the operating system; after execution of a windows initialization process (wininit.exe) but prior to execution of a service control manager process (services.exe), pausing the startup of the operating system, and attaching the one or more encrypted data partitions to the operating system by (i) retrieving one or more decryption keys corresponding to the one or more encrypted data partitions from a key management server communicatively coupled to the computing system, and (ii) transmitting the one or more retrieved decryption keys to a disk filter driver of the operating system, the disk filter driver providing the operating system with access to the one or more encrypted data partitions; and resuming the startup of the operating system with the one or more encrypted data partitions attached to the operating system. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A computing system comprising a processor, a memory and a data storage device, the data storage device comprising instructions that, when executed by the processor, cause the processor to:
-
monitor a startup of the operating system; after execution of a windows initialization process (wininit.exe) but prior to execution of a service control manager process (services.exe), pause the startup of the operating system, and attach one or more encrypted data partitions of the data storage device to the operating system by (i) retrieving one or more decryption keys corresponding to the one or more encrypted data partitions from a key management server communicatively coupled to the computing system, and (ii) transmitting the one or more retrieved decryption keys to a disk filter driver of the operating system, the disk filter driver providing the operating system with access to the one or more encrypted data partitions; and resume the startup of the operating system with the one or more encrypted data partitions attached to the operating system. - View Dependent Claims (9, 10)
-
-
11. A non-transitory machine-readable storage medium comprising software instructions that, when executed by a processor of a computing system, cause the processor to:
-
monitor a startup of the operating system; after execution of a windows initialization process (wininit.exe) but prior to execution of a service control manager process (services.exe), pause the startup of the operating system, and attach one or more encrypted data partitions of a data storage device of the computing system to the operating system by (i) retrieving one or more decryption keys corresponding to the one or more encrypted data partitions from a key management server communicatively coupled to the computing system, and (ii) transmitting the retrieved one or more decryption keys to a disk filter driver of the operating system, the disk filter driver providing the operating system with access to the one or more encrypted data partitions; and resume the startup of the operating system with the one or more encrypted data partitions attached to the operating system. - View Dependent Claims (12, 13)
-
Specification